On 30 and 31 of January, ENISA CTI-EU 2020 took place in Brussels. The conference was a splendid CTI bonding event bringing together 20 speakers, 160 participants and 9 vendors of CTI products.

ENISA did a great job to bring together all the above stakeholders and build an environment for connecting and exchanging ideas regarding CTI (especially within European context). Such an event is much needed within Europe since there are not a lot of opportunities to connect CTI peers from the industry with people from the public sector and from the European Commission.

Moreover, the content of the presentations was of high quality (see agenda here). Having participated in all the previous ENISA CTI-EU conferences, this was the one with the most interesting presentations. I would highly recommend checking the slides of the presentations (no video recording is available) when ENISA uploads them to its website. I have to admit that I missed some of the presentations because of the … bonding nature of the event, but the ones that I found most interesting and informative are the below ones:

Manon Le Blanc (EEAS) – “CTI to support the use of the EU cyber diplomacy toolbox”. Probably the best presentation at the conference. Good to see how European Union External Action uses CTI to support diplomacy. Manon was also a great presenter! Georgios Giannopoulos (JRC) – “Cybersecurity and Hybrid Threats: Putting in context incidents and open source intelligence“. Great job done by the Joint Research Centre. Samuel Hassine (ANSSI) – “Building actionable threat intelligence knowledge using OpenCTI: a case study”. Check OpenCTI here. Prof. Christian Doerr (HPI) – “Measuring and Improving Your Organisation’s Cyber Threat Intelligence Capability“. Determine your CTI maturity here. Omid Raghimi (Palantir Technologies) – “Brushing up on STIX & ATT&CK – Exploiting the CTI Models”. Omid made us rethink some of the thoughts we have about STIX standard and its usage. Check the slides and the references here. Frederic Garnier (CERT-EU) – “Information Fusion for CTI benefits and challenges”. Interesting perspective on how CERT-EU implements CTI processes and lessons learned. Pasquale Stirparo (Google) – “Your requirements are not my requirements”. This is a foundational presentation on CTI and most specifically on the intelligence direction phase. I cannot stress how important are intelligence requirements for the intelligence process. See the presentation here.

The conference would not be a success without the contribution of Louis Marinos and Marco Lourenco from ENISA CTI Team that did a fantastic job. A big thanks to you guys from all of us and keep up the good work!

From my side, I had the opportunity to present on “Technology enablement in the intelligence cycle (and the role of TIPs)“. The presentation focused on the technology tools needed by CTI analysts for each phase of the intelligence cycle as well as the role that Threat Intelligence Platforms play. This is an interesting area that I have been working on (see relevant ENISA report here) and focused on the challenges and the opportunities for today’s CTI analyst’s toolset.

The presentation slides can be found here.

The references and additional resources can be found here.

All in all, I really enjoyed the conference since I learned a lot, met my European friends and made some new ones. Thanks again to the organizers and see you next year!