Interview with Veena Susan Peediyakkal

hello Susan thank you so much for meeting with me today and chatting happy too thank you so much can you briefly introduce yourself uh to our audience and tell us what you're doing right now um yeah no I'm um Susan pcle I uh currently work for NASA um I am the uh strategic operations manager um for the cyber security services line um which basically means that I um cover all topics cyber security um in uh the NASA Enterprise level um so it's a fun time um really loving it there I have been in cyber security for about 20 years wow um most of my background is in threat intelligence which is why I was here

today I was teaching a workshop on threat intelligence and and building the foundations of a CTI program nice very nice thank you so much for that overview yeah and can you tell me a little bit about why you chose to come here and speak at bides NYC because there are a lot of other conferences happening and what are you most excited for today yeah um so uh I live in DC um and I have a special place of my heart for New York um I was wondered if they had a bsides I know we had to take a little bit of a Hiatus because of covid and stuff like that so when I saw the call for papers

it was just super intriguing and it kind of fit with my schedule I have a baby at home so um I kind of have to plan around um that and so would it fit my schedule and everything I was like you know what let me see let me submit a paper um and see um and I I got selected so it was nice but I just a a great reason to come to the city meet a different um part of the cyber community um yeah it was it was exciting to see that it was happening again happy to have it back yeah and did you like your interaction so far with the NYC Community oh my goodness um so you asked

me what I was excited about and I um was here to teach a workshop um and I actually just finished um I was the first Workshop of the day and um the room was full um some people left because of a talk that happened in the middle um but it was still like really great feedback that I got from everybody um every I was there in that room by the way it was full it was a great time it was so nice um and everybody had really great questions I wasn't stumped which was nice um and uh I got really really nice feedback afterwards met a lot of really awesome people made some really great connections so I'm looking forward

to um going back downstairs and you know talking to more people and visiting very nice yeah very cool can you tell us why you did a workshop instead of a talk yeah because I know a lot of people do get hesitant because there is a lot of prep that needs to be done at least my end whenever I think about presentation or Workshop a workshop needs to go smooth um there needs to be a lot of things that are given to your guests in advance and sometimes I hesitate but I've been wanting to do a workshop so tell me why a workshop and what should I do if I were to be if I have to be

successful it yeah um so I actually submitted a talk originally it was about the intersection of threat intelligence and vulnerability management how to have a a very reciprocal relationship um like I mentioned I have a baby and I didn't respond to Huxley saying that I um had been accepted to give a talk until like a good 10 days later and he's like yeah we already filled your spot but we would love for you to teach a workshop on this and I was like surrender yeah so I was like oh okay well I guess that works too a little bit more work but sure um and it was when I said I was like we'd have to Pivot then

because um doing a talk on just vulnerability management and threat intelligence relationship wouldn't fill two hours for me so I de said I was like let's let's pivot and do it on building a threat intelligence program and he was like great let's do it um because I can talk literally all day all week about it um and so when you talked about the prep you're 100% right I think I I Googled it and it was something like for every minute it's like or every 10 minutes it's like an hour preparation or something somebody came up with but um that's a stat I didn't know yeah I don't know how real it is but that's what

Google told me um and I 100% believe it now though because leading up to it after um Huxley and I talked we were um he was like L let's do a workshop it's going to be about 2 hours I was like okay and so I start like outlining it and getting the content and everything like that together um literally as I'm arriving today I'm still fixing slides and stuff like that so I was literally behind registration with my computer like fixing slides um I as you said about like trying to get things to people beforehand um I didn't know who was going to be there so it was hard to hand anything out before I wanted to

have handouts and then there was a snapu at FedEx Kingo so you just kind of have to go with it um and like I said it was really well received and I I got some really great feedback so I was happy that it went so well for the hiccups that I experienced in the meantime so looks like you did some incident respones well yeah exactly right know that's very cool I think you spoke a lot about the Blood Sweat and Tears that go behind this but I'm sure the outcome was worth it right like very much what what was your biggest takeaway and what were you the most happiest about after giving your Workshop one that it was done um

because I could finally like relax it wasn't that I didn't want to do it but I just needed to relax a little bit afterwards because I've just been so like I need to get this done um and uh the like I keep saying the feedback but like people came up to me afterwards and they were like hey I'm in the sock or hey I'm instant response or hey I'm vulnerability management or um I was always trying to figure out how to uh manage this and you gave me some really good talking points and and things like that like I just got such amazing return from everybody about their takeaways um and so that's that makes me feel good because somebody even

said they were like you presented everything in a very like clear Manner and it was like such nice feedback to hear because I was sitting here thinking like are people going to be tracking you know like am I making this too complicated or something like that or is this even clear is it just to me like trying to um make sure I don't have my own bias of since I know this it makes sense to everybody else kind of thing but it was really well done um um that then the present it was more of a presentation for two hours because I didn't get to do tablets with them we were running out of time and I literally

