Future Of Threat Intelligence podcast

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

Player FM - Internet Radio Done Right

추가했습니다 two 년 전

Team Cymru에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Team Cymru 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

T

TED Business

TED Business podcast artwork

TED Business podcast artwork

1
The trick to powerful public speaking | Lawrence Bernstein 17:27

20 weeks 전17:27

나중에 재생

나중에 재생

17:27

Why do so many of us get nervous when public speaking? Communication expert Lawrence Bernstein says the key to dealing with the pressure is as simple as having a casual chat. He introduces the "coffee shop test" as a way to help you overcome nerves, connect with your audience and deliver a message that truly resonates. After the talk, Modupe explains a similar approach in academia called the "Grandma test," and how public speaking can be as simple as a conversation with grandma. Want to help shape TED’s shows going forward? Fill out our survey ! Become a TED Member today at https://ted.com/join Learn more about TED Next at ted.com/futureyou Hosted on Acast. See acast.com/privacy for more information.…

Future of Threat Intelligence

공유

시리즈 홈•Feed

Team Cymru에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Team Cymru 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Welcome to the Future of Threat Intelligence podcast, where we explore the transformative shift from reactive detection to proactive threat management. Join us as we engage with top cybersecurity leaders and practitioners, uncovering strategies that empower organizations to anticipate and neutralize threats before they strike. Each episode is packed with actionable insights, helping you stay ahead of the curve and prepare for the trends and technologies shaping the future.

… continue reading

90 에피소드

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

Future of Threat Intelligence

updated 3일 전

공유

시리즈 홈•Feed

Team Cymru에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Team Cymru 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Welcome to the Future of Threat Intelligence podcast, where we explore the transformative shift from reactive detection to proactive threat management. Join us as we engage with top cybersecurity leaders and practitioners, uncovering strategies that empower organizations to anticipate and neutralize threats before they strike. Each episode is packed with actionable insights, helping you stay ahead of the curve and prepare for the trends and technologies shaping the future.

… continue reading

90 에피소드

모든 에피소드

×

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Digital Asset Redemption's Steve Baer on Why Half of Ransomware Victims Shouldn't Pay 7:22

3일 전7:22

나중에 재생

나중에 재생

7:22

Most organizations approach ransomware as a technical problem, but Steve Baer , Field CISO at Digital Asset Redemption , has built his career understanding it as fundamentally human. His team's approach highlights why traditional cybersecurity tools fall short against motivated human adversaries and how proactive intelligence gathering can prevent incidents before they occur. Steve's insights from the ransomware negotiation business challenge conventional wisdom about cyber extortion. Professional negotiators consistently achieve 73-75% reductions in ransom demands through skilled human interaction, while many victims discover their "stolen" data is actually worthless historical information that adversaries misrepresent as current breaches. Digital Asset Redemption's unique position allows them to purchase stolen organizational data on dark markets before public disclosure, effectively preventing incidents rather than merely responding to them. Topics discussed: Building human intelligence networks with speakers of different languages who maintain authentic personas and relationships within dark web adversarial communities. Professional ransomware negotiation techniques that achieve consistent 73-75% reductions in extortion demands through skilled human interaction rather than automated responses. The reality that less than half of ransomware victims require payment, as many attacks involve worthless historical data misrepresented as current breaches. Proactive data acquisition strategies that purchase stolen organizational information on dark markets before public disclosure to prevent incident escalation. Why AI serves as a useful tool for maintaining context and personas but cannot replace human intelligence when countering human adversaries. Key Takeaways: Investigate data value before paying ransoms — many attacks involve worthless historical information that adversaries misrepresent as current breaches. Engage professional negotiators rather than attempting DIY ransomware negotiations, as specialized expertise consistently achieves 73-75% reductions in demands. Build relationships within the cybersecurity community since the industry remains small and professionals freely share valuable threat intelligence. Deploy human intelligence networks with diverse language capabilities to gather authentic threat intelligence from adversarial communities. Assess AI implementation as a useful tool for maintaining context and personas while recognizing human adversaries require human intelligence to counter. Listen to more episodes: Apple Spotify YouTube Website…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Cybermindz’s Mark Alba on Military PTSD Protocols to Treat Security Burnout 7:04

5일 전7:04

나중에 재생

나중에 재생

7:04

The cybersecurity industry has talked extensively about burnout, but Mark Alba , Managing Director of Cybermindz , is taking an unprecedented scientific approach to both measuring and treating it. In this special RSA episode, Mark tells David how his team applies military-grade psychological protocols originally developed for PTSD treatment to address the mental health crisis in security operations centers. Rather than relying on anecdotal evidence of team fatigue, they deploy clinical psychologists to measure resilience through validated psychological assessments and deliver interventions that can literally change how analysts' brains process stress. Mark walks through their use of the iRest Protocol, a 20-year-old treatment methodology from Walter Reed Hospital that shifts brain activity from amygdala-based fight-or-flight responses to prefrontal cortex logical thinking. Their team of five PhDs works directly within enterprise SOCs to establish baseline psychological metrics and track improvement over time, giving security leaders unprecedented visibility into their team's actual capacity to handle high-stress incident response. Topics discussed: Clinical measurement of cybersecurity burnout through validated psychological assessments including the MASLAC sleep index and psychological capital evaluations. Implementation of the iRest Protocol, a military-developed meditative technique used at Walter Reed Hospital for PTSD treatment. Real-time resilience scoring through the Cybermindz Resilience Index that combines sleep quality, psychological capital, burnout indicators, and stress response metrics. Research methodology to establish causation versus correlation between psychological state and SOC performance metrics like mean time to respond and incident response rates. Neuroscience of cybersecurity roles, including how threat intelligence analysts perform optimally at alpha brain wave levels while incident responders need beta wave states. Strategic staff rotation based on psychological state rather than just skillset, moving analysts between different cognitive roles to optimize both performance and mental health. Key Takeaways: Implement clinical burnout measurement using validated tools like the MASLAC sleep index and psychological capital assessments rather than relying on subjective burnout indicators in your SOC operations. Deploy psychometric testing within security operations centers to establish baseline resilience metrics before incidents occur, enabling proactive team management strategies. Establish brainwave optimization protocols by moving threat intelligence analysts to alpha wave states for creative pattern recognition and incident responders to beta wave states for rapid decision-making. Correlate psychological metrics with traditional SOC performance indicators like mean time to respond and incident response rates to identify causation patterns. Rotate staff assignments based on real-time psychological capacity assessments rather than just technical skills, optimizing both performance and mental health outcomes. Measure psychological capital within your security team to understand cognitive capacity for handling high-stress cyber incidents and threat analysis workloads. Establish post-incident psychological protocols using clinical psychology techniques to prevent long-term burnout and retention issues following major security breaches. Create predictive analytics models that combine resilience scoring with operational metrics to forecast SOC team performance and proactively address capacity issues. Listen to more episodes: Apple Spotify YouTube Website…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
GigaOm’s Howard Holton on Why AI Will Be the OS of Security Work 8:43

11일 전8:43

나중에 재생

나중에 재생

8:43

The cybersecurity industry has witnessed numerous technology waves, but AI's integration at RSA 2025 signals something different from past hype cycles. Howard Holton , Chief Technology Officer at GigaOm , observed AI adoption across virtually every vendor booth, yet argues this represents genuine transformation rather than superficial marketing. His analyst perspective, backed by GigaOm's practitioner-focused research approach, reveals why AI will become the foundational operating system of security work rather than just another tool in an already crowded stack. Howard's insights challenge conventional thinking about human-machine collaboration in security operations. He explains how natural language understanding finally bridges the gap between human instruction variability and machine execution consistency, solving a problem that has limited automation effectiveness for decades. Howard also explores practical applications where AI handles repetitive security tasks that exhaust human analysts, while humans focus on curiosity-driven investigation and strategic analysis that machines cannot replicate. Topics discussed: The fundamental differences between AI's practical applicability and blockchain's limited use cases, despite similar initial hype cycles and market positioning across cybersecurity vendors. How natural language understanding creates breakthrough human-machine collaboration by allowing AI systems to execute consistent tasks regardless of instruction variability from different analysts. The biological metaphor for human versus machine intelligence, where humans operate as "chaos machines" with independent processes driven by curiosity rather than single-objective optimization. GigaOm's practitioner-focused approach to security maturity modeling that measures actual organizational capability rather than vendor feature adoption or platform configuration levels. Why AI will become the operating system of security work, following the evolution from Microsoft Office to SaaS as foundational business operation layers. The strategic advantage of AI handling hyper-repetitive security processes that traditionally drive human analysts to inefficiency while preserving human focus for curiosity-driven investigation. How enterprise security teams can identify the optimal intersection between AI's computational strengths and human analytical capabilities within their specific organizational contexts and threat landscapes. Key Takeaways: Evaluate your security maturity models to ensure they measure organizational capability and adaptability rather than vendor feature adoption or platform configuration levels. Identify repetitive security processes that exhaust human analysts and prioritize these for AI automation while preserving human focus for curiosity-driven investigation. Leverage natural language understanding in AI tools to standardize security process execution despite instruction variability from different team members. Audit your current technology stack to distinguish between genuinely applicable AI solutions and superficial AI marketing similar to the blockchain hype cycle. Create practitioner-focused assessment criteria when evaluating security vendors to ensure solutions address real-world enterprise implementation challenges. Develop language-agnostic security procedures that AI systems can interpret consistently regardless of how different analysts explain the same operational requirements. Listen to more episodes: Apple Spotify YouTube Website…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Online Business Systems' Jeff Man on PCI 4.0's Impact 8:31

13일 전8:31

나중에 재생

나중에 재생

8:31

The cybersecurity industry has long operated on fear-based selling and vendor promises that rarely align with practical implementation needs. Jeff Man , Sr. Information Security Evangelist at Online Business Systems , brings a pragmatic perspective after years of navigating compliance requirements and advising organizations from Fortune 100 enterprises to small e-commerce operators. His cautious optimism about the industry's current trajectory stems from witnessing a fundamental shift in how vendors understand and communicate compliance requirements, particularly around PCI DSS 4.0's recent implementation. Jeff's extensive conference speaking experience and hands-on consulting work reveal critical disconnects between security marketing rhetoric and operational reality. His observation that security presentation slides from 1998 remain almost entirely relevant today underscores both the persistence of fundamental security challenges and the industry's slow evolution beyond superficial solutions toward meaningful risk management frameworks. Topics discussed: The transformation of vendor compliance conversations from generic marketing responses to specific requirement understanding, particularly around PCI DSS 4.0 implementation strategies. Why speaking "compliance language" with clients proves more effective than traditional security-focused approaches, as organizations prioritize mandatory requirements over theoretical security improvements. The reality that 99% of companies fall into small business security categories rather than commonly cited SMB statistics, creating massive gaps between available solutions and actual organizational needs. Risk prioritization methodologies that focus security investments on the 3% of CVEs actively exploited by attackers rather than attempting to address overwhelming vulnerability backlogs. The evolution from fear-uncertainty-doubt selling tactics toward informed decision-making frameworks that help organizations understand exactly what security technologies deliver versus marketing promises. How independent advisory perspectives enable better technology purchasing decisions by providing objective analysis separate from vendor sales motivations and product-specific solutions. The convergence of threat detection, vulnerability prioritization, and compliance requirements into cohesive risk management strategies that align with business operational realities rather than security team preferences. Key Takeaways: Prioritize vendors who demonstrate specific compliance requirement knowledge rather than offering generic "we do compliance" responses, particularly for PCI DSS 4.0 implementation. Frame security discussions using compliance language with business stakeholders, as regulatory requirements drive action more effectively than theoretical security benefits. Focus vulnerability management efforts on the approximately 3% of CVEs that attackers actively exploit rather than attempting to address entire vulnerability backlogs. Recognize that 99% of organizations operate with small business security constraints and require solutions scaled appropriately rather than enterprise-grade implementations. Seek independent security advisory perspectives separate from vendor sales processes to make informed technology purchasing decisions based on actual needs versus marketing promises. Evaluate security investments through risk prioritization frameworks that align with business operations rather than pursuing comprehensive security controls beyond organizational capabilities. Leverage the convergence of compliance requirements, threat intelligence, and vulnerability management to create cohesive risk management strategies rather than implementing disparate security tools.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Trellix's John Fokker on Why Ransomware Groups Are Fragmenting 10:51

17일 전10:51

나중에 재생

나중에 재생

10:51

The criminal underground is experiencing its own version of startup disruption, with massive ransomware-as-a-service operations fragmenting into smaller, more agile groups that operate like independent businesses. John Fokker , Head of Threat Intelligence at Trellix , brings unique insights from monitoring hundreds of millions of global sensors, revealing how defenders' success in EDR detection is paradoxically driving criminals toward more profitable attack models. His team's systematic tracking of AI adoption in criminal networks provides a fascinating parallel to legitimate business transformation, showing how threat actors are methodically testing and scaling new technologies just like any other industry. Drawing from Trellix's latest Global Threat Report, John tells David why the headlines focus on major enterprise breaches while the real action happens in the profitable mid-market, where companies have extractable revenue but often lack enterprise-level security budgets. This conversation offers rare visibility into how macro trends like AI adoption and improved defensive capabilities are reshaping criminal business models in real-time. Topics discussed: The systematic fragmentation of large ransomware-as-a-service operations into independent criminal enterprises, each focusing on specialized capabilities rather than maintaining complex hierarchical structures. How improved EDR detection capabilities are driving a strategic shift from encryption-based ransomware attacks toward data exfiltration and extortion as a more reliable revenue model. The economic targeting patterns that focus on profitable mid-market companies with decent revenue streams but potentially limited security budgets, rather than the headline-grabbing major enterprise victims Criminal adoption patterns of AI technologies that mirror legitimate business transformation, with systematic testing and gradual scaling as capabilities prove valuable. The emergence of EDR evasion tools as a growing criminal service market, driven by the success of endpoint detection and response technologies in preventing traditional attacks. Why building trust in autonomous security systems faces similar challenges to autonomous vehicles, requiring proven track records and reduced false positives before organizations will release human oversight. The strategic use of global sensor networks combined with public intelligence to map evolving attack patterns and identify blind spots in organizational threat detection capabilities. How entropy-based detection methods at the file and block level can identify encryption activities that indicate potential ransomware attacks in progress. The evolution from structured criminal hierarchies with complete in-house kill chains to distributed networks of specialized service providers and independent operators. Key Takeaways: Monitor entropy changes in files and block-level data compression rates as early indicators of ransomware encryption activities before full system compromise occurs. Prioritize EDR and XDR deployment investments to force threat actors away from encryption-based attacks toward less reliable data exfiltration methods. Focus threat intelligence gathering on fragmented criminal groups rather than solely tracking large ransomware-as-a-service operations that are splintering into independent cells. Implement graduated trust models for AI-powered security automation, starting with low-risk tasks and expanding autonomy as false positive rates decrease over time. Combine internal sensor data with public threat intelligence reports to identify blind spots and validate detection capabilities across multiple threat vectors. Develop specialized defense strategies for mid-market organizations that balance cost-effectiveness with protection against targeted criminal business models. Track AI adoption patterns in criminal networks using the same systematic approach businesses use for technology transformation initiatives. Build detection capabilities that identify lateral movement and privilege escalation activities that indicate advanced persistent threat presence in network environments. Establish incident response procedures that account for data exfiltration and extortion scenarios, not just traditional encryption-based ransomware attacks. Create threat hunting programs that specifically target EDR evasion tools and techniques as criminals increasingly invest in bypassing endpoint detection technologies.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Frost & Sullivan's Martin Naydenov on AI's Cybersecurity Trust Gap 6:14

