Cyber Threat Intelligence Podcast
Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.
In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.
Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.
Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.
Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.
Cyber Threat Intelligence Podcast
Season 1 - Episode 17 (Pedro Kertzman & Dr. Jean Nestor Dahj)
Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.
What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.
You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.
Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.
Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
I've integrated the CTI mentality into the entire security operation team.
Rachael Tyrell:Hello and welcome to Episode 17, season 1 of your Cyber Threat Intelligence Podcast. Whether you're a seasoned CTI expert, a cybersecurity professional or simply curious about the digital battlefield, our expert guests and hosts will break down complex topics into actionable insights. On this episode of Season 1, our host, Pedro Kertzman, will chat with who has over eight years of experience in information security and data science, engaging with various cyber units, including law enforcement, forensic teams and red team engineers. A threat intelligence engineer, researcher and author of of the book Mastering Cyber Intelligence, he is currently the head of cybersecurity and intelligence in a fast-growing South African telecommunications company. Over to you.
Pedro Kertzman:Jean, thank you so much for coming to the show. It's really great to have you here.
Dr. Jean Nestor Dahj:Thank you very much, Pedro, and I think the pleasure is shared. I'm happy to be here.
Pedro Kertzman:Yeah, I'm sure it's going to be an awesome conversation, and usually I start asking the guests about their journey into CTI. Would you mind walking us through that?
Dr. Jean Nestor Dahj:please, yes, yes, definitely. Cyber security in general has always been more than a job to me. It's a purpose, I consider it as a passion and over the past nine years I've engaged with a lot of units in different security disciplines. I've worked with forensics agents, I've worked with law enforcement, I've worked with red teamers as well. All the knowledge collected through these years exposed me to CTI to understand more about threat intelligence, because I was providing a lot of evidence to these people and it made me understand really how cyber criminals work, what they do, how they do their things, what are their intentions and so on. So that really pushed me toward threat intelligence.
Dr. Jean Nestor Dahj:And since I have a very strong data science background and I'm used to navigating data, curating data, finding patterns in data, so it's made the transition a little bit smoother, like trying to understand the vast data that we used to collect, because I was working for a probing company, a network probing company that used to collect a lot of network information transactions, like raw network traffic. So by using data analytics techniques, you find a lot of information and patterns in data, making data useful. So that also escalated my passion, or made my passion for CTI much more aggressive, I would say, and on top of that, as a researcher, because I hold a PhD in electrical engineering as well. So as a researcher I dive a lot into how things are done. So I've been researching a lot in the security space and engineering space communication and I also wrote a book. I wrote one of the most comprehensive books on CTI and currently I'm heading a whole cybersecurity department in a tier one company in South Africa which is exposing me more in the things that I like to do, exploring more and more.
Dr. Jean Nestor Dahj:And CTI is a journey. So you don't reach the summit, you continue learning. We keep on learning. So more or less that is my journey. How I started as a network engineer and then transitions to probing, which exposed me to data analytics and data science, which, because I was interacting with different business units including cybersecurity forensics. Then I got a passion for the field and it has continued like that until today.
Pedro Kertzman:That's awesome, and you mentioned the book. Right, it's Mastering Cyber Intelligence and I'll make sure I'll include a link on the description of the episode as well for everybody wanting to check more. Can we maybe just talk a little bit more about the book? Some of the insights I know roughly the book life cycle of CTI requirements, things around that then goes down to analytical and modeling and integrating CTI, like you're mentioning, into businesses, right, the business processes and all that. Can you maybe talk a little bit about the part one per se, like the CTI tradecraft? What was the thing or any things that during your research to the book that like, caught your attention that you enjoyed the most? Writing about many, anything like that?
Dr. Jean Nestor Dahj:it's uh yeah, it's, it's very interesting. Uh, writing the book was a very, uh, very good journey. It was a journey because most of the time, people are focused on the technical part of threat intelligence. They forget a lot of things that are prerequisite for a good threat intelligence analyst. Threat intelligence is not just cyber security. It's a merging of many fields, including data science, data analytics, while cyber security, of course, but a little bit of soft skills like psychological skills and, yes, analytical skills. That's why, before, threat intelligence used to be applied mostly in military, like in the military space, it has been used a lot Like. It's not most recently, but only a few decades ago that it has been now being migrated slowly and surely into the corporate world.
