Ondra Rojčík

We’re thrilled to welcome Ondra Rojčík (@orojcik), Principal Cyber Threat Intelligence Analyst at Red Hat, as a speaker at BSides Prague 2025. 🎤💻 #bsides #cybersecurity #conference #community

"Boosting Your InfoSec Skills with Intelligence Analysis Mindset" Blog post on how intelligence analysis can sharpen your InfoSec skills @orojcik/boosting-your-infosec-skills-with-intelligence-analysis-mindset-db484e94f02e" target="_blank" rel="nofollow noopener">medium.com/@orojcik/boost… #cti #infosec #intelligenceanalysis #skills

CTI is still an evolving field — not as much is codified as we would like. This provides vital opportunities to enrich and cross-pollinate it with new perspectives that you could be bringing. Integrating diverse perspectives and expertise can enhance CTI

In what specific ways can specialists with non-technical background enhance hashtag#CTI? ➡ Complex problem solving and pattern recognition, threat actor profiling, effective communication and interdisciplinary collaboration, global context, critical thinking and many more

The Cyber Threat Intelligence field will likely remain the domain of technically focused experts. However, it is growing and opportunities for specialists with non-technical or non-traditional backgrounds are increasing.

Why a Non-Technical Background Does Not Prevent You from Succeeding in Cyber Threat Intelligence @orojcik/why-a-non-technical-background-does-not-prevent-you-from-succeeding-in-cyber-threat-intelligence-09b41194ee8c" target="_blank" rel="nofollow noopener">medium.com/@orojcik/why-a… #cti #infosec #intelligenceanalysis ➡ More on that

@orojcik/the-shades-of-doubt-a-guide-to-estimative-language-and-confidence-levels-in-cti-reporting-1545233f7470" target="_blank" rel="nofollow noopener">medium.com/@orojcik/the-s…

This blog post attempts to call out the bad practice of communicating uncertainties in cyber threat intelligence and offer possible solutions to the CTI teams at different stages of maturity t.ly/uncertainties

My colleague Vladimir Janout and I presented this simplified version of the Red Hat process for the development of Priority Intelligence Requirements (PIRs) for the first time at the 2023 FIRST CTI Conference #FIRSTCTI23 in Berlin. Now it is out as a GitHub blog post.

📢 Updated (simplified) Red Hat process (v1.1) for development of Priority Intelligence Requirements, which includes a detailed, step-by-step guide and templates is now available at GitHub: github.com/redhat-infosec… #CTI #PIR

I'm focusing on categories that are as close as possible to the "Impact" part of the kill chain - i.e. they are not just a means to achieve something else: malware, SQL injection, DNS Spoofing etc. that you would find in the earlier stages of the kill chain

I'm struggling to find a descriptive classification of attack types with a direct impact on business. What classification you know and use apart of: - MITRE ATT&CK - techniques under Impact + Exfiltration - STRIDE - threat categories - Attacks on C.I.A. - VERIS Framework

#Ransomware attack on the largest #defence and #aerospace equipment trading company in #Czechia . Opportunistic or targeted? 🤷🏻‍♂️

A common shortcoming of #CTI reports is the tendency to admire the problem instead of delivering explanations, implications, and mitigation strategies. From Descriptions to Impact: Unlocking the Power of Basic Cyber Threat Intelligence Questions link.medium.com/ibDWZCNpzAb

I look forward to reconnecting with many of you in Berlin once again. The (then) CTI Symposium last year was just an incredible experience!

Our workshop proposal on the development of intelligence requirements has been accepted for the #FIRSTCTI23 Conference. We will delve deeper into the process presented last year. Join us to learn about our approach (tinyurl.com/RHPIRs) to intell requirements development

Well done NÚKIB! 🫡

I did a blog post on what does the #CTI community know about the intelligence requirements process. I'm curious to know if you are aware of other relevant resources on CTI Priority Intelligence Requirements #PIR not mentioned in this literature review medium.com/p/58d2df0d7c62

I love ChatGPT, I'm playing around with it all the time, but it is good to be aware of its limits

"Organizational context is the secret ingredient in scalable, enterprise-grade automation content. At this stage, ChatGPT and similar AI tools can’t provide a recommendation specific to your organization’s environment or products." ansible.com/blog/ansible-w…