19일 전6:14

나중에 재생

나중에 재생

6:14

In this special RSA episode of Future of Threat Intelligence, Martin Naydenov , Industry Principal of Cybersecurity at Frost & Sullivan , offers a sobering perspective on the disconnect between AI marketing and implementation. While the expo floor buzzes with "AI-enabled" security solutions, Martin cautions that many security teams remain reluctant to use these features in their daily operations due to fundamental trust issues. This trust gap becomes particularly concerning when contrasted with how rapidly threat actors have embraced AI to scale their attacks. Martin walks David through the current state of AI in cybersecurity, from the vendor marketing rush to the practical challenges of implementation. As an analyst who regularly uses AI tools, he provides a balanced view of their capabilities and limitations, emphasizing the need for critical evaluation rather than blind trust. He also demonstrates how easily AI can be leveraged for malicious purposes, creating a pressing need for security teams to overcome their hesitation and develop effective counter-strategies. Topics discussed: The disconnect between AI marketing hype at RSA and the practical implementation challenges facing security teams in real-world environments. Why security professionals remain hesitant to trust AI features in their tools, despite vendors rapidly incorporating them into security solutions. The critical need for vendors to not just develop AI capabilities but to build trust frameworks that convince security teams their AI can be relied upon. How AI is dramatically lowering the barrier to entry for threat actors by enabling non-technical individuals to create convincing phishing campaigns and malicious scripts. The evolution of phishing from obvious "Nigerian prince" scams with typos to contextually accurate, perfectly crafted messages that can fool even security-aware users. The disproportionate adoption rates between defensive and offensive AI applications, creating a potential advantage for attackers. How security analysts are currently using AI as assistance tools while maintaining critical oversight of the information they provide. The emerging capability for threat actors to build complete personas using AI-generated content, deepfakes, and social media scraping for highly targeted attacks. Key Takeaways: Implement verification protocols for AI-generated security insights to balance automation benefits with necessary human oversight in your security operations. Establish clear trust boundaries for AI tools by understanding their data sources, decision points, and potential limitations before deploying them in critical security workflows. Develop AI literacy training for security teams to help analysts distinguish between reliable AI outputs and potential hallucinations or inaccuracies. Evaluate your current security stack for unused AI features and determine whether trust issues or training gaps are preventing their adoption. Create AI-resistant authentication protocols that can withstand the sophisticated phishing attempts now possible with language models and deepfake technology. Monitor adversarial AI capabilities by testing your own defenses against AI-generated attack scenarios to identify potential vulnerabilities. Integrate AI tools gradually into security operations, starting with low-risk use cases to build team confidence and establish trust verification processes. Prioritize vendor solutions that provide transparency into their AI models' decision-making processes rather than black-box implementations. Establish metrics to quantify AI effectiveness in your security operations, measuring both performance improvements and false positive/negative rates. Design security awareness training that specifically addresses AI-enhanced social engineering techniques targeting your organization.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Unspoken Security’s AJ Nash on Protecting Against AI Model Poisoning 15:32

24일 전15:32

나중에 재생

나중에 재생

15:32

In our latest episode of The Future of Threat Intelligence, recorded at RSA Conference 2025, AJ Nash , Founder & CEO, Unspoken Security , provides a sobering assessment of AI's transformation of cybersecurity. Rather than focusing solely on hype, AJ examines the double-edged nature of AI adoption: how it simultaneously empowers defenders while dramatically lowering barriers to entry for sophisticated attacks. His warnings about entering a "post-knowledge world" where humans lose critical skills and adversaries can poison trusted AI systems offer a compelling counterbalance to the technology's promise. AJ draws parallels to previous technology trends like blockchain that experienced similar hype cycles before stabilizing, but notes that AI's accessibility and widespread applicability make it more likely to have lasting impact. He predicts that the next frontier in security will be AI integrity verification — building systems and organizations dedicated to ensuring that the AI models we increasingly depend on remain trustworthy and resistant to manipulation. Throughout the conversation, AJ emphasizes that while AI will continue to evolve and integrate into our security operations, maintaining human oversight and preserving our knowledge base remains essential. Topics discussed: The evolution of the RSA Conference and how industry focus has shifted through cycles from endpoints to threat intelligence to blockchain and now to AI, with a particularly strong emphasis on agentic AI. The double-edged impact of AI on workforce dynamics, balancing the potential for enhanced productivity against concerns that companies may prioritize cost-cutting by replacing junior positions, potentially eliminating career development pipelines. The risk of AI-washing similar to how "intelligence" became a diluted buzzword, with companies claiming AI capabilities without substantive implementation, necessitating deeper verification — and even challenging — of vendors' actual technologies. The emergence of a potential "post-knowledge world" where overreliance on AI systems for summarization and information processing erodes human knowledge of nuance and detail. The critical need for AI integrity verification systems as adversaries shift focus to poisoning models that organizations increasingly depend on, creating new attack surfaces that require specialized oversight. Challenges to intellectual property protection as AI systems scrape and incorporate existing content, raising questions about copyright enforcement and ownership in an era where AI-generated work is derivative by nature. The importance of maintaining human oversight in AI-driven security systems through transparent automation workflows, comprehensive understanding of decision points, and regular verification of system outputs. The parallels between previous technology hype cycles like blockchain and current AI enthusiasm, with the distinction that AI's accessibility and practical applications make it more likely to persist as a transformative technology. Key Takeaways: Challenge AI vendors to demonstrate their systems transparently by requesting detailed workflow explanations and documentation rather than accepting marketing claims at face value. Implement a "trust but verify" approach to AI systems by establishing human verification checkpoints within automated security workflows to prevent over-reliance on potentially flawed automation. Upskill your technical teams in AI fundamentals to maintain critical thinking abilities that help them understand the limitations and potential vulnerabilities of automated systems. Develop comprehensive AI governance frameworks that address potential model poisoning attacks by establishing regular oversight and integrity verification mechanisms. Establish cross-organizational collaborations with industry partners to create trusted AI verification authorities that can audit and certify model integrity across the security ecosystem. Document all automation workflows thoroughly by mapping decision points, data sources, and potential failure modes to maintain visibility into AI-driven security processes. Prioritize retention of junior security positions to preserve talent development pipelines despite the temptation to replace entry-level roles with AI automation. Conduct regular sampling and testing of AI system outputs to verify accuracy and detect potential manipulation or degradation of model performance over time. Balance innovation with security controls by evaluating new AI technologies for both their benefits and their potential to create new attack surfaces before deployment. Incorporate geopolitical and broader contextual awareness into threat intelligence practices to identify potential connections between world events and emerging cyber threats that AI alone might miss.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Cyware’s Jawahar Sivasankaran on Automating Threat-Centric Operations 8:53

26일 전8:53

나중에 재생

나중에 재생

8:53

In this special RSA 2025 episode of The Future of Threat Intelligence, David speaks with Jawahar Sivasankaran , President of Cyware , about their partnership with Team Cymru to democratize threat intelligence. Jawahar outlines how their CTI program in a box approach enables organizations to implement comprehensive threat intelligence capabilities in weeks rather than months. Jawahar offers a unique perspective on industry progress and remaining challenges in collaborative defense. This conversation explores the practical realities of operationalizing threat intelligence for organizations beyond the most mature security teams, the current implementation of AI in security operations, and a thoughtful assessment of how automation will reshape security careers without eliminating the need for human expertise. Topics discussed: How Cyware's partnership with Team Cymru creates turnkey threat intelligence solutions with pre-configured use cases and clear outcomes for rapid implementation. The critical gap in threat intelligence sharing between private and public sectors despite overall industry progress in security capabilities. Cyware's work with ISACs to facilitate bi-directional threat intelligence sharing that benefits organizations at varying maturity levels. Current implementation of AI through Cyware's Quarterback module, featuring knowledge bots and NLP capabilities beyond future aspirations. Multi-agent AI approach to threat-centric automation that focuses on enriching and correlating intelligence for actionable outcomes Historical perspective on industry disruption and how AI will transform security careers by automating basic tasks while creating new opportunities in design, architecture, and human-machine collaboration. The evolution of security solutions over two decades of RSA conferences and whether the industry is making meaningful progress against adversaries. Practical strategies for implementing comprehensive threat intelligence programs without months of planning and configuration. Key Takeaways: Implement a "CTI program in a box" approach to accelerate threat intelligence adoption, reducing deployment time from months to weeks through pre-configured use cases with clear, measurable outcomes. Establish bi-directional threat intelligence sharing between private and public sectors to strengthen collective defense capabilities against emerging adversary tactics and behaviors. Leverage partnerships with ISACs to gain access to curated threat intelligence that has been validated and contextualized for your specific industry vertical. Deploy AI-powered knowledge bots with NLP capabilities to help your security team more efficiently process and action threat intelligence data without requiring extensive expertise. Adopt a multi-agent AI approach for security operations that enriches threat intelligence, correlates information across sources, and recommends specific defensive actions. Evaluate your organization's cyber threat intelligence maturity honestly, recognizing that even large enterprises and government agencies often struggle with operationalizing intelligence effectively. Streamline threat intelligence implementation through turnkey solutions that provide unified platforms rather than attempting to build capabilities from scratch. Balance AI automation with human expertise in your security operations, recognizing that technology will transform job functions rather than eliminate the need for skilled professionals. Transform basic security workflows into threat-centric processes that focus on actionable outcomes rather than just data collection and processing. Prioritize collaborative defense mechanisms that benefit organizations with varying levels of security maturity, particularly those downstream that lack advanced threat identification capabilities. Listen to more episodes: Apple Spotify…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Rapid7’s Lonnie Best on Measuring SOC Success Beyond Alert Closures 21:25

5 weeks 전21:25

나중에 재생

나중에 재생

21:25

In a world obsessed with cutting-edge security technology, Lonnie Best , Senior Manager of Detection & Response Services at Rapid7 , makes a compelling case for mastering the fundamentals. After transitioning from craft beer journalism through nuclear security to cybersecurity, Lonnie witnessed the evolution of ransomware attacks from "spray and pray" tactics to sophisticated credential theft and security tool disablement. His insights reveal why 54% of incident response engagements still trace back to inadequate MFA implementation, and why understanding "how computers compute" creates better security professionals than certifications alone. Lonnie also shares practical wisdom on building effective security operations, avoiding analyst burnout, and measuring program success. As AI increasingly handles tier-one alert triage, he predicts the traditional junior analyst role will fundamentally change within 5-10 years — though human expertise will always remain essential for validating what machines uncover. Topics discussed: The evolution of attack sophistication from "spray and pray" ransomware to targeted credential theft and security tool disablement, requiring more comprehensive detection capabilities. How managed detection and response (MDR) services have evolved to provide enterprise-grade security capabilities to organizations lacking internal resources or security maturity. The critical components of building an effective internal SOC: centralized logging through SIEM implementation, specialized security expertise across multiple domains, and leadership strategies to combat analyst burnout. Implementing AI and machine learning for tier-one alert triage to reduce analyst fatigue while maintaining human oversight for validation, with predictions that traditional junior analyst roles will transform within 5-10 years. Why traditional metrics like alert closures fail to accurately measure SOC analyst performance, requiring more nuanced approaches focusing on contribution quality rather than quantity. The hiring dilemma of attitude versus aptitude in security analysts, revealing why foundational system administration experience creates more effective investigators than certifications alone. Strategies for preventing analyst burnout through appropriate tooling, staffing levels, and leadership practices that recognize security's 24/7 operational demands. The persistent gap between security knowledge and implementation, as demonstrated by 54% of incident response engagements in 2024 resulting from inadequate MFA deployment or enforcement. Practical fundamentals for effective security: comprehensive asset inventory, attack surface management, vulnerability remediation, and understanding where critical assets reside. Key Takeaways: Implement multi-factor authentication across all access points to address the root cause behind 54% of incident response engagements in 2024, according to Rapid7's metrics. Build your security operations center with centralized logging through SIEM implementation as the core foundation before expanding detection capabilities. Recruit security analysts with system administration experience rather than just certifications to ensure practical understanding of system behavior and anomaly detection. Deploy AI and machine learning solutions specifically for tier-one alert triage to combat analyst fatigue while maintaining human oversight for validation. Create comprehensive asset inventories that identify and map all crown jewels and their access paths before implementing advanced security controls. Develop leadership strategies that address security's 24/7 operational demands, including appropriate time-off policies and workload management to prevent burnout. Measure security operations performance through nuanced metrics beyond alert closures, focusing on the quality of investigations and genuine threat detection. Structure your security team with specialized roles (threat hunting, cloud detection, malware analysis) to create effective career paths and deeper expertise. Incorporate regular one-on-one meetings with security analysts to assess performance challenges and identify improvement areas beyond traditional metrics. Prioritize attack surface management alongside vulnerability remediation to understand how attackers could gain entry and navigate toward critical assets. Listen to more episodes: Apple Spotify YouTube Website…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Rapyd’s Nir Rothenberg on Breaking the CISO Burnout Cycle Through Focused Priorities 28:27

8 weeks 전28:27

나중에 재생

나중에 재생

28:27

From cleaning up after an insider theft of the notorious Pegasus spyware to safeguarding billions in payment transactions, Nir Rothenberg brings battlefield-tested security leadership to his role as CISO/CIO at Rapyd , and joins David on this episode of The Future of Threat Intelligence to share all his lessons learned. In this no-holds-barred conversation , Nir delivers a wake-up call to security leaders still pretending they can defend against everything, offering instead a radical prioritization framework shaped by watching elite hackers routinely break supposedly "unbreakable" systems. Nir challenges conventional CISO thinking by ruthlessly eliminating theoretical threats from his roadmap, explaining why even Google-level security can't ultimately stop determined nation-state attackers, and providing practical strategies for focusing resources exclusively on threats that organizations can realistically defend against. Topics discussed: The challenges of prioritizing security efforts based on attacker capability tiers, focusing resources on threats that can realistically be defended against rather than top-tier nation-state actors. How working with elite offensive security teams fundamentally transforms a defender's understanding of what's feasible in attack scenarios and reshapes security investment decisions. The evolution of breach disclosure practices and why current placative approaches prioritize shareholder confidence over sharing actionable details that would help other defenders. Strategic approaches to developing security capabilities through partnerships rather than building in-house, particularly for specialized functions like threat intelligence. Why even major crypto breaches often stem from preventable issues like social engineering rather than sophisticated technical exploits, and how to prioritize defenses accordingly. Practical strategies for combating CISO burnout through focused prioritization and avoiding the tendency of boiling the ocean that leads to ineffective security programs. Creating collaborative security ecosystems that leverage the numerical advantage defenders have over attackers when working together effectively. How to extract meaningful intelligence from breaches beyond just indicators of compromise, focusing on understanding attacker methodologies and misconfigurations that can be tested and remediated. Key Takeaways: Prioritize security resources based on attacker capability tiers, focusing efforts on threats that can realistically be defended against rather than top-tier nation-state actors that will find a way in regardless of defenses. Implement a strategic partnership approach with specialized security vendors instead of building capabilities like threat intelligence in-house, leveraging their decades of experience to enhance your security posture more efficiently. Demand more detailed technical information in breach disclosures from vendors and partners, seeking specific misconfigurations and vulnerabilities that were exploited rather than just indicators of compromise. Position your security leadership role within the management team to enable greater impact, reducing bureaucratic barriers to implementing innovative security controls and technologies. Evaluate emerging security startups as design partners before they become widely known, creating a competitive advantage through early access to cutting-edge security capabilities. Challenge theoretical security risks like AI data exposure by comparing them with documented threats that have caused actual damage, allocating resources proportionally to proven rather than hypothetical dangers. Leverage M&A transitions as opportunities to eliminate technical debt and modernize security practices rather than just viewing them as risk events requiring assessment. Adopt comprehensive breach intelligence sources like the Verizon Breach Report to compensate for the limited technical detail in most public breach disclosures. Combat CISO burnout by focusing exclusively on security elements you can control and impact. Create collaborative security ecosystems with partners, vendors, and internal teams to maximize the numerical advantage defenders have over attackers when working together effectively.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Option Care’s Jill Rhodes on Uniting Legal Expertise and Cybersecurity in Healthcare 28:39

