Future of Threat Intelligence

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Gregory Van den Top, AI Practice Leader for Europe at Marsh. They explore the critical importance of understanding cyber risk as an integral part of business strategy, rather than a technical afterthought. 
 
Gregory emphasizes the need for organizations to conduct thorough risk assessments and quantify potential impacts, particularly in light of the growing threat of ransomware. He also highlights the significance of fostering a strong link between cybersecurity and executive leadership to enhance organizational resilience. Tune in for actionable insights to strengthen your cyber risk management approach! 
 
Topics discussed:
 Why cyber risk should be integrated into overall business strategy, not treated as a separate technical issue.  
How conducting thorough risk assessments helps organizations understand their current cyber risk landscape and potential vulnerabilities.  
How quantifying cyber risk is essential for informed decision-making and aligning with organizational goals, particularly for financial stakeholders.  
Why ransomware poses a significant threat, requiring organizations to prioritize awareness, preparedness, and proactive incident response measures.  
How building resilience in cybersecurity involves not just response plans but also protective measures to prevent incidents from occurring.  
How establishing clear roles and responsibilities, including board-level oversight, enhances the management of cyber risk across the organization.  
Why cybersecurity education for non-technical stakeholders is crucial for fostering a comprehensive understanding of risks and promoting informed discussions.   
 
Key Takeaways: 
Integrate cyber risk assessments into your overall business strategy to ensure a holistic approach to risk management.   
Quantify cyber risks to provide tangible insights for decision-makers, particularly for CFOs and other financial stakeholders.  
Prioritize awareness and preparedness for ransomware threats by implementing proactive incident response plans and training programs.  
Establish clear roles and responsibilities for cybersecurity within your organization, including board-level oversight for better risk management.  
Foster a culture of cybersecurity education among all employees to enhance understanding and promote informed discussions about risks.  
Develop a robust incident response plan that includes forensics, legal advice, and communication strategies to mitigate the impact of breaches.  
Engage in regular tabletop exercises using AI tools to simulate cyber incidents and improve your organization’s resilience and response capabilities.  
Collaborate with cybersecurity experts to stay updated on emerging threats and best practices for managing cyber risk.  
Review and update your cybersecurity policies and practices regularly to adapt to the evolving threat landscape and organizational changes.  

In our latest episode of the Future of Threat Intelligence podcast, David Bianco, Staff Security Strategist at Splunk, shares his insights on the evolving landscape of threat hunting. He introduces the PEAK threat hunting framework, emphasizing its role in enhancing security measures. 
 
David also discusses the critical differences between threat hunting and red teaming, highlighting how both approaches can complement each other. He also divesinto the essential skills needed for building an effective threat hunting team and offers actionable advice on measuring the success of threat hunting programs. 
 
Topics discussed:
The PEAK threat hunting framework, designed to enhance proactive cybersecurity measures and improve threat detection capabilities.  
The distinction between threat hunting and red teaming and their complementary roles in strengthening security defenses.  
Hypothesis-based threat hunting and the importance of formulating and testing hypotheses to identify potential threats.  
Baseline threat hunting as a method to understand normal activity, aiding in the detection of anomalies.  
Key skills for an effective threat hunting team, including knowledge of threat actors, technology stacks, and data analytics expertise.  
How metrics for measuring threat hunting success are essential for demonstrating impact and driving continuous improvement in security programs.  
 
Key Takeaways: 
Adopt the PEAK threat hunting framework to structure your threat hunting initiatives and enhance your cybersecurity posture effectively.  
Differentiate between threat hunting and red teaming to understand their unique roles and how they can complement each other in security.  
Formulate clear hypotheses for threat hunting activities to guide your investigations and improve the chances of identifying real threats.  
Conduct baseline threat hunting to establish normal activity patterns, making it easier to detect anomalies and suspicious behavior.  
Build a diverse threat hunting team by incorporating members with expertise in threat intelligence, data analytics, and incident response.  
Implement actionable metrics to measure the success of your threat hunting program and demonstrate its impact on overall security.  
Start small with your threat hunting efforts, focusing on manageable projects that can scale as you gain experience and success.  
Encourage collaboration between threat hunters and other security teams to share knowledge and improve overall detection capabilities.  
Continuously educate your team on the evolving threat landscape to stay ahead of potential risks and enhance threat hunting effectiveness.  
Utilize existing data analytics tools to analyze collected data during threat hunting, enabling informed conclusions about threat actor activities.  

