Five Things to Consider for a Successful Intelligence Team - Part 2
#2 - Encourage Internal Development (DEVOPS)
In Part 1 of this series, I covered the need to invest in the proper people and tools for the intelligence team. This consisted of identifying those with the necessary skills and understanding of intelligence methodologies, while also looking at some necessary tools for the collection, storage and analysis of intelligence information. In this edition, I will go a little further into tools, but from a development standpoint also known as Development Operations (DEVOPS).
DEVOPS is a term used to show the collaboration between development and operations staffs, or operations staffs that participate in adhoc, who personally run development. The purpose of DEVOPS is to streamline the development process when creating applications and tools to ensure that collaboration leads to a quicker release of customized, in-house tools and programs.
DEVOPS allows staff to identify capability gaps in already developed or purchased tools and quickly respond with their own development cycle to create what is necessary to fill these gaps, either with additional capabilities or the creation of a complete new application. For example, I will point you to a friend of FishNet Security’s gTIC, Scott Roberts and the great work he is doing over at GitHub.
In his blog titled “Using Robots to Fight Bad Guys,” Scott gives access to presentation slides and content given at a few separate talks to speak about how GitHub uses custom-built tools to augment their collaboration, both with day-to-day operations and within intelligence-driven incident response. The key here is that with the right people - smart, imaginative, outside-the-box thinkers and doers - great concepts can be made reality through DEVOPS.
Lair is another great example of DEVOPs that resides within FishNet Security’s Security Assessment professional services practice. Lair was created to be a collaborative penetration testing framework that increases the efficiency, accuracy and quality of penetration testing engagements executed for our clients. It continues to be updated, and you can find out more about these upgrades through Dan Kottmann’s recent blog, “Updates to the Lair Ecosystem.”
Within gTIC, we are currently using DEVOPs to build out our own instance of CIF, create custom tools and scripts for downloading and analyzing malware, extract indicators of compromise and create intelligence visualization tools to populate our own threat map. The end result of our efforts - true, intelligence-driven Managed Security Services - allows us to take action on collected information and analysis in order to increase the security posture of our clients.
Having the proper people, tools and encouraging internal development goes a long way in getting to intelligence-driven operations.
- Part 1 - Invest in Proper People and Tools
- Part 3 - Allow for Open Communication
- Part 4 - Don't Shy Away from Sharing
- Part 5 - Make It Operational
Director, Cyber Threat Intelligence
Danny Pickens has more than fifteen years of experience in the fields of military intelligence, counterterrorism and cyber security. As the director of Optiv’s cyber threat intelligence (CTI) practice, Pickens is responsible for the direction and operations of a staff of CTI analysts and consultants charged with conducting research and analysis to support clients with strategic advisement and consulting in the area of intelligence for business alignment and decision advantage.