10 weeks 전28:39

나중에 재생

나중에 재생

28:39

Jill Rhodes , SVP & CISO at Option Care Health , shares her unconventional journey from international development lawyer stationed in Bolivia and Moscow to healthcare leader, where she built the security program from the ground up as the organization's first CISO. Jill outlines for David how a transformative assignment at an intelligence agency sparked her cybersecurity passion before she helped build cloud environments for the intelligence community. Now, she's leveraging this background to develop what she calls the rainbow of security — a visual security model for board communications — while building a security culture so pervasive that employees discuss security without her team present. Her approach, balancing legal analytical thinking with strategic security vision, demonstrates how healthcare CISOs can navigate a complex regulatory landscape of HIPAA plus 50 different state laws while maintaining the essential visibility needed for comprehensive threat intelligence. Topics discussed: Transforming organizational behavior through the Ambassador Program that deploys 100+ non-technical employees as security advocates. Conducting pre-meeting content reviews with non-technical audiences including family members and business partners to ensure security concepts are translated from technical language into business value propositions. Navigating the complex healthcare regulatory landscape that requires simultaneous compliance with federal HIPAA requirements and 50 distinct state privacy laws versus the unified security framework of intelligence agencies. Implementing the rainbow of security visualization framework that maps security controls from perimeter to internal systems, making complex security architecture understandable to board members while facilitating threat intelligence integration. Building security teams through maturity-based prioritization by conducting comprehensive security maturity assessments before hiring, then strategically filling gaps starting with technical experts to complement leadership's strategic orientation. Measuring security program effectiveness through cultural integration metrics rather than technical KPIs by tracking whether security considerations arise organically in conversations when security personnel aren't present. Applying intelligence community verification methodology to threat intelligence by requiring multiple non-derivative data sources to validate information, particularly crucial as healthcare-specific threat intelligence accessibility has declined. Key Takeaways: Implement a security ambassador program by recruiting non-technical employees across your organization to meet monthly, discuss security topics relevant to both work and personal life, and serve as security advocates within their departments. Translate technical security concepts for board presentations by testing your content on non-technical family members and business partners first — if they don't understand it, executives won't either. Construct your security team strategically by first conducting a comprehensive security maturity assessment to identify gaps, then hiring for skills that complement leadership's background rather than duplicating existing expertise. Develop a visual security framework that maps controls from perimeter to internal systems, making complex architecture understandable to executives while providing structure for threat intelligence integration. Measure security program effectiveness through cultural indicators rather than just technical metrics, specifically tracking whether security considerations arise organically in conversations when security personnel aren't present. Validate threat intelligence using the intelligence community verification methodology by requiring multiple non-derivative data sources before acting on information, especially important as healthcare-specific intelligence becomes less accessible. Navigate complex healthcare regulations by partnering closely with privacy, compliance, and business teams to create a collaborative approach to security rather than viewing it as a balance between competing priorities. Build security partnerships across departments, especially with finance, privacy, and compliance teams, to frame security risks in business language rather than technical terms and strengthen organizational buy-in. Transform security behaviors by comparing security adoption to the evolution of seatbelt use — initially resisted but eventually becoming automatic — to normalize security practices throughout the organization. Apply intelligence community analytical thinking to private sector security challenges by focusing on asking the right questions rather than having all the technical answers, particularly valuable for CISOs with non-technical backgrounds.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Silverado Policy Accelerator’s Dmitri Alperovitch on Hunting Intruders After They're Already In 28:00

13 weeks 전28:00

나중에 재생

나중에 재생

28:00

In this episode of The Future of Threat Intelligence, Dmitri Alperovitch , Co-founder & Executive Chairman at Silverado Policy Accelerator and Author of World on the Brink: How America Can Beat China in the Race for the 21st Century , delivers a stark warning about the second Cold War with China that's unfolding, from military and nuclear arms races to space competition and technological rivalry. Dmitri also shares how the Volt Typhoon intrusions represent deliberate "preparation of the battlefield" for potential conflict. He explains why Salt Typhoon could represent one of America's greatest counterintelligence failures. Topics discussed: The evolution of Chinese cyber operations from noisy, sloppy techniques in 2010 to today's sophisticated threats that represent unprecedented counterintelligence failures. How the Volt Typhoon intrusions into critical infrastructure serve as "preparation of the battlefield" designed to impede America's ability to defend Taiwan during potential conflict. The concrete evidence of China's Taiwan invasion preparations, including specialized bridge barges designed to land armored forces directly onto Taiwan's highways. Why Taiwan's 40% share of global semiconductor manufacturing creates catastrophic economic risk that could trigger a 5% compression in global GDP if disrupted. The fundamental flaw in prevention-focused security models and why CrowdStrike's hunt-focused approach better addresses persistent nation-state threats. Why the concept of "deterrence by denial" fails in cyberspace, unlike in physical warfare where anti-ship capabilities and other tactics can effectively deter invasion. The organizational dysfunction in US government cybersecurity, where even CISA lacks operational control over civilian networks and agencies operate in silos. Key Takeaways: Implement a hunt-focused security strategy that assumes adversaries will penetrate initial defenses, allocating resources to rapidly detect and eject intruders during their post-exploitation activities before they can accomplish objectives. Evaluate your organization's target value to nation state actors rather than simply comparing your defenses to industry peers, recognizing that highly valuable targets will face persistent campaigns lasting years, regardless of defensive measures. Acknowledge the inherent tension between security and availability requirements in your industry, developing tailored frameworks that balance operational resilience against the risk of catastrophic compromise. Diversify semiconductor supply chains in your technology procurement strategy to reduce dependency on Taiwan-manufactured chips, preparing contingency plans for severe disruptions in global chip availability. Incorporate geopolitical risk analysis into your security planning, particularly regarding China-Taiwan tensions and the projected window of heightened vulnerability identified by intelligence experts. Revise incident response playbooks to address sophisticated nation-state intrusions like Volt Typhoon that target critical infrastructure as "preparation of the battlefield" rather than immediate data theft. Establish clear security governance across organizational silos, addressing the dysfunction that plagues even government agencies where CISA lacks operational control over civilian networks. Shift security metrics from prevention-focused measurements to detection speed, dwell time reduction, and ability to prevent objective completion even after initial compromise. Challenge assumptions about deterrence by denial in your security architecture, recognizing that unlike physical defenses, cyber adversaries have virtually unlimited attack vectors requiring fundamentally different defensive approaches. Prioritize protection of your most valuable digital assets based on adversary objectives rather than spreading resources evenly, recognizing that nation-state actors will specifically target strategic information regardless of general security posture. Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. Apply now at http://www.cymru.com/rise . Listen to more episodes: Apple Spotify YouTube Website…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Directions on Microsoft’s Wes Miller on Harmonizing Microsoft's Security & Identity Tools 24:28

14 weeks 전24:28

나중에 재생

나중에 재생

24:28

What happens when Microsoft's on-premises security falls behind while cloud innovation accelerates? In this episode of The Future of Threat Intelligence, Wes Miller , Research Analyst for Microsoft Identity, Security, and Management at Directions on Microsoft , pulls back the curtain on Microsoft's fragmented security landscape. Having survived the historic Windows security push during his 7 years at Microsoft and spent the last 15 years analyzing their enterprise strategy, Wes delivers an insider's perspective on why vulnerable legacy systems like Exchange Server, Certificate Services, and Federation Services have become prime attack vectors while Microsoft focuses its innovation almost exclusively on cloud services. He also walks David through why organizations are struggling with critical misconceptions about Entra ID, reveals how Microsoft's release notes contain hidden threat intelligence, and shares tactical approaches to influence Microsoft's security roadmap through strategic stakeholder relationships. Topics discussed: The critical security gap between Microsoft's cloud-focused investments and neglected on-premises systems like Exchange, Certificate Services, and Federation Services. How analyzing Microsoft Defender update notes provides a "hidden" threat intelligence feed that reveals emerging attack patterns targeting enterprise environments. The misconception that Active Directory and Entra ID are similar systems, when they require fundamentally different security approaches. Why entitlement management represents the essential intersection between security and identity teams, connecting HR processes directly to access lifecycles. The strategic challenge of harmonizing legacy and cloud identity systems while protecting non-Microsoft workloads in increasingly Microsoft-centric environments. Practical methods for large enterprises to influence Microsoft's security roadmap through targeted stakeholder relationships and coordinated feedback. How certificate servers often operate as "forgotten infrastructure" within organizations, creating prime attack vectors that Microsoft's Defender for Identity is specifically designed to detect. The threat of Microsoft potentially limiting third-party identity provider integration capabilities, and strategies for maintaining ecosystem diversity. Key Takeaways: Monitor Microsoft Defender release notes to identify emerging attack patterns that Microsoft is actively detecting across their customer base, providing valuable threat intelligence without additional cost. Implement entitlement management systems that connect HR processes directly to identity lifecycles, ensuring proper access provisioning and deprovisioning throughout employee transitions. Audit your on-premises certificate servers and federation services which often operate as "forgotten infrastructure" and represent prime attack vectors. Develop a comprehensive strategy for synchronizing Active Directory and Entra ID, recognizing their fundamental architectural differences rather than treating them as interchangeable systems. Establish strategic relationships with Microsoft stakeholders to influence their security roadmap, leveraging coordinated feedback when features don't align with real-world enterprise security needs. Harmonize legacy and cloud identity systems by mapping complete workflows and identifying potential integration gaps between Microsoft's on-premises and cloud-based security tools. Evaluate third-party identity providers for critical non-Microsoft workloads, addressing the potential limitations of Microsoft's tightening control over Entra ID integration capabilities. Prioritize Exchange Server security through rigorous patch management and enhanced monitoring, as Microsoft has effectively "abandoned" on-premises Exchange according to Wes Miller. Integrate security and identity management teams through shared workflow processes, recognizing their interdependence rather than maintaining traditional organizational silos. Document architectural limitations of Microsoft's identity systems, particularly in hybrid environments where cloud and on-premises systems must interoperate securely. Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. Apply now at http://www.cymru.com/rise .…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Wikistrat’s Jeffrey Caruso on New Methods in Cyber-Physical Attacks 25:20

15 weeks 전25:20

나중에 재생

나중에 재생

25:20

In this episode of The Future of Threat Intelligence, Jeffrey Caruso , Senior Analyst at Wikistrat & Author of Inside Cyber Warfare , shares examples of how teams with minimal budgets achieved kinetic effects through OT system manipulation — from destroying missile research facilities to compromising subway systems and burning down FSB-affiliated banks. His findings, based on two years documenting Ukrainian cyber operations, demonstrate how deep supply chain understanding and innovative attack methods are proving more effective than conventional nation-state capabilities. Through methodical vendor system compromise and strategic engineering documentation exfiltration, he tells with David how these teams have developed techniques for creating cascading physical effects without entering Russian territory. Notably, they've demonstrated that successful cyber-physical attacks don't require massive resources; instead, success comes from understanding system interdependencies and supply chain relationships, combined with the ability to interrogate key technical personnel about specific system behaviors. This research challenges traditional security models that emphasize tool stacks over team composition and suggests that adversary categorization (nation-state vs. criminal) may be less relevant than previously thought. Topics discussed: How Ukrainian teams executed cyber-physical attacks by compromising vendor systems to obtain engineering diagrams and documentation, then exploiting OT vulnerabilities to create kinetic effects. Why commercial security tools face limitations in addressing these attack methods due to business model constraints and design approach. Technical examination of supply chain compromise techniques enabling physical infrastructure attacks, with examples of vendor system exploitation. Evidence supporting an "adversary agnostic" approach to defense rather than traditional threat actor categorization. Practical insights on building security teams by prioritizing mission focus and institutional loyalty over technical credentials. Analysis of how OT system trial-and-error testing creates new risks for critical infrastructure protection Key Takeaways: Implement an adversary-agnostic defense strategy rather than focusing on threat actor categorization, as demonstrated by Ukrainian operations showing how even small teams can achieve nation-state-level impacts. Prioritize supply chain security assessments by mapping vendor relationships and identifying potential engineering documentation exposure points that could enable cyber-physical attacks. Establish comprehensive OT system monitoring to detect trial-and-error testing patterns that could indicate attackers attempting to understand system behavior for kinetic effects. Transform security team building by prioritizing veteran hiring and mission focus over technical credentials alone, focusing on demonstrated loyalty and motivation. Design resilient backup systems and fail-safes for critical infrastructure, operating under the assumption that primary defenses will be compromised. Evaluate commercial security tools against their fundamental design limitations and business model constraints rather than feature lists alone. Document all subsystems and interdependencies in OT environments to understand potential cascade effects that could be exploited for physical impact. Build security team loyalty through comprehensive support services, competitive compensation, and burnout prevention rather than relying on high-paid "superstar" hires. Develop verification checkpoints throughout automated security processes rather than assuming tool effectiveness, particularly for critical infrastructure protection. Create architectural resilience by assuming breach scenarios and implementing multiple layers of manual oversight for critical system changes. Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. Apply now at http://www.cymru.com/rise . Listen to more episodes: Apple Spotify…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Rapid7’s Deral Heiland on Why Your Network Segmentation Strategy Overlooks IoT Risk 29:31

15 weeks 전29:31

나중에 재생

나중에 재생

29:31

Deral Heiland ’s research has uncovered critical vulnerabilities across the IoT spectrum, from office printers to medical devices, revealing how seemingly isolated devices can compromise entire networks. In one investigation, he discovered active credentials for five major hospital systems still present on secondhand medical equipment. With extensive experience, including his current role as Principal Security Research (IoT) at Rapid7 , Deral breaks down why IoT security requires examining entire ecosystems rather than individual devices, and shares practical frameworks for testing and securing IoT infrastructure at scale. On this episode of The Future of Threat Intelligence, Deral walks David through how his team's testing methodology examines the full attack surface: embedded device firmware, cloud APIs, management interfaces, and critically — the often-overlooked inter-chip communications. Topics discussed: The development of an IoT testing methodology that maps complete device ecosystems: examining firmware extraction points, analyzing unencrypted inter-chip communications, evaluating cloud API security posture, and testing management interface access controls. A technical analysis of inter-chip communication vulnerabilities, where internal busses like I2C and SPI often transmit authentication credentials and sensitive data without encryption, even in devices with strong external security. An example of lateral movement through a state government network via unsegmented security cameras, demonstrating how default credentials and shared infrastructure bypassed department-level network isolation. A framework for building IoT security testing capabilities, progressing from web/API/mobile security foundations to hardware-specific skills like firmware analysis and bus protocol monitoring. Research findings on medical device disposal practices, identifying active directory credentials, Wi-Fi PSKs, and other sensitive data retained in second-hand equipment across five major hospital systems. Practical strategies for securing unpatchable legacy IoT devices through network segmentation, behavioral baseline monitoring, and access control reconfiguration. Integration of AI tools to accelerate IoT security testing, focusing on firmware analysis automation while maintaining human oversight of test methodology and results validation. Implementation of coordinated vulnerability disclosure programs specifically designed for IoT vendors, including practical mitigation strategies for devices that cannot be immediately patched. Key Takeaways: Map IoT device communication pathways by monitoring all traffic types and documenting API endpoints, cloud services, and management interfaces to understand the complete attack surface. Implement protocol-aware monitoring for inter-chip communications to detect unauthorized data access at the hardware level, even when external interfaces are secured. Deploy VLAN segmentation with explicit access controls for IoT devices, using separate networks for different device types with monitored cross-VLAN communication. Create device behavior baselines using network flow analysis to identify normal communication patterns and detect anomalous activities that could indicate compromise or misuse. Establish IoT asset disposal procedures that include secure erasure verification, credential revocation, and documentation of all removed sensitive data before decommissioning. Implement network access controls for legacy devices based on known-good behavior patterns, restricting communication to required services and monitoring for deviation from baseline. Deploy protocol-specific IDS rules for IoT device traffic, focusing on device-specific anomalies rather than traditional network attack signatures. Develop hardware testing capabilities by starting with API/mobile security testing, then progressively adding firmware analysis and hardware protocol monitoring skills. Create incident response playbooks specifically for IoT devices, including procedures for evidence collection from embedded systems and cloud service logs. Structure vulnerability disclosure processes around providing configuration-based mitigations when patches aren't available, focusing on network isolation and access control recommendations Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. Apply now at http://www.cymru.com/rise .…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
IDC's Frank Dickson on Moving from Reactive to Proactive Security Strategy 31:51

