Future of Threat Intelligence

Team Cymru
  • 4.5(11개의 평가)
  • 비즈니스
  • 격주 업데이트

Welcome to the Future of Threat Intelligence podcast, where we explore the transformative shift from reactive detection to proactive threat management. Join us as we engage with top cybersecurity leaders and practitioners, uncovering strategies that empower organizations to anticipate and neutralize threats before they strike. Each episode is packed with actionable insights, helping you stay ahead of the curve and prepare for the trends and technologies shaping the future.

  1. Safebooks AI’s Ahikam Kaufman on Why CFOs Need Company-Specific AI Models for Fraud Detection

    3일 전

    Safebooks AI’s Ahikam Kaufman on Why CFOs Need Company-Specific AI Models for Fraud Detection

    Unlike CISOs who work with consistent vulnerabilities across cloud environments, CFOs face company-specific financial processes that change constantly, making automation historically complex to solve before the AI era. Ahikam Kaufman, CEO & CFO of Safebooks AI, explains why machine learning is the only viable solution to detect sophisticated embezzlement schemes that regulatory compliance demands every public company address — with no materiality threshold.  His background building fraud prevention systems at Intuit and Check has taught him how graph technology can link seemingly unrelated financial transactions to expose coordinated internal fraud attempts that would be impossible for humans to catch at scale. The challenge is compounded by the fact that most finance staff are accountants, not technologists, requiring AI tools that bridge data complexity without demanding high technical skill levels. Topics discussed: Sarbanes-Oxley requires fraud protection programs with no materiality thresholds, yet most organizations lack systematic detection across payroll, vendor, and expense systems. Financial fraud detection requires unique AI models for each company using historical data, unlike consistent threats across organizations. Advanced fraud schemes link multiple transaction types requiring graph technology to connect disparate activities that individual monitoring would miss. Fraudsters use AI for parallel attacks, fake invoices, vendor manipulation, and executive impersonation, requiring automated defense systems for real-time processing. Achieving 99.9% accuracy through structured enterprise data and rule-based controls where financial precision is non-negotiable. Financial AI platforms integrate with existing systems without replacements or workflow changes, providing immediate automation value. Key Takeaways:  Implement AI-powered fraud detection systems that monitor vendor account changes, payroll additions, and journal entry anomalies. Build company-specific AI models using 1-2 years of historical financial data to learn unique business processes, data structures, and transaction patterns. Deploy graph technology to link related financial transactions across different systems to identify coordinated fraud attempts. Establish partnerships between CFOs and CISOs to combine external cybersecurity threat detection with internal financial fraud monitoring. Focus on AI platforms that integrate with existing financial technology stacks without requiring system replacements. Create rule-based governance frameworks for financial AI systems to eliminate hallucinations and maintain accuracy levels. Monitor AI-amplified fraud techniques, such as sophisticated fake invoices, manipulated vendor banking information, and executive impersonation. Develop automated systems that can demonstrate reasonable effort for fraud prevention to satisfy regulatory requirements and insurance protections. Listen to more episodes:  Apple  Spotify  YouTube Website

