Future of Threat Intelligence

David’s latest guest on The Future of Threat Intelligence points out the unexpected ways his customer service background enhances his cybersecurity work. From mastering the art of asking the right questions to navigating remote SOC operations, Lee Ramsey, Senior Security Analyst at Zoom shares practical insights on digital forensics, incident response, and the future of AI in security. 
Drawing from his experience in customer service and his journey to his current role at Zoom, Lee offers valuable perspectives on building successful security teams, implementing effective incident response plans, and maintaining critical thinking in an AI-driven world.
Topics discussed:
The intersection of customer service skills and cybersecurity investigations, focusing on effective communication and problem-solving techniques.
Common pitfalls in incident response planning and the importance of having documented procedures before crises occur.
The impact of AI on digital forensics and incident response, including potential risks and benefits.
Challenges and strategies for managing remote SOC operations in the post-pandemic era.
Key Takeaways: 
Implement a documented incident response plan before you need it to avoid legal and operational complications.
Borrow from customer service skills to improve security investigations through better question-asking techniques.
Approach AI tools with healthy skepticism and always validate their outputs manually.
Build remote SOC capabilities with proper tools and processes for remote data acquisition.
Maintain team cohesion in remote environments through proactive engagement and trust-building.
Document all security practice experience, including CTF participation, to demonstrate practical skills.
Attend local security conferences and volunteer to build professional networks.
Pursue relevant certifications for both credentials and learning opportunities.
Balance tool automation with critical thinking to avoid over-reliance on technology.

In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era. 
James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.
Topics discussed:
The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.
How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.
Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.
How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.
How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.
The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.
Key Takeaways: 
Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.
Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.
Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.
Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.
Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.
Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.
Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.
Use tools like NotebookLM to stay current with security research and white papers while managing information overload.
Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.
Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.

In our latest episode of the Future of Threat Intelligence podcast, David welcomes Justin Jettòn, Senior Threat Intelligence Engineer at Veeva Systems who brings his military intelligence background to discuss the evolving landscape of cybersecurity. Drawing from his experience transitioning from forensics to threat intelligence, Justin explores how AI is transforming both offensive and defensive capabilities in cybersecurity. 
They discuss the potential of AI in early threat detection, the critical need for breaking down organizational silos to improve collective defense, and finding the right balance between automation and human analysis. Justin also emphasizes that while technology advances, the human element remains crucial for effective threat intelligence analysis.
Topics discussed:
Artificial intelligence is reducing the timeline between threat identification and new attack development, lowering barriers for adversaries.
Using AI models for "indications and warning" could help identify threat patterns earlier, enabling proactive defense strategies.
Breaking down organizational silos and creating security collectives is crucial for effective threat intelligence in modern cybersecurity.
Despite technological advances, human analysts remain essential for contextual understanding and strategic threat assessment.
Adding multiple security tools can extend detection time; organizations need better strategies for tool integration and automation.
Clear distinction between engineering and analyst roles, with engineers handling technology while analysts focus on assessment and dissemination.
Future security teams need balanced automation with human oversight, following the military's OODA (Observe, Orient, Decide, Act) loop.
Key Takeaways: 
Implement human verification checkpoints within automated security processes to maintain the "trust but verify" approach in threat intelligence workflows.
Evaluate your organization's security tool stack to prevent tool fatigue — focus on understanding each tool's workflow before adding new ones.
Develop comprehensive understanding of automation processes, from data collection points to decision thresholds, before deploying new security automation.
Establish cross-organizational information sharing frameworks to enhance collective threat detection capabilities through shared AI models.
Differentiate clearly between threat intelligence engineering and analyst roles to optimize team structure and workflow efficiency.
Incorporate the OODA loop (Observe, Orient, Decide, Act) methodology into your threat intelligence processes, ensuring human oversight at critical points.
Broaden your threat intelligence perspective by studying geopolitical events and connecting them to potential cybersecurity implications.
Create sampling protocols to regularly verify that automated security systems are functioning as intended and catching relevant threats.
Build collaborative relationships with ISPs, tech companies, and security vendors to expand threat detection capabilities beyond organizational boundaries.
Document automation workflows thoroughly to ensure security teams understand where decision points occur and how data flows through the system.

