Future of Threat Intelligence

What happens when you combine market research expertise with cybersecurity strategy? On this episode of The Future of Threat Intelligence, Frank Dickson, Group VP of Security & Trust at IDC, shares his journey from market research to leading a team of 20 cybersecurity analysts advising organizations on security strategy. 
Frank walks David through the industry's shift from reactive security to proactive threat management, discussing why traditional metrics need to evolve and how security leaders can better communicate risk to business stakeholders. His unique perspective on the CISO role's evolution, the impact of organizational complexity on security, and the strategic importance of data management reveals why technical expertise alone isn't enough for modern security leadership. 
Topics discussed:
Moving from reactive security to proactive threat management through strategic metrics and improved risk communication approaches.
The evolution of the CISO role from technical expert to business leader, including critical communication and customer service skills.
Impact of organizational complexity on security effectiveness, particularly in environments with legacy systems and acquisitions.
Strategic approaches to managing and leveraging threat intelligence data while avoiding unnecessary complexity and redundancy.
Balancing necessary and unnecessary risks when implementing AI and machine learning in security programs.
Importance of translating cyber risk into business risk for effective communication with executives and board members.
The evolution of security leadership reporting structures in response to changing business technology dynamics.
Building strategic security programs that focus on simplification and clear business alignment.
The challenges of regulation in driving security adoption while maintaining agility and effectiveness.
Developing security metrics that meaningfully communicate value and risk to business stakeholders.
Key Takeaways: 
Implement mean time to detection and mean time to remediation as core metrics to measure security program effectiveness and efficiency.
Transform threat data into actionable intelligence by aligning it specifically with your environment's outcomes and requirements.
Streamline security infrastructure by consolidating tools and platforms to reduce complexity and improve manageability.
Establish direct CISO-to-CEO reporting structures to effectively manage security across line-of-business technology initiatives.
Develop customer service capabilities within security leadership to support sales processes and stakeholder relationships.
Structure security communications around business risk rather than technical metrics to improve executive understanding and support.
Create standardized taxonomies using frameworks like MITRE ATT&CK and OCSF to make security data more homogeneous and actionable.
Evaluate AI implementation risks by distinguishing between necessary innovation risks and unnecessary implementation risks.
Build security leadership skills progressively through compliance, business acumen, and executive communication capabilities.
Maintain comprehensive data inventories to prevent orphaned data and reduce unnecessary security exposure.
Join us for a milestone celebration as RISE marks its 15th year of bringing together elite cybersecurity professionals, law enforcement, and enterprise teams. 
Apply now to be part of RISE USA 2025 April 8 - 9th in San Francisco: https://www.team-cymru.com/rise-usa. Space is limited.

Jeff Orr, Director of Research & IT Technologies at ISG, brings over three decades of technology experience to his discussion with David about transforming enterprise security approaches. On this episode of The Future of Threat Intelligence, Jeff shares his explanation for why traditional security investments focused primarily on protection are leaving organizations vulnerable, with 98% experiencing significant incidents despite increased spending. 
The conversation also explores the critical need to shift from perimeter defense to comprehensive security programs that include detection and recovery, while addressing the challenges of limited budgets and resources. Jeff offers practical insights about aligning security with business objectives, leveraging AI effectively, and building valuable industry peer networks to stay ahead of emerging threats. 
Topics discussed:
The evolution from traditional perimeter defense approaches to comprehensive security programs that include detection and recovery capabilities.
Research findings that show 98% of organizations experienced significant security incidents despite increased investment in protection.
The importance of aligning security goals with business objectives rather than treating security as an isolated technical challenge.
Leveraging AI and machine learning as assistive technologies to help address staffing gaps and alert fatigue in security operations.
Balancing security investments across protection, detection, and recovery capabilities while operating under constrained budgets.
The role of experience and human intuition in security operations, and how AI can complement but not replace seasoned practitioners.
Building effective community networks within industries and geographic regions to share threat intelligence and security insights.
The importance of breaking down silos between IT and security teams to leverage existing tools and observability capabilities.
Developing risk-based approaches to security that align with business risk appetite and operational priorities.
Creating effective tabletop exercises that include business stakeholders to better understand and prepare for security incidents.
Key Takeaways: 
Diversify security investments beyond perimeter protection by allocating specific budget percentages to detection and recovery capabilities.
Establish clear metrics linking security initiatives to business outcomes through collaboration with department leaders and stakeholders.
Implement automated threat intelligence sharing within your industry vertical to leverage collective insights about emerging attack patterns.
Deploy AI-powered security tools strategically to address alert fatigue while maintaining human oversight of critical security decisions.
Create cross-functional teams between IT and security to leverage existing observability tools and network monitoring capabilities.
Develop comprehensive incident response plans that include business continuity strategies beyond just technical recovery procedures.
Institute regular brown bag sessions between security and IT teams to share knowledge about emerging threats and technical capabilities.
Build regional security partnerships with peer organizations to share attack intelligence and mitigation strategies.
Schedule quarterly tabletop exercises that involve business stakeholders in scenario planning for security incidents.

