Katie Nickels

The human element of cybersecurity, rather than the technical aspect, is what first attracted Katie Nickels to the field. Initially drawn to a career in journalism, Katie found a job at the U.S. Department of Defense (DoD) in cybersecurity that piqued her interest, and then she was hooked.

"I fell into this field somewhat by accident almost 10 years ago, and I've never looked back," she says. "There are humans behind those keyboards, and tracking what they do and how they do it fascinates me."

Today, Katie is the Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech. 

Katie also serves as an instructor for the SANS FOR578: Cyber Threat Intelligence course, enabling her to share her passion for CTI more broadly. Additionally, she is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. "Early on in my own career, I took SANS SEC401: Security Essentials Bootcamp with Dr. Eric Cole, and learning from his insights helped shape the entire course of my career," Katie says. Now as a SANS instructor, she hopes to provide the same career-shaping support for her students. 

As an instructor, Katie shares her passion for CTI by giving students practical skills they can use to deliver real results. "I hope to challenge the way my students traditionally think and make them aware of the biases we all have that can prevent us from becoming better CTI analysts," she explains. "I want to equip them with the knowledge and tools they need to go back and make real change in their organizations."

A critical skill Katie aims to convey to her students is to help them understand when and how each area of CTI can be applied. "It's important to remember that CTI is responsive to our organization?s requirements, so different people might need different types of CTI. By knowing the many ways CTI can help, you can successfully identify which methods are right in certain situations."

Katie's unique background enables her to approach CTI training from a variety of perspectives, from intelligence to adversary behavior, the MITRE ATT&CK knowledge base, network defense, and Security Operations Centers. 

A graduate of Smith College and Georgetown University's prestigious School of Foreign Service Security Studies Program, Katie also serves on the 2019 SANS CTI Summit Advisory Board and received the President?s Award from the Women's Society of Cyberjutsu in 2018. 

In her free time, Katie volunteers with the Cyberjutsu Girls Academy (CGA), a program for teenage girls that seeks to inspire exploration and learning in cybersecurity and STEM. As the CGA program manager, Katie helps organize monthly workshops on topics like Python, robotics, mobile app development, and software-defined radio.

"Seeing our teenage students learn and succeed with CGA has helped drive my passion to teach," says Katie. "It's so rewarding to see a young lady learn to code or successfully make a robot work for the first time!"

When she's not working on cybersecurity and CTI projects, Katie finds balance during her personal time with baking and cake decorating projects, as well as CrossFit workouts.

Qualifications Summary

• Instructor for SANS FOR578: Cyber Threat Intelligence
• Director of Intelligence at Red Canary, and a Nonresident Senior Fellow at the Atlantic Council.
• 10-year veteran of CTI, network defense, and incident response
• Cyberjutsu Girls Academy Program Manager 
• 2019 SANS CTI Summit Advisory Board member
• 2018 recipient of the President's Award from the Women's Society of Cyberjutsu
• Master's degree from Georgetown University's Service Security Studies Program

Get to Know Katie Nickels

• Blog

Presentations

• SANS Cyber Threat Intelligence Summit - CTI 101: Frameworks and Why We Use Them and ATT&CK Your CTI: Lessons Learned from Four Years in the Trenches, January 2019
• MITRE ATT&CKcon - ATT&CKcon End User Panel Discussion (moderator), October 2018
• FireEye Cyber Defense Summit - ATT&CKing FIN7: The Value of Using Frameworks for Threat Intelligence, October 2018
• SANS Threat Hunting & Incident Response Summit - Threat-Based Adversary Emulation with MITRE ATT&CK, September 2018
• BSides Las Vegas - ATT&CKing the Status Quo: Improving Threat Intel and Cyber Defense with MITRE ATT&CK, August 2018
   

Publications

• Open Invitation to Share Cyber Threat Intelligence on APT29 for Adversary Emulation Plan and ATT&CK Evaluations
• MITRE ATT&CK: Design and Philosophy
• Using ATT&CK to Advance Cyber Threat Intelligence
• Evaluating Cyber Threat Intelligence Services

Podcasts and Webcasts

• Brakeing Down Incident Response Podcast - MITRE ATT&CK Part 2, December 2018
• FireEye - State of the Hack Episode 06: Black Hat USA 2018 Edition, August 2018
• Digital Shadows, "Shadow Talk"-  MITRE ATT&CK Framework and the Mueller GRU Indictment, July 2018
• CYVERITY, "Cyber Security Threat Actions This Week" -ATT&CK Your Adversary, July 2018
• Uniting Women in Cyber Symposium - Uniting Women in Cyber Podcast, March 2018
   

Media Coverage

• TechTarget - Battling nation-state cyberattacks in a federal leadership vacuum, February 2019 
• CyberScoop  - Experts advocate for "ATT&CK" as go-to framework to share threat intel, October 2018
   

Certifications

• GIAC Cyber Threat Intelligence (GCTI)