This talk goes over the process for our threat analysis, what can be learned about vendors, their obsession with calling everything an APT, and what your normal adversary actually looks like.