In this episode of The Pivot podcast, we welcome Vicente Diaz!
Vicente Diaz is the Threat Intelligence Strategist in the VirusTotal team at Google. With years of valuable experience in the field, Vicente shared his experiences about his threat hunting journey and what threat intelligence means to him.
This episode also answers questions for all of us out there who would like to keep ourselves and workplaces safe in today’s world where technology is present everywhere. Listen to this podcast episode on Spotify, Apple Podcast, Google Podcast, or the Maltego YouTube channel!
The Pivot: Your New OSINT and Infosec Podcast đź”—︎
Brought to you by Maltego, The Pivot is your OSINT and infosec podcast that dives deep into topics pivoting from information security to the criminal underground. Through The Pivot episodes, we aim to share insightful information for beginners and seasoned investigators alike, shedding light on all things OSINT and infosec from an insider’s perspective.
Each episode features one or two of Maltego’s own Subject Matter Experts as the host and an external expert, researcher, or industry leader invited to share their projects, stories, experiences, and advice.
Where to Listen to The Pivot? đź”—︎
The Pivot podcast is available on Spotify, Apple Podcast, Google Podcast, and the Maltego YouTube channel. Each episode is 45 to 60 minutes long and is released on the 15th of every month. Stay tuned with us for more updates!
What does threat intelligence mean to you right now at where you are right now? đź”—︎
Vicente: In my current position at VirusTotal, I’m most interested in developing our platform, so that it is useful for everyone. But if you go to the roots of what threat intel means, traditional intelligence is something really old and we are inventing nothing new here.
Threat intelligence is trying to make sense of things. At the end of the day, it is having the capability to make the right decisions based on the threats that are around us. This is not so easy to understand because the whole security industry and the problem it has for many years is—how can you justify the investment and how can you show that this 2 million that we invest there are paying off?
So again, finding the right intelligence is even a bit more complicated, especially for non-technical people, because there are so many different factors to consider. From one side, there are technical threats themselves. From another side, there are the security strategies you are developing for your company. There are also the goals that the company has, and they could be economic goals. They could be growth goals. This should be taken into account too.
There are no resources for everything, unfortunately, and sometimes even if you do— it’s difficult to understand what will hit you and how this will affect the whole business.
What was the most interesting learnings you have as a threat intelligence analyst? đź”—︎
Vicente: I found myself in the same position multiple times within our teams – wherein I learned that resources are very scarce. I had to really dig in and figure out things we could maybe research on or simply look at because that is what threat intelligence today really entails. The constant development and modification of our resources to aid our investigations more effectively.
Being in threat intelligence and being a good analyst, there are so many things to consider. One of them that I found fascinating was learning about all the psychological biases that we have. All the decisions that we make are based on preconceived answers that we are expecting to get. How we react in our brains.
How did you go about securing your environment and finding threats back in the day? đź”—︎
Vicente: I definitely think that it is a crazy place to be in. Back in the day when I was in university, there weren’t so many resources and there definitely wasn’t too much information about it. So, the only way to go about it was to really speak to people and gather information. We also had to go extra lengths to gather information from various different channels – some underground channels as well.
What is worth mentioning is that back in the day, we weren’t really living in a world of all of these super-sophisticated attacks. It was mostly attacks on banking projects. Data wasn’t so encrypted and therefore understanding what was going on was much easier. And then there was a shift—There were back-to-back attacks on big companies and governments for five years straight. That was when things really started to fall in the right places for me and I started to understand how to really go about it.
What are the top three tools or in light of cyber threats? đź”—︎
Vicente: Something that I always mention—First, go through the basics. Like, are you updating the software? Are you installing whatever is not necessary? Are you teaching people in your company how to prevent social engineering?
Things like that. Cyber awareness. It’s like the entry point for around 70% or so of cyber attacks. Secondly, is your team of threat analysts aware of everything and able to understand how things are affecting your own business and what kind of decisions to make? Yes, be aware that you will never be able to protect against absolutely everything. It’s simply impossible, but you need to know how to prioritize.
And for me, it’s especially relevant to monitor. Monitor internally and externally: what kind of threats we are seeing, how this is evolving, what campaigns are impacted now, where is the recent vulnerability being massively exploited at this moment, what kind of systems are being affected…
You really need to be on top of things because these waves happen. And when these waves happen and you’re not ready, you will be dragging.
Finally, I will say, let’s not worry that much because you know, all these conversations are always negative, full of threats, full of things to do, full of running and trying, and I think it even affects our mental state. Try to take your time, to enjoy other things like art, music, painting, or sports. It’s super important for any analyst’s mental state to have other enjoyments.
You can be in a 24/7 drag by events, by malware, by campaigns, by technologies, by techniques. Never ending. So take your time. You need to be able to do things and you need to keep your mental state.
There’s More! Listen to Our Full Interview with Vicente! đź”—︎
If you find the snippets of the interview interesting, don’t miss the full interview!
Listen to our full interview with Vicente to learn more about:
- Vicente’s journey up until now and how he really got into the world of threat intelligence
- A peek into one of his interesting investigations with the VirusTotal team
- His most frequently used toolkits for his investigations
And much more!
Listen to this podcast episode on Spotify, Apple Podcast, and Google Podcast and follow our podcast for future episodes!
Check out Vicente’s work on his Twitter!
Don’t forget to follow us on Twitter, LinkedIn, and YouTube, and subscribe to our email newsletter, so that you never miss an update, tutorial, or interview like this.
Happy investigating!