Future of Threat Intelligence

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Eric Hanselman, Chief Analyst at S&P Global, about the critical role of threat intelligence in today’s cybersecurity landscape. Eric emphasizes the need for organizations to integrate threat intelligence operationally, moving beyond mere threat feeds to develop comprehensive threat models. 
 
He discusses the importance of maintaining operational hygiene, building a peer ecosystem for information sharing, and aligning security strategies with overall business objectives. Eric also offers valuable insights on navigating the complexities of cybersecurity and the future of threat intelligence. 
 
Topics discussed:
Insights on the evolving role of threat intelligence in modern cybersecurity strategies and operations.  
How organizations must integrate threat intelligence operationally to effectively manage risks and inform day-to-day security decisions.  
Why simply having a threat feed is insufficient; understanding and updating threat models is crucial for effective risk management.  
How operational hygiene, including good backups and data protection, is essential for defending against ransomware and other cyber threats.  
The value of building a community for information sharing enhances collaboration and provides valuable reality checks among cybersecurity professionals.  
Aligning security strategies with business objectives ensures that security measures support overall organizational goals and operations.  
Looking ahead and maintaining a forward-thinking perspective is vital for anticipating future cybersecurity challenges and opportunities.   
 
Key Takeaways: 
Integrate threat intelligence into daily operations to enhance your organization’s ability to respond to emerging cybersecurity threats.  
Develop comprehensive threat models that are regularly updated to reflect the evolving risk landscape and inform strategic decisions.  
Prioritize operational hygiene by ensuring robust data protection measures and effective backup systems to mitigate ransomware risks.  
Build a network of cybersecurity peers for information sharing to gain insights and reality checks on current security practices.  
Align your security strategies with business objectives to ensure that cybersecurity efforts support overall organizational goals and operations.  
Stay informed about emerging technologies, such as GenAI, and assess their potential impact on your security posture.  
Engage in end-user research to understand the pain points of security teams and develop solutions that address their challenges.  
Look beyond immediate threats and focus on long-term strategic planning to anticipate future cybersecurity challenges.  
Foster a culture of collaboration within your organization to enhance communication between security teams and other business units.  
Regularly evaluate and refine your security practices to ensure they remain effective in the face of evolving threats and technologies.   

In our latest episode of the Future of Threat Intelligence podcast, host David Monnier welcomes David Ortiz, Global CISO at Church & Dwight. David shares insights from his extensive career in information technology and cybersecurity, emphasizing the importance of understanding the evolving threat landscape. 
 
David touches on the critical role of threat intelligence in decision-making, the challenges posed by sophisticated phishing techniques and deepfakes, and the necessity of integrating cybersecurity into business strategy. He also highlights the significance of collaboration across various teams and the responsible use of AI in enhancing security measures for organizations. 
 
Topics discussed:
The importance of understanding the evolving threat landscape for effective cybersecurity management in organizations.  
How threat intelligence plays a crucial role in identifying and mitigating risks, helping CISOs make informed decisions.  
How advanced email gateways and spam filters need to evolve to combat increasingly sophisticated phishing attacks and deepfake technologies.  
Why integrating cybersecurity into overall business strategy is essential for achieving security by design and enhancing data privacy measures.  
The value of collaboration with diverse partners, including legal teams and law enforcement, strengthens cybersecurity resilience and response capabilities.  
The importance of comprehensive cybersecurity awareness training to empower employees in recognizing and responding to potential threats.  
The responsible use of AI tools is vital for enhancing security measures while maintaining data privacy and compliance standards.   
 
Key Takeaways: 
Assess your organization's attack surface to identify vulnerabilities and prioritize protecting critical assets effectively.  
Implement a robust threat intelligence program to enhance decision-making and stay informed about emerging cybersecurity threats.  
Upgrade email gateways and spam filters to counteract sophisticated phishing attacks and improve overall email security.  
Integrate cybersecurity practices into your business strategy to ensure security by design and enhance data privacy initiatives.  
Collaborate with various stakeholders, including legal teams and law enforcement, to strengthen your cybersecurity posture and incident response.  
Conduct regular cybersecurity awareness training for employees to empower them in recognizing and responding to potential threats.  
Monitor the responsible use of AI tools within your organization to balance innovation with data privacy and security compliance.  
Engage with third-party vendors to assess their security practices and manage supply chain risks effectively.  
Foster a culture of accountability and ownership among team members to ensure everyone understands their role in reducing cyber risk.  
Seek mentorship from experienced professionals in both cybersecurity and business to develop a well-rounded skill set for leadership roles.  

