Mounir Kamal

DFIR Manager at Q-CERT

Cyber Threat intelligence

Session Title | "Know your Adversary" How is Threat Intelligence can drive information Security from strategy to offensive?

There will be exploring the use of cyber threat intelligence in the full stack of information security during the session. Starting from information security strategy, Risk management, security controls, security defenses, Security operation including incident analysis, and the course of actions that could harmonize the full stack of information security.
There will be some new test concept of using MITRE ATT & CK, Kill Chain Diamond Model during the session. Additional details technical example based on real attacks and the exercise of real intrusion clustering with some historical Threat intelligence pitfalls

Conduct and orchestrate significant cyber-attack analysis, and Threat Intelligence analysis is my daily job. Along with Business linked reports using enterprise security architecture approaches, such as SABSA, as well as different levels of threat modeling methodologies like Attack Tree, STRIDE, and TARA.

Performed a hacking investigation and incident response for thousands of cases, including malware, exploitations, and log analysis. Conducting a Threat Intelligence Analysis report regarding specific activity groups, ICS/SCADA security evaluation, assessment, and threat modeling. Designed and developed a national Cybersecurity drill. Established an information-sharing platform. Built malware analysis as well as digital forensics labs. Performed various post-attack activities, including recovery, information security program review, evaluation of security controls. Developed and managed information security, capable of achieving business requirements.

Mounir has conducted many speeches starting from 2009 on Presenting FIRST TC, Egypt., Oil Gas Cyber Security Conference, UK, ICS-ISAC Conference, Georgia Institute, USA, Annual Honeynet Workshop, UAE, First Annual Conference, Malta, ITU Security Conference, Qatar, Annual Honeynet Workshop, Malaysia.

Mounir has earned some security professional certification and degree such as MSc of InfoSec, Royal Holloway, CISSP, GCTI , GCFA, GOLD GIAC GICSP, SABSA SCF - CSIH - Carnegie Mellon University, CREA, CEH, and CHFI. Also SANS publication on ICS Layered Threat Modelling (SANS Reading Room)