Where is the balance between data accessibility and protection in today's interconnected digital landscape? Oded Anderman, Privacy Lead at Meta, has plenty of insights on this question and more from his journey from financial services to protecting user data at one of the world's largest social platforms. 
His conversation with David on this episode of The Future of Threat Intelligence explores how the proliferation of connected devices, advancement in AI, and evolving regulatory frameworks are reshaping our approach to data privacy. 
Oded also touches on why unauthorized data scraping poses risks for organizations of all sizes, not just social media giants, and offers practical strategies for implementing effective privacy protection measures while maintaining essential business functions.
Topics discussed:
The evolution of data scraping threats, from simple email harvesting to sophisticated automated collection affecting organizations of all sizes.
The impacts of technological advancements, including AI and machine learning, on both data collection capabilities and protective measures.
How regulatory frameworks like GDPR and CCPA shape organizational approaches to data protection and privacy.
Strategies for distinguishing between legitimate data collection and unauthorized scraping while maintaining business accessibility.
Comprehensive anti-scraping programs that incorporate prevention, detection, and enforcement capabilities.
Importance of industry collaboration through organizations like the Mitigating Unauthorized Scraping Alliance.
Challenges of balancing privacy protection with legitimate research needs through controlled data access programs.
The growing need for consumer education and digital literacy in protecting personal information online.
Evolution of privacy policies and communication strategies to make data practices more transparent and accessible.
Key Takeaways: 
Implement a comprehensive anti-scraping strategy that addresses prevention, detection, and enforcement rather than focusing on single-point solutions.
Recognize that unauthorized data scraping affects organizations of all sizes, not just large social media platforms.
Develop clear protocols for distinguishing between legitimate data collection and unauthorized scraping activities.
Stay informed about evolving regulatory frameworks and adjust data protection strategies accordingly.
Invest in consumer education and transparent communication about data practices and privacy policies.
Participate in industry collaborations and information sharing to stay ahead of emerging threats.
Balance security measures with business accessibility to maintain user value while protecting data.
Consider both technical and regulatory aspects when developing data protection strategies.
Maintain awareness of emerging technologies that could impact both threat scenarios and protective measures.
Prepare for future developments in the data protection landscape, including potential governed data exchange platforms.

When Ben April started managing remote teams in 2005, the concept was nearly unheard of. Now, as CTO of Maltego, he brings nearly two decades of distributed team leadership experience, which he shares with David in this episode of The Future of Threat Intelligence. From implementing Commander's Intent for clear direction to ensuring mental health support during the pandemic, Ben brings practical wisdom about building strong remote cultures that transcend time zones and technology challenges.
His unique perspective on hybrid versus fully remote environments reveals why seemingly simple choices about communication tools and meeting structures can make or break team cohesion. Drawing from experiences that span from the early days of remote work through the global pandemic and beyond, Ben has invaluable insights about preventing burnout, maintaining work-life boundaries, and fostering genuine connection in distributed teams.
Topics discussed:
Establishing effective communication protocols across multiple time zones while preventing isolation and maintaining team cohesion.
Managing the unique challenges of hybrid work environments versus fully remote teams, including the risk of excluding remote team members.
Developing strategies for monitoring and supporting remote employees' mental health.
Building strong remote team cultures through regular video connections, virtual social activities, and periodic in-person gatherings.
Adapting leadership methodologies to effectively manage distributed teams while maintaining clear lines of communication.
Identifying key characteristics and qualities when hiring for remote positions, including self-motivation and adaptability.
Leveraging follow-the-sun operations for enhanced productivity and continuous coverage across global time zones.
Balancing the benefits of remote work flexibility with the need for face-to-face collaboration and team building.
Creating dedicated workspaces and establishing clear work-life boundaries to prevent burnout in remote work settings.
Implementing Commander's Intent leadership strategy to empower remote teams in making autonomous decisions aligned with organizational goals.
Key Takeaways:
Prioritize video communication to maintain human connection and monitor team wellbeing in remote environments.
Focus on building inclusive communication practices that prevent hybrid environments from creating two-tier team structures.
Schedule regular face-to-face meetings to strengthen team bonds and align on strategic objectives.
Create opportunities for non-work social interaction to maintain team cohesion across remote environments.
Look for self-motivated candidates with strong communication skills when hiring for remote positions.
Leverage global time zones strategically for enhanced operational coverage and team handoffs.
Establish dedicated workspaces and clear boundaries between work and personal life to prevent remote work burnout.
Implement Commander's Intent to provide clear direction while allowing remote teams autonomy in decision-making.

