Joining us this week is Jason Steer, principal security strategist at Recorded Future. Our conversation centers on the state of threat intelligence in a rapidly changing security environment, how organizations are adapting and evolving their threat intelligence strategies, as well as Jason Steer’s outlook on some of the security challenges professionals are likely to face in the year ahead.

Rick Howard has enjoyed a distinguished career in cybersecurity, including time in the U.S. Army and as chief security officer at Palo Alto Networks. These days, I’m proud to call Rick my colleague at the CyberWire, where he serves as our chief security officer and chief analyst.  Rick Howard is also creator of the podcast series CSO Perspectives, where he explores the wide spectrum of issues facing chief security officers. In an early season of that show, Rick focuses on the notion of first principles, the foundational notions on which our fundamental security ideas and beliefs rest. Rick Howard joins us this week for an overview of first principles — what it means, how to implement it, and how to convince the powers that be in your organization that it’s the right thing to do.

Bad actors continue to accelerate their use of inauthentic or captured online identities to facilitate their activities. Whether it’s phishing for credentials, making use of leaked identity databases or scraping publicly accessible information, they take advantage of weaknesses in identity management systems and inadequate awareness to make their way into and, once inside, around systems. Our guest this week is Recorded Future’s Vice President of Product Management, Jamie Zajac. She explains the ongoing challenges organizations face with identity fraud, and what can be done to prevent it.

Distributed Denial of Services attacks continue to grow in size, frequency and sophistication, and it’s in every organization’s best interest to properly prepare themselves against this sort of online attack.  The team at Cloudflare recently published their 2021 Q3 report on DDoS, outlining their observations and recommendations for mitigating DDoS attacks. Joining us is John Graham-Cumming, CTO at Cloudflare, to share his insights on the state of the DDoS threat, and where things may be headed.

Joining us this week is Herbert Lin, Senior Research Scholar at the Center for International Security and Cooperation and Hank J. Holland Fellow at Stanford University. He’s author of the book, Cyber Threats and Nuclear Weapons, in which he outlines the challenges the U.S. faces in modernizing the control systems for our nuclear weapons arsenal, the dangers of connecting these systems to the internet, and the peril of feature-creep and increased complexity in the nuclear age.

Recorded Future’s Insikt Group recently published a report titled, “Cyber Threats to Veterans in 2021: Spam and Scams Exploit Support for Veterans.” The report outlines the ways online scammers are targeting both veterans themselves and people who may be sympathetic to causes that claim to support veterans.  Andrew McIntyre and David Carver are members of the Recorded Future Insikt Group’s subscriptions and periodicals team, and they join us with insights from the report. 

On this week’s show we welcome back Recorded Future’s Allan Liska to discuss his newly published book, Ransomware: Understand, Prevent, Recover. In the years since Allan co- authored his previous book on ransomware much has changed, with an increased sophistication from the threat actors, higher ransom demands and extortion thrown into the mix. Allan Liska explains these changes, and provides his expert insights on what organizations need to do to protect themselves from this continuing threat. 

The Cybersecurity and Infrastructure Security Agency, better known as CISA, was spun up in 2018, operating under the Department of Homeland Security. In July of 2021, Jen Easterly was confirmed by the US Senate as director of CISA, and under her leadership the organization has continued its efforts toward public private partnerships in cybersecurity. CISA recently established the Joint Cyber Defense Collaborative (JCDC), an effort by the agency to lead the development of proactive cyber defense operations plans. Kiersten Todt is chief of staff at CISA, and she joins us with insights on the agency’s efforts.

Deepfakes and other synthetic media have been grabbing headlines recently for a spectrum of reasons, from unauthorized celebrity pornography to comedy memes and even alleged fraud cheating companies out of hundreds of thousands of dollars. It’s a rapidly evolving technology that, like most technological innovations, can be used for good or evil. Henry Ajder is head of policy and partnerships at Metaphysic, an organization at the cutting edge of synthetic media. He joins us to help make sense of synthetic media, and why as security professionals we need to stay vigilant about the pros and cons of the technology.

The cybercriminal group FIN7 made a name for themselves in the criminal underworld for being responsible for large-scale payment card theft campaigns, resulting in the exposure of over 20 million card records. More recently they’ve set their sights on ransomware, as well, and to support their efforts they began recruiting employees using a bogus cybersecurity company using the name Bastion Secure. Our guest today is Ilya Volovik, team lead for the threat intelligence team at Gemini Advisory, a Recorded Future company. He and his colleagues recently published research titled FIN7 Recruits Talent For Push Into Ransomware. He describes how a source reached out to describe being recruited by the FIN7 decoy company, which led to insights into some of the tools they use.

Like most emerging technologies, artificial intelligence can be used for good or bad, depending on who’s using it, their intentions and how they apply it. There can also be unintended consequences, which presents policy makers with challenges when trying to apply guard rails to things like AI.    Our guest today is Megan Jacquot. She’s an associate cyber security threat intelligence analyst at Recorded Future. On today’s episode, Megan describes her work with international non profit ForHumanity, and how they aim to be an informed source for policy makers who are setting the rules of the road on the future internet.

Recorded Future’s Insikt Group recently discovered a new Canada-focused darknet marketplace called WeTheNorth. This localized criminal marketplace features a variety of illegal goods and services for sale, many of which pose a threat to local and global enterprises. WeTheNorth administrators have gone to great lengths to create a marketplace geared toward protecting Canadian buyers and sellers and fostering a relatively safe place to complete transactions. On this week’s episode we welcome back Recorded Future threat intelligence analyst Charity Wright to provide insights on WeTheNorth and the techniques she and her colleagues used to analyze the group.

Our guest this week is Harry Kemsley. He’s president of national security and government at defense intelligence organization, Janes. Prior to joining Janes, he spent 25 years in the Royal Air Force.  Harry Kemsley is author of a recent opinion piece published in The Hill, titled In OSINT we trust? In it, he makes the case that many intelligence organizations around the world would do well to increase their use of open source intelligence. To do that, there are cultural issues regarding the reliance on classified sources that may need to be overcome, but in the end, he believes the benefits are worthwhile.

Our guest this week is Kimberly Grauer. She is the director of research at Chainalysis, where she examines trends in cryptocurrency economics and crime.  Kimberly Grauer joins us with insights on the state of cryptocurrency around the world, the cultural and regional considerations that play into adoption by individuals, organizations and governments, and where she thinks things are headed. 

Ransomware threat actors continue to make their way into systems of organizations big and small all over the world, leading to business interruptions, financial loss, and reputational damage. Even more troubling are recent reports attributing loss of life to ransomware attacks on medical facilities.    Our guest this week is Recorded Future threat intelligence analyst Dmitry Smilyanets. He brings his experience and unique insights to the conversation, with the latest tactics, techniques and procedures he and his colleagues are tracking from ransomware operators. 

Our guest this week is veteran journalist and author Dina Temple-Raston, the newest member of the team at The Record by Recorded Future. Her distinguished career has included assignments at Bloomberg, The New York Sun, and most recently NPR, where she was a member of their Breaking News Investigations team. She shares her own professional story, why she chose to join the team at The Record, and how she sees cybersecurity journalism shaping up in the coming years. 

Recorded Future’s Insikt Group recently published a report titled, Dark Covenant: Connections Between the Russian State and Criminal Actors. The report outlines the categories of cyber criminals enjoying privileged status within Russia, along with their often fluid relationships with official Russian authorities.  Joining us to discuss the report is a Senior Threat Intelligence Analyst from Recorded Future’s Insikt group. Due to the sensitive nature of the report and her part in gathering information in it, we are respecting her request to remain anonymous. 

Joining us this week is John Kelly, founder and CEO of Graphika, a software as a service platform for contextual influence mapping, social media marketing, advertising and analytics. He shares his career journey toward the formation of Graphika, and explains the foundational principles behind mapping complex online social networks, the challenges it presents, and what it means for a world faced with ever-increasing levels of disinformation and influence operations.

Our guest this week is Gunter Ollmann, chief security officer at security analytics firm Devo. He shares his insights on the history and evolution of security analytics, the challenges organizations face when implementing them, the network effects of cloud migration, as well as strategies for making the case to the organizational powers that be that security analytics are a wise investment.

Scholars and researchers from the think tank New America recently released an education policy initiative titled, Teaching Cyber Citizenship — Bridging Education and National Security to Build Resilience to New Online Threats. The report outlines challenges facing educators when it comes to preparing students for the online world, describes the broad spectrum of reasons why it’s important that they are properly prepared, and provides resources and potential solutions for communities and school systems to adopt.  Joining us this week are two of the report's coauthors, Lisa Guernsey, director of New America’s Teaching, Learning and Tech Program, and Peter W. Singer, strategist and senior fellow.

Joining us this week is Jamil Jaffer, senior vice president for strategy, partnerships & corporate development at IronNet Cybersecurity, the organization founded by retired General Keith Alexander, former Director of the National Security Agency and Founding Commander of U.S. Cyber Command. Our conversation covers a variety of topics, including Jamil Jaffer’s own career journey on Capitol Hill and as a self-described “recovering lawyer”, his views on the steps the Biden administration has taken so far in cyber defense, as well as IronNet’s involvement in defending the network operations center at this year’s BlackHat.

Our guest this week is Lauren Zabierek, Director of the Cyber Security Project at Harvard's Belfer Center. She’s co-author of a recently published report on the Belfer Center’s Russia Matters website titled, “US-Russian Contention in Cyberspace: Are Rules of the Road Necessary or Possible?” It’s a compelling look into the state of Russo-American relations in cyberspace, why progress in this area is challenging, and what steps might be taken to help both nations work toward improved understanding and, someday, cooperation.

Our guest this week is Rachel Lerman, technology reporter at The Washington Post. She’s coauthor of a recent piece featured in the Post’s technology section titled, The Anatomy of a Ransomware Attack. The piece explains the who, what, when, where, and why of the growing, global problem of ransomware attacks. It’s one of those helpful explainers that those of us in the cybersecurity business can keep at the ready to pass on to our friends and colleagues who ask what this whole ransomware thing is all about, and why they should be concerned.

Recorded Future’s Insikt Group recently released research outlining China’s attempts at what they describe as digital colonization. A focus of China’s efforts involve providing attractive, cost-effective infrastructure deals for developing African nations, using technology sourced from China, technology that includes substantial surveillance capabilities. For some regimes this is all the better, but for others it means joining the online global marketplace in exchange for allowing Chinese authorities an unfettered view into their nation’s online activities.  To help us understand the implications of this bargain we welcome back to our program Recorded Future’s Charity Wright, expert cyber threat intelligence analyst. 

Joining us this week is Ryan Chapman, Principal Incident Response & Forensics Consultant at Blackberry.  Our conversation centers on his belief that most organizations aren’t nearly as prepared for a ransomware incident as they think they are, a belief that has been formed from countless engagements with groups who found out the hard way that their backups have issues, or their overall incident response plan comes up short. We explore the spectrum of reasons why that may be so, and discuss practical ways for security professionals to balance their organization’s resources with their appetite for risk.

Our guest this week is Ryan Naraine. He’s the creator and publisher of Security Conversations, a publication covering the business of cybersecurity through the lens of a veteran journalist and storyteller with a focus on the business trends driving decisions for CEOs, CISOs, and engineering decision makers. We’ll learn how Ryan helps bridge the gap between well-intentioned CISOs doing their best to keep their organizations safe and secure, and cybersecurity vendors trying to cut through the marketing noise and hype.

Recorded Future’s Insikt Group recently published the latest version of their annual report focused on the political landscape facing the LGBTQIA+ community worldwide in the last year. The report is titled Pride and Prejudice in Shifting Landscape of LGBTQIA+ Laws Worldwide, and it tracks both progress and challenges the Pride Community face around the globe.  Joining us to share insights from the report as well as the story behind its inception are Recorded Future’s Lea Cure and Evan Akin. 

It’s fair to say that the explosive growth in ransomware attacks over the past year or so, combined with the big-game-hunting approach from ransomware operators, has set the cyber insurance industry back on its heels. As the direct and indirect costs of cyber attacks have increased, insurance providers have taken a renewed approach to cyber, and the role they play in helping set standards for detection, resilience and incident response. Michael Phillips is Chief Claims Officer of the cyber insurance firm Resilience. He also serves as Co-Chair of the Ransomware Task Force convened by the Institute for Security & Technology. He joins us with insider insights on how specialists in the cyber insurance world are adapting to a rapidly evolving landscape. 

There’s a versatile, easy-to-use utility being offered for sale on underground hacker forums, called HackMachine. It allows users to target victim domains and scan sites for known vulnerabilities, attempt brute force attacks, and ultimately inject paycard skimmers or exfiltrate user databases and personally identifiable information. Ilya Vovovik and Shane Asher are researchers at Gemini Advisory, a Recorded Future company, and they join us with key findings from their research into HackMachine, along with advice on how to best protect your organization against it.

Joining us this week is Jon Ford, Managing Director of Global Government Services & Insider Threat Risk Solutions at Mandiant. Our conversation centers on his experience with effective insider threat programs, from both a technical and human perspective. With twenty years of experience in the FBI before joining Mandiant, Jon Ford gained extensive knowledge from bringing to justice some of the world’s most notorious cyber criminals, knowledge which informs his approach to solving today’s most pressing security issues.

This week we welcome back to the show Lindsay Kaye, director of operational outcomes with Recorded Future’s Insikt Group. We’ll discuss their recently published report, titled “Bad Code: Upstream Code Flaws Have Far-Reaching Consequences.” The report highlights some of the often-overlooked ways in which code can be compromised. Lindsay takes us through specific examples from the report, and provides her expertise on how to best protect your organization’s supply chain from them.

Joining us this week is Jack Cable. He’s a security researcher and student at Stanford University, currently a researcher with the Stanford Internet Observatory and the Stanford Empirical Security Research Group. Jack built a reputation for himself in hacker circles as a talented and prolific bug bounty hunter, and is ranked within the top 100 hackers all-time on HackerOne. He started his cyber security pursuits as a teenager, and joined the Defense Digital Service out of high school, where he helped run the Hack the Pentagon bug bounty portfolio, advised on the next iteration of the DoD Vulnerability Disclosure Program, and built innovative cybersecurity assessment tools.

Our guest this week is Niloo Razi Howe. She is a Senior Operating Partner at Energy Impact Partners, and an investor, entrepreneur, and cybersecurity expert.  Our conversation centers on some of the cybersecurity policy decisions coming out of the Biden Administration, the challenges of ransomware and attribution, dealing with adversary nation states willing to turn a blind eye on cybercrime, as well as her outlook for possible solutions to these challenges.

The Emotet malware and cybercrime campaign recently made headlines, not for infecting victims with Trickbot or Qbot malware or spinning up a new botnet, but instead for being taken down by law enforcement. In January of this year, an international effort led by Europol took control of Emotet infrastructure, effectively taking it down, as well as making arrests of alleged perpetrators in Ukraine.  To help us understand the impact of the takedown on the global malware ecosystem, I’m joined this week by Greg Lesnewich, senior intelligence analyst with Recorded Future’s Insikt Group.

