This blog is a written version of a talk I was blessed to give at The Diana Initiative (TDI2021) conference. Thanks to the amazing organizers, speakers, and volunteers for putting on an amazing event and for letting me be a small part of it!

Here’s the video of the talk!


Admin note: I teach a CTI 101 workshop at BSidesNOVA and randomly at other locations throughout the year, and this is my list of resources and references mentioned in my training class. If you’re just a casual reader that reached this page outside of my workshop… welcome! …


“Which threat actor should I care about today?” That was a question from my client for a few months that sort of plagued my team. The CISO always engaged in the briefing material our team presented, and he seemed to enjoy our discussions about various threat actors, but we always…


Here’s my GIANT head, drawn by this amazing artist: https://twitter.com/XLarimeX

Whether you are disseminating threat indicators internally to other teams or participating in information sharing programs within the community, context is a critical component of actionable intelligence. When analysts say, “Indicators aren’t Intelligence”, they are often referring to the contextless sharing of Observables that is too common within the Cyber…


Her name was Raider and she was the best platoon mascot

Be Positive Change. Imagine a workforce full of passionate men and women that care about the outcome of each and every day of work. Imagine what happens when you and I show up every day ready to push forward towards positive change. This isn’t ground breaking, this isn’t radical, and…


One of the best ways to ensure that you have an amazing career that is filled with challenges, enjoyment, and growth, is to consistently work to improve yourself and your surroundings. Early in my Army career, I was taught that it is important to “improve your foxhole every day.” This…


It would be really awesome to map out the most common techniques used by threat actors and prioritize those for detection, right? It would also be really awesome to know what our defense-in-depth capability looks like for the enterprise compared against threat actor techniques. Woah, slam those together and you…


So you just read my last article (Developing Team Documentation that Matters), and you’re thinking “cool story bro, but I bet the documentation is outdated in a few months.” And in most organizations, you’re probably right. But in this article, I will discuss a few options to keep your documentation…


Heeyooo! You have reached the personal blog of Andy Piazza. TURN BACK NOW! I am the Chief Evangelist of phia, LLC and a Cyber Threat Analyst supporting clients throughout the National Capital Region and beyond. I wear a few other hats for the company, but that’s not why you’re here…


My lessons learned and recommendations from developing process documentation, work instructions, and training material for awesome teams.

Admin note before we get started: I’m an analyst and will use analyst throughout this article. Feel free to replace the word with “doer” if “analyst” doesn’t describe what your team does.

Let’s…

Andy Piazza

I enjoy writing, mentoring, and sharing knowledge. Read my full bio in my whoami article https://medium.com/@andy.c.piazza/whoami-a5410956fffb

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store