3 links
Katie Nickels lays out a structured self-study curriculum for learning cyber threat intelligence from first principles, drawing on intelligence community frameworks from Sherman Kent and Richards Heuer. Covers the intersection of intelligence tradecraft and cybersecurity, the importance of requirements-driven CTI, and how to engage with the broader CTI community.
Open-source taxonomy for classifying detection logic bugs — the errors that cause intended detections to fail. Categorizes bugs into reformatting, omitting alternatives, context manipulation, and event fragmentation. Practical checklists for proactive rule review.
Detection as a strategic game between attackers and defenders. Explores Nash equilibria in security (tolerating false positives, moderate attack sophistication), why defenders must avoid predictability, and the case for broad coverage over targeted detections.