Program Overview

Please note: Monday sessions are being held in two different locations that are about 30 mins away by taxi:

BT
BT Centre
81 Newgate Street
London, EC1A 7AJ
DS
Digital Shadows
The Columbus Building
6th Floor, 7 Westferry Circus
London, E14 4HD

Route between DS and BT - Maps provided by Google
Map provided by Google, click on map to open in Google Maps.

Monday, 18 March

Training and Workshops - BT AuditoriumTraining and Workshops - BT A1Training and Workshops - DS/BLTraining and Workshops - DS Theater
09:00 – 13:00
 US

Using ATT&CK™ for Cyber Threat Intelligence Workshop

Adam Pennington, Katie Nickels, Richard Struse (MITRE, US)

 LU

MISP Threat Intelligence Analyst and Administrators

Alexandre Dulaunoy, Andras Iklody (CIRCL, LU)

 US

OPSEC for investigators and researchers

Krassimir Tzvetanov (Fastly, US)

 US

Beginner Tracking Adversary Infrastructure

Michael Schwartz (Target, US); Tim Helming (DomainTools, US)

14:00 – 18:00

Tutorial on OSINT tradecraft

Larry Leibrock (DA and Ph.D.)

 LU

MISP Threat Intelligence Analyst and Administrators

Alexandre Dulaunoy, Andras Iklody (CIRCL, LU)

 NO

Training: The ACT Threat Intelligence Platform

Dr. Martin Eian (mnemonic, NO)

 US

Beginner Tracking Adversary Infrastructure

Michael Schwartz (Target, US); Tim Helming (DomainTools, US)

Beginner Tracking Adversary Infrastructure

Tuesday, 19 March

Plenary - March 19 - BT Centre Auditorium & Media Suite
09:00 – 09:30

5 years of applied CTI discipline: where should organisations put focus on?

Andreas Sfakianakis (Royal Dutch Shell)

09:30 – 10:00

Bootstrapping a Threat Intelligence Operation

Jon Røgeberg

10:00 – 10:45
 US

Building, Running, and Maintaining a CTI Program

Michael J. Schwartz (Target, US); Ryan Miller (Target Corporation )

10:45 – 11:15

Coffee Break

11:15 – 12:00

TIBER: connecting threat intelligence and red teaming

Marc Smeets, Stan Hegt

12:00 – 13:00

Lunch

13:00 – 13:30
 GB

5 years in adversary emulation

James Chappell (Digital Shadows, GB)

13:30 – 14:00

Adventures in Blunderland

Allison Wikoff, Matt Webster (Secureworks)

14:00 – 14:30

All Your Heatmap Are Belong To Us - Building an Adversary Behavior Sighting Ecosystem

Richard Struse

14:30 – 15:00
 GB

Logistical Budget

Éireann Leverett (GB)

15:00 – 15:30

Coffee Break

15:30 – 16:00

The Hitchhiker's Guide to Threat Research

Bryan Lee (Palo Alto Networks )

16:00 – 16:30

Cloudy with low confidence of Threat Intelligence: How to use and create Threat Intelligence in an Office365 Environment

Dave Herrald, Ryan Kovar (Splunk)

16:30 – 17:00

Drawing the line: cyber mercenary or cyber threat intelligence provider?

Stewart Bertram

17:00 – 17:30

Going from Guilt to Guild: Confessions of a TI Provider

Diederik Perk

17:30 – 18:00

A Lightweight Markup Language for Graph-Structured Threat Sharing

Mayo Yamasaki

19:00 – 22:00

Wednesday, 20 March

Plenary - March 20 - BT Centre Auditorium & Media SuiteWorkshop - March 20 - BT Centre A1 conference room
09:00 – 09:30
 US

Turning intelligence into action with MITRE ATT&CK™

Adam Pennington, Katie Nickels (MITRE, US)

09:30 – 10:00

ATT&CK™ Is The Best Form Of…Reconnaissance: Using MITRE PRE-ATT&CK™ To Enrich Your Threat Model

Richard Gold

10:00 – 10:30

Metrics and ATT&CK. Or how I failed to measure everything.

Francesco Bigarella (ING Bank)

10:30 – 11:00

Coffee Break

11:00 – 11:30
 US

Quality Over Quantity: Determining Your CTI Detection Efficacy

David J. Bianco (Target, US)

11:30 – 12:00
 US

How to get promoted: Developing metrics to show how threat intel works

Marika Chauvin; Toni Gidwani (US)

12:00 – 13:00

Lunch

13:00 – 13:30

EVALUATE OR DIE TRYING - A Methodology for Qualitative Evaluation of Cyber Threat Intelligence Feeds

Jörg Abraham (EclecticIQ Fusion Center); Sergey Polzunov

The Art and Science of Attribution

Simon Conant (Palo Alto Network)

13:00 – 15:00

13:30 – 14:00

Building STINGAR to enable large scale data sharing in near real-time

Jesse Bowling

14:00 – 14:30

A Place for Analysis of Competing Hypothesis (ACH) in CTI: Applications and Evolution of ACH in CTI

Caitlin Huey (EclecticIQ)

14:30 – 15:00

Your Requirements are not my Requirements

Pasquale Stirparo

15:00 – 15:30

Coffee Break

FIRST CTI SIG BoF

James Chappell (Digital Shadows); Krassimir Tzvetanov (Fastly)

15:00 – 18:00

15:30 – 16:00
 PL

Semi-intelligence: trying to understand threats on a country level

Paweł Pawliński (CERT.PL, PL)

16:00 – 16:30

Statistical Techniques to detect Covert Channels Employing DNS

Dhia Mahjoub & Thomas Mathew

16:30 – 17:00

Code Reuse Analysis: Transforming a Disadvantage into a Game-Changing Advantage

Ignacio Sanmillan

17:00 – 17:30

File-Centric Analysis through the Use of Recursive Scanning Frameworks

David Zawdie

17:30 – 18:00
 US

Insights and Challenges to Automated Collaborative Courses of Action

Allan Thomson (LookingGlass CERT – LookingGlass, US); Bret Jordan (Symantec)