Eye on Security

Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabilityhttps://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-dayhttps://www.ivanti.com/blog/an-update-on-ivantis-ongoing-commitment-to-enhanced-product-securityhttps://www.ivanti.com/resources/secure-by-design/2024https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends?e=48754805

Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were using to likely support cyber espionage goals. He delves into these findings and the usage of RemoteApps and victim file mapping via RDP, and closes with some of the mysteries that remain about this activity. https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol

Imran Ahmad (Senior Partner, Canadian Head of Technology and Canadian Co-Head of Cybersecurity and Data Privacy at Norton Rose Fulbright) joins host Luke McNamara to discuss how executives are thinking about cyber risk in a changing and evolving landscape. He touches on the importance of training before a breach, how ransomware has changed security conversations with boards, and the promise and risk of emerging technologies like AI play for enterprises.  

Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecasthttps://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat

Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger

Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capabilities of an enterprise in cyber defense. 

Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more. 

Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercisehttps://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2.pdf

Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.htmlhttps://blog.virustotal.com/2024/04/analyzing-malware-in-binaries-and.html

Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more. 

Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. For more on TAG's work on CSVs:https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/

Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros.  For more on this topic, please see:  https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east?e=48754805

Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself. For more, please see: https://cloud.google.com/security/solutions/mandiant-ai-consulting

Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023.  They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more.  Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all means for defenders. For more,  check out: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-orb-networksFollow Michael on X at @aRtAGGI 

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances.  John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitation by a range of threat actors.  They also discuss the role a suspected Volt Typhoon cluster played into the follow-on exploitation, and share their thoughts on what else we might see from China-nexus zero-day exploitation of edge infrastructure this year.  For more on this research, please check out: Cutting Edge, Part 1: https://cloud.google.com/blog/topics/threat-intelligence/suspected-apt-targets-ivanti-zero-dayCutting Edge, Part 2: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-zero-day-exploitationCutting Edge, Part 3: https://cloud.google.com/blog/topics/threat-intelligence/investigating-ivanti-exploitation-persistenceCutting Edge, Part 4: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movementFollow John on X at  @Big_Bad_W0lf_Follow Tyler on X at @tylabs

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report.  Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For more on the M-Trends 2024 report: http://cloud.google.com/security/m-trends

Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why certain sectors see more targeting, and more.

Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more. 

Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations,  and more. 

Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023

Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. For more on the work of Google Cloud's Office of the CISO: https://cloud.google.com/solutions/security/board-of-directors?hl=en#additional-thought-leadership-resources

Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his  blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop

For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year. 

Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023.  Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more. 

Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape,  collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security.  For more on the Department of Homeland Security and their work, please see: Cybersecurity | Homeland Security (dhs.gov)Shields Up | CISAJoint Cyber Defense Collaborative | CISAhttps://www.cisa.gov/securebydesignhttps://www.cisa.gov/secure-our-world https://www.cisa.gov/cybersecurity-awareness-monthAlejandro Mayorkas | Homeland Security (dhs.gov)

Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud 

Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41Follow Kristina on X @chmodxx_

Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in comparison to FIN11's previous operations, why the impact from this operation may impact organizations for some time, and what this spells for the changing landscape of multifaceted extortion. For more from Mandiant on MOVEit:  https://www.mandiant.com/resources/blog/zero-day-moveit-data-theftIf you enjoyed this episode,  please rate and leave us a review on your platform of choice! 

Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in this area, and the importance of recurring stakeholder feedback to a well-functioing CTI team. Follow Jamie at @TheCollierJam on Twitter. For more on A Requirements-Driven Approach to Cyber Threat Intelligence, please see: https://www.mandiant.com/resources/blog/requirements-driven-approach-cti 

Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.

Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions. For more, please see: https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivatedFollow Ryan @heferyzan and Tim @Sa1jak on Twitter. 

What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and understanding their role during a breach.

The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better.  In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks through the AI use cases that will help organizations better defend against those attacks.  Hosted by Dan Lamorena, Head of Mandiant Product Marketing.

Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year around dwell time, ransomware, top initial intrusion vectors, and more. For more on Mandiant's 14th iteration of M-Trends, check out: https://www.mandiant.com/resources/blog/m-trends-2023Follow Kirstie (@Gigs_Security) and Jake (@nicastronaut) on Twitter. 

Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritization methods. He walks through the importance of an intelligence-led approach to exposure management, how CISOs can think about their organization and how to make informed business decisions. 

With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/ Find Mandiant's full report on APT43 here: https://www.mandiant.com/resources/reports/apt43-north-korea-cybercrime-espionage

Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year.  Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how variants of known vulnerabilities and bugs continue to shape the exploit landscape. They also discuss the challenges and trade-offs for defenders that arise from publishing technical details of exploits. For more on Google's Project Zero, check out: https://googleprojectzero.blogspot.com/ For more on Mandiant's research on zero-days in 2022, please see: https://www.mandiant.com/resources/blog/zero-days-exploited-2022

Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights drivers to this market and how it may evolve in the years to come. Shane also delves into TAG's recent report on the past year of Russian cyber operations since the invasion of Ukraine, and provides some thoughts on threat activity to anticipate going forward, from supply chain compromises to election security. For more on TAG and Mandiant's analysis of Russian operations since the invasion of Ukraine, check out: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/For more on Google's efforts against commercial spyware: https://blog.google/threat-analysis-group/googles-efforts-to-identify-and-counter-spyware/  

Have you ever wondered what a breach is really like from a CISO's perspective?Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance carriers, regulators, crisis communications, and more. He also shares what surprises he has encountered along the way!Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts.

