How much information is enough?
Information overload is overwhelming. So how much information is too much? And how much is enough? “The quantity and the volume of data aren’t going away. What we have to do is turn information into intelligence by asking more succinct questions and by having better tools and technologies to ask better questions. And a lot of that’s going to come through autonomy. No two ways about. Is it perfect? Absolutely not. Are we working on how to make it more effective? Absolutely. Because we know we have to. And then there’s taking that intelligence and making it actionable.”
How can we collaborate in sharing threat intel data?
Collaboration is crucial in information security. The only question is how can you collaborate without disclosing any information? Here’s what you should know. “What I can do is have back channels. I can have conversations. I can get onto the signal and go, ‘Hey, Dani can see what’s going on. We’ve got some challenges. Do me a favor, make sure you’ve got this locked down and sorted out. Do me a favor, go check your active directory for this. And by the way, check your intel feeds for this.’ That’s helping you become more aware of maybe a specific incident.”
What should be the roadmap for leveraging dark web intelligence?
Building intelligence very early in the roadmap should be the first priority. Here’s an example. “To me, information intelligence has got to be pretty high up on the list of acquisitions because it helps you build the future path for where your security roadmap needs to be. It helps you understand where the risks are. Let’s just say you’ve built the next greatest widget sitting here, and it’s an amazing widget. And you’ve surrounded that widget with, say, 50 staff employees, people, or whatever you want to call them, and that widget and your staff are all sitting in a building. Automatically, you’re suddenly going, ‘Well, I need to protect the widget.’ But you, maybe, forgot about the people. How do I educate them to protect the widget?”