Telecom Threat Intelligence Summit 2021

October 20th 2021 at 2PM (CET)

05.00 AM PST  |  08.00 AM EST  |  14.00 PM CET


Patrick Donegan

Welcome & introduction

TTIS 2021 serves as a forum for advancing best practise as regards threat intelligence sharing between telcos in different countries as well as within their domestic markets; between telcos and other leading actors in the ICT ecosystem; between telcos and their customers; and between different groups and departments within the telco organisation.

Patrick TTIS Promo video

Agenda Summary

CET Company Speaker Talk
14.00 Hardenstance Patrick Donegan Welcome & introduction
14.05 GSMA David Rogers The Role of the GSMA in Enabling Threat Intelligence Sharing.
14.25 Deutsche Telekom Thomas Tschersich The Chief Security Officer’s Perspective
14.50 Eclectic IQ Tyler Oliver Stronger Defense with Collaborative Threat Model.
15.15 Blavatnik School Ciaran Martin Telco Threat Intelligence Sharing: A Scorecard From The Front Line.
15.30 AdaptiveMobile, Fortinet, NETSCOUT, Ericsson Cathal Mc Daid, Derek Manky, Roland Dobbins and Umair Bukhari Panel Discussion: Threat Intelligence In The Telco Business Model.
16.10 20 minutes interval
16.30 Cyber Threat Alliance Michael Daniel Trifecta: How Telco Threat Intelligence Sharing Can Improve Security, Safety, and Privacy.
16.45 AdaptiveMobile Security Cathal Mc Daid What can we learn from IT Security to improve Telecommunication Security?
17.10 Telus Les Wong Normalizing Regional Measurements of Cyber Threat Activity.
17.35 Nokia Kevin McNamee Leveraging Threat Intelligence in Detection and Response.
18.00 Tag Cyber Ed Amoroso What Threat Intelligence Sharing Can – and Can’t – Do For Telecom Operators.
18.15 BT Tristan Morgan Leveraging Threat Intel Across BT’s Global Estate and for MSSP Customers.
18.35 HardenStance Patrick Donegan Closing remarks and wrap up
18.40 Close conference

05.05 AM PST  |  08.05 AM EST  |  14.05 PM CET

GSMA logo

David Rogers, MBE, Chair, GSMA’s Fraud and Security Group (FASG)

The Role of the GSMA in Enabling Threat Intelligence Sharing

Reflecting the increased risk from cyber threats and fraud to consumers and businesses, the GSMA has been increasing its commitment to combatting mobile fraud and security challenges. David Rogers will share the GSMA’s vision for industry collaboration within the mobile ecosystem, including how key stakeholders can contribute to, as well as benefit from, a number of different forms of threat intelligence sharing.

05.25 AM PST  |  08.25 AM EST  |  14.05 PM CET


Thomas Tschersich, Chief Security Officer

The Chief Security Officer’s Perspective

Thomas Tschersich will discuss the current cyber threat landscape and how Deutsche Telekom uses and shares threat intelligence internally and with customers. He will also discuss new approaches to platform sharing that Deutsche Telekom is working on to drive improvements in cyber security outcomes.

05.50 AM PST  |  08.50 AM EST  |  14.50 PM CET


Tyler Oliver, XDR Product Manager, Eclectic IQ

Stronger Defense with Collaborative Threat Model

Communicating threat intelligence can be a pivotal aspect of your cyber defense posture.

Threat intelligence is entirely underutilized in telco and other organizations,  too often synonymous only with IOCs. However, focusing on IOCs alone has a significantly negative impact on the effectiveness of analysts and on the efficiencies of the SOC, which in turn raises organizational risk. How does communicating beyond the IOC positively impact a telco organization’s defenses? What if communication and collaboration between CTI teams and front-line defenders was more effective? Where are the current failures in this collaboration chain and how are these resolved in practice? From this presentation, you will learn how a new collaborative threat intelligence approach – between SOC teammates, across communities, and in the marketplace – will result in a significantly improved efficiency and effectiveness in threat hunting, detection & response.

06.15 AM PST  |  09.15 AM EST  |  15.15 PM CET


Ciaran Martin, Professor of Practice at the Blavatnik School of Government, Oxford University and Founding CEO of the NCSC.

Telco Threat Intelligence Sharing: A Scorecard From The Front Line

Having served as founding Head of the UK’s National Cyber Security Centre, Ciaran Martin will share his thoughts on what the telecom sector does well in terms of threat intelligence sharing, both domestically and internationally, as well as point to areas for potential improvement.