Dr. Jean Nestor Dahj:And what actually set threat intelligence analysis apart is not just the technical ability, but it's also the thinking ability. Like if you look at the tradecraft that I described in the book, when you have the outcome of a CTI report, you don't just consume it like that, you analyze it, you question it. And how do you question it in such a way that you are not biased with the result? We've seen it many times. I'm not going to get into geopolitics, but we've seen many times where intelligence report comes in, they tell you that a specific country has, like, nuclear weapons and people. People don't really vet it enough, but they don't push it. They question it like push it to to make them convince you that the intelligence is true and we can act actions on it. And that's the part that it.
Dr. Jean Nestor Dahj:That's one of the parts that I enjoy a lot because practically I think I've been doing uh at my work, but maybe not knowing what it was, but writing the book, getting deep down into what is needed, the different ways of analyzing threat intelligence reports, like how do you question it, how do you present it to the, to the executive team, and all that. It was really a very important step for me, and my book is very comprehensive in such a way that it does not only tell you the practical part but it also gives you the theoretical knowledge, like how do you get the requirement and how do you analyze the output, how can you make the analysis more effective. You know the different types of analytical method and, as I was researching, you find out that this method are being used by actual, like intelligent services into assessing reportscom, which is really really great. Yeah, but for the rest of the details. I think the book can be acquired on amazon and yeah yeah, no, absolutely, absolutely.
Pedro Kertzman:You're mentioning about a few times about how you brought that knowledge into your current role. How would would you say companies in general not necessarily from sector A, b or C, but companies in general could leverage CTI to improve the overall company security posture.
Dr. Jean Nestor Dahj:Yes, that's a very, very important question because most of the companies are trying to leverage CTI and we have to at the end of the day. But we need to understand why is it important? What are the benefits that we get from it? So I will talk about how, the practical ways that company can do that, but first we need to understand what does CTI do? How does it improve your organization's security posture in general? Let's take an example today. First of all, you're not going to be able to defend the company alone. No company can defend itself alone. You need collaboration.
Dr. Jean Nestor Dahj:Let's look at the different ways that CTI can improve a company's security posture. So if you have a threat intelligence feed right, and then you find out that there is a specific threat that has been discovered in another part of the world in a company of a similar industry as yours, you get an ioc. You can get it can be a c2, a c2 uh ip. It can be a file, a malware or whatever it is. You have that in advance, even though the breach has not happened to you. But by having that you can actually start searching your logs or start tuning your security devices to detect and block those IOCs, those indicators of compromise before the breach happens to you. So it brings you that type of proactive defense, you know, and second in terms of risks, and second in terms of risks. And most of the companies who have security tools, they know not get trapped into a lot of low-level IOCs looking for IPs and things like that. So CTI can actually help you prioritize your risk.
Dr. Jean Nestor Dahj:Let's take an example I was discussing with one of my guys in my team. Let's say you have a rule that detects data exfiltration, right, we know that data exfiltration is one of the ways hackers use to take data out of your network to some way. But you can also have data exfiltration between internal assets, from one asset to another asset. And you can also have data exfiltration between internal assets, from one asset to another asset. And you can also have data exfiltration from your organization to another trusted organization. But now it's the same alerts. You get potent uh, potential data exfiltration alerts. But now cti can make a big difference here. If the destination where the data is going is malicious or has been detected or found in a threat, intelligent feed and automatically you prioritize that data exfiltration compared to any other exfiltration you see. So with CTI you can actually prioritize your risks, which is very, very key to responding to cyber attacks.
Dr. Jean Nestor Dahj:And CTI for sure also helps you harden your security devices like firewalls, idss and IPSs. You have all these low-level IOCs that you can always feed to those tools to be blocked, detected etc. And, most importantly especially, you know cybersecurity is an area where it's very difficult to justify the return on investment to the board. You know, because we are not in a revenue generation type of department compared to other departments, so we take more money than we give. However, we do protect assets, we do protect the company from cyber breaches, but executive teams, board members, they don't understand IOCs, they don't understand this. They want you to tell them why they should invest on something specific and using threat intel with good context, you can actually sell a story to the board so that you can invest on the right tool or the right security solutions. So those are some of the benefits that you can get from leveraging CTI in your organization. So it's really helped you improve your security posture. That's one thing. So now, how can a company practically use CTI?
