From Dutch Military Intel to Private Sector Cyber Threat Intelligence — Interview w/Martijn (S2E7)

SUMMARY
Former military intelligence analyst turned consultancy director Martijn Docters van Leeuwen joins Freddy Murre to unpack what cyber threat intelligence really is, and why so many teams "talk the talk" without "walking the walk", i.e. doing the work.

Martijn Docters van Leeuwen has done the whole journey, infantry, military intelligence, stopping ATM skimming and gas attacks in the Netherlands, to building a bank's first CTI team, and now being a cybersecurity consultant.

So when he talks about CTI being a tradecraft and not a report that magically lands in your inbox, he's not theorizing. He's been the only analyst in the room wearing all seven hats, the guy getting asked "why does this cost so much?", the one trying to prove value in the six quiet months when nothing's on fire.

We get into the stuff analysts actually argue about: why most teams are great at talking the talk and bad at doing it, the trap of living in your own little football field while the business has no idea what you do, how people game their own metrics to manufacture a crisis, and where AI genuinely helps versus where it's just a confident liar with no fingers. Threat vs. risk, mirror imaging, incident-driven vs. intel-driven, and the brutal truth that training does nothing if you walk out the door and never apply it.

If you do this work — or you're trying to convince someone it's worth doing — pour a coffee and settle in.
RESOURCES
Structured Analytic Techniques (SAT) Certification Training by Intel Tradecraft and Pherson - https://inteltradecraft.com/sat-certifications
Intelligence Mind Map - https://github.com/Errum/IntelArchitectureMap
When does something go from a Google answer to Intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/
Mitre Att@ck - https://attack.mitre.org/resources/attack-data-and-tools/
Mark Arena - CTI: Comparing the incident-centric and actor-centric approaches - https://medium.com/@markarenaau/cyber-threat-intelligence-comparing-the-incident-centric-and-actor-centric-approaches-f20cfba2dea2
ASML The world's supplier to the semiconductor industry - https://www.asml.com/en
SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
TIBER European Central Bank - https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html
Freddy's resources on SANS - https://www.sans.org/profiles/freddy-murstad#resources
The intelligence cycle - https://github.com/Errum/IntelArchitectureMap
Basic cyber-hygiene guidance from CISA - https://www.cisa.gov/topics/cybersecurity-best-practices
NSM ICT Security Principles - https://nsm.no/advice-and-guidance/publications/nsm-ict-security-principles
SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
Obsidian (note-linking/mind-mapping for research) - https://obsidian.md/
CTI-CMM - https://cti-cmm.org/
CREST - https://www.crest-approved.org/
Google Notebook LM - https://notebooklm.google/
Intelligence minor, Leiden University - https://www.universiteitleiden.nl/en/education/minors/minor/fgga-minor-intelligence-studies
Heuer & Pherson Structured Analytic Techniques for Intelligence Analysis - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/
CHAPTERS
00:00 Introduction & from military intel to CTI
08:30 Building a bank's first CTI team
15:00 What is intelligence — and what is CTI?
26:00 Talking the talk vs. doing the work
35:00 Incident-driven vs. intelligence-driven CTI
46:00 Tradecraft, methodology & pricing CTI work
53:00 Collection, analysis & tailoring reports
01:04:00 Mirror imaging & understanding threat actors
01:08:00 Measuring the value of a CTI program
01:19:00 Threat vs. risk: capability, intent & opportunity
01:24:00 Training intel skills & making it stick
01:36:00 Can AI help us do intelligence better?

Видео From Dutch Military Intel to Private Sector Cyber Threat Intelligence — Interview w/Martijn (S2E7) канала Intelligence Tradecraft