17 weeks 전31:51

나중에 재생

나중에 재생

31:51

What happens when you combine market research expertise with cybersecurity strategy? On this episode of The Future of Threat Intelligence, Frank Dickson , Group VP of Security & Trust at IDC , shares his journey from market research to leading a team of 20 cybersecurity analysts advising organizations on security strategy. Frank walks David through the industry's shift from reactive security to proactive threat management, discussing why traditional metrics need to evolve and how security leaders can better communicate risk to business stakeholders. His unique perspective on the CISO role's evolution, the impact of organizational complexity on security, and the strategic importance of data management reveals why technical expertise alone isn't enough for modern security leadership. Topics discussed: Moving from reactive security to proactive threat management through strategic metrics and improved risk communication approaches. The evolution of the CISO role from technical expert to business leader, including critical communication and customer service skills. Impact of organizational complexity on security effectiveness, particularly in environments with legacy systems and acquisitions. Strategic approaches to managing and leveraging threat intelligence data while avoiding unnecessary complexity and redundancy. Balancing necessary and unnecessary risks when implementing AI and machine learning in security programs. Importance of translating cyber risk into business risk for effective communication with executives and board members. The evolution of security leadership reporting structures in response to changing business technology dynamics. Building strategic security programs that focus on simplification and clear business alignment. The challenges of regulation in driving security adoption while maintaining agility and effectiveness. Developing security metrics that meaningfully communicate value and risk to business stakeholders. Key Takeaways: Implement mean time to detection and mean time to remediation as core metrics to measure security program effectiveness and efficiency. Transform threat data into actionable intelligence by aligning it specifically with your environment's outcomes and requirements. Streamline security infrastructure by consolidating tools and platforms to reduce complexity and improve manageability. Establish direct CISO-to-CEO reporting structures to effectively manage security across line-of-business technology initiatives. Develop customer service capabilities within security leadership to support sales processes and stakeholder relationships. Structure security communications around business risk rather than technical metrics to improve executive understanding and support. Create standardized taxonomies using frameworks like MITRE ATT&CK and OCSF to make security data more homogeneous and actionable. Evaluate AI implementation risks by distinguishing between necessary innovation risks and unnecessary implementation risks. Build security leadership skills progressively through compliance, business acumen, and executive communication capabilities. Maintain comprehensive data inventories to prevent orphaned data and reduce unnecessary security exposure. Join us for a milestone celebration as RISE marks its 15th year of bringing together elite cybersecurity professionals, law enforcement, and enterprise teams. Apply now to be part of RISE USA 2025 April 8 - 9th in San Francisco: https://www.team-cymru.com/rise-usa . Space is limited.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
ISG's Jeff Orr on Moving Beyond Perimeter Defense to Dynamic Security 29:33

18 weeks 전29:33

나중에 재생

나중에 재생

29:33

Jeff Orr , Director of Research & IT Technologies at ISG , brings over three decades of technology experience to his discussion with David about transforming enterprise security approaches. On this episode of The Future of Threat Intelligence, Jeff shares his explanation for why traditional security investments focused primarily on protection are leaving organizations vulnerable, with 98% experiencing significant incidents despite increased spending. The conversation also explores the critical need to shift from perimeter defense to comprehensive security programs that include detection and recovery, while addressing the challenges of limited budgets and resources. Jeff offers practical insights about aligning security with business objectives, leveraging AI effectively, and building valuable industry peer networks to stay ahead of emerging threats. Topics discussed: The evolution from traditional perimeter defense approaches to comprehensive security programs that include detection and recovery capabilities. Research findings that show 98% of organizations experienced significant security incidents despite increased investment in protection. The importance of aligning security goals with business objectives rather than treating security as an isolated technical challenge. Leveraging AI and machine learning as assistive technologies to help address staffing gaps and alert fatigue in security operations. Balancing security investments across protection, detection, and recovery capabilities while operating under constrained budgets. The role of experience and human intuition in security operations, and how AI can complement but not replace seasoned practitioners. Building effective community networks within industries and geographic regions to share threat intelligence and security insights. The importance of breaking down silos between IT and security teams to leverage existing tools and observability capabilities. Developing risk-based approaches to security that align with business risk appetite and operational priorities. Creating effective tabletop exercises that include business stakeholders to better understand and prepare for security incidents. Key Takeaways: Diversify security investments beyond perimeter protection by allocating specific budget percentages to detection and recovery capabilities. Establish clear metrics linking security initiatives to business outcomes through collaboration with department leaders and stakeholders. Implement automated threat intelligence sharing within your industry vertical to leverage collective insights about emerging attack patterns. Deploy AI-powered security tools strategically to address alert fatigue while maintaining human oversight of critical security decisions. Create cross-functional teams between IT and security to leverage existing observability tools and network monitoring capabilities. Develop comprehensive incident response plans that include business continuity strategies beyond just technical recovery procedures. Institute regular brown bag sessions between security and IT teams to share knowledge about emerging threats and technical capabilities. Build regional security partnerships with peer organizations to share attack intelligence and mitigation strategies. Schedule quarterly tabletop exercises that involve business stakeholders in scenario planning for security incidents.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Meta's Oded Anderman on Preventing Unauthorized Data Collection 20:42

19 weeks 전20:42

나중에 재생

나중에 재생

20:42

Where is the balance between data accessibility and protection in today's interconnected digital landscape? Oded Anderman , Privacy Lead at Meta , has plenty of insights on this question and more from his journey from financial services to protecting user data at one of the world's largest social platforms. His conversation with David on this episode of The Future of Threat Intelligence explores how the proliferation of connected devices, advancement in AI, and evolving regulatory frameworks are reshaping our approach to data privacy. Oded also touches on why unauthorized data scraping poses risks for organizations of all sizes, not just social media giants, and offers practical strategies for implementing effective privacy protection measures while maintaining essential business functions. Topics discussed: The evolution of data scraping threats, from simple email harvesting to sophisticated automated collection affecting organizations of all sizes. The impacts of technological advancements, including AI and machine learning, on both data collection capabilities and protective measures. How regulatory frameworks like GDPR and CCPA shape organizational approaches to data protection and privacy. Strategies for distinguishing between legitimate data collection and unauthorized scraping while maintaining business accessibility. Comprehensive anti-scraping programs that incorporate prevention, detection, and enforcement capabilities. Importance of industry collaboration through organizations like the Mitigating Unauthorized Scraping Alliance. Challenges of balancing privacy protection with legitimate research needs through controlled data access programs. The growing need for consumer education and digital literacy in protecting personal information online. Evolution of privacy policies and communication strategies to make data practices more transparent and accessible. Key Takeaways: Implement a comprehensive anti-scraping strategy that addresses prevention, detection, and enforcement rather than focusing on single-point solutions. Recognize that unauthorized data scraping affects organizations of all sizes, not just large social media platforms. Develop clear protocols for distinguishing between legitimate data collection and unauthorized scraping activities. Stay informed about evolving regulatory frameworks and adjust data protection strategies accordingly. Invest in consumer education and transparent communication about data practices and privacy policies. Participate in industry collaborations and information sharing to stay ahead of emerging threats. Balance security measures with business accessibility to maintain user value while protecting data. Consider both technical and regulatory aspects when developing data protection strategies. Maintain awareness of emerging technologies that could impact both threat scenarios and protective measures. Prepare for future developments in the data protection landscape, including potential governed data exchange platforms.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Maltego's Ben April on Using Commander's Intent for Remote Team Success 18:39

20 weeks 전18:39

나중에 재생

나중에 재생

18:39

When Ben April started managing remote teams in 2005, the concept was nearly unheard of. Now, as CTO of Maltego , he brings nearly two decades of distributed team leadership experience, which he shares with David in this episode of The Future of Threat Intelligence. From implementing Commander's Intent for clear direction to ensuring mental health support during the pandemic, Ben brings practical wisdom about building strong remote cultures that transcend time zones and technology challenges. His unique perspective on hybrid versus fully remote environments reveals why seemingly simple choices about communication tools and meeting structures can make or break team cohesion. Drawing from experiences that span from the early days of remote work through the global pandemic and beyond, Ben has invaluable insights about preventing burnout, maintaining work-life boundaries, and fostering genuine connection in distributed teams. Topics discussed: Establishing effective communication protocols across multiple time zones while preventing isolation and maintaining team cohesion. Managing the unique challenges of hybrid work environments versus fully remote teams, including the risk of excluding remote team members. Developing strategies for monitoring and supporting remote employees' mental health. Building strong remote team cultures through regular video connections, virtual social activities, and periodic in-person gatherings. Adapting leadership methodologies to effectively manage distributed teams while maintaining clear lines of communication. Identifying key characteristics and qualities when hiring for remote positions, including self-motivation and adaptability. Leveraging follow-the-sun operations for enhanced productivity and continuous coverage across global time zones. Balancing the benefits of remote work flexibility with the need for face-to-face collaboration and team building. Creating dedicated workspaces and establishing clear work-life boundaries to prevent burnout in remote work settings. Implementing Commander's Intent leadership strategy to empower remote teams in making autonomous decisions aligned with organizational goals. Key Takeaways: Prioritize video communication to maintain human connection and monitor team wellbeing in remote environments. Focus on building inclusive communication practices that prevent hybrid environments from creating two-tier team structures. Schedule regular face-to-face meetings to strengthen team bonds and align on strategic objectives. Create opportunities for non-work social interaction to maintain team cohesion across remote environments. Look for self-motivated candidates with strong communication skills when hiring for remote positions. Leverage global time zones strategically for enhanced operational coverage and team handoffs. Establish dedicated workspaces and clear boundaries between work and personal life to prevent remote work burnout. Implement Commander's Intent to provide clear direction while allowing remote teams autonomy in decision-making.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
The Cyber Hut's Simon Moffatt on Transforming Identity Security from Static to Dynamic Defense 25:22

21 weeks 전25:22

나중에 재생

나중에 재생

25:22

David steps into the new world of identity security with Simon Moffatt , Founder & Research Analyst at The Cyber Hut , on the latest episode of The Future of Threat Intelligence. With over two decades of experience, Simon illuminates the dramatic transformation from static directory management to dynamic, threat-informed security architecture. He walks through the challenges of modern identity security, exploring how cloud computing, remote work, and the rise of non-human identities are reshaping our approach to access management. Simon shares invaluable insights on building adaptive security systems that can respond in real time to emerging threats while balancing usability and privacy concerns. From passwordless authentication to AI-driven security controls, discover how organizations can move beyond traditional static defenses to create more resilient security architectures for an increasingly complex digital landscape. Topics discussed: The evolution of identity security from static directory management to dynamic, adaptive systems responding to real-time threat intelligence and behavioral analysis. Misconceptions about identity threat intelligence and the importance of moving from static protections to dynamic, responsive security controls. The intersection of zero trust architecture with identity security principles and how both concepts transcend individual product implementations. Emerging trends in non-human identity management, including API security, workload identity, and infrastructure automation authentication challenges. Implementation of adaptive access controls that can make fine-grained security decisions based on real-time context and behavioral analysis. Balancing privacy considerations with the need for comprehensive security monitoring and threat intelligence sharing across organizations. The rise of passwordless authentication and its impact on both security posture and user experience in modern digital environments. Strategies for understanding and mapping your complete identity landscape, including human and non-human identities across cloud and on-premises systems. The importance of runtime behavior monitoring and real-time intervention capabilities in modern identity security architectures. Practical approaches to implementing threat-informed defense strategies while maintaining operational efficiency and user productivity. Key Takeaways: Map your complete identity landscape across cloud and on-prem environments to establish a comprehensive visibility baseline for both human and non-human identities. Implement adaptive authentication controls that can dynamically adjust access permissions based on real-time context and behavioral analysis. Deploy passwordless authentication solutions to enhance both security posture and user experience while eliminating password-related vulnerabilities. Establish robust authentication mechanisms for non-human identities, including API credentials, service accounts, and infrastructure automation tools. Design fine-grained access controls that can respond to contextual changes by adjusting permissions in real-time rather than simply terminating sessions. Integrate threat intelligence feeds with identity security controls to enable dynamic, threat-informed defensive responses. Develop privacy-preserving methods for sharing threat intelligence across organizations while maintaining competitive boundaries and regulatory compliance. Build resilient identity architectures that assume breach scenarios and focus on rapid detection and response capabilities. Monitor runtime behaviors of both human and non-human identities to establish baseline patterns and detect anomalous activities. Create surgical, precise security controls informed by sector-specific threats and actual attack patterns targeting your industry.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Zoom's Lee Ramsey on Transforming Customer Service Skills into Cybersecurity Success 15:08

22 weeks 전15:08

나중에 재생

나중에 재생

15:08

David ’s latest guest on The Future of Threat Intelligence points out the unexpected ways his customer service background enhances his cybersecurity work. From mastering the art of asking the right questions to navigating remote SOC operations, Lee Ramsey , Senior Security Analyst at Zoom shares practical insights on digital forensics, incident response, and the future of AI in security. Drawing from his experience in customer service and his journey to his current role at Zoom, Lee offers valuable perspectives on building successful security teams, implementing effective incident response plans, and maintaining critical thinking in an AI-driven world. Topics discussed: The intersection of customer service skills and cybersecurity investigations, focusing on effective communication and problem-solving techniques. Common pitfalls in incident response planning and the importance of having documented procedures before crises occur. The impact of AI on digital forensics and incident response, including potential risks and benefits. Challenges and strategies for managing remote SOC operations in the post-pandemic era. Key Takeaways: Implement a documented incident response plan before you need it to avoid legal and operational complications. Borrow from customer service skills to improve security investigations through better question-asking techniques. Approach AI tools with healthy skepticism and always validate their outputs manually. Build remote SOC capabilities with proper tools and processes for remote data acquisition. Maintain team cohesion in remote environments through proactive engagement and trust-building. Document all security practice experience, including CTF participation, to demonstrate practical skills. Attend local security conferences and volunteer to build professional networks. Pursue relevant certifications for both credentials and learning opportunities. Balance tool automation with critical thinking to avoid over-reliance on technology.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Google’s James Brodsky on Securing AI and Building Security Ecosystems 26:45

23 weeks 전26:45

나중에 재생

나중에 재생

26:45

In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky , Head of Global Security Architects at Google , who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era. James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security. Topics discussed: The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks. How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies. Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise. How fundamental security practices remain crucial for AI applications, focusing on data access control and protection. How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity. The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges. Key Takeaways: Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures. Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices. Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training. Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration. Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance. Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development. Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets. Use tools like NotebookLM to stay current with security research and white papers while managing information overload. Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection. Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Veeva Systems’ Justin Jettòn on Balancing Human Analysis and Automation in Threat Intel 31:56

24 weeks 전31:56

나중에 재생

나중에 재생

31:56

In our latest episode of the Future of Threat Intelligence podcast, David welcomes Justin Jettòn , Senior Threat Intelligence Engineer at Veeva Systems who brings his military intelligence background to discuss the evolving landscape of cybersecurity. Drawing from his experience transitioning from forensics to threat intelligence, Justin explores how AI is transforming both offensive and defensive capabilities in cybersecurity. They discuss the potential of AI in early threat detection, the critical need for breaking down organizational silos to improve collective defense, and finding the right balance between automation and human analysis. Justin also emphasizes that while technology advances, the human element remains crucial for effective threat intelligence analysis. Topics discussed: Artificial intelligence is reducing the timeline between threat identification and new attack development, lowering barriers for adversaries. Using AI models for "indications and warning" could help identify threat patterns earlier, enabling proactive defense strategies. Breaking down organizational silos and creating security collectives is crucial for effective threat intelligence in modern cybersecurity. Despite technological advances, human analysts remain essential for contextual understanding and strategic threat assessment. Adding multiple security tools can extend detection time; organizations need better strategies for tool integration and automation. Clear distinction between engineering and analyst roles, with engineers handling technology while analysts focus on assessment and dissemination. Future security teams need balanced automation with human oversight, following the military's OODA (Observe, Orient, Decide, Act) loop. Key Takeaways: Implement human verification checkpoints within automated security processes to maintain the "trust but verify" approach in threat intelligence workflows. Evaluate your organization's security tool stack to prevent tool fatigue — focus on understanding each tool's workflow before adding new ones. Develop comprehensive understanding of automation processes, from data collection points to decision thresholds, before deploying new security automation. Establish cross-organizational information sharing frameworks to enhance collective threat detection capabilities through shared AI models. Differentiate clearly between threat intelligence engineering and analyst roles to optimize team structure and workflow efficiency. Incorporate the OODA loop (Observe, Orient, Decide, Act) methodology into your threat intelligence processes, ensuring human oversight at critical points. Broaden your threat intelligence perspective by studying geopolitical events and connecting them to potential cybersecurity implications. Create sampling protocols to regularly verify that automated security systems are functioning as intended and catching relevant threats. Build collaborative relationships with ISPs, tech companies, and security vendors to expand threat detection capabilities beyond organizational boundaries. Document automation workflows thoroughly to ensure security teams understand where decision points occur and how data flows through the system.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
VOTH 2024 Roundtable: Building Visibility in Cybersecurity 44:06