Dr. Jean Nestor Dahj:So the adoption of CTI is always a very big question. How do you start? How do you get? Well, most of the people always start with threat intelligence feed. Yes, which is a good thing. They will get a feed. Get iocs and all and all of the things, but integrating ct and the company is more than just that. I will give an. I will give an example.
Dr. Jean Nestor Dahj:You, you start with trying to understand exactly what you want to protect. Right, let's say, those are the prerequisites, those are the basics. To start, you know, even you cannot, you cannot adopt cti out of the blue. Cti is comes after. You have already done some of the prerequisites. For example, you have a centralized logging system. You have that internal data that you are feeding to your CM. You have logs, endpoint logs. You have server logs, you have application logs, you have access logs. All the logs are coming together. Even if you have NDR, you can also have packet logs that are going to your same solution.
Dr. Jean Nestor Dahj:That's a prerequisite, because that way you're going to be looking for information. So once you have that, the next thing that you have to do is now understand what. Ask yourself, what do I want to protect from that? What do I have to protect? What do we do that hackers may be after? Who may want this information? You know, and in a very simple way. I'll try to be more practical to such that to help also companies to you know to to adopt that once you, once you have, then you can start with things like open source open source feed or open source ti feed. So you have, there are a lot of open source ti feed that you can you can start with. You can start with alien vaults. You have various total apis and all that you you take all those ones.
Dr. Jean Nestor Dahj:If you have money, well, you can go for commercial feed as well, that's okay. But if you don't have money, you can still leverage uh cti with with less effort. So if you get those feed, the most important thing is to curate your data. Make sure that your data is is curated. It's correct because if you take garbage or data that not that does not help you. You're not gonna get value out of your cti program. So once you get those data, okay, it's curated data.
Dr. Jean Nestor Dahj:You have a bunch of iocs, context, threat actors, etc. You try to put that together like integrate that with your security tools, which is very important, very, very essential, because, anyway, today most of the security tools anyway, like CMs, ndrs and IDS, ipss they have integrations with threat intelligent feeds, maybe through APIs or through sticks or taxis. You know, to get all the contextual data, you integrate your tools or integrate those CTI feeds with your tool. That will bring context to your data or your CM data or your NDR data. Very simple, for example, you can see if you see an indicator of compromise, like an IP address that has been flagged. If you have a threat intelligent feed, it can tell you that this IP has been seen some way and then you can textualize it and see which threat actor has been behind that IP and then dig deeper to find out.
Dr. Jean Nestor Dahj:Oh okay, what are the tactics, techniques and procedures used by such threat actors, which brings context into your data and you can also include it into your incident response team, like what I usually do, is if I get an alert and I have specific IOCs in there, first thing that I do if a TI feed is not integrated, I just take that IP or that hash file or whatever it is, put it on VirusTota. Right, you put it on VirusTota and see if it's malicious. Put it on abuseCH check. Some put it on AlienVault and see if there is any pulse that has been reported on such IOC. So these are simple techniques that you use to integrate TI in an easy way, but I know it takes more than that. But this helps you as a starting point.
Pedro Kertzman:Yeah, that's really good.
Pedro Kertzman:Thank you, I think you touched on very important points.
Pedro Kertzman:Maybe to stitch a few of them together, you also mentioned, for example, selling the value to decision makers, to the board, so on and so forth, but also making sure you are properly analyzing risk and giving them which ones should be the priority.
Pedro Kertzman:So I think you know, from an overall CTI standpoint, it would be fair to think on the whole CTI value chain or structure on a pyramid way where in the bottom, like you're mentioning, you're going to have a lot of information, like you're mentioning, you're going to have a lot of information, feeds, logs, but then you have to start pulling the most valuable information out of it and starting decreasing the size of the pyramid, going to the top with more, less detailed or technical information and more valuable risk-related information up until the top of the pyramid, to the board or something like that. Correct. Otherwise they will just, you know, scare you away because you're talking about ttps and iocs and hash values and they don't want to do that. They want to risk likelihood and and things that they will understand and and and make a decision based on that 100, 100.
