Threat Hunter Girl

Experienced Intelligence Analyst and creator of the Cognitive Stairways of Analysis Framework, Nicole Hoffman has a passion for developing the analytic tradecraft. Her work, research, and presentations have inspired and educated others around the international analytic community. For someone diagnosed with ADHD, intelligence analysis can be mentally taxing. An experienced speaker, Nicole developed frameworks to dive deeper into the process of sensemaking in order to increase her analytic capability. She has presented work at the 2021 SANS CTI Summit, GRIMMCON, SOCstock, the 2020 SANS Threat Hunting & Incident Response Summit, All the Talks Con, and so much more. Nicole was inspired by her kids to write a children’s book that could introduce threat intelligence concepts through a whimsical medieval tale. Nicole believes children are the future and wants to empower the next generation of Intelligence Analysts.

Nicole and I meet up and discuss her transition from the medical field to cybersecurity, her love of threat intel, her struggle with ADHD and the Cognitive Stairways of Analysis framework, her new book, “The Mighty Threat Intelligence Warrior”, and her podcast “IT Wolves”.

SYMLINKS
Twitter
LinkedIn
ThreatHunterGirl.com
Cognitive Stairways of Analysis
The Mighty Threat Intelligence Warrior
IT WOLVES podcast
MITRE ATTACK
ATTACKCON
GRIMMCON
Fat Tuesday
Blue Bonnet BBQ | Waxahachie, TX

DRINK INSTRUCTION
SPIDER BYTE
1 Shot of White Tequila
1/2 can of Rockstar
Drop the shot in the Rockstar and enjoy.

CONNECT WITH US
http://www.barcodesecurity.com
Become a Sponsor
Follow us on LinkedIn
Tweet us at @BarCodeSecurity
Email us at info@barcodesecurity.com

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.

Chris: Experienced intelligence analyst and creator of the cognitive stairways of analysis framework, Nicole Hoffman has a passion for developing the analytic Tradecraft. Her work research and presentations have inspired and educated others around the international analytic community. She’s recently published a children’s book and started the ITWOLVES podcast.

Chris: Nicole, thanks for joining me at BarCode. I’d like to start by hearing about your journey into security and how that.

Nicole Hoffman: So back in high school I was on the school newspaper. And I was really into writing. I was really into catching the, the story the controversial, more controversial, the better.

Nicole Hoffman: And so I really wanted to pursue a career in journalism. But once I graduated my parents were very old school. They were just like; there’s the door have fun. So I didn’t really have like the conventional college experience where, you know, I got to go live in a dorm and, you know, experienced that four years of partying and all of that.

Nicole Hoffman: I was out working my butt off. I’m just trying to survive. I’m trying to figure out how I’m going to afford my next meal. And it was at that point, I realized that journalism is not really going to be something I can pursue while I’m struggling to eat. So I decided to switch into the medical field because I thought it would be easy to obtain a position at the time.

Nicole Hoffman: It was like up and coming. So I started going to school to be a medical assistant. Graduated, became a phlebotomist. And I was going to go to nursing school. But my, I ended up getting married. My husband got he was in the military, he got stationed in a not so safe area. And I was at the point in my degree where I had to go in-person.

Nicole Hoffman: To the labs and things like that. And I just didn’t feel safe, but I didn’t want to just stop going to school. So I just decided to switch into something that I could study remotely. My husband was already in tech, so he already had a bunch of you know, like routing and switching type books. So I thought, well, maybe I’ll do that.

Nicole Hoffman: So I just switched into information technology. And when I made that switch, the only thing that I thought really existed, at least in the security side was just engineering or, you know, network security. I didn’t know anything about analysis or socks or intelligence or anything like that. It wasn’t until say I don’t even know how many, it took me about six years to finish my degree because I was going part time and I had two kids But after I had my, my last child, my husband got out of the military, I got my first internship at a software company and it w it was a cybersecurity analyst, but it was more of a researcher type position.

