Cyber Threat Intelligence Podcast

Pedro Kertzman

Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI. In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime. Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI. Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion. Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.

  1. From Law Enforcement To Adversary Intelligence In Modern Banking (Pedro Kertzman & Eric Huber)

    7H AGO

    From Law Enforcement To Adversary Intelligence In Modern Banking (Pedro Kertzman & Eric Huber)

    Telegram isn’t just where fraud gets discussed, it’s where entire criminal markets operate in the open. I sit down with Eric Huber, who leads adversary intelligence and disruption work at TD Bank Group, to map how cyber-enabled financial crime really works today: the blend of fraud, payments, cybersecurity, cryptocurrency, and now AI. If you’ve ever wondered why CTI in banking feels different than “classic” threat intel, this conversation makes the overlap tangible and practical. We get into what Eric is seeing in Southeast Asia focused fraud ecosystems, including why the scale on Telegram can be overwhelming and how to find signal without drowning in noise. We talk about the reality of doing OSINT in a regulated financial services environment, where legal, privacy, vendor reviews, and governance controls are not red tape but part of doing investigations safely. Along the way, Eric shares a simple approach that works: start with a few sources, iterate, validate with peers, and keep your assumptions testable. From there, we connect the dots between telecom and banking with SIM swap attacks, insider risk, and why phone number takeover is still a fast path to account takeover and crypto theft. We also explore cryptocurrency fraud and blockchain analysis, including how public ledger data can help you evaluate criminal tooling and payment flows. Finally, we dig into AI in cybersecurity: where it accelerates analysis, where hallucinations can mislead teams, and why human QA and strong data handling matter more than ever. Subscribe, share this with a teammate, and leave a review if it helps. What part of the fraud and cyber threat landscape do you want us to unpack next? Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    25 min
  2. From Ransomware Matrices To Actionable Threat Actor Profiles (Will Thomas & Pedro Kertzman)

    MAY 12

    From Ransomware Matrices To Actionable Threat Actor Profiles (Will Thomas & Pedro Kertzman)

    The fastest way to fall behind in cybersecurity is to stay reactive while attackers iterate in real time. We sit down with Will Thomas, known across the CTI community as “BushidoToken” to get practical about what actually helps defenders: threat actor profiling that is repeatable, actionable, and built for change. We start with how Will builds community-ready resources like the ransomware tool matrix and his threat actor profiling guide, then zoom into the Conti leaks and what hundreds of thousands of internal ransomware messages can teach us. From “salary day” breakdowns to operator behavior during major incidents, we talk about why these datasets are a gold mine and how to avoid getting lost in the volume. Will shares a concrete workflow for large-scale analysis using JSON exports, regex searches, CyberChef, and Elasticsearch so you can extract IOCs, wallets, infrastructure clues, and the higher-level “so what” that drives detections and threat hunting. From there, we shift into emerging threats and modern intrusion tradecraft: hacktivism that ranges from empty noise to destructive campaigns, EDR bypass techniques like bring-your-own vulnerable drivers and “EDR-on-EDR” tactics, and the steady rise of legitimate tools abused for access. We also dig into identity-led attacks where stolen credentials, social engineering, and SSO platforms like Okta can make endpoint controls less decisive. Finally, we unpack threat intelligence exchange beyond IOC feeds, including why STIX/TAXII still matters, how data quality and freshness drive results, and why a bidirectional TIP and SIEM relationship enables better correlation and “sightings.” Subscribe, share the episode with your team, and leave a review, then tell us: what part of your threat intelligence program needs the biggest upgrade right now? Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    30 min
  3. From Shiny PDFs To Decisions In CTI - Season 2 - Episode 5 (Joshua Copeland & Pedro Kertzman)

    APR 28

    From Shiny PDFs To Decisions In CTI - Season 2 - Episode 5 (Joshua Copeland & Pedro Kertzman)

