Login to profile

CREST Threat Intelligence Focus Group

Meet our Threat Intelligence Focus Group

Oliver Church,
Orpheus Cyber Ltd

Chair of Focus Group, International & UK Council Discipline Representative

Oliver is CEO of Orpheus, a specialist Cyber Threat Intelligence company. He is responsible for Cyber Threat Intelligence on the UK Council and is a passionate believer in the importance of intelligence-led security. Oliver has previously established successful cyber security teams and capabilities at major global organisations and has a wide range of risk management and security experience, developed working for a diverse range of large and small organisations over the last 17 years.

An expert in cyber risk management and cyber resilience testing, Oliver has been involved in developing intelligence-led cyber resilience frameworks, working with regulators to do so, and has extensive experience leading cyber threat intelligence teams to conduct the testing itself. Oliver’s cyber security expertise is built on a foundation as a qualified lawyer, which enables him to add the legal perspective to the management of cyber risks. Oliver is a CREST Certified Cyber Threat Intelligence Manager (CCTIM), an Assessor of the TI examinations and a Solicitor of the Supreme Court of England and Wales.

Rob Dartnall,
Security Alliance Ltd

Vice-Chair & Europe Council Representative

Rob is the CEO and Director of Intelligence for Security Alliance Ltd, a Cyber Threat Intelligence company. From a military intelligence background, Rob transitioned his intelligence tradecraft into the cyber domain where he is an advocate of ‘Intelligence Preparation of the Cyber Environment’.

Rob’s primary work has been designing intelligence-led resiliency programs, developing intelligence capability, creating intelligence sharing frameworks and initiatives and providing intelligence led consulting engagements. Rob holds the CREST Certified Threat Intelligence Manager qualification, is a CREST TI Assessor and sits of the CTIPs Sub- Committee.

Oliver Fay,
Accenture

Australasia Council Representative

I strongly believe that a deeply technically-focused perspective on the subcommittee is required to ensure that CTIPS maximizes value for all stakeholders and partners. Having spent a number of years working in pure technical analyst positions I understand many of the challenges network defenders face in making effective use of threat intelligence, and how their requirements and use-cases differ from that of the senior policy-makers.

I have placed significant emphasis on ensuring that Context produce actionable, timely and informative technical intelligence, with accompanying mitigations that can be practically implemented by defensive teams. This includes a forensically detailed focus on understanding the adaptability of sophisticated adversary behavior to victim environments, something that I feel has often been a challenge for threat intelligence as an industry to articulate.

Matt Hull,
NCC Group PLC

Asia Council Representative

Matt Hull is a highly accomplished cybersecurity professional with over 15 years of experience in the field. He holds an MSc in Cyber Security, a BSc in Policing, Criminal Law & Investigations, and an FSc in Criminal Investigations, all from the University of Chester. Matt also holds industry certifications, including the CREST Certified Threat Intelligence Manager (CCTIM) and the CREST Practitioner Security Analyst (CPSA).

Matt currently serves as the Global Head of Threat Intelligence at NCC Group, a leading global cybersecurity firm that provides organizations with expert consulting, managed security services, and software solutions to protect against cyber threats. In this role, he leads a team of experts in identifying and mitigating cyber threats worldwide, and he is responsible for driving the company’s threat intelligence strategy and operations on a global scale.

Dan Kennedy
Mandiant

Dan is a Security Analyst for Google/Mandiant and a member of its Advanced Practices team. Where he researches, analyses and attributes a diverse range of threats observed from emerging events, incident-response investigations or security operations environments globally. Dan’s career spans over a decade of technical security assessment experience where he holds a Master of Arts Degree in Intelligence Analysis. And also co-hosts Google’s Threat Attribution Conference (RooCon) in Australia. Dans career highlight has been exposing adversaries in the early stages of their intrusions and notifying victims at lightning speed and reach.

Jason Ka Lee
PwC Hong Kong

Jason has more than eight years’ experience in delivering high-priority global projects (independently and leading teams) across various industries. He enables clients to manoeuvre through complex landscapes smoothly and gain strategic “first-mover” advantages, and has worked with senior executives and stakeholders across all levels and departments to adopt new technologies securely while meeting business needs.

Some of Jason’s projects include leading the uplift of a cybersecurity regulatory framework for the banking sector; planning and leading threat assessments for global companies and large organizations across multiple sectors, including government and financial services; and supporting multiple incident response engagements by providing bespoke cyber threat intelligence to the incident responders.

Thomas Padden,
BAE Systems Applied Intelligence Ltd

Americas Council Representative

I have worked in intelligence analysis roles for almost ten years. I currently work in the BAE Systems threat intelligence team, leading the technology-focused threat intelligence service line. My current role sees me writing and reviewing intelligence reports on nation-state threat actor activity and high-level threat and security issues associated with various areas of technology. I also regularly provide intelligence briefings to customers and the wider industry, including a recent presentation at CRESTCon Europe 2023. Before joining BAE in 2018 I worked in Strategic intelligence analysis roles at the Ministry of Defence.

Grace Tryphona,
LRQA

I have a high quality standard of working and enjoy problem solving, improving the efficiency of protocols and procedures.

I believe in diversity and the benefits this can bring in a team, including but not limited to innovative ideas due to different perspectives, better decision making, overall performance and experience. It is possible that I come from a different background to others likely in the sub-committee, as I have four years on the offensive side, e.g. pentesting / security consultancy experience prior to joining the threat intelligence industry. I have also worked for clients within various industries and sectors that I feel would add value to me being part of the intelligence focus group and aim to put this to good use helping CREST develop the industry and promote threat intelligence so it’s more widely adopted.

I am enthusiastic about reporting and documentation using my attention to detail to produce a consistent high standard of work. I am keen to share my knowledge and experience to help train others and have a strong willingness to learn and want to constantly improve myself. I am also passionate about security, mentoring and diversity.

I recently underwent CREST CCTIM exam and have experienced the customer side of certification using the Threat Intelligence related company materials.

2024 key dates

Upcoming events:

Threat Intelligence Focus Group meeting dates:

  • 4 September 2024, 9:30am (GMT+1)
  • 30 October 2024, 9:30am (GMT+1)
  • 11 December 2024, 9:30am (GMT+1)
CREST Threat Intelligence Certifications CREST Threat Intelligence Buyers’ Guides CREST Threat Intelligence Research