    27분
  2. Marsh's Sjaak Schouteren on the Golden Rule of Risk Assessment

    9월 18일

    Marsh's Sjaak Schouteren on the Golden Rule of Risk Assessment

    Cyber insurance has transformed from a liability-focused niche product into a comprehensive business continuity tool, but widespread misconceptions continue to prevent organizations from maximizing its strategic value. Sjaak Schouteren, Cyber Growth Leader - Europe at Marsh, offers David how they combine risk quantification with business-focused communication strategies that give security leaders the tools to speak board language about cyber threats. Rather than the complex audit processes, modern cyber insurance acquisition can be remarkably streamlined. Sjaak's experience managing real-world incident response highlights how proper coverage creates strategic advantages beyond simple risk transfer, including immediate access to specialized negotiation teams and forensics experts who can extend decision timeframes during crisis situations. Topics discussed: How the 2020-2022 ransomware surge taught insurers that mid-cap companies were primary targets requiring comprehensive coverage. The three-pillar structure of modern cyber insurance covering first-party losses, third-party liability, and immediate incident response services without deductibles for initial crisis management. Why risk quantification through scenario analysis and financial impact modeling provides CISOs with the business language needed to communicate effectively with boards and C-suite executives. How risk engineers from security backgrounds have eliminated technical translation barriers between IT teams and underwriters. The strategic advantage of immediate incident response coverage that provides access to specialized forensics, legal, and negotiation teams within 48-72 hours of an incident. Why organizations with cyber insurance actually pay ransomware demands less frequently due to professional negotiation teams and comprehensive recovery support. The evolution from narrow data breach coverage to comprehensive business protection across all organization sizes. The distinction between risk mitigation through security controls and risk transfer through insurance as complementary rather than competing strategies. Key Takeaways:  Conduct cross-functional scenario planning to identify business-critical cyber risks before evaluating insurance coverage options. Map potential cyber incidents on a risk heat map measuring probability and impact to distinguish between minor inconveniences and threats that could damage business operations. Quantify average and maximum financial losses for each business-critical scenario to make data-driven decisions about risk. Leverage specialized risk engineers from security backgrounds during the underwriting process to eliminate technical translation barriers. Engage professional ransomware negotiators rather than attempting internal negotiations. Position cyber insurance as business enablement rather than just risk transfer by demonstrating how coverage strengthens overall cyber resilience. Listen to more episodes:  Apple  Spotify  YouTube Website

    35분
  3. SIG's Rob van der Veer on Why "Starting Small" with AI Security Might Fail

    9월 11일

    SIG's Rob van der Veer on Why "Starting Small" with AI Security Might Fail

    What happens when someone who's been building AI systems for 33 years confronts the security chaos of today's AI boom? Rob van der Veer, Chief AI Officer at Software Improvement Group (SIG), spotlights how organizations are making critical mistakes by starting small with AI security — exactly the opposite of what they should do. From his early work with law enforcement AI systems to becoming a key architect of ISO 5338 and the OWASP AI Security project, Rob exposes the gap between how AI teams operate and what production systems actually need. His insights on trigger data poisoning attacks and why AI security incidents are harder to detect than traditional breaches offer a sobering reality check for any organization rushing into AI adoption. The counterintuitive solution? Building comprehensive AI threat assessment frameworks that map the full attack surface before focused implementation. While most organizations instinctively try to minimize complexity by starting small, Rob argues this approach creates dangerous blind spots that leave critical vulnerabilities unaddressed until it's too late. Topics discussed: Building comprehensive AI threat assessment frameworks that map the full attack surface before focused implementation, avoiding the dangerous "start small" security approach. Implementing trigger data poisoning attack detection systems that identify backdoor behaviors embedded in training data. Addressing the AI team engineering gap through software development lifecycle integration, requiring architecture documentation and automated testing before production deployment. Adopting ISO 5338 AI lifecycle framework as an extension of existing software processes rather than creating isolated AI development workflows. Establishing supply chain security controls for third-party AI models and datasets, including provenance verification and integrity validation of external components. Configuring cloud AI service hardening through security-first provider evaluation, proper licensing selection, and rate limiting implementation for attack prevention. Creating AI governance structures that enable innovation through clear boundaries rather than restrictive bureaucracy. Developing organizational AI literacy programs tailored to specific business contexts, regulatory requirements, and risk profiles for comprehensive readiness assessment. Managing AI development environment security with production-grade controls due to real training data exposure, unlike traditional synthetic development data. Building "I don't know" culture in AI expertise to combat dangerous false confidence and encourage systematic knowledge-seeking over fabricated answers.   Key Takeaways:    Don't start small with AI security scope — map the full threat landscape for your specific context, then focus implementation efforts strategically. Use systematic threat modeling to identify AI-specific attack vectors like input manipulation, model theft, and training data reconstruction. Create processes to verify provenance and integrity of third-party models and datasets. Require architecture documentation, automated testing, and code review processes before AI systems move from research to production environments. Treat AI development environments as critical assets since they contain real training data. Review provider terms carefully, implement proper hardening configurations, and use appropriate licensing to mitigate data exposure risks. Create clear boundaries and guardrails that actually increase team freedom to experiment rather than creating restrictive bureaucracy. Implement ongoing validation that goes beyond standard test sets to detect potential backdoor behaviors embedded in training data. Listen to more episodes:  Apple  Spotify  YouTube Website

