Opinions
Perspectives on CTI tooling, standards, data modeling tradeoffs, and how the threat intelligence ecosystem should evolve.
-
OpenCTI Is Not a STIX Database
Opinions December 01, 2025
Why STIX 2.1 bundles don’t ingest the way you expect, and what we learned building production OpenCTI pipelines. -
PSA: MITRE ATTCK is More Than Tactics and Techniques
Opinions July 15, 2024
Software, Data Sources, Data Components, Campaigns, and more, make MITRE ATT&CK even more powerful than you might first realise. In this post I uncover the parts of ATT&CK you might not be aware of.