Dr. Jean Nestor Dahj:That. That's why okay, it's uh not to anticipate, but uh, that's why you see how you present your cti. Uh is very important. You have to understand the audience right. Things like IOCs and domains and hash and whatever we've talked about. You're not going to present that to an executive team, right To the strategic team. You're not going to present that. So what you're going to present to the SOC team, for example, is different from what you're going to present to, let's say, your, your operational team, your red, uh, your tactical team. So, for example, your red, blue team, purple team what you're gonna give them is completely different from what you're gonna give to the SOC team. And what you're gonna give to both, to the, to the two is different from what you're gonna give to the strategic, uh, strategic team as well. Yeah, that's perfect. So you're right to give to the strategic team as well. That's perfect. So you're right, it's very important to understand the audience and how you phrase it, how you put it together, so that it can carry more value.
Pedro Kertzman:That's perfect and any best practices you're working currently, maybe on your current employer how to implement such CTI best practices Best practices.
Dr. Jean Nestor Dahj:There are a lot of guidelines out there that gives best practices, but I always like going in a practical way. So best practice is always to make sure that you're getting the correct information. Okay, because there you're going to get a lot of third intelligence feeds. Some of them are open source, others are commercial. The right feed will show more value on the on uh, on your cti program or your cti project, for example. Understand your industry, don't, don't get feeds from industry that are not related to you. And and also in terms of, in terms of analytics right. So I always make sure that you are able to analyze the data. You have the right knowledge to do that. So one of the best practices, also investing in people. I know that's what people will expect the less, but best practice of CTI is investing on people as well, because, at the end of the day, you can automate many things, but you need human expertise to analyze the data and get some value out of it and report it back to different business operations. So that's the same method that I use in the company. So the truth is, I don't have a dedicated CTI team in my organization Like a dedicated CTI team, no, but the strategy that I've used is I've integrated the cti mentality into the entire security operation team. Love it. Everyone. Everyone think, everyone thinks like a threat intelligent analyst, even if you are a sock, even my, my red, uh, red, blue team, purple team. So if you want to do a pen test, you you have to let me know, for example, how is your pen test going to help the company? I don't just want you to run a meta-sploit and then you try to compromise.
Dr. Jean Nestor Dahj:No, look at the meter attack framework, for example. So look at the meter attack framework, for example. Look at one or two threat actors that are targeting our industry. Look at the methods that they are using to compromise. Look at the different malware they've used. Now ask yourself, can you emulate that? Can you use such approach to test our defense? And then, the same way, get the blue team to also invest in that? Look at the framework, look at some tactics, techniques that are there right, and then evaluate our defense. Are we able to defend against that? That's very important and those are the best practices that you're gonna use to get most value out of uh, out of your cti program.
Dr. Jean Nestor Dahj:And, most importantly, you need to measure the effectiveness of your cti if you want to continue that way. For example, you can define some basic metrics that you you can, you you can use to evaluate or assess your program. Just look at and some if, if you go out there, you'll see books with a lot of nice metrics, yes, but some, some of those metrics are not straightforward to understand and very difficult to implement. You can start with basic, basic metrics. Just look at, out of all the, the, the incidents or all the threat detected, how many were? How many did you detect because of your cti feed? How many ips did you block because of your cti feed? It's very simple, because now things like firewall, firewall, edrs, they will tell you why they are blocking a specific activity. They will tell you this domain has been flagged as malicious, why. They will tell you and those are some of the best practices that you use to get more value out of your CTTI program.
Pedro Kertzman:That's very cool. I really like how you put it, that you don't have necessarily a dedicated CTI team, but the CTI mindset or frameworks are going across the teams that you have, the teams that you have, and everybody kind of needs to have that in mind to bring extra value from their, from their day-to-day cybersecurity related activities. That's that's really interesting, and you mentioned in the beginning as well to evaluate the quality of the data you're receiving and all that maybe you know from your experience, either researching on the book on, or practical experience, uh, on your work. Any, the one I see the most to evaluate, uh, the data sources and reliability of data sources is the admiralty code that also is used by nato, any other frameworks to analyze that you've bumped into, or any other experiences evaluating data sources well, that's a that's a very good question.
Dr. Jean Nestor Dahj:So the I would, first of all, I'd say there's no standard. Maybe I'm not aware of, but there's no standard way that gives you the playbook on how to evaluate a CTI data source. Most of the threat feeds will always tell you that the data has been assessed, they are correct, they get updated, updated. But it's up to your internal team as well to do the due diligence like, first of all, when you look at the feed, what the the description do. Do they give you what, what you're looking for? That's why you have to know what you're looking for.