06.30 AM PST  |  09.30 AM EST  |  15.30 PM CET

AMS ENEA Vertical Positive    Fortinet    NS_LOGO_COL_POS_1in    ERI_horizontal_RGB

Panel Discussion

Threat Intelligence In The Telco Business Model

Moderated by host, Patrick Donegan, this panel will assess a variety of different types of cyber threats in the telco context, how to address them by leveraging threat intelligence, and how threat sharing frameworks need to evolve.

07.10 AM PST  |  10.10 AM EST  |  16.10 PM CET

20 minute interval

07.30 AM PST  |  10.30 AM EST  |  16.30 PM CET


Michael Daniel, CEO

Trifecta: How Telco Threat Intelligence Sharing Can Improve Security, Safety, and Privacy

Given the cyber threats telco’s face, threat intelligence sharing is a must.  However, effective threat intelligence sharing reinforces not only cybersecurity, but it also enables telco’s to better protect privacy and promote public health and safety.  Michael Daniel will discuss how telcos can take their threat intelligence to the next level and achieve a trifecta of improved security, safety, and privacy across the digital ecosystem.

07.45 AM PST  |  10.45 AM EST  |  16.45 PM CET


Cathal McDaid, CTO

What can we learn from IT Security to improve Telecommunication Security?

Telecommunication networks are under threat from global threat actors using sophisticated attacking techniques to target mobile network operators. The best weapon in our arsenal to defend networks is to improve the sharing of threat related information in the telecommunications ecosystem. At AdaptiveMobile Security, we use SIGIL to deliver a shared global threat intelligence service for mobile operators worldwide. In the future, we hope to see telecoms industry adopt a similar approach to IT Security by defining a shared model for real-world adversary tactics and techniques employed for mobile core network attacks. This shared framework, would provide next generation defences required for protecting networks, subscribers, enterprises, and critical infrastructure in a 5G-enabled world.

08.10 AM PST  |  11.10 AM EST  |  17.10 PM CET


Les Wong, Director, Telus Cyber Defence Centre

Normalizing Regional Measurements of Cyber Threat Activity

The telecoms environment presents unique cyber security risks that are distinct from typical enterprise environments.  As in public health, there is an opportunity for carriers to share normalized regional measurements of cyber threat activity to help build a global situational awareness of the evolving threat environment, better target individual network-level security initiatives, and advocate for coordinated industry or government action.  Les will present some of TELUS’s current baseline measures and findings for carrier and enterprise-level cyber security to help visualize what a potential framework for these concerted actions could look like.

08.35 AM PST  |  11.35 AM EST  |  17.35 PM CET


Kevin McNamee, Security Product Manager

Leveraging Threat Intelligence in Detection and Response

This presentation will focus on how threat intelligence is combined with network based malware detection to automate the incident response process in service provider and large scale enterprise networks. It will use examples from the evolving 5G and IOT network environments, where machine learning and automation can substantially reduce the incident response time.

09.00 AM PST  |  12.00 PM EST  |  18.00 PM CET


Ed Amoroso, CEO

What Threat Intelligence Sharing Can – and Can’t –  Do For Telecom Operators

“Having served as Senior Vice President and Chief Security Officer of AT&T from 2005 -2016, Dr Amoroso will share his thoughts on how much telecom operators should be looking to threat intelligence sharing to harden their own cyber security posture as well as that of their customers.”

09.15 AM PST  |  12.15 PM EST  |  18.15 PM CET

bt png

Tristan Morgan, BT

Leveraging Threat Intel Across BT’s Global Estate and for MSSP Customers

As connectivity and security become ever more intrinsically interlinked, all telcos – whether also an MSSP or not – face the challenge of sifting through ever-increasing amounts of data to derive threat intelligence that protects their customers and operations. With traditional threat analysis models unable to keep pace, telcos have to leverage the full capabilities of AI and the Cloud in order to keep up with the scale of today’s threats. Tris will run through the strategies that are enabling BT to leverage its threat intel in order to provide both real-time protections across its global estate, and to form the foundations of its next generation of security solutions for MSSP customers.

09.35 AM PST  |  12.35 PM EST  |  18.35 PM CET

Patrick Donegan, Founder and Principal Analyst

Closing remarks and wrap up


09.40 AM PST  |  12.40 PM EST  |  18.40 PM CET

Close conference