I’m excited to share that, in addition to my main presentation at RSAC 2025, I’ll be facilitating a Birds of a Feather session called “Is Threat Intel Answering the Right Questions?” This will be an interactive discussion—no slides, no scripted lecture—just a chance for us to examine what really matters in cyber threat intelligence.

Why This Topic?

In the world of CTI, many teams focus on who is behind an attack (attribution) and what artifacts (IOCs) might block or detect it. But are these elements enough to cover the “right questions” that defenders must address every day? Attackers can easily switch IP addresses and domains, and an organization may not always benefit from deep actor profiling.

The session aims to explore how we can turn threat intel into more actionable insights—especially in areas like TTPs (tactics, techniques, and procedures), where defenders often find the best long-term value.

What to Expect

• Open Conversation

We’ll kick off with key questions around whether IoCs alone suffice, if attribution is overused, and how TTPs might fill in gaps. Then we’ll hand the mic (literally) around for everyone to weigh in.

• Real-World Perspectives

Whether you’re a seasoned threat intel analyst or just starting to integrate CTI, this BoF is a space to share experiences, debate approaches, and learn from peers.

• Practical Takeaways

Expect to leave with at least one or two insights—maybe a new method for prioritizing intel or a fresh perspective on balancing who vs. how. Our collective stories often spark the best ideas.

Join the Discussion

If you’ll be at RSAC 2025, drop by and lend your voice! Is threat intel truly answering the questions defenders need answered—or is there a disconnect between intel feeds and actual security outcomes? Let’s talk candidly about what works, what doesn’t, and how we can steer CTI toward more meaningful results.

(Feel free to contact me if you have any pre-session questions or want to share initial thoughts. See you at RSAC!)

I’m thrilled to share that I’ll be speaking at RSA Conference 2025, one of the biggest cybersecurity events in the world. It’s an incredible opportunity to connect with industry experts, exchange ideas, and discuss the latest advancements in cybersecurity.

My session, “Lessons Learned from Implementing an Intel-Based Purple Teaming Process”, will take place on Saturday, May 1st 12:20 PDT as part of the Security Strategy & Architecture track.

In this talk, I’ll dive into:

✔️ How to integrate threat intelligence-based purple teaming into an organization
✔️ Practical challenges and lessons learned along the way
✔️ Using MITRE ATT&CK to guide testing and prioritize TTPs for adversary simulation
✔️ How this approach enhances risk assessment and improves security posture

This is a topic I’m passionate about, as it blends real-world threat intelligence with red and blue team collaboration to drive meaningful security improvements. If you’re working in threat intelligence, red teaming, blue teaming, or risk management, this session will provide practical insights to help elevate your security strategy.

Through this session, I hope to spark conversations, share what has worked (and what hasn’t), and learn from others in the field. I’d love to connect with you at RSAC 2025—whether at my session or around the event. If you’re attending, feel free to reach out!

More details about my session here: https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1728065297917001WxUx

Let’s make RSA Conference 2025 an opportunity to learn, share, and strengthen our cybersecurity community. See you in San Francisco!