25 weeks 전44:06

나중에 재생

나중에 재생

44:06

In our special episode of the Future of Threat Intelligence podcast, David welcomes Ryan Chapman , Threat Hunter & Author and Instructor at SANS Institute and Matthew Winters , Lead Threat Hunter at T. Rowe Price , to break down Team Cymru's second annual Voice of a Threat Hunter report. Our two experts discuss the statistic that nearly 50% of organizations experienced a major security breach last year, emphasizing the critical role of threat hunting in enhancing incident response. Ryan and Matt also touch on the importance of proactive detection in cybersecurity, the necessity of curiosity as a fundamental skill for threat hunters, and the challenges organizations face regarding visibility and tool availability. Topics discussed: Nearly 50% of organizations reported experiencing a major security breach in the past year, highlighting the urgency for improved security measures. 72% of breached organizations believe that threat hunting significantly enhanced their ability to respond to incidents effectively. Proactive detection is becoming essential as organizations recognize the need to stay ahead of evolving cyber threats and attacks. Curiosity is a key skill for threat hunters, enabling them to uncover hidden vulnerabilities and enhance overall security posture. Many organizations struggle with visibility into their networks, which hampers effective threat hunting and incident response efforts. The importance of leveraging existing tools and resources is emphasized to maximize threat hunting capabilities without requiring significant new investments. Collaboration across security teams can enhance threat hunting efforts, leading to better detection, response, and overall cybersecurity resilience. Key Takeaways: Assess your organization's current security posture to identify potential vulnerabilities and areas needing improvement in threat detection and response. Implement proactive threat hunting practices to stay ahead of evolving cyber threats and enhance incident response capabilities. Foster a culture of curiosity within your security team to encourage exploration and investigation of anomalies in your network. Leverage existing tools and resources effectively to maximize your threat hunting efforts without incurring significant additional costs. Collaborate across different security teams to share insights and improve the overall effectiveness of threat detection and incident response. Invest in training programs focused on threat hunting skills to empower your team with the knowledge needed to identify threats. Document all threat hunting activities and findings to create a knowledge base that can inform future security strategies and decisions. Establish clear KPIs to measure the effectiveness of your threat hunting initiatives and overall security posture. Engage with external cybersecurity communities to share experiences, learn best practices, and stay updated on the latest threat intelligence. Review and update your security tools regularly to ensure they are equipped to handle the latest threats and vulnerabilities.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
GigaOm’s Howard Holton on Cyber Threats Facing Small Businesses 21:58

26 weeks 전21:58

나중에 재생

나중에 재생

21:58

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Howard Holton , CTO of GigaOm . Howard shares his insights on the increasing vulnerability of small and medium-sized businesses to cyber threats because adversaries are targeting them due to their limited resources and maturity in cybersecurity practices. Howard emphasizes the importance of understanding the business-like nature of cybercriminals and their strategies. He also explores the role of AI and large language models in enhancing threat intelligence, highlighting how these tools can help organizations prioritize their security efforts effectively. Topics discussed: The increasing trend of cybercriminals targeting small and medium-sized businesses due to their lack of resources and cybersecurity maturity. Understanding how adversaries operate like businesses, seeking maximum profit by exploiting vulnerabilities in less fortified organizations. Actionable cybersecurity measures that organizations can implement immediately to reduce risks and enhance their defenses. The role of AI and large language models in improving threat intelligence and making security tools more intuitive for users. The challenges of transitioning from a technical role to an executive position and the skills needed for effective leadership in cybersecurity. The significance of communication and awareness within organizations to ensure that executive teams understand cybersecurity risks and resource needs. Strategies for mitigating the impact of cyber attacks, focusing on prioritizing efforts based on potential threats and vulnerabilities. The evolving landscape of cyber threats and how organizations can stay informed and adapt to new challenges in real-time. The necessity of governance in implementing AI and LLMs to ensure that sensitive information is handled appropriately within organizations. The ongoing need for continuous improvement in cybersecurity practices, as threats are constantly evolving and new vulnerabilities emerge. Key Takeaways: Assess your organization's cybersecurity maturity to identify vulnerabilities and prioritize areas for improvement, especially if you are a small or medium-sized business. Implement immediate cybersecurity measures to reduce the likelihood of a compromise, focusing on actionable steps that can be completed within hours or days. Leverage AI and large language models to enhance threat intelligence, making it easier to analyze data and respond to potential threats effectively. Communicate regularly with your executive team about cybersecurity risks and resource needs to ensure they are informed and can provide necessary support. Establish a governance framework for AI and LLMs to manage sensitive information and ensure compliance with organizational policies. Educate your team on the business-like nature of cybercriminals, helping them understand how attackers target organizations based on perceived weaknesses. Prioritize cybersecurity training for employees to foster a culture of awareness and preparedness against potential cyber threats. Monitor emerging cyber threats continuously to stay informed about new tactics and vulnerabilities that could impact your organization. Document all cybersecurity policies and procedures clearly, ensuring that employees understand their roles and responsibilities in maintaining security. Review and update your incident response plan regularly to reflect changes in the threat landscape and ensure your organization is prepared for potential attacks.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
CDW’s Ryan Link on Building a Culture of Continuous Learning 21:34

28 weeks 전21:34

나중에 재생

나중에 재생

21:34

In our latest episode of the Future of Threat Intelligence podcast, David sits down with Ryan Link , Principal of Threat Detection and Response at CDW . Ryan shares his decade-long journey in cybersecurity, emphasizing the importance of thinking like an attacker to enhance threat detection capabilities. He discusses the critical role of continuous training for security teams and the integration of AI in reducing detection fatigue. Additionally, Ryan highlights the necessity of cloud training to future-proof cybersecurity teams in an increasingly digital landscape. Tune in for valuable insights on building a resilient and adaptive security strategy! Topics discussed: The importance of thinking like an attacker to identify potential risks and improve overall security posture. The critical role of continuous training for cybersecurity professionals to keep skills sharp and stay updated on threats. The integration of AI in threat detection, focusing on reducing noise and enhancing efficiency in security operations. The need for collaboration between blue and red teams to improve detection capabilities and incident response processes. The value of cloud training as essential for future-proofing cybersecurity teams in an increasingly cloud-centric digital environment. Why organizations should assess their maturity level before leveraging threat intelligence, ensuring it aligns with their capabilities and resources. Key Takeaways: Assess your cybersecurity maturity level to determine the appropriate use of threat intelligence and avoid overspending on unnecessary tools. Implement continuous training programs for your security team to keep skills sharp and ensure they stay updated on evolving threats. Encourage team members to think like attackers to better identify vulnerabilities and enhance your organization’s overall security posture. Integrate AI technologies into your threat detection processes to reduce noise and improve the efficiency of security operations. Foster collaboration between blue and red teams to enhance detection capabilities and ensure effective incident response strategies. Prioritize cloud training for your team to understand the complexities of cloud environments and secure data effectively. Develop custom detection capabilities by leveraging threat intelligence to create tailored responses to specific threats your organization may face. Document processes and procedures regularly to maintain clarity and support onboarding of new team members effectively. Utilize automated testing environments to streamline the threat detection lifecycle and improve the accuracy of your security tools. Take regular breaks to prevent burnout among your security team, ensuring they remain mentally sharp and effective in their roles.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Cybersecurity Analyst & Author Deb Radcliff on the Intersection of Fiction and Cybersecurity 26:29

29 weeks 전26:29

나중에 재생

나중에 재생

26:29

In our latest episode of the Future of Threat Intelligence, David speaks with Deb Radcliff , Cybersecurity Analyst, Journalist, & Author of the Breaking Backbones hacker trilogy, who shares her unique journey from investigative journalism to writing her books. She discusses the importance of understanding hacker culture and the human side of cybercrime, emphasizing that many hackers are driven by curiosity rather than malice. Deb also explores the ethical implications of artificial intelligence and the challenges of maintaining privacy in an increasingly tech-driven world. With insights drawn from her experiences and fiction, Deb offers a thought-provoking perspective on the future of cybersecurity and the role of storytelling in shaping our understanding of it. Topics discussed: How the Breaking Backbones trilogy humanizes hackers, portraying them as complex individuals rather than mere criminals in a tech landscape. Deb emphasizes the importance of understanding social engineering and its role in both hacking and cybersecurity defenses. The ethical implications of artificial intelligence are discussed, highlighting potential risks and responsibilities in its development and use. Privacy and autonomy are critical themes, with Deb advocating for individual rights in an increasingly monitored and tech-driven society. Deb reflects on her early experiences with hackers, illustrating the wild west nature of the cybersecurity landscape in the 1990s. The conversation emphasizes the need for collaboration between tech experts and creatives to address cybersecurity challenges effectively. Key Takeaways: Explore the hacker culture to gain insights into motivations and behaviors that can inform better cybersecurity practices. Advocate for ethical AI development by engaging in discussions about its implications on privacy and security in society. Educate yourself and others about social engineering tactics to enhance awareness and improve defenses against cyber threats. Promote privacy rights by supporting initiatives that protect individual autonomy in an increasingly digital and monitored world. Collaborate with creatives and tech experts to develop innovative solutions that address the challenges of cybersecurity. Participate in cybersecurity training programs to improve your understanding of current threats and effective response strategies. Engage in conversations about the ethical use of technology to foster a culture of responsibility among developers and users. Utilize storytelling techniques to communicate complex cybersecurity concepts, making them more relatable and understandable for broader audiences. Stay informed about emerging technologies and their potential impacts on security to proactively adapt your strategies and practices.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Threat Hunter Ryan Chapman on Critical Security Mistakes Against Ransomware 25:45

30 weeks 전25:45

나중에 재생

나중에 재생

25:45

In our latest episode of the Future of Threat Intelligence podcast, David chats with Ryan Chapman , Threat Hunter, Author & Instructor at SANS Institute . They explore the alarming evolution of ransomware tactics, including the rise of multi-extortion strategies where attackers not only encrypt data but also threaten to leak sensitive information. Ryan emphasizes the critical mistakes organizations make, such as failing to implement basic security practices and allowing administrative privileges for general users. He also discusses the importance of leveraging internal data for effective threat hunting. Tune in to gain insights on strengthening your organization's defenses against ransomware attacks! Topics discussed: The evolution of ransomware tactics, highlighting the shift from simple encryption to sophisticated human-operated attacks. The rise of multi-extortion strategies, where attackers threaten to leak sensitive data in addition to encrypting it. Why organizations often fail to implement basic security practices, leading to increased vulnerability to ransomware attacks. The importance of restricting administrative privileges for general users is emphasized to enhance overall security posture. The value of better visibility through proper logging and monitoring to detect and respond to threats effectively. Leveraging internal data as intelligence is crucial for effective threat hunting and identifying potential vulnerabilities within the organization. The significance of ongoing education and training in cybersecurity to keep defenses robust against evolving threats. Key Takeaways: Implement basic security practices, such as restricting administrative privileges for general users, to reduce the risk of ransomware attacks. Conduct regular audits of Active Directory permissions to ensure proper access controls and minimize potential vulnerabilities. Utilize full tunnel VPNs for remote users to secure all traffic and enhance protection against external threats. Enable comprehensive logging on hosts, including PowerShell and Active Directory events, to improve visibility and incident response capabilities. Leverage internal data as intelligence by analyzing alerts and indicators of compromise (IOCs) to identify potential threats. Educate employees on recognizing phishing attempts and other social engineering tactics to prevent initial access for attackers. Collaborate with threat hunting teams to share insights and findings, fostering a proactive approach to cybersecurity. Monitor for unusual service names or processes that appear on fewer devices to identify potential threats in your environment. Document all findings during threat hunting sessions, regardless of whether a threat is identified, to build organizational knowledge. Stay updated on the latest ransomware tactics and trends to adapt your security strategies and defenses accordingly.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
T. Rowe Price’s Matthew Winters on Threat Hunting as the Scientific Method 19:56

31 weeks 전19:56

나중에 재생

나중에 재생

19:56

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters , Lead Threat Hunter at T. Rowe Price . Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way. He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture! Topics discussed: Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts. The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies. Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements. A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility. The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries. Key Takeaways: Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel. Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations. Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization. Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems. Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats. Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline. Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries. Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges. Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts. Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Marsh’s Gregory Van den Top on Understanding Cyber Risk in Business Strategy 18:41

33 weeks 전18:41

나중에 재생

나중에 재생

18:41

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Gregory Van den Top , AI Practice Leader for Europe at Marsh . They explore the critical importance of understanding cyber risk as an integral part of business strategy, rather than a technical afterthought. Gregory emphasizes the need for organizations to conduct thorough risk assessments and quantify potential impacts, particularly in light of the growing threat of ransomware. He also highlights the significance of fostering a strong link between cybersecurity and executive leadership to enhance organizational resilience. Tune in for actionable insights to strengthen your cyber risk management approach! Topics discussed: Why cyber risk should be integrated into overall business strategy, not treated as a separate technical issue. How conducting thorough risk assessments helps organizations understand their current cyber risk landscape and potential vulnerabilities. How quantifying cyber risk is essential for informed decision-making and aligning with organizational goals, particularly for financial stakeholders. Why ransomware poses a significant threat, requiring organizations to prioritize awareness, preparedness, and proactive incident response measures. How building resilience in cybersecurity involves not just response plans but also protective measures to prevent incidents from occurring. How establishing clear roles and responsibilities, including board-level oversight, enhances the management of cyber risk across the organization. Why cybersecurity education for non-technical stakeholders is crucial for fostering a comprehensive understanding of risks and promoting informed discussions. Key Takeaways: Integrate cyber risk assessments into your overall business strategy to ensure a holistic approach to risk management. Quantify cyber risks to provide tangible insights for decision-makers, particularly for CFOs and other financial stakeholders. Prioritize awareness and preparedness for ransomware threats by implementing proactive incident response plans and training programs. Establish clear roles and responsibilities for cybersecurity within your organization, including board-level oversight for better risk management. Foster a culture of cybersecurity education among all employees to enhance understanding and promote informed discussions about risks. Develop a robust incident response plan that includes forensics, legal advice, and communication strategies to mitigate the impact of breaches. Engage in regular tabletop exercises using AI tools to simulate cyber incidents and improve your organization’s resilience and response capabilities. Collaborate with cybersecurity experts to stay updated on emerging threats and best practices for managing cyber risk. Review and update your cybersecurity policies and practices regularly to adapt to the evolving threat landscape and organizational changes.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Splunk’s David Bianco on Differentiating Threat Hunting and Red Teaming 25:42

34 weeks 전25:42

나중에 재생

나중에 재생

25:42

In our latest episode of the Future of Threat Intelligence podcast, David Bianco , Staff Security Strategist at Splunk , shares his insights on the evolving landscape of threat hunting. He introduces the PEAK threat hunting framework, emphasizing its role in enhancing security measures. David also discusses the critical differences between threat hunting and red teaming, highlighting how both approaches can complement each other. He also divesinto the essential skills needed for building an effective threat hunting team and offers actionable advice on measuring the success of threat hunting programs. Topics discussed: The PEAK threat hunting framework, designed to enhance proactive cybersecurity measures and improve threat detection capabilities. The distinction between threat hunting and red teaming and their complementary roles in strengthening security defenses. Hypothesis-based threat hunting and the importance of formulating and testing hypotheses to identify potential threats. Baseline threat hunting as a method to understand normal activity, aiding in the detection of anomalies. Key skills for an effective threat hunting team, including knowledge of threat actors, technology stacks, and data analytics expertise. How metrics for measuring threat hunting success are essential for demonstrating impact and driving continuous improvement in security programs. Key Takeaways: Adopt the PEAK threat hunting framework to structure your threat hunting initiatives and enhance your cybersecurity posture effectively. Differentiate between threat hunting and red teaming to understand their unique roles and how they can complement each other in security. Formulate clear hypotheses for threat hunting activities to guide your investigations and improve the chances of identifying real threats. Conduct baseline threat hunting to establish normal activity patterns, making it easier to detect anomalies and suspicious behavior. Build a diverse threat hunting team by incorporating members with expertise in threat intelligence, data analytics, and incident response. Implement actionable metrics to measure the success of your threat hunting program and demonstrate its impact on overall security. Start small with your threat hunting efforts, focusing on manageable projects that can scale as you gain experience and success. Encourage collaboration between threat hunters and other security teams to share knowledge and improve overall detection capabilities. Continuously educate your team on the evolving threat landscape to stay ahead of potential risks and enhance threat hunting effectiveness. Utilize existing data analytics tools to analyze collected data during threat hunting, enabling informed conclusions about threat actor activities.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
S&P Global’s Eric Hanselman on Integrating Threat Intelligence into Business Strategy 20:05

