Community-Source Your Cybersecurity Concerns

Since the advent of the “Wanted Poster”, community-sourcing problems has grown in popularity.  Let’s examine two of my favorite modern day examples.  



As a Texan, I’m enormously proud that we conceived of and were first to adopt the AMBER Alert System. As “America’s Missing: Broadcast Emergency Response”, AMBER Alert was officially endorsed by the Federal Communications Commission in 2002.  To date, this system – which leverages the public to help locate abducted children, has recovered a whopping 758 children across the United States.  Success of the AMBER Alert system has driven the Texas Division of Emergency Management (TDEM) to expand the program here in the lone star state.  Now, the TDEM also enlists the public’s help to locate “endangered missing persons” and “missing senior citizens” (Silver alert).

On a lighter note, another community-sourced favorite of mine is the Waze app.  Waze is “the world’s largest community-based traffic and navigation app”.  It’s “all about contributing to the ‘common good’ out there on the road” by enabling drivers to share “real-time traffic and road info”.  I simply won’t attempt a road trip without bringing along the Waze community to tell me where I’ll find the next pothole, accident, or the cheapest gas.  And I get these real-time community-sourced navigational tips for free!  

ThreatConnect’s Communities operate under the same premise.  Community-sourced cyber threat intelligence at no cost.



Our Common Community, open sourced shares without attribution, has grown to over 6,000 people in roughly two years, and that number climbs daily!  That’s 6000+ cybersecurity professionals who are hunting, discovering, analyzing, and contributing to the “common good”.  

Even better, ThreatConnect’s own Intelligence Research Team “bag and tag” daily.  They  share the intel they’ve discovered into the Community, enrich Community shares, and provide tips for finding adversaries and signatures too.

So, what does it mean to community-source your cybersecurity concerns?    

Each ThreatConnect Community offers a comment feed.  The free form comment feed gives Community members an opportunity to advertise their shares, hold conversations, and ask questions.  

We’ve seen a good bit of Q&A happening in our Communities this year.  Recent examples include:

  • How can I determine if X is bad?   
  • How bad is X?
  • How can I protect against X?
  • How can I find X?
  • Has anyone seen anything related to X?

unnamed (1)


ThreatConnect’s most recent Community is the SANS DFIR Alumni Community.  This private Community binds together analysts and researchers who have completed SANS’ DFIR training to share tips and community-source their concerns.  We started on-boarding DFIR Alumni a short three weeks ago, and this new Community has already grown to 400+ analysts strong.  In case you missed the October 7th announcement, it’s not too late to join.  DFIR Alumni who do not yet have a ThreatConnect account, may join the Community at no cost by registering for access at  

As analyst’s work diligently to up their game against a very clever and determined adversary, it’s kind of comforting to know that ThreatConnect has an entire Community of cybersecurity analysts and researchers to tell you where that next pothole lies.  

By the way, my Waze handle is “LRH2Coffey”, and my Common Community pseudonym is “TCIRT-Christy”.

See you around the Community.

About the Author

With ThreatConnect, security analysts can simultaneously coordinate with incident response, security operations and risk management teams while aggregating data from trusted communities. Your team will be better equipped to protect the organization from modern cyber threats, mitigate risk and address strategic business needs all thorough a single, robust platform.