Future of Threat Intelligence

In this week's episode of the Future of Cyber Risk podcast, David speaks to Brian Stack, VP of Engineering & Dark Web Intelligence at Experian Consumer Services, which offers online credit reports, scores, and monitoring products. They discuss what Brian's dark web team does in order to protect customer identities, the hurdles they've had to overcome to be effective globally, and the biggest challenges to security today in general. They also talk about practical ways businesses can reduce their risk, why it's necessary to think beyond just technology, and how the future of cyber risk will focus on analytics, prevention, and education.
Topics discussed:
Brian's background, that started in computer science, then led him to working on the US missile shield and starting his own software company before finding his way to Experian to lead a dark web team.
What the dark web team does each day, including building relationships in dark web forums for leads, and how they go about protecting customer credentials and identity.
How the dark web team has overcome various challenges like language barriers and expanding their team to be located around the world.
What priorities small businesses and enterprises should have when it comes to cyber security, like training, encryption, investing in cloud security, and more.
The skills security practitioners should possess, including learning the fundamentals, mastering the tools, and studying psychology. 
The biggest challenges to cybersecurity today, including geopolitical conflict and the ease at which you can purchase malware-as-a-service.
Why the future of cyber risk will center around analytics, prevention, and education, and why monitoring and alerting will be table stakes.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, a company that offers compliance and cybersecurity solutions. They discuss how Selena's background in journalism informs what she does today, what a day in the life of a threat intelligence analyst looks like, and the best skills to have in security, which include empathy and critical thinking. They also discuss how ransomware is surfacing opportunities for change, the future of cyber risk and awareness, and advice for security practitioners.
Topics discussed:
How Selena got into threat intelligence through her former career as a journalist in the cybersecurity space, and how that work — asking questions, developing hypotheses, and communicating — relates to the threat intelligence she does now.
A day in the life of a threat intelligence analyst focused on cybercrime, the different actors Selena tracks, and the reports she writes to keep customers informed.
Why the best skill to have in security is empathy, and the importance of remembering that there's a human victim at the end of every attack.
The need for critical thinking skills in security in order to consider different perspectives and solve problems, as well as good communication skills to articulate why certain issues matter.
How the biggest challenge today — ransomware — has exposed weakness in organizations and industries, and how there will hopefully be a shift in resourcing organizations for increased protection.
Why the future of cyber risk is heading towards more awareness, and how more mindfulness and improved behaviors will increasingly make a threat actor's job harder to do.
Advice for others in cybersecurity, including a caveat around AI and optimism around how cybersecurity truly makes the world better.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Philipp Amann, Head of Strategy, European Cybercrime Centre at Europol. They discuss the need for collaboration between industry and law enforcement to help combat cybercrime, and how to go about fostering trust and information exchange in more effective and sustainable ways. They also talk about the major risks to organizations today, like legacy systems, ransomware, and AI, and how to better manage complexity to reduce cyber risk.
Topics discussed:
Philipp's broad background in intelligence and cybersecurity, from starting in the military and moving to governance roles in cybercrime, to his current role at Europol.
The need for collaboration to combat cybercrime, and how it requires resources, trust, common ground, incentives, and sustainable approaches.
How understanding cybercrime requires knowledge across a variety of areas, especially to articulate cybercrime issues to non-technical audiences.
The challenges to information sharing across alliances with different limitations and legislations to consider, and the need to address those challenges to reach common goals.
Why one of the biggest risks to organizations today is legacy systems that may still be infected with older vulnerabilities, and why security teams need to focus on both zero-day and 1000-day vulnerabilities.
The ways in which criminals are already beginning to exploit AI and use it to impersonate CEOs, write better code, or create more convincing spam emails.
The rise in the crime-as-a-service model, which could include rogue cryptocurrency exchanges, criminal VPN services, or other malicious businesses.

In this week's special episode of the Future of Cyber Risk podcast, David speaks to Team Cymu's Josh Picolet, Director of S2 Threat Analysis Unit, and Wassim Tawbi, Head of Product Management, about their new product, Pure Signal Scout. They discuss the customer needs that Scout was created to meet, the collaboration behind how the product was developed, and the elements of Scout's design and interface. They also talk about the benefits Pure Signal Scout offers in terms of speed, ease of use, and access to rich data that can help make threat hunting more targeted and effective — and makes threat hunting more accessible for teams who may not have had access to advanced capabilities before.