    34분
  4. Vigilocity's Karim Hijazi on Supply Chain Threat Intelligence

    9월 4일

    Vigilocity's Karim Hijazi on Supply Chain Threat Intelligence

    Karim Hijazi’s approach to threat hunting challenges conventional wisdom about endpoint security by proving that some of the most critical intelligence exists outside organizational networks. As Founder & CEO of Vigilocity, his 30-year journey from the legendary Mariposa botnet investigation to building external monitoring capabilities demonstrates why DNS analysis remains foundational to modern threat detection, even as AI transforms both offensive and defensive capabilities. In his chat with David, Karim explores how threat actors continue to rely on command and control infrastructure as their operational lifeline. His insights into supply chain threats, "low and slow" reconnaissance campaigns, and the evolution of domain generation algorithms provide security leaders with a unique perspective on proactive defense strategies that complement traditional security controls. Topics discussed: External DNS monitoring approaches that identify threat actor infrastructure before weaponization. How AI has fundamentally disrupted domain generation algorithm prediction, creating new blind spots for traditional threat intelligence. Supply chain threat intelligence methodologies that identify compromised partners and assess contagion risks. The evolution of command and control infrastructure from cleartext to encrypted communications and back. "Low and slow" reconnaissance patterns that precede ransomware attacks, operating with months-long dormancy periods. Strategies for communicating threat intelligence value to business stakeholders without creating defensive reactions from security teams. The limitations of current AI applications in security, particularly around nuanced threat analysis requiring human experience and pattern recognition. Board-level cybersecurity education requirements for organizations to survive sophisticated attacks in the next 5 years. Innovation challenges in cybersecurity where rebranding existing solutions prevents breakthrough defensive capabilities. Non-invasive threat hunting philosophies that deliver forensic-level detail without deploying endpoint agents. Key Takeaways:  Monitor external DNS communications to identify command and control infrastructure before threat actors weaponize domains against your organization. Assess supply chain partners through external threat intelligence lenses to identify compromised third parties that represent contagion risks. Develop detection capabilities for "low and slow" reconnaissance campaigns that operate with extended dormancy periods between communications. Implement AI as a noise reduction tool rather than a primary decision maker, maintaining human oversight for nuanced threat analysis. Establish board-level cybersecurity expertise to ensure adequate understanding and support for advanced threat hunting investments. Focus security innovation efforts on breakthrough capabilities rather than rebranding existing solutions with new acronyms. Correlate external threat intelligence with internal security data to validate threats and reduce false positive rates. Build threat hunting capabilities that can operate at machine speeds to handle increasing volumes of AI-generated attacks. Create communication strategies that present external threat intelligence as validation tools rather than indictments of existing security programs. Maintain expertise in DNS analysis and network fundamentals as core competencies, regardless of technological advances. Listen to more episodes:  Apple  Spotify  YouTube Website

    32분
  5. CyberHoot's Craig Taylor on Why Fear-Based Phishing Training Fails

    8월 28일

    CyberHoot's Craig Taylor on Why Fear-Based Phishing Training Fails

    Psychology beats punishment when building human firewalls. Craig Taylor, CEO & Co-founder of CyberHoot, brings 30 years of cybersecurity experience and a psychology background to challenge the industry's fear-based training approach. His methodology replaces "gotcha" phishing simulations with positive reinforcement systems that teach users to identify threats through skill-building rather than intimidation. Craig also touches on how cybersecurity is only 25 years old compared to other fields, like medicine's centuries of development, leading to significant industry mistakes. NIST's 2003 password requirements, for example, were completely wrong and took 14 years to officially retract. Craig's multidisciplinary approach combines psychology with security practice, recognizing that the industry's single-focus mindset contributed to these fundamental errors that organizations are still correcting today. Topics discussed: Replacing fear-based phishing training with positive reinforcement systems that teach threat identification through skill-building. Implementing seven-point email evaluation frameworks covering sender domain verification, emotional manipulation detection, and alternative communication verification protocols. Developing 3- to 5-minute gamified training modules that reward correct threat identification across specific categories. Correcting cybersecurity industry misconceptions through multidisciplinary approaches. Evaluating emerging security technologies like passkeys through industry backing analysis. Building human firewall capabilities through psychological understanding of manipulation tactics. Implementing pause-and-verify protocols to confirm unusual requests that pass technical email verification checks. Key Takeaways:  Replace punishment-based phishing simulations with positive reinforcement training that rewards users for correctly identifying threat indicators. Implement gamified security training modules instead of lengthy video sessions to maintain user engagement. Establish pause-and-verify protocols requiring alternative communication channels to confirm unusual requests that pass technical email verification checks. Evaluate emerging security technologies by examining industry backing and major sponsor adoption before incorporating them into training programs. Calibrate reward systems to provide minimal incentives (like monthly lunch gift cards) that drive engagement without creating external dependency. Train users to identify the seven key phishing indicators: sender domain accuracy, suspicious subject lines, inappropriate greetings, poor grammar, external links, questionable attachments, and emotional urgency tactics. Build internal locus of control in security training by focusing on skill mastery rather than fear-based compliance, ensuring users understand why security practices protect them personally. Deploy fully automated security training systems that eliminate administrative overhead while maintaining month-to-month flexibility and offering discounts to educational and nonprofit organizations. Listen to more episodes:  Apple  Spotify  YouTube Website