35 weeks 전20:05

나중에 재생

나중에 재생

20:05

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Eric Hanselman , Chief Analyst at S&P Global , about the critical role of threat intelligence in today’s cybersecurity landscape. Eric emphasizes the need for organizations to integrate threat intelligence operationally, moving beyond mere threat feeds to develop comprehensive threat models. He discusses the importance of maintaining operational hygiene, building a peer ecosystem for information sharing, and aligning security strategies with overall business objectives. Eric also offers valuable insights on navigating the complexities of cybersecurity and the future of threat intelligence. Topics discussed: Insights on the evolving role of threat intelligence in modern cybersecurity strategies and operations. How organizations must integrate threat intelligence operationally to effectively manage risks and inform day-to-day security decisions. Why simply having a threat feed is insufficient; understanding and updating threat models is crucial for effective risk management. How operational hygiene, including good backups and data protection, is essential for defending against ransomware and other cyber threats. The value of building a community for information sharing enhances collaboration and provides valuable reality checks among cybersecurity professionals. Aligning security strategies with business objectives ensures that security measures support overall organizational goals and operations. Looking ahead and maintaining a forward-thinking perspective is vital for anticipating future cybersecurity challenges and opportunities. Key Takeaways: Integrate threat intelligence into daily operations to enhance your organization’s ability to respond to emerging cybersecurity threats. Develop comprehensive threat models that are regularly updated to reflect the evolving risk landscape and inform strategic decisions. Prioritize operational hygiene by ensuring robust data protection measures and effective backup systems to mitigate ransomware risks. Build a network of cybersecurity peers for information sharing to gain insights and reality checks on current security practices. Align your security strategies with business objectives to ensure that cybersecurity efforts support overall organizational goals and operations. Stay informed about emerging technologies, such as GenAI, and assess their potential impact on your security posture. Engage in end-user research to understand the pain points of security teams and develop solutions that address their challenges. Look beyond immediate threats and focus on long-term strategic planning to anticipate future cybersecurity challenges. Foster a culture of collaboration within your organization to enhance communication between security teams and other business units. Regularly evaluate and refine your security practices to ensure they remain effective in the face of evolving threats and technologies.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Church & Dwight’s David Ortiz on Building Effective Cyber Risk Management Strategies 15:14

35 weeks 전15:14

나중에 재생

나중에 재생

15:14

In our latest episode of the Future of Threat Intelligence podcast, host David Monnier welcomes David Ortiz , Global CISO at Church & Dwight . David shares insights from his extensive career in information technology and cybersecurity, emphasizing the importance of understanding the evolving threat landscape. David touches on the critical role of threat intelligence in decision-making, the challenges posed by sophisticated phishing techniques and deepfakes, and the necessity of integrating cybersecurity into business strategy. He also highlights the significance of collaboration across various teams and the responsible use of AI in enhancing security measures for organizations. Topics discussed: The importance of understanding the evolving threat landscape for effective cybersecurity management in organizations. How threat intelligence plays a crucial role in identifying and mitigating risks, helping CISOs make informed decisions. How advanced email gateways and spam filters need to evolve to combat increasingly sophisticated phishing attacks and deepfake technologies. Why integrating cybersecurity into overall business strategy is essential for achieving security by design and enhancing data privacy measures. The value of collaboration with diverse partners, including legal teams and law enforcement, strengthens cybersecurity resilience and response capabilities. The importance of comprehensive cybersecurity awareness training to empower employees in recognizing and responding to potential threats. The responsible use of AI tools is vital for enhancing security measures while maintaining data privacy and compliance standards. Key Takeaways: Assess your organization's attack surface to identify vulnerabilities and prioritize protecting critical assets effectively. Implement a robust threat intelligence program to enhance decision-making and stay informed about emerging cybersecurity threats. Upgrade email gateways and spam filters to counteract sophisticated phishing attacks and improve overall email security. Integrate cybersecurity practices into your business strategy to ensure security by design and enhance data privacy initiatives. Collaborate with various stakeholders, including legal teams and law enforcement, to strengthen your cybersecurity posture and incident response. Conduct regular cybersecurity awareness training for employees to empower them in recognizing and responding to potential threats. Monitor the responsible use of AI tools within your organization to balance innovation with data privacy and security compliance. Engage with third-party vendors to assess their security practices and manage supply chain risks effectively. Foster a culture of accountability and ownership among team members to ensure everyone understands their role in reducing cyber risk. Seek mentorship from experienced professionals in both cybersecurity and business to develop a well-rounded skill set for leadership roles.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Rackspace Technology’s Kristof Riecke on Navigating Cloud Security Challenges 19:43

36 weeks 전19:43

나중에 재생

나중에 재생

19:43

In our latest episode of the Future of Threat Intelligence podcast, Kristof Riecke , Field CISO at Rackspace Technology , shares his journey in cybersecurity and highlights the evolution of the industry over the past decade. He discusses the importance of effective communication in security strategies, the need for a holistic approach to threat intelligence, and the unique challenges organizations face in cloud security. Kristof also emphasizes that understanding the specific needs of each organization is crucial for developing effective security measures and achieving overall security maturity. Topics discussed: How the evolution of cybersecurity is marked by increasing complexity in attacks and a growing need for professionalization within the industry. Why effective communication is essential for CISOs to convey security strategies and engage with stakeholders at all organizational levels. How a holistic approach to threat intelligence is crucial, considering diverse sources and types of information relevant to an organization’s security needs. Why organizations must continuously address security measures, as moving to the cloud does not eliminate the need for ongoing vigilance. How understanding specific organizational needs is vital for developing tailored security measures and achieving overall security maturity. The importance of transparency regarding vulnerabilities and incidents to enhance detection and response capabilities within organizations. Key Takeaways: Assess your organization's current cybersecurity posture to identify vulnerabilities and areas for improvement in threat detection and response. Implement multi-factor authentication across all systems to enhance security and protect against unauthorized access. Educate employees on security awareness to foster a culture of vigilance and reduce the risk of human error in cybersecurity. Communicate security strategies clearly to all stakeholders, ensuring that everyone understands their role in maintaining a secure environment. Develop a holistic threat intelligence program that incorporates diverse information sources to better understand potential threats. Regularly review and update security measures to adapt to the evolving cybersecurity landscape and emerging threats. Collaborate with cross-functional teams to ensure that security practices are integrated into all aspects of the organization. Document security incidents and responses to create a knowledge base that can improve future incident management and response efforts. Utilize cloud security best practices to protect sensitive data and maintain compliance with regulatory requirements. Establish a continuous monitoring process to stay informed about the security landscape and proactively address potential threats.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Venable LLP’s David Patariu on Building Trust Through Effective Privacy Policies 31:16

37 weeks 전31:16

나중에 재생

나중에 재생

31:16

In our latest episode of the Future of Threat Intelligence podcast, we welcome David Patariu , an Attorney focusing on Privacy, Artificial Intelligence, and Cybersecurity at Venable LLP . David shares his unique journey from engineering to law, highlighting the critical intersection of technology and legal frameworks. David sheds light on the challenges posed by unauthorized data scraping, and what The Mitigating Unauthorized Scraping Alliance (MUSA) is doing to raise awareness and help prevent the practice, including MUSA’s Industry Practices to Mitigate Unauthorized Scraping . He also discusses the importance of robust privacy policies in building user trust, and the need for collaboration between industry and regulators to address emerging privacy concerns. Topics discussed: How unauthorized data scraping poses significant risks to businesses, requiring proactive measures to protect intellectual property and user data. Why effective privacy policies are essential for building trust with users and ensuring compliance with evolving regulatory requirements. How collaboration between industry stakeholders and regulators is crucial to combat unauthorized data scraping and promote best practices. The role of legal advisors is evolving, necessitating a strong understanding of technology to provide relevant guidance. Why data protection strategies must consider the implications of artificial intelligence and machine learning on privacy and cybersecurity. How public awareness and education about data scraping and privacy issues are vital for empowering users to safeguard their information. Key Takeaways: Develop comprehensive privacy policies that clearly outline data usage practices to enhance user trust and comply with legal requirements. Engage in ongoing education about privacy laws and cybersecurity trends to stay informed and adapt to regulatory changes effectively. Collaborate with legal advisors who have a strong technology background to ensure that legal frameworks align with business objectives. Implement best practices for data protection by participating in industry groups focused on combating unauthorized data scraping. Conduct regular audits of your data handling practices to ensure compliance with privacy regulations and identify areas for improvement. Monitor emerging technologies and their implications for privacy to proactively address potential legal challenges in your organization. Participate in webinars and conferences to gain insights into the latest developments in privacy, cybersecurity, and artificial intelligence. Advocate for industry collaboration to establish standards and guidelines that address unauthorized data scraping and enhance user protection.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
CyberBellum’s Jim Tiller on Mastering the Role of a Fractional CISO 31:04

38 weeks 전31:04

나중에 재생

나중에 재생

31:04

In our latest episode of The Future of Threat Intelligence podcast, Jim Tiller , CISO at CyberBellum and a veteran in the cybersecurity industry with over 25 years of experience joins us to explore the intricacies of working as a fractional CISO. He offers a unique perspective on the role's challenges and rewards and emphasizes the importance of understanding business nuances, building trust with leadership, and developing a broad-spectrum knowledge of emerging technologies. Jim's insights shed light on measuring performance, effective communication, and essential skills provide invaluable guidance for navigating today's complex cybersecurity landscape. Topics discussed: The evolving role and challenges of being a fractional CISO in today's cybersecurity landscape. The importance of building human connections and speaking the language of business stakeholders for effective cybersecurity leadership. Strategies for measuring the success of a fractional CISO beyond traditional KPIs and metrics. Essential skills for CISOs, including humility, broad-spectrum technological knowledge, and the ability to get the gist of new concepts. The necessity of staying updated on threat intelligence and applying it effectively within your organizational structure. Tips for aspiring CISOs on how to start and thrive in the ever-changing world of cybersecurity. Key Takeaways: Build strong human connections with stakeholders by understanding their language and business needs for effective cybersecurity leadership. Measure your success as a fractional CISO by demonstrating influence and trust rather than relying solely on traditional KPIs. Stay updated on the latest threat intelligence and apply it within your organization to bolster cybersecurity defenses. Develop a broad-spectrum knowledge of emerging technologies to enhance your overall understanding and decision-making capabilities. Communicate regularly with your team and organization, making cybersecurity updates engaging, relevant, and easy to understand. Learn continuously and be a professional learner to keep up with the rapid changes in the cybersecurity landscape. Demonstrate your value by showing how your decisions positively impact the organization's security posture and business goals. Identify and understand key performance indicators that truly reflect your effectiveness and impact as a fractional CISO.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
ExtraHop’s Rafal Los on Avoiding Strategic Advisement Mistakes 31:22

40 weeks 전31:22

나중에 재생

나중에 재생

31:22

In our latest episode of the Future of Threat Intelligence podcast, David chats with Rafal Los , Head of Services Strategy & GTM at ExtraHop and the creative force behind the Down the Security Rabbithole podcast. Rafal discusses his journey from curiosity-driven exploration to a professional career in cybersecurity and the lessons he’s learned along the way. Rafal shares his extensive experience in cybersecurity, offering insights on transitioning from technical roles to strategic leadership positions. He also talks about common misconceptions in strategic advisement, the importance of understanding the business context, and actionable advice for aspiring leaders. Throughout the conversation, Rafal's practical tips and seasoned perspectives make this episode a must-listen for anyone looking to elevate their career in cybersecurity and threat intelligence. Topics discussed: Transitioning from technical roles to strategic leadership positions in the cybersecurity industry. Common misconceptions in strategic advisement and how to avoid these pitfalls. The importance of understanding the business context to improve strategic decision-making in cybersecurity. Actionable advice for aspiring leaders in threat intelligence and cybersecurity. How to bridge the gap between technical language and business objectives effectively. Practical tips on assessing risks, impacts, and having a clear strategy for cybersecurity initiatives. Key Takeaways: Understand the broader business context to make more informed strategic decisions in cybersecurity. Listen to and comprehend the challenges faced by different stakeholders to improve strategic advisement. Develop a clear, actionable strategy for cybersecurity initiatives, focusing on both technical and business aspects. Be skeptical of the information you read to stay critical and informed about industry trends and developments. Engage in continuous learning by consuming content from diverse sources to broaden your cybersecurity knowledge. Assess risks and impacts critically to prioritize cybersecurity efforts effectively. Bridge the gap between technical language and business objectives to enhance communication and decision-making. Prepare for potential failures by understanding how systems can fail and creating contingencies. Network with industry professionals to gain different perspectives and insights into cybersecurity challenges. Seek to understand the experiences and needs of your team and stakeholders to create more effective security strategies. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Online Business Systems’ Jeff Man on Demystifying Cybersecurity Solutions (Black Hat Edition) 14:07

41 weeks 전14:07

나중에 재생

나중에 재생

14:07

In our latest special episode of the Future of Threat Intelligence podcast, David chats with cybersecurity expert Jeff Man at the Black Hat conference. Jeff is the Sr. Information Security Consultant at Online Business Systems , and he shares his extensive insights on the evolving landscape of cybersecurity and the importance of fundamental security practices to protect sensitive data. Jeff emphasizes the role of security evangelists in educating organizations and fostering a culture of security awareness. He also explores the implications of AI in cybersecurity, addressing both its potential benefits and challenges. Topics discussed: The importance of understanding fundamental security practices to effectively protect sensitive data in organizations. How the cybersecurity landscape is filled with numerous solutions, but clarity on essential objectives is crucial for effective security. How security evangelists play a key role in educating clients about their specific security needs and corporate culture challenges. How AI is a significant buzzword in cybersecurity, but its potential benefits and risks require careful consideration and understanding. Why organizations often mistakenly believe that implementing the right technology alone is sufficient for comprehensive security measures. The necessity of fostering a culture of security awareness among employees to enhance overall protection. How mentorship and exposure to various cybersecurity roles are vital for individuals looking to enter or transition within the industry. Key Takeaways: Educate your team on fundamental security practices to enhance their understanding of protecting sensitive data effectively. Assess your organization’s current cybersecurity solutions to identify gaps and ensure alignment with essential security objectives. Engage with a security evangelist to gain tailored insights and strategies that fit your corporate culture and specific challenges. Explore the implications of AI in your cybersecurity strategy, weighing both its potential benefits and associated risks. Implement a culture of security awareness by providing ongoing training and resources to all employees within your organization. Document security processes and standards to ensure repeatability and compliance with industry regulations like PCI. Experiment with different cybersecurity roles and responsibilities to find areas where team members can excel and contribute effectively. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Cybersecurity Threat Detection Engineer & Expert Wade Wells on Innovative Deception Strategies for Blue Teams (Black Hat Edition) 5:05