The Institute for Security and Technology recently published a report titled, “Combating Ransomware: A Comprehensive Framework for Action, Key Recommendations from the Ransomware Task Force.” In their words, the report, “details a comprehensive strategic framework for tackling the dramatically increasing and evolving threat of ransomware, a widespread form of cybercrime that in just a few years has become a serious national security threat and a public health and safety concern.” Joining us to discuss the report is Philip Reiner, Chief Executive Officer at The Institute for Security and Technology.

Our guest this week is Collin Barry, Director of Cyber Threat Intelligence at Expedia Group. He shares his career path, including globetrotting stops at the CIA and with Booz Allen Hamilton, and what his day-to-day looks like at Expedia Group, leading their threat intelligence efforts, protecting their online travel and marketplace endeavours. He shares his experience starting a threat intelligence operation from scratch, how he established buy-in from stakeholders, as well as why he believes attribution is secondary to understanding adversary tactics. 

This week we welcome back to our program security pioneer Graham Cluley. After starting his career writing the original version of Dr. Solomon’s Antivirus Toolkit for Windows, Graham moved on to senior position at Sophos and McAfee. In 2011 he was inducted into the Infosecurity Europe Hall of Fame. These days, he’s an independent blogger, podcaster and media pundit. Our conversation takes a sometimes nostalgic look back at the origins of computer malware, what it was like fighting the good fight back then, how things have developed over the years, and what he thinks the future may hold. 

Our guest this week is Anjuli Shere. She’s an analyst, writer, and researcher, currently pursuing a doctorate in Cyber Security at the University of Oxford. Anjuli’s research centres on emerging threats to journalists from new internet-connected technologies. She is creating a framework for news organizations and journalists in democratic countries to improve the protection of their staff and sources against threats from the Internet of Things.

Recorded Future’s Insikt Group recently published a research report titled, The Business of Fraud: An Overview of How Cybercrime Gets Monetized. The report describes the types of fraud methods and services currently used by threat actors to facilitate their campaigns. It provides an overview of some notable recent developments, lists some of the top vendors of these services on the criminal underground, and provides suggested mitigations for defenders to implement.  Joining us this week to discuss their findings are Recorded Future’s Kirill Boychenko and Roman Sannikov both members of the Insikt Group’s team cybercrime and underground. 

Joining us this week is Madiha Fatima, a director and head of third-party risk management at Angelo Gordon.  Our conversation centers on creating and maintaining an effective third-party risk management program. We discuss creating an effective due diligence process, integrating automation and process efficiencies, as well as some of the emerging risks she and her team are tracking. We address the human side of risk management, and Madiha shares her advice for keeping your risk management program thorough, while not finding yourself overwhelmed.

For this week’s show we welcome back Allan Liska, a member of Recorded Future’s CSIRT security team. Allan updates us on the latest trends he and his colleagues are tracking on the ransomware and online extortion fronts. We discuss the growing sophistication of the tools and tactics attackers are using, and the remarkable brazenness with which they do their business.

We're sharing a special bonus episode in your feed this week, from the CyberWire's CSO Perspectives podcast hosted by Rick Howard.  This episode, Cybersecurity First Principles: Intrusion Kill Chains, Rick talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.

Our guest this week is a true internet pioneer. Paul Vixie describes himself as a “long time defender of the internet.” He’s  an author or co-author of several RFC documents and open source software systems including BIND and Cron, a serial entrepreneur now CEO and co-founder of his fifth startup company, Farsight Security, and an inductee into the Internet Hall of Fame.  He joins us with insights on how we are suffering the ramifications of early internet design choices, what that means for global networking going forward, and, specifically, why he believes it’s best not to rely on outsourcing your DNS.

On the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they’re tracking.

Our guest this week is Sir David Omand. He is former director of GCHQ, one of the UK’s primary intelligence agencies, and  is currently Visiting Professor in War Studies, King’s College London.  We’ll be discussing his career in intelligence and public service, the changes he’s seen along the way, and we’ll discuss his most recent book How Spies Think: 10 Lessons from Intelligence.

On today’s program, a conversation with a pair of CEOs from leading companies in the cyber security industry. Joining us are Marten Mickos, CEO of bug bounty platform provider HackerOne, and Christopher Ahlberg, CEO at Recorded Future.  They share their insights on what it takes to be a successful CEO in a rapidly changing cybersecurity field, the importance (or not) of having deep technical skills, differentiating yourself in a crowded marketplace, and the ongoing challenges of the unknown unknowns.

Deepfakes continue to be a growing security concern. As the technology to alter video footage and replace one person's face with another’s has advanced in ease, sophistication and availability, the use of deepfakes has become more broadly prevalent, extending beyond novelty use to become another tool in the adversary’s playbook.  Our guest today is Andrei Barysevich, cofounder and CEO of fraud intelligence firm Gemini Advisory. He shares his insights on the growing criminal market for deepfakes, and how organizations can best prepare themselves to defend against them.

Our guest this week is Simon Hodgkinson. He’s a security professional with over 35 years of experience in the space, most recently as CISO for BP. In our conversation, Simon shares his thoughts on the evolution of the cyber security space that he’s witnessed over the course of his career, and how we might address the industry skills gap that’s leaving millions of jobs unfilled. We’ll get his take on threat intelligence, as well as his advice for folks who are looking to pursue a career in cyber security.

The last few years, and the most recent election cycle in particular, have brought unprecedented levels of misinformation and disinformation to the fore. This era of online disinformation bots, fake news, and  interference from foreign adversaries has sown the seeds of division in our culture, much of it distributed and amplified on social media platforms.  Jane Lytvynenko is a senior reporter at Buzzfeed News, and the past several years she’s been focused on disinformation — where it comes from, who’s seeing it, how it works, and what might be done to defend against it. She joins us to share her insights.

Our guest is Nick Sinai, Senior Advisor at Insight Partners, a global venture capital and private equity firm investing in high-growth software companies. Before joining Insight in 2014, Nick served in the White House, where he was U.S. Deputy Chief Technology Officer. At the White House, Nick led President Obama’s Open Data Initiatives and helped start and grow the Presidential Innovation Fellows program, which brings entrepreneurs, innovators, and technologists into government.  Nick is a senior fellow and former adjunct faculty at the Harvard Kennedy School, where he taught a technology and innovation in government field class. Nick is also an advisor to Coding It Forward, a nonprofit that places computer science, data science, and design students in federal agencies.

The COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run of the mill money scams to targeting phishing, business email compromise and even espionage.  Recorded Future’s INSIKT research group has been following these money trails and correlating them with a spectrum of bad actors around the globe. They recently published their findings in a blog post titled, “Follow the Money: Qualifying Opportunism Behind Cyberattacks During the COVID-19 Pandemic”. On today’s episode we’ve got a pair of INSIKT group researchers joining us to share their expertise. Lindsay Kaye is Director of Operational Outcomes for the Insikt Group at Recorded Future, and Charity Wright is a Cyber Threat Intelligence Analyst.

  The ​International Spy Museum​ in Washington, D.C. is a private non-profit museum dedicated to the tradecraft, history, and contemporary role of espionage. It boasts the largest collection of international espionage artifacts currently on public display, and says “The Museum's mission is to educate the public about espionage and ​intelligence​ in an engaging way. It provides a context for understanding the important role intelligence has played in history and continues to play today.” Our guest today is Andrew Hammond, Historian and Curator of the International Spy Museum. He shares his perspective on the importance of physical artifacts, and how presenting them to the public with meaningful context can help us understand our history and give us insights on how the past may inform our future.

Stories about the recently uncovered breach of the SolarWinds Orion software have been dominating the news lately, and the situation is still continuing to evolve. In this episode, we speak with Jonathan Condra, senior manager for strategic and persistent threats with Recorded Future’s Insikt Group, to get his perspective of what this breach is all about, where we stand in terms of attribution, what it means for the security community writ large, and whether or not a breach like this rises to the level of a “Cyber Pearl Harbor” or “Cyber 9/11.”

Joining us this week is Aarti Borkar, vice president of product for IBM Security. She shares the story of her professional journey, starting out as a self-described data-geek through the path that led her to the leadership position she holds today. She shares her views on artificial intelligence, and how she believes it can be an enabler for security and the business itself. And we’ll get her thoughts on welcoming new and diverse talent to the field.

Our guest this week is John Ayers, Executive Vice President, Chief Strategy Product Officer and head of Security Operations at Nuspire, a managed security services company. Our conversation centers on John’s assertion that threat hunting has become an indispensable element of security strategy for many organizations. He explains the evolution of threats that led him to that conclusion, and we’ll discuss how organizations can best approach implementing threat hunting into their own defensive plans.

Our guest this week is Jeff Fagnan, founder and managing director at Accomplice, a venture capital firm focused on seed-stage technology companies. He’s worked with well-known companies such as Carbon Black, FreshBooks, Patreon, Veracode, and yes, Recorded Future. Jeff shares his perspective on what he looks for in a hopeful entrepreneur, the hard problems he wants to see them tackling and the importance of their ability to communicate their vision and their passion. We’ll hear his optimistic vision of the coming year, and why he believes cyber security is a foundational element of every modern company.

Our guest this week is Andy Ellis, chief security officer of Akamai Technologies. He shares the professional journey that led him to Akamia, along with his recollections of the early days of online data sharing when bandwidth was expensive and pipes were small, and the uncertainty of being part of an ambitious internet startup. We’ll learn about his management style, the importance of a company culture built on trust and communication, and, of course, we’ll get Andy’s take on threat intelligence.

The global transition to 5G mobile technology is well underway, with ongoing network build-out and increased availability of 5G enabled devices able to take advantage of the increased speed and capacity of the next generation network.  The transition has attracted an odd type of controversy, primarily from conspiracy theorists who claim that 5G is responsible for everything from brain cancer to COVID-19, or that it’s some sort of high tech mind-control system put in place by some secret global governing body. Most find these ideas farfetched and absurd, but there are enough people out there who follow this line of thinking that it presents real security issues for the companies who are responsible for installing and maintaining these networks.  Joining us this week is Dave Brown, cyber intelligence professional at telecommunications giant BT. One of his primary responsibilities is protecting the people and infrastructure responsible for making 5G a reality. He shares his insights on the tools, tactics and procedures he uses to counter the flood of misinformation, and to ensure the physical protection and availability of 5G for consumers, businesses, and the public sector alike.

Joining us this week is Pierre Noel, managing director for Europe at Astari, a company providing global cyber resilience services for businesses.  Pierre Noel has enjoyed a remarkably broad professional career, with time spent at IBM, KPMG, Microsoft and Huawei, in both deeply technical and business roles. He shares his insights on the ways culture impacts security, the importance of threat intelligence (if your organization is ready for it), and why he believes things are likely to get a lot worse before they get better.

Our guest this week is Mark Goodman, managing director at MassMutual Ventures.  Mark shares the story of his circuitous path to the VC world, with stops along the way at a family furniture business and a PhD in philosophy. We’ll find out what it takes for a hopeful startup to catch his eye, whether or not he thinks cyber continues to be a hot area for investment, as well as his thoughts on what it takes to be a successful venture capital investor.

On today’s podcast episode we welcome back Recorded Future senior intelligence analyst Greg Lesnewich.  He shares his insights on what goes on behind the scenes with the Recorded Future Insikt threat research team, and why he finds the work challenging and rewarding. Then, we discuss the latest on the Trickbot global botnet, how they operate, who they target, and the efforts by the intelligence community and private industry to take them down, or at the very least hinder their efforts.

Our guest today is Paul Battista. He is CEO of Polarity, a firm which brings what they refer to as a memory augmentation platform to incident responders and other security professionals.  Paul Battista’s career includes a broad spectrum of experience, from protecting Wall Street financial organizations to briefing top White House officials as an intelligence officer in the CIA. We’ll learn how being stuck inside during a blizzard led to his creating a popular app, and how that experience opened his eyes to the possibilities of augmented reality and, eventually, to the founding of Polarity.

How many of us can say that we get enough sleep, consistently? And not just the number of hours asleep, but the quality of sleep as well? In this busy world with work, family and community obligations, good sleep often takes a backseat, and we find ourselves drinking that extra cup of coffee to get us going in the morning. Not to mention there’s a global pandemic, which makes everything a little harder. Our guest this week is Lincoln Kaffenberger. He’s the threat intelligence service lead at Deloitte Global, and he has been conducting survey research into the role sleep plays in keeping our organizations safe. Our conversation reviews the data he’s gathered, the conclusions he’s developed, and his recommendations for organizations who want to make sure they’re encouraging a culture where team members are coming to work rested and ready to give their best.

The US Federal Bureau of Investigation, the FBI, has taken an increasingly prominent role in the day to day cyber defense of organizations and institutions here in the U.S., and globally as well. Through the establishment of the IC3, the Internet Crime Complaint Center, the FBI provides an invaluable public resource for prevention, response, and mitigation of cyber threats to businesses and public organizations of all sizes. Joining us this week is FBI cyber division section chief Herb Stapleton. He shares his journey toward a mission-based career in public service, as well as his insights on the FBI’s ongoing efforts to form lasting partnerships with the people they serve.

Our guest this week is Kim Grauer, head of research at Chainalysis, a blockchain intelligence platform provider. She shares the story of her rather whimsical initial interest in blockchain technology, and how it quickly shifted to a serious academic and professional pursuit. We’ll hear her views on cryptocurrency and the impact it’s having on monetary policy around the world, it’s use by criminals, and how initial enthusiasm from investors for anything and everything blockchain related led to a credibility gap that serious researchers are still working to overcome.

We are joined this week by Roman Sannikov, director of cybercrime and underground intelligence at Recorded Future.  The focus of our conversation is a report recently published by Recorded Future’s Insikt research team, titled Russian-Related Threats to the 2020 US Presidential Election. In reviewing the report’s findings, we’ll explore the methods Russian actors have employed in their effort to disrupt and influence the 2020 U.S. presidential election, the context within which these efforts are best considered, and how as individuals, organizations and nation wide we can best counter these efforts to help ensure a safe, smooth election process.

Our guest is Michael Anderson, chief information security officer for Dallas County — the eighth largest county in the United States. He oversees the IT security program for over 6,800 county employees and the electronic records for over 2.6 million residents.  Michael shares his career journey, including 10 years served in the Army in the Intelligence Corp, and over 20 years of strategic and tactical expertise across a wide-range of IT disciplines. We’ll find out how he and his team use modern tools to make the most of limited resources, the type of leadership style he uses to inspire and motivate his coworkers, and how he approaches hiring in a highly competitive jobs market.

Our guest is Sal Aurigema, associate professor of computer information systems at the University of Tulsa. He shares his experience in nuclear engineering and serving aboard submarines in the U.S. Navy, his shift to the intelligence community, and his pivot to teaching in higher education.  We’ll learn about Sal’s approach to inspiring his students and why he emphasizes the importance of curating their own personal security intelligence feed. He also explains why he believes there’s a place in cybersecurity for people from all walks of life, and not just those with an interest in computer science and technology.

Kevin Magee is Chief Security Officer for Microsoft Canada. He joins us with his story of early entrepreneurship, persistent curiosity, and a lifelong passion for learning.  He shares the career path that earned him his leadership position with Microsoft, as well as insights on his management style and recruiting methods. We’ll get his take on threat intelligence, and thoughts on where he thinks the cybersecurity industry may be headed.

