Pedro Barros, a security analyst and educator at Houston Community College, dives into the complexities of threat intelligence. He discusses the problematic prevalence of 'combo lists,' which recycle old data as new threats. Emphasizing the need for actionable intelligence, he advocates for quarterly evaluations of threat feeds based on accuracy and relevance. For those interested in a career in Cyber Threat Intelligence, he suggests understanding various security roles and recommends 'Visual Threat Intelligence' as a must-read, highlighting its engaging nature.
32:07
forum Ask episode
web_stories AI Snips
view_agenda Chapters
menu_book Books
auto_awesome Transcript
info_circle Episode notes
question_answer ANECDOTE
Pedro Barros' CTI Journey
Pedro Barros started as a junior SOC analyst and transitioned to threat intelligence through incident response and research work.
He views threat intelligence as a foundational pillar supporting various cybersecurity roles like detection engineering and red teaming.
volunteer_activism ADVICE
Build Broad Cybersecurity Foundations
Gain fundamentals in incident response, forensics, detection engineering, and vulnerability management to excel in CTI.
Understanding these areas helps bridge gaps and focus on what matters to a company.
question_answer ANECDOTE
Combo Lists Cause False Alerts
Pedro dislikes "combo lists" that recycle old breach data as new threat intel, causing false alerts and panic.
Good threat feeds enrich data with context like breach timing to create actionable intelligence.
Get the Snipd Podcast app to discover more snips from this episode
Navigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.
Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.
The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.
For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.
Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Cyber Threat Intelligence Podcast 