David steps into the new world of identity security with Simon Moffatt, Founder & Research Analyst at The Cyber Hut, on the latest episode of The Future of Threat Intelligence. With over two decades of experience, Simon illuminates the dramatic transformation from static directory management to dynamic, threat-informed security architecture. He walks through the challenges of modern identity security, exploring how cloud computing, remote work, and the rise of non-human identities are reshaping our approach to access management. 
 
Simon shares invaluable insights on building adaptive security systems that can respond in real time to emerging threats while balancing usability and privacy concerns. From passwordless authentication to AI-driven security controls, discover how organizations can move beyond traditional static defenses to create more resilient security architectures for an increasingly complex digital landscape.
 
Topics discussed:
 
The evolution of identity security from static directory management to dynamic, adaptive systems responding to real-time threat intelligence and behavioral analysis.
Misconceptions about identity threat intelligence and the importance of moving from static protections to dynamic, responsive security controls.
The intersection of zero trust architecture with identity security principles and how both concepts transcend individual product implementations.
Emerging trends in non-human identity management, including API security, workload identity, and infrastructure automation authentication challenges.
Implementation of adaptive access controls that can make fine-grained security decisions based on real-time context and behavioral analysis.
Balancing privacy considerations with the need for comprehensive security monitoring and threat intelligence sharing across organizations.
The rise of passwordless authentication and its impact on both security posture and user experience in modern digital environments.
Strategies for understanding and mapping your complete identity landscape, including human and non-human identities across cloud and on-premises systems.
The importance of runtime behavior monitoring and real-time intervention capabilities in modern identity security architectures.
Practical approaches to implementing threat-informed defense strategies while maintaining operational efficiency and user productivity.
 
Key Takeaways: 
 
Map your complete identity landscape across cloud and on-prem environments to establish a comprehensive visibility baseline for both human and non-human identities.
Implement adaptive authentication controls that can dynamically adjust access permissions based on real-time context and behavioral analysis.
Deploy passwordless authentication solutions to enhance both security posture and user experience while eliminating password-related vulnerabilities.
Establish robust authentication mechanisms for non-human identities, including API credentials, service accounts, and infrastructure automation tools.
Design fine-grained access controls that can respond to contextual changes by adjusting permissions in real-time rather than simply terminating sessions.
Integrate threat intelligence feeds with identity security controls to enable dynamic, threat-informed defensive responses.
Develop privacy-preserving methods for sharing threat intelligence across organizations while maintaining competitive boundaries and regulatory compliance.
Build resilient identity architectures that assume breach scenarios and focus on rapid detection and response capabilities.
Monitor runtime behaviors of both human and non-human identities to establish baseline patterns and detect anomalous activities.
Create surgical, precise security controls informed by sector-specific threats and actual attack patterns targeting your industry.

