POPULARITY
Something has changed at the board level. Recorded in the media room at Infosecurity Europe 2026 in London, Ian Schenkel, VP Sales, EMEA & APAC of Intel 471, describes directors who no longer take security on faith. After a year of headline breaches from Jaguar Land Rover to Marks and Spencer and the Co-op, leadership wants proof rather than promises. What does the board actually want to know? A straight answer to one question: are we okay? Ian Schenkel starts with geopolitics. Nation-state activity, supply chain exposure, and shifting global markets all shape whether a business can keep running. Threat intelligence becomes the early warning system leaders use to decide where to move and which actors have a history of targeting their industry. The next question gets personal. Does this affect us? Have we already been hit? This is where Intel 471 leans on retroactive threat detection. When new indicators of compromise surface, an analyst can build detection queries in seconds against a SIEM, SOAR tool, SentinelOne, Microsoft, or Palo Alto, then report back to the board with a clear answer. How does intelligence reach the board without getting lost in the weeds? It travels as a story the board can act on. Intel 471 pulls its three core areas, cyber threat intelligence, attack surface management, and threat hunting, into a single report that scales from an executive summary to a detailed account of what was found and neutralized. The stories make it real. During merger rumors, an attacker registered a look-alike domain and emailed employees from it. In another case, Intel 471 warned an organization it did not yet work with about a politically motivated actor that was openly discussing it. The value is the early signal, long before perimeter and endpoint defenses ever engage. Sometimes the right move is not technical at all. It might be briefing executives on targeted ransomware or reminding employees to stay alert against the email that has not arrived yet. The throughline, as Ian Schenkel frames it, is prevention over reaction, and a board finally asking the right questions. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Ian Schenkel, VP Sales, EMEA & APAC, Intel 471 LinkedIn: https://www.linkedin.com/in/ianschenkel/ RESOURCES Learn more about Intel 471: https://www.intel471.com Connect with Ian Schenkel on LinkedIn: https://www.linkedin.com/in/ianschenkel/ Infosecurity Europe 2026 event coverage: https://www.itspmagazine.com/infosecurity-europe-2026-infosec-london-cybersecurity-event-coverage Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight ▶︎ Get your own Brand Briefing at an upcoming event: https://www.studioc60.com/buy-brand-briefings KEYWORDS Ian Schenkel, Intel 471, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, cyber threat intelligence, threat hunting, attack surface management, board reporting, geopolitical intelligence, early warning system, indicators of compromise, retroactive threat detection, business resilience, Infosecurity Europe 2026 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
This episode covers a Wired report on the rise of “anti-tech extremism” and growing public opposition to AI infrastructure projects, including debates over data centers, resource consumption, local communities, and government responses. The hosts also discuss AI coding assistants, model safety restrictions, and the evolving capabilities of large language models. Additional topics include Anthropic's reported IPO plans and valuation, AI's impact on the tech industry, and a conversation with David Bianco about AI-generated threat-hunting datasets and cybersecurity training.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
Madeline Sedgwick — Cyber Threat Analyst at Palo Alto Networks and a DUUUUVALLL lifer No Password Required Season 7: Episode 5 – Madeline Sedgwick Madeline Sedgwick is a Cyber threat Researcher and Threat Analyst at Palo Alto Networks Unit 42, specializing in nation-state cyber activity, covert infrastructure, and cyber intelligence analysis. Before entering the private sector, she spent six years in the U.S. Navy as an intelligence specialist, helping support some of the earliest cyber operations under United States Cyber Command. In this episode, Madeline shares her journey from joining the Navy to becoming one of the first certified cyber targeteers supporting offensive cyber operations. She discusses the realities of tracking covert threat actor infrastructure, why defenders must understand adversary behavior beyond alerts and signatures, and how intelligence analysis helps uncover the bigger picture behind cyber campaigns. Jack Clabby and co-host Sarina Gandy talk with Madeline about fusion analysis, cyber warfare, leadership, and the challenges of translating highly technical investigations into actionable insights for government and industry leaders. She also reflects on the importance of humility in leadership, mentoring, and learning to navigate high-pressure situations with confidence and curiosity. In the Lifestyle Polygraph, Madeline debates cybersecurity in the Star Wars universe, explains her Weird Al Yankovic Dragon Con costume, reflects on her time playing bass in a metal band, and proudly shares why Jacksonville, Florida, will always be home. Follow Madeline on Linked in: https://www.linkedin.com/in/mesedgwick/ Chapters: 02:10 Intro-Madeline Sedgwick 09:00 The Role of Cybersecurity in National Security 12:08 Understanding Covert Networks and Threat Intelligence 14:52 Fusion Analysis in Cybersecurity 18:04 The Importance of Distinguishing Threats 20:52 Challenges in Cybersecurity Response 23:58 Briefing Decision Makers on Cyber Threats 27:52 Understanding Adversary Intent and Risk Communication 30:12 Leadership Lessons from the Navy 34:33 The Importance of Mentorship in Career Development 37:30 The Lifestyle Polygraph: A Fun Twist on Cybersecurity 41:04 Embracing Creativity and Personal Expression 45:50 Pride in Roots: The Jacksonville Connection
Cameron Tousley, director of MSP channels for ESET North America For most MSPs, the quarterly client conversation looks something like this: here are the alerts we handled, here is your uptime number, here is a dashboard of things we blocked. Useful, certainly – but not exactly the stuff of trusted advisor relationships. Cameron Tousley, director of MSP channels for ESET North America, has a phrase for the upgrade: move from statistical talks to threat briefings. In this episode of In The Channel, he and Pedro Kertzman, threat intelligence specialist at ESET, join host Robert Dutt to explain what that actually looks like in practice – and why the window for MSPs to make that transition may be narrowing. Pedro Kertzman, threat intelligence specialist at ESET The occasion is ESET’s eCrime Reports, a threat intelligence offering that tracks cybercriminal activity at the affiliate level – the individuals buying malware-as-a-service and executing the actual attacks. Kertzman explains why that granularity matters: affiliates signal tactical shifts before attacks scale, giving security-forward MSPs a genuine early-warning advantage. Tousley adds the client conversation layer: knowing that a specific threat group is targeting your customer’s vertical via a specific attack method is a meaningfully different conversation than “we blocked 4,000 threats this month.” There’s also an uncomfortable wrinkle for MSPs specifically: as Pedro notes, affiliates increasingly exploit MSP tooling itself as a vector – compromising credentials to access managed environments quietly, hitting dozens of small clients while staying well below the radar of law enforcement attention focused on high-profile infrastructure targets. For the smaller MSP without a dedicated analyst, the entry point is more accessible than it sounds. Indicators of compromise can be automated directly into client firewalls without a full threat intelligence platform. WeLiveSecurity and the live threat feed built into ESET Protect offer a low-barrier starting point for shops that are earlier in their security maturity journey. Tousley’s closing frame is the one worth sitting with: the Canadian MSP market is being reshaped by consolidation at a pace that isn’t slowing. The independents that survive will be the ones having more sophisticated conversations with their clients. Evolve or sell. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Cyber Threat Intelligence, CTI, has long been framed as an enterprise discipline. Dedicated team, security operations center, analysts who live in the data. But the threat landscape doesn’t really respect that boundary anymore. The tooling is getting more accessible, the attacks are getting more targeted at smaller organizations, and as we’ve talked about on the show before, the MSP stack itself has become a threat vector. So the question for the typical Canadian MSP isn’t really “Is threat intelligence relevant to me?” It’s “What do I actually do with it?” To dig into that, I sat down with two people from ESET. Cameron Tousley is director of MSP channels for ESET North America, and he lives squarely in the business conversation around what MSPs need to grow and differentiate. Pedro Kertzman is ESET’s resident CTI subject matter expert, and I’ll note that Pedro usually sits on the other side of the interview chair as the host of his own podcast on threat intelligence. So this was a bit of a role reversal for him. We talked about ESET’s eCrime reports, the idea of tracking cyber criminal activity at the affiliate level rather than just the group level, what proactive threat intelligence actually looks like for a 15-person MSP shop, and what Cameron described as the “evolve or sell” reality facing the MSP market right now. Let’s get right into it. Cameron, Pedro, thanks for joining us. I appreciate it. Cameron Tousley: Thanks for