Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

I'm reviewing the comments, and the acronyms have serious sounding tone, however, the message is clear. Cybersecurity is supposed to be a serious skill to contribute towards in terms of development and refinement even with the nostalgia of a sitcom of what hacking is to the general public. As Ronan briefly mentioned, I've started getting a grasp on how to develop well formulated hypothesizes supported by the MITRE ATT&CK which is implemented from an individual case study analysis all the way up to the highest level in the Department of Defense. I only learned about it by going back to graduate school for a master's degree in cybersecurity at New York University. This is important to me because I don't have any direct or first connections with an organization of knowledge and personnel tied to securing myself on an individual basis and the present and future organizations that support me. Transitioning into this field feels is an easier transition than a background than most other fields because I'm able to pinpoint where innocent web development concepts come from and understand how business regulations support legal enforcement in the NIST playbook.

As I'm reviewing the fundamentals of network and privacy, I'm beginning to see the impact my career has shaped towards as I progress forward in terms of leadership and management too. I'm bombarded by different kinds of methods, mainly technical, to secure vulnerabilities and handle risks effectively but at the end of the day, people and personnel remain an effective liaison in preventing catastrophic events.

Unless from CTI platforms, I have often found that one must take threat intelligence analysis provided by vendors (no matter how reputable) to be biased and should be consumed within the context of what the vendor believes to be in its best interests. The exception to this are the advisories published by national cyber defense agencies, like CISA (& FBI Cyber), CCSA, NCSC, ACSC, etc. They generally provide great detail and provide information on IOCs and MITRE ATT&CK mappings. We just need to hope that CISA continues to be funded by the Department of Homeland Security to guarantee this service continues.

We strive not to be dependent on a single source for threat intelligence, especially given the rapid changes brought about by advances in AI. The speed of change has increased significantly, so we are working to diversify our sources and create an efficient internal process. Traditional sources remain valid, but our focus is on broadening our approach to ensure we are not reliant on any one provider.

We receive excellent information through an ISAC, and I was initially concerned that instability in government institutions and funding might affect the openness of information sharing. However, we have not seen any negative impact; people continue to share information as openly as before, which is fortunate. My hope is that if funding for organizations like CISA were to end, any gaps in information sharing would be filled by other means, as this intelligence is crucial for us. The ISAC provides an invaluable early warning system, and the depth of insight we gain from competitors and others in the health sector is remarkable.

I am not seeing a disruption in the public-private space regarding threat intelligence. In fact, I am observing the opposite. Our company serves approximately 700 customers worldwide, and within the context of the supply chain, customers often look to us for threat intelligence relevant to their business. The pace of threat intelligence has accelerated significantly, it feels almost like drinking from a fire hose. The challenge lies in quickly distilling this information and making sense of it within our own environment and across the many environments we support. While it has not become an astronomical challenge yet, I suspect this is the reality we will continue to face, especially as vendors like Microsoft and Apple release new critical vulnerabilities month after month.