In our latest episode of the Future of Threat Intelligence podcast, Kristof Riecke, Field CISO at Rackspace Technology, shares his journey in cybersecurity and highlights the evolution of the industry over the past decade. He discusses the importance of effective communication in security strategies, the need for a holistic approach to threat intelligence, and the unique challenges organizations face in cloud security. 
 
Kristof also emphasizes that understanding the specific needs of each organization is crucial for developing effective security measures and achieving overall security maturity. 
 
Topics discussed:
How the evolution of cybersecurity is marked by increasing complexity in attacks and a growing need for professionalization within the industry.  
Why effective communication is essential for CISOs to convey security strategies and engage with stakeholders at all organizational levels.  
How a holistic approach to threat intelligence is crucial, considering diverse sources and types of information relevant to an organization’s security needs.  
Why organizations must continuously address security measures, as moving to the cloud does not eliminate the need for ongoing vigilance.  
How understanding specific organizational needs is vital for developing tailored security measures and achieving overall security maturity.  
The importance of transparency regarding vulnerabilities and incidents to enhance detection and response capabilities within organizations.   
 
Key Takeaways: 
Assess your organization's current cybersecurity posture to identify vulnerabilities and areas for improvement in threat detection and response.  
Implement multi-factor authentication across all systems to enhance security and protect against unauthorized access.  
Educate employees on security awareness to foster a culture of vigilance and reduce the risk of human error in cybersecurity.  
Communicate security strategies clearly to all stakeholders, ensuring that everyone understands their role in maintaining a secure environment.  
Develop a holistic threat intelligence program that incorporates diverse information sources to better understand potential threats.  
Regularly review and update security measures to adapt to the evolving cybersecurity landscape and emerging threats.  
Collaborate with cross-functional teams to ensure that security practices are integrated into all aspects of the organization.  
Document security incidents and responses to create a knowledge base that can improve future incident management and response efforts.  
Utilize cloud security best practices to protect sensitive data and maintain compliance with regulatory requirements.  
Establish a continuous monitoring process to stay informed about the security landscape and proactively address potential threats.   

In our latest episode of the Future of Threat Intelligence podcast, we welcome David Patariu, an Attorney focusing on Privacy, Artificial Intelligence, and Cybersecurity at Venable LLP. David shares his unique journey from engineering to law, highlighting the critical intersection of technology and legal frameworks. 
David sheds light on the challenges posed by unauthorized data scraping, and what The Mitigating Unauthorized Scraping Alliance (MUSA) is doing to raise awareness and help prevent the practice, including MUSA’s Industry Practices to Mitigate Unauthorized Scraping. He also discusses the importance of robust privacy policies in building user trust, and the need for collaboration between industry and regulators to address emerging privacy concerns. 
Topics discussed:
How unauthorized data scraping poses significant risks to businesses, requiring proactive measures to protect intellectual property and user data.  
Why effective privacy policies are essential for building trust with users and ensuring compliance with evolving regulatory requirements.  
How collaboration between industry stakeholders and regulators is crucial to combat unauthorized data scraping and promote best practices.  
The role of legal advisors is evolving, necessitating a strong understanding of technology to provide relevant guidance.  
Why data protection strategies must consider the implications of artificial intelligence and machine learning on privacy and cybersecurity.  
How public awareness and education about data scraping and privacy issues are vital for empowering users to safeguard their information.   
Key Takeaways: 
Develop comprehensive privacy policies that clearly outline data usage practices to enhance user trust and comply with legal requirements.  
Engage in ongoing education about privacy laws and cybersecurity trends to stay informed and adapt to regulatory changes effectively.  
Collaborate with legal advisors who have a strong technology background to ensure that legal frameworks align with business objectives.  
Implement best practices for data protection by participating in industry groups focused on combating unauthorized data scraping.  
Conduct regular audits of your data handling practices to ensure compliance with privacy regulations and identify areas for improvement.  
Monitor emerging technologies and their implications for privacy to proactively address potential legal challenges in your organization.  
Participate in webinars and conferences to gain insights into the latest developments in privacy, cybersecurity, and artificial intelligence.  
Advocate for industry collaboration to establish standards and guidelines that address unauthorized data scraping and enhance user protection.   

