CM-CTI LEVEL 2.0: MANAGED

You’ve started to document some of your day-to-day tasks so that you can train new-hires and CTI production doesn’t have to stop when you go on vacation to Aruba.

You’ve even started to pitch your products and services to other business units and asking them what their requirements would be.

You’re still keeping up with industry news, but additionally, you’ve joined some relevant ISACs and started getting email chains about threats other companies in your industry are seeing.

You spun up your own MISP instance so that you can shovel a bunch of free open source IOC feeds into it and use it mainly as a repository.

Every once in while, when you’re not busy doing the regular day-to-day stuff, you pick up on something interesting and start pivoting around IOCs looking for connections. Of course, the rabbit hole doesn’t go very far because all you’ve got are OSINT tools.

But at least you’ve got some snazzy, standardized report types now!

You feel like you’re doing a good job, but you’re not quite sure.. because you just keep pushing all these products and data out but you never really get any feedback or anything. Is anyone even reading this stuff?