What is your role and who do you work for?

I’m director of research operations at ThreatConnect, a threat intelligence provider. As part of my role, I have oversight of the company’s proactive investigations into major cyber security incidents. Over the last two years, I’ve led research into some high-profile cyber attacks.

For example, I’ve investigated a hack on The Hague during a case regarding China’s claims over the South China Sea, examined phishing attacks on journalists investigating the MH70 shootdown and looked into the BlackEnergy malware campaign against Ukraine’s energy sector.

How long have you been in IT?

I have been at ThreatConnect for two years, where I joined from the Office of the Secretary of Defense. I spent the first ten years of my career working for the US Department of Defense and during my time there, I built and led analytics teams at the Defence Intelligence Agency.

What is your most interesting project to date?

Investigating Russian hacking and influence operations against the U.S. presidential election last year. We produced a series of research reports analysing the role of the FANCY BEAR threat actor and Guccifer 2.0 persona in the election, and uncovered significant links to Russian-based infrastructure, as well as a number of tactics consistent with previous Moscow-backed campaigns.

As a threat intelligence analyst, that’s really a sign of a job well done – when you’re able to pull together indicators and digital footprints and use them to uncover a bigger picture. You’re ultimately hoping that your work will help people to defend themselves better in the future.

What is your biggest challenge at the moment?

Striking the right balance between analysts and automation. The limiting factor for my team isn’t data – it’s my analysts’ time and expertise. We’re constantly refining our processes and leveraging automation to maximize the latter.

We’ve always described ourselves as ‘by analysts, for analysts’. It’s a continuous process of refining, collecting feedback, refining again, and using our experiences with our own threat intelligence platform to make sure it’s actually automating the processes that analysts want it to. Basically, we’re building an analytical Iron Man suit.

What technology were you working with ten years ago?

My job at the time had me basically living in Microsoft PowerPoint. I loved my iPod and was an early adopter of Facebook, but didn’t take the iPhone leap in 2007 (I got there in the end, though).

What is your favourite technology of all time?

Laser eye surgery (LASIK) – it’s the closest thing to magic I’ve ever experienced.

How will the Internet of Things affect your organisation?

The threat from the IoT underscores why you need threat intelligence. The sheer number of entry points into the network makes it hard to effectively plan your defence. There may be weak points you’re unaware of, unpatched bugs in your devices’ operating systems, or new malware on the market that renders your systems more vulnerable than you know.

In other words, massive amounts of non-proprietary hardware that is hard to protect. However, if you understand how attackers operate, the IoT becomes less overwhelming and you can focus on orchestrating your response. ForThreatConnect, this is an opportunity to ensure that our platform enables security analysts to fully understand the threats specific to their IoT equipment.

What smartphone do you use?

That’s a hotly debated issue in our family, but I’m on team iPhone.

What three apps could you not live without?

Parkmobile has saved me a small fortune in parking tickets, Slack has slashed the number of emails I have to deal with, and Splitwise has made group travel a breeze.

What new technology are you most excited for a) your business and b) yourself?

I think I’m supposed to say AI, but honestly, I’m more excited about new tools that are making it a lot easier to refine the sea of threat data out there.  More signal. Less noise.

If you weren’t doing the job you do now, what would you be doing?

Making gelato.

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Cryptocurrency Warning From Bank Of England Governor

Blunt message from Bank of England governor Andrew Bailey, warning people only to buy cryptocurrency…

20 hours ago

Jeff Bezos Offloads $2 Billion In Amazon Shares

Needs some spending money...Amazon CEO Jeff Bezos has this week sold nearly $2 billion worth…

20 hours ago

Twitter Suspends Account Sharing Trump Posts

Shutdown again. An account has been suspended by Twitter for sharing the posts from Donald…

22 hours ago

IBM Claims Breakthrough With 2 Nanometer Chip

Research boffins at IBM are touting a major leap forward in performance and energy efficiency…

2 days ago

Twitter Now Prompts Users To Revise ‘Harmful Replies’

Trolls beware. Twitter releases feature that will deliver a 'reconsider prompt' for users, if they…

2 days ago

Old Routers Pose Security Risk, Warns Which?

Elderly routers that can no longer receive firmware updates posed security risk to millions of…

2 days ago