Nicole Hoffman: And the company was, was trying to align their software with MITRE attack. And so I learned all about the MITRE attack framework, and then I ended up not. Physically, but virtually going to the first attack con, which I think was back in like 2018 and I saw Roberto Rodriguez and his brothers talk.

Nicole Hoffman: And Carl Shoreman, I feel like I always say his name wrong, but so Carl, his talk was specifically, it was involving threat hunting, but you know, he mentioned in his bio, like, Hey, I work for CrowdStrike and I’m an intelligence. And I was like, whoa, whoa, what is this? I had never heard of it. And so that’s really, what’s the hook.

Nicole Hoffman: Learning, you know, what, what does CrowdStrike, what does CrowdStrike do? What is this thing called? Threat intelligence and how can I utilize my attack knowledge to like, maybe go into this and that’s really, what did it, I was like flooded for a site. I already loved MITRE, but then now I knew how to use it in a way that made sense to me.

Nicole Hoffman: Yeah.

Chris: Interesting. So your husband was in it and then you were basically exposed to the technology field through.

Nicole Hoffman: So my husband was, was he was in it in the military and he was more of like a network engineer and then. When he got out, he ended up switching into security, but initially he was just a network engineer.

Nicole Hoffman: So lots of his books were like, you know, Cisco books and routing and switching and CCNA. And so that’s really the path that I initially started going to are towards when I was just studying. And my degree was very general. Just it, I did ended up getting a minor in cybersecurity, but it’s still very new program.

Nicole Hoffman: So it was very, very high overview. I’m not really in the weeds.

Chris: Yeah. Cause I mean, typically, you know, without any experience, CCNA could be extremely intimidating and typically you’d run the other way.

Nicole Hoffman: Oh, I didn’t get my CCNA. So it’s it was, and. Like from my husband’s point of view, like his, because he’s an engineer, his networking knowledge helped him in the security side.

Nicole Hoffman: And so he thought, you know, if you’re going to go into tech and you like security, maybe get this kind of like base knowledge, cause it’ll help you. But I didn’t want to be an engineer, but at this point, I didn’t know that there’s like other things that existed.

Chris: So what made you choose that path over the medical path?

Nicole Hoffman: Well, I needed to study remotely because my husband was going to be stationed there for a good amount of time. And it was one of those like life altering decisions, like what do I do? Because you can’t study medicine remotely. Right. And. You know, there, wasn’t a way for me to like, you know, go move somewhere else and go to school because I mean, we were very young, just starting out.

Nicole Hoffman: I got married pretty young. We had a kids pretty young and so my thought process was he already has all of these textbooks, maybe I guess some money. And I’m like, he’s doing well. You know, everyone at the time always said, oh, you know, go into computers. No, that’s a good field to go into too. And so it wasn’t completely like abnormal for, for me.

Nicole Hoffman: And I already, like when I was in school to become a medical assistant, whenever anyone needed help, I was pretty much like the help desk. Like, oh, you can’t figure out how to work with this printer. I could break it for you. I got this. I don’t know what I’m doing, but I’ll figure it out in the process, which is basically like, Tech motto is I don’t, I don’t know what I’m doing, but I’ll, I’ll figure it out.

Chris: No, I get it. I get it. I mean, I prefer I prefer that method as well, but it is interesting that MITRE attack hooked you after being exposed to some more of the security industry. Now, do you feel like you made the right choice or in any way, do you regret not continuing down that medical?

Nicole Hoffman: I don’t regret it, but I still think like, I there’s just so much overlapping between like the type of skills that you need for different careers.

Nicole Hoffman: And I feel like I could have used a lot of the skills that I have and that I Excel at in the medical field and been really successful. But the great thing about what I do now. Not only do I love it, but I get to work at home. So, you know, I get to hang out with my kids. I get to be there for school stuff.

Nicole Hoffman: You know, I don’t have to worry about, you know, being in an office or, you know, a hospital or anything like that. So that, that part of it makes me not regret it at all.

Chris: Got it. So do you feel like you were able to transfer any of that medical training you received into the technology?