Craig Adams is the chief product and engineering officer at Recorded Future. He joins us with insights from his decades of experience in the industry, including valuable lessons learned while developing security and business strategies at Akamai. He shares his thoughts on organizations choosing the best mix of security services to meet their needs, the importance of modularity and extensibility, and how to best optimize their investments through security intelligence.

Security professionals at institutions of higher education face a broad spectrum of challenges, from protecting the internal networks of their organizations, to securing intellectual property of research groups, to protecting the personal information of thousands of students and staff every year. Our guest is Bob Turner, chief information security officer and director of the office of cybersecurity at the University of Wisconsin, Madison. He shares insights from his experience leading a team of professionals and students who are tasked with protecting a wide variety of information and systems.

Recorded Future recently announced the launch of a new cyber intelligence news site called The Record by Recorded Future. The publication aims to fill the gap between fast-breaking headlines and long-lead research with expertly sourced reporting and analysis.  Our guest this week is the Editorial Director of The Record by Recorded Future, Adam Janofsky. He shares his background in cybersecurity, privacy, and technology journalism, including prestigious publications like The Wall Street Journal. He shares his aspirations for where he and his colleagues plan to take The Record by Recorded Future, as well as his insights on the state of cybersecurity journalism.

Our guest today is Jim Aull. He’s a solutions architect specializing in security at Verizon.  We’ll hear about Jim’s career path, and then we’ll learn about his role in guiding customers through the technical and organization challenges of selecting and configuring managed security services. He shares insights of common misperceptions he finds companies may have when starting out on their security journey, his suggestions for managing the broad array of available services on offer, as well as the changes he’s been tracking in the industry over the years.

Our guest today is Phil Stokes. He’s a security researcher at SentinelOne, where he specializes in the analysis of attacks against MacOS.  In our conversation, Phil shares his professional journey, how he came to focus on the Mac platform, as well as insights on the state of security on Apple’s desktop operating system. He tracks the growing sophistication of those seeking to attack MacOS, and provides tips for security professionals looking to bolster their defenses.

Our guest today is Shamla Naidoo, a managing partner at IBM Security. With a career spanning over three decades, including 20 years as a CISO, Shamla has excelled in a variety of positions, from engineer to executive.  Shamla joins us with perspectives on why security teams need to effectively communicate with their organization’s board of directors, the best ways to make security indispensable to a business, and why those communication skills are critical to the success and security of an organization. We’ll learn about the unique way she goes about building her teams, and why she believes there are opportunities in cybersecurity for just about everyone.

Our guest today is Sherri Davidoff. She’s the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the hacker culture at MIT, where she adopted the hacker nickname Alien.  She also discusses her insights on the evolution of ransomware, and how she and her team help negotiate with the ransomers on behalf of her clients. We’ll learn more about her leadership style, the importance of team building, and what she looks for when hiring.

As many organizations accelerate their move to the cloud — thanks in no small part to the global pandemic and the shift to working from home — the adoption of SASE protocols is proving attractive. SASE stands for Secure Access Service Edge, but as with most of these technologies, there’s more to it than that. Joining us this week to help our understanding of SASE is John Peterson, chief product officer at Ericom Software. We discuss the motivations for the industry’s move toward SASE, the potential pros and cons, as well as what kinds of businesses it is best suited for. In addition, John shares his views on leadership and what he looks for when hiring members of his team.

With thousands of vulnerabilities reported and classified each year, it can be challenging to keep track of which exploits are actually being used by threat actors. Researchers with Recorded Future’s Insikt Group have been exploring this issue, and one of their key findings is that less sophisticated threat actors often resort to using older vulnerabilities with easily accessible resources and tutorials.  Greg Lesnewich is a threat intelligence researcher at Recorded Future, and he joins us with insights on the tactics, techniques, and procedures commonly seen from these threat actors, the likely motivation behind them, and what security professionals can do to best protect their networks against them.

London has, for centuries, enjoyed its status as one of the cornerstones of the global economy. So it makes sense that it would also be a beacon of innovation and investment in cybersecurity. Our guest today is Jonathan Luff. He’s the co-founder of Epsilon Advisory Partners and CyLon, an incubator for early-stage cybersecurity companies based in the United Kingdom. He discusses his story of his early career in public service, sharing his talents and expertise around the world, his transition from public servant to entrepreneur, and why he believes the U.K. is well positioned for leadership in the growing global cybersecurity industry.

Recorded Future’s Allan Liska is our guest once again this week. This time, he brings a collection of interesting trends and anomalies that he and his team have been tracking. They publish these on the Recorded Future website under the title of “pulse reports.” We’ll take a closer look at ransomware in international financial institutions, credential leaks in the biotech and pharmaceutical industries, as well as the rise of retail phishing campaigns in the midst of the global pandemic.

Our guest is John Zanni, CEO at Acronis SCS, a company dedicated to providing secure backup, disaster recovery, and cyber protection for the U.S. public sector. He shares his unconventional journey into a career in cybersecurity, as well as insights on the unique challenges public sector organizations face when trying to protect valuable assets.  We’ll also get John’s thoughts on threat intelligence, the skills and traits he looks for when hiring, and why he thinks cybersecurity organizations should be recruiting workers from the U.S. military.

Alex Noga is a solutions engineering manager at Recorded Future, and on this week’s show, he joins us to share his insights on enhancing organizations’ ability to make the most of the information they’re gathering by adopting security intelligence. He explains how this approach helps analysts connect the dots and empowers them to focus on the signals that matter — all while blocking out the noise.

Our guest this week is Rick Howard, chief analyst and chief security officer at the CyberWire. Rick’s career included stops in the U.S. Army in signals intelligence, teaching computer science at Westpoint, and pioneering roles in threat intelligence for the military. He’s the former chief security officer for Palo Alto Networks, where he helped create and manage their Unit 42 threat intelligence team.  He shares his insights on his career as a network defender, his take on the essential role of threat intelligence, and what he looks for when hiring members of his team.

Our guest is IT risk analyst James Dawson. James provides advice to global organizations on the issues of threat and cyber risk, and has also consulted with many organizations in the financial industry, including Danske Bank and Freddie Mac. James shares his views on the importance of being able to evaluate risk, and to do so with open eyes and a level head. He emphasizes the value in taking risks in the workplace, especially for younger workers looking to make their mark. He shares his thoughts on threat intelligence, and the challenges organizations face when trying to cut through all of the noise.

Our guest is Chris Cochran, threat intelligence and operations lead at Netflix, and cohost of the Hacker Valley Podcast. We discuss his career in cybersecurity, from his ambitious beginnings as a student, his service in the U.S. Marine Corp and his time at U.S. Cyber Command, as a member of the team pioneering threat intelligence before it was even known by that name. He shares his thoughts on leadership, and well as his development of an intelligence framework that goes by the acronym EASY.

Our guest is Adeel Saeed, veteran cybersecurity expert, technologist, and former CISO at State Street, previously having worked for organizations including the London Stock Exchange and the American Stock Exchange. Our conversation centers on Adeel’s mantra of planning for resilience and eventuality amid a growing range of global threats — in the cyber realm and beyond. He shares his experience after 9/11, how it’s informed his approach to preparing for the worst, and how sometimes, luck plays a part in disaster recovery. We’ll get his views on threat intelligence, and learn why he thinks now is a great time to join the cybersecurity industry.

Our guest is Mihoko Matsubara, chief cybersecurity strategist at Japanese telecommunications company NTT Corporation in Tokyo, where she’s responsible for cybersecurity thought leadership. Previously, Mihoko worked at the Japanese Ministry of Defense and was VP and public sector chief security officer for Asia-Pacific at Palo Alto Networks. Our conversation explores the different approaches to cybersecurity seen in Japan, and the impact those cultural differences have on that nation’s security. We’ll also learn more about Mihoko’s efforts to bridge that gap of understanding, and to help build trust and safety around the world.

Yolonda Smith is head of cybersecurity at Sweetgreen, a fast casual restaurant chain that focuses on salads, with over 100 locations coast to coast in the U.S. Yolonda shares the challenges of securing the array of elements involved in a farm-to-table food service organization, from supply chains to customer credit cards. We’ll learn about her humble beginnings in the Air Force, her approach to problem solving and collaboration, as well her pioneering role in threat hunting — before many people were even calling it that.

Our guest this week is Bob Stasio, global cyber threat leader at Dupont, a global Fortune 500 company with around 35,000 employees. Bob shares his professional pathway beginning in the U.S. Army, with stops along the way at NSA and U.S. Cyber Command, and at private sector companies like Bloomberg and IBM. In this episode, we get Bob’s take on threat intelligence and learn why he thinks automation is one of the key components to future success in securing organizations — both internally and online.

On today’s show, we welcome back Recorded Future’s senior vice president of global intelligence, Levi Gundert, to discuss his newly published book, “The Risk Business: What CISOs Need to Know About Risk-Based Cybersecurity.” In our conversation, Levi makes the case for risk-based cybersecurity and describes the various challenges that organizations face when implementing it. He also proposes updated frameworks and explains the value of strategic threat intelligence.

Our guest today is Nick Kael. He’s chief technology officer at Ericom Software, a company that provides secure web isolation and remote application access software and cloud services. In our conversation, Nick shares his professional journey, including the important lessons his experience in the U.S. military have provided. We’ll learn about his leadership style, his take on threat intelligence, what he looks for when hiring, and his approach to his day-to-day responsibilities.

Researchers from Recorded Future’s Insikt Group have been tracking the increased use of automation by a variety of threat actors around the world. Similar to the way that legitimate businesses use automation to increase their efficiency and productivity, the bad guys have adopted various tools to help maximize their profits and scale operations. They’ve built a thriving underground marketplace, and there’s no sign that they’re slowing down. Roman Sannikov leads Recorded Future’s cybercrime and underground intelligence team, and he joins us to share their findings.

The COVID-19 global pandemic has set us all back on our heels, as we make adjustments to our day-to-day lives and prepare for what is yet to come. The situation is evolving quickly, and when it comes to security, there are a number of concerns — starting with the massive shift for many to working from home. Add to that the general feeling of unease that comes with so much uncertainty, along with threat actors who are all too willing to take advantage of the situation. Allan Liska is a threat intelligence analyst at Recorded Future, and he returns to our show with some practical advice for staying safe and protecting your organization during this time.

Despite the cybersecurity industry’s best efforts, ransomware continues to affect individuals and organizations of just about every shape and size — from mom-and-pop shops, to global organizations, and even municipalities. As the developers of ransomware continue to bring in their ill-gotten gains, they’ve invested in infrastructure and customer service to keep it easy to deploy their wares and collect their loot.  Lorne Hazlewood is a senior information security analyst at BKD LLP. He joins us to share his insights on ransomware, where he thinks it’s headed, and what we all can do to best protect ourselves against it.

Many organizations find themselves puzzling through the countless security products and services on offer these days, decoding the buzzwords and acronyms, hoping to find clarity and understanding. MSSP and MDR services are among those offerings. MSSP stands for managed security service provider, and MDR is managed detection and response. Our guest today will help sort out the sometimes subtle differences between the two. Sean Blenkhorn is chief product officer at eSentire, and he shares his insights on modern threat hunting and how threat intelligence can enhance those capabilities.

When it comes to incident response — just like in sports — you’ve got to practice like you play. In warfare, they say, “No plan survives contact with the enemy,” and heavyweight boxing champion Mike Tyson had his own version: “Everyone has a plan until they get punched in the face.” The point is, until you are actually in the heat of a high-pressure situation, it’s highly unlikely that you’ll be able to predict how you and the members of your team will react. Our guest this week is Christopher Crummey. He’s executive director of the X-Force Command Centers at IBM Security. Christopher and his team create highly realistic simulations of cybersecurity incidents to help organizations evaluate how they’ll respond when the heat is on and the pressure is high.

There’s that old saying, “The more things change, the more things stay the same.” In cyber security and incident response, even with all of the new tools, increased speed and mounting threats, a large part of keeping any organization safe comes down to taking care of the basics, the tried and true techniques that have served us well for decades. Our guest this week is Gavin Reid, chief information security officer at Recorded Future. He’s a firm believer in taking care of the basics, empowering employees to collaborate and take healthy risks, and making sure that your communications style is concise, and actionable. All good advice, tried and true.

Our guest this week is DK Lee. He’s an information sharing operations manager at FS-ISAC, the financial services information sharing and analysis center. They’re an industry consortium focused on reducing cyber risk in the global financial system, and count over seven thousand financial institutions as members.  DK joins us to share his insights on threat intelligence, along with his opinions on leadership, organizational maturity, and checking your ego at the door.

Our guest is Oscar Jonsson. He’s the director of the Stockholm Free World Forum, a Swedish foreign and security policy think tank, and an associated researcher at the Swedish Defense University. Previously, Oscar was a subject-matter expert at the Policy and Plans Department at the Swedish Armed Forces Headquarters.  Our conversation focuses on Oscar’s recent book, “The Russian Understanding of War: Blurring the Lines Between War and Peace.” In it, he tracks the history of Russian tactics and strategies, and explores how Russia sees itself in the online global community.

Hakan Tanriverdi is a journalist covering cybersecurity for Germany’s public broadcasting network. In our conversation this week, we discuss the challenges of reporting on a highly technical subject area, making your stories accessible to the general public, and having the courage to ask the obvious questions. We’ll get his insights on being a good consumer of news, as well as his thoughts on where journalism is headed.

Our guest this week is Jeremy Blackthorne, president of the Boston Cybernetics Institute. They provide a variety of cybersecurity services, and our conversation focuses on their unique approach to training, specifically for members of the U.S. military. Jeremy served in the U.S. Marine Corps, and we explore the advantages that provides when approaching both training and operational security issues. We’ll get his take on threat intelligence, as well.

Our guest this week is Nico Dekens. Online, people know him as the “Dutch OSINT Guy,” a handle he’s earned through his extensive knowledge and background in open source intelligence.  Nico shares his own history getting into the field, as well as some real-world examples of how he goes about gathering OSINT, and how individuals can do a better job protecting themselves online. And, of course, we’ll get his insights on threat intelligence as well.

Our guest this week is Steven Atnip. He’s a senior advisor for Verizon’s threat research advisory center and the dark web hunting team. Steven shares his early career experience in the U.S. Navy and explains why he believes the military provides unique opportunities for people looking to launch their careers. We’ll hear his views on the importance of company culture, being a lifelong learner, how to step up to challenges of an organization running at scale, as well as his insights on security and threat intelligence. We caught up with Steven Atnip at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C.

Our guest this week is Daniel Cuthbert. He’s the global head of cybersecurity research for Banco Santander, and he sits on both the Black Hat review board and the Black Hat training board. Our conversation centers on his work in the financial industry, his unusual path to cybersecurity, and his thoughts on creative diversity. We get his take on threat intelligence, as well as his insights on team leadership and seeking a career in security.