Dr. Jean Nestor Dahj:Do they give you what you're looking for? Do they give you what you're looking for? Are they reporting IOCs only? Are they giving context on what they're reporting? Are they linking it to threat actor profiles and reports? Are they mapping the data to the meter attack frameworks, for example? So you know you have to evaluate how often do they update their IOCs? Because, remember, while we are on the topic of IOCs, iocs are the lowest level of a CTI program. They are very important, but they are not everything in terms of CTI, because IOCs are short-lived, you know.
Rachael Tyrell:They're short-lived.
Dr. Jean Nestor Dahj:They can change every time, so you have to. When you evaluate your data source, you also try to ask how often do they update the IOC databases, the threat-acted databases and all that you know threat-acted databases and all that you know and how much effort do they put on research and analysis of new malware and things like that? That's very, very important. So I'm not going to go through all the details, but those are the basics that you have to look at because that's going to be important. If you invest in threat sources that are not updated constantly, then your intelligence will be lagging and you'll be getting hit by something that has already been reported by very good sources and because your source did not update on time, and then you get breached like that. So those are, those are the method that I use.
Dr. Jean Nestor Dahj:Uh, specifically, I don't use I don't use a specific framework to analyze the, the threat feeds, but I use some data science techniques. You know, the same way we, we, we do to to clean data and then see, uh like, engineer the data properly. That's almost the same concept that I use with with threat intelligent feed. I ask questions, I look, I vet it, how true it is, where they come from, how much time do they give on reports, how often they update the, the databases, and, uh, how much context do I get from the feed? Do I just get a bunch of IOCs or do I get context beyond those IOCs? So yeah, those are the practices that I use.
Pedro Kertzman:That's very interesting. Combining data science to the IOCs and CTI as well, that's very interesting, thank you.
Dr. Jean Nestor Dahj:Oh, that's true. I strongly Just not to cut you, Pedro I strongly believe that, honestly, the best threat intelligence analyst would be the data scientist or the data analyst, that's nice.
Pedro Kertzman:I mean, if you're handling a large amount of, or a large volume of, information, it does make sense, right? Somebody that can go through that data first with analytical eyes to make judgment of it and starting funneling, you know what's the best information, how to handle it, go to the next step, next step and so on. It does make sense. That's a very interesting take, thank you. You know, obviously we're exposed to data feeds day in, day out, threat reports, so on and so forth. But when it comes to learning more things about the industry, more things about the industry, the CTI industry itself like new trends, how people are doing CTI now, or what's the new role for the analysts going to look like in the next I don't know five years, or anything like that what are your favorite quote unquote data sources for this extra information about the CTI industry? Oh, favorite data sources for?
Dr. Jean Nestor Dahj:this extra information, uh about the cti industry. Favorite that's that that's a strong word. Favorite, I don't think I have a favorite, but uh, I'll just say I like digging almost everywhere you know from, from books to uh to online courses, and you know, forums, and, as a researcher like I read a lot of papers like security papers, papers, sorry, journals and things like that. But I would say, especially for people who are trying to, you know, to jump into the, the industry in the, in the cti world, it's, it's important to give a little bit of uh of a structured way. You know, not not just for me, because I know that for me I've uh, I still, I still continue learning about it. Like, sometimes, you know, I do a lot of research, I I read uh books that are that are out there. Like you, you can, you can just go to google and and check the number of cti books that are there, that there are a lot. And you go to udemy now you got a lot of platforms like udemy, you get a lot of videos and you have certifications, but for some, for people who are trying to uh jump into the cti world, so so, especially for beginners, what I always advise is you start with the meter attack, for example. If you open the meter attack framework, that's my friends of every day, literally Every single day, I open the meter attack. If you can start there, learn about, learn about, uh, the different tactics, techniques, procedures that are there, because I I I assume that if you want to jump into cti, it means you, you, you have some basics of cybersecurity right, so, which means, if you look at the meteor attack, you understand a lot in terms of tactics that are there, techniques that are there, procedures that are there, and the most important thing is that that framework also tells you which threat actors are linked to such TTPs and it also tells you some of the techniques that are there. Actually, you can see how to implement rules on CM and IDSs, ip or security tools to detect such attack.
