Episode 45 — Select courses of action that change outcomes
Choosing the right "course of action" (CoA) is the ultimate goal of the intelligence process, ensuring that technical insights lead to tangible changes in security outcomes. This episode explores the six defensive categories of CoA: discover, detect, disrupt, degrade, deceive, and destroy, providing a strategic framework for selecting the most effective response for a given threat. We discuss how to evaluate the "cost-benefit" of a specific CoA, such as deciding whether to block a domain (disrupt) or monitor it to gather more intelligence (discover). In a GCTI context, you must demonstrate the ability to recommend a CoA that is proportional to the threat and aligned with the organization’s overall risk appetite. Practical application involves "stacking" multiple CoAs throughout the kill chain to build a "defense-in-depth" posture that increases the adversary's difficulty and cost. By selecting CoAs that actually change outcomes, you prove that the intelligence function is a primary driver of organizational resilience and safety. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.
