SANS CTI Summit 2020 Recap

SANS CTI Summit 2020 took place on 20 and 21 January in Washington DC and it was a blast! I enjoyed the talks, got connected with lots of people that I only knew virtually, and felt like being a part of a big CTI family.

Co-Chairs, Advisory Board and Speakers as one team at the end of the Summit

Many thanks to all the people that contributed to this great event. Special thanks go to the Summit Co-Chairs (Rebekah Brown @PDXBek, Rick Holland @rickhholland, and  Katie Nickels @likethecoins) for the great content of the presentations and the rest of the activities. Moreover, everybody within SANS that participated in preparing the Summit should receive kudos for building an environment that enabled the participants to connect with each other. This is a big achievement and also very critical in our CTI field.

Co-Chairs having fun and a couple of drinks after the Summit

Regarding the highlights of the Summit, one can find some good summaries below:

  1. SANS CTI Summit Co-Chairs have put together a wrap-up summary for the Summit. The slide deck they prepared contains some key themes and takeaways that were discussed during the event. The slides are available here and I would highly recommend you to have a look.
  2. Rick Holland wrote a very informative blog post recapping SANS CTI Summit 2020. This is an extended version of the above slide deck including Rick’s thoughts on what was discussed during the Summit. The blog post can be found here.
  3. Brian Kime has also provided a SANS CTI Summit Recap in Forrester blog. You can find it here.
  4. Paul Jaramillo, although not present in the Summit, has provided some very useful notes that have been posted on Twitter. Great work from Paul and highly recommended reading that can be found here.


If I would choose my top 3 presentations of the SANS CTI Summit, I would choose the below ones:

  1. Joe Slowik – Threat Intelligence and the Limits of Malware Analysis . This is a must-watch presentation, so stay tuned until the video is online (just imagine Judas Priest’s NightCrawler intro when Joe enters the stage!). Until then, you can read the report that is the written version of Joe’s presentation.
  2. Lenny Zeltser – Hack the Reader: Writing Effective Threat Reports . This was a great teaser for the new SANS course SEC402: Cybersecurity Writing: Hack the Reader. Lenny also provided a useful cheat sheet for threat report writing that can be found here.
  3. Cristin Flynn Goodwin – Secret Squirrels and Flashlights: Legal Risks and Threat Intelligence . This presentation was the keynote of the Summit and was eye-opening on how legal issues are related to out CTI work.


Finally, from my side, it was a pleasure to present on “Three Key Lessons that CTI Teams Should Learn from the Past”:

  1. Intelligence direction phase is of utmost importance to your intelligence cycle process.
  2. CTI needs to be better communicated.
  3. Focus on CTI analyst’s skillset.

The slides of my presentation can be found here and the references/additional resources can be found here.


Thanks again to everyone that made this event a success and see you next year :)

PS. During the Summit I also found the presenter of my favourite CTI presentation during 2019, Amy Bejtlich, and I delivered her stroopwafel trophy!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.