David’s latest guest on The Future of Threat Intelligence points out the unexpected ways his customer service background enhances his cybersecurity work. From mastering the art of asking the right questions to navigating remote SOC operations, Lee Ramsey, Senior Security Analyst at Zoom shares practical insights on digital forensics, incident response, and the future of AI in security. 
Drawing from his experience in customer service and his journey to his current role at Zoom, Lee offers valuable perspectives on building successful security teams, implementing effective incident response plans, and maintaining critical thinking in an AI-driven world.
Topics discussed:
The intersection of customer service skills and cybersecurity investigations, focusing on effective communication and problem-solving techniques.
Common pitfalls in incident response planning and the importance of having documented procedures before crises occur.
The impact of AI on digital forensics and incident response, including potential risks and benefits.
Challenges and strategies for managing remote SOC operations in the post-pandemic era.
Key Takeaways: 
Implement a documented incident response plan before you need it to avoid legal and operational complications.
Borrow from customer service skills to improve security investigations through better question-asking techniques.
Approach AI tools with healthy skepticism and always validate their outputs manually.
Build remote SOC capabilities with proper tools and processes for remote data acquisition.
Maintain team cohesion in remote environments through proactive engagement and trust-building.
Document all security practice experience, including CTF participation, to demonstrate practical skills.
Attend local security conferences and volunteer to build professional networks.
Pursue relevant certifications for both credentials and learning opportunities.
Balance tool automation with critical thinking to avoid over-reliance on technology.

In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era. 
James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.
Topics discussed:
The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.
How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.
Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.
How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.
How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.
The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.
Key Takeaways: 
Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.
Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.
Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.
Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.
Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.
Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.
Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.
Use tools like NotebookLM to stay current with security research and white papers while managing information overload.
Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.
Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.

In our latest episode of the Future of Threat Intelligence podcast, David welcomes Justin Jettòn, Senior Threat Intelligence Engineer at Veeva Systems who brings his military intelligence background to discuss the evolving landscape of cybersecurity. Drawing from his experience transitioning from forensics to threat intelligence, Justin explores how AI is transforming both offensive and defensive capabilities in cybersecurity. 
They discuss the potential of AI in early threat detection, the critical need for breaking down organizational silos to improve collective defense, and finding the right balance between automation and human analysis. Justin also emphasizes that while technology advances, the human element remains crucial for effective threat intelligence analysis.
Topics discussed:
Artificial intelligence is reducing the timeline between threat identification and new attack development, lowering barriers for adversaries.
Using AI models for "indications and warning" could help identify threat patterns earlier, enabling proactive defense strategies.
Breaking down organizational silos and creating security collectives is crucial for effective threat intelligence in modern cybersecurity.
Despite technological advances, human analysts remain essential for contextual understanding and strategic threat assessment.
Adding multiple security tools can extend detection time; organizations need better strategies for tool integration and automation.
Clear distinction between engineering and analyst roles, with engineers handling technology while analysts focus on assessment and dissemination.
Future security teams need balanced automation with human oversight, following the military's OODA (Observe, Orient, Decide, Act) loop.
Key Takeaways: 
Implement human verification checkpoints within automated security processes to maintain the "trust but verify" approach in threat intelligence workflows.
Evaluate your organization's security tool stack to prevent tool fatigue — focus on understanding each tool's workflow before adding new ones.
Develop comprehensive understanding of automation processes, from data collection points to decision thresholds, before deploying new security automation.
Establish cross-organizational information sharing frameworks to enhance collective threat detection capabilities through shared AI models.
Differentiate clearly between threat intelligence engineering and analyst roles to optimize team structure and workflow efficiency.
Incorporate the OODA loop (Observe, Orient, Decide, Act) methodology into your threat intelligence processes, ensuring human oversight at critical points.
Broaden your threat intelligence perspective by studying geopolitical events and connecting them to potential cybersecurity implications.
Create sampling protocols to regularly verify that automated security systems are functioning as intended and catching relevant threats.
Build collaborative relationships with ISPs, tech companies, and security vendors to expand threat detection capabilities beyond organizational boundaries.
Document automation workflows thoroughly to ensure security teams understand where decision points occur and how data flows through the system.

In our special episode of the Future of Threat Intelligence podcast, David welcomes Ryan Chapman, Threat Hunter & Author and Instructor at SANS Institute and Matthew Winters, Lead Threat Hunter at T. Rowe Price, to break down Team Cymru's second annual Voice of a Threat Hunter report. Our two experts discuss the statistic that nearly 50% of organizations experienced a major security breach last year, emphasizing the critical role of threat hunting in enhancing incident response. 
 
Ryan and Matt also touch on the importance of proactive detection in cybersecurity, the necessity of curiosity as a fundamental skill for threat hunters, and the challenges organizations face regarding visibility and tool availability.
 
