Targeted attacks need targeted Defense What protocol should we use for CTI information exchange? How should we describe our indicators of compromise Structured threat information expression (STIX) How we can keep information within our defined trust boundaries? Where to store IOCs? Threat Intelligence Feeds Lifecycle How to measure the CTI process?