Dr. Jean Nestor Dahj:So start there and then, uh, if if you want to use open, open source, uh, open source cti tools, like it's better to to learn while you are practicing as well, you have a lot of like uh, open source threat intelligence, uh, tools like the misp, you have open CTI, a lot of them. And now I see TriHackMe also. Trihackme has a branch, a CTI branch, of practical exercises on CTI. It's open. Try to do that if you are a beginner, try to learn that.
Dr. Jean Nestor Dahj:And if you are an intermediate person, maybe you want to invest into uh like certifications. Yeah, true, you can go for certifications. You have ec council, ec council international has a cti course and then you have, uh, you also have, I think, think, the SANS, the SANS, yeah, the CTI certification For 578. 578, if I'm not mistaken, if I'm right yes, I'm still right. So you have that and I think the SANS SEC as well. Also there's one version of SEC that also gives you some type of continuous monitoring courses. You can use that and then also, as an intermediate person, practically use the MISP, build that like CTI pipelines to get IOCs from sticks taxi servers in MISP, send it through rules, yara rules or whatever it is, to security devices and see how it, how it, how it works, practically exercise on on them. So that's that's kind of how you you get, you get your hands on dirty on on on cti and for expert, I'm sure there are a lot of experts there.
Dr. Jean Nestor Dahj:I don't know, I don't have much, much much to say there, because if you are, if you're an expert level, maybe you want to explore other uncommon cti practices and channels and invest more on research and things like that.
Dr. Jean Nestor Dahj:And I think I'm not really somebody who talks a lot about these things because I like doing doing it, because I always had the impression that people who talk about things the most are the people who actually don't know it the most people who actually know the things. They talk less about it, they do it, they're doing it. Yeah, so I I spend more time on doing, and because I'm also preparing two other books that will come out very practical still in the in the cyber security uh arena. Very, very practical, because that's what I like when you research things, you have to put it out there and see what the best, the best of the best, are thinking about your work, and I'm always in for constructive criticism. So for experts it's it's better to to explore other, other way, invest in more research, and I think I think that's that's what I think.
Pedro Kertzman:That's awesome. No, I appreciate the insights and any like. Closing thoughts for for the listeners well, closing the thoughts.
Dr. Jean Nestor Dahj:First of all, I'll say thank you, pedro, for for this opportunity and thank you, it has been a good discussion. I, I like. I like unorthodox ways, yes, so I like more orthodox way like this, where we discuss openly, not just a structured like oh, let's talk about this, let's talk about that, prepare about this. But you know, we talk about it. I give you the experience as as I know it, and that's how I I benchmark the knowledge that I have received, which is very good. But on a closing note, I'll say that CTI is becoming very critical into cyber defense, not just because of its capability to give us a lot of information, even because of the fact that we are now sharing information with each other, with the community, which is very, very important. So I think most companies and most organizations are investing into CTI, which is a good thing.
Dr. Jean Nestor Dahj:It's not a product. There's no product, there's no product called CTI. If somebody comes, they say they're taking a CTI product. That's wrong. You know CTI is. It's a process, it's a journey, it's something that start and continue because you have to continuously invest into that. As you get the result of your CTI, or you get the outcome, you feed it back to your requirement and come back. You know we haven't touched into like I didn't want to go into much theory about the life cycle and stuff like that. Maybe we'll have a chance to talk about those or the pyramid of pain, because you touched a very important point in terms of narrowing down the pyramid. Maybe in the future, talk about that, but it's a journey. That's how we have to consider it. So, to the audience, and it's a very important field, whoever wants to jump in today, in the future there will be a need, a big need for threat intelligence people. So yeah, that's awesome.
Pedro Kertzman:I'm biased. I also think that we're only at the beginning of this bigger industry journey to recognize more and more the value that CTI can bring to the overall cyber defenses. I could not agree more with you, Jean. Thank you so very much for all the insights on the show. I really appreciate you having me here and I hope I'll see you around. Thank you
Dr. Jean Nestor Dahj:Thank you, thank you very much, Pedro.
Rachael Tyrell:And that's a wrap. Thanks for tuning in. If you found this episode valuable, don't forget to subscribe, share and leave a review. Got thoughts or questions? Connect with us on our LinkedIn group Cyber Threat Intelligence Podcast. We'd love to hear from you If you know anyone with CTI expertise that would like to be interviewed in the show. Just let us know. Until next time, stay sharp and stay secure. We'll be right back.
