Managing time to complete intelligence sharing is a huge
priority for Peer Choice Winner Angeline Button. She manages to be a rock-solid
resource for not only the intel sharing community, but as a strong female
influence in cyber security.
Angeline is the practice lead of Threat Hunting & Intelligence at Dillard’s. In her role, she manages Dillard’s MSSP, continues the process of maturing Dillard’s Threat Intelligence, and is involved in email security and PKI.
Angeline has had many jobs including working for a local newspaper, pneumatics distributor, constituent liaison for a state senator, risk management for a trucking company, project management and web administration, before finding her passion in centralized logging and security.
Here’s what Angeline has to say about sharing and the benefits of being an R-CISC member:
1. How has information shared via the R-CISC benefited
Threat Intelligence Sharing: There have been two occasions that come to mind where R-CISC members sharing IOCs have notified us of an issue on our site as well as malicious emails that bypassed our security controls. We have used Information in the portal on how to monitor for threats to create new credential stuffing and fraud monitoring, and, because of R-CISC, we have begun monitoring our email threats daily (to share “interesting” threats) instead of weekly (for reporting). We have also added additional logging/monitoring due to suspicious activity that was noted in the “Strange Gift Card Related Activity” email. Originally, we didn’t have the logging in place to assist with the question from Target, but as a result we do now and will be able to share/alert on spikes in activity to email domains, etc.
Slack Chat: Sharing via Slack is one of my favorite ways to ask a question. Everyone is willing to give advice and share their insights. I’ve been willing to ask some pretty simple questions, and no one has ever been rude or dismissive. I’ve also learned quite a bit just reading comments and questions from other members as well.
Presentations/GoToWebinars: This year we are focused on maturing our Threat Intelligence and our path has been assisted greatly by the following presentations/webinars: MISP – Malware Information Sharing Platform; Publix’s Journey from SecOps to Security Threat Intelligence, Building an Intelligence Program with Resource Constraints, and Gap Cyber Threat Hunting: Maltego – just to name a few. Finally, it’s always good to get to know everyone in person via the Regional Workshops and Summit. I look forward to going this year.
2. Many companies say it’s difficult to find time to
share. How do you find time?
I’ll admit starting out that it took a lot of time to compile the information and review before sharing, and I’d only be able to do it a few times a week. We have been working to streamline the process so I can carve out time to share on a daily basis with the goal of automating some of the reporting/IOCs.
3. You received the Breakthrough Female in Cybersecurity award last year. What did it mean to receive this award?
I honestly wasn’t expecting to receive a Peer Choice Award last year along with Vanessa at Gap. I’m honored, especially because I felt like a relative newcomer to threat intelligence. I’ve also been incredibly lucky to have a manager, director and CIO who firmly believe in sharing intelligence within this community.
4. What can leaders do to increase the number of women in security?
I believe we need to have a welcoming atmosphere for women coming into this field, and an even bigger impact is seeing the growing number of women already flourishing in security. For example, women hold both our Information Security Officer and Manager of Information Security positions at Dillard’s.