Welcome to the Antithesis Project!

CTI is currently failing. We believe that this is not due to the notion of CTI being fundamentally flawed. Indeed, we are deeply invested in CTI and believe that it has tremendous potential for good. But it is currently failing and we say, “Not on our watch!” If you would like to help, we invite you to join us. The Antithesis Project is about coordinating a course correction within the CTI community. This is not about debating the respective virtues and faults of various tools, data formats, etc. This is about having a higher-level meta conversation about CTI.

We see the current failure of CTI as having two root causes:

  1. We’re failing on fundamentals, and not just “Go build well-structured, contextualized threat reports”, but even like at the “Please put a fucking timestamp on that so I know what time range I need to search.” level.
  2. We’re failing to deliver value to our customers because we don’t understand who they are, what are their problems, and what they need from our CTI products to help them solve their problems. Far too often we’re just throwing threat reports over the wall and saying “Good luck!”

We plan to tackle these problems by publishing a series of blog posts, guided walk-throughs about building better threat reports, interviews with downstream customers and folks with interesting insights from outside the infosec community, hosting panel AMA discussions, and various other online thingies.

We invite you to join us as we roll a hard 180 and break from the status quo. If we never question the way things are, then we deserve exactly what we get.. What we’re producing isn’t delivering nearly enough value to justify its own existence more often than not. Come join us, let’s figure out what our people need, and let’s set CTI on a solid, customer solution-centric footing.


subscribe via RSS