In episode 68 of The Cyber5, we are joined by Executive Director and Head of Global Threat Intelligence for Morgan Stanley, Valentina Soria.

We discuss leading a large-scale threat intelligence program in the financial institution space and how to make intelligence absorbable by multiple consumers. We also talk about how intelligence teams can build processes and technology at scale to increase investment costs to criminals. Finally, we touch on large enterprises being a value-add to small and medium-sized businesses.

Two Key Takeaways:

1) Intelligence is Valued Differently By Different Stakeholders

1. Tactical, operational, and strategic intelligence gains can fill many gaps in business, inside and outside the security operations function.
2. Good intelligence analysis should make business stakeholders rethink their assumptions about risk and address realities regarding specific scenarios around the state of the organization’s risk posture.

2) Begin with the SOC, then Spread Across All Business Sectors

1. Cyber threat intelligence is a journey and it takes time to realize a return on investment. Find coverage gaps that complement existing controls that have current metrics leveraged against them and leverage them.
2. User Metrics to help, such as:
   1. For SOC/CIRT Teams: The number of incidents and issues remediated, quantity of vulnerabilities patched, and most importantly, enumerate or outline the loss that could have occurred from those exploited vulnerabilities.
   2. For Outside the SOC: Inform the business of any type of risk through tactical, strategic, and operational intelligence.