41 weeks 전5:05

나중에 재생

나중에 재생

5:05

In our latest special episode of the Future of Threat Intelligence podcast, Wade Wells , Cybersecurity Threat Detection Engineer & Expert at a Fortune 50 company, shares his insights from the Black Hat conference. He highlights the promising advancements in blue team technologies, particularly in AI applications and deception strategies. Wade also discusses the importance of community networking for aspiring cybersecurity professionals and reflects on the lessons learned from recent security incidents, including the implications of relying on specific security vendors. Topics discussed: The transformative potential of AI technologies in enhancing threat detection and operational efficiency for blue team cybersecurity efforts. The importance of effective email security solutions and their role in protecting organizations from phishing and other email-based threats. Observations on SentinelOne’s Purple AI, which demonstrates the potential of AI in threat hunting and incident response scenarios. The importance of networking within local cybersecurity communities, which can provide valuable resources and job opportunities for newcomers. How the CrowdStrike incident highlighted vulnerabilities in widely used security solutions and the need for diverse strategies. Insights on the critical role of kernel security mechanisms in protecting systems and the challenges associated with managing kernel-level vulnerabilities. Advice for aspiring professionals to leverage existing resources and community knowledge instead of reinventing the wheel in detection engineering. The evolving responsibilities of blue teamers in cybersecurity, including focusing on proactive measures and collaboration with red teams for improved security. Key Takeaways: Investigate and evaluate AI-driven cybersecurity tools to enhance your blue team’s threat detection capabilities and improve incident response times. Prioritize the deployment of robust email security tools to protect against phishing attacks and safeguard sensitive organizational information. Stay informed about emerging Endpoint Detection and Response (EDR) solutions to find innovative products that can strengthen your security posture. Integrate deception technologies into your security framework to mislead attackers and gather intelligence on their tactics and techniques. Actively participate in local cybersecurity communities to build connections, share knowledge, and discover job opportunities in the field. Analyze recent security incidents to identify vulnerabilities and adapt your security strategies accordingly. Focus on hardening kernel security mechanisms to mitigate risks associated with kernel-level vulnerabilities and improve overall system security. Foster collaboration between blue and red teams to improve threat detection and response strategies through shared insights and experiences. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
The Futurum Group’s Krista Case on the Importance of Resilience in Cybersecurity (Black Hat Edition) 9:00

42 weeks 전9:00

나중에 재생

나중에 재생

9:00

In our latest episode of the Future of Threat Intelligence podcast, Krista Case , Research Director of Cybersecurity at The Futurum Group . Krista shares insights from recent research revealing that 50% of organizations plan to adopt new cybersecurity vendors in 2024, highlighting the evolving threat landscape and the expanding attack surface that organizations face today. Krista also emphasizes the importance of resilience and strategic thinking for CISOs, providing valuable guidance on how to effectively address key vulnerabilities and stay ahead of cyber adversaries. Topics discussed: The critical need for innovation in cybersecurity to address evolving threat vectors and expanding attack surfaces. How cybersecurity is now a board-level concern, driven by increasing cyberattacks making headlines and raising organizational awareness. Why advanced threat hunting capabilities are essential for organizations to keep pace with malicious attackers and enhance security posture. The importance of resiliency and focusing on recovery and minimizing data loss from cyberattacks and other outages. The value of independent research and peer connections for CISOs seeking third-party advice on cybersecurity solutions. Key Takeaways: Evaluate your current cybersecurity tool chain to identify gaps and opportunities for innovation in response to evolving threat vectors. Engage with board members to elevate cybersecurity as a critical organizational concern, ensuring alignment with business objectives. Implement advanced threat hunting capabilities to proactively identify and mitigate potential security risks before they escalate. Prioritize resiliency strategies that focus on recovery processes and minimizing data loss following cyberattacks or system outages. Connect with independent research firms to gain insights into the latest cybersecurity trends and effective solutions for your organization. Participate in peer advisory groups or forums to share experiences and strategies with other CISOs facing similar cybersecurity challenges. Adopt a strategic approach to cybersecurity by identifying key vulnerabilities that align with your organization’s overall business goals. Monitor industry developments and emerging technologies to stay informed about innovative solutions that can enhance your security posture. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
ZScaler’s Brett Stone-Gross on the Tactics of the Dark Angels Ransomware Group (Black Hat Edition) 8:14

42 weeks 전8:14

나중에 재생

나중에 재생

8:14

In our latest special episode of the Future of Threat Intelligence podcast, Brett Stone-Gross , Senior Director of Threat Intelligence at Zscaler , joins us at the Black Hat conference. He shares their uncovering of the largest ransomware payment in history — $75 million — made by a Fortune 50 company to the Dark Angels group. Brett explains the group's unique approach, which involves stealing vast amounts of data without encrypting files, and their preference for low-volume, high-impact attacks to evade media scrutiny. He also highlights essential cybersecurity measures, such as implementing two-factor authentication and adopting a zero-trust architecture to protect against such threats. Topics discussed: How the Dark Angels group executed the largest ransomware payment in history, totaling $75 million. How, unlike typical ransomware attacks, the group stole data without encrypting files, exfiltrating approximately 100 terabytes of sensitive information. How their operational model is low-volume, focusing on individual companies to avoid media attention and maintain a low profile. The importance of basic IT hygiene practices, such as two-factor authentication, which are crucial for preventing significant data breaches and ransomware attacks. How implementing a zero-trust architecture can help organizations limit lateral movement and enhance overall cybersecurity defenses against threats. Key Takeaways: Implement two-factor authentication to enhance security and reduce the risk of unauthorized access to sensitive corporate data. Monitor network traffic for anomalous behavior, especially large data transfers, to quickly identify potential data exfiltration attempts. Adopt a zero-trust architecture to limit lateral movement within your network and ensure users only access necessary resources. Limit user privileges, ensuring that users have only the access necessary for their roles. Stay informed about emerging ransomware trends and tactics to proactively adjust your cybersecurity strategies and defenses. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Black Kite’s Jeffrey Wheatman on How Cybersecurity Is Not A Technical Problem But A Business Problem (Black Hat Edition) 10:03

42 weeks 전10:03

나중에 재생

나중에 재생

10:03

In our latest special episode of the Future of Threat Intelligence podcast, recorded at the Black Hat conference, we caught up with Jeffrey Wheatman , SVP, Cyber Risk Strategist at Black Kite . Jeffrey highlights the importance of aligning cybersecurity strategies with business objectives and understanding risk appetite. He emphasizes the need for scenario planning to help decision-makers visualize potential risks and their impacts. Jeffrey also discusses the evolving landscape of cyber risk quantification, highlighting how improved communication of technology value can facilitate better business decisions. Topics discussed: Understanding risk appetite is crucial for organizations to align cybersecurity strategies with overall business objectives and decision-making processes. Scenario planning enables decision-makers to visualize potential risks, fostering informed discussions about risk management and mitigation strategies. Cyber risk quantification is evolving, allowing organizations to better assess and communicate the impact of cybersecurity measures on business performance. Engaging with business leaders helps cybersecurity professionals understand what keeps them awake at night and prioritize risk management efforts. Regular assessments of vendor cybersecurity postures can help organizations manage risk more effectively and ensure compliance with their risk appetite. Building causal linkages between cybersecurity actions and business outcomes enhances the understanding of risk impact on organizational goals. Cybersecurity is fundamentally a business problem, requiring collaboration between technical teams and business leaders to limit risk exposure. Key Takeaways: Define your organization's risk appetite to align cybersecurity strategies with business goals and facilitate informed decision-making. Implement scenario planning exercises to visualize potential risks and their impacts on business processes and objectives. Utilize cyber risk quantification tools to measure and communicate the business impact of cybersecurity investments and decisions. Establish a framework for causal linkages between cybersecurity actions and business outcomes to enhance risk management discussions. Facilitate tabletop exercises with decision-makers to simulate risk scenarios and improve organizational preparedness for potential cyber incidents. Gather data from vulnerability scans and security reports to support risk appetite discussions and inform risk management strategies. Promote a culture of collaboration between technical teams and business leaders to ensure cybersecurity is viewed as a business priority. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
EMA’s Christopher Steffen on the Importance of Open Source Solutions in Threat Intelligence (Black Hat Edition) 8:59

42 weeks 전8:59

나중에 재생

나중에 재생

8:59

In our latest special episode of the Future of Threat Intelligence podcast, David catches Christopher Steffen , VP of Research, Information Security at Enterprise Management Associates , at the Black Hat conference. They discuss the current landscape of cybersecurity, emphasizing the need for CISOs to focus on foundational technologies rather than getting caught up in the hype of AI. Chris highlights the value of open-source solutions in addressing real-world challenges like API and data security, noting their responsiveness compared to traditional vendors. He also provides practical advice for evaluating new technologies, encouraging listeners to consider innovative smaller companies that are driving change in the industry. Topics discussed: The importance of foundational technologies over the hype surrounding AI in cybersecurity solutions. How open-source solutions are becoming viable for enterprise-class problems, offering responsiveness and cost-effectiveness compared to traditional vendors. How the cybersecurity landscape is evolving, with a focus on addressing real-world challenges like API security and data protection. How CISOs should prioritize technologies that solve immediate problems rather than relying on aspirational features from vendors. The value of evaluating new products through documented use cases to ensure they meet organizational needs effectively. How smaller, innovative companies are driving significant advancements in cybersecurity, offering unique solutions that larger vendors may overlook. Key Takeaways: Evaluate new cybersecurity technologies based on documented use cases to ensure they address your organization's specific needs effectively. Prioritize foundational technologies over the latest AI trends to tackle immediate cybersecurity challenges in your organization. Leverage open source solutions to enhance API security and data protection, taking advantage of their responsiveness and low cost. Engage with smaller, innovative companies that are driving advancements in cybersecurity, as they often provide unique and effective solutions. Focus on automation within your SOC to streamline alert management and reduce the burden on your team. Monitor compliance requirements regularly to ensure your cybersecurity strategies align with evolving regulations and standards. Collaborate with your team to identify core technological problems that need immediate attention, rather than getting distracted by aspirational features. If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Juniper Networks’ Drew Simonis on Empathy and Leadership in Cybersecurity 33:01

43 weeks 전33:01

나중에 재생

나중에 재생

33:01

In our latest episode of the Future of Threat Intelligence podcast, we speak with Drew Simonis , Chief Information Security Officer at Juniper Networks . Drew shares his insights into the evolving landscape of cybersecurity, emphasizing the crucial role of empathy and humility in effective leadership. He also explores the transformative potential of AI in cybersecurity and offers practical advice on aligning security efforts with business objectives. Drew provides actionable insights, making our chat a must-listen for anyone involved in risk management, cybersecurity strategy, or leadership roles. Topics discussed: The importance of empathy and humility as foundational traits for effective cybersecurity leadership. The evolving landscape of cybersecurity and how it has changed over the past 20 years. The role of AI and automation in transforming cybersecurity practices and enhancing risk management. Practical advice on aligning cybersecurity efforts with overarching business objectives to create impactful strategies. The significance of conducting thorough team assessments to identify skill gaps and improve overall performance. Insights into building a balanced cybersecurity team that includes both deep technical experts and broad, cross-functional connectors. Drew's actionable advice for aspiring leaders on becoming experts in their business and understanding their colleagues' perspectives. Key Takeaways: Model empathy and humility in your leadership approach to build trust and collaboration within your cybersecurity team. Stay updated on the latest advancements in AI and automation to enhance your cybersecurity practices and risk management strategies. Align your security efforts with the overall business objectives to ensure that your initiatives have a meaningful impact. Conduct regular team assessments to identify skill gaps and areas for improvement, fostering a culture of continuous development. Engage with other departments to understand their perspectives and how cybersecurity can support their goals more effectively. Standardize on a common vocabulary within your team to improve communication and ensure everyone is on the same page. Participate in business meetings and listen to leadership presentations to better understand the strategic direction of your organization. Encourage your team to step out of their comfort zones and take on new challenges to foster professional growth. Implement practical risk management practices by saying "how" instead of just "yes" or “no” to ensure responsible and sustainable security measures. Monitor your cybersecurity roadmap and ensure that your team is executing priorities that support the organization's goals.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Pure Storage’s Andrew Gontarczyk on Avoiding Common Pitfalls in Cybersecurity Leadership 31:31

44 weeks 전31:31

나중에 재생

나중에 재생

31:31

In our latest episode of the Future of Threat Intelligence podcast, Andrew Gontarczyk , CISO at Pure Storage , dives into the world of cybersecurity leadership. Andrew shares his invaluable insights on the importance of blending technical expertise with a strong understanding of business priorities. He recounts his professional journey, highlighting key lessons he’s learned along the way. Andrew offers unique value by addressing common industry pitfalls, the significance of effective communication, and strategies for building and leading successful cybersecurity teams. This episode is a treasure trove of practical advice for both aspiring and established cybersecurity professionals. Topics discussed: The importance of being highly technical while understanding broader business contexts for effective cybersecurity leadership. Strategies for assembling and managing successful cybersecurity teams, emphasizing competence, communication, and problem-solving. Common mistakes in cybersecurity and how to avoid them, focusing on understanding business priorities and effective communication. Leveraging industry standards to accelerate progress and build credibility within cybersecurity initiatives. Techniques for distilling complex technical information into concise, meaningful reports for executive and board-level audiences. The necessity of collaboration and communication across departments to meet customer expectations and achieve security goals. Key Takeaways: Understand the balance between technical expertise and business context to make informed decisions in cybersecurity leadership. Leverage industry standards to accelerate cybersecurity initiatives and build credibility within your organization. Communicate effectively with executive leadership by distilling complex technical details into concise, meaningful reports. Build strong cybersecurity teams by prioritizing competence, communication, and problem-solving skills. Avoid common industry pitfalls by understanding broader business priorities and maintaining effective communication across departments. Engage stakeholders by encouraging them to bring security ideas and strategies to the table, fostering a proactive security culture. Reflect on your cybersecurity strategies by considering the broader business context and avoiding creating "shelfware" strategies. Collaborate with other departments to meet customer expectations and achieve comprehensive security goals. Emphasize the importance of understanding business priorities to help prioritize and negotiate cybersecurity tasks effectively. Stay updated with industry trends and developments to keep your cybersecurity practices relevant and effective. Headed to Black Hat? Visit us at booth #4428 for a free demo. Until then, try Pure Signal Scout Insight™ free for 30 days by signing up here .…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
BullWall’s Troels Oerting on Keeping the World Safe from Cyber Crime 44:04

2 years 전44:04

나중에 재생

나중에 재생

44:04

In this week's episode of the Future of Cyber Risk podcast, David speaks to Troels Oerting , Chairman of the Board at BullWall . They discuss the insights Troels has learned across his long career in global cybersecurity leadership, which include how to build bridges of cooperation and communication between public and private entities, industries, and countries to better combat cybercrime. They also discuss the gaps in today’s cybersecurity landscape, the importance of running exercises to practice for imminent threats, and what the future of cyber risk will look like. Topics discussed: The evolution of Troels' deep career in cybersecurity, starting as a police officer, to serving as CISO at Barclays, to becoming the Director of the Global Center for Cybersecurity at the World Economic Forum. How international collaboration around cybersecurity has changed, and why there's the need for more cooperation and bridge-building between countries. Key lessons learned from being a CISO at Barclays, like why there needs to be more communication across the industry and how banks "put their money where their mouth is" to form a cyber alliance. The need for the public and private sector to work together on exchanging information in a non-punitive way that benefits both parties. Significant gaps in the current cybersecurity landscape, and how governments and organizations can work to manage better security approaches. Three elements of the future of cybersecurity, including the increase in normalization of the risk, more risk-based approaches to security, and a new focus on resilience. How to use exercises and practice to prepare for future hacks — and why it's essential to invite the board to participate.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
ProPublica Reporter & Author Renee Dudley on Writing About the Hunters and the Hackers 38:03

2 years 전38:03

나중에 재생

나중에 재생

38:03

In this week's episode of the Future of Cyber Risk podcast, David speaks to Renee Dudley , reporter at ProPublica and co-author of The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime . Renee tells about how her investigative reporting focus took her to cybercrime and ransomware, and how in her research she met a "ransomware hunting team" of a dozen individuals who crack ransomware for victims and rarely ask for anything in return. She also talks about her investigation into companies who claim to help victims with ransoms but are actually scams and how individuals can protect themselves against a ransomware attack. Topics discussed: How Renee got into covering cybersecurity, which was sparked by seeing how CISOs were frustrated about not getting funding from their board, and which eventually became a primary topic of her investigative reporting. How she researched and wrote The Ransomware Hunting Team , including the story of how she tracked down ransomware expert DemonSlay335 and learned about the independent threat hunting team made up of a dozen private researchers like him who help victims of ransomware. What the mindset and altruistic motivation is behind individuals who crack ransomware and save victims millions of dollars (and it’s not fame and fortune). How Renee investigated companies that offer assistance to those who have been impacted by ransomware, uncovering that while some are transparent and legit, some are scamming the victims that seek their help. What steps individuals can take to protect themselves against a ransomware attack, including having offline backups, setting up 2FA, and being wary of phishing emails. The similarities between the hunters and the hackers in terms of skills and motivation, including a mutual respect for each other, and how each team tries to recruit the other.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Protecting Your Manufacturing OT Environments from Cyber Threat with Carrier’s Brian Kime 43:45