In our special episode of the Future of Threat Intelligence podcast, David welcomes Ryan Chapman, Threat Hunter & Author and Instructor at SANS Institute and Matthew Winters, Lead Threat Hunter at T. Rowe Price, to break down Team Cymru's second annual Voice of a Threat Hunter report. Our two experts discuss the statistic that nearly 50% of organizations experienced a major security breach last year, emphasizing the critical role of threat hunting in enhancing incident response. 
 
Ryan and Matt also touch on the importance of proactive detection in cybersecurity, the necessity of curiosity as a fundamental skill for threat hunters, and the challenges organizations face regarding visibility and tool availability.
 
Topics discussed:
Nearly 50% of organizations reported experiencing a major security breach in the past year, highlighting the urgency for improved security measures.  
72% of breached organizations believe that threat hunting significantly enhanced their ability to respond to incidents effectively.  
Proactive detection is becoming essential as organizations recognize the need to stay ahead of evolving cyber threats and attacks.  
Curiosity is a key skill for threat hunters, enabling them to uncover hidden vulnerabilities and enhance overall security posture.  
Many organizations struggle with visibility into their networks, which hampers effective threat hunting and incident response efforts.  
The importance of leveraging existing tools and resources is emphasized to maximize threat hunting capabilities without requiring significant new investments.  
Collaboration across security teams can enhance threat hunting efforts, leading to better detection, response, and overall cybersecurity resilience.
 
Key Takeaways: 
Assess your organization's current security posture to identify potential vulnerabilities and areas needing improvement in threat detection and response.
Implement proactive threat hunting practices to stay ahead of evolving cyber threats and enhance incident response capabilities.
Foster a culture of curiosity within your security team to encourage exploration and investigation of anomalies in your network.
Leverage existing tools and resources effectively to maximize your threat hunting efforts without incurring significant additional costs.
Collaborate across different security teams to share insights and improve the overall effectiveness of threat detection and incident response.
Invest in training programs focused on threat hunting skills to empower your team with the knowledge needed to identify threats.
Document all threat hunting activities and findings to create a knowledge base that can inform future security strategies and decisions.
Establish clear KPIs to measure the effectiveness of your threat hunting initiatives and overall security posture.
Engage with external cybersecurity communities to share experiences, learn best practices, and stay updated on the latest threat intelligence.
Review and update your security tools regularly to ensure they are equipped to handle the latest threats and vulnerabilities. 
 

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Howard Holton, CTO of GigaOm. Howard shares his insights on the increasing vulnerability of small and medium-sized businesses to cyber threats because adversaries are targeting them due to their limited resources and maturity in cybersecurity practices. 
 
Howard emphasizes the importance of understanding the business-like nature of cybercriminals and their strategies. He also explores the role of AI and large language models in enhancing threat intelligence, highlighting how these tools can help organizations prioritize their security efforts effectively. 
 
Topics discussed:
The increasing trend of cybercriminals targeting small and medium-sized businesses due to their lack of resources and cybersecurity maturity.  
Understanding how adversaries operate like businesses, seeking maximum profit by exploiting vulnerabilities in less fortified organizations.  
Actionable cybersecurity measures that organizations can implement immediately to reduce risks and enhance their defenses.  
The role of AI and large language models in improving threat intelligence and making security tools more intuitive for users.  
The challenges of transitioning from a technical role to an executive position and the skills needed for effective leadership in cybersecurity.  
The significance of communication and awareness within organizations to ensure that executive teams understand cybersecurity risks and resource needs.  
Strategies for mitigating the impact of cyber attacks, focusing on prioritizing efforts based on potential threats and vulnerabilities.  
The evolving landscape of cyber threats and how organizations can stay informed and adapt to new challenges in real-time.  
The necessity of governance in implementing AI and LLMs to ensure that sensitive information is handled appropriately within organizations.  
The ongoing need for continuous improvement in cybersecurity practices, as threats are constantly evolving and new vulnerabilities emerge.   
 
