Do you have to start a Threat Intelligence program and not know where to start because of all the information about automation and complicated processes? Start with a weekly email to key stakeholders with an overview of the week’s security news. Then you can split it up by showing things that are specifically relevant to your industry, items pertinent to your organization, and general information. You or someone on your team is probably already reviewing news; why not have them identify the interesting ones and create a summary for your organization to share that information?
Sure, it’s not the slick automated threat feeds or third-party threat intel, but it’s something you can build on for the future. The goal is to get started somewhere you can make from rather than building the perfect process over a year because that’s time wasted. Put in something simple and incrementally build on that.
This is an example of what I mentioned in a previous post that improving 1% a week will get you 52% improvement in a year.
Note: I’m not saying planning is not essential, but there are things within your scope of control that you can get immediate results with that don’t require a lot of funding/planning to start, try to find those opportunities and seize them.