The threat-intelligence whisperer
Hello, and welcome to Protocol Enterprise! Today: why Katie Nickels is the go-to source in cyber defense circles for actionable threat intelligence, some troubling signs for data center spending from chipmakers and Mudge testifies before Congress on Twitter’s shaky infrastructure and security practices.
The communicator
Cybersecurity is notorious for its complexity and, often, its inaccessibility to anyone besides the pros that do it for a living.
So it makes sense that it's taken someone with a passion for communication and education to illuminate some of the field's densest topics — someone like Katie Nickels.
- Nickels originally wanted to become a journalist before landing in the field of cyber-threat intelligence. She initially gained prominence in the security community as the threat intelligence lead for MITRE ATT&CK, a framework that describes the stages of a typical cyberattack.
- Following its public release in 2015, ATT&CK has been widely embraced by security vendors and CISOs alike. That's because it gave the cyber defense profession a universal language, something that had been sorely lacking.
- Nickels played a central role in making ATT&CK understandable to the masses and in raising awareness about it, members of the security community told me. She was a huge part of “getting ATT&CK out there for the world,” according to the current head of ATT&CK, Adam Pennington.
- Even though Nickels wasn’t one of the creators of ATT&CK, “she had such an oversized impact that she has become, to some people, the face of it,” Dragos co-founder and CEO Robert Lee told me.
Nickels has continued the work of making cyberthreat intelligence more accessible and useful as director of intelligence at Red Canary.
- “We try to not accept what everyone else is doing in threat intelligence as the best thing,” she told me.
- For instance, Nickels said her team doesn't start with the assumption that the actions of the nation-state threat actors, such as China or Russia, are a priority for customers. Instead, “we look at what we're actually seeing in environments,” she said.
- That's led to unique discoveries, such as a cluster of attacker activity that the team dubbed “Raspberry Robin,” which involves a worm typically delivered through a USB drive.
- Nickels has also stood out from many of her security community peers by sharing “some of the insider secrets of threat intelligence” through a series of Medium posts, Splunk's Ryan Kovar told me. Meanwhile, she has taught the SANS Institute’s course on cyber-threat intelligence since 2019.
Ultimately, “you’d be hard-pressed to find anyone in cyberthreat intelligence that hasn’t learned from Katie Nickels," said Proofpoint’s Selena Larson.
Read the full profile on Nickels here.
— Kyle Alspach (email | twitter)A MESSAGE FROM CNCF

ArgoCon, happening September 16 – 21 in San Francisco and virtual, will foster collaboration and discussion for audiences of all levels on the Argo Project, which consists of four projects: Argo CD, Argo Workflows, Argo Rollouts, and Argo Events. Register now for in-person or virtual to learn from practitioners about project pitfalls and best practices.
A tale of two clouds
Western Digital makes flash storage devices and spinning hard drives — yes, remember those? — and its data center products can be a useful signal of how cloud computing operators are thinking about their capital expenditures. WD’s management spoke at a Goldman Sachs conference in San Francisco Monday, and offered a bleak view.
The executives said the pricing for flash storage had fallen at the fastest rate in 10 to 15 years, a significant change from when the company reported earnings in early August. CEO David Goeckeler didn’t mince words about the data center demand, describing the hyperscalers as cautious with their purchases.
“And in China it continues to be challenging,” Goeckeler said. “We haven't seen any signs of any comeback in China. So it really continues to be a difficult market.”
WD’s storage sales aren’t a perfect proxy for the health of the data center chip market, but after a growing number of signs of weakness emerged last week, too, it’s another indication that not all is well — at least in China.
At the same conference, Nvidia CFO Colette Kress told the audience that China’s hyperscalers were suffering from significant “economic issues in the country, possibly some of it related to the COVID lockdowns … but [also] other challenges with the economy.”
Elsewhere around the world, Kress said, is a bit of another story. Demand from the U.S. hyperscalers Nvidia deals with is “quite strong” and it remains difficult to get the graphics chips Nvidia is known for. Kress said they are sold out in many new places, and the logistics and distribution and overall volume remains lacking.
— Max A. Cherney (email | twitter)Customer experience in the enterprise
The mandate is clear. Modern businesses need to provide a seamless, tech-enabled, end-to-end customer experience across their organizations: to always be ready, no matter the time or the platform, to promptly address customer needs and provide a human connection. This requires eliminating silos, increasing automation and analytics and ensuring that the front end and the back end are aligned to deliver a positive experience for your customers and your team. But how do you achieve this in today’s digital landscape?
In this virtual Protocol event on Sept. 19, we will dive into the tech tools and tricks and real-life strategies that companies are using to build a CX tech ecosystem and prepare for an increasingly customer-first future. Please join Protocol Enterprise’s Aisha Counts in conversation with Lara Caimi, chief customer officer, ServiceNow; Glenn Weinstein, chief customer officer, Twilio; and Clara Shih, chief executive officer, Service Cloud, Salesforce.
Around the enterprise
Former Twitter security chief Peiter “Mudge” Zatkotestified before Congress Tuesday after the release of his whistleblower report detailing the security lapses and creaky infrastructure that underpins Twitter’s services.
VMware agreed to pay an $8 million fine after the SEC charged it with misleading investors by delaying revenue recognition of some license sales into the next quarter.A MESSAGE FROM CNCF

ArgoCon, happening September 16 – 21 in San Francisco and virtual, will foster collaboration and discussion for audiences of all levels on the Argo Project, which consists of four projects: Argo CD, Argo Workflows, Argo Rollouts, and Argo Events. Register now for in-person or virtual to learn from practitioners about project pitfalls and best practices.
Register to attend: In-person | VirtualThanks for reading — see you tomorrow!
Recent Issues
In a tough economy, benefits of the cloud 'only magnify'
November 14, 2022
Twitter’s security leads just quit. Now what?
November 10, 2022
Intel finally serves up a chip
November 09, 2022
The great AI race that wasn’t
November 08, 2022
Cloudflare sets a target
November 07, 2022
How Elon will bring back the Fail Whale
November 04, 2022
See more
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.