having us. Pedro Kertzman: Great to be here. Robert Dutt: Before we get into what ESET is specifically bringing to market, Cameron, can you give our listeners a sense for where the threat intelligence conversation is right now in the channel? Is this still primarily an enterprise kind of discussion or has something really shifted in terms of how MSPs and MSSPs are thinking about and talking about CTI? Cameron Tousley: I think that the market is evolving as a whole, no matter if you’re in the SMB segment or enterprise. I mean, it’s evolving everywhere. The beautiful thing is technology is getting cheaper, it’s getting more accessible. People are able with the advent of AI to kind of do more with less staff and things like that, and then allow their staff to kind of become more specialized. Enter in the topic of CTI. I just think that there’s an appetite from certain, and probably more evolving larger MSPs, to start incorporating more for their clients. I think they’ve always probably wanted to educate them, but it’s always that, “Hey man, just make sure I have uptime and the help desk is active when I need it.” And that’s the conversation. Fast forward to now and it’s becoming a little bit more relevant to want to consume CTI. So I’ll kind of start there and I’ll take a pause. I don’t know if Pedro’s got any other comments on that. Pedro Kertzman: No, I 100% agree. I think the threat landscape now with the maturity of the CTI offerings, MSPs can see that the things they’re trying to protect their customers against are more clearly explained and delivered in a way that they can see through CTI offerings now. So I think it’s just a natural evolution within the cybersecurity space to start leveraging that expertise as well. Robert Dutt: Without getting too far into pure positioning, how would you characterize what differentiates your approach to threat intelligence, sort of at the methodology level? What’s the philosophy behind how you’re researching and tracking threats and what you’re bringing to market with this CTI package? Cameron Tousley: Yeah, I’d say first off, our reach. We’re a global company. We have a product line, yeah, but we have 11 threat intel centers and those are also R&D centers too. So it’s a wealth of knowledge. Then we have researchers outside of that that are just remote, and so our tentacles are everywhere and that means something for somebody choosing a cybersecurity vendor or a platform because our researchers, they’re looking at a bunch of different avenues. They’re looking at the major threat acting groups. We have an offering we’ll talk about here in a few minutes, that centers on tracking affiliates because malicious activity, malware-as-a-service, is just like MSPs provide a service. So if I’m an affiliate—and I’ll define that real quick, an affiliate being the people that are buying the malware service and then going and distributing it and causing zero-day attacks—those are affiliates. So the real key part is what they do, not necessarily always the major malware-as-a-service group because that’s just one large avenue, but then you can’t predict what your customers are going to go and do on the black market. So yeah, I think we have a really exciting offering on our threat intelligence called eCrime and it comes in a feed and reports and it’s amazing. It really centers on the affiliate level and that is going to help get the conversations to be more quality with customers. It’s going to help an MSP who provides more, let’s call it reactive security at best, generalized services—which no knock against them, that’s just the model—and that’s going to help propel them into the more proactive security and having more quality cybersecurity-forward conversations with their customers of all sizes. Robert Dutt: Let’s delve a little bit more into that. Can you walk me through a scenario, even hypothetical or composite, where that affiliate-level insight would practically change the outcome for an MSP or one of their customers? How does this show up for an MSP basically? Pedro Kertzman: Yeah. So basically, I’ll take a step back a little bit just to explain how this threat ecosystem works. So the affiliates will be the ones really on the end of the line bringing that malware they got from a quote-unquote threat actor market or affiliate programs, more technically speaking per se, but they will be the ones delivering or sending that payload forward to whatever companies that they are trying to attack. So knowing how these guys work is basically going to give the companies, and the MSPs of course working for their security, the ability to stop the attack in the early stages, because the affiliates will be the ones trying to break in, acquire through whatever methods—credentials stolen or compromised credentials. So they are responsible, quote-unquote, within these affiliate programs to get the foot inside the door. So if you’re knowledgeable about how they act, what kind of techniques they use to get that foot in, you’re basically stopping the attacks before they actually become super massive, widespread attacks or super dangerous attacks. It’s kind of the proactive security instead of the reactive security. Cameron Tousley: Yeah, that’s a good comment. And then I’ll just throw one more little thing on that. I was talking about the conversations you can have with your clients, everything Pedro said, plus it’s like, you could have a specific conversation about, “Hey, this is what we blocked this month, but these are the threat acting groups, and here are the patterns, here’s the kind of malware that’s out there right now. By the way, you’re in the healthcare vertical, this threat acting group is targeting healthcare and doing this specific type of attack—happens to be phishing or fileless or whatever the complex attack is.” So they got to get really granular in the conversation. It can’t just be a super high-level one, because then your user’s not going to know what to do with that information. But if you coach them on the end-of-the-line issue and where it’s sourcing from, to Pedro’s point, you get ahead of that attack early, you might even prevent stuff that would have normally been a real headache. Robert Dutt: And you need to position yourself at least somewhat as the hero in so much as you’re saying, “Here’s the people who are attacking you, here’s what they’re doing, here’s what we’re doing proactively to counter that.” Cameron Tousley: Absolutely. Yeah, that’s a huge value to your end customer. The one that normally would have not cared about security and it’s more of an annoyance, now they’re paranoid about it, just like the MSP, just like the vendors, we’re all trying to get ahead of it. So I think that that provides a lot of value, and the average MSP is probably not going to do that. So you don’t necessarily have to go spend a ton of money, you just have to consume the information that’s out there maybe for free, and then maybe some of the paid services like the eCrime reports without buying our full threat intelligence platform, you can just do that. And that is like a huge value on its own to track exactly what we’re talking about right now. Robert Dutt: So taking a step back, I think some of this certainly informs and colors the question we go to ask, but I’m a 15-person MSP somewhere. I’ve got solid endpoint protection, an RMM stack I like, maybe managed SOC coverage, that kind of model. What’s the case, in addition to what we’ve already discussed, for why threat intelligence should be on my radar as a distinct capability I need to think about, bring to my customers and offer? Pedro Kertzman: Yeah, I think especially because again, talking specifically about the eCrime reports, we’re talking about the ones that are really perpetrating the attacks or executing the attacks. When you understand how your adversaries really act, you don’t need to always rely on the expertise of a super senior CTI analyst. There are ways that also, depending on your vendor, you can automate the expertise to just be pumping, let’s say, IOCs or IP addresses into your existing end users’ firewalls. If you manage a bunch of other firewalls for your end users, you can pump that eCrime knowledge into those firewalls in the form of IP addresses, domains, and things like that. But understanding that it’s going to be a proactive approach so they don’t get a foot in the door first, it’s kind of that decision beforehand that will give the MSPs, or MSSPs with 15 or so employees, that kind of extra leverage against those frontline attackers. Robert Dutt: I’m really interested in the idea of using intelligence and these eCrime reports as a client-facing tool, not just something that’s consumed internally, especially for that smaller MSP—something that you’re using in your QBR or whatever business review you have with customers to show your value. I’m curious, is that something you’re seeing happening today or is it a realistic use case, or is it a stretch for most MSPs right now? Cameron Tousley: I think it’s realistic. Now, let’s set the tone here. An MSP, they may not have the budget nor the expertise nor the staff to be buying a full-blown threat intelligence offering even like ours, but they can use certain parts of it like the eCrime reports. So that’s a good jumping-in point for the MSPs that are growing, or if you have 15 people on staff and there’s a good deal of them on the technical side, you may want to run your SOC in-house. Maybe that’s something you want to do. I think for them, the maturing MSP and definitely the MSSP, a threat intelligence offering is something that you will probably want to consume if you’re doing everything in-house. Now, I think there’s an argument for even if you’re going to go out-of-house and use the vendor, I still think there are free sources. We have customers that are using free