Nicole Hoffman: Somewhat. I mean, I feel like there’s two parts of it.

Nicole Hoffman: Like there’s a lot of communication training and like bedside manner and things like that. And that definitely holds over into technology because, you know, as you get more technical, it’s harder to communicate. You know, to a non-technical audience and it’s a skill that you kind of have to keep up with.

Nicole Hoffman: And it’s very similar to medicine. And, you know, in my opinion, when a doctor tries to explain something to me and you know, doesn’t explain it or, you know, treats me like I’m an idiot for not knowing. I just assume that that guy’s a jerk. You know, he doesn’t have good bedside manner. So that part of it, I try to keep over and then also.

Nicole Hoffman: Having worked in the medical field. I kind of understand how certain things operate. So if I have, you know, a client in the medical field, I can kind of make better suggestions because I know what it’s like being, you know, the person on the other side.

Chris: Now you’ve previously spoken about your personal challenge with ADHD, especially within the threat Intel field and you know, the concentration that’s needed for Constant analysis. And this is basically your day to day work, and I found it interesting that you actually developed a framework to help you overcome that struggle. Would you mind speaking to that for a moment?

Nicole Hoffman: Yeah, I would love to. So I wasn’t actually diagnosed with ADHD until 2020. It was right around new year’s, 2020.

Nicole Hoffman: And. I just assumed ADHD was just, you know, the hyper hyperactive, I didn’t know any of the other symptoms. It was actually a YouTube video that I saw and I just related to like, it was like ADHD hacks. And then I talked to my doctor and went through the process and sure enough.

Chris: So you basically self-diagnosed yourself upfront.

Nicole Hoffman: Yes. And I, I do take, you know, I do take medication and it was life-changing like, it changed my whole world and it was almost, you know, it almost makes you sad because there’s like certain things that I have done my whole life, like interrupting people that I know that I’m doing it, but I can’t stop doing it.

Chris: So what are some of the symptoms that you experience with ADHD?

Nicole Hoffman: Some of the symptoms is mainly like executive function disorder, like certain executive functions, like planning things, organizing things like keeping track of the time. And a lot of people think it is a lack of. Focus, but really people with ADHD, hyper-focus just sometimes not on the right thing.

Nicole Hoffman: So if I need to do something that I don’t particularly find interesting, I it’s very difficult. I can give myself migraines. And I actually growing up from probably like middle school on until, until I was diagnosed, I thought I had really bad allergies because I would get these horrible sinus headaches.

Nicole Hoffman: And I was on all of this allergy medicines and I was always off. Antibiotics for sinus infections. And it wasn’t until after I was diagnosed with ADHD that I found out that I was not having allergy problems, I was having migraines. And so after I got diagnosed and I started taking medication, I don’t have that problem anymore.

Chris: So it actually does inflict physical pain. It’s not just the neurological side.

Nicole Hoffman: Yes, it can. It can cause pain. And I have like the, like my work working memory, sometimes this isn’t the greatest, like I could watch an entire movie and then the next day, or not remember that I watched that movie.

Chris: Wow.

Chris: So once you got into performing threat Intel work how soon did you realize that this was a really serious issue or were you already aware of it at the time and all medication at that time?

Nicole Hoffman: When I first got into it, I was not taking medication and I didn’t know that I had ADHD. So it was a challenge mostly to just keep track of all the moving parts.

Nicole Hoffman: But at the same time, I was fascinated by it. And so. So you’re hyper-focused on it. Exactly. So one of the other things is that I get overstimulated really easily, so I get distracted and that was really the biggest challenge was, you know, with the kids and things. So after I started taking medication, you know, there could be, my kids could be like wrestling, Sumo wrestling, flowing off fireworks next to me.

Nicole Hoffman: I don’t care. I’m just relaxed. I could focus. But I have the same issue, whether I’m medicated or not, I could still hyper-focus on something or go down a rabbit hole because I think it’s fascinating, you know, if I’m writing a report and someone’s like, Hey, can you investigate these IOC? Yes, I would like to do that now because I just, I love doing it.

