Ransomware is part of every company’s threat model. It’s a global security threat to organizations of all sizes. It has gotten out of control, and we simply can’t continue like this. Over the past year, I’ve become increasingly morose as I, like many of you, have watched network after network be compromised, resulting in real people’s lives being ruined. I’ve tried to share what I can from where I sit in the hopes that it helps others prevent ransomware. But I’ve come to realize that my efforts alone are not enough.

When I was asked to join the Ransomware Task…


There are many ways to learn. While some people prefer to have a live instructor in a course, others are great at doing self-study. I teach SANS FOR578: Cyber Threat Intelligence, which is a great course if you want to learn about cyber threat intelligence (CTI), but I realize not everyone can afford it.

Here’s the good news: if you are committed, you can learn a lot of the same concepts that paid courses teach, but on your own. It won’t be the same, but you can still learn a ton if this learning style works for you. I wanted…


One of the most frequent messages I get is from people who are looking for advice on getting started in cyber threat intelligence (CTI). I thought it would be useful to compile my answers to some of the most frequently asked questions I receive. It’s important to caveat this post with a note that these are my opinions and experiences only (and I only have so much room to type before you get bored). Others have different perspectives, so I encourage anyone interested in this field to ask around.

How did you get started in CTI?

This is a good question and I understand why people ask…


Over a month ago, I made the difficult decision to leave MITRE and join Red Canary as a Principal Intelligence Analyst. I’m happy to report that although it’s been a busy couple weeks, I’m loving my new company and team.

Yes, I now have canaries on ALL THE THINGS!!!

I’ve gotten questions about why I made the switch, and since I put a lot of thought into this, I thought I would share how I tackled this huge decision in case it’s helpful to others. Deciding to leave a job isn’t easy, so in this post, I wanted to share…


I provide feedback on a lot of slides for infosec conference presentations. I’ve found myself repeating the same advice over and over again, so I figured I should write it down. Many of these same tips are in Scott J. Roberts’ excellent blog post on Building Better Security Presentations, so you should read that too — but they’re worth repeating, so here’s my take. Not all of this advice will apply every time, so you should always consider your venue and audience, but I hope these general guidelines will help you.

Make Everything Bigger

Your fonts are probably too small. Your images are…


With Hacker Summer Camp starting in just days, I thought this would be a good time to share my tips for making the most of infosec conferences. Whether it’s Black Hat, DEF CON, or your local BSides, infosec cons are an awesome way to meet people and learn, and that can be crucial to your career advancement. I know big cons like “Hacker Summer Camp” can be overwhelming, especially if it’s your first time attending, so I wanted to share some advice for what has helped me in the past.

1. Drink water and eat food. I know this sounds…


I’ve been thinking about writing this blog post for a while, but I felt like there are versions of this out there already, so didn’t bother. But then I realized I was falling into a trap I warn people about all too often…just because your content is entirely new doesn’t mean it won’t be useful to someone! With that, inspired by this thread from Courtney and fully admitting I have a lot of overlap with Scott Roberts’ excellent CTI Reading List, here are 10 recommendations for what you should read (and sometimes watch) if you’re starting out in Cyber Threat…


It will come as no surprise that I think everyone in this field should share their knowledge. There are many ways to do this, and one great way is to speak at an infosec conference. You help others out while also making a name for yourself and meeting others in the community, all of which can be enormously helpful for your career.

I’ve heard many people say “well, I’m not an expert, so I shouldn’t give a talk” — throw that thinking out the door right now! Sometimes newbies have the most valuable perspectives because they give a fresh take…


Earlier this month, I had the opportunity to facilitate a Peer2Peer discussion at RSA. When I was accepted, they sent me this graphic to post on social media:

Yes, I used this to promote myself. Yes, that’s okay.

So I did. Posting stuff like that still feels awkward to me, even after I’ve become more accustomed to doing it. It just feels wrong — like I’m saying “look at me and how great I am!” In spite of that feeling, I suck it up and do it anyway. If I don’t promote what I’m doing, whether it’s on social media or at work, I can’t expect anyone else to do…


Back in December, I sought out to create a list of “cyber” indictments and asked for help on Twitter after I struggled to remember previous indictments. I soon didn’t feel so badly about not being able to remember “all the cyber indictments” because it turns out there have been quite a few of them over the past 8+ years.

I won’t bury the lede. If you just want the list and don’t want the background on how I got there or why indictments matter, here you go: Work-in-Progress List of DOJ Indictments of Interest to CTI Analysts. …

Katie Nickels

I’m passionate about cyber threat intelligence, bringing women into cybersecurity, and Oxford commas. This is my personal blog.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store