Episode 23 of the podcast covers automation for stronger cyber threat intelligence (CTI), red team, and blue team collaboration with Scythe CTO Jorge Orchilles.
Outline:
(01:25) Question 1)Explain the difference between attack simulation techniques and MITRE ATT&CK techniques and elaborate what is more useful for a blue team.
(03:04) Question 2)Is an attack simulation more useful to a blue team than threat intelligence?
(06:27) Question 3)In your opinion, should MITRE ATT&CK start incorporating red team techniques into their framework(s)? Why or why not?
(07:56) Question 4)What’s a role automation can play to better remediate between numerous stakeholders following a red team? What are some of the challenges with automating behavior as well as malicious adversary tools and TTPs? Is it difficult to automate specific cyber actors?
(16:53) Question 5)How can red teams and threat intelligence teams be combining their skillsets and efforts more efficiently?