Chris: Yeah. Yeah. You zone in on that. If you don’t mind, talk to me a little bit more about the framework you developed. Walk me through that. Explain to me how that happened.

Nicole Hoffman: Yeah, so it started with a blog. I had started my blog just as a way to like, have something that was my own. And I wanted to do a blog on the analytic Tradecraft and just kind of how analysts analyze things, because I had noticed like a lot of.

Nicole Hoffman: Processes and frameworks just have analysis as a step, but they don’t really go into like, what does it mean does, and I’m like, does everyone just analyze data the same? Because I feel like maybe I do it differently. And I’m like, am I doing it wrong? And so I wanted to dive deeper. And I just went down a rabbit hole of like hyper-focus and I got really interested in like cognitive science and how our brains work and.

Nicole Hoffman: I didn’t really like what I saw in like tech type of analysis stuff and the processes, because it was just very vague. But then I started looking, well, you know, how do doctors analyze, you know, how did they conclude a diagnosis? How does, you know, business analysts work? You know, everyone is analyzing data differently.

Nicole Hoffman: And I just went on this deep dive, investigated all of these different Industries and how they’re doing what they do and different processes. And I just kind of took like my favorite ones from each one. And I thought I really liked this. And I would like to use this. And then I had all these steps and I’m like, well, am I still put them in order.

Nicole Hoffman: Which was really just for me. And then as I’m putting this in order, I just had this like, aha moment. Like, did I just create like my own. Framework. At the time I was doing more internal to the firewall type stuff. I wasn’t really doing as much Intel. So cause I was doing some like incident response type stuff.

Nicole Hoffman: So the first couple of stairways in the framework are more for. Those types of investigations, those types of analytic processes. But my most recent one is the OSAP stairway, which is more focused on how I perform analysis. When I’m doing like my open source intelligence and the thought processes that I use and you know, how I build the reports as I’m going.

Nicole Hoffman: And it helps me keep on track. Not only as someone with ADHD, but just. Someone that’s like constantly doing a lot of things at once.

Chris: Yeah. It’s amazing that, that you were able to work through that and also document it, you know for others that may be looking to learn more about your framework, where can you point them?

Nicole Hoffman: So the framework is called the cognitive stairways of analysis. And you can go to my blog, which is threathuntergirl.com and read the blog. Or you can go to its own website, which is cognitivestairwaysofanalysis.com. The cognitive stairways of analysis website has all the resources that you need.

Nicole Hoffman: It has the link to the blog has a link to the talk. There’s a couple talks that I did about it on YouTube as well.

Chris: Nice and I’ll get those links posted as well. So let’s switch gears and talk about the mighty threat intelligence warrior, which is the name of your children’s book that you authored.

Chris: Talk to me a little bit about that and how you came up with that concept.

Nicole Hoffman: one of the things with ADHD that I find is, you know, like I said, I’m always chasing that dopamine. I’m always chasing, what’s interesting to me and to finish something. And it entirety like a personal project is a huge deal. So it was very emotional for me when I actually like finished it.

Nicole Hoffman: But I did write a children’s book and it all started. My son one day brought home a book from the school fair and it was called the legend of rock paper scissors. And it was this epic battle of like a little rock guy, scissor sky, and a paper. And it’s so cute. And it was just, it, it needed its own soundtrack.

Nicole Hoffman: And so I was like, man, this would be really cool if it was like, You know, threat intelligence and different, you know, threat groups and, you know, SOC analysts. And so then I, I couldn’t stop thinking about it. And I just went into like hyper-focused mode and I just wrote it all out. And. The first draft was a little bit different.

Nicole Hoffman: It was a little more like in your face type of writing, it was kind of like throwing, threatened, telling your face with like using words, like VPN and things like that. And then one of my friends was like, maybe make it a little bit more digestible. And so I changed the whole. And made it not only that it’s digestible it’s really can relate to a lot of different fields within security, not just threat intelligence, but like SOC analysts or you know, digital forensics.

