Spot on. You hit the nail on the head regarding the gap between 'consuming alerts' and 'understanding tradecraft.'
External intelligence is just a grocery list; without that visceral, ground-level experience (like NotPetya), you’re just staring at ingredients without knowing how to cook. Most organizations treat threat feeds as a substitute for institutional memory, but as we’re seeing at CISA, when the people with the 'scar tissue' leave, the context goes with them.
Thanks for the sharp addition to the conversation—glad the breakdown resonated!
Spot on. You hit the nail on the head regarding the gap between 'consuming alerts' and 'understanding tradecraft.'
External intelligence is just a grocery list; without that visceral, ground-level experience (like NotPetya), you’re just staring at ingredients without knowing how to cook. Most organizations treat threat feeds as a substitute for institutional memory, but as we’re seeing at CISA, when the people with the 'scar tissue' leave, the context goes with them.
Thanks for the sharp addition to the conversation—glad the breakdown resonated!