In our latest episode of The Future of Threat Intelligence podcast, Jim Tiller, CISO at CyberBellum and a veteran in the cybersecurity industry with over 25 years of experience joins us to explore the intricacies of working as a fractional CISO. 
 
He offers a unique perspective on the role's challenges and rewards and emphasizes the importance of understanding business nuances, building trust with leadership, and developing a broad-spectrum knowledge of emerging technologies. Jim's insights shed light on measuring performance, effective communication, and essential skills provide invaluable guidance for navigating today's complex cybersecurity landscape. 
 
Topics discussed:
The evolving role and challenges of being a fractional CISO in today's cybersecurity landscape.
The importance of building human connections and speaking the language of business stakeholders for effective cybersecurity leadership.
Strategies for measuring the success of a fractional CISO beyond traditional KPIs and metrics.
Essential skills for CISOs, including humility, broad-spectrum technological knowledge, and the ability to get the gist of new concepts.
The necessity of staying updated on threat intelligence and applying it effectively within your organizational structure.
Tips for aspiring CISOs on how to start and thrive in the ever-changing world of cybersecurity. 
 
Key Takeaways: 
Build strong human connections with stakeholders by understanding their language and business needs for effective cybersecurity leadership.
Measure your success as a fractional CISO by demonstrating influence and trust rather than relying solely on traditional KPIs.
Stay updated on the latest threat intelligence and apply it within your organization to bolster cybersecurity defenses.
Develop a broad-spectrum knowledge of emerging technologies to enhance your overall understanding and decision-making capabilities.
Communicate regularly with your team and organization, making cybersecurity updates engaging, relevant, and easy to understand.
Learn continuously and be a professional learner to keep up with the rapid changes in the cybersecurity landscape.
Demonstrate your value by showing how your decisions positively impact the organization's security posture and business goals.
Identify and understand key performance indicators that truly reflect your effectiveness and impact as a fractional CISO. 
 

In our latest episode of the Future of Threat Intelligence podcast, David chats with Rafal Los, Head of Services Strategy & GTM at ExtraHop and the creative force behind the Down the Security Rabbithole podcast. Rafal discusses his journey from curiosity-driven exploration to a professional career in cybersecurity and the lessons he’s learned along the way.
 
Rafal shares his extensive experience in cybersecurity, offering insights on transitioning from technical roles to strategic leadership positions. He also talks about common misconceptions in strategic advisement, the importance of understanding the business context, and actionable advice for aspiring leaders. Throughout the conversation, Rafal's practical tips and seasoned perspectives make this episode a must-listen for anyone looking to elevate their career in cybersecurity and threat intelligence. 
 
Topics discussed:
Transitioning from technical roles to strategic leadership positions in the cybersecurity industry.
Common misconceptions in strategic advisement and how to avoid these pitfalls.
The importance of understanding the business context to improve strategic decision-making in cybersecurity.
Actionable advice for aspiring leaders in threat intelligence and cybersecurity.
How to bridge the gap between technical language and business objectives effectively.
Practical tips on assessing risks, impacts, and having a clear strategy for cybersecurity initiatives. 
 