Joining us this week is Espen Johansen, operations and security manager at Visma, an information technology and services company headquartered in Oslo. He shares insights on the types of attacks he sees targeting organizations like Visma, and the lessons learned from a nation-state attack Visma experience in August 2018. He’ll give us his take on threat intelligence, as well as advice for organizations looking to just beginning their threat intelligence journey. We sat down with Espen Johansen at Recorded Future’s 2019 RFun Predict conference in Washington DC.

Our guest this week is Edward Davis. He’s president and CEO of The Edward Davis Company, a business strategy and security services firm, but he is perhaps best known for his role as former police commissioner for the city of Boston — a role he held during the tragic Boston Marathon bombing in 2013. In the aftermath of that event, he was the face of the city, as his team coordinated and collaborated with other local and national law enforcement agencies. We discuss his experience with the Boston Marathon bombing, get his insights on law enforcement in the age of ransomware, and hear his thoughts on the role of threat intelligence. Joining this episode’s conversation is Recorded Future’s Allan Liska.

Booking.com is one of the leading travel booking sites in the world, facilitating over one and a half million room nights via their platform every day. With that many clients, in addition to a network of third-party suppliers and partners around the world, Booking.com successfully fends off more than their fair share of attempted attacks. Our guests today are two members from Booking.com’s security team who work every day to help protect the organization — Anastasios Pingios, principal security engineer, and Stuart Shevlin, intelligence program lead. We caught up with Anastasios and Stuart at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C.

Our guest today is O’Shea Bowens. He’s CEO of Null Hat Security and a SOC manager for Toast, a Boston-area firm, where he focuses on threat hunting, incident response, SOC operations, and cloud computing. O’Shea shares his early beginnings as a teenage hacker learning the ropes, his career path, and why he believes it’s important to be a role model, a mentor, and to have a presence in the security community.

If you are of a certain age — an age where you may have spent a good bit of your time online using Myspace — you may recall an incident with the Samy worm, which in 2005 spread through Myspace so quickly and uncontrollably that they had to temporarily shut the service down to regain control. It was, by all accounts, a prank that got out of hand, but the authorities were not amused, and Samy Kamkar, who wrote the worm, was eventually sentenced to probation, community service, and a hefty fine. Since then, Samy Kamkar has set his sights on security research, with a specific focus on open source software. We caught up with Samy at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C., where he was delivering one of the keynote presentations.

Our guest today is Syra Arif, a senior advisory solutions architect in the security and risk practice at ServiceNow, a global cloud computing company. Syra shares her insights on providing customers with solutions to the business challenges of governance, risk, and compliance. She shares her experience coming up through the industry as a woman, and we also get her perspective on threat intelligence and why it’s critical for organizations to embrace diversity.

As organizations become increasingly complex in their push for digital transformation, the need for actionable, automated threat intelligence for everyone has never been greater. On this week’s show, we tackle that very topic with Recorded Future’s chief of intelligence solutions, Stuart Solomon. We caught up with Stuart at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C. to discuss threat intelligence, the notion of security intelligence, and some practical considerations for integrating these kinds of tools.

Cities and municipalities have made headlines recently in their efforts to defend themselves from cyber attacks, most notably ransomware. Joining us this week to discuss the unique security challenges faced by municipalities are two guests. Margaret Byrnes is Executive Director of the New Hampshire Municipal Association, a non-profit membership organization that provides education, training, advocacy and legal services to cities and towns across New Hampshire. Joe Howland is Chief Information Security Officer at VC3, a managed IT services company who’s clients include many municipalities throughout the country.

Our guest this week is Jöerg Schauff. He’s a principal consultant at Symantec, focusing on cyber and threat intelligence. He shares his insights on the challenges he sees his clients facing in Germany and how their experiences inform proper defenses internationally. We’ll discuss the differences between run-of-the-mill thieves and nation-state threat groups, as well as how organizations can best make use of threat intelligence and set themselves up for success.

Our guest this week is Quiessence Phillips, deputy CISO and head of threat management for New York City Cyber Command. She’s one of the leaders of a team of cybersecurity professionals working to strengthen and coordinate the cyber defenses of one of the largest and most important cities in the world. Quiessence joins us to share valuable insights into managing the scale of the responsibilities she and her team hold, the techniques she advocates for staying ahead of threats, as well as her thoughts on how best to prepare for a position in the industry.

On this week’s show, we welcome back Lauren Zabierek. The last time she joined us, she was a senior intelligence analyst at Recorded Future, but she’s since taken on the role of director of the cybersecurity project at Harvard’s Belfer Center. She shares the mission of her organization, the role she thinks it has to play on the national and international stage, and why making sure everyone has a seat at the table leads to better, safer outcomes.

Our guest today is Rosa Smothers, senior vice president of cyber operations at KnowBe4, where she leads KnowBe4’s federal practice efforts, including providing cybersecurity advisory services to civilian and military agencies within the U.S. federal government. From her humble beginnings with a used 8-bit home computer, Rosa’s career experience includes over a decade in the CIA, leading cyber operations against terrorists and nation-state adversaries. She served multiple tours overseas as a cybersecurity analyst and technical intelligence officer in the Center for Cyber Intelligence and the Counterterrorism Mission Center, and was highly decorated for her service. She’s a strong advocate and mentor for women starting their careers, and is a member of Women in Defense and InfraGard.

Disinformation campaigns are in the news. Starting with the 2016 U.S. election cycle, continuing in 2018, and now looking ahead to 2020, the threat of online influence operations from foreign adversaries has been top of mind — but there’s a different kind of disinformation for sale on the dark web. Researchers from Recorded Future’s Insikt Group engaged with two threat actors selling their wares on Russian-speaking underground forums. They discovered that disinformation campaigns are readily available, not terribly expensive, and potentially highly effective. Roman Sannikov is director of analyst services at Recorded Future, and he shares what they found.

When we talk about threat intelligence, we often put it in the context of bringing information to the surface, creating context and alerts to let you know what you need to be concerned with. We also speak of cutting through the noise, of pulling the signal out and transforming it into actionable intelligence. Our guest today is Andrew Morris. He’s CEO of GreyNoise Intelligence, a company that describes itself as “anti-threat intelligence.” That’s not to say they’re against threat intelligence — quite the opposite, in fact — but instead of focusing on what should keep you up at night, Andrew and his team analyze the background noise of the internet to determine what you don’t need to worry about. It’s a unique approach that’s perhaps a bit counterintuitive at first, but ultimately, they say it helps you filter out useless noise and focus your time and resources on what really matters.

There has been a growing number of ransomware attacks targeting cities and towns across the U.S. Once hit, cities and towns face a number of tough decisions — pay the ransom, restore from backup — and all of this happens with a backdrop of needing to provide vital services to citizens. To add insult to injury, many cities and towns face tight IT and security budgets. They’ve been asking for more security and better backup tools, but are quite often being told that the money is simply not there. Recorded Future’s Allan Liska knows a thing or two about ransomware. He’s co-author of the book, “Ransomware: Defending Against Digital Extortion,” and he recently published the results of some ransomware research that he and his team at Recorded Future have been working on. He’ll share their findings, along with advice for keeping your organization safe.

Our guest today is Matt Devost. He’s CEO and co-founder of OODA LLC, a company that helps clients identify, manage, and respond to global risks and uncertainties. Matt Devost has been at the intersection of public policy and cybersecurity since it became possible to align the two. He has expertise in counterterrorism, critical infrastructure protection, intelligence, risk management, and cybersecurity issues.  In addition to sharing the story of his career journey, we’ll get his insights on managing cyber risk in a complex world, as well as his thoughts on threat intelligence.

Our guest today is Josh Kamdjou. He’s co-founder of Sublime Security, a company that’s looking to address the widespread security issues of phishing and spearphishing by offering open source tools that alert users to a range of potential indicators, as well as giving users the opportunity to share their findings with the community, to more quickly spread the word about new and growing threats.  We’ll learn about his career journey, get his thoughts on threat intelligence, and hear his advice for folks looking to enter the field.

Recent protests in Hong Kong have highlighted a growing trend in online influence operations, in this case from mainland China. Officials there have been using Western social media platforms to influence public perception of the Hong Kong protests. Those social media platforms have, in turn, shut down accounts they’ve determined are posting what they call “inauthentic content.”  Researchers in Recorded Future’s Insikt Group have been analyzing these attempts at online influence operations and have published a report titled “Chinese State Media Seeks to Influence International Perceptions of Hong Kong Protests.” Priscilla Moriuchi is head of nation-state research at Recorded Future, and she joins us to share their findings.

Our guest today is Cody Cornell. He’s CEO of Swimlane, a SOAR platform provider. Cody began his career in the U.S. Coast Guard and has spent 15 years in IT and security, including roles with the U.S. Defense Information Systems Agency, the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. We’ll learn about his career path from sailor to CEO, he’ll share his insider perspective on SOAR platforms and how organizations are using them, and we’ll learn about how he thinks organizations are best implementing threat intelligence to protect not just themselves, but the community as a whole.

Our guest today is Larci Robertson. She’s a senior manager in cyber threat intelligence at Epsilon, a marketing and advertising firm in Irving, Texas. Larci got started in threat intelligence right after college when she joined the U.S. Navy, back before the term “threat intelligence” had been coined. She eventually left the service and worked with a number of defense contractors, before moving to the private sector as a senior cyber threat analyst at PepsiCo, and ultimately to her current position with Epsilon. She shares her career journey, her strategies for protecting her organization and managing resources, and her insights from nearly two decades in the threat intelligence business.

Our guest today is Monzy Merza. He’s the VP and head of security research at Splunk. He shares his journey into tech and security, including leadership positions in both the government and private sectors, his thoughts on threat intelligence and the maturity companies need to properly implement it, as well as his perspective on the current state of SIEMs, and how they’ll need to evolve to keep up with the changes happening in the industry and the world at large.

Our guest is John Moran, senior product manager at DFLabs, whose offerings include a SOAR platform for cybersecurity. John shares his career journey from public safety to digital forensics and cybersecurity, his thoughts on some of the benefits and misconceptions surrounding SOAR deployment, insights on threat intelligence, and much more.

Our guest is Jason Bernier. He’s a penetration tester, working to help organizations ensure their systems are secure, and helping them understand where their weaknesses may be. He’s got some insightful stories to share from his work, along with practical advice for folks looking to find their place in the industry. To be sure, it’s serious work, but there’s no question Jason is passionate about his job, and he has a good time doing it.

Criminal markets on dark web forums are the online version of a bad neighborhood, complete with sellers, buyers, and people who make their living connecting those groups. They tend to be self-policing, and so when an individual discovers a fundamental flaw in the technical foundation of the community and then decides to take advantage of that flaw to hold entire markets for ransom, that tends to get people’s attention. It’s a high-stakes game. Daniel Byrnes is a senior threat intelligence analyst with Recorded Future’s Insikt Group, and he found himself on a journey down a dark web rabbit hole to try to make sense of the situation.

Our guest today is Micah Hoffman. He’s principal consultant at Spotlight Infosec, and one of the founders of the OSINT Curious web site, an online destination for enthusiasts and students of open source intelligence gathering and analysis techniques. He shares his professional journey from psychology to information security, his insights on the growing availability and important of open source intelligence, his emphasis on ethics, and how organizations can best integrate open source tools into their security strategies.

Researchers at Recorded Future have recently detected and described a new kind of influence operation that they’ve named “Fishwrap.” The technique involves recycling previously published news accounts of terrorist activities and amplifying their exposure through social media, with the apparent intent of sowing the seeds of distrust and unease. Our guest today is Staffan Truvé, CTO and co-founder of Recorded Future. He’ll describe the tools they used to uncover the Fishwrap campaign, the conclusions they’ve reached from the information they’ve gathered, and the ways we can all prepare ourselves to spot them.

Our guest today is Tracy Maleeff. Before earning a position as a cyber analyst at a Fortune 500 company, she ran her own firm, providing information security and competitive intelligence research. Prior to that she worked as a Library Resources Manager for a major law firm. Tracy shares the story of her unusual career journey from library science to cyber security, her advice for getting up to speed after a mid-career course change, as well as her thoughts on team building and the importance of diversity throughout an organization.

The NIST Cybersecurity Framework has become a valuable tool for evaluating security across a variety of business sectors. Originally published in 2014 and targeting critical infrastructure, the framework continues to evolve to meet the changing needs of organizations in the U.S. and around the world. Its popularity stems from its thoroughness, applicability, and approachability. Our guests today are Ken Durbin, senior strategist for global government affairs and cybersecurity at Symantec, and Allan Liska, senior solutions architect at Recorded Future. They’re going to walk us through the NIST Cybersecurity Framework and help us understand how to make the most of it within our own organizations.

Joining us today is John TerBush, senior threat intelligence researcher at Recorded Future. John is an instructor with the SANS Institute, currently teaching a course on open source intelligence that he helped develop. Before joining Recorded Future, he was a senior cyber threat intelligence analyst and subject matter expert with consulting firm Booz Allen Hamilton’s Cyber4Sight, and before that he worked for Symantec as a security operations center analyst. Earlier in his career, he worked as a researcher and private investigator. Our conversation explores the value proposition of threat intelligence, and how organizations can dial in how they use it to manage risk, keep their business leaders informed, and get the best bang for their cybersecurity buck.

Our guest today is Tanya Janca. She’s a senior cloud advocate at Microsoft, where she specializes in application security. She’s a popular speaker at security conferences around the world, evangelizing software security and advocating for developers. And she’s a leader in the Open Web Application Security Project (OWASP) community, as well as an advocate and mentor for underrepresented communities in the security industry. She discusses her journey from software developer to security practitioner, how “security is everybody’s job” and why that makes strong communication between teams so important, and the need for diversity in the IT industry today.

Threat Intelligence is a wide ranging term, and it can mean different things to different people as they consider the variety of ways to best integrate it into their organization’s cyber defense strategies. In today’s show, we’re exploring the possibilities for leveraging threat intelligence throughout your organization, from the SOC to the board room, from incident response to fraud protection, and much more. Joining us to guide our journey is Recorded Future’s Mike Petronaci. Before joining Recorded Future, Mike spent time working in the U.S. Department of Defense, as well as with industry leading organizations like Akamai and Cybereason.

Our guest today is Niloofar Razi Howe. She’s a respected technology executive, entrepreneur, board member and investor, having served as Chief Strategy officer for Endgame and, later, RSA Security. She’s a life member of the Council on Foreign relations, and a Recorded Future board member. Our conversation touches a range of topics, from her start as an attorney and entrepreneur, her shift to venture capital, and her executive level assignments as chief strategy officer. We’ll get her take on where she thinks the VC money will be headed in cyber security, as well as her thoughts on why it’s important to make time for giving back.

Our guest today is Martijn Grooten. He’s editor at Virus Bulletin, an online forum for sharing the latest cybersecurity research and intelligence, which dates back to 1989. They’re also an independent testing and certification body, and they hold a popular international security conference annually. Our conversation spans a range of topics, including the evolution of threats that Martijn has tracked over the past several decades, the current state of malicious email campaigns, why he believes some organizations overstate the potential impact of nation-state attacks, his thoughts on threat intelligence, and his recommendations for how organizations can best protect themselves.