platforms but running a paid feed through it. This is really dynamic. It’s flexible. It can fit to every different audience for the most part, except for the ones who are just not staffed for it and they’re probably outsourcing everything and they just don’t want to do it. They know that they are never going to be able to staff a 24×7 team and they’re also never going to be able to consume as much information as is coming in. But there are also other free resources, like I said, associated with our threat intelligence platform, like the eCrime reports, but there’s white papers that we produce. There are periodic threat reports. We do all kinds of analysis. And then on our welivesecurity.com blog, we publish all kinds of free information. And the really cool thing for existing ESET customers is through our ESET security platform, ESET Protect, we run a live feed through there and it shows you like, “Hey, here’s the latest news on WeLiveSecurity. Here is something you need to be aware of, there’s a vulnerability in the wild.” So we run some of the security stuff and this news right through a window inside of our platform, which I think is really big value added. Pedro Kertzman: Awesome. Yeah, I would add, if I can, Rob, we do have monthly digests as well on the CTI offerings, even for not super deep-down technical people. Let’s say more executives or CSMs, let’s say account managers on the MSSP or MSP side. It’s kind of an executive-ready type of report. So it’s more about the threat landscape overview. I think it helps them show that they are expanding their offerings on the security side and they’re knowledgeable about it as well. Again, doesn’t need to go in the nitty-gritty like in the weeds of IOCs and all that, but understanding, for example, that now the ecosystem on the other side is somebody providing the malware, somebody going and executing it. So just to show how they see these movements, I think it’s sometimes important enough to show that they are expanding their coverage for their end users. Robert Dutt: The reports, the eCrime reports, have been in the market about a month now, I guess. I’m curious what you’re actually hearing from MSPs and MSSPs as they’re digging into them. Are people using them the way you expected or are there surprises that you’re seeing in how they’re engaging, what they’re doing, how they’re thinking about this information? Pedro Kertzman: That’s a good question. I think because of the name, we got out of the gate with police forces reaching out to us, but in theory, it’s not the best kind of deep analysis that we’re going to give them, because they have a lot of expertise. So then we have the APT reports that would bring more detailed analysis for them. So it was interesting to see that people are kind of eager on the end-user side to see how the threat landscape, especially related to financial crimes or eCrime, are really, let’s say, hot right now. The MSPs are kind of following that trend, not as jumping on like the police forces were, but they are starting to inquire about the new eCrime reports for sure. Cameron Tousley: Yeah, I’d agree. I think the defender agencies, I’ll call them, the ones that are fighting the same battle we are, but maybe physically, but now they’re fighting the eCrime too. As they’re learning, this is a great tool for them. We find that they’re excited about it. It’s relatively new, so we’re going to see more and more adoption of it. But plenty of people who are in evaluation are like, “Hey, can I run a free month of this? I want to check it out and see what I’m going to get.” And we’re getting a lot of good feedback on it right now. I’d say on the MSSP/MSP side, again, it’s new for them too. And they do a lot of different things. So for them, they’re like, “I need to slice out some time to check this out as well because this is interesting. I don’t know if anybody else is really doing anything quite like this.” So for them to be able to check it out and add it to their offering, I think what’s going to happen is that they’ll get hooked on something like that and they’ll want more. And we’re already working on more. So our teams are hard at work. We’re adding new feeds, new reporting structures, new ways to consume it. And reasonably priced packages and things like that. Even ones where you have somebody on retainer where you can go to and get a very long deep dive on what you’re reading periodically throughout any given month. So I think with that, you’ll see a lot of internal IT large agencies adopt it. I think you’ll see some MSSPs adopt it. And you might even see some general MSPs who are evolving up that chain do the same thing. So it’s kind of a report and an offering for everybody there. Pedro Kertzman: Yeah, I think you mentioned something important, Cam. We do offer trials for the eCrime reports as well, right? If they want to test it out. Cameron Tousley: Yeah, try it before you buy it. Yeah. Robert Dutt: It sounds like you’re also thinking about ways that you can slice this, dice this, package it out to that smaller MSP or that MSP who’s not a pure-play security player going forward. I was going to ask, what do you see as coming next in CTI and in your eCrime reports? I think that’s certainly a hint. Anything else that you see sort of in the pipeline or where you’d like it to go, where partners would like to see it go? Cameron Tousley: Yeah, I’ll take a stab at this one because my heart’s near and dear to the MSP community. That’s what I’ve been working in. That’s a segment for quite a long time now for ESET. And so what I’m reading and what I’m theorizing on is that there’s other kinds of technologies that are pretty complex, have gotten more simple in the way that they’re still doing complex processes, like an EDR, right? It’s an investigative tool, and then you pair it with AI and then things become easier for the team managing it. I think it’s going to be the same thing here where you’re going to have an AI paired with it, which we have our own agentic AI agent in this offering now, which is very, very cool, and it’s built in our security platform. But for this, I think it’s going to make consuming information easier, generalizing it, summarizing it, and making sure you can spin it into a quick executive summary. My theory is click of a button, right? So I’m going to have a dashboard. I’m going to say, “Hey, I want an executive summary on this event.” So you’re basically just filtering, and then the end result is you hit that AI generate button and then it generates something that’s quality, and you can do it at various user levels, maybe various role levels. I’ll hit the CTO button or I’ll hit the CEO button and they’ll be a little bit different, obviously. So I think that it’s going to get simpler and managed intelligence as a service, that’s next. It’s already a term that’s being thrown out there a little bit if you look for it. So it’s just not mainstream yet. And I think it will be here in a short period of time. Pedro Kertzman: A hundred percent. And just to double down a little bit as well, Rob. I think especially for the smaller MSPs, let’s say you hit a critical infrastructure, you stop a pipeline or anything like that, you’re going to have federal agencies going after you, right? But then when you hit a mom-and-pop shop, nobody really cares. And those guys are often served through these smaller MSPs. So I think getting a better understanding of the threat landscape that especially targets those small businesses, I think it’s just a natural progression of the change in the threat landscape. Robert Dutt: Well, and you bring up a point that I kind of pulled on a little bit with your friend, Tony Anscombe, not too long ago. There’s so much data about how many attacks right now are taking advantage of the MSP tooling as a threat vector. And so I think that also speaks to a need for an MSP who wants to be mature and responsible about these kinds of things to have a better grip on who’s looking, what they’re looking at, and how that maps to what they’re doing. Pedro Kertzman: A hundred percent. And just to link this specifically about eCrime and affiliates, affiliates would be the ones exploiting those RMM tools, right? Because it’s something that is already deployed in the environment. If they get the credentials that got stolen for whatever reason, they have access to those tools and then they can deploy malware that they bought from those affiliate programs inside of the victim’s networks. Robert Dutt: And it’s funny, almost a reversal of back in the day, I can remember as a Mac user, there was a saying that Apple engaged in security through obscurity. What you describe is almost the opposite of that. It’s insecurity to a degree through obscurity. In that if I’m an attacker, I know that if I go after Colonial Pipeline to use your example, I’m all over the front page and there’s going to be a lot of government agencies who have a lot of serious, serious questions for me. If I take out an MSP tool that gives me access to a bunch of very small clients though, maybe I fly under the radar just a little bit more. Cameron Tousley: Oh yeah. Robert Dutt: This is my last question. If there’s one shift in thinking that you’d want a Canadian MSP to walk away with after this conversation, in terms of how they think about these reports, in terms of how they think about the role of threat intelligence in their business, you know, one thing they should reconsider about how they’re approaching their security practice, what would that be? Pedro Kertzman: So I think first, Rob, that’s kind of more of a mindset type of thing. CTI still sounds super complex to a lot of people. I would say there are two main flavors. One, if you really want to dig into techniques and all that, yes, you can get fairly technical and sophisticated, but there are really