Key Takeaways: 
Understand the broader business context to make more informed strategic decisions in cybersecurity.
Listen to and comprehend the challenges faced by different stakeholders to improve strategic advisement.
Develop a clear, actionable strategy for cybersecurity initiatives, focusing on both technical and business aspects.
Be skeptical of the information you read to stay critical and informed about industry trends and developments.
Engage in continuous learning by consuming content from diverse sources to broaden your cybersecurity knowledge.
Assess risks and impacts critically to prioritize cybersecurity efforts effectively.
Bridge the gap between technical language and business objectives to enhance communication and decision-making.
Prepare for potential failures by understanding how systems can fail and creating contingencies.
Network with industry professionals to gain different perspectives and insights into cybersecurity challenges.
Seek to understand the experiences and needs of your team and stakeholders to create more effective security strategies. 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0

In our latest special episode of the Future of Threat Intelligence podcast, David chats with cybersecurity expert Jeff Man at the Black Hat conference. Jeff is the Sr. Information Security Consultant at Online Business Systems, and he shares his extensive insights on the evolving landscape of cybersecurity and the importance of fundamental security practices to protect sensitive data. 
Jeff emphasizes the role of security evangelists in educating organizations and fostering a culture of security awareness. He also explores the implications of AI in cybersecurity, addressing both its potential benefits and challenges. 
Topics discussed:
The importance of understanding fundamental security practices to effectively protect sensitive data in organizations.  
How the cybersecurity landscape is filled with numerous solutions, but clarity on essential objectives is crucial for effective security.  
How security evangelists play a key role in educating clients about their specific security needs and corporate culture challenges.  
How AI is a significant buzzword in cybersecurity, but its potential benefits and risks require careful consideration and understanding.  
Why organizations often mistakenly believe that implementing the right technology alone is sufficient for comprehensive security measures.  
The necessity of fostering a culture of security awareness among employees to enhance overall protection.  
How mentorship and exposure to various cybersecurity roles are vital for individuals looking to enter or transition within the industry.   
Key Takeaways: 
Educate your team on fundamental security practices to enhance their understanding of protecting sensitive data effectively.  
Assess your organization’s current cybersecurity solutions to identify gaps and ensure alignment with essential security objectives.  
Engage with a security evangelist to gain tailored insights and strategies that fit your corporate culture and specific challenges.  
Explore the implications of AI in your cybersecurity strategy, weighing both its potential benefits and associated risks.  
Implement a culture of security awareness by providing ongoing training and resources to all employees within your organization.  
Document security processes and standards to ensure repeatability and compliance with industry regulations like PCI.  
Experiment with different cybersecurity roles and responsibilities to find areas where team members can excel and contribute effectively.
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0

In our latest special episode of the Future of Threat Intelligence podcast, Wade Wells, Cybersecurity Threat Detection Engineer & Expert at a Fortune 50 company, shares his insights from the Black Hat conference. He highlights the promising advancements in blue team technologies, particularly in AI applications and deception strategies. 
 
Wade also discusses the importance of community networking for aspiring cybersecurity professionals and reflects on the lessons learned from recent security incidents, including the implications of relying on specific security vendors. 
 
Topics discussed:
The transformative potential of AI technologies in enhancing threat detection and operational efficiency for blue team cybersecurity efforts.
The importance of effective email security solutions and their role in protecting organizations from phishing and other email-based threats.
Observations on SentinelOne’s Purple AI, which demonstrates the potential of AI in threat hunting and incident response scenarios.
The importance of networking within local cybersecurity communities, which can provide valuable resources and job opportunities for newcomers.
How the CrowdStrike incident highlighted vulnerabilities in widely used security solutions and the need for diverse strategies.
Insights on the critical role of kernel security mechanisms in protecting systems and the challenges associated with managing kernel-level vulnerabilities.
Advice for aspiring professionals to leverage existing resources and community knowledge instead of reinventing the wheel in detection engineering.
The evolving responsibilities of blue teamers in cybersecurity, including focusing on proactive measures and collaboration with red teams for improved security. 
 