Kimberly Goody and Jeremy Kennelly from Mandiant's Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the discussion inevitably returns to the topic of extortion and ransomware, and where that might be heading next. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts.

In this week's episode of The Defender's Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.Read the blog, Turla: A Galaxy of Opportunity at https://mndt.info/3jPAeRI.Read the blog, Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia at https://mndt.info/3ATQB5n.You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts.

Our latest episode in The Defender's Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing. Recent data shows that there are over 700,000 cybersecurity jobs that are unfilled in the US alone, and global estimates show this number is upwards of 3 million. Barbara and Margaret discuss how both Mandiant and Google Cloud are breaking down the barriers to employment in cyber and ensure those interested in employment get the education they need to be successful in the field. They also discuss how organizations should think differently about addressing the talent shortage in cyber security. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

We are kicking off a new year of The Defender's Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud. Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and identity access. She also touches on the skills gap in the fraud space and briefly talks about cryptocurrency. Learn more about Sift at https://sift.com/ and @GetSift. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

This week's episode of the Threat Trends series is the final episode of 2022 for The Defender's Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year. Sandra chats through aspects of the Russian invasion on Ukraine, activity from the DRAGONBRIDGE IO campaign, and Mandiant's graduation of APT42. She also discusses the evolution of ransomware and the possibility of threat actors targeting countries with ransomware – as we saw in Albania – could be a trend we continue to see in 2023. Additional trends Sandra mentions include the close association of hacktivist activity with APT activity and North Korea's continued interest in cryptocurrency. Read more about what else experts predict we can expect in the coming year in Mandiant's Cyber Security Forecast 2023 Report. Download your copy at https://mndt.info/3FDxQ9n. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

This week's episode of The Defender's Advantage Podcast features British American Tobacco CISO, Dawn-Marie Hutchinson joins Frontline Stories host Kerry Matre for a discussion on third-party risk management. Over the course of the conversation, Dawn-Marie discusses the approach that she takes in third-party risk management and the process of conducting risk assessments. She also shares how she encourages suppliers to increase their security and how she would ideally allocate budget toward risk reduction. You can follow Dawn-Marie at @Rie_Hutch. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

This week's episode of The Defender's Advantage Podcast features four members of Team Mandiant who previously served in the United States military and transitioned into careers in the cyber security industry. Skills Gap host Kevin Bordlemay was joined by Paul Shaver, Thomas Worthington, Lauren Krukar, and Brian Timberlake for a discussion on what the transition out of service looks like and the resources that are available to those interested in a role in cyber. The group discusses their tips for military personnel considering a transition out of service and the resources they were able to take advantage of during their transitions, including resume review and SkillBridge. They also give their advice on what questions military members should be asking in interviews to ensure they are finding roles that fit. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

This week's episode of The Defender's Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They also share their perspectives on the targeting trends they've observed over the last year and the activity we might expect to see moving forward, such as an increase in economic espionage and continued diplomatic targeting by APT29. Follow Gabby Roncone at @gabby_roncone, John Wolfram at @Big_Bad_W0lf_ and Tyler McLellan at @tylabs. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. Additional Resources Listen to the episode, Threat Trends: Russian Invasion of Ukraine Information Operations featuring Sam Riddell and Alden Wahlstrom: https://mndt.info/3wGse9uListen to the episode, Threat Trends: Stolen Emails, Hacked Cameras and the Mysterious UNC3524 featuring Doug Bienstock and Josh Madeley: https://mndt.info/3vMne2RRead the blog post, Trello From the Other Side: Tracking APT29 Phishing Campaigns: https://mndt.info/3UU9HjPRead the blog post, They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming: https://mndt.info/3FZp7Pk

This week's episode of The Defender's Advantage Podcast features Davis Hake, co-founder of cyber insurance company Resilience, who joined Frontline Stories host Kerry Matre for a discussion on the role of cyber insurance. During the conversation, Davis explains the model for how cyber insurance is sold, the application process and how insurance companies work with clients to determine their risks and set rates. He also discusses some of the advances in recent years and those he hopes to see in cyber insurance in the coming years, including global resilience to digital threats. Learn more about Resilience at cyberresilience.com and follow at @ResilienceSays. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. Additional Resources Read Mandiant's Cyber Security Forecast 2023 Report 

This week's episode of The Defender's Advantage Podcast features Mandiant's Michael Barnhart and Joe Dobson who joined Threat Trends host Luke McNamara for a discussion on recent cyber activity out of North Korea, including the targeting of cryptocurrency. Michael and Joe discuss some of the North Korean threat groups Mandiant is following and a view of the threat landscape in the region. They also chat about the tactics of actors targeting cryptocurrency, which includes applying for roles with companies associated with crypto projects to enable malicious actors within the network. Don't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts. 

On this week's episode of The Defender's Advantage Podcast, Mandiant's Nader Zaveri and Simran Sakraney join Skills Gap host Chris Campbell for a discussion on how the cyber security industry and the companies within it can attract candidates from underrepresented groups and foster diversity. Nader and Simran share their individual journeys into the industry and their perspectives on how organizations in cyber can encourage more women to enter the security field and tactics recruiters can take to engage individuals from non-traditional educational and professional backgrounds. They also outline the various types of roles that live within the cyber industry and some of the transferable skills those just starting in the field can lean on. You can follow Nader at @NaderZaveri and Simran at @SIEMmer_Down. Learn how Mandiant is working to address the cyber security skills gap: https://mndt.info/3T0QjQdDon't forget to rate, review and subscribe to The Defender's Advantage Podcast where you listen to podcasts.