Alfonso Muñoz, Phd

Una @rootedcon única donde además tuvimos la oportunidad por primera vez en España, de mostrar al público máquinas criptográficas únicas como las Enigma y hacer un pequeño homenaje a los criptógrafos españoles del “Equipo D”, que estuvieron rompiendo códigos nazis junto a polacos y franceses en la Segunda Guerra Mundial en PC Bruno y PC Cadix. Ha sido una pasada. Nos vemos en la próxima. @criptored @secsignalexpo #SecretSignalsExpo

Dear Infosec/AI and CTI community, We have released our new book, "Threat Intelligence: Chaos, Signals, and Attribution — AI Applied to Threat Intelligence," by Alfonso Muñoz and Jacobo Blancas - amazon.com/dp/B0GS3762DV I hope you can help us share it to reach as many people as possible who are interested in threat intelligence, AI applications, and cybersecurity. Here is a little bit of its description: We live in a paradox: never before have we had so much information about threats, yet we rarely have real intelligence. Reports, IOCs, feeds, malware samples, and indicators arrive constantly, often mixed with noise and inconsistent labels. For many teams, the result is an ocean of disconnected signals where urgency overwhelms what truly matters. Threat Intelligence: Chaos, Signals, and Attribution. AI Applied to Threat Intelligence addresses this challenge with a clear goal: transforming scattered data into useful, actionable, and defensible knowledge. The book argues that CTI is not simply a list of “bad things” to block but a discipline with its own cycle, methods, metrics, and cognitive biases, closely linked to business decisions and risk management. The first part establishes the foundations of CTI: its different levels (strategic, operational, tactical, and technical), the intelligence cycle, common myths, threat actors such as cybercriminal groups, APTs, and hacktivists, and the central role of modeling and attribution. The focus is on moving from repeating labels to performing real analytical work supported by structured reasoning. The second part explores the role of artificial intelligence in CTI. AI can accelerate analysis, helping classify and prioritize information at scale, summarize reports, extract TTPs from text and telemetry, correlate indicators through semantic similarity, and assist analysts through intelligent agents. At the same time, the book examines its risks, including hallucinations, adversarial manipulation, sensitive data exposure, and model supply-chain vulnerabilities. The approach is practical: it covers the collection and normalization of observables, enrichment and scoring, graph-based correlation, and intelligence sharing through standards such as TAXII. It also explores tools and platforms commonly used in CTI, including MISP, OpenCTI, and Yeti, as well as sources such as OSINT, the dark web, and messaging platforms, combined with defensive telemetry and workflows. Designed for CTI analysts, SOC teams, threat hunters, IR/DFIR practitioners, and cybersecurity professionals, the book also targets AI and ML specialists who want to apply AI to CTI with rigor, governance, and security. It provides a roadmap for turning signals into decisions and building CTI capabilities that remain robust as threats evolve.