Skip to main content

Five Things to Consider for a Successful Intelligence Team - Part 2

July 24, 2014

#2 - Encourage Internal Development (DEVOPS)

In Part 1 of this series, I covered the need to invest in the proper people and tools for the intelligence team. This consisted of identifying those with the necessary skills and understanding of intelligence methodologies, while also looking at some necessary tools for the collection, storage and analysis of intelligence information. In this edition, I will go a little further into tools, but from a development standpoint also known as Development Operations (DEVOPS).

DEVOPS is a term used to show the collaboration between development and operations staffs, or operations staffs that participate in adhoc, who personally run development. The purpose of DEVOPS is to streamline the development process when creating applications and tools to ensure that collaboration leads to a quicker release of customized, in-house tools and programs.

DEVOPS allows staff to identify capability gaps in already developed or purchased tools and quickly respond with their own development cycle to create what is necessary to fill these gaps, either with additional capabilities or the creation of a complete new application. For example, I will point you to a friend of FishNet Security’s gTIC, Scott Roberts and the great work he is doing over at GitHub.

In his blog titled “Using Robots to Fight Bad Guys,” Scott gives access to presentation slides and content given at a few separate talks to speak about how GitHub uses custom-built tools to augment their collaboration, both with day-to-day operations and within intelligence-driven incident response. The key here is that with the right people - smart, imaginative, outside-the-box thinkers and doers - great concepts can be made reality through DEVOPS.

Lair is another great example of DEVOPs that resides within FishNet Security’s Security Assessment professional services practice. Lair was created to be a collaborative penetration testing framework that increases the efficiency, accuracy and quality of penetration testing engagements executed for our clients. It continues to be updated, and you can find out more about these upgrades through Dan Kottmann’s recent blog, “Updates to the Lair Ecosystem.”

Within gTIC, we are currently using DEVOPs to build out our own instance of CIF, create custom tools and scripts for downloading and analyzing malware, extract indicators of compromise and create intelligence visualization tools to populate our own threat map. The end result of our efforts - true, intelligence-driven Managed Security Services - allows us to take action on collected information and analysis in order to increase the security posture of our clients.

Having the proper people, tools and encouraging internal development goes a long way in getting to intelligence-driven operations.

Additional Installments


    Danny Pickens

By: Danny Pickens

Senior Director, Theat Management Operations

See More

Related Blogs

July 31, 2014

Five Things to Consider for a Successful Intelligence Team - Part 3

Part 1 and Part 2 of this series concentrated on people, tools and encouraging DEVOPS. All of these are great considerations when building or beginnin...

See Details

August 26, 2014

Five Things to Consider for a Successful Intelligence Team - Part 4

In Part 3, “Allow for Open Communication,” I talked about the need for open communication to and from the intelligence team. For this edition, I am go...

See Details

September 04, 2014

Five Things to Consider for a Successful Intelligence Team - Part 5

The previous four parts in this series have covered subjects necessary to make an intelligence staff a successful endeavor for an enterprise. In this ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 29, 2016

2016 Cyber Threat Intelligence

Learn how Optiv’s cyber threat intelligence solution helps clients improve their threat response approach.

See Details

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

April 19, 2018

Cyber Threat Intelligence-as-a-Service

Learn how Optiv’s Cyber Threat Intelligence-as-a-Service solution provides you with an advanced "beyond the perimeter" capability as a part of your cy...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.