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Eric Hanselman, Chief Analyst at S&P Global, about the critical role of threat intelligence in today’s cybersecurity landscape. Eric emphasizes the need for organizations to integrate threat intelligence operationally, moving beyond mere threat feeds to develop comprehensive threat models. 
 
He discusses the importance of maintaining operational hygiene, building a peer ecosystem for information sharing, and aligning security strategies with overall business objectives. Eric also offers valuable insights on navigating the complexities of cybersecurity and the future of threat intelligence. 
 
Topics discussed:
Insights on the evolving role of threat intelligence in modern cybersecurity strategies and operations.  
How organizations must integrate threat intelligence operationally to effectively manage risks and inform day-to-day security decisions.  
Why simply having a threat feed is insufficient; understanding and updating threat models is crucial for effective risk management.  
How operational hygiene, including good backups and data protection, is essential for defending against ransomware and other cyber threats.  
The value of building a community for information sharing enhances collaboration and provides valuable reality checks among cybersecurity professionals.  
Aligning security strategies with business objectives ensures that security measures support overall organizational goals and operations.  
Looking ahead and maintaining a forward-thinking perspective is vital for anticipating future cybersecurity challenges and opportunities.   
 
Key Takeaways: 
Integrate threat intelligence into daily operations to enhance your organization’s ability to respond to emerging cybersecurity threats.  
Develop comprehensive threat models that are regularly updated to reflect the evolving risk landscape and inform strategic decisions.  
Prioritize operational hygiene by ensuring robust data protection measures and effective backup systems to mitigate ransomware risks.  
Build a network of cybersecurity peers for information sharing to gain insights and reality checks on current security practices.  
Align your security strategies with business objectives to ensure that cybersecurity efforts support overall organizational goals and operations.  
Stay informed about emerging technologies, such as GenAI, and assess their potential impact on your security posture.  
Engage in end-user research to understand the pain points of security teams and develop solutions that address their challenges.  
Look beyond immediate threats and focus on long-term strategic planning to anticipate future cybersecurity challenges.  
Foster a culture of collaboration within your organization to enhance communication between security teams and other business units.  
Regularly evaluate and refine your security practices to ensure they remain effective in the face of evolving threats and technologies.   

In our latest episode of the Future of Threat Intelligence podcast, host David Monnier welcomes David Ortiz, Global CISO at Church & Dwight. David shares insights from his extensive career in information technology and cybersecurity, emphasizing the importance of understanding the evolving threat landscape. 
 
David touches on the critical role of threat intelligence in decision-making, the challenges posed by sophisticated phishing techniques and deepfakes, and the necessity of integrating cybersecurity into business strategy. He also highlights the significance of collaboration across various teams and the responsible use of AI in enhancing security measures for organizations. 
 
Topics discussed:
The importance of understanding the evolving threat landscape for effective cybersecurity management in organizations.  
How threat intelligence plays a crucial role in identifying and mitigating risks, helping CISOs make informed decisions.  
How advanced email gateways and spam filters need to evolve to combat increasingly sophisticated phishing attacks and deepfake technologies.  
Why integrating cybersecurity into overall business strategy is essential for achieving security by design and enhancing data privacy measures.  
The value of collaboration with diverse partners, including legal teams and law enforcement, strengthens cybersecurity resilience and response capabilities.  
The importance of comprehensive cybersecurity awareness training to empower employees in recognizing and responding to potential threats.  
The responsible use of AI tools is vital for enhancing security measures while maintaining data privacy and compliance standards.   
 
Key Takeaways: 
Assess your organization's attack surface to identify vulnerabilities and prioritize protecting critical assets effectively.  
Implement a robust threat intelligence program to enhance decision-making and stay informed about emerging cybersecurity threats.  
Upgrade email gateways and spam filters to counteract sophisticated phishing attacks and improve overall email security.  
Integrate cybersecurity practices into your business strategy to ensure security by design and enhance data privacy initiatives.  
Collaborate with various stakeholders, including legal teams and law enforcement, to strengthen your cybersecurity posture and incident response.  
Conduct regular cybersecurity awareness training for employees to empower them in recognizing and responding to potential threats.  
Monitor the responsible use of AI tools within your organization to balance innovation with data privacy and security compliance.  
Engage with third-party vendors to assess their security practices and manage supply chain risks effectively.  
Foster a culture of accountability and ownership among team members to ensure everyone understands their role in reducing cyber risk.  
Seek mentorship from experienced professionals in both cybersecurity and business to develop a well-rounded skill set for leadership roles.  