simple ways to ingest cyber threat intelligence into existing automated tools. You can, of course, do a POC with one, two, whatever vendors you want to do. Once you find that real value for your customers, your end users, then it’s automated. We’re talking about data feeds ingesting directly into a firewall. If you don’t have a CTI central brain kind of thing, which the market knows as a TIP (threat intel platform), you don’t need to go that route, the sophisticated route. There are simple ways to use threat intelligence. And honestly, it’s super valuable because it’s just, again, automated. You’re outsourcing the knowledge to the vendor directly who’s going to execute that, like a firewall, for example. Cameron Tousley: Yeah, I think that’s some really good commentary. And I have a lot of business conversations with MSP business owners and I follow the market, and the consolidation, there’s tons of it. And there has been for a few years, but it’s just insane right now. And I think that there’s this thing going around, it’s like, look, evolve or sell. Because you have the advent of AI and that’s speeding everything up tenfold. And just don’t be afraid. If you want to continue to run your business, don’t worry, you’re going to have clients out there in your locale that probably love you. But they’re also going to have people calling them as these other MSPs get bigger, and these national ones that swallow other little smaller companies and then their go-to market will be, “Well, let’s go down market, down market,” because we can’t always go up market, that’s pretty hard to do. But down market is like shooting fish in a barrel kind of thing. So that means it’s a risk for the smaller MSPs that are not going to sell out, that want to be in business another 10 or 15 years. So don’t be afraid, utilize AI to research it. They say don’t use AI as Google, I disagree a little bit, but you can use it for a lot of things. This can summarize: what is this offering? Can I use it? Ask it really basic questions to get acquainted, and then take the next step and call your vendor and just have a conversation with them and say, “What are all my options? I am in this locale, I serve these kind of verticals, here’s my sizing, here’s the tools I use.” You’ve got to throw everything out on the table because then your vendor, somebody like a technical or business contact, can jump in and say, “Look, I think that you should check out this part of this larger offering. And here’s what I’ll do for you. And here’s what you’re going to do. We’ll give you a game plan, right? You’re going to trial it in the following ways, we’re going to pair you up with a technical person to teach you a little bit and be your co-pilot—Microsoft gets enough press.” But really kind of jump in, try it out. Don’t be afraid. Because if you want to be around another 10 or 15 years, you have to make the leap. And you don’t have to do anything big, but you have to start adopting some of this security-forward thinking so that you can have threat briefings with your clients and not statistical talks. There was just that MSP summit and there was actually a panel on what the next gen of MSPs is doing. And it was funny to hear it because they’re like, “Well, we’re focused on outcomes.” And I totally agree, but I know some of the older MSPs are like, “Well, we’re focused on outcomes too.” But I think it’s the talk track. You’re all saying the same thing, but you need some more complex tools in some ways to be able to have these more outcome-based discussions. Like, “Hey, I not only blocked X amount of threats, I kept your uptime up in this way, and that allowed you to keep productivity up. So by my clock here, you were able to achieve all those things that you wanted to achieve in our initial meeting, we’re on track.” That’s the conversation you want to have in addition to that little bit of the threat briefings peppered in. Robert Dutt: All right. Some great advice there. Gentlemen, thank you both for taking the time. I appreciate it. Cameron Tousley: Thank you, Rob. Pedro Kertzman: Great to be here. Cameron Tousley: Absolutely. It was a pleasure. Thanks so much. Robert Dutt: There you have it, Cameron Tousley and Pedro Kertzman from ESET. I’d like to thank both Cameron and Pedro for their time. They did exactly what we set out to do with this conversation, kept it firmly in the strategy lane with technical depth in service of the business point rather than the other way around. A few things to leave you with. The framing that stuck with me most was Cameron’s distinction between statistics talk and threat briefings. The idea that your quarterly client review shifts from “here’s how many threats we blocked” to “here’s the specific group targeting your vertical right now. Here’s how their affiliate operates, and here’s what we’ve already done about it.” That’s a real upgrade in how an MSP demonstrates value. It moves you from uptime vendor to trusted advisor and that’s a conversation your competitors probably aren’t having yet. On the technical side, Pedro’s explanation of affiliate-level tracking is worth sitting with. The headline ransomware groups get the attention, but it’s the affiliates, the ones buying malware-as-a-service and doing the actual execution who determine the tactics on the ground. Tracking them is what gives you an early warning before the attack scales. And as I noted during the conversation, there’s a certain logic in how attackers exploit the MSP model specifically. Go after the tooling, stay under the radar, quietly compromise a hundred small clients instead of one high-profile target. Obscurity in that scenario is working against you. For the smaller MSP who’s heard all of this and thought, “I’m not staffed for this,” Pedro’s entry point is worth considering. You don’t need a full threat intelligence platform or a dedicated analyst to start. Automate the ingestion of indicators of compromise directly into your clients’ firewalls. Let the tooling do the work. It’s not glamorous, but it’s real, actionable and it’s a lot more than most of your competitors are doing. And Cameron’s closing thought, “evolve or sell,” is the frame I’d put around all of it. The consolidation wave hitting the MSP market right now is not slowing down. The shops that survive as independents will be the ones that have more sophisticated conversations with their customers. Threat intelligence is one of the things that helps you have those conversations. If you found this one useful, please follow or subscribe to the podcast wherever you listen. We’re on Apple Podcasts, Spotify, YouTube, all the major podcast directories. Ratings and reviews are always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca and I’ll see you in the channel.
This episode covers several major cybersecurity and tech news stories, including a supply chain–related breach at Vercel involving exposed environment variables and compromised third-party AI tooling. The hosts also discuss concerns around AI-driven data risks, including browser extensions and large-scale data collection. Additional topics include a service scraping and republishing Zoom webinar recordings, evolving issues with web cookies and tracking, and industry news such as reports of Apple CEO Tim Cook stepping down.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis
What if the tools protecting your organization were the ones compromising it? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem — joined by IT Audit Labs team member Samuel Cala live in the St. Paul studio — unpack a wave of cybersecurity stories that all converge on one unsettling theme: trust is being exploited at every layer of the stack. From an Iranian-linked APT group targeting U.S. healthcare infrastructure, to a sophisticated GitHub Actions supply chain attack that backdoored an AI coding library used by thousands of developers — the crew breaks down exactly how threat actors are weaponizing the tools, platforms, and third-party services organizations depend on daily. They also dive into a disturbing revelation about AI-powered audit certifications: one company allegedly fabricated compliance evidence to hand out ISO 27001 and SOC 2 certifications at a fraction of the cost — raising serious questions about what those credentials are actually worth. In this episode:
Cybersecurity isn't just about technology—it's about mindset, risk, and understanding where organizations are truly vulnerable. In this episode of The Virtual CISO Moment, host Greg Schaffer sits down with cyber threat intelligence professional Travis Whitesel to explore the evolving intersection of military intelligence, cybersecurity, and emerging risks in unexpected places like the sports industry.Travis shares how his journey from Army intelligence analyst to cyber warfare technician shaped his approach to cybersecurity—and how that perspective led him to launch Victory Cybersecurity Consulting to help underserved sectors strengthen their defenses within real-world budget constraints. From the growing risks around NIL deals for college athletes to the challenge small organizations face in prioritizing security investments, the conversation highlights practical ways to think about cyber risk without enterprise-level resources.The episode also dives into the realities of nation-state threats, why process often matters more than technology, and how cybersecurity professionals can avoid burnout in a high-pressure field. It's a candid discussion about bridging strategy and tactics, communicating cyber risk in language executives understand, and finding balance while working in one of the most demanding industries today.Tune in to hear how one cyber professional is helping organizations—from universities to sports programs—build smarter security strategies in an increasingly complex threat landscape.