Nicole Hoffman: So yeah, so I wrote it for my kids cause I just thought it would be really fun. And then after I published it, people, you know, had an overwhelmingly positive Reaction, not only from like threat intelligence professionals, but also from people who are just in cybersecurity, who just are like, I’ve been trying to explain to my kids what I do for so long, and this is just so perfect.

Nicole Hoffman: And the best part was that Carl from CrowdStrike bought my book for his kids. Thank you, Carl.

Chris: Nice, nice. Is there an age group target?

Nicole Hoffman: for the age group for the book is preschool to fifth grade. That’s not saying that kids outside that age range can’t enjoy it, but that’s kind of like the peak because it is a picture book.

Nicole Hoffman: If it’s third grade and under probably going to have to help read it. Cause if some of the words are a little bit bigger But my, I have a kindergartner and he absolutely loves it and he loves the there’s a dragon in it and he loves the story.

Chris: I love dragons too.

Nicole Hoffman: Everybody loves dragons.

Chris: Where can we find it? Is it on Amazon?

Nicole Hoffman: It is. It’s on Amazon and it’s international. So if you live in a different country you know, if you have Amazon or the closest country to you that has Amazon and if anyone is listening internationally and they don’t have an Amazon close to them, just let me know.

Nicole Hoffman: And I’ll, you know, I try to make sure anyone can get a copy.

Chris: Awesome. Awesome. Did you illustrate it to?

Nicole Hoffman: I did not. I wish I was that cool. Now the illustrator I hired and she’s amazing. Her name is Charanya Kalamegam and she is actually an author as well. She also has some books that she authored available on Amazon and she was just so perfect.

Nicole Hoffman: She’s not in tech. She has no idea what. When I say like, I, the infer, the inspiration I gave for the mighty warriors office was like, think like mad science laboratory. Mixed with like a rave. I was like, I want cables and neon lights. And, and I’m like, but I don’t want it to be too much. And, but she, yeah, she did it perfectly.

Nicole Hoffman: You’ll notice like throughout the book, like in while they’re in the castle, there’s like neon lights in different places throughout, and that it’s very subtle, but it’s just so perfect.

Chris: That’s so cool, man. And I can’t think of anything. That has ever existed like it. So what’s next for you? Will you keep writing?

Chris: Will there be a part two? We can look forward.

Nicole Hoffman: So I ended up not being able to find a publisher for it just because of the, the red tape and things I didn’t want to deal with. So I ended up starting my own publishing company to self-publish it, and I thought, well, now that I have a publishing company, I can just continue.

Nicole Hoffman: And so the second manuscript is complete. It is going to be a series. It’ll probably come out next year and I might introduce an additional series, but I do want to focus on stem education specifically in science and technology.

Chris: That’s so great. And something else great that you’re doing right now is the ITwolves podcast. So you’re staying busy. Episode zero. I just checked out. I encourage everyone else to go check it out. This is you and your husband, correct?

Nicole Hoffman: Yes. So it’s, so it’s me and my husband and it was his idea actually. But I thought it would be a really great idea as well, because. People always like people in my just like my friends and stuff that I talked to that are in tech.

Nicole Hoffman: They know that I’m constantly asking my husband like engineering type questions and. cause I’m like, you know, when I’m on the analyst slash vendor side and I make recommendations to someone that is basically in his position, I want to make sure that it sounds right from an operational standpoint. And so I’m constantly asking his opinion and then he’s constantly asking me like, Hey, have you heard anything about this?

Nicole Hoffman: And so I thought it’d be interesting to talk about like different technology topics from both of our points of view. Because it’s very different, you know, it’s like one example is like, you know, patch management as a vendor, I’m always going to be like patch it. And he’s like, yeah, it’s more complicated than that.

Nicole Hoffman: I’m like, ah, I don’t understand. Just, just patch it because, you know, without that operational knowledge and knowing all the dependencies and things like that how would I know, you know, so. Yeah, which

Chris: is a common conversation in an organization. So you’re basically having this conversation for us. It’s a great.