    Most organizations say they “do CTI,” but what they really have is a pile of threat feeds, glossy reports, and alerts nobody trusts. We sit down with Joshua Copeland, cybersecurity executive, board advisor, and creator of the Unpopular Opinion series, to get brutally practical about what cyber threat intelligence should be: decision support that changes behavior inside a real security program. We talk through what it looks like to operationalize threat intelligence in security operations and threat hunting, including a trap that catches even mature teams: tuning everything around a baseline that might include attacker behavior. If a threat actor moves low and slow, “normal” network traffic can quietly become the attack. Joshua shares how strong CTI teams use frameworks like MITRE ATT&CK to turn a single piece of intel into targeted hunts, better detections, and smarter prioritization instead of endless IOC matching that breaks the moment infrastructure changes. The conversation also goes upstream into hiring and leadership. We dig into why certifications and degrees can’t substitute for critical thinking, how to interview with open ended scenarios that reveal real judgment, and how state level fusion centers can help public sector teams share actionable guidance. We also unpack why ransomware hits schools and why student data can be the real prize, then shift to the business case: translating CTI into risk reduction, downtime avoidance, insurance impact, and clear ROI. We close with a grounded take on AI in cybersecurity: it can add speed, but only with tight guardrails, source checking, and humans staying accountable. If you found this valuable, subscribe, share the episode with your team, and leave a review so more practitioners can find it. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    30 min
  4. Precision Over Volume: Rethinking Threat Feeds For Real-World Impact (Sergio Albea & Pedro Kertzman)

    APR 14

    Precision Over Volume: Rethinking Threat Feeds For Real-World Impact (Sergio Albea & Pedro Kertzman)

    Ever wonder why your TI platform ingests thousands of new indicators a day and still finds almost nothing useful? We dig into the gap between volume and relevance with Sergio Albea of SWITCH, who built a simple, powerful framework to make IOCs matter for real users in real environments. The idea is direct: score every indicator by system, language, location, and sector so your detections match the way attackers actually operate. We walk through practical examples that flip the match rate from near-zero to meaningful hits. A URL mentioning Zurich or SBB scores higher for Swiss campuses. German or French lures outrank Spanish in that context. Mac fleets discount Windows-themed bait. Subject lines about research grants and student loans rise to the top. With that context, Sergio operationalizes Match4 using Azure Logic Apps to run KQL collectors, aggregates indicators in MISP, and pushes high-confidence URLs into Microsoft Defender TI Indicators to stop access at the endpoint—vital for students traveling worldwide. The impact grows as signals are shared. When one university sees a malicious domain, neighbors with similar language and services often see it next, revealing how threat actors campaign by sector. By centralizing across European NRENs, the team builds a living, education-focused threat feed you can’t buy off the shelf. Bonus: the data now surfaces cross-org targeting patterns, extends IOC lifetimes for “golden tickets,” and preserves history for threat hunting long after default telemetry ages out. If you’re tired of bloated, generic feeds and want precise detections that block real attacks, this conversation lays out the roadmap: prioritize relevance, automate collection, enforce at endpoints, and collaborate across your sector. Grab Sergio’s open-source templates on GitHub, start with a few collectors, and score for your environment—education, healthcare, finance, or beyond. Subscribe for more CTI strategies, share this with your team, and leave a review to help others find the show. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    21 min
  5. Why Ransomware Attribution Keeps Getting Harder (Katya Kandratovich & Pedro Kertzman)

    MAR 31

    Why Ransomware Attribution Keeps Getting Harder (Katya Kandratovich & Pedro Kertzman)

    Attribution is getting weird. The same ransomware ecosystem that used to leave clear fingerprints is now full of affiliate “job hopping,” shared tooling, rapid rebrands, and deep web noise that can trick even experienced cyber threat intelligence teams. Pedro Kurtzman sits down with Katya Kandratovich to map what’s changing and what’s stubbornly staying the same. We talk about why ransomware remains a dominant cyber threat, how law enforcement takedowns disrupt infrastructure without ending the business, and why ransomware-as-a-service programs keep professionalizing. Katya explains how affiliates move between groups for better payouts and support, and why that movement blurs profiling, negotiation patterns, and incident expectations. We also get practical about defense. Katya shares how she treats attribution as a decision-support tool, not a badge you follow blindly, and how to separate credible reporting from rumor when doing deep web monitoring. Then we dig into the intrusion basics that still work at scale: phishing and vishing boosted by AI, stealer logs that include portal context, and zero-days and internet-facing app exposure that won’t go away. We explore “living off the land” tradecraft where attackers abuse legitimate admin and device management tools, plus pressure tactics that target employees directly through calls and emails, sometimes even via personal addresses. Finally, we zoom out to supply chain attacks, MSP risk, third-party integrations, and developer package threats, and we confront a troubling trend: some groups now openly allow healthcare targeting. Subscribe for more cyber threat intelligence conversations, share this with your security team, and leave a review so more defenders can find the show. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    37 min
  6. Inside macOS Security: Blind Spots, LOLBins, And Supply Chain Risks (Olivia Gallucci & Pedro Kertzman)