    32분
  6. The Futurum Group's Fernando Montenegro on the OODA Loop Approach to Security Strategy

    8월 21일

    The Futurum Group's Fernando Montenegro on the OODA Loop Approach to Security Strategy

    What happens when you apply economic principles like opportunity cost and comparative advantage to cybersecurity decision-making? Fernando Montenegro, VP & Practice Lead of Cybersecurity at The Futurum Group, demonstrates how viewing security through an economics lens reveals critical blind spots most practitioners miss. His approach transforms how organizations evaluate cloud migrations, measure program success, and allocate security resources. Fernando also explains why cybersecurity has evolved from a technical discipline into a socioeconomic challenge affecting society at large. His three-part framework for AI implementation — understanding the technology, mapping business needs, and assessing threat environments — offers security leaders a structured approach to cutting through hype and making strategic decisions.  Topics discussed: How security economics and opportunity cost analysis reshape cloud migration decisions and resource allocation strategies The National Academies' 2025 "Cyber Hard Problems" report and its implications for cybersecurity's expanding societal impact A three-part framework for AI implementation: technology comprehension, business alignment, and threat environment assessment Why understanding organizational business operations eliminates the biggest blind spot in threat intelligence programs Multi-layered professional networking strategies for separating signal from noise in threat intelligence analysis How cloud environments fundamentally change threat intelligence workflows from IP-based to identity and architecture-focused approaches Key Takeaways:  Apply economic opportunity cost analysis to security decisions by evaluating what you give up versus what you gain from each security investment. Map your organization's business operations across marketing, sales, and product development to provide crucial context for technical threat intelligence. Assess AI implementations through a three-part framework: technology limitations, business use cases, and specific threat considerations. Measure security program success by evaluating alignment with organizational goals and influence on non-security business decisions. Run intentional OODA loops on your security program to maintain strategic direction and continuous improvement. Listen to more episodes:  Apple  Spotify  YouTube Website

    29분
  7. T. Rowe Price’s PJ Asghari’s "What, So What, Now What" Framework for Threat Intel

    8월 14일

    T. Rowe Price’s PJ Asghari’s "What, So What, Now What" Framework for Threat Intel

    What does it take to transform a traditional event-driven SOC into an intelligence-driven operation that actually moves the needle? At T. Rowe Price, it meant abandoning the "spray and pray" approach to threat detection and building a systematic framework that prioritizes threats based on actual business risk rather than industry hype. PJ Asghari, Team Lead for Cyber Threat Intelligence Team, walked David through their evolution from a one-person intel operation to a program that directly influences detection engineering, fraud prevention, and executive decision-making. His approach centers on the "what, so what, now what" framework for intelligence reporting — a simple but powerful structure that bridges the gap between technical analysis and business action. Topics discussed: Moving beyond event-based monitoring to prioritize threats based on sector-specific risk profiles and threat actor targeting patterns rather than generic threat feeds. Focusing on financially-motivated actors, initial access brokers, and PII theft rather than nation-state activities that rarely target mid-tier financial firms directly. Addressing the cross-functional challenge that spans HR, talent acquisition, insider threat, and CTI teams. Using mise en place principles from culinary backgrounds to establish clear PIRs that align team focus with organizational needs. Creating trackable deliverables through ticket systems, RFI responses, and cross-team support that translates intelligence work into measurable business impact. Maintaining critical thinking and media literacy skills while leveraging automation for administrative tasks and threat feed processing. Key Takeaways:  Implement the "what, so what, now what" reporting structure to ensure intelligence reaches appropriate audiences with clear business implications and recommended actions. Build cross-functional relationships with fraud, insider threat, and vulnerability management teams to create measurable value through ticket creation and support requests rather than standalone reporting. Establish sector-specific threat prioritization by mapping threat actors to your actual business model rather than following generic industry threat landscapes. Create trackable metrics through service delivery, including RFI responses, expedited patching recommendations, and credential compromise notifications to demonstrate concrete value. Focus hiring on inquisitive mindset and communication skills over certifications, using interviews to assess critical thinking and ability to dig deeper into investigations. Map threat actor TTPs to MITRE framework to identify defense stack gaps and provide actionable detection engineering guidance rather than just IOC sharing. Invest in dark web monitoring and external attack surface management for financial services to catch credential compromises and brand abuse before they impact customers. Establish regular threat actor recalibration cycles to ensure prioritization remains aligned with current threat landscape rather than outdated assumptions. Listen to more episodes:  Apple  Spotify  YouTube Website