Key Takeaways: 
Assess your organization's cybersecurity maturity to identify vulnerabilities and prioritize areas for improvement, especially if you are a small or medium-sized business.
Implement immediate cybersecurity measures to reduce the likelihood of a compromise, focusing on actionable steps that can be completed within hours or days.
Leverage AI and large language models to enhance threat intelligence, making it easier to analyze data and respond to potential threats effectively.
Communicate regularly with your executive team about cybersecurity risks and resource needs to ensure they are informed and can provide necessary support.
Establish a governance framework for AI and LLMs to manage sensitive information and ensure compliance with organizational policies.
Educate your team on the business-like nature of cybercriminals, helping them understand how attackers target organizations based on perceived weaknesses.
Prioritize cybersecurity training for employees to foster a culture of awareness and preparedness against potential cyber threats.
Monitor emerging cyber threats continuously to stay informed about new tactics and vulnerabilities that could impact your organization.
Document all cybersecurity policies and procedures clearly, ensuring that employees understand their roles and responsibilities in maintaining security.
Review and update your incident response plan regularly to reflect changes in the threat landscape and ensure your organization is prepared for potential attacks. 

In our latest episode of the Future of Threat Intelligence podcast, David sits down with Ryan Link, Principal of Threat Detection and Response at CDW. Ryan shares his decade-long journey in cybersecurity, emphasizing the importance of thinking like an attacker to enhance threat detection capabilities. 
 
He discusses the critical role of continuous training for security teams and the integration of AI in reducing detection fatigue. Additionally, Ryan highlights the necessity of cloud training to future-proof cybersecurity teams in an increasingly digital landscape. Tune in for valuable insights on building a resilient and adaptive security strategy! 
 
Topics discussed:
The importance of thinking like an attacker to identify potential risks and improve overall security posture.  
The critical role of continuous training for cybersecurity professionals to keep skills sharp and stay updated on threats.  
The integration of AI in threat detection, focusing on reducing noise and enhancing efficiency in security operations.  
The need for collaboration between blue and red teams to improve detection capabilities and incident response processes.  
The value of cloud training as essential for future-proofing cybersecurity teams in an increasingly cloud-centric digital environment.  
Why organizations should assess their maturity level before leveraging threat intelligence, ensuring it aligns with their capabilities and resources.   
 
Key Takeaways: 
Assess your cybersecurity maturity level to determine the appropriate use of threat intelligence and avoid overspending on unnecessary tools.  
Implement continuous training programs for your security team to keep skills sharp and ensure they stay updated on evolving threats.  
Encourage team members to think like attackers to better identify vulnerabilities and enhance your organization’s overall security posture.  
Integrate AI technologies into your threat detection processes to reduce noise and improve the efficiency of security operations.  
Foster collaboration between blue and red teams to enhance detection capabilities and ensure effective incident response strategies.  
Prioritize cloud training for your team to understand the complexities of cloud environments and secure data effectively.  
Develop custom detection capabilities by leveraging threat intelligence to create tailored responses to specific threats your organization may face.  
Document processes and procedures regularly to maintain clarity and support onboarding of new team members effectively.  
Utilize automated testing environments to streamline the threat detection lifecycle and improve the accuracy of your security tools.  
Take regular breaks to prevent burnout among your security team, ensuring they remain mentally sharp and effective in their roles. 

In our latest episode of the Future of Threat Intelligence, David speaks with Deb Radcliff, Cybersecurity Analyst, Journalist, & Author of the Breaking Backbones hacker trilogy, who shares her unique journey from investigative journalism to writing her books. She discusses the importance of understanding hacker culture and the human side of cybercrime, emphasizing that many hackers are driven by curiosity rather than malice. 
 
Deb also explores the ethical implications of artificial intelligence and the challenges of maintaining privacy in an increasingly tech-driven world. With insights drawn from her experiences and fiction, Deb offers a thought-provoking perspective on the future of cybersecurity and the role of storytelling in shaping our understanding of it. 
 
