All good things come to an end! FIRST CTI Symposium 2022 took place on 1, 2, and 3 of November 2022 and was a BLAST! If I chose one word to summarise what I felt during the conference days, I would say COMMUNITY is the right one. 300 CTI people from all over the world got connected after 2,5 years of work and virtual conferences from their home office.

Group photo of the attendees that stayed after the end of the Symposium and just before leaving for home

In 2020, I went to Washington DC at SANS CTI Summit 2020 for the first time to present and do TA for SANS FOR578. People from SANS and from the CTI community (Rick, Ryan, Katie, Christian, Scott, Rebecca, and others) that I have never seen in person before welcomed me like we knew each other for ages and made me feel like a member of a big CTI family. This was the exact feeling we wanted FIRST CTI Symposium attendees to have during the conference days: a big community event that brings together the members of a wider CTI family.

A lot of people contributed to this event and everybody deserves kudos:

First and foremost, the attendees that joined the conference! Lots of interactions, connections, and engagement! Moreover, I really liked to connect with my old CTI guys but what was really interesting was the many new faces that make me happy and optimistic about our discipline.

Second, many thanks to the speakers and the instructors of the training workshops! Your content was top notch and your hard efforts for delivering this were much appreciated.

Critical role in organising the conference came from the FIRST Events team: Traci Wei, Grace Staley, and anyone else contributed. Huge thanks!

Of course, the conference sponsors played a major role in the conference’s success. There were many interactions between the sponsor representatives and the attendees.

Lastly, Thomas Schreck and the Program Committee dedicated time and effort to selecting the presentations, training sessions, and conference format. A huge THANK YOU to Thomas, who did all the heavy lifting and could not join the conference. Many thanks again to my friends and members of the PC: James Chappell, Alexandre Dulaunoy, Trey Darley, and Morton Swimmer.

Thomas Schreck virtually kicks off the event

As a personal note and as a member of the Program Committee, I would like to add a couple of thoughts regarding the preparation of the FIRST CTI Symposium. The PC tried to split the workshops into two tracks: the analytical and the technical. We realized that there is a huge need for analytical content and training, and thus we allocated 8 hours (2 training sessions) on reporting, threat landscaping, intelligence requirements, and collection management. Moreover, regarding the selected presentations, we wanted diverse content: CTI 101, advanced CTI topics, the human aspect of CTI and cyber security, advances in CTI discipline, case studies from threat research, and CTI tooling. The PC selected the most appropriate presentations from the >55 submissions we received. I hope you enjoyed the program agenda as much as we did!

Regarding the highlights of the FIRST CTI Symposium 2022, one can explore the hashtag #FIRSTCTI22 on Twitter and LinkedIn to find lots of exciting content. From my perspective, my top 5 highlights of the conference included:

  1. ‘Build Your Own Threat Landscape’ Workshop by Gert-Jan Bruggink (Venation, NL); Roman Sannikov (Constellation Cyber LLC, US); Brian Mohr (Reqfast, US). The room was packed by >100 people willing to learn how to paint threat landscapes!! The content, the insights, and the delivery of the sessions was excellent!

  2. Crossing the Cyber Sad Gap by Jake Nicastro (Mandiant, US) as well as Why Your Security Analysts Are Leaving and What You Can Do to Retain Them by Thomas Kinsella (Tines, IE). These two presentations were very important because they focus on the human element of CTI and cyber security. Both presenters highlighted aspects that we do not easily speak about (e.g. burnout). Also, tangible takeaways for analysts as well as managers!

  3. Cyber Threat Intelligence Analysts and You: Understanding the Discipline to Optimize Cyber Defense Collaboration by John Doyle (Mandiant, US). A huge contribution from John to the CTI community regarding the CTI analyst skillset.

  4. Lessons from the Trenches – What I Wish I’d Known About Threat Intel Platforms by Lincoln Kaffenberger (Deloitte Global, US). The topic of Threat Intelligence Platforms is close to my heart, so I am a little bit biased. Having said that, Lincoln delivered a great presentation to discuss about lessons learned from the trenches (as the preso title promised). Really helpful content for any CTI team/analyst working with a Threat Intelligence Platform.

    Lincoln also won another award..

  5. All the Unstructured Data! Using NLP to Process Threat Reports by Patrick Grau (Bosch, DE) and ORKL: Building an Archive for Threat Intelligence History by Robert Haist (TeamViewer, DE). Both these presentations focused on using NLP and how it can help in CTI Knowledge Management. These two efforts together with Antoine Cailliau’s DocIntel are very promising for the CTI community. One would also claim that there might be collaboration opportunities among these 3 projects… just saying!

As a closing remark, I would like to thank anyone that made this conference special. It was my first in-person conference after 2,5 years since the start of the pandemic, and I had a good time and learned a lot. See you next year folks!

Closing remarks of the conference by James Chappell and Andreas Sfakianakis
Happy faces of the Day 2 Session Chairs (James Chappell and Andreas Sfakianakis)
Trying to convince Alexandre to share his bloody indicators…
Fantastic night outs in Berlin with CTI peers

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.