Josh Ray

Josh Ray

Vice President of Cybersecurity Intelligence at Verisign
Joined on May 10, 2014
Total Post Views: 99,772

About

As Vice President of Cybersecurity Intelligence for Verisign iDefense Security Intelligence Services, Josh Ray is responsible for developing operational plans for the organization, overseeing the fulfillment of client commitments and providing the strategic direction for the iDefense product line. He has more than 12 years of combined commercial, government and military experience in the field of Cyber Intelligence, Threat Operations, and Information Security.

Prior to his work with Verisign, Josh created and managed the Cyber Threat Intelligence Program at Raytheon, which handled enterprise-wide intelligence activities focusing on defining and providing early warning of advanced cyber threats targeting Raytheon networks. Josh also held technical leadership roles with the Office of Naval Intelligence (ONI) and the Northrop Grumman Corporation at the Joint Task Force—Global Network Operations (JTF-GNO) providing intelligence support to focused operations.

He is a recognized cyber intelligence expert on matters relating to cyber exploitation and adversarial tactics, techniques, procedures and technologies and for his work on computer network exploitation and cyber adversarial actions. Josh has presented at a variety of DoD and commercial cyber intelligence conferences and symposiums.

Josh holds a BS in Information Technology from George Mason University, an Executive Certificate in Strategy and Innovation from MIT Sloan School of Management, and served honorably as a member of the United States Navy.

Except where otherwise noted, all postings by Josh Ray on CircleID are licensed under a Creative Commons License.

Featured Blogs

The Cyberthreats and Trends Enterprises Should Watch in 2016

Every year, Verisign iDefense Security Intelligence Services produces its Cyberthreats and Trends Report, which provides an overview of the key cybersecurity trends of the previous year and insight into how Verisign believes those trends will evolve. This report is designed to assist in informing cybersecurity and business operations teams of the critical cyberthreats and trends impacting their enterprises, helping them to anticipate key developments and more effectively triage attacks and allocate their limited resources. more

How to Choose a Cyber Threat Intelligence Provider

Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more

Understanding the Threat Landscape: Basic Methodologies for Tracking Attack Campaigns

The indicators of compromise (IOCs) outlined in my last blog post can be used as a baseline for developing intrusion sets and tracking attack campaigns and threat actors. When launching an attack, threat actors use a variety of vectors and infrastructure, which Verisign iDefense analysts -- as well as analysts across the cybersecurity community -- correlate to group attacks, tracking actors and determining attack methods. more

Understanding the Threat Landscape: Indicators of Compromise (IOCs)

I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more

Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more

Why Attribution Is Important for Today’s Network Defenders

It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more

Six Approaches to Creating an Enterprise Cyber Intelligence Program

As few as seven years ago, cyber-threat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations - primarily financial institutions that faced large financial losses due to cyber crime - and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the Internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. more

Recommendations for Adding Cybersecurity Intelligence to the Smart Grid

Over the last few years, there has been an increased effort to modernize the U.S. electric grid. Building a "Smart Grid" has been central in the effort to help utilities better manage their resources, minimize power outages and reduce energy consumption. However, adding more electronic devices and sensors to the grid's network has made it a prime target of cyberattacks, like Distributed Denial of Service (DDoS) attacks, which if successful, could cause wide-spread disruption of services affecting many other sectors. more