Understanding the threat for Organizational Cyber Preparedness

I have spent some time working in the threat industry and through my own experience, I started getting interested in looking at things from a different perspective. There are great professionals and researchers in this area of cyber security however, it lacks cohesion. A higher degree of cohesion within as well as in other areas,…

Enterprise Threat Modeling and ATT&CK

After spending some time working with the ATT&CK threat model, which is primarily aimed at modeling threats from a systems perspective, I have been wondering what other frameworks are available to model threats from an organisational or business unit perspective and that can also support the integration with ATT&CK. The following document: Enterprise Threat Model…

Cyber Intelligence Tradecraft Report by Carnegie Mellon University

A few days ago through my network of contacts, I found this report about Cyber Intelligence trade-craft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence. The recommended audience as defined by…