In our latest episode of the Future of Threat Intelligence podcast, Kristof Riecke, Field CISO at Rackspace Technology, shares his journey in cybersecurity and highlights the evolution of the industry over the past decade. He discusses the importance of effective communication in security strategies, the need for a holistic approach to threat intelligence, and the unique challenges organizations face in cloud security. 
 
Kristof also emphasizes that understanding the specific needs of each organization is crucial for developing effective security measures and achieving overall security maturity. 
 
Topics discussed:
How the evolution of cybersecurity is marked by increasing complexity in attacks and a growing need for professionalization within the industry.  
Why effective communication is essential for CISOs to convey security strategies and engage with stakeholders at all organizational levels.  
How a holistic approach to threat intelligence is crucial, considering diverse sources and types of information relevant to an organization’s security needs.  
Why organizations must continuously address security measures, as moving to the cloud does not eliminate the need for ongoing vigilance.  
How understanding specific organizational needs is vital for developing tailored security measures and achieving overall security maturity.  
The importance of transparency regarding vulnerabilities and incidents to enhance detection and response capabilities within organizations.   
 
Key Takeaways: 
Assess your organization's current cybersecurity posture to identify vulnerabilities and areas for improvement in threat detection and response.  
Implement multi-factor authentication across all systems to enhance security and protect against unauthorized access.  
Educate employees on security awareness to foster a culture of vigilance and reduce the risk of human error in cybersecurity.  
Communicate security strategies clearly to all stakeholders, ensuring that everyone understands their role in maintaining a secure environment.  
Develop a holistic threat intelligence program that incorporates diverse information sources to better understand potential threats.  
Regularly review and update security measures to adapt to the evolving cybersecurity landscape and emerging threats.  
Collaborate with cross-functional teams to ensure that security practices are integrated into all aspects of the organization.  
Document security incidents and responses to create a knowledge base that can improve future incident management and response efforts.  
Utilize cloud security best practices to protect sensitive data and maintain compliance with regulatory requirements.  
Establish a continuous monitoring process to stay informed about the security landscape and proactively address potential threats.   

In our latest episode of the Future of Threat Intelligence podcast, we welcome David Patariu, an Attorney focusing on Privacy, Artificial Intelligence, and Cybersecurity at Venable LLP. David shares his unique journey from engineering to law, highlighting the critical intersection of technology and legal frameworks. 
David sheds light on the challenges posed by unauthorized data scraping, and what The Mitigating Unauthorized Scraping Alliance (MUSA) is doing to raise awareness and help prevent the practice, including MUSA’s Industry Practices to Mitigate Unauthorized Scraping. He also discusses the importance of robust privacy policies in building user trust, and the need for collaboration between industry and regulators to address emerging privacy concerns. 
Topics discussed:
How unauthorized data scraping poses significant risks to businesses, requiring proactive measures to protect intellectual property and user data.  
Why effective privacy policies are essential for building trust with users and ensuring compliance with evolving regulatory requirements.  
How collaboration between industry stakeholders and regulators is crucial to combat unauthorized data scraping and promote best practices.  
The role of legal advisors is evolving, necessitating a strong understanding of technology to provide relevant guidance.  
Why data protection strategies must consider the implications of artificial intelligence and machine learning on privacy and cybersecurity.  
How public awareness and education about data scraping and privacy issues are vital for empowering users to safeguard their information.   
Key Takeaways: 
Develop comprehensive privacy policies that clearly outline data usage practices to enhance user trust and comply with legal requirements.  
Engage in ongoing education about privacy laws and cybersecurity trends to stay informed and adapt to regulatory changes effectively.  
Collaborate with legal advisors who have a strong technology background to ensure that legal frameworks align with business objectives.  
Implement best practices for data protection by participating in industry groups focused on combating unauthorized data scraping.  
Conduct regular audits of your data handling practices to ensure compliance with privacy regulations and identify areas for improvement.  
Monitor emerging technologies and their implications for privacy to proactively address potential legal challenges in your organization.  
Participate in webinars and conferences to gain insights into the latest developments in privacy, cybersecurity, and artificial intelligence.  
Advocate for industry collaboration to establish standards and guidelines that address unauthorized data scraping and enhance user protection.   

