On today’s episode, Tyler Farrar, CISO for Maxar Technologies, joins us to discuss the ins and outs of threat intelligence. He delves into the importance of not assuming malicious intent and his approach to compliance versus security.
Introduction to Tyler Farrar
Maxar Technologies is a satellite imagery and satellite manufacturing company. Farrar got his start with IT in the U.S. Navy. Working with the Cyber National Mission Forces to protect critical United States infrastructure. He was responsible for managing and leading a team of navy sailors and civilians. They would gather data and intelligence and he was responsible for commanding the mission of the operations.
Threat Intelligence
Farrar notes that many people misuse the term threat intelligence. Taking legitimate sources, forming a hypothesis about what this means within the company network and then acting on the hypothesis is the true process of threat intelligence.
Farrar discusses how standstills can occur. Sometimes companies will find the source, but fail to use the information to better the company. A repeatable process in acting on intelligence is essential and should be used in the private sector. Farrar discusses misconceptions in log sources within threat intelligence. Working through key outcomes and identifying desired achievements can help formulate use cases.
Outcome
How would Farrar define an outcome as it relates to threat intelligence? It is centered around quick identification and action upon a threat. After identifying use cases, narrow down what information will identify a certain use case to be used.
Consider making a chart of your company’s process. This can allow the process to be explained to others with more ease. Farrar notes the importance of working with key stakeholders in this process, as well.
Insider Threat
Insider threat is also a misconstrued area. People are very complex and thus insider threat is a challenging area. While there is no one approach, Farrar discloses advice to approach this: managing cyber security, reaching out to the employee when necessary and working with them to understand why an activity took place.
From here, determine the right steps to take. How and when do you reach out and what do you say? With data loss on the line this can become challenging.
Analysts
How do we train analysts to have cognitive management and have a trust first mentality? Analysts can become quickly overwhelmed with a constant influx of alerts and false positives. When this continues, they can become burnt out. As leaders, try to motivate your employees to feel positive about their work environment. If they can tie their work directly back to the mission of the organization, this can be a large factor. Being mission centric can help align the employees to the business.
Look at your goals. How much time is necessary for achieving them? Understand what activity from your employees is normal to avoid spending time and technology on unnecessary activities.
Community Culture
It takes time to change the culture of your business partners and the community as a whole. Many organizations want to be in a place where people come to them, but still need to gain confidence from others. It is easiest to utilize lessons learned from a crisis as a conversation starter with your customers. With much focus on cybersecurity, providing cyber assurance to your customers is valuable. To do this, you must discuss the risks.
Frustrations in the Industry
Farrar opens up about some of his frustrations within the industry. He explains that people get caught up in fixating on a compliant environment and are willing to wait for others to get to the compliant state. We need to utilize forward leaning technologies and not wait for compliance. Balance is important and we need to be moving faster. Just checking boxes is not enough, we must push to get to the next level. This can drive us far ahead.
What does being a new CISO mean?
Farrar has his answer down to a tee. Defending data and corporate information systems when enabling revenue and business philosophy.
