Episode 147: Actualizing Threat Intel for Effective Defense
In episode 147 of Cybersecurity Where You Are, Sean Atkinson is joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security® (CIS®); and Kaitlin Drape, Hybrid Threat Intelligence Analyst at CIS. Together, they discuss how to actualize threat intel for the purpose of building effective defense programs and operational response plans.
Here are some highlights from our episode:
- 01:27. Which two questions you want to answer when providing intelligence on a threat
- 05:19. How to avoid underutilizing or misunderstanding the utility of threat intel
- 13.18. A real-life story from John of when intelligence made a difference in a security incident
- 17:05. The foundation and building blocks of maturing your threat intelligence program
- 22:14. The value of working with non-intelligence groups to formulate effective response plans
- 24:22. CIS's ongoing work to help organizations proactively ingest and use threat intel
- 28:24. How cross-collaboration across an organization brings threat intel into a lifecycle
- 31:01. Kaitlin's work as an exemplar of how to make threat intelligence operational
- 36:20. The ongoing evolution of hybrid threat intel to inform meaningful operational responses
Resources
- ThreatWA™
- How Threat Modeling, Actor Attribution Grow Cyber Defenses
- Countering Multidimensional Threats: Lessons Learned from the 2024 Election
- Episode 119: Multidimensional Threat Defense at Large Events
- Sinaloa cartel used phone data and surveillance cameras to find FBI informants, DOJ says
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.