Posted
The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!
Good threat intelligence analysts have one trait in common: A persistent drive to learn, an insatiable curiosity. Or a “nerdy passion,” as the ThreatConnect product team sometimes calls it.
Take Marika Chauvin, Principal Product Manager of Threat Intelligence at ThreatConnect. In the early 2010s, independent hacker groups caught her attention. She dug into Anonymous, tracking the group’s evolution. This led her to investigate various hacktivist organizations, which, at the time, were largely dismissed as serious threats.
Today, sometimes with her cats Tonks and Lupin roaming in her Zoom background, Marika helps ThreatConnect launch new products, features, and tools that let analysts dive down the research rabbit hole and investigate threats more efficiently. Read on to learn how Marika’s extensive experience as a threat analyst shapes how ThreatConnect serves its customers.
The following conversation has been edited for clarity and length.
ThreatConnect: How did you get into threat intelligence?
Marika Chauvin: I graduated with a degree in political science and initially thought I’d go to law school. I really wanted to research and write—I wanted that to be my job.
I got into grad school at American University in DC, and I was wait-listed for a class called Cybercrime, Espionage, and Warfare, which obviously sounds super fascinating. Something happened, and I got into the class. I got out of the first session and had a migraine because it was just so much information. I remember calling my mom and being like, “Hi, I’m going to do this now.”
From there, I started doing research projects on my own. I’ve always been a bit of a nerd, which I mean with the most positive connotation. I used the research projects as writing samples to apply to jobs, and got an internship with the U.S. Department of State and its cyber threat analysis division. I finished my internship on a Friday, and by Monday, I got a call offering me a job as an analyst. And the rest is history.
You’re a non-state actor subject matter expert. What has your research entailed?
In my master’s program, I did a substantial research paper, which was just a really long research paper. I chose to look at the evolution of the hacktivist group Anonymous, dating back to their very, very early 4chan days, and the things that they did up to about 2010.
As part of that research, I started looking at other independent hacker groups, but also hacktivist groups. At the time, most people that I worked with didn’t care so much about hacktivist groups because they were low-level script kiddies that, in their opinion, were annoying but didn’t really have a huge impact on the operations of whatever they were targeting.
So I started investigating the activities and associations of those independent hacker groups, looking at potential overlaps with the activities of some of the more sophisticated groups that were being publicized at the time. Most of the time, there was no overlap. But occasionally, you’d find something really cool, like groups that were evolving in their capabilities. It was kind of like watching people grow up, right? Which was really fascinating.
What does your job at ThreatConnect entail?
I’m a product manager on the Threat Intelligence platform (TI Ops) product. I use my background and the knowledge I have from working as an analyst both at ThreatConnect and in previous lives from the State Department to help inform what gets built at ThreatConnect.
I think I can empathize and relate to our customer base in a way that people who have never lived that life can’t. I use my knowledge to give our engineers a clear understanding of the problems analysts are facing, and work with them to come up with innovative solutions and things that will help our customers.
What’s an example of how your team has translated analyst needs into products or features at ThreatConnect?
As we were talking to our customers and analysts throughout the industry, we discovered that there was a gap in threat intelligence products around defining and operationalizing requirements. If you don’t know what your intelligence requirements are, then you basically leave your analysts to go surf the web and figure out what they want. An analyst is going to research the things that they find interesting, not necessarily the things that are most relevant to your organization.
So we came up with a feature to help ThreatConnect customers identify and capture their intel requirements. If they have a team of analysts, they can say: Hey, these are the things that we as a business care about.
We made it so that our requirements feature takes all of the data in your ThreatConnect instance and filters it based on a set of keywords that you provide. Basically, we’re taking that giant set of data, and instead of having to sift through all of that to figure out what you should be looking at, it pulls it down to help you focus on the things that are more likely to matter to you.
What are the most interesting challenges you’re tackling today?
Right now, most of my day-to-day research, conversations, and work are looking at ways we can help our analyst users be more efficient with their analysis. How do we elevate things and patterns to our users without them having to see those themselves?
We’ve done all this stuff to get all of the data together and help you identify your collection requirements, your intel requirements. How do we help you take that from collection into analysis, processing, and then ultimately into production, like writing reports or pulling together briefings.
How do you think about designing solutions that are scalable, but also flexible enough to accommodate different work styles?
Something great about ThreatConnect is that it’s extensible and customizable. That’s because each analyst, each team, has their own flow, their own preferences. And so by being so extensible and so customizable, we leave the door open for you to make the platform work for you.
Generally, I think you need to make things customizable, but also build in defaults that incorporate threat intel best practices that are known or agreed upon throughout the industry. That gives baseline users a place to start.
If you’re looking at filtering a set of data down to a specific timeframe, we might suggest a 7- or 30-day timeframe, for example. But there’s also always that option to do a custom timeframe. That sounds really simple because that’s similar to things that other products do. But I think providing that optional and easy default alongside the more extensible, customizable piece—I think it helps us to play both sides.
Is there anything else that people should know about yourself, about ThreatConnect, or the work you’re doing?
If you ever use the platform and you have feedback, come talk to me. I want to know the good, the bad, the ugly.
As far as what else people should know about me personally? I have a bit of an issue with Disney—there’s a bit of an obsession there.
There’s some Disney paraphernalia in your background. Do you have any favorite Disney items or collectibles?
My favorite Disney item is a tie between my RunDisney race medals (which I worked for) and the Mickey ears with our anniversary embroidered on it. My husband and I got those when we went to Disney to take our engagement photos many years ago. When he first proposed, he used a ring that had belonged to my great-grandmother. On that trip, he re-proposed with a ring we’d picked out together. It was a really special trip, and I like that the ears are a happy memory for us.
Do your kids share your interests?
They’re not named after Harry Potter characters [laughs]. They are still really small. I have a five-year-old and a 16-month-old. The five-year-old loves Disney. We’ve started trying Star Wars, but he just wants to move constantly, so the jury’s still out. But he has been very into Mario, so maybe we’ve got some video game things happening, which will be exciting.