Nicole Hoffman: And we’re married. So, I mean, just that banter alone, I can be, I guess we’re a little bit more relaxed, but

Chris: yeah, the meeting never ends, right?

Nicole Hoffman: Yeah. But one of the things I love about not only like starting a podcast, but just being on podcasts. It’s relaxing. It’s not like giving, you know, like a conference presentations because you can just, you know, kind of like nerd out in a casual way and it’s nice.

Chris: Yeah. Yeah, definitely. And it’s also rare to have a security focused podcast hosted by a couple also. And I believe that’s unchartered territory.

Nicole Hoffman: Yes. Although I’m hoping it’ll be somewhat educational, but I think some of it might just be analysts versus engineer, which obviously analysts are better.

Nicole Hoffman: Sorry.

Nicole Hoffman: Until I need something and then I have to ask an engineer. Yeah. Then engineers are better for, I need something built. Yeah.

Chris: Oh yeah. Yeah. That conversation could get intense. Now you’re based in Texas.

Nicole Hoffman: Yes.

Chris: Nice. Nice. What area of Texas are you?

Nicole Hoffman: I’m in the Dallas area, but I’m fairly new. I just moved to Texas last year with my family from Washington state.

Nicole Hoffman: So I’m not at that point yet where I’m like, don’t mess with Texas. I’m not there yet. Probably get there soon. I still run away when there’s a tornado warning. Like I’m outside with my sweet tea and my chair. I’m not on that level of Texas.

Chris: Oh, that’s awesome. So in Dallas what bar would you recommend someone from out of town hit up while they’re there?

Nicole Hoffman: I, because I have kids and because I live outside of the city, so I don’t typically go into town. For the nightlife, if we do, it’s usually like you know, a restaurant and things like that.

Chris: Okay. Okay, well, let’s switch it up then to barbecue. Do you have a go-to barbecue?

Nicole Hoffman: I do one place. I like it’s down in Ellis county. It’s called blue bonnet, barbecue. I really liked them. I really love that Texas has fat Tuesdays, which is from new Orleans. I used to live in new Orleans, which is it’s.

Nicole Hoffman: Have you, have you heard of fat Tuesdays? I have, yes, I have the daiquiris. Yeah, they have them throughout Texas, which is nice. Cause you can go and you could just take it home and you can get like the ever clear shots and things like that, which sound crazy. But I’ve lived in new Orleans. I’ve been indoctrinated.

Chris: No, no, not, not crazy at all. So I just heard last call here. You got time for one more. If you opened a cybersecurity theme bar, what would the name be? And what would your signature drink be called?

Nicole Hoffman: Ooh, good question. Good question. I would probably name it alcohol in depth,

Chris: alcohol in depth!

Nicole Hoffman: Like security in depth and all the drinks would be layered.

Chris: I love it. And what would your signature drink be called?

Nicole Hoffman: It would probably be a dark and stormy.

Chris: Dark and stormy. I liked. it And your drink, menu, you could have it could have level one through seven where seven is just straight alcohol.

Nicole Hoffman: It’s just like straight tequila, like triple shot, no chaser. There’s no chasers on layer seven

Chris: No chaser. No label. You just have to take it down

Nicole Hoffman: The drink that shall not be named.

Chris: I love it. Before you go. Where can our listeners find you online?

Nicole Hoffman: so I’m pretty much threat hunter girl across all platforms, Instagram, Twitter, LinkedIn. If you go to my blog threat hunter girl.com, I think I only have my Twitter link to it.

Nicole Hoffman: But everything should be open if you ever want to contact me. Ask me any questions. You know, if you need a mentor, you need advice or you just want to say hi, you know, come on over.

Chris: Awesome. And we can hit the podcast from that website as well?

Nicole Hoffman: So my podcast right now, it is on Spotify. But it, if you want to listen, you can also go to my blog and you can just click on it.

Chris: When Nicole, thanks for stopping by. Had a great conversation with you and I look forward to seeing you soon.

Nicole Hoffman: Thank you. It’s an honor to be on the show. Thanks for having me.

To top