    26분
  8. Transcend's Aimee Cardwell on Turning Security into a Growth Driver

    8월 7일

    Transcend's Aimee Cardwell on Turning Security into a Growth Driver

    Most security leaders position themselves as guardians against risk, but Aimee Cardwell, CISO in Residence at Transcend and Board Member at WEX, built her reputation on a different approach: balancing risk to accelerate business growth. Her unconventional path from Fortune 5 CIO to CISO of a 1,200-person security team at UnitedHealth Group showcases how technical leaders can become true business partners rather than obstacles. Managing two company acquisitions every month, Aimee tells David how she developed a shifted-left security integration process that actually accelerated deal timelines while improving security outcomes. Her framework for risk appetite conversations moves executives beyond fear, uncertainty and doubt into productive discussions about cyber resilience, changing how organizations think about security investment and business enablement.   Topics discussed: How healthcare data regulations create complex compliance frameworks where companies must selectively forget customer information based on overlapping regulatory requirements. The transferable advantages CIOs bring to CISO roles, particularly in software development lifecycle security and communicating complex technical concepts to non-technical stakeholders. Shifting security strategy from risk prevention to intelligent risk balancing, enabling business growth while maintaining appropriate protection levels. Managing large-scale acquisition security integration through pre-closing requirements that accelerate post-acquisition security improvements. Establishing organizational risk appetite through worst-case scenario planning that moves leadership past emotional responses into rational decision-making frameworks. Developing cyber resilience strategies that assume incident occurrence and focus on recovery speed and impact minimization rather than just prevention. Scaling security controls based on business growth milestones, avoiding upfront overinvestment while ensuring appropriate protection as companies expand. Building consensus-driven risk acceptance frameworks while managing competing perspectives from multiple C-level executives and board members. Key Takeaways:  Implement pre-closing security requirements for acquisitions, shifting security integration 45 days before deal completion to accelerate post-acquisition timelines. Frame risk conversations around worst-case scenario analysis, using real examples and stock performance data to move executives past emotional responses and build resiliency. Develop tiered security controls that scale with business growth, implementing basic protections early and adding complexity as revenue and user bases expand. Position regulatory compliance as a competitive advantage and trust-building mechanism rather than a business constraint. Create "how do we get to yes" frameworks that start with business objectives and work backward to appropriate risk mitigation strategies. Use customer trust metrics and retention data to demonstrate security's direct contribution to business growth and competitive positioning. Leverage software development lifecycle experience to integrate security into engineering processes rather than treating it as an external validation step. Listen to more episodes:  Apple  Spotify  YouTube Website

    28분
모두 보기(100개)

평가 및 리뷰

4.5
최고 5점
11개의 평가

소개

Welcome to the Future of Threat Intelligence podcast, where we explore the transformative shift from reactive detection to proactive threat management. Join us as we engage with top cybersecurity leaders and practitioners, uncovering strategies that empower organizations to anticipate and neutralize threats before they strike. Each episode is packed with actionable insights, helping you stay ahead of the curve and prepare for the trends and technologies shaping the future.

정보

  • 제작진
    Team Cymru
  • 방송 연도
    2022년 - 2025년
  • 에피소드
    100
  • 등급
    전체 연령 사용가
  • 저작권
    © Copyright 2022 All rights reserved.
  • 웹사이트 보기
    Future of Threat Intelligence

좋아할 만한 다른 항목