Key Takeaways: 
Investigate and evaluate AI-driven cybersecurity tools to enhance your blue team’s threat detection capabilities and improve incident response times.
Prioritize the deployment of robust email security tools to protect against phishing attacks and safeguard sensitive organizational information.
Stay informed about emerging Endpoint Detection and Response (EDR) solutions to find innovative products that can strengthen your security posture.
Integrate deception technologies into your security framework to mislead attackers and gather intelligence on their tactics and techniques.
Actively participate in local cybersecurity communities to build connections, share knowledge, and discover job opportunities in the field.
Analyze recent security incidents to identify vulnerabilities and adapt your security strategies accordingly.
Focus on hardening kernel security mechanisms to mitigate risks associated with kernel-level vulnerabilities and improve overall system security.
Foster collaboration between blue and red teams to improve threat detection and response strategies through shared insights and experiences.
 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0 
 

In our latest episode of the Future of Threat Intelligence podcast, Krista Case, Research Director of Cybersecurity at The Futurum Group. Krista shares insights from recent research revealing that 50% of organizations plan to adopt new cybersecurity vendors in 2024, highlighting the evolving threat landscape and the expanding attack surface that organizations face today. 
 
Krista also emphasizes the importance of resilience and strategic thinking for CISOs, providing valuable guidance on how to effectively address key vulnerabilities and stay ahead of cyber adversaries. 
 
Topics discussed:
The critical need for innovation in cybersecurity to address evolving threat vectors and expanding attack surfaces.  
How cybersecurity is now a board-level concern, driven by increasing cyberattacks making headlines and raising organizational awareness.  
Why advanced threat hunting capabilities are essential for organizations to keep pace with malicious attackers and enhance security posture.  
The importance of resiliency and focusing on recovery and minimizing data loss from cyberattacks and other outages.  
The value of independent research and peer connections for CISOs seeking third-party advice on cybersecurity solutions.  
 
Key Takeaways: 
Evaluate your current cybersecurity tool chain to identify gaps and opportunities for innovation in response to evolving threat vectors.  
Engage with board members to elevate cybersecurity as a critical organizational concern, ensuring alignment with business objectives.  
Implement advanced threat hunting capabilities to proactively identify and mitigate potential security risks before they escalate.  
Prioritize resiliency strategies that focus on recovery processes and minimizing data loss following cyberattacks or system outages.  
Connect with independent research firms to gain insights into the latest cybersecurity trends and effective solutions for your organization.  
Participate in peer advisory groups or forums to share experiences and strategies with other CISOs facing similar cybersecurity challenges.  
Adopt a strategic approach to cybersecurity by identifying key vulnerabilities that align with your organization’s overall business goals.  
Monitor industry developments and emerging technologies to stay informed about innovative solutions that can enhance your security posture.  
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0

In our latest special episode of the Future of Threat Intelligence podcast, Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, joins us at the Black Hat conference. He shares their uncovering of the largest ransomware payment in history — $75 million — made by a Fortune 50 company to the Dark Angels group. 
 
Brett explains the group's unique approach, which involves stealing vast amounts of data without encrypting files, and their preference for low-volume, high-impact attacks to evade media scrutiny. He also highlights essential cybersecurity measures, such as implementing two-factor authentication and adopting a zero-trust architecture to protect against such threats. 
 
Topics discussed:
How the Dark Angels group executed the largest ransomware payment in history, totaling $75 million.  
How, unlike typical ransomware attacks, the group stole data without encrypting files, exfiltrating approximately 100 terabytes of sensitive information.  
How their operational model is low-volume, focusing on individual companies to avoid media attention and maintain a low profile.  
The importance of basic IT hygiene practices, such as two-factor authentication, which are crucial for preventing significant data breaches and ransomware attacks.  
How implementing a zero-trust architecture can help organizations limit lateral movement and enhance overall cybersecurity defenses against threats.  
 
Key Takeaways: 
Implement two-factor authentication to enhance security and reduce the risk of unauthorized access to sensitive corporate data.  
Monitor network traffic for anomalous behavior, especially large data transfers, to quickly identify potential data exfiltration attempts.  
Adopt a zero-trust architecture to limit lateral movement within your network and ensure users only access necessary resources.  
Limit user privileges, ensuring that users have only the access necessary for their roles.  
Stay informed about emerging ransomware trends and tactics to proactively adjust your cybersecurity strategies and defenses.   
 
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0