    MAR 17

    Inside macOS Security: Blind Spots, LOLBins, And Supply Chain Risks (Olivia Gallucci & Pedro Kertzman)

    Think your Mac is the safe corner of the network? Olivia Gallucci joins Pedro Kertzman to dismantle the myth of “secure by default” and show how modern attackers slip past comfort-zone defenses. We dig into the real blind spots on macOS, why unified logging and strict entitlements complicate endpoint visibility, and how Apple’s Endpoint Security API helps—while still leaving gaps clever adversaries can exploit. Olivia walks us through the rise of living-off-the-land tactics on Mac, often called LOLBins, where trusted tools like osascript, curl, launchctl, bash, and dscl become covert malware helpers. Instead of fixating on blocklists, we explore behavior-based detections that catch suspicious parent-child process chains, stealthy downloads, and persistence via launch agents. We also trace the expanding attack surface created by enterprise adoption of Macs among developers, admins, and executives—users with access, keys, and data worth chasing. On the supply chain front, we unpack how developers get targeted through poisoned dependencies and compromised package ecosystems, with examples tied to CocoaPods issues and malicious packages pulling command-and-control frameworks. For end users, trojanized apps, shady installers, and macro-laced documents still work, and notarization alone isn’t a silver bullet. Olivia shares pragmatic safeguards: dependency pinning, signed builds, stricter MDM policies, and layered monitoring that blends Apple-native frameworks with network telemetry. To help users help themselves, she highlights Objective-See’s open source tools that flag camera, microphone, and persistence changes in plain language. If you care about macOS security beyond the brochure, this conversation maps the terrain—what’s visible, what isn’t, and how to build defenses that hold up when trust fails. Subscribe, share with a teammate who uses a Mac at work, and leave a review with the one Mac detection you wish you had today. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    22 min
  7. How Militarization, Language, And Policy Shape Modern Hacktivism (Anastasia Sentsova & Pedro Kertzman)

    MAR 3

    How Militarization, Language, And Policy Shape Modern Hacktivism (Anastasia Sentsova & Pedro Kertzman)

    The moment a “hacktivist” group starts speaking with a state’s voice, the puzzle of attribution changes. We explore how Russian-speaking cybercrime transformed after 2022, why so many crews began to move in sync with national narratives, and what language, targeting, and coordination can reveal about influence without leaning on weak assumptions. Our guest, analyst Anastasia Sentsova, brings deep regional fluency and years of fieldwork to explain how militarization, culture, and policy shape a pipeline that normalizes digital action and pulls volunteers toward more aggressive operations. We walk through the rise of coordinated Telegram ecosystems, including bot-driven “cyber squads” that gamify propaganda with ranks, points, and real-world rewards. That may sound harmless, but it builds habits, grows networks, and legitimizes escalation. From there, it’s a short step to DDoS—and increasingly—intrusions that touch critical infrastructure. We also examine the ransomware world’s political boundaries: no-go lists that evolved from domestic targets to BRICS countries, selective law enforcement pressure following diplomatic milestones, and the unspoken bargain that keeps operators productive so long as they toe the line. Rather than force-fit labels like sponsored or tolerated, we talk about influence as a measurable spectrum. Indicators include state rhetoric in native-language posts, synchronized activity with kinetic events, target selection aligned with policy goals, and public signaling when named individuals “celebrate” sanctions without consequence. For practitioners, we offer concrete ways to avoid Western bias, validate translations, and build multi-source cases with explicit confidence levels. And we look ahead: the proxy model travels, youth pipelines deepen skills, and hybrid operations blur the boundary between hacktivists and APTs. If this kind of clear-eyed CTI resonates, follow the show, share it with your team, and leave a review so others can find it. Join our LinkedIn group, Cyber Threat Intelligence Podcast, to keep the conversation going and tell us what signals you’re tracking next. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    46 min

  8. FEB 17

    Cyber Threat Intelligence Podcast - Season 2 Premiere

    🎙 Season 2 Starts March 3rd Season 1 was about building foundations. Season 2 is about raising the bar. We’re diving deeper into the Cyber, Threats, and Intelligence, with practitioners who live it every day. FULL Video: https://youtu.be/oa2t9GQl6EU 📅 Premiere: March 3rd 🔔 Subscribe now so you don’t miss it. The threat landscape evolves. So should we. Send us Fan Mail Support the show Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    1 min
See All (32)

About

Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI. In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime. Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI. Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion. Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.

Information

You Might Also Like