In this episode, we check in with Recorded Future’s Levi Gundert and Allan Liska for a refresher on threat intelligence, including how they have come to describe it and why some people have a hard time wrapping their heads around what, exactly, it is and is not. We’ll find out whether threat intelligence is for everyone, and if so, how organizations of different sizes can best engage and make use of actionable threat intelligence. And we’ll learn how combining the strengths of human analysts with the capabilities of state-of-the-art machine learning provides the best of both worlds.

StubHub is the world’s largest ticket marketplace, where buyers and sellers of tickets for sports, concerts, theater, and other live entertainment events connect and do business. They partner with over a hundred entertainment venues and sports teams, enabling the exchange of hundreds of millions of tickets each year. With all of that money flowing through their system, they naturally attract their share of fraudsters. One of the people on the front lines protecting StubHub and their users is Sandeep Abraham, StubHub’s only combination threat analyst and investigator. He joins us this week to describe the challenges StubHub faces and how he uses a unique approach of empathy and emotional intelligence, alongside more straightforward threat hunting techniques, to stay one step ahead of the fraudsters.

Our guest today is Brian Haugli. He’s a partner at Side Channel Security, a consulting firm in the Boston area. Prior to forming Side Channel Security, he was chief security officer for The Hanover Insurance Group. Earlier in his career, he held civilian leadership positions at the Pentagon, helping organizations in the Department of Defense implement cybersecurity best practices. Today, he helps organizations of all sizes to evaluate their security using a risk-based approach, while taking advantage of his own expertise in threat intelligence implementations and strategic organizational initiatives.

Joining us today is Dana Pickett. He’s CISO for Edwards Performance Solutions, as well as a principal for the cybersecurity services they offer. With over three decades in the industry, Dana has witnessed the inception and evolution of cybersecurity, from mainframes to the IoT. He shares his thoughts on what it takes to be a successful CISO, the importance of focusing on business outcomes, effective communication with the board, proactive versus reactive threat intelligence, the utility of frameworks, and the value of peer groups.

Our guest today is Michelle Dennedy. She’s vice president and chief privacy officer for Cisco. An outspoken advocate for building technologies that not only enhance our lives but also promote integrity and respect for people regardless of their level of technical sophistication, Michelle is leading the charge for better understanding and implementation of privacy and data security policies around the world. Our conversation includes her thoughts on why organizations find privacy so challenging, the differences between aspirational messaging and foundational values, and where she thinks the next generation of security and privacy professionals may take us.

Our guest today is Brian Martin, vice president of vulnerability intelligence at Risk Based Security, a company that provides risk identification and security management tools leveraging their data-breach and vulnerability intelligence. Brian shares his experience turning data into meaningful, actionable intelligence, common misperceptions he’s encountered along the way, and why he thinks companies shopping around for threat intelligence need to be careful to ask the right questions.

To celebrate one hundred episodes of our show, we’ve got a special guest this week. The grugq is well-known in hacker and information security circles around the world, and a respected voice at conferences and on social media. He’s a bit mysterious, preferring to keep his real name under wraps. The grugq joins us this week to discuss influence operations — their history, why they work, and how recent examples like the Russian meddling in the 2016 U.S. elections might be a sign of things to come.

There’s an increasing awareness of foreign influence on American institutions through social media. U.S. intelligence agencies have asserted that Russians made a concerted effort to disrupt and influence the 2016 presidential election, and there’s widespread evidence that Russia continues to sow the seeds of discord with the aim of eroding Westerners’ trust and confidence in their political systems and social norms. Recorded Future’s Insikt Group recently published findings from their research into Chinese efforts to sway public opinion via social media, and how their goals and tactics are markedly different from those of the Russians. We welcome back Recorded Future’s Priscilla Moriuchi to the show. She shares Insikt Group’s findings and helps put it all into broader perspective.

Our guest today is Mollie MacDougall, threat intelligence manager at Cofense, a company that specializes in phishing defense, threat intelligence, and cyber incident response. She shares the story of her unconventional professional journey and the role she plays in coordinating communications between technical and non-technical people in her own organization, as well as her insights on the broad spectrum of phishing threats organizations face, how they are quickly evolving, and the most effective strategies to protect your organization. We’ll talk threat intelligence as well, hearing her thoughts on how to make sure your analysts aren’t getting too much noise in the threat intelligence signal.

Our guest today is Chris Betz, senior vice president and chief security officer at CenturyLink. His career journey has led him through a variety of well-known organizations, including the U.S. Air Force, NSA, CBS, Microsoft, Apple, and now CenturyLink. He shares some of the lessons he’s learned along the way, his leadership style, the challenges he sees the industry facing in the near future, as well as his thoughts on threat intelligence and privacy.

2018 was an interesting year for ransomware — there were more documented ransomware campaigns than the year before, but there was also a feeling that the focus had shifted to other forms of cybercrime, like cryptojacking. Our guest today is Allan Liska, senior solutions architect at Recorded Future. He’s the author of a recently published blog post, “4 Ransomware Trends to Watch in 2019.” We discuss the growth of the ransomware market, its impact (or lack thereof), the most effective avenues for ransomware infection, how one strain has found success by bucking the trends, and the increasingly fuzzy line between criminal groups and nation-state actors.

This week, we welcome back Levi Gundert, Recorded Future’s vice president of intelligence and risk. In a wide-ranging conversation, we discuss Insikt Group’s research into APT10, the challenges of authentication at scale, the importance of framing communication in terms of quantifying risk, and what it means to be an ethical hacker. Levi also shares the potential trends he’ll be following in the coming year.

On today’s show, we take a closer look at finished intelligence. What are the best ways to define it, who’s the best audience for it, and how can you be sure you’re getting the best bang for your buck when you request it? And what’s the best plan for dialing in finished intelligence when it comes to managing resources and supplementing the other types of intelligence your organization may generate or consume? Joining us to help answer these questions is David Carver, team lead for subscription services at Recorded Future. He’ll provide practical insights based on his experience collaborating with customers.

Our guest today is Mike Morris, chief technology officer at root9B, where he’s chief architect behind the design and integration of their Active Adversary Pursuit threat hunting platform. Mike began his career in the U.S. Air Force and was an integral part of many of the Department of Defense’s pioneering efforts to help protect the nation’s cyber infrastructure. Mike shares the story of his professional journey from the military to the private sector, his philosophy on threat hunting and threat intelligence, how he thinks organizations can best build effective teams, and much more.

Many organizations find themselves faced with the challenge of managing third-party risk, working with business partners, vendors, and suppliers to ensure that they are handling security and managing vulnerabilities at an acceptable level. Traditionally, this has been accomplished through static assessments — snapshots of a security posture at a specific moment in time — done at regular intervals. There are limitations to this approach, since businesses don’t operate in static environments, and things change in real time. Our guest today is Jon Oltsik, senior principal analyst and ESG fellow at the Enterprise Strategy Group. He’s author of a recently published study, “Third-Party Risk: Why Real-Time Intelligence Matters.”

Each year, security firm NopSec publishes their annual State of Vulnerability Risk Management Report, analyzing all of the vulnerabilities listed in the National Vulnerability Database, the NVD, along with those uploaded to their own platform by their clients. They consider a number of factors, including CVSS score, description, type, and vendor affected, to see which factors contribute to vulnerabilities being incorporated into malware and exploited in the wild. For this year’s report, NopSec invited Recorded Future to contribute their unique insights into how geopolitics affect government run vulnerability databases. Joining us today are Sanja Nedic, data scientist at NopSec, and Adrian Sanabria, VP of strategy and product marketing at NopSec.

Our guest today is Robb Reck, chief information security officer at Ping Identity. With nearly 20 years of experience in IT security, compliance, and systems and networking, Robb has witnessed the evolution of the space. He shares his professional journey, his management style and philosophy when it comes to hiring, and where he sees the intersection of identity management and threat intelligence. We’ll hear about his role with Ping Identity, protecting the organization and its customers, and where he sees identity management and access control heading in the future, as sensitive data flows more freely between organizations, individuals, and third parties.

Our guest this week is Thomas H. Davenport. He’s a world-renowned thought leader and author, and is the president’s distinguished professor of information technology and management at Babson College, a fellow of the MIT Center for Digital Business, and an independent senior advisor to Deloitte Analytics. Tom Davenport is author and co-author of 15 books and more than 100 articles. He helps organizations to revitalize their management practices in areas such as analytics, information and knowledge management, process management, and enterprise systems. His most recent book is “The AI Advantage: How to Put the Artificial Intelligence Revolution to Work (Management on the Cutting Edge).” Returning to the show to join the discussion is Recorded Future’s chief data scientist, Bill Ladd.

Schneider Electric is a global energy management and automation company headquartered in France, employing over 144,000 people around the world. With a history dating back to the 1830s, these days Schneider Electric enjoys success in industrial control systems, industrial safety systems, electric power distribution and grid automation, smart grid technology, and data center power and cooling. Our guest today is Andrew Kling, senior director of cybersecurity and system architecture at Schneider Electric. He shares his professional journey, his experience pioneering many of the security measures we take for granted today, the shift to being proactive in his sector, and the importance of threat intelligence.

BT is a global telecommunications giant, headquartered in London with over 100,000 employees all over the world. In addition to telephone services in Great Britain, BT provides broadband internet, fiber-optic communications, digital television, and even supply chain management services. They also provide IT and network security services. Our guest today is Mark Hughes, who served as the CEO of BT Security from 2013 to 2018. He oversaw the security of BT’s internal networks and assets, as well as the services they provide to outside clients. He shares with us his techniques for building effective, collaborative security teams, how he earns buy-in from both his colleagues and his board of directors, and the importance of threat intelligence. He’ll also share his experience gearing up for the 2012 London Olympic Games, and why he thinks it was a milestone moment for cybersecurity.

Our guest today is Aaron Gee-Clough. He’s chief technology officer for King & Union, a company that aims to bring increased collaboration to threat intelligence analysts, allowing them to more easily visualize and manage threat data in real time. We discuss the benefits and challenges in bringing meaningful, actionable threat intelligence to small and mid-sized organizations, what he thinks machine learning can and cannot bring to the table, the distinction between threat intelligence and lists of bad IPs, and how many organizations are already exercising their impulse to collaborate and share information, even if they’re doing it in unofficial or inefficient ways.

Recorded Future’s Insikt Group recently published research titled “Underlying Dimensions of Yemen’s Civil War: Control of the Internet.” It’s a detailed analysis of the role the internet has played in this ongoing bloody conflict, as rival factions fight to gain control of information, access, and infrastructure. Local and international interests all come in to play. Here to guide us through the research are Recorded Future’s Winnona DeSombre, threat intelligence researcher, and Greg Lesnewich, threat intelligence analyst.

Our guest today is Jason Kichen. He’s director of cybersecurity services at Versive, a cybersecurity company that delivers advanced threat detection and automation. Prior to Versive, Jason spent nearly 15 years in the U.S. Intelligence Community as an expert in technical and offensive cyber operations. He was responsible for the design and execution of advanced technical operations all over the world. He has two Director of National Intelligence Meritorious Unit Citations and a National Intelligence Professional Award from the National Counterproliferation Center. We’ll learn about his experience in the intelligence community, how it differs from the private sector, and the challenges he faced transitioning between the two. We’ll get his take on threat intelligence and how he thinks organizations can build effective security teams.

Today we welcome Maggie McDaniel, senior director of Insikt Group at Recorded Future. She’s had leadership positions in the U.S. government intelligence community, as well as the financial services sector. We’ll be discussing her recent blog post, “Communicating Threat Intelligence Relevance.” In it, she describes a framework that helps get to the core of what matters, helps explain what it means for your organization, and provides justification to the powers that be, all while improving communications throughout the company.

Joining us today is Derrick Pendleton. He’s a senior digital forensic incident response analyst at Legg Mason in Baltimore. He shares his experience cutting his teeth on security within the federal government, the specific benefits he believes that environment provided, and how he’s brought those skills to his work protecting the employees, partners, and customers of Legg Mason, one of the largest asset management firms in the world. We’ll get his take on threat intelligence and incident response, as well as his words of wisdom for folks looking to get a start in the security business.

Our guest today is Dale Drew. He’s chief security officer at Zayo Group, a global provider of communications, colocation, and cloud infrastructure. Previously, he’s held leadership positions at some of the largest and most influential telecommunications companies in the world, including CenturyLink, Level 3 Communications, and MCI Communications. He shares the story of his unlikely start in the security industry, sparked by a stolen family checkbook, which led to a position with the Arizona Attorney General’s office, working to fight organized crime and racketeering. We’ll get his views on threat intelligence, and we’ll learn why he’s leading an effort to champion open source tools in the industry.

Our guest today is Rick Tracy. He’s chief security officer at Telos, a cybersecurity, IT risk management and compliance, secure mobility, and identity management company. In addition to his duties as CSO, Rick is co-inventor of Xacta, a cyber risk management platform. Rick shares his experience from over three decades in the industry, his thoughts on regulations like GDPR and what we might expect to see here in the U.S., how he handles briefing his board of directors, the helpful utility of the NIST framework, and how threat intelligence can inform an organization’s approach to managing risk.

Joining us today is Nicolas Cairns, director of Aegis 9 Security Intelligence, a cybersecurity firm located in Canberra, Australia. In his career, Nicolas has worked in both offensive and defensive cybersecurity operations, threat intelligence, malware analysis, digital forensics and incident response, as well as threat and risk assessment. He shares his experience building a career in security, transitioning from the military to the private sector, having a hand in Australia’s first intelligence collection system, and working as a pen tester. Throughout it all, his career has been marked by a strong work ethic and desire to keep learning, to keep improving, and to put in the extra time and effort. We’ll hear his thoughts on threat intelligence, specifically how organizations can best manage the growing volume of information available, and how to best transform that information into actionable intelligence.

Our guest today is Paul Kurtz. He’s the co-founder and CEO of TruSTAR Technology, a company that develops collaborative intelligence-sharing platforms with the goal of streamlining the distribution of actionable information for cybersecurity professionals. Paul Kurtz began working in cybersecurity at the White House in the late 1990s, and later served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush. We’ll hear his views on information sharing and threat intelligence, and we’ll find out why he thinks that we may not be able to count on the government to protect us in the cyber realm.

The Recorded Future team is proud to have recently published its first book, “The Threat Intelligence Handbook — A Practical Guide for Security Teams to Unlocking the Power of Intelligence.” The book aims to provide readers with the information they’ll need to integrate threat intelligence into their organizations, to ensure that it’s actionable, and to put it in the hands of people who can most effectively make use of it. Joining us once again is Recorded Future’s Chris Pace, who served as editor of the new book. He’ll take us through the process he and his colleagues went through to organize and write it, and why he believes the book is valuable for those both new to threat intelligence and the more experienced readers as well.  

Our guest today is Tod Beardsley. He’s director of research at Rapid7, a cybersecurity company providing technology, services, and research to organizations around the world. Tod manages software vulnerability research efforts at Rapid7, handles vulnerability disclosures, contributes to Rapid7's data science-driven research projects, and serves as the primary spokesperson for Rapid7 on security and research topics in the media and on podcasts like this one. Tod shares his professional journey, his views on the challenges facing the cybersecurity industry, his take on threat intelligence, and his belief that, as professionals, we share a responsibility for instilling our sense of passion for security in our friends and families.