Topics discussed:
Nearly 50% of organizations reported experiencing a major security breach in the past year, highlighting the urgency for improved security measures.  
72% of breached organizations believe that threat hunting significantly enhanced their ability to respond to incidents effectively.  
Proactive detection is becoming essential as organizations recognize the need to stay ahead of evolving cyber threats and attacks.  
Curiosity is a key skill for threat hunters, enabling them to uncover hidden vulnerabilities and enhance overall security posture.  
Many organizations struggle with visibility into their networks, which hampers effective threat hunting and incident response efforts.  
The importance of leveraging existing tools and resources is emphasized to maximize threat hunting capabilities without requiring significant new investments.  
Collaboration across security teams can enhance threat hunting efforts, leading to better detection, response, and overall cybersecurity resilience.
 
Key Takeaways: 
Assess your organization's current security posture to identify potential vulnerabilities and areas needing improvement in threat detection and response.
Implement proactive threat hunting practices to stay ahead of evolving cyber threats and enhance incident response capabilities.
Foster a culture of curiosity within your security team to encourage exploration and investigation of anomalies in your network.
Leverage existing tools and resources effectively to maximize your threat hunting efforts without incurring significant additional costs.
Collaborate across different security teams to share insights and improve the overall effectiveness of threat detection and incident response.
Invest in training programs focused on threat hunting skills to empower your team with the knowledge needed to identify threats.
Document all threat hunting activities and findings to create a knowledge base that can inform future security strategies and decisions.
Establish clear KPIs to measure the effectiveness of your threat hunting initiatives and overall security posture.
Engage with external cybersecurity communities to share experiences, learn best practices, and stay updated on the latest threat intelligence.
Review and update your security tools regularly to ensure they are equipped to handle the latest threats and vulnerabilities. 
 

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Howard Holton, CTO of GigaOm. Howard shares his insights on the increasing vulnerability of small and medium-sized businesses to cyber threats because adversaries are targeting them due to their limited resources and maturity in cybersecurity practices. 
 
Howard emphasizes the importance of understanding the business-like nature of cybercriminals and their strategies. He also explores the role of AI and large language models in enhancing threat intelligence, highlighting how these tools can help organizations prioritize their security efforts effectively. 
 
Topics discussed:
The increasing trend of cybercriminals targeting small and medium-sized businesses due to their lack of resources and cybersecurity maturity.  
Understanding how adversaries operate like businesses, seeking maximum profit by exploiting vulnerabilities in less fortified organizations.  
Actionable cybersecurity measures that organizations can implement immediately to reduce risks and enhance their defenses.  
The role of AI and large language models in improving threat intelligence and making security tools more intuitive for users.  
The challenges of transitioning from a technical role to an executive position and the skills needed for effective leadership in cybersecurity.  
The significance of communication and awareness within organizations to ensure that executive teams understand cybersecurity risks and resource needs.  
Strategies for mitigating the impact of cyber attacks, focusing on prioritizing efforts based on potential threats and vulnerabilities.  
The evolving landscape of cyber threats and how organizations can stay informed and adapt to new challenges in real-time.  
The necessity of governance in implementing AI and LLMs to ensure that sensitive information is handled appropriately within organizations.  
The ongoing need for continuous improvement in cybersecurity practices, as threats are constantly evolving and new vulnerabilities emerge.   
 
Key Takeaways: 
Assess your organization's cybersecurity maturity to identify vulnerabilities and prioritize areas for improvement, especially if you are a small or medium-sized business.
Implement immediate cybersecurity measures to reduce the likelihood of a compromise, focusing on actionable steps that can be completed within hours or days.
Leverage AI and large language models to enhance threat intelligence, making it easier to analyze data and respond to potential threats effectively.
Communicate regularly with your executive team about cybersecurity risks and resource needs to ensure they are informed and can provide necessary support.
Establish a governance framework for AI and LLMs to manage sensitive information and ensure compliance with organizational policies.
Educate your team on the business-like nature of cybercriminals, helping them understand how attackers target organizations based on perceived weaknesses.
Prioritize cybersecurity training for employees to foster a culture of awareness and preparedness against potential cyber threats.
Monitor emerging cyber threats continuously to stay informed about new tactics and vulnerabilities that could impact your organization.
Document all cybersecurity policies and procedures clearly, ensuring that employees understand their roles and responsibilities in maintaining security.
Review and update your incident response plan regularly to reflect changes in the threat landscape and ensure your organization is prepared for potential attacks.