In our latest episode of The Future of Threat Intelligence podcast, Jim Tiller, CISO at CyberBellum and a veteran in the cybersecurity industry with over 25 years of experience joins us to explore the intricacies of working as a fractional CISO. 
 
He offers a unique perspective on the role's challenges and rewards and emphasizes the importance of understanding business nuances, building trust with leadership, and developing a broad-spectrum knowledge of emerging technologies. Jim's insights shed light on measuring performance, effective communication, and essential skills provide invaluable guidance for navigating today's complex cybersecurity landscape. 
 
Topics discussed:
The evolving role and challenges of being a fractional CISO in today's cybersecurity landscape.
The importance of building human connections and speaking the language of business stakeholders for effective cybersecurity leadership.
Strategies for measuring the success of a fractional CISO beyond traditional KPIs and metrics.
Essential skills for CISOs, including humility, broad-spectrum technological knowledge, and the ability to get the gist of new concepts.
The necessity of staying updated on threat intelligence and applying it effectively within your organizational structure.
Tips for aspiring CISOs on how to start and thrive in the ever-changing world of cybersecurity. 
 
Key Takeaways: 
Build strong human connections with stakeholders by understanding their language and business needs for effective cybersecurity leadership.
Measure your success as a fractional CISO by demonstrating influence and trust rather than relying solely on traditional KPIs.
Stay updated on the latest threat intelligence and apply it within your organization to bolster cybersecurity defenses.
Develop a broad-spectrum knowledge of emerging technologies to enhance your overall understanding and decision-making capabilities.
Communicate regularly with your team and organization, making cybersecurity updates engaging, relevant, and easy to understand.
Learn continuously and be a professional learner to keep up with the rapid changes in the cybersecurity landscape.
Demonstrate your value by showing how your decisions positively impact the organization's security posture and business goals.
Identify and understand key performance indicators that truly reflect your effectiveness and impact as a fractional CISO. 
 

In our latest episode of the Future of Threat Intelligence podcast, David chats with Rafal Los, Head of Services Strategy & GTM at ExtraHop and the creative force behind the Down the Security Rabbithole podcast. Rafal discusses his journey from curiosity-driven exploration to a professional career in cybersecurity and the lessons he’s learned along the way.
 
Rafal shares his extensive experience in cybersecurity, offering insights on transitioning from technical roles to strategic leadership positions. He also talks about common misconceptions in strategic advisement, the importance of understanding the business context, and actionable advice for aspiring leaders. Throughout the conversation, Rafal's practical tips and seasoned perspectives make this episode a must-listen for anyone looking to elevate their career in cybersecurity and threat intelligence. 
 
Topics discussed:
Transitioning from technical roles to strategic leadership positions in the cybersecurity industry.
Common misconceptions in strategic advisement and how to avoid these pitfalls.
The importance of understanding the business context to improve strategic decision-making in cybersecurity.
Actionable advice for aspiring leaders in threat intelligence and cybersecurity.
How to bridge the gap between technical language and business objectives effectively.
Practical tips on assessing risks, impacts, and having a clear strategy for cybersecurity initiatives. 
 
Key Takeaways: 
Understand the broader business context to make more informed strategic decisions in cybersecurity.
Listen to and comprehend the challenges faced by different stakeholders to improve strategic advisement.
Develop a clear, actionable strategy for cybersecurity initiatives, focusing on both technical and business aspects.
Be skeptical of the information you read to stay critical and informed about industry trends and developments.
Engage in continuous learning by consuming content from diverse sources to broaden your cybersecurity knowledge.
Assess risks and impacts critically to prioritize cybersecurity efforts effectively.
Bridge the gap between technical language and business objectives to enhance communication and decision-making.
Prepare for potential failures by understanding how systems can fail and creating contingencies.
Network with industry professionals to gain different perspectives and insights into cybersecurity challenges.
Seek to understand the experiences and needs of your team and stakeholders to create more effective security strategies. 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0