The SANS Institute is a well-known and respected cooperative research and education organization. Since its founding in 1989, it’s worked with over 165,000 security professionals around the world, providing training and certification. It also provides free access to a huge library of research documents about information security, and it runs the Internet Storm Center, which it describes as the internet’s early warning system. Our guest today is Dr. Johannes Ullrich, and he’s responsible for that early warning system. He’s a popular public speaker and host of the ISC StormCast daily podcast, a daily briefing of cybersecurity news that professionals around the world rely on to stay up to date.

Chances are you’re familiar with GDPR, the European Union’s General Data Protection Regulation. It went into full effect back in May of this year, with the goal of improving the privacy and security of European citizens in particular, but the global community overall as well. One of the impacts of GDPR was that it made the WHOIS database private. WHOIS is the searchable online directory of domain name registrations, and some security researchers had concerns that spammers might take advantage of this anonymity to increase their registration rate of domain names, making it easier for them to send out their spam. Allan Liska is a senior security architect at Recorded Future and analyzed several months’ worth of data on spam rates to see if the expected uptick came to pass. Allan wasn’t alone on this project — he had assistance from his son, Bruce, who interned at Recorded Future this past summer and co-authored the report. We’ll hear from Bruce as well.

Perdue Farms is a major U.S. agricultural business, best known for its processing of chicken, turkey, and pork, and is one the nation’s top providers of grain. Founded nearly a century ago as a “mom-and-pop” business with a small flock of chickens, today the company marks sales in excess of $6.5 billion a year and has over 20,000 employees. Chris Wolski is head of information security and data protection at Perdue Farms, and he joins us to describe the unique intersection of cyber and physical systems he and his team help protect.

Researchers from Recorded Future’s Insikt Group have previously analyzed both the U.S. and Chinese national vulnerability databases, examining the speed of publication of cybersecurity vulnerabilities, and how each respective country considers its NVD in the broader context of the national mission of cyber defense and operations. Recorded Future’s research team recently set their investigative sights on Russia’s vulnerability database to see how it compares. Priscilla Moriuchi is director of strategic threat development at Recorded Future, and she joins us to share what they found.

We’ve got a special episode of the Recorded Future podcast for this week. Staffan Truvé, Recorded Future’s CTO and co-founder, returns to the show to lead a conversation with our guest Rolf Rosenvinge. Rolf is CEO of RCG – CyberInsights, a Stockholm-based cybersecurity management consulting firm. He shares his views on the state of cybersecurity in the EU; the effects GDPR is having; the evolving relationship between CTOs, CISOs, and boards; and the role of threat intelligence as we look toward the future.

Researchers from Recorded Future’s Insikt Group have been tracking new malware targeting the Tibetan community, continuing an ongoing effort by the Chinese state to use cyberespionage to keep tabs on perceived domestic threats. They’ve uncovered a sophisticated new backdoor with some peculiar characteristics, and also concluded that many of these activities are being originated from servers located at a major Chinese research university. Winnona DeSombre and Sanil Chohan, threat intelligence researchers at Recorded Future, are co-authors of the report “Chinese Cyberespionage Originating from Tsinghua University Infrastructure,” along with their colleague Justin Grosfelt. Winnona and Sanil are our guests today, and they’ll take us through what they’ve learned. https://www.recordedfuture.com/chinese-cyberespionage-operations/

Our guest is Gary Hayslip. He’s vice president and chief information security officer at Webroot, a cybersecurity and threat intelligence company. Prior to joining Webroot he was the CISO for the city of San Diego, and before that served active duty with the U.S. Navy and as a U.S. Federal Government employee. He’s the author of the "CISO Desk Reference Guide," and is an active cyber evangelist and popular keynote speaker. He shares his thoughts on team building, recruiting talent in a highly competitive jobs market, and the importance of actionable threat intelligence.

Raytheon is one of the largest defense contractors in the world, with over 60 thousand employees and annual revenues near $25 billion. They’ve been in business for nearly a hundred years, with humble beginnings in vacuum tube manufacturing, RADAR systems and microwaves during World War II, and post-war expansions into everything from missiles and aircraft to refrigeration and robotics. Our guest today is Michael Daly, chief technology officer for cybersecurity at Raytheon. He shares his experiences spinning up a cybersecurity team at Raytheon, the challenges of doing so within such a large organization, and the importance of a strong corporate culture to ensure safety and security.  

This week we’re joined by Alexander Schlager, executive director of security services at Verizon. He has experience in both the technical and sales sides of the communications and security worlds, having gained experience in a variety of positions around the globe. Our conversation focuses on his belief that organizations need to concentrate on quantifying their cyber risk, and using what they learn to evaluate and plan their security programs. He explains why Verizon invests in reports like the DBIR and the Verizon Risk Report, and of course, we’ll get his take on the importance of threat intelligence.

These days, most of us have a pretty good handle on protecting the software our computers run from viruses and other types of malware. We’re careful about downloading and installing software from unknown, insecure sources, and run antivirus applications to help keep everything safe. But what about the system-level code that runs deep within the devices we rely on every day? What about the firmware? Our guest today is Terry Dunlap. He’s CEO and co-founder of ReFirm Labs, a tech startup that’s focused on firmware — analyzing the code and helping manufacturers, organizations, and governments ensure their devices haven’t been compromised. He’s got a colorful history that includes teenage hacking, time at the NSA, and the founding of several companies.  

Our guest today is Bryan Littlefair. He’s CEO at Cambridge Cyber Advisers, and previously held the Global CISO position at Aviva and Vodafone Group. His current focus is working with board-level executives to enable a deeper understanding of cybersecurity and how it relates to business risk. He shares his thoughts on the communications gap between IT professionals and board members, effective ways to overcome it, and the importance of threat intelligence in gauging risk and setting priorities.

Our guest today is Storm Swendsboe. He’s an analyst services manager at Recorded Future, leading a team of intelligence analysts providing on-demand reports for their customers. In our conversation he explains the different types of reports his team provides, with a focus on finished intelligence. Swendsboe answers questions like where does finished intelligence it fits in an organization’s threat intelligence strategy? How it can be customized for specific audiences? And how to make sure a report doesn’t quickly become out of date the moment it’s published.  

Our guest today is Joe Slowik. He works in adversary hunting and threat intelligence at Dragos, a company specializing in securing industrial control systems and critical infrastructure. He shares the story of his unconventional path to a career in security, including time in the U.S. Navy and at Los Alamos National Labs, where protecting scientists, engineers, and researchers presented its own unique set of challenges. He shares his informed opinions on threat intelligence, with tips on how, in his view, many organizations could benefit from adjusting their focus and their approach.

In this episode of the Recorded Future podcast, we explore the unique challenges associated with securing your C-Suite executives. Not only are they attractive targets for scammers and fraudsters, when it comes to security, they’re often afforded a level of flexibility and deference not given to other employees. What’s the most effective approach for educating executives on the critical role of security, and how do you extend that behavior beyond the office walls? In a world where business email compromise and phishing run rampant and attacks happen at the hardware DNA level, translating security strategy to the common language of risk management can be an effective approach. Joining us once again to address these questions is Dr. Christopher Pierson, CEO at Binary Sun Cyber Risk Advisors.

In this episode of the Recorded Future podcast, we examine how threat intelligence applies to a variety of roles within an organization, and how security professionals can integrate it to empower their team to operate with greater speed and efficiency. How does threat intelligence apply to SOCs, to incident response, or vulnerability management? And how do corporate leaders make the case that threat intelligence is a worthwhile investment? Joining us to address these questions is Chris Pace, technology advocate at Recorded Future.

Our guest today is Vince Peeler. He’s the manager of cyber intelligence services at Optum, one of the largest healthcare and services providers in the world. He shares his unlikely journey from a career as a naval aviator to cybersecurity, and how lessons he learned in the military help inform his approach to cyber threats today. We’ll also focus on the intelligence cycle, and the role it can play in organizing and focusing the efforts of cybersecurity teams. He offers tips on integrating threat intelligence, and making the most of automation to enable your analysts to maximize their effectiveness.

Each year Verizon publishes its Data Breach Investigation Report, or DBIR, the annual survey of the state of cybersecurity using data gathered from tens of thousands of incidents from around the world. It’s earned a reputation as a must-read report, for its thoroughness and approachability. Marc Spitler is a senior manager of Verizon Security Research, and one of the lead authors of the report. He joins us to share the behind-the-scenes story of what goes into the DBIR, how his team chooses the year’s hot topics, and how they protect their efforts from undo influence.  

Our guest today is Steve Povolny, head of advanced threat research at McAfee. We’ll learn how he came to lead his team of researchers at the well-known security company, his philosophy on leadership, and why investing in research makes sense for McAfee (and most companies). We’ll also cover how to strike a balance between maintaining a healthy competitive advantage in the marketplace, while contributing to the larger threat research community and helping to make the world a safer place. He shares his thoughts on threat intelligence, why he believes it’s grown in importance for most organizations, and we’ll get his advice on choosing what kinds of services you might need.

Our guest today is Joe Weiss. He’s the managing partner of Applied Control Solutions, a firm that provides consulting services to optimize and secure industrial control systems. He’s been in the industry for over 40 years and has earned a reputation as an outspoken and sometimes contrarian advocate for improved ICS security. He’s been a featured speaker at dozens of conferences, has written countless book and articles, and has testified before Congress multiple times. Our conversation centers on what he sees as critical shortcomings in the current approach to securing critical infrastructure, including the electrical grid, manufacturing, railways, and water supplies. Are IT and OT professionals simply talking past each other, or is there more to it than that? Joe Weiss has strong opinions on that and many other topics, opinions formed from a long, fruitful career fighting to keep those systems safe.

For the past six month or so, researchers in Recorded Future’s Insikt Group have been dissecting the structure of cyber operations groups within the Islamic Republic of Iran. In recent years that nation has regularly used offensive cyber campaigns in response to sanctions or other provocations. On May 8, 2018, President Trump announced the U.S. will withdraw from the Iran nuclear deal, leading to concerns that Iran is likely to respond with cyberattacks on Western businesses. Levi Gundert joins us once again to provide context to the situation. He’s one of the authors of a newly published report from Recorded Future, titled, “Iran’s Hacker Hierarchy Exposed.” The report describes a culture of distrust and a tension between the desire for technical capabilities versus religiosity.

We welcome cybersecurity leader and entrepreneur Andy France, in a conversation led by Recorded Future Co-Founder and CEO Christopher Ahlberg. Andy France’s career in cybersecurity spans over four decades, including positions as the deputy director of cyber defense for the UK government, along with positions at Darktrace, Deloitte, GSK, and Lloyds Banking Group. He serves on a number of cybersecurity advisory boards, and is currently the co-founder and director at Prevalent AI. Andy France addresses the “big-picture” items in cybersecurity, considering what it might take to fix, once and for all, the fundamental issues security professionals face. He considers the often-used comparison of cybersecurity to public health, and provides advice on effective implementation of threat intelligence.

This week we welcome back to our show Geoff Brown, chief information security officer for the City of New York. In a city with 8 million citizens that’s also a global center of commerce, innovation, and tourism, protecting the public when they use publicly available online resources is an effort toward making everyone safer. New York City’s leadership is in the process of implementing a new initiative they’re calling “NYC Secure” that aims to better protect the city’s residents, workers, and visitors from cyber threats. Geoff Brown describes the new initiative, and explains how it could serve as a model for other municipalities and communities around the world.  

Our guest today is Greg Reith. Greg began his career with U.S. Army Special Forces with a specialty in operations and intelligence. His experience includes counter intelligence, analysis, and collection at both tactical and strategic levels. At the end of his career in the military, he transitioned into Information Technology and was an information systems security officer. Most recently, Greg led the T-Mobile threat intelligence team as a senior security engineer and developed the T-Mobile threat intelligence strategy. We’ll learn about his career, get his thoughts on leadership and assembling teams, and how he’s learned to integrate threat intelligence into his work. He’ll also describe a technique called “adversarial focus.” We’ll learn what that is and why it’s important to understand.  

Researchers at Recorded Future recently published a report titled, “The Top 10 Vulnerabilities Used by Cybercriminals.” The report reveals that seven out of the top 10 most exploited vulnerabilities in 2017 targeted Microsoft products. We’ve got pair of experts from Recorded Future to take us through their findings. Scott Donnelly, vice president of technical solutions, looks at the technical side of the research and what the findings represent in terms of trends. A little later in the podcast we’ll hear from Adrian Porcescu, EMEA professional services manager, for his take on the practical implications of the report’s findings, and how organizations can use this information for setting priorities and planning their defenses.

Graham Cluley is well known in the cybersecurity industry as a popular speaker, writer, independent security analyst, and cohost of the Smashing Security podcast. He’s had senior roles at Sophos and McAfee, and is a member of the Infosecurity Europe Hall of Fame. He joins us this week for a wide-ranging conversation, including his humble beginnings writing software to protect against malware before that was really even a thing, his thoughts on the latest trends and techniques the bad guys are using, and how we as a community should protect ourselves against them. And, of course, we get his take on threat intelligence, and why he thinks it’s playing an ever-increasing role as organizations stand up their cyber defense strategies.

Jim Routh is chief security officer of Aetna, a Fortune 500 company offering health care, dental, pharmacy, group life, disability, and long-term care insurance and employee benefits. With annual revenue exceeding 60 billion dollars and nearly 50 thousand employees, there’s a lot to secure. In this episode, we explore Jim Routh’s career path, the unique challenges he faces as CSO for such a large public company, how he delegates authority and manages his time, his approach to threat intelligence, and his somewhat contrary approach to communicating risk with the Aetna board. We learn about Aetna’s move away from using Social Security numbers as identifiers, as well as their efforts to phase out traditional password-based user logins, all in the name of improving customer convenience and security. He also explains his adoption of model-driven security and the rise of unconventional controls.  

Christopher Ahlberg is CEO of Recorded Future, and this week he leads a conversation with Stu Solomon, chief technology and strategy officer at Optiv, a leading provider of end-to-end cybersecurity solutions. It’s a wide-ranging discussion, exploring Stu’s experience as a long-time cybersecurity professional, including time in the military, along with his thoughts on effective hiring practices, the changes he’s seen in the industry, the differences between being a great consumer or producer of intel, and where he sees things heading in the future. Stu shares his thoughts on threat intelligence, including thought-provoking views on what to include in threat intelligence reports, how to cut through the noise, and the swinging pendulum of cybersecurity tradecraft.  

There’s a natural tendency, not just in cyber security, to be drawn to bright, shiny objects. If you’re a security professional, you’ve likely had to respond to questions from management and your coworkers about the latest high-profile breach or ransomware incident. For sure, that’s part of the job, but how do you make sure you’re not spending too much time reacting to the latest threat, when you could be strengthening your internal resiliency plans? On today’s episode of the Recorded Future podcast, we address the downside of headline chasing, and the need for resiliency within security, so that basic, fundamental tasks don’t lead to mass chaos within organizations. We’ve got two guests today, Zak and Ryan. They are both high-level security professionals at a major financial services organization, and in order to minimize the number of hoops they’d have to jump through to get permission from their employer to appear on our show, we’re going to respect their request to keep things on a first name basis.