talked for like I think 105 minutes or something like that I said and then I had like 15 minutes left for questions and we had to go um and so I didn't get to everything that I wanted there was so much more that I could have done but maybe next year who knows yeah so I mean since you love this community so much you're always welcome to come back and talk and share your wisdom so what I really heard there was that you felt like you had a multiplicative effect across so many disciplines right it was not just people who were doing threat intelligence day in and day out it was also like sock analysts didn't

responding uh everybody seemed to have been like super inspired by what you've been doing so that's that's great thank you so much for that no I was I wanted to make sure that because I mean I I think it was one of the questions that um Huxley asked me when we um first talked and um he was like is it just for like cesos is just for CTI people and I said no it's for everybody actually so the fact that everybody from different elements of security operations were there and you know they they were able to take something away from it just made me super happy like it's just what you you would hope for making a um when doing a

workshop like this so yeah nice nice so a little birdie told me that you're also the host of beside Sacramento I am yes what does it take to build out a community of uh and you know like host a conference yeah and why do you do it more importantly why do you do it right um so I'm from Sacramento um I lived there basically from 5 and until I left for the military um I realized when I joined the cyber community that there was an Abes sides in Sacramento and um I found other people who uh thought the same and they were from Sacramento and and stuff and I I go back quite often especially now with with the

uh baby because my mom still lives there so we kind of split our time we a little bit by Coastal um so when I realized I was going to be there I was like you know let's let's do this let's have this happened and Jack Daniel um from security bides was like we don't care if it's three people in your grandmother's baby basement as long as you're you know sharing information learning something you know um uh and and building a community that's that's all that matters that's what security bides is about um as evident from today uh and and we we started small we had a nice little place called hacker lab I think we did it in

2019 right before covid hit um and uh we would hope to have done it again but we haven't again like besides New York had to go on hiatus we had to do the same thing um and we hope to do it this year but uh um when we were when we were in the middle of planning it we wanted to keep it on the smaller side because we didn't know we didn't know how well it would be received or if people would even come and so we had it capped at like 125 people and we sold out like super fast we were so excited about that I think we hit capacity that day um with all the

volunteers and speakers and and sponsors and everything we were so worried about the Fire Marshall showing up um luckily it turned out to be a really beautiful day beautiful weather in Sacramento we had a taco truck show up I mean it was it was an amazing day and and I can't wait to recreate it and um you know we're we're in the midst of planning right now so it'll be uh really nice to see uh it come back this fall so so so the why behind this is truly to bring everybody together yeah I mean the Sacramento Community was amazing and even now I have people reaching out to me being like hey are you going to do a

bide Sacramento again I think people are really tired of having to go to the Bay Area for their cyber fill right like they wanted something a little bit closer and um it's just we do it a simple um really simple format 20 minute um quick talks so we can fit a lot of people in and get a lot of information and you know there's that attention span I get another statistic that I'm probably going to misquote but it's like people have the attention SP on at 15 20 minutes so I didn't want people to be getting bored or anything like that after I just taught a two-hour Workshop but that's a workshop that's been more

hands right so we had like a nice little um uh what is it um we didn't have workshops but we had uh like lockpicking Village and and stuff like that come out we had like a little area off to the side for the sponsors it was it was a nice little day um and we hope to expand this year I don't think we're going to go we didn't have a weight list or anything like that like it seemed like 125 was a perfect number so we'll probably stick to something around there um and then have room to scale it or grow it if we need to but yeah we're really looking forward to it great great

thank you so much for sharing your story yeah and I think now we're going to move on to the fun segment of our conversation it's been fun the fun for the viewers or maybe for me just kidding the fun segment is really talking um about or like before we started talking uh I had asked you to input something to chat GD like prompt chat GD for something that you are um an expert in and the question is do you think chat chbd can do a decent job at scaling some of the expertise that you have I uh and and go like feel free to read the response and I'll go ahead and read the question so the prompt from Susan was

what are some elements of a cyber threat intelligence program uh that was the prompt and I believe this is the response go ahead and let me know what you think um sorry um let's

see so I gave it this prompt because I just taught the workshop so it's at the front of my mind um I think it's funny the approach that it took to it because it's from a very specific point of view a strategic approach to it okay um I don't think it encompasses everything by the way you called me an expert and I so am not like I so I'm like oh I'm always learning no don't short don't short sell yourself um so I would have mentioned things like having a threat profile it mentions collection analysis so I would say collection plan um it doesn't really say anything about P's priority intelligence requirements it talks about threat scoring and

prioritization so it it it touches on it but it doesn't speak about it as specifically as I would um mitigation and response communication and collaboration I hit on some of these points um during my talk but it definitely is structured in a different way um so that's interesting because I would wonder if somebody came to chat GPT and asked them this question and you know believed then that they knew threat intelligence they we would have differing you know views on it for sure so interesting okay but but would it be a good pointer for someone to like at least start a conversation to start a conversation yes um but hope they wouldn't get their feelings hurt if they

were corrected yeah I hope so to yeah and with that I let you go because you have been talking a lot today uh and thank you so much for coming over here and sharing your journey and your emotions about besides in general so thank you so much really lovely thank you great thank you Susan for your time take care