2 years 전43:45

나중에 재생

나중에 재생

43:45

In this week's episode of the Future of Cyber Risk podcast, David speaks to Brian Kime , Associate Director of Threat Intelligence and Hunt Lead at Carrier , a global leader in intelligent climate and energy solutions. They discuss the biggest cyber risks to manufacturing companies and how to keep OT environments safe — and why the biggest threat to production is a ransomware attack that impacts the IT systems. They also discuss the need for implementing zero trust and segmenting identities, what key skills are needed to be successful in cyber risk management, security innovations in the military, and why the future of cyber risk management will see organizations prioritizing their own internal data. Topics discussed: The evolution of Brian's career as an "expert generalist," including work both on the enterprise defender side and the vendor side, doing research at Forrester, and coming back to the enterprise side at Carrier — as well as serving in the US Army Reserve. What measures are most successful in protecting manufacturing OT systems against cyber threat, including the necessity of tabletop exercises, implementing zero trust, and the need for segmentation of identities. Why ransomware is still the biggest threat to manufacturing, and how attackers can halt production and OT systems by ransoming IT systems. The biggest threats to the global supply chain today, and how tensions in one part of the world — Ukraine and South Asia specifically — can disrupt supply chain timing and costs globally. The military's approach to cyber risk management, the challenge of working with smaller tech companies as contractors, and why innovation today is soldier-centered. What key skills are required for cyber risk management success, including the need for critical thinking around context and audience, and why writing skills are necessary for communicating business value and risk. What cyber risk management will look like in five years, and why organizations will find it more effective to prioritize their own internal data over outside sources.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
The Intersection of Cyber Risk and Data Privacy with Guild Education’s Julie Chickillo 29:35

2 years 전29:35

나중에 재생

나중에 재생

29:35

In this week's episode of the Future of Cyber Risk podcast, David speaks to Julie Chickillo , VP, Head of Security at Guild Education , a platform where workers can gain the skills and support they need to grow in their careers. They discuss current trends around cyber risk management, including the rising need to integrate more data privacy into security practices. They also talk about how security teams can better understand how risk impacts business decisions, how to weed out "dark patterns" when developing software, and how to support team growth through continuous learning opportunities — including a security book club. Topics discussed: The evolution of Julie's career, from being in legal, security, governance, risk, and compliance for nearly 20 years, to becoming head of security at Guild Education, a career enableist platform. The day-to-day actions of a head of security, including overseeing the privacy and risk groups, looking for new ways to support the team, and keeping up with developments in the industry by talking to founders. What security practitioners get wrong about cyber risk management, and why practitioners shouldn't own the risk themselves. Why Julie likes talking to founders about what they're seeing across the industry, and how you can find them at conferences and trade shows "on the outside." What skills and training are important for a security team, including learning a language like Python, taking free courses, engaging in book clubs, sharing opportunities on Slack, and more. The necessity of being able to translate data and privacy concerns to business leaders, and to be able to talk about the impact to business decisions. What dark patterns are, how they impact privacy and data use, and how to better consider user experience when designing software.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Roundtable Episode: Tom Cross & Lewis Heuermann Go Inside the Mind of a Threat Hunter 48:00

2 years 전48:00

나중에 재생

나중에 재생

48:00

Lewis Heuermann, Lead Associate of Cyber Risk Management at Booz Allen Hamilton, and Tom Cross, Independent Security Consultant, speak with David about the complexities threat hunters and their organizations face when dealing with cyber risk management and how to cultivate a holistic cybersecurity ecosystem for sustainable business success. In this episode, the conversation focuses on striking a balance between proactive risk management and maintaining day-to-day cybersecurity operations. They emphasize the importance of effective communication and collaboration between different departments within an organization to better understand and address potential cybersecurity threats. Topics discussed: The difficulties faced by cybersecurity professionals in persuading leadership to invest more in cybersecurity and the importance of presenting real-world context to demonstrate the potential risks. The challenge of maintaining a balance between proactive cyber risk management and daily operations, ensuring that organizations can effectively manage both aspects. The role of the CISO in aligning cybersecurity efforts with overall business objectives to ensure a more effective risk management strategy. The million-dollar question: How to convince leadership to invest in cybersecurity. The need for collaboration between departments like marketing, finance, and IT to foster a more comprehensive understanding of the business landscape and potential cybersecurity threats. How to move from a ticket taker/problem solver mindset to one that embraces innovation and strategic thinking in cybersecurity. How to involve senior leaders, such as the CFO and CIO, in cybersecurity discussions to ensure a more holistic approach to risk management. Understanding the business perspective and aligning cybersecurity strategy with it is crucial for effective risk management and overall organizational success. Resources: Voice of a Threat Hunter Report Paul Graham's Maker's Schedule, Manager's Schedule Lewis Heuermann on LinkedIn Tom on Mastodon…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Building a Sales Mentality for Effective Security and Risk Management 34:47

2 years 전34:47

나중에 재생

나중에 재생

34:47

In this episode, David speaks with Kodjo Hogan, the Director of Information Security and Governance Risk and Compliance at Chainalysis, to discuss the operational and managerial tasks in risk management for blockchain companies, the risks of AI and quantum computing to blockchain, and Kodjo provides actionable advice for security practitioners. Topics discussed: Kodjo’s experience transitioning from an accounting background to an information technology role The benefits of having an accounting background for understanding risk assessment and analysis Operational and managerial tasks in risk management for blockchain companies The biggest threats of the future: AI and quantum computing The risks of AI and quantum computing to blockchain Actionable advice for security practitioners, including the importance of adaptability and critical thinking Developing a sales mentality for security and risk management The importance of communication and explaining risks to non-technical business managers The need for risk modeling and understanding risk appetite Exploring the potential of AI in cybersecurity, including AI penetration testing Kodjo’s perspective on risk management in the next five years…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Adapting Risk Management to Today’s Tech Changes 36:10

2 years 전36:10

나중에 재생

나중에 재생

36:10

In this episode, David speaks to Bronwyn Boyle, who has over 20 years of experience as a director, head of security, and CISO working in technology and security in financial services and supporting a range of organizations. During the episode, they discuss how risk management needs to evolve with today's tech changes, the advantages and challenges of AI, and advice for security leaders — and women who want to get involved in the industry. Topics discussed: The evolution of Bronwyn's career in cybersecurity, from starting as a software developer, to working with RegTech and FinTech startups, to becoming CISO at a SaaS cloud banking platform. How risk management has evolved and how it needs to keep up with the velocity of technological changes happening every day. What it means to be at the tipping point of adoption for new services and approaches to cybersecurity, like AI. What most CISOs get wrong, and why success can be found in more collaboration and a better understanding of the business context for cybersecurity. How artificial intelligence and machine learning will open up a number of opportunities for cybersecurity, like improving analytics and reducing alerts — but will also open up opportunities for adversaries as well. Advice for women who want to grow their career in cybersecurity and tech, and the need for good role models and sponsors. Three pieces of advice for security leaders, and the need to work together to prepare for the future shifts in security. Resources Mention: LinkedIn: https://www.linkedin.com/in/bronwynboyle/…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Leading Security and Managing Risk with Humana’s CISO Aman Raheja 38:02

2 years 전38:02

나중에 재생

나중에 재생

38:02

In this episode, David speaks to Aman Raheja, Chief Information Security Officer at Humana. During the episode, they discuss what life and leadership is like for a CISO at a Fortune 500 healthcare company, the necessity of risk management and having a risk appetite statement, and what lies ahead for the future of cybersecurity. Topics discussed: A day in the life of a modern CISO at a Fortune 500 healthcare company, and the biggest challenges of moving from a hands-on role to an executive leadership role, including understanding business strategy, communicating a vision, and trusting his team. What a risk appetite statement is and why it's crucial that all companies have one to measure their risk and articulate their metrics, trade-offs, and compromises. What most CISOs get wrong, including prioritization, focusing too much on technology and not enough on capability, and having a disconnect between where the company is going and where the security team is going. What makes an effective cyber risk management program, and how to measure its effectiveness through KPIs, thresholds, and pressure testing. How a CISO interacts with their board, how a board should give oversight and guidance to cybersecurity, and the benefits of board members with backgrounds in technology. The future of cybersecurity, including the reevaluation of cloud and the increase of automation. Why building a high-performing team involves having an engineering mindset to creatively solve problems. Resources Mention: LinkedIn: https://www.linkedin.com/in/rahejaaman/…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Omnicom’s Norman Levine on Auditing, AI, and Advancing Your Skill Set 41:59

2 years 전41:59

나중에 재생

나중에 재생

41:59

In this episode, David speaks to Norman Levine, Senior Manager of Cyber Risk Management at Omnicom. During the episode, they discuss the evolution of security since the 1990s, new technology security practitioners should be paying attention to, and key skills needed to be a successful security practitioner. Topics discussed: Norman's history in cybersecurity, from purchasing a book written about the internet in 1994, to starting a website that sold the first HTML editor, to being the senior manager of cyber risk at the top advertising and marketing company. How cyber security has evolved over the past thirty years, including the changes in complexity, landscape, and sentiments. How the rise in Internet of Things and connected devices is adding to the complexity of cyber security approaches. How the emergence of artificial intelligence and machine learning will impact security in both positive, helpful ways, and potentially harmful ways. How Norman's background in auditing influences his security approaches, especially when it comes to evaluating third-party vendor risk. Advice for those managing cyber risk at public companies, and why paranoia can be a helpful tool. A list of the most critical skills a security professional can possess, and how security professionals need to keep their skills updated because of the industry continuous changes. Resources Mention: LinkedIn: Norman J. Levine https://www.linkedin.com/in/normanjlevine/…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Cassio Goldschmidt Talks About Being a CISO for a Vertical SaaS B2B Company 24:21

2 years 전24:21

나중에 재생

나중에 재생

24:21

In this episode, David Monnier speaks to Cassio Goldschmidt , Chief Information Security Officer at ServiceTitan. During the episode, they discuss strategies and challenges of being a CISO for a modern company. Topics discussed: ServiceTitan is a vertical SaaS B2B company. David asks Cassio to share what a day in the life of a CISO looks like for him. Cassio explains that security must come before compliance, but, in the end, business success should be the priority. He shares his views on cyber risk management. ServiceTitan recently launched a bug bounty program. Cassio talks about how that's going for the. Cassio is excited about potential uses for machine learning and artificial intelligence. He discusses some of the current breakthroughs.…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
CISO Stephen Fridakis Talks About Governance, Risk, and Compliance 42:44

2 years 전42:44

나중에 재생

나중에 재생

42:44

In this episode, David is joined by Stephen Fridakis, Deputy Chief Information Security Officer, Verily, an Alphabet Company focused on delivering precision health. As a deputy CISO, Stephen concentrates on governance, risk, and compliance. Topics discussed: Stephen became a CISO in 2006. He describes how he has seen this role evolve from being focused on technology to being risk-centric. Stephen highlights some misalignments between what security operations aim to do and a company's business strategy. Accurately assessing an organization's asset inventory can be a challenge. Stephen discusses some difficulties associated with assessing risk without an accurate IT inventory. David and Stephen explore why equating compliance and security is often a mistake businesses make. Stephen explains his views on cyber risk management and how to measure a risk management program's effectiveness. Zero Trust is a popular security model. Stephen explains what that means to him and how he implements it. Listeners can keep up with Stephen Fridakis on LinkedIn: https://www.linkedin.com/in/stephen-fridakis-96184b/…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Charles Nwatu of Netflix: Why He’s Focused on Quality Control and Quality Assurance in Cyber Risk Management 26:49

3 years 전26:49

나중에 재생

나중에 재생

26:49

In this episode, David Monnier is joined by Charles Nwatu, Engineering Manager, Corporate Security & Security, Technology Assurance & Risk at Netflix. In his role at Netflix, Charles is focused on turning risk into something actionable for the business. Topics discussed: How Charles has seen the cyber risk landscape change over his long career. He offers his perspective on some of the industry's new tools and technologies and which ones he is excited about for the future. How and why security enables the business. The necessary skills for practitioners to keep up with the pace of change in today's business world. Charles shares his views on what the future of cyber risk management might look like. His actionable advice to succeed in cyber risk, focused on understanding what’s around you, what you have to protect, why it’s critical to demand assurance and then celebrate the wins in the wins. Charles Nwatu invites security professionals to follow and engage with him on Twitter and LinkedIn .…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Andrew Cormack: a Practical Framework to Approach Risk through Policy and Technology 24:13

3 years 전24:13

나중에 재생

나중에 재생

24:13

In this episode, David is joined by Andrew Cormack, Chief Regulatory Adviser at Jisc , where he keeps the organization, its members, and customers informed about the legal, policy and security issues around their research and education networks in the UK. Jisc connects all universities, colleges, and school regional networks with over 18 million uses. Topics in this episode include: Why Andrew is so passionate about the human side of policy and technology What’s surprised him about policy makers, how they understand risk, and what they think of cybersecurity Why incident response is critical to privacy and why reducing risk for individuals is key to reducing nearly every other kind of risk How Andrew’s perception of risk has changed as he’s moved from being a technologist and practitioner to a more strategic position Andrew’s advice for others who are advising policy groups The craziest policy proposal Andrew has seen Andrew shares the messages he would give himself if he could go back in time to when he was just starting out Keep in touch with Andrew on LinkedIn at: https://www.linkedin.com/in/andrew-n-cormack/?originalSubdomain=uk…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Navigating Compliance Audits with Brian Honan, founder of BH Consulting 28:08

3 years 전28:08

나중에 재생

나중에 재생

28:08

In this episode, we speak with Brian Honan, founder and CEO of BH Consulting which he started nearly 20 years ago to provide companies with business knowledge, technical expertise and insight into how to maximize the potential of their business and their company's revenues using the IT solutions that are available. He is also the founder of Irish Reporting And Information Security Service, Ireland's first CERT (Computer Emergency Response Team) that provides a range of services and information to better protect information systems in Ireland and make the Irish internet space a safer environment for all. Brian is a recognized expert in the field of Information Security and has provided advice to government departments, companies of varying sizes, the European Commission and has had numerous articles published. Brian is also on the editor board for the SANS Institute’s NewsBites electronic newsletter. Topics discussed: Brian’s experience helping organizations getting certified by regulatory bodies like ISO 2701 The importance of certification, what to look out for, and how certification helps with risk What Brian paints as a good audit, how to know if you’ve received a good audit, and why trust is critical sourcing an auditor Questions people can ask to help vet audit organizations The craziest findings (or lack thereof) Brian has seen in a compliance audit Vendor management and how you manage risk with third parties Brian’s advice to succeed in certification in the future…

F

Future of Threat Intelligence

Future of Threat Intelligence podcast artwork

1
Inside the Mind of a Modern CISO with Brad LaPorte, Former Gartner Analyst 28:50

3 years 전28:50

나중에 재생

나중에 재생

28:50

Brad LaPorte has spent time in US Cyber Intelligence, large technology companies like IBM, research firm Gartner where he coined the term “Attack Surface Management” during his tenure, and today is a partner at High Tide Advisors , a firm specializing in go-to-market consulting. In this first episode, Brad shares the top challenges he’s hearing from the CISOs he talks to every day, how to navigate industry consolidation, and his top three pieces of tactical advice to implement today. Topics discussed in this episode: - Brad’s background and how he transitioned from the front lines of military intelligence to an analyst role to an advisor - Top challenges he’s hearing from CISOs - His perspective on attack surface management - Brad’s favorite Simpsons quote and how it relates to security - The 5 levels of security maturity, where we are now, and what Brad thinks the future holds - The main drivers pushing cybersecurity forward and the evolution of threat actors - The tools and technologies he’s paying attention to and the #1 thing that is on every CISOs mind - How consolidation is shaping the future and what security companies must do to stay competitive - Garnter’s #1 priority for 2022 and how this will evolve - 3 pieces of advice for how to succeed in the future of cyber risk Resources mention on the episode: - Brad’s LinkedIn: https://www.linkedin.com/in/brad-laporte - Brad’s Twitter: @LaporteBrad…

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

500개 이상의 주제를 청취

탐색하는 동안 이 프로그램을 들어보세요.