In episode 29 of this podcast we heard from Bill Ladd, Chief Data Scientist at Recorded Future, about the differences between the US and Chinese cyber threat vulnerability reporting systems. He pointed out the difference in speed-of-publishing between the two, with the Chinese generally being faster, as well as their conclusion that the Chinese National Vulnerability Database (CNNVD) is essentially a shell for the Chinese MSS, the Ministry of State Security. This being the case, there’s evidence that the Chinese evaluate high-threat vulnerabilities for their potential operational utility before releasing them for publication. Since then, researchers at Recorded Future have taken another look at the CNNVD and discovered the outright manipulation of publication dates of vulnerabilities. Priscilla Moriuchi is Director of Strategic Threat Development at Recorded Future, and along with Bill Ladd she’s coauthor of their research analysis, “Chinese Government Alters Threat Database Records.” She joins us to discuss their findings, and their broader implications.

The 2018 Olympic Games in PyeongChang recently concluded, but not without attempts at disruption from cyberattackers. A major telecom and IT provider was targeted with a multi-pronged campaign to gather credentials, move laterally within networks, and destroy data. It borrows bits of code from previously known campaigns, and was an aggressive effort to spread quickly and cause maximum damage to systems. Greg Lesnewich is a threat intelligence analyst with Recorded Future’s Insikt Group, and he joins us to provide an overview of the malware campaign named Olympic Destroyer. We’ll get technical details, as well as a sense for why attribution is notoriously difficult in cases like this, and whether or not we’re seeing evidence of a false flag operation.  

Our guest today is Michael Rea. He’s a threat intelligence professional currently working at McAfee. He’s got prior experience in the US Navy, serving at sea and at shore, including positions at Cyber Command and NSA. We’ll discuss his career, how threat intelligence differs between the military and the private sector, and why it’s valuable to formalize the management of your threat intelligence requirements, how best to do that, and why that helps make IT teams more effective. He explains the importance of identifying the use case for threat intelligence, and how to best cut through marketing noise and hype to make sure your threat intelligence provider aligns with your organization’s needs.

The research and advisory firm Gartner recently took a closer look at security threat intelligence, and published a comprehensive report with their findings, the Gartner Market Guide for Security Threat Intelligence Products and Services. The report explains the different use cases for threat intelligence, makes recommendations for how best to implement it in your organization, and provides guidance on evaluating vendors. In this episode of the Recorded Future podcast we are joined once again by Allan Liska, senior threat intelligence analyst at Recorded Future, to walk through some of the key takeaways from the Gartner report, and to see how the report aligns with Allan’s experience. You can download a free copy of the report at: https://go.recordedfuture.com/gartner-market-guide

You’d have to be living under a virtual rock to not have noticed that virtual currencies like Bitcoin have taken off, attracting investors, speculators, and, of course, criminals, all looking to profit from the enthusiasm surrounding these cryptocurrencies. Bitcoin has been the gold standard in online currency exchange for bad guys, but its surging popularity has led to recent slowdowns in transaction processing speed and increased transaction fees. This has prompted criminals to start looking elsewhere, to other virtual currencies like Dash, Monero, and Litecoin. Andrei Barysevich is Recorded Future’s director of advanced collection, and he’s the co-author of a recent blog post titled, “Litecoin Emerges as the Next Dominant Dark Web Currency.” He’ll take us through the research from Recorded Future’s Insikt Group explaining what factors cause groups of online fraudsters to switch from one cryptocurrency to another.

Building a successful threat intelligence operation and team involves many important considerations. What are your organizations critical assets, who are your potential adversaries, and how do you best communicate with the rest of your organization to ensure your efforts are properly focused and your conclusions properly understood and implemented? Our guest today is AJ Nash. He’s the cyber threat intelligence evangelist and manager of intelligence services at Symantec. It’s a big company, offering a diverse array of cybersecurity products and services, with some well-known brands like Norton and LifeLock, as well as threat intelligence products and services. Our conversation covers a wide range of topics, including the foundations of intelligence and the intelligence life cycle, the challenges of moving from the military to the private sector, leadership styles, and how to be sure you’re asking the right questions when it comes to threat intelligence.

In today’s episode, we’re talking SIEMs. That’s short for security information and event management, and it typically describes software or services that provide real-time logging and analysis of security alerts. A SIEM gathers information from a variety of network software and devices and correlates, aggregates, and alerts users of issues requiring attention. They can monitor and manage user access privileges, help with compliance through the automated gathering of relevant data, and provide users with the ability to aggregate and analyze log files that might be spread across the network. Monzy Merza is head of security research at Splunk, a well-known SIEM provider, and he joins us to share his thoughts on SIEMs, how they fit into the security lifecycle, where threat intelligence comes in, and how successful organizations are best utilizing them.

Facing sanctions from much of the rest of the world, North Korea has turned to cybercrime to help finance their operations. The Lazarus Group is well known as a state-sponsored team of criminal hackers serving North Korean interests, and in 2017 they set their sights on cryptocurrency users and exchanges in South Korea with a spear phishing campaign. Additionally, they’ve targeted South Korean college students interested in foreign affairs, part of a group called “Friends of MOFA” (Ministry of Foreign Affairs). Juan Andres Guerrero-Saade is a principal security researcher for Recorded Future’s Insikt Group, and he joins us to help explain what the North Koreans are up to, the methods and tools they are using, just how sophisticated they may or may not be, and why, in the end, sophistication might not really matter much.

Philips is a company with a long, storied history, going back over 120 years, and many technological achievements to brag about. From light bulbs to radios, consumer devices like electric shavers, the compact cassette, and the co-invention of the compact disc along with Sony, they’ve been an innovative, influential company for generations. These days, Philips primarily focuses on healthcare, and they employ over 100,000 people in 60 countries. Praveen Sharma is one of those employees, and our guest today. She’s the director of the cyber research and development center at Philips Healthcare, where she leads a team responsible for developing in-house tools and concepts that help Philips rapidly detect and respond to existing and emerging threats. She is also responsible for looking at the cyber technologies that are on the horizon and the risks of these technologies to Philips.

Our guest today is Denver Durham. He’s a threat intelligence consultant at Recorded Future, with a background in the U.S. Army as an intelligence analyst, working in signals intel and all-source intel supporting counterterrorism,and later in the private sector in a SOC (security operations center) as a cyber threat analyst, performing attribution and analytics. On today’s show, he takes us through what he believes are some of the most relevant questions for a SOC analyst, including collecting and prioritizing indicators of compromise, handling news feeds, managing firewall alerts, and performing trend analysis. We’ll learn about the types of reports a SOC analyst is likely to generate, how to make good use of some third-party rules, and he’ll share his advice for anyone considering a career as a SOC analyst.

Whether you felt 2017 flew by or you just couldn’t wait for it to be over, from a cybersecurity point of view there’s no question it was an interesting year. There was something for everyone, including ransomware, botnets, major data breaches, IoT issues, as well as business and policy concerns. Our guest today is Dr. Chris Pierson. He’s the CEO and founder of Binary Sun Cyber Risk Advisors, and a familiar voice for those of us who follow cybersecurity. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a distinguished fellow of the Ponemon Institute.  Together, we’ll take a look back at 2017 and try to make sense of what it all means as we head into the new year, what 2018 may have in store for the cybersecurity industry, and how best to prepare.

In this episode, we have a conversation with Gavin Reid, chief security architect at Recorded Future. Before joining Recorded Future, he helped design the systems that protect organizations like NASA, Cisco, and Fidelity. We’ll get his take on the state of the industry, and why he believes there are a number of cybersecurity myths that are in need of being dispelled, including the notion that companies need to “do more with less.” Are boards of directors finally getting up to speed and recognizing the realities of their defensive postures? What are some of the most effective ways to make sure the basics are being taken care of, all while managing the practical challenges of the busy day-to-day demands of a modern corporate environment? The tools are available, according to Reid. The trick is knowing how to best implement them.

In this episode, we take a closer look at some of the specifics of artificial intelligence and machine learning, and how cybersecurity professionals can benefit from including these tools in their threat intelligence arsenals. We’ll discuss clustering, natural language processing or NLP, and supervised learning, and we’ll find out why combining the talents of humans with the speed and analytical capabilities of computers, the so-called digital centaurs, could provide even more powerful solutions in the future. Joining us are two experts in machine learning. Christopher Sestito is manager of threat intelligence at Cylance, a company that’s all-in when it comes to AI technology, and Staffan Truvé, co-founder and chief technology officer at Recorded Future. 4 Ways Machine Learning Is Powering Smarter Threat Intelligence By Staffan Truvé https://go.recordedfuture.com/machine-learning

There’s been a good bit of attention aimed at Industrial Control Systems (ICS), lately, the systems that monitor and help keep our critical infrastructure running. The electrical grid tends to get the most attention, but ICS includes water, dams, communications systems, pipelines, natural gas, transportation, and other process control systems. As more and more of these systems get connected to the internet they can make an attractive target for cyber criminals or state actors who are up to no good.   Our guest this week is Robert M. Lee. He’s CEO at Dragos , a company dedicated to the security of critical systems. Before Dragos he was in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community.

In this episode of the Recorded Future podcast we take a closer look at the Internet of Things (IoT). It’s a wide-ranging category, spanning everything from connected thermostats, refrigerators, and security cameras to industrial control systems, self-driving cars, and medical devices. It’s hardly an exaggeration to say that if a device has a power source, somebody is thinking up a way to connect it to the internet. And with that comes opportunities for improving our lives and the world we live in, as well as risks to our security and privacy. Our guest this week is Chris Poulin. He’s a principal at Booz Allen Hamilton, where he leads the company’s Internet of Things security practice.

In this episode of the Recorded Future podcast, we take a closer look at the practical application of threat intelligence. Some security teams still meet threat intelligence with a skeptical eye, wondering how adding even more information to the flow of data they’re already receiving could improve their security posture. In reality, they’re likely already using some degree of threat intelligence even if they don’t realize it. We’ll explore ways that organizations can determine how much threat intelligence is the right amount, when it’s time to engage with a third-party provider, and when it’s not. We’ll review case studies from FaceBook and Akamai, and we’ll discuss the importance of context when transforming information into intelligence. Our guide this week is Allan Liska. He’s a Solutions Architect at Recorded Future, and author of the newly published e-book Threat Intelligence in Practice.

This episode focuses on phishing, where a bad actor pretends to be someone they’re not in order to get a user to reveal information, like a login or password, or to get them to perform a task, like transferring money.  Phishing has been around for quite a while. Many of us remember breathless email requests from a certain Nigerian Prince looking to share millions of dollars. It’s still around today because it works and it’s inexpensive to do, taking advantage of human nature and most people’s tendency to be helpful and trusting.  Our guest today is Oren Falkowitz, CEO and founder of Area 1 Security, a company that specializes in protecting organizations from phishing attacks. He describes the history and continued effectiveness of phishing campaigns, the techniques that companies like Area 1 Security use to defend against them, and whether or not he thinks it’s a problem we’ll ultimately solve.  

The recent Equifax breach highlights the vulnerability of our personal data online, and serves as a reminder that there’s an active, thriving, global criminal market for that sort of information. In this episode of the Recorded Future podcast we return to the dark web, with Recorded Future’s director of advanced collection, Andrei Barysevich as our guide. He’ll separate fact from fiction, and help us gain a better understanding of the mysterious and increasingly volatile world of the online criminal underground. What sorts of information and services are actually available for purchase in these markets, how does law enforcement respond, and what are the challenges of gathering threat intelligence in an environment where trust and anonymity are the coins of the realm?

The U.S. National Vulnerability Database, or NVD, is, in part, a collection of security-related reports. Software vulnerabilities are assigned CVE numbers, which stands for common vulnerabilities and exposures, which help track the issues and provide a common reference for referring to a specific flaw. China has a database of their own, the Chinese National Vulnerability Database, or CNNVD.  Our guest today is Dr. Bill Ladd, chief data scientist at Recorded Future. His team noticed that publicly known vulnerabilities were showing up more quickly in China’s database than in the U.S., quite often taking days instead of weeks. This not only has the potential to put U.S. defenders at a disadvantage, it could also give black hats the upper hand.  In this episode we’ll learn why the NVD lags behind the CNNVD, why it matters, and what could be done to correct it.

Our guest today is Bob Gourley, author of the book “The Cyber Threat: Know the Threat to Beat the Threat.” Earlier in his career, Bob spent 20 years as a U.S. Navy intelligence officer. One of his last assignments with the military was as director of intelligence for the first Department of Defense cyber defense organization. He’s currently a partner at Cognitio Corp, where he leads research and analysis activities, due diligence assessments, and strategic cybersecurity reviews for clients. Bob sat down with us at our annual user conference at the Newseum in Washington, D.C. for a wide-ranging conversation on what it was like to define emerging cybersecurity missions for the Department of Defense, the importance of looking back to history as a guide, and the growing need for threat intelligence and basic cyber hygiene.

By now, you’ve surely heard that Equifax, one of the largest credit reporting companies in the U.S., suffered a huge data breach. How bad was it? Reports say over 143 million sets of personal information may have been lost on U.S. residents alone, including names, social security numbers, birth dates, addresses, and in some cases driver license numbers. Reports say Equifax neglected to patch a known vulnerability in a timely manner, and took even longer to go public with news of the breach. The story is still developing, but it’s shaping up to be one of the most significant security breaches yet. John Wetzel is head of threat intelligence training at Recorded Future, and he joins us today to help make sense of what happened to Equifax, how it might have been prevented, and what a breach of this size means for all of us.

When someone mentions New York City, there are a variety of images that may come to mind. The Statue of Liberty, the Empire State Building, Times Square, or maybe Wall Street or Central Park. And, of course, 9/11. It’s no wonder the city of New York is often called “the greatest city in the world.” Mayors of other cities may take issue with that label, but there’s no argument that New York is one of the largest, most important cities in the world, with over eight and half million people. Geoff Brown is the chief information security officer for New York City, and he’s our special guest today. He heads up New York City Cyber Command, a new cybersecurity organization for the city of New York that works across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats.

You’re likely familiar with the phrase, “know your enemy.” The idea being, the more you know about your adversary, their motivations, methods, and capabilities, the better advantage you’ll have when it’s time to defend yourself. In cybersecurity threat intelligence, we speak of threat actor tactics, techniques, and procedures, or TTPs. TTPs can come from a variety of sources, including open source, darknets, scanning and crawling, and others, but to turn the raw data from TTPs into actionable intelligence, you need to know how to set your priorities based on your organization’s needs. Joining us once again to help make sense of all of this is Levi Gundert, vice president of intelligence and strategy at Recorded Future.

Our guest today is BT’s Vice President, Security UK and Continental Europe, Luke Beeson. Located in London, he leads teams who deliver cybersecurity services to customers, while simultaneously protecting BT’s own systems. We discuss the challenges a large organization like BT faces when it comes to protecting themselves and their clients, the affect the upcoming GDPR regulations may have on the company and organizations around the world, and how they set their priorities across a broad spectrum of products and services. We’ll also get his take on the role of threat intelligence in his day-to-day security strategies.