Summary In this episode of Chattinn Cyber, Marc is chattin' with Alyssa Lisiewski, Managing Director at Ankura and one of the best known and respected cybersecurity experts in the country. The conversation begins with Alyssa sharing her early introduction to technology, influenced by her father who taught her to take apart and reassemble computers from a young age. Initially interested in forensic crime scene investigations, Alyssa shifted her focus to cybersecurity due to her father's encouragement and foresight about the field's growth. She started her career as an intern in diplomatic security's computer investigations and forensics unit, then pursued a master's degree while working as a government contractor, honing her skills in cybersecurity and high-tech crime investigations. Alyssa's career progressed into the intelligence community, where she specialized in digital forensics from an intelligence perspective, which differed from traditional digital forensics. She later worked at the Department of Defense Cyber Crime Center in Maryland, conducting forensic examinations and testifying in court cases. Transitioning to the private sector, Alyssa led a digital forensics team at a major financial company focusing on insider threats before joining Anchor, where she combines her cyber threat and forensic expertise. The discussion then shifts to clarifying common internet terminology: the surface web, deep web, and dark web. Alyssa explains that the surface web is the small portion of the internet most people use daily, such as Google and social media. The deep web contains more anonymous and legal content like academic and medical documents, while the dark web is accessed via Tor and is often associated with illicit activities but also hosts legitimate anonymous communications. Alyssa emphasizes the importance of proactive dark web monitoring for businesses. Beyond just detecting if stolen data is posted, monitoring can reveal chatter among threat actors about industries or competitors, enabling companies to anticipate and mitigate attacks. She shares a real-life example where her team identified a threat actor group's tactics early, allowing a client to detect an intrusion that had gone unnoticed for a month, demonstrating the value of threat intelligence in incident response. Finally, Marc and Alyssa chat about the benefits and challenges of incorporating dark web analysis into post-incident investigations. While it can clarify the true impact of a breach and assist in legal mediation, there are limitations due to the trustworthiness of data posted by criminals. Her team validates findings through metadata analysis and breach research. The episode closes with Alyssa inviting listeners to connect with her via email or LinkedIn for further discussion, highlighting her openness to sharing knowledge and engaging with the cybersecurity community. Key Points Alyssa's Journey: Alyssa's early exposure to technology and career path from forensic interests to cybersecurity and digital forensics. Web Infrastructure: Explanation of the surface web, deep web, and dark web, including their differences and common misconceptions. Threat Detection: The strategic value of proactive dark web monitoring for businesses to detect threats and industry chatter before breaches occur. A real-world example of how threat intelligence helped identify a threat actor's tactics and detect a breach earlier than usual. The role of dark web analysis in post-incident investigations, including its benefits, limitations, and methods to validate data. Key Quotes “When I was four, my dad taught me how to take apart a computer and put it back together… he made sure I was learning about it from a very young age.” “The surface web is really only 4 or 5% of the web. The majority of the web is the deep web and the dark web.” “If you’re not monitoring proactively the dark web, chances are the first time you’re looking at the dark web is after that breach.” “We knew … the threat actor group… and because of that, we were able to identify the actual true start of the incident, about a month prior to the update we were working on.” “There are going to be situations where we may not be able to identify if data is out there, or we may identify it but not give any context… that’s why we do other things to try to validate it.” About Our Guest Alyssa Lisiewski is a Managing Director at Ankura in Washington, DC, bringing over 14 years of specialized experience in digital forensics, cybersecurity, and insider threat investigations. She has a proven track record of leading and conducting complex cyber investigations that protect critical digital assets across diverse industries including government, financial services, and legal sectors. Alyssa is highly skilled in operating within digital forensic lab environments, adhering to industry standards for evidence handling, and analyzing electronically stored information. She has been qualified as an expert witness in federal and military courts and has played key roles in program leadership, strategic service development, and partner engagement, driving innovation and excellence in cyber risk management. Follow Our Guest Website | LinkedIn About Our Host National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums. Follow Our Host Website | LinkedIn
In this episode of Unspoken Security, host AJ Nash sits down with CharlotteGuiney, Cyber Threat Intelligence Manager at Toyota Financial Services. Theyexplore what it takes to build threat intelligence programs that work for bothsecurity teams and the wider business. Charlotte cuts through the noise,stressing that buy-in is step one—and that it's often the hardest step. Sheshares how understanding internal customers and their priorities leads toearly wins, which are key to building trust and showing the value ofintelligence.Charlotte explains that not every organization needs the same level ofmaturity. Small companies might only need basic monitoring, while largerenterprises face more complex challenges. She notes that successfulprograms link intelligence to business needs, not just security threats. Thisapproach helps teams prioritize what matters most and communicate risk inways business leaders understand.The conversation also dives into the future of threat intelligence. Charlottesees a growing role for automation and AI, especially for basic tasks, butbelieves people are still needed to bridge gaps and build relationships acrossthe business. She closes with a reminder to keep things in perspective,echoing a lesson from her childhood at clown camp: sometimes you need tostep back and find humor, even in serious work.Send us a textSupport the show
Executives say they're confident in their cybersecurity, but their teams aren't so sure.In this episode of Darnley's Cyber Café, we explore the growing cybersecurity perception gap between leadership and practitioners, why it matters, how to fix it, and what it reveals about the state of cyber resilience in 2025. Tune in to uncover how confidence can turn into complacency, and how awareness can become your greatest defence.Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.
Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard: https://mastercard.us/en-us.html
Global cybersecurity firm Smarttech247 says its data shows more than 70% of Irish organisations currently have information exposed online. Smarttech247's Cyber Threat Intelligence platform has detected a range of records, including company-related credentials and sensitive information, many of which are actively traded or sold. The Irish-based firm is warning that this kind of information is ideally suited for use in criminal gangs' AI-powered phishing and Business Email (BEC) Compromise campaigns. These forms of BEC are the fastest-growing type of cybercrime worldwide and see hackers using AI to clone voices, generate hyper-realistic phishing emails, and manipulate employees into transferring funds or handing over credentials. The security team at Smarttech247 estimates that fewer than one in three Irish organisations have adequate protection against BEC attacks. One of the most high-profile examples emerged last month, when it's alleged the National Treasury Management Agency was the target of a multi-million euro attack involving voice phishing. CEO of Smarttech247, Raluca Saceanu, is warning organisations that they need to step up protections: "Our Cyber Threat Intelligence platform continuously monitors dark web marketplaces, criminal forums, and leak sites, and we're very concerned that businesses across all sectors are incredibly unprepared for the scale and sophistication of this new wave of crime. Most rely on outdated email filters or staff awareness training alone, neither of which are effective against AI-powered impersonation, deepfakes, or advanced social engineering. In critical sectors such as finance, healthcare, and government, that level of preparedness is dangerously low. Cybersecurity experts have also recorded a 400% spike over the past 12 months* in the level of social engineering techniques which dupe users into believing they must fix an error on their device by copying a piece of code. In reality, they are executing malicious commands that install malware on their device. Raluca Saceanu says, "Our team is receiving daily reports of targeted phishing campaigns that increasingly carry the fingerprints of AI: perfectly written messages, urgent executive requests, and realistic voice calls that bypass traditional defences. "Ireland is not prepared for AI-driven cybercrime. Criminals are scaling faster than our defences, and critical national services are at risk. Financial services companies, central to the economy, healthcare providers and government officials face an immediate risk of social engineering scams. The attacks are already here, and unless Ireland acts now, we risk becoming tomorrow's headline breach."
Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.” Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e341
Joining the podcast this week is Dmitry Bestuzhev, senior director of cyber threat intelligence (CTI) at Blackberry. He gives Petko an inside look into the key types of CTI and how the insights can be used to build context and determine response in specific circumstances, such as in the recent case of attempted targets at NATO. Dmitry also turns our attention to the risks posed by public charging stations - a ploy dubbed “Juice Jacking.” Dmitry Bestuzhev, Senior Director CTI at BlackBerry Dmitry Bestuzhev is Senior Director, CTI (Cyber Threat Intelligence) at BlackBerry. Prior to BlackBerry, Dmitry was Head of Kaspersky's Global Research and Analysis Team for Latin America, where he oversaw the company's experts' anti-malware development work in the region. Dmitry has more than 20 years of experience in IT security across a wide variety of roles. His field of expertise covers everything from traditional online fraud to targeted high-profile attacks on financial and governmental institutions. His main focus in research is on producing Threat Intelligence reports on financially motivated targeted attacks. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e340
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
Cyber threat intelligence (CTI) is no longer just a technical stream of indicators or a feed for security operations center teams. In this episode, Ryan Patrick, Vice President at HITRUST; John Salomon, Board Member at the Cybersecurity Advisors Network (CyAN); Tod Beardsley, Vice President of Security Research at runZero; Wayne Lloyd, Federal Chief Technology Officer at RedSeal; Chip Witt, Principal Security Analyst at Radware; and Jason Kaplan, Chief Executive Officer at SixMap, each bring their perspective on why threat intelligence must become a leadership signal that shapes decisions far beyond the security team.From Risk Reduction to OpportunityRyan Patrick explains how organizations are shifting from compliance checkboxes to meaningful, risk-informed decisions that influence structure, operations, and investments. This point is reinforced by John Salomon, who describes CTI as a clear, relatable area of security that motivates chief information security officers to exchange threat information with peers — cooperation that multiplies each organization's resources and builds a stronger industry front against emerging threats.Real Business ContextTod Beardsley outlines how CTI can directly support business and investment moves, especially when organizations evaluate mergers and acquisitions. Wayne Lloyd highlights the importance of network context, showing how enriched intelligence helps teams move from reactive cleanups to proactive management that ties directly to operational resilience and insurance negotiations.Chip Witt pushes the conversation further by describing CTI as a business signal that aligns threat trends with organizational priorities. Jason Kaplan brings home the reality that for Fortune 500 security teams, threat intelligence is a race — whoever finds the gap first, the defender or the attacker, determines who stays ahead.More Than DefenseThe discussion makes clear that the real value of CTI is not the data alone but the way it helps organizations make decisions that protect, adapt, and grow. This episode challenges listeners to see CTI as more than a defensive feed — it is a strategic advantage when used to strengthen deals, influence product direction, and build trust where it matters most.Tune in to hear how these leaders see the role of threat intelligence changing and why treating it as a leadership signal can shape competitive edge.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.
In this episode of Unspoken Security, host AJ Nash sits down with Jennifer Leggio, Chief Strategy Officer of W2 Communications, to discuss the unspoken challenges impacting career fulfillment. Jennifer shares her personal experiences with toxic work environments, imposter syndrome, and the struggle to balance ego and self-awareness. She highlights the importance of advocating for yourself while remaining empathetic to others' struggles.Jennifer introduces the concept of "self-energy," emphasizing the need to prioritize what's best for everyone, not just yourself. She also explores the impact of personal trauma on professional life and offers practical advice for building resilience. Jennifer emphasizes the value of self-care, including meditation and affirmations. She shares her personal "courage plan" framework to help listeners overcome obstacles and create a more fulfilling life.This episode challenges listeners to examine their behaviors and create a path toward greater self-awareness and personal growth, both personally and professionally.Send us a textSupport the show
Cybersecurity is a shared responsibility that requires strong partnerships between governments and businesses. Governments, therefore, face the challenge of adapting to a world where – in the cyber domain – the state is not the sole provider of intelligence or security, and private sector emerges as a cyber intelligence actor. In this Podcast episode, eGA's Head of Cybersecurity Merle Maigre speaks with Jack McCurley, a senior intelligence consultant at Recorded Future, about what it takes to build national resilience when the threats are global and decentralised. “Threat actors are networked. If defenders aren't, we're already behind,” he says. A first look, here, into the tools and public-private cooperation in cyber threat intelligence sharing reshaping cybersecurity from the inside out. All in anticipation of the e-Governance Conference 2025 session on public-private partnerships on the matter, where today's speakers will be joined by Liga Raita Rozentale and Nerses Yeritsyan to discuss how shared responsibility can be turned into shared defence.
Three Buddy Problem - Episode 45: (The buddies are trapped in timezone hell with cross-continent travel this week). In the meantime, absorb this keynote presented by Juan Andres Guerrero-Saade (JAG-S) at CounterThreats 2023. It's a frank discussion on the role of cyber threat intelligence (CTI) during wartime and its importance in bridging information gaps between adversaries. Includes talk on the ethical challenges in CTI, questioning the impact of intelligence-sharing and how cyber operations affect real-world conflicts. He pointed to Ukraine and Israel as examples where CTI plays a critical, yet complicated, role. His message: cybersecurity pros need to be aware of the real-world consequences of their work and the ethical responsibility that comes with it. Acknowledgment: Credit for the audio goes to CyberThreat 2023, SANS Institute, NCSC, and SentinelOne. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
This Week in Machine Learning & Artificial Intelligence (AI) Podcast
Today, we're joined by Nidhi Rastogi, assistant professor at Rochester Institute of Technology to discuss Cyber Threat Intelligence (CTI), focusing on her recent project CTIBench—a benchmark for evaluating LLMs on real-world CTI tasks. Nidhi explains the evolution of AI in cybersecurity, from rule-based systems to LLMs that accelerate analysis by providing critical context for threat detection and defense. We dig into the advantages and challenges of using LLMs in CTI, how techniques like Retrieval-Augmented Generation (RAG) are essential for keeping LLMs up-to-date with emerging threats, and how CTIBench measures LLMs' ability to perform a set of real-world tasks of the cybersecurity analyst. We unpack the process of building the benchmark, the tasks it covers, and key findings from benchmarking various LLMs. Finally, Nidhi shares the importance of benchmarks in exposing model limitations and blind spots, the challenges of large-scale benchmarking, and the future directions of her AI4Sec Research Lab, including developing reliable mitigation techniques, monitoring "concept drift" in threat detection models, improving explainability in cybersecurity, and more. The complete show notes for this episode can be found at https://twimlai.com/go/729.
Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Travis Farral. Travis has been working in information security since the 90s at places such as Nokia, ExxonMobil, and XTO Energy. He is currently VP & CISO at Archaea Energy, a bp owned, renewable natural gas company based in Houston, Texas. He has spoken at events around world on topics such as Cyber Threat Intelligence, MITRE ATT&CK, and Incident Response. Notable activities during his career include everything from programming logic controllers, building and leading SOCs, driving forklifts, standing up cybersecurity teams, developing threat intelligence programs, and handling responses to incidents, among many other things over the last few decades. [April 21, 2025] 00:00 - Intro 00:18 - Intro Links: - Social-Engineer.com - http://www.social-engineer.com/ - Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ - Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ - Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ - Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb - CLUTCH - http://www.pro-rock.com/ - innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 02:08 - Travis Farral Intro 02:58 - A Different Path than Today 05:25 - Healthy Hacking 08:08 - Anything Can Be Weaponized 10:54 - Questionable Behavior 14:31 - Smash That Report Button!!! 18:58 - Improving Our Odds 21:00 - You Have to Keep It Simple 22:25 - Letters to a Young CISO 24:20 - Find Travis Farral online - LinkedIn: linkedin.com/in/travisfarral 25:01 - Mentors - Shawn Edwards - Jay Leek 27:02 - Book Recommendations - R. E. Lee: A Biography - Douglas Southall Freeman 29:34 - Wrap Up & Outro - www.social-engineer.com - www.innocentlivesfoundation.org
Cybersecurity threats are evolving rapidly, and organizations of all sizes are vulnerable. While leaders are already navigating countless uncertainties, cyber threats represent a unique challenge that can bring business operations to a halt, causing significant financial damage and operational chaos.Find the full show notes at: https://workmatters.com/How-Cyber-Threat-Intelligence-Can-Protect-Your-Organization-with-Mary-DAngelo
Have you ever wondered how technological advancements like AI and crypto are reshaping compliance frameworks in the traditional financial industry? Our next guest, Kamran Choudhary (Technical Director AFC, BCB Group) explains to Caitlin Barnett (Director of Regulation & Compliance, Chainalysis) all the technological factors that are impacting risk management and compliance in both TradFi and DeFi. Kamran shares the dramatic shifts in the industry over the past decade and how technology, particularly AI and crypto, is enhancing the holistic compliance approach by BCB Group, a leading provider in regulated payment, wallet and trading services across fiat and crypto. They both talk about the current challenge of regulations such as MICA, the emerging role of stablecoins and how regulatory evolution is influencing both established and emerging financial markets, while still highlighting the increased prioritization of cybersecurity in the wake of recent crypto hacks. Minute-by-minute episode breakdown 2 | Evolution and strategic importance of compliance in finance 4 | BCB Group's role in bridging fiat and crypto compliance 10 | How crypto companies can maintain banking relationships via good compliance 14 | Emerging threats in crypto: AI, money laundering and cybersecurity 20 | How the crypto industry should approach state sponsored hackers like Lazarus Group 24 | EU and UK crypto regulation and the impact it has on innovation in the industry 28 | MiCA: The double edge sword of clarity and comprehensive compliance costs 30 | Stablecoins, regulatory challenges and market fragmentation 33 | Decentralized IDs (DIDs) and enhance privacy and eliminate data oversharing 35 | Scaling and innovating payment solutions for 2025 Related resources Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key. Website: BCB Group: One Platform - Pay, store, trade and earn fiat, stablecoins and digital assets globally Blog: Stablecoins – a thoroughbred payments solution Blog: Compliance – the key component of trust Article: BBVA will offer bitcoin and ether trading and custody services in Spain Report: The Chainalysis 2025 Crypto Crime Report (Download Your Copy Today) Event: Links 2025 Digital Premiere: Free virtual event bringing together the leaders defining the future of blockchain intelligence. Video: Hearing Entitled: Following the Money: Tools and Techniques to Combat Fraud (w/Jacqueline Burns Koven (Chainalysis' Head of Cyber Threat Intelligence) testimony) YouTube: Chainalysis YouTube page Twitter: Chainalysis Twitter: Building trust in blockchain Speakers on today's episode Caitlin Barnett *Host* (Director of Regulation & Compliance, Chainalysis) Kamran Choudhary (Technical Director AFC, BCB Group) This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
If you're enjoying the content, please like, subscribe, and comment! Please consider supporting the show! https://creators.spotify.com/pod/show/worldxppodcast/supportJoin our Women in CTI Slack channel here: https://filigran-community.slack.com/archives/C07T52JK3Q9Mary D'Angelo is a Cyber Threat Intelligence Solutions Lead at Filigran, where she helps organizations operationalize threat intelligence and bridge the gap between CTI teams and executive decision-makers. She's also a recognized thought leader and mentor in the InfoSec community, dedicated to democratizing intelligence and guiding the next generation of cybersecurity professionals.Mary is an active contributor to global cybersecurity initiatives, including the Dagstuhl Seminar and the Tortora Bradya Institute, and frequently speaks at industry events to advance collaboration and innovation in the field.______________________Follow us!@worldxppodcast Instagram - https://bit.ly/3eoBwyr@worldxppodcast Twitter - https://bit.ly/2Oa7BzmSpotify - http://spoti.fi/3sZAUTGYouTube - http://bit.ly/3rxDvUL#cybersecurity #cybercrime #cyberthreats #scam #darkweb #internet #safety #password #protection #explore #explorepage #podcastshow #longformpodcast #longformpodcast #podcasts #podcaster #newpodcast #podcastshow #podcasting #newshow #worldxppodcast
Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers' riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. Selected Reading Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs (Zero Day) Senator puts hold on Trump's nominee for CISA director, citing telco security 'cover up' (TechCrunch) Infosec experts fear China could retaliate against tariffs with a Typhoon attack (The Register) New US Cyber Command, NSA chief glides in first public appearance (The Record) LARGE LANGUAGE MODELS ARE UNRELIABLE FOR CYBER THREAT INTELLIGENCE (ARXIG) Nissan Leaf Hacked for Remote Spying, Physical Takeover (SecurityWeek) TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials (Cyber Security News) Study Identifies 20 Most Vulnerable Connected Devices of 2025 (SecurityWeek) Authorities Seized Smokeloader Malware Operators & Seized Servers (Cyber Security News) Flipper Zero maker unveils ‘Busy Bar,' a new ADHD productivity tool (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Wendi Walker, a Senior Cyber Threat Intelligence Analyst at IHG Hotels & Resorts. The conversation touched on Wendi's journey into cyber threat intelligence from her military and traditional intelligence background. She shared insights from her time at the Georgia Bureau of Investigation and working on various federal and state law enforcement task forces. There were also discussions about the importance of a curious and investigative mindset for success in intelligence, the evolution of cybercrime, the rise of agile ransomware groups, AI-powered phishing attacks, zero-day threats, and lots more.Support the show
Transitioning from Sales to Cyber ThreatIntelligence with Mary D'Angelohttps://www.linkedin.com/in/dangelomary/ In this episode of 'Breaking into Cybersecurity,' we sit down with Mary D'Angelo, a Solutions Lead at Filigran, to discuss her journey from a sales and marketing background into the technical field of cyber threat intelligence. Mary shares insights on her professional path, the importance of continuous education, understanding threat actors and their TTPs, and the benefits of leveraging AI in threat intelligence. She alsooffers practical advice for those looking to transition into cybersecurity and emphasizes the value of networking and community. Join us for an in-depth discussion that aims to inspire and inform aspiring cyber professionals. 00:00 Introduction and Guest Welcome00:59 Mary's Background and Career Journey01:38 Transition from Sales to Cybersecurity04:07 Understanding the Dark Web05:42 Explaining TTPs and Training06:18 Recommendations for AspiringCybersecurity Professionals09:05 Continuous Learning and Automation11:45 Final Tips and NetworkingSponsored by CPF Coaching LLC - http://cpf-coaching.comThe Breaking into Cybersecurity: It's a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.Check out our books: Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUIHack the Cybersecurity Interview: Navigate Cybersecurity Interviews with Confidence, from Entry-level to Expert roleshttps://www.amazon.com/Hack-Cybersecurity-Interview-Interviews-Entry-level/dp/1835461298/Hacker Inc.: Mindset For Your Careerhttps://www.amazon.com/Hacker-Inc-Mindset-Your-Career/dp/B0DKTK1R93/
Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations. For a complete reading list and even more information, check out Rick's more detailed essay on the topic. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online. Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes. Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College. Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget. Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives. Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire. Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives. Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading. Timbuk 3, 1986. The Future's So Bright, I Gotta Wear Shades [Song]. Genius. Timbuk3VEVO, 2009. Timbuk 3 - The Future's So Bright [Music Video]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit megaphone.fm/adchoices
Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with Steve Diamond, a Senior Intelligence Supervisor - Fraud Intelligence at SHEIN Technology LLC. The conversation covered the importance of collaboration in cyber threat intelligence (CTI), Steve's journey into CTI, his experiences, and best practices for conducting effective threat intelligence-driven investigations. Steve also shared some valuable advice for those looking to break into CTI and much more.Support the show
Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You're a Dog [History]. Know Your Meme. Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search. Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3). Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business. Learn more about your ad choices. Visit megaphone.fm/adchoices
Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What's behind Trump's surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference' [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk's misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times. Learn more about your ad choices. Visit megaphone.fm/adchoices
Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What's behind Trump's surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference' [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk's misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times.
Send Bidemi a Text Message!Support The Bid Picture PodcastIn this episode, host Bidemi Ologunde spoke with Nigel Boston, a Senior Threat Intelligence Analyst at Grainger. The conversation covered how Nigel got into cybersecurity and how anyone can transition into the field using their unique set of transferable skills. Nigel shared his thoughts on the hard and soft skills he thought were important prior to getting into cybersecurity versus the ones he uses daily. He also talked about the need to understand the business of your organization and the value of having a personal roadmap for success. The discussion also covered basic cybersecurity practices, advice for those considering a career in the field, and the key role discipline plays in achieving success in any endeavor, and lots more.Support the show
In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices
In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.