In our latest special episode of the Future of Threat Intelligence podcast, David chats with cybersecurity expert Jeff Man at the Black Hat conference. Jeff is the Sr. Information Security Consultant at Online Business Systems, and he shares his extensive insights on the evolving landscape of cybersecurity and the importance of fundamental security practices to protect sensitive data. 
Jeff emphasizes the role of security evangelists in educating organizations and fostering a culture of security awareness. He also explores the implications of AI in cybersecurity, addressing both its potential benefits and challenges. 
Topics discussed:
The importance of understanding fundamental security practices to effectively protect sensitive data in organizations.  
How the cybersecurity landscape is filled with numerous solutions, but clarity on essential objectives is crucial for effective security.  
How security evangelists play a key role in educating clients about their specific security needs and corporate culture challenges.  
How AI is a significant buzzword in cybersecurity, but its potential benefits and risks require careful consideration and understanding.  
Why organizations often mistakenly believe that implementing the right technology alone is sufficient for comprehensive security measures.  
The necessity of fostering a culture of security awareness among employees to enhance overall protection.  
How mentorship and exposure to various cybersecurity roles are vital for individuals looking to enter or transition within the industry.   
Key Takeaways: 
Educate your team on fundamental security practices to enhance their understanding of protecting sensitive data effectively.  
Assess your organization’s current cybersecurity solutions to identify gaps and ensure alignment with essential security objectives.  
Engage with a security evangelist to gain tailored insights and strategies that fit your corporate culture and specific challenges.  
Explore the implications of AI in your cybersecurity strategy, weighing both its potential benefits and associated risks.  
Implement a culture of security awareness by providing ongoing training and resources to all employees within your organization.  
Document security processes and standards to ensure repeatability and compliance with industry regulations like PCI.  
Experiment with different cybersecurity roles and responsibilities to find areas where team members can excel and contribute effectively.
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0

In our latest special episode of the Future of Threat Intelligence podcast, Wade Wells, Cybersecurity Threat Detection Engineer & Expert at a Fortune 50 company, shares his insights from the Black Hat conference. He highlights the promising advancements in blue team technologies, particularly in AI applications and deception strategies. 
 
Wade also discusses the importance of community networking for aspiring cybersecurity professionals and reflects on the lessons learned from recent security incidents, including the implications of relying on specific security vendors. 
 
Topics discussed:
The transformative potential of AI technologies in enhancing threat detection and operational efficiency for blue team cybersecurity efforts.
The importance of effective email security solutions and their role in protecting organizations from phishing and other email-based threats.
Observations on SentinelOne’s Purple AI, which demonstrates the potential of AI in threat hunting and incident response scenarios.
The importance of networking within local cybersecurity communities, which can provide valuable resources and job opportunities for newcomers.
How the CrowdStrike incident highlighted vulnerabilities in widely used security solutions and the need for diverse strategies.
Insights on the critical role of kernel security mechanisms in protecting systems and the challenges associated with managing kernel-level vulnerabilities.
Advice for aspiring professionals to leverage existing resources and community knowledge instead of reinventing the wheel in detection engineering.
The evolving responsibilities of blue teamers in cybersecurity, including focusing on proactive measures and collaboration with red teams for improved security. 
 
Key Takeaways: 
Investigate and evaluate AI-driven cybersecurity tools to enhance your blue team’s threat detection capabilities and improve incident response times.
Prioritize the deployment of robust email security tools to protect against phishing attacks and safeguard sensitive organizational information.
Stay informed about emerging Endpoint Detection and Response (EDR) solutions to find innovative products that can strengthen your security posture.
Integrate deception technologies into your security framework to mislead attackers and gather intelligence on their tactics and techniques.
Actively participate in local cybersecurity communities to build connections, share knowledge, and discover job opportunities in the field.
Analyze recent security incidents to identify vulnerabilities and adapt your security strategies accordingly.
Focus on hardening kernel security mechanisms to mitigate risks associated with kernel-level vulnerabilities and improve overall system security.
Foster collaboration between blue and red teams to improve threat detection and response strategies through shared insights and experiences.
 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0