Question 1

What is a Cyber Threat Intelligence (CTI) platform for defense?

Accepted Answer

A defense-grade CTI platform collects, normalizes, enriches, and distributes threat intelligence — indicators of compromise, TTPs, actor profiles — to SOC analysts and downstream defensive tooling. Architecturally it combines STIX/TAXII feeds, OSINT collectors (including Telegram and dark-web monitoring), an enrichment pipeline, and integrations into SIEM/SOAR for automated action.

Question 2

How do SIEM and SOAR differ, and why are both needed on military networks?

Accepted Answer

SIEM collects and correlates logs to detect incidents; SOAR orchestrates and automates the response playbooks once an incident is identified. On military networks the integration must additionally handle classification boundaries, air-gapped segments, and the latency constraints of cross-domain solutions — off-the-shelf cloud-first SIEM/SOAR rarely fits unmodified.

Question 3

What is an SBOM and why does defense procurement now require one?

Accepted Answer

A Software Bill of Materials is a machine-readable inventory of every component, library, and dependency in a delivered software product. US and EU defense procurement increasingly mandate an SBOM in SPDX or CycloneDX format with each delivery so supply-chain vulnerabilities (Log4Shell-class) can be traced and patched across the fleet.

Question 4

How does intrusion detection work for military OT and ICS systems?

Accepted Answer

Operational technology — base utilities, vehicle buses, weapon-system controllers — speaks protocols (Modbus, DNP3, CAN, MIL-STD-1553) that traditional IT IDS does not parse. Military OT intrusion detection relies on passive protocol-aware sensors, baseline modeling of expected command patterns, and tight integration with the upstream SIEM rather than active scanning that could disrupt safety-critical equipment.

Question 5

What does DevSecOps look like in a defense software pipeline?

Accepted Answer

DevSecOps for defense embeds SAST, SCA, secret scanning, and SBOM generation into every CI run, then layers in classification-aware artifact storage and signed releases for accreditation. The goal is to satisfy authority-to-operate (ATO) and equivalent NATO accreditation requirements without dropping below the iteration cadence that operational software demands.

Defense Cybersecurity