Topics discussed:
How the Breaking Backbones trilogy humanizes hackers, portraying them as complex individuals rather than mere criminals in a tech landscape.  
Deb emphasizes the importance of understanding social engineering and its role in both hacking and cybersecurity defenses.  
The ethical implications of artificial intelligence are discussed, highlighting potential risks and responsibilities in its development and use.  
Privacy and autonomy are critical themes, with Deb advocating for individual rights in an increasingly monitored and tech-driven society.  
Deb reflects on her early experiences with hackers, illustrating the wild west nature of the cybersecurity landscape in the 1990s.  
The conversation emphasizes the need for collaboration between tech experts and creatives to address cybersecurity challenges effectively.  
 
Key Takeaways: 
Explore the hacker culture to gain insights into motivations and behaviors that can inform better cybersecurity practices.  
Advocate for ethical AI development by engaging in discussions about its implications on privacy and security in society.  
Educate yourself and others about social engineering tactics to enhance awareness and improve defenses against cyber threats.  
Promote privacy rights by supporting initiatives that protect individual autonomy in an increasingly digital and monitored world.  
Collaborate with creatives and tech experts to develop innovative solutions that address the challenges of cybersecurity.  
Participate in cybersecurity training programs to improve your understanding of current threats and effective response strategies.  
Engage in conversations about the ethical use of technology to foster a culture of responsibility among developers and users.  
Utilize storytelling techniques to communicate complex cybersecurity concepts, making them more relatable and understandable for broader audiences.  
Stay informed about emerging technologies and their potential impacts on security to proactively adapt your strategies and practices.

In our latest episode of the Future of Threat Intelligence podcast, David chats with Ryan Chapman, Threat Hunter, Author & Instructor at SANS Institute. They explore the alarming evolution of ransomware tactics, including the rise of multi-extortion strategies where attackers not only encrypt data but also threaten to leak sensitive information. 
 
Ryan emphasizes the critical mistakes organizations make, such as failing to implement basic security practices and allowing administrative privileges for general users. He also discusses the importance of leveraging internal data for effective threat hunting. Tune in to gain insights on strengthening your organization's defenses against ransomware attacks! 
 
Topics discussed:
The evolution of ransomware tactics, highlighting the shift from simple encryption to sophisticated human-operated attacks.  
The rise of multi-extortion strategies, where attackers threaten to leak sensitive data in addition to encrypting it.  
Why organizations often fail to implement basic security practices, leading to increased vulnerability to ransomware attacks.  
The importance of restricting administrative privileges for general users is emphasized to enhance overall security posture.  
The value of better visibility through proper logging and monitoring to detect and respond to threats effectively.  
Leveraging internal data as intelligence is crucial for effective threat hunting and identifying potential vulnerabilities within the organization.  
The significance of ongoing education and training in cybersecurity to keep defenses robust against evolving threats.   
 
Key Takeaways: 
Implement basic security practices, such as restricting administrative privileges for general users, to reduce the risk of ransomware attacks.  
Conduct regular audits of Active Directory permissions to ensure proper access controls and minimize potential vulnerabilities.  
Utilize full tunnel VPNs for remote users to secure all traffic and enhance protection against external threats.  
Enable comprehensive logging on hosts, including PowerShell and Active Directory events, to improve visibility and incident response capabilities.  
Leverage internal data as intelligence by analyzing alerts and indicators of compromise (IOCs) to identify potential threats.  
Educate employees on recognizing phishing attempts and other social engineering tactics to prevent initial access for attackers.  
Collaborate with threat hunting teams to share insights and findings, fostering a proactive approach to cybersecurity.  
Monitor for unusual service names or processes that appear on fewer devices to identify potential threats in your environment.  
Document all findings during threat hunting sessions, regardless of whether a threat is identified, to build organizational knowledge.  
Stay updated on the latest ransomware tactics and trends to adapt your security strategies and defenses accordingly.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Matthew Winters, Lead Threat Hunter at T. Rowe Price. Matthew shares his unconventional journey into cybersecurity, highlighting the importance of soft skills and creativity in threat hunting that he has picked up along the way.
 
He explains that threat hunting is akin to applying the scientific method to networks, starting with hypotheses rather than alerts. Matthew and David also explore the critical role of threat intelligence in shaping effective hunting strategies and the essential skills needed to build a successful threat hunting team. Tune in for valuable insights on enhancing your cybersecurity posture! 
 
