In our latest episode of the Future of Threat Intelligence podcast, David welcomes Justin Jettòn, Senior Threat Intelligence Engineer at Veeva Systems who brings his military intelligence background to discuss the evolving landscape of cybersecurity. Drawing from his experience transitioning from forensics to threat intelligence, Justin explores how AI is transforming both offensive and defensive capabilities in cybersecurity.

They discuss the potential of AI in early threat detection, the critical need for breaking down organizational silos to improve collective defense, and finding the right balance between automation and human analysis. Justin also emphasizes that while technology advances, the human element remains crucial for effective threat intelligence analysis.

Topics discussed:

• Artificial intelligence is reducing the timeline between threat identification and new attack development, lowering barriers for adversaries.
• Using AI models for "indications and warning" could help identify threat patterns earlier, enabling proactive defense strategies.
• Breaking down organizational silos and creating security collectives is crucial for effective threat intelligence in modern cybersecurity.
• Despite technological advances, human analysts remain essential for contextual understanding and strategic threat assessment.
• Adding multiple security tools can extend detection time; organizations need better strategies for tool integration and automation.
• Clear distinction between engineering and analyst roles, with engineers handling technology while analysts focus on assessment and dissemination.
• Future security teams need balanced automation with human oversight, following the military's OODA (Observe, Orient, Decide, Act) loop.

Key Takeaways:

• Implement human verification checkpoints within automated security processes to maintain the "trust but verify" approach in threat intelligence workflows.
• Evaluate your organization's security tool stack to prevent tool fatigue — focus on understanding each tool's workflow before adding new ones.
• Develop comprehensive understanding of automation processes, from data collection points to decision thresholds, before deploying new security automation.
• Establish cross-organizational information sharing frameworks to enhance collective threat detection capabilities through shared AI models.
• Differentiate clearly between threat intelligence engineering and analyst roles to optimize team structure and workflow efficiency.
• Incorporate the OODA loop (Observe, Orient, Decide, Act) methodology into your threat intelligence processes, ensuring human oversight at critical points.
• Broaden your threat intelligence perspective by studying geopolitical events and connecting them to potential cybersecurity implications.
• Create sampling protocols to regularly verify that automated security systems are functioning as intended and catching relevant threats.
• Build collaborative relationships with ISPs, tech companies, and security vendors to expand threat detection capabilities beyond organizational boundaries.
• Document automation workflows thoroughly to ensure security teams understand where decision points occur and how data flows through the system.