In this video, Authentic8’s Digital Intelligence Advocate AJ Nash explains why most cybersecurity predictions miss the mark and why the intelligence community doesn’t make “predictions” at all. Instead, real intelligence assessments focus on confidence levels, assumptions, alternative scenarios, and indicators that tell you when you might be wrong.
AJ Nash explains why discovering a breach can shift advantage to attackers, citing CrowdStrike data showing breakout times as low as 48 minutes—and even 51 seconds. He argues that response plans must account for sophisticated adversaries who, once alerted, may deploy secondary payloads, destroy forensic evidence, or escalate. Nash outlines “the quiet pursuit”: keeping investigative activity isolated from production systems, making research appear to originate outside the compromised network, and maintaining an internal audit trail, so teams can gather intelligence and respond decisively without triggering escalation.
Join AJ Nash in this Intel Drop episode as he dives into building an intelligence-driven SOC. Despite significant investments in tools and technologies, many organizations remain reactive due to the lack of planning and direction in their intelligence cycles. AJ discusses the importance of defining leadership decisions and intelligence requirements to create truly effective cybersecurity operations.
In this video, Authentic8’s Digital Intelligence Advocate AJ Nash explains why most cybersecurity predictions miss the mark and why the intelligence community doesn’t make “predictions” at all. Instead, real intelligence assessments focus on confidence levels, assumptions, alternative scenarios, and indicators that tell you when you might be wrong.
AJ Nash discusses the limitations of relying solely on Indicators of Compromise (IOCs) in cybersecurity. Instead, he highlights the importance of Indicators and Warning (I&W) for predicting and preventing cyber threats before they occur. Drawing parallels to military intelligence, he explains why understanding adversary behavior and contextual analysis are crucial for an effective threat intelligence program.
AJ Nash, Digital Intelligence Advocate at Authentic8, discusses the most common failure in threat intelligence: reports that go unread and unutilized. This episode dives into the importance of effective dissemination, highlighting how crucial it is to deliver the right information to the appropriate decision-makers in a timely manner and in an accessible format. Nash emphasizes understanding the specific needs of stakeholders and tailoring the delivery format accordingly to ensure intelligence is not just produced but also actionable and impactful.