Our guest today is Myke Cole. He’s a cyber threat intelligence analyst with a large metropolitan police department, and a member of the United States Coast Guard reserve, supporting maritime search and rescue and law enforcement around New York City. He is also an award-winning, best-selling author of fantasy fiction, perhaps best known for his “Shadow Ops” series of novels, combining military action with magic and sorcery. And if that weren’t enough, he’s also featured in the CBS reality TV series, “Hunted,” where he’s one of an elite team of fugitive hunters. Mr. Cole shares his unlikely path to cybersecurity, how his ability to conjure convincing characters in his fantasy novels transfers to understanding the minds of cyber adversaries, and the importance of creativity and taking risks.

When you’re responsible for safeguarding the money, not to mention the personal financial information of your clients, what are your specific needs when it comes to threat intelligence? Where do you begin, and how do you get the best bang for your buck? Is open source intelligence enough, or should you invest in a paid solution from the outset? What about regulators? And how do you get buy-in from the board? Here to answer these and many other questions is Dr. Christopher Pierson. He’s chief security officer and general counsel at Viewpost, an electronic invoice, payment, and cash management company. He also serves as a special government employee on the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee, and is a distinguished fellow of the Ponemon Institute.

As security professionals, we’re relied upon to protect our networks from malicious traffic. But what’s the best strategy for determining the most likely sources of risky traffic? Is it safe to assume that traffic from certain countries is more suspicious than others, or that some hosting infrastructures are more likely to be compromised? With a growing consensus that IP blocklists are rapidly becoming obsolete, a more sophisticated approach is needed. Our guest today is Dr. Bill Ladd, chief data scientist at Recorded Future. He’s the author of the report, "From Chasing Risk Lists to ASN Policies: Large-Scale Analysis of Risky Internet Activity." The report takes a data-driven look at a variety of ways to determine risky ASNs and IP addresses. In this episode Bill Ladd gives us an overview of his team’s research and findings.

In this episode we take a closer look at Russia. Here in the United States, there’s been no shortage of news about Russia, its alleged interference in our presidential election, and its greater role in the global cybersecurity ecosystem. But how did we get here? What’s the historical context for Russia’s cybersecurity strategy and posture, how does it compare to other players around the world, and what are our options for dealing with it? How do Russia’s relationships with its neighbors inform its approach to online warfare, and how do Russian citizens perceive their place in the world? On today’s podcast we’re joined by Peter Debbins, an instructor at the Academy for Defense Intelligence, where he teaches on a wide range of Russian-related topics. His background includes service in the U.S. Army as an officer, experience in the private sector, and as a Russian-area analyst.  

In today’s episode we hear from three women working in cybersecurity intelligence. We’ll learn about their sometimes indirect journeys toward tech, challenges they faced along the way, and we’ll get their advice for navigating what is still a male-dominated field. Emily Wilson is director of analysis at Terbium Labs, where she leads a team focused on exploring and analyzing data from the dark web. Lauren Zabierek is a senior analyst with Recorded Future, providing threat intelligence for its customers. Teresa Shea is currently an executive vice president at In-Q-Tel. Prior to that she spent 35 years at the NSA, rising to the role of director of signals intelligence before retiring from the agency in 2015.

When it comes to North Korea, there are a variety of images that may come to mind. Eccentric, erratic leadership, suffering citizens, isolation from the rest of the global community, and lately, of course, the testing of nuclear weapons and long-range missiles. When it comes to cybersecurity and threat intelligence, North Korea is known for cybercrime, perhaps most notably the WannaCry ransomware and the Sony hack. Our guest today is Priscilla Moriuchi, director of strategic threat development at Recorded Future and former enduring threat manager for East Asia and Pacific at NSA. Her team is responsible for a pair of research reports recently posted to the Recorded Future website, “North Korea Is Not Crazy,” and, “North Korea’s Ruling Elite Are Not Isolated.” The reports reveal that North Korean threat actors are not crazy or irrational: they just have a wider operational scope than most other intelligence services, along with unique insights into how North Korean leadership and ruling elite use the internet and what that can tell us about their plans and intentions.  

The Black Hat 2017 conference just wrapped up in Las Vegas, followed immediately by the DEF CON hacker convention. Between the two shows, it’s one of the largest annual gatherings of cybersecurity professionals and enthusiasts in the world. Black Hat features a trade show floor with vendors representing all aspects of the cybersecurity community, plus high-profile keynote speakers and educational sessions covering a variety of research and industry developments. This year was Black Hat’s 20th anniversary. And DEF CON celebrated its 25th year as a destination for everyone from cybersecurity hackers to lock pickers.   Recorded Future’s Alex Walker was there, and on today’s show he shares his experience from Black Hat and DEF CON, and how these sorts of gatherings are helping the cybersecurity and threat intelligence communities mature and focus on emerging challenges.  

Artificial intelligence (AI) and machine learning (ML) are hot topics in cybersecurity, threat intelligence, and beyond. We hear the terms casually tossed around in conversation, we’re bombarded with AI/ML marketing, and of course, there is no end to the references in movies, literature, and pop culture. Unfortunately, we’re often missing the context or explanation needed to know what they mean or why they matter. Some say AI and ML will be our virtual saviors, others offer cautionary tales of bots gone wrong. In this episode, we welcome back Christopher Ahlberg, CEO at Recorded Future, and Staffan Truvé, Recorded Future’s chief technology officer, for a wide-ranging, spirited discussion to help sort it all out.

Ever thought of becoming a threat intelligence analyst? This is the second in our occasional series of behind-the-scenes looks at Recorded Future, where we drop in from time to time on team members, to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They share their stories, in their own words. In this episode, we introduce you to Wendy DeLuca and CW Walker. Although they come with experience in analysis and cyber security, neither of them had a conventional technical educational pathway to working in threat intelligence. We’ll find out why, and why both of them consider that an asset.

As we pass the midpoint of 2017, we’ve had more than a few high-profile malware attacks. Two of the biggest have been WannaCry, the ransomware attack that went worldwide in May, and NotPetya, the destructive campaign that targeted Ukraine in June, but rapidly became a global menace, creating widespread fear and confusion, not to mention business disruptions. Observers are still settling on a final name for NotPetya, by the way. It’s being called Petya, Nyetya, and GoldenEye, but for this show we’re going to go with NotPetya. In this episode, we’re joined again by Allan Liska, Senior Solutions Architect at Recorded Future, and author of “Ransomware – Defending Against Digital Extortion.” He’ll share his insights on both attacks, and walk us through how his team grappled with the challenge of understanding and communicating the threat to industry. We’ll also talk about what these two attacks mean for the future — do they represent harbingers of the “big one” we all fear? Time to panic? Tune in and find out.

Sharing insights on the tools, technologies, and processes that underpin threat intelligence is one of the primary aims of this podcast. One of the processes that’s getting a lot of attention these days is threat hunting. In this episode, we’ll talk about what exactly threat hunting is, how it’s done, and its value to organizations looking to strengthen their security posture, gain situational awareness, and of course, enhance their threat intelligence. To get past the buzzwords and down to business, we have as our guide Keith Gilbert, a security technologist at Sqrrl, a firm that specializes in the art and science of threat hunting.  

It’s fair to say that the term “threat intelligence” has achieved buzzword status in the cyber security world. Confusion over the term’s meaning, not to mention the tidal wave of related products, services, and solutions overwhelming the industry, makes it hard to know where to start when threat intelligence becomes a priority in your organization. To help cut through some of that noise, Recorded Future published a white paper, “Best Practices for Applying Threat Intelligence.” The paper is online, but in this episode, we talk to the report’s author, Chris Pace, Technology Advocate at Recorded Future. He’ll take us through the white paper’s key takeaways and offer his own insights.

In the first 10 episodes of the Recorded Future Podcast, we’ve taken some deep dives into many important threat intelligence topics. Of course, there are many more topics to cover in the weeks ahead, but we thought it might be helpful to share a little bit of Recorded Future’s backstory. In this episode, we’ll talk about how the company made its transition from the virtual garage to an international company with offices around the world. Along the way, we’ll touch on issues important to any growing cyber security startup, like establishing and nurturing a diverse corporate culture, attracting the right people, building teams, and doing it all while you are tackling the critical challenges facing the security world today. It’s our hope that this episode will not only provide some context as you hear from Recorded Future analysts and experts throughout the year, but for those looking to build their own companies or threat intelligence teams, we hope to provide some useful lessons. Joining us today are Recorded Future Chief Executive Officer and Co-Founder Christopher Ahlberg, and Andy Palmer, one of Recorded Future’s founding board members.

In this episode of the Recorded Future podcast, we introduce you to two threat intelligence analysts, Lauren Zabierek and Alex Walker. They both have previous experience with threat analysis for the U.S. government – Lauren was formerly in the Air Force, and, inspired to serve after 9/11, took part in missions in Afghanistan. Alex came out of college and joined NSA, where he worked as an intelligence analyst. They share their insights on their day-to-day challenges as analysts at Recorded Future and how they help turn raw data into threat intelligence. This is the first in an occasional series of behind-the-scenes looks at Recorded Future. Over the next few months we’ll drop in from time to time on some of the Recorded Future team members, to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They’ll share their stories, in their own words.

While certainly not new to the world of international espionage or hacking, you will find the Russians at the intersection of global politics and cyber security today. With recent events like the hacking of the Democratic National Committee in the run up to last year’s US presidential election, the ongoing investigations into Russian interference in that election, and even questions about the Russian relationships with key players in the new US administration, the Russians are often top of mind when it comes to possible threat actors. They are central players in stories all over the news today, whether we’re talking about nation-state activities or the work of criminal gangs. But what’s the real story? In this episode, we welcome back Andrei Barysevich, Director of Advanced Collection at Recorded Future, to give us his take.

Throughout the history of conflict, threat intelligence has played a vital role in the military. Its arts, tradecraft, and organizing principles have been honed for millennia and have adapted to emerging threats, like those we face in cyberspace today. As commercial organizations confront the mounting challenges of cyber security, they too have begun to create their own threat intelligence teams. So how do these new commercial teams compare to their military counterparts? In this episode, we talk to Alexi Phillipson, a former US Naval Officer, and now a Customer Success Consultant at Recorded Future. Alexi served in counter-terrorism analytical roles, and his postings included the aircraft carrier USS Dwight D. Eisenhower and US Naval Forces Central Command. He now finds himself “parachuting in” to advise the many varieties of commercial threat intelligence teams, and shares with us the differences he sees, lessons learned, and some important things for teams to think about as they help their companies mitigate the increasing risks they face every day in cyberspace. 

What exactly is an insider threat? It’s a term we hear a lot in cyber security circles, and of course, the world of threat intelligence. While its meaning seems self-evident, we’ve found that it often brings to mind different things to different people. In this episode, we talk to a real expert on the subject of insider threats, John Wetzel, a Threat Intelligence Analyst at Recorded Future. Before he joined the team, John was a Counterintelligence Special Agent with the Department of Defense. He’ll  share his experiences, describe the types of insider threats you're likely to encounter, and explain the difference between those insiders that are out to do harm to an organization, and very real threats that can come from actions (or inaction) by those with no ill intent at all. 

Turning information into actionable intelligence is a critical activity for organizations of all types and sizes. The challenge remains sifting through the enormous amount of data coming at us from all angles and at ever-increasing rates. In this episode, we give the scoop on Recorded Future’s new team dedicated to helping organizations overcome these challenges. Insikt Group is a team of veteran threat researchers that back up the intelligence analysts, engineers, and data scientists that create and deliver our products. The word “insikt” is Swedish for insight and highlights the team’s core mission of finding insights that reduce risks. We speak once again with Levi Gundert, Vice President of Intelligence and Strategy at Recorded Future. We cover some of the research being done by the Insikt Group, including “Fatboy,” a new ransomware-as-a-service product, as well as how Chinese and Russian cyber communities are digging into malware from the April Shadow Brokers release.

Looking back at predictions about what to expect in cyber security in 2017, one thing on just about everyone’s list was ransomware. It’s quickly risen to one of today’s top cyber threats and shows no signs of slowing down. In this episode, we speak with someone who quite literally wrote the book on ransomware. Allan Liska is a Senior Solutions Architect at Recorded Future, and coauthor of the book, “Ransomware – Defending Against Digital Extortion,” published by O'Reilly. In our conversation, we give some background the emergence of ransomware, some of the varieties organizations might encounter, how businesses can protect themselves, the pros and cons of paying up, and of course, the value of threat intelligence when it comes to dealing with the very real risks posed by ransomware. 

Mention the dark web and many people summon imagery of a massive, mysterious online criminal underground, where all manner of products and information are bought, sold and traded, hidden away from the prying eyes of the public and law enforcement. But, is that really what it’s like, or is that just cyber security marketing hype? In this episode, we take a tour of the dark halls and back alleys of the dark web with the aim of separating fact from fiction. We’ll learn the truth about the people and products on the dark web, and find out the part it plays in threat intelligence today. Our tour guides are Andrei Barysevich, Director of Advanced Collection at Recorded Future, and Emily Wilson, Director of Analysis at Terbium Labs.

Over the last two years, Ransomware has become the hottest commodity in the criminal black market. And we do mean commodity—it's getting cheaper and more accessible to crooks, even the unskilled ones. On March 4th of this year, a leading cybercriminal, who goes by the name “Dereck1,” mentioned that there was a new ransomware variant out called “Karmen.” But Dereck1 wasn't the one hawking this in the criminal market. Instead, it's a Russian speaker who goes by the name of “DevBitox.” The first infections seem to go back to December of 2016, with victims in Germany and the United States reporting infection. DevBitox is no cryptographic ace—by his own admission, he was involved only with web development and control panel design, the criminal customer's user experience. But Karmen is interesting not only because it's dangerous, but because it's cheap, and because it affords some insight into the way criminal markets function. Joining us to talk about Karmen is Andrei Barysevich, Director of Advanced Collection at Recorded Future.

Threat intelligence feeds have become a staple in the diet of analysts and security professionals at organizations large and small. Some feeds are free, others are offered for sale from security vendors. They can also come in a dizzying array of formats, varying sizes, and include threat information that may or may not add value to your organization. In this episode, we give you the inside scoop on threat intelligence feeds. We’ll tell you what they are, how to select the right ones for your organization, and how to separate the signal from the noise. Join us as we talk about turning those streams of raw information into actionable intelligence. Our guest today is Matt Kodama, Vice President of Products at Recorded Future.

In our first episode, we start with the basics of threat intelligence. We talk about its emergence in cyber security and offer some relevant definitions. We describe where threat intelligence comes from, its purpose, and the context in which it's used. In an age of information overload, we also look at the path from data, to information, to actionable intelligence. These are important distinctions when organizations requiring threat intelligence faced the prospect of sorting through competing claims, products, and services in the marketplace. As organizations adopt threat intelligence and look to protect themselves in a rapidly evolving threat landscape, discerning value, establishing priorities, and setting measureable goals become critical. We talk through these issues with Staffan Truvé, our CTO and Co-founder; Levi Gundert, our VP of Intelligence & Strategy; and Robert M. Lee, CEO and founder, Dragos Security.