IT LIFE: Toni Gidwani, Threat Connect
ThreatConnect’s director of research discusses her career in IT and her investigations in to some of the most notable hacks of recent times
What is your role and who do you work for?
I’m director of research operations at ThreatConnect, a threat intelligence provider. As part of my role, I have oversight of the company’s proactive investigations into major cyber security incidents. Over the last two years, I’ve led research into some high-profile cyber attacks.
For example, I’ve investigated a hack on The Hague during a case regarding China’s claims over the South China Sea, examined phishing attacks on journalists investigating the MH70 shootdown and looked into the BlackEnergy malware campaign against Ukraine’s energy sector.
How long have you been in IT?
I have been at ThreatConnect for two years, where I joined from the Office of the Secretary of Defense. I spent the first ten years of my career working for the US Department of Defense and during my time there, I built and led analytics teams at the Defence Intelligence Agency.
What is your most interesting project to date?
Investigating Russian hacking and influence operations against the U.S. presidential election last year. We produced a series of research reports analysing the role of the FANCY BEAR threat actor and Guccifer 2.0 persona in the election, and uncovered significant links to Russian-based infrastructure, as well as a number of tactics consistent with previous Moscow-backed campaigns.
As a threat intelligence analyst, that’s really a sign of a job well done – when you’re able to pull together indicators and digital footprints and use them to uncover a bigger picture. You’re ultimately hoping that your work will help people to defend themselves better in the future.
What is your biggest challenge at the moment?
Striking the right balance between analysts and automation. The limiting factor for my team isn’t data – it’s my analysts’ time and expertise. We’re constantly refining our processes and leveraging automation to maximize the latter.
We’ve always described ourselves as ‘by analysts, for analysts’. It’s a continuous process of refining, collecting feedback, refining again, and using our experiences with our own threat intelligence platform to make sure it’s actually automating the processes that analysts want it to. Basically, we’re building an analytical Iron Man suit.
What technology were you working with ten years ago?
My job at the time had me basically living in Microsoft PowerPoint. I loved my iPod and was an early adopter of Facebook, but didn’t take the iPhone leap in 2007 (I got there in the end, though).
What is your favourite technology of all time?
Laser eye surgery (LASIK) – it’s the closest thing to magic I’ve ever experienced.
How will the Internet of Things affect your organisation?
The threat from the IoT underscores why you need threat intelligence. The sheer number of entry points into the network makes it hard to effectively plan your defence. There may be weak points you’re unaware of, unpatched bugs in your devices’ operating systems, or new malware on the market that renders your systems more vulnerable than you know.
In other words, massive amounts of non-proprietary hardware that is hard to protect. However, if you understand how attackers operate, the IoT becomes less overwhelming and you can focus on orchestrating your response. ForThreatConnect, this is an opportunity to ensure that our platform enables security analysts to fully understand the threats specific to their IoT equipment.
What smartphone do you use?
That’s a hotly debated issue in our family, but I’m on team iPhone.
What three apps could you not live without?
Parkmobile has saved me a small fortune in parking tickets, Slack has slashed the number of emails I have to deal with, and Splitwise has made group travel a breeze.
What new technology are you most excited for a) your business and b) yourself?
I think I’m supposed to say AI, but honestly, I’m more excited about new tools that are making it a lot easier to refine the sea of threat data out there. More signal. Less noise.
If you weren’t doing the job you do now, what would you be doing?
Making gelato.