Topics discussed:
The origins of Pure Signal Scout and the customer pain points around ease of use, speed, and efficacy that lead to its creation.
How Pure Signal Scout's design and interface enables security teams to visualize threat intelligence more easily.
The different ways in which Team Cymru collaborate to create Pure Signal Scout, from development and early testing, to how marketing positions the product, to support for the product after launch.
How Pure Signal Scout was built to be user friendly by being faster, more flexible, and more initiative for threat hunters.
The possibilities that Pure Signal Scout offers to security teams, including building an internal systems of alerting using Scout's API.
How Pure Signal Scout differentiates from other threat intelligence platforms on the market, especially in terms of the quality of the data offered.
The impact that Pure Signal Scout will make out, giving security teams the increased ability to proactively watch and block threats, and improve their security posture.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Mark Lanterman, Founder & CTO of Computer Forensic Services, a provider of electronic discovery, forensic analysis, litigation support, and advisory and consultation services. They discuss the role of digital forensics, especially in criminal cases where it can help bring justice. They also discuss how to prepare your organization for a cyber event, how forensics has changed in the era of cloud, what the future of cyber risk management will look like, and what advice new CISOs or CTOs should follow.
Topics discussed:
Mark's background in both computer science and in law enforcement, and how every day there’s a new mystery to solve at Computer Forensic Services, a digital forensics crime lab.
The difference between what eDiscovery and forensics can tell you, and why forensics answers the "how," "who," "when," and "why."
How forensics has changed in the cloud era, and why it's critical to log, log, log.
The story of a murder case that was solved by finding a deleted note on a seized computer.
Why preparing for a cyber event is like preparing for game day, and why it's better to fail in practice than when it really matters.
What the future of cyber risk management will look like, and how security will be integrated across an organization.
Advice for new CISOs or CTOs that include staying self-critical, always being mentally prepared for the worst, and the importance of great communication skills.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Troels Oerting, Chairman of the Board at BullWall. They discuss the insights Troels has learned across his long career in global cybersecurity leadership, which include how to build bridges of cooperation and communication between public and private entities, industries, and countries to better combat cybercrime. They also discuss the gaps in today’s cybersecurity landscape, the importance of running exercises to practice for imminent threats, and what the future of cyber risk will look like.
Topics discussed:
The evolution of Troels' deep career in cybersecurity, starting as a police officer, to serving as CISO at Barclays, to becoming the Director of the Global Center for Cybersecurity at the World Economic Forum.
How international collaboration around cybersecurity has changed, and why there's the need for more cooperation and bridge-building between countries.
Key lessons learned from being a CISO at Barclays, like why there needs to be more communication across the industry and how banks "put their money where their mouth is" to form a cyber alliance.
The need for the public and private sector to work together on exchanging information in a non-punitive way that benefits both parties.
Significant gaps in the current cybersecurity landscape, and how governments and organizations can work to manage better security approaches.
Three elements of the future of cybersecurity, including the increase in normalization of the risk, more risk-based approaches to security, and a new focus on resilience.
How to use exercises and practice to prepare for future hacks — and why it's essential to invite the board to participate.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Renee Dudley, reporter at ProPublica and co-author of The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime. Renee tells about how her investigative reporting focus took her to cybercrime and ransomware, and how in her research she met a "ransomware hunting team" of a dozen individuals who crack ransomware for victims and rarely ask for anything in return. She also talks about her investigation into companies who claim to help victims with ransoms but are actually scams and how individuals can protect themselves against a ransomware attack.
Topics discussed:
How Renee got into covering cybersecurity, which was sparked by seeing how CISOs were frustrated about not getting funding from their board, and which eventually became a primary topic of her investigative reporting.
How she researched and wrote The Ransomware Hunting Team, including the story of how she tracked down ransomware expert DemonSlay335 and learned about the independent threat hunting team made up of a dozen private researchers like him who help victims of ransomware.
What the mindset and altruistic motivation is behind individuals who crack ransomware and save victims millions of dollars (and it’s not fame and fortune).
How Renee investigated companies that offer assistance to those who have been impacted by ransomware, uncovering that while some are transparent and legit, some are scamming the victims that seek their help.
What steps individuals can take to protect themselves against a ransomware attack, including having offline backups, setting up 2FA, and being wary of phishing emails.
