With the realisation that Cyber attack presents a significant risk to an organisation's reputation, efficiency, and profitability, there has been an increase in the instrumentation of networks; from collecting netflow data at routers, to host-based agents collecting detailed process information. To spot the potential threats within a Cyber environment, a large community of researchers have produced many exciting innovations, aligned with such data. Much of this research has been focused around "data driven" techniques, and does not often fuse data from multiple sources. Moreover, incorporation of threat actors' behaviours and motivations (as specified by Cyber security experts) is often non-existent. In this talk, I will present an overview of the statistical challenges facing the Cyber domain, and demonstrate the use of two-filter smoothing within a state-space modelling context for the characterisation of user behaviour within a point-process model.