A curated collection of interesting articles, tools, and resources I've found valuable.
Subscribe via RSSKatie Nickels lays out a structured self-study curriculum for learning cyber threat intelligence from first principles, drawing on intelligence community frameworks from Sherman Kent and Richards Heuer. Covers the intersection of intelligence tradecraft and cybersecurity, the importance of requirements-driven CTI, and how to engage with the broader CTI community.
A comprehensive guide to CTI self-study covering OSINT source evaluation, pivoting methodologies for infrastructure analysis, threat group clustering and naming conventions, and the nuances of attribution across public and private sectors. Essential reading for analysts building a structured self-directed learning path in cyber threat intelligence.
Open-source taxonomy for classifying detection logic bugs — the errors that cause intended detections to fail. Categorizes bugs into reformatting, omitting alternatives, context manipulation, and event fragmentation. Practical checklists for proactive rule review.
Systematic approach to AI-assisted development. Emphasizes deep codebase research before coding, detailed plans with clear success criteria, and persistent knowledge in research docs. Uses parallel agents for rapid exploration.
Detection as a strategic game between attackers and defenders. Explores Nash equilibria in security (tolerating false positives, moderate attack sophistication), why defenders must avoid predictability, and the case for broad coverage over targeted detections.
A comprehensive reference of ~100 mental models organized by discipline. Particularly useful: First Principles for breaking down detection logic, Inversion for threat modeling ('what would guarantee compromise?'), and Second-Order Thinking for anticipating attacker adaptation.
6 links curated