The similarities between the hunters and the hackers in terms of skills and motivation, including a mutual respect for each other, and how each team tries to recruit the other.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Brian Kime, Associate Director of Threat Intelligence and Hunt Lead at Carrier, a global leader in intelligent climate and energy solutions. They discuss the biggest cyber risks to manufacturing companies and how to keep OT environments safe — and why the biggest threat to production is a ransomware attack that impacts the IT systems. They also discuss the need for implementing zero trust and segmenting identities, what key skills are needed to be successful in cyber risk management, security innovations in the military, and why the future of cyber risk management will see organizations prioritizing their own internal data.
Topics discussed:
The evolution of Brian's career as an "expert generalist," including work both on the enterprise defender side and the vendor side, doing research at Forrester, and coming back to the enterprise side at Carrier — as well as serving in the US Army Reserve.
What measures are most successful in protecting manufacturing OT systems against cyber threat, including the necessity of tabletop exercises, implementing zero trust, and the need for segmentation of identities.
Why ransomware is still the biggest threat to manufacturing, and how attackers can halt production and OT systems by ransoming IT systems.
The biggest threats to the global supply chain today, and how tensions in one part of the world — Ukraine and South Asia specifically — can disrupt supply chain timing and costs globally.
The military's approach to cyber risk management, the challenge of working with smaller tech companies as contractors, and why innovation today is soldier-centered. 
What key skills are required for cyber risk management success, including the need for critical thinking around context and audience, and why writing skills are necessary for communicating business value and risk.
What cyber risk management will look like in five years, and why organizations will find it more effective to prioritize their own internal data over outside sources.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Julie Chickillo, VP, Head of Security at Guild Education, a platform where workers can gain the skills and support they need to grow in their careers. They discuss current trends around cyber risk management, including the rising need to integrate more data privacy into security practices. They also talk about how security teams can better understand how risk impacts business decisions, how to weed out "dark patterns" when developing software, and how to support team growth through continuous learning opportunities — including a security book club.
Topics discussed:
The evolution of Julie's career, from being in legal, security, governance, risk, and compliance for nearly 20 years, to becoming head of security at Guild Education, a career enableist platform.
The day-to-day actions of a head of security, including overseeing the privacy and risk groups, looking for new ways to support the team, and keeping up with developments in the industry by talking to founders.
What security practitioners get wrong about cyber risk management, and why practitioners shouldn't own the risk themselves.
Why Julie likes talking to founders about what they're seeing across the industry, and how you can find them at conferences and trade shows "on the outside."
What skills and training are important for a security team, including learning a language like Python, taking free courses, engaging in book clubs, sharing opportunities on Slack, and more.
The necessity of being able to translate data and privacy concerns to business leaders, and to be able to talk about the impact to business decisions.
What dark patterns are, how they impact privacy and data use, and how to better consider user experience when designing software.

Lewis Heuermann, Lead Associate of Cyber Risk Management at Booz Allen Hamilton, and Tom Cross, Independent Security Consultant, speak with David about the complexities threat hunters and their organizations face when dealing with cyber risk management and how to cultivate a holistic cybersecurity ecosystem for sustainable business success. 
In this episode, the conversation focuses on striking a balance between proactive risk management and maintaining day-to-day cybersecurity operations. They emphasize the importance of effective communication and collaboration between different departments within an organization to better understand and address potential cybersecurity threats. 
Topics discussed:
The difficulties faced by cybersecurity professionals in persuading leadership to invest more in cybersecurity and the importance of presenting real-world context to demonstrate the potential risks.
The challenge of maintaining a balance between proactive cyber risk management and daily operations, ensuring that organizations can effectively manage both aspects.
The role of the CISO in aligning cybersecurity efforts with overall business objectives to ensure a more effective risk management strategy.
The million-dollar question: How to convince leadership to invest in cybersecurity.
The need for collaboration between departments like marketing, finance, and IT to foster a more comprehensive understanding of the business landscape and potential cybersecurity threats. 
How to move from a ticket taker/problem solver mindset to one that embraces innovation and strategic thinking in cybersecurity.
How to involve senior leaders, such as the CFO and CIO, in cybersecurity discussions to ensure a more holistic approach to risk management.
Understanding the business perspective and aligning cybersecurity strategy with it is crucial for effective risk management and overall organizational success.
Resources: 
Voice of a Threat Hunter Report 
Paul Graham's Maker's Schedule, Manager's Schedule
Lewis Heuermann on LinkedIn
Tom on Mastodon