Topics discussed:
Threat hunting as applying the scientific method, starting with hypotheses instead of relying solely on alerts.  
The importance of threat intelligence as a foundational element for effective threat hunting and proactive defense strategies.  
Key skills for threat hunters include technical knowledge, creativity, and the ability to reassess and redefine problem statements.  
A hybrid approach to data analysis is recommended, utilizing both network and endpoint data for comprehensive threat visibility.  
The challenges of measuring threat hunting effectiveness, and suggestions for metrics like defenses created and impact on adversaries.   
 
Key Takeaways: 
Explore veteran programs to facilitate career transitions into cybersecurity, leveraging the unique skills and experiences of military personnel.  
Adopt the scientific method in threat hunting by formulating hypotheses before analyzing data, ensuring a structured approach to investigations.  
Utilize threat intelligence to inform your threat hunting strategies, focusing on real-world adversary behaviors and techniques relevant to your organization.  
Encourage creativity within your team by identifying individuals with a "MacGyver Drive" who can think outside the box to solve complex problems.  
Implement a hybrid data analysis approach by integrating both network and endpoint data to gain comprehensive visibility into potential threats.  
Define clear boundaries between threat hunting, incident response, and red teaming to maintain focus and effectiveness in each discipline.  
Measure the effectiveness of your threat hunting program by tracking metrics such as defenses created and the impact on adversaries.  
Foster a culture of continuous learning within your threat hunting team to enhance skills and adapt to evolving cybersecurity challenges.  
Leverage tools like graph databases to analyze relationships between threats and improve the precision of your hunting efforts.  
Challenge your team to reassess problem statements regularly, ensuring they are asking the right questions to drive effective threat hunting.   

In our latest episode of the Future of Threat Intelligence podcast, David speaks with Gregory Van den Top, AI Practice Leader for Europe at Marsh. They explore the critical importance of understanding cyber risk as an integral part of business strategy, rather than a technical afterthought. 
 
Gregory emphasizes the need for organizations to conduct thorough risk assessments and quantify potential impacts, particularly in light of the growing threat of ransomware. He also highlights the significance of fostering a strong link between cybersecurity and executive leadership to enhance organizational resilience. Tune in for actionable insights to strengthen your cyber risk management approach! 
 
Topics discussed:
 Why cyber risk should be integrated into overall business strategy, not treated as a separate technical issue.  
How conducting thorough risk assessments helps organizations understand their current cyber risk landscape and potential vulnerabilities.  
How quantifying cyber risk is essential for informed decision-making and aligning with organizational goals, particularly for financial stakeholders.  
Why ransomware poses a significant threat, requiring organizations to prioritize awareness, preparedness, and proactive incident response measures.  
How building resilience in cybersecurity involves not just response plans but also protective measures to prevent incidents from occurring.  
How establishing clear roles and responsibilities, including board-level oversight, enhances the management of cyber risk across the organization.  
Why cybersecurity education for non-technical stakeholders is crucial for fostering a comprehensive understanding of risks and promoting informed discussions.   
 
Key Takeaways: 
Integrate cyber risk assessments into your overall business strategy to ensure a holistic approach to risk management.   
Quantify cyber risks to provide tangible insights for decision-makers, particularly for CFOs and other financial stakeholders.  
Prioritize awareness and preparedness for ransomware threats by implementing proactive incident response plans and training programs.  
Establish clear roles and responsibilities for cybersecurity within your organization, including board-level oversight for better risk management.  
Foster a culture of cybersecurity education among all employees to enhance understanding and promote informed discussions about risks.  
Develop a robust incident response plan that includes forensics, legal advice, and communication strategies to mitigate the impact of breaches.  
Engage in regular tabletop exercises using AI tools to simulate cyber incidents and improve your organization’s resilience and response capabilities.  
Collaborate with cybersecurity experts to stay updated on emerging threats and best practices for managing cyber risk.  
Review and update your cybersecurity policies and practices regularly to adapt to the evolving threat landscape and organizational changes.