Cybercriminal gangs are infiltrating popular online community platform Discord to plan their schemes and teach a new generation of hackers, according to a new report shared first with Axios. Jeremy Kirk is the Executive Editor, Cyber Threat Intelligence at Intel 471. In this episode, he joins host David Braue to discuss why this is happening, the threat it poses to gamers, and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack. This week on CSO Perspectives This week on N2K Pro's CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here. Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT malware (Security Affairs) California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek) Finance: Secret Bank Ratings Show US Regulator's Concern on Handling Risk (Bloomberg) U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews) Internships can be a gold mine for cybersecurity hiring (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant's Chief Analyst. References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate. Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire. Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant. Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber's Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene's VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity. [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices
"They're not trying to be gracious here. They're trying to make as much money as they can with that personal data.” - Mary D'Angelo Join us for this Secure Talk podcast to unmask the activity of cyber criminals on the dark web. Mary D'Angelo, an expert in Cyber Threat Intelligence, helps us “follow the money” and understand the aggressive tactics being used by threat actors to steal and monetize your data. Discover how these criminal organizations are monetizing your personal data before it even surfaces in the dark corners of the internet and how the long tail of data breaches can follow your organization for years.
With any new technology, malicious actors exploit vulnerabilities and create uncertainty. But there are tools investigators, regulators, and cybersecurity professionals can use to fight back. In this special episode, Chainalysis' Jackie Burns Koven, Head of Cyber Threat Intelligence is interviewed and Amit Kumar, Partner at Accel shares how to mitigate risks and build trust in emerging spaces, drawing from her work across the cryptocurrency and blockchain landscape. Since Chainalysis launched in 2014, the platform has been used to solve some of the world's most high-profile criminal cases and safely expand consumer access to cryptocurrency. Jackie joined Chainalysis in 2019 after serving as an Intelligence Officer in the U.S. Department of Defense. In this conversation, she reflects on the crucial role Chainalysis plays in enhancing blockchain safety and ensuring its viability. She also offers valuable advice on how early-stage startups and leaders can stay informed in the rapidly evolving tech ecosystem, and how they can think about implementing their own systems. The episode also explores the challenges new technologies like AI face from malicious actors, the importance of effective collaboration between technology and government agencies, and the steps needed to stabilize the crypto industry long-term. Minute-by-minute episode breakdown 2 |Introduction to Chainalysis 7 | Why Chainalysis is working with government agencies to fight bad actors 16 | How the blockchain threat landscape is evolving with AI 15 |The role of education in rising crypto threats, like pig butchering 28 | Advice for staying up to date on the rapidly evolving technology ecosystem 32 | Building a Cyber Threat Intelligence team; Jackie's roles Related resources Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key. Website: Accel: First partner to exceptional teams everywhere Article: Chainalysis' Journey with Accel Article: Our Investment in Chainalysis: Meet the startup that brought down the biggest dark web marketplace Interview: Secrets to Scaling with Chainalysis' Michael Gronager: “Growth and scaling are the hardest things to get right" Podcast: Accel Spotlight ON (Weekly Podcast Series) Event: TraceDC (July 16-17) The leading public sector event of the cryptocurrency ecosystem YouTube: Chainalysis YouTube page Twitter: Chainalysis Twitter: Building trust in blockchain Tik Tok: Building trust in #blockchains among people, businesses, and governments. Telegram: Chainalysis on Telegram Speakers on today's episode Amit Kumar * Host * (Partner, Accel) Jacqueline Burns Koven (Head of Cyber Threat Intelligence, Chainalysis) This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.
Guest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that! In Anton's experience, a lot of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that? One aspect of threat intelligence that's always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one? You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like? Are there other parts of your background that inform the work you're doing and how you see yourself at Google? How does that impact our go to market for threat intelligence, and what're we up to when it comes to keeping the Internet and broader world safe? Resources: Video EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons EP128 Building Enterprise Threat Intelligence: The Who, What, Where, and Why EP112 Threat Horizons - How Google Does Threat Intelligence Introducing Google Threat Intelligence: Actionable threat intelligence at Google scale A Requirements-Driven Approach to Cyber Threat Intelligence
In the dynamic and ever-changing world of cybersecurity, it is crucial to remain at the forefront of addressing vulnerabilities, implementing innovative solutions, and getting to know companies that are making a differences in this industry. At Infosecurity Europe 2024 in London, Sean Martin sits down with Francesco Cipollone, co-founder of Phoenix Security, to discuss the company's journey, achievements, and unique value propositions, highlighting their significant impact within the cybersecurity community.Setting the StageThe bustling environment of Infosecurity Europe 2024 serves as the backdrop for an engaging conversation about the latest cybersecurity trends. Martin and Cipollone delve into Phoenix Security's origins as an internal project at HSBC, aimed at addressing engineer burnout by improving communication and prioritization in vulnerability management.Phoenix Security's Journey and VisionCipollone explains how Phoenix Security was created to help engineers avoid burnout, originally focusing on solving communication and prioritization challenges in vulnerability management. This initiative quickly evolved into a comprehensive solution that bridges the gap between security and engineering teams by providing actionable risk assessments and automating decision-making processes.Innovative Solutions for Modern Cybersecurity ChallengesPhoenix Security stands out by offering powerful tools that streamline vulnerability management across enterprise systems. Their platform allows for better scheduling of workloads and prioritization of tasks, significantly reducing the time it takes to address vulnerabilities from hours to just minutes. This efficiency not only prevents engineer burnout but also ensures that security measures are implemented effectively.Success Stories and Client FeedbackCipollone shares success stories from clients like ClearBank, who have benefited from real-time, up-to-date asset inventory and operational insights. By using Phoenix Security, these organizations can engage in informed risk-based decision-making, enabling security teams to focus on high-impact vulnerabilities and maximize risk reduction.Expanding Reach Through Strategic PartnershipsHighlighting the importance of collaboration, Cipollone mentions Phoenix Security's recent partnership with Booncheck. This partnership integrates advanced threat intelligence into the Phoenix platform, offering clients access to a wealth of vulnerability data and enabling more effective risk management strategies.ConclusionThe conversation concludes with insights into future security trends and Phoenix Security's commitment to innovation and community-driven solutions. Cipollone emphasizes that Phoenix Security aims to simplify decision-making processes, giving engineers and security professionals more time to focus on what truly matters.We encourage all ITSPmagazine viewers and listeners to connect with the Phoenix team, download their new book, and stay tuned for more updates from Infosecurity Europe 2024.Learn more about Phoenix Security: https://itspm.ag/phoenix-security-sx8vNote: This story contains promotional content. Learn more.Guest: Francesco Cipollone, CEO & Founder at Phoenix Security [@sec_phoenix]On LinkedIn | https://www.linkedin.com/in/fracipo/On Twitter | https://twitter.com/FrankSEC42ResourcesLearn more and catch more stories from Phoenix Security: https://www.itspmagazine.com/directory/phoenix-securityView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.
Information used by leadership to make decisions regarding the cybersecurity posture of their organization. Learn more about your ad choices. Visit megaphone.fm/adchoices
Host Bidemi Ologunde spoke with Ileana Damaso for the second time on TBP. Ileana is an open-source intelligence (OSINT) aficionado and the conversation touched on ways to stay safe online and on social media, as well as how she uses OSINT to assist with Amber Alerts investigations and other cyber investigations. She was previously a guest on TBP (Episode 145 - May 4, 2022).Support the show
Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, joins to share a look at the cyber threats to the 2024 global elections. Ben and Dave both review Supreme Court oral arguments in two cases relating to state regulation of social media companies. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Links to the stories: Justices skeptical of Tex., Fla. laws that bar platforms from deleting content Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices