Cyber Threat Intelligence Podcast Season 1 - Episode 9 (Pedro Kertzman & Scott Scher)
What happens when traditional intelligence methodology meets modern cybersecurity? Scott Scher, CTI Associate Director with expertise in nation-state threat actors and cybercriminal groups, reveals a powerful perspective: successful CTI professionals are intelligence analysts first and cybersecurity specialists second.
Drawing from his background in international security policy and experience across government and private sectors, Scott breaks down the critical distinction between collecting data and generating actionable intelligence. He unpacks how established intelligence frameworks provide the foundation for effective cyber threat analysis, while the technical cybersecurity knowledge can be built on top of this analytical foundation.
Scott shares practical wisdom on building effective CTI programs, beginning with establishing clear processes, creating functional data pipelines, and most critically, understanding stakeholder needs. He explains that many organizations fall into the trap of overcollection – gathering excessive threat feeds without the capacity to transform them into actionable insights. Instead, he advocates for regular evaluation of intelligence sources using frameworks like the Admiralty Code to assess reliability and value.
The conversation delves into the crucial difference between threat (composed of intent, capability, and opportunity) and risk (which incorporates business impact). This distinction becomes essential when communicating with executives who need to understand potential consequences in business terms. Scott provides concrete examples of how to tailor intelligence for different stakeholders – from tactical information for SOC analysts to strategic insights for CISOs making resource allocation decisions.
Whether you're building a CTI function from scratch, looking to improve stakeholder engagement, or seeking to make your intelligence more actionable, this episode offers a masterclass in intelligence-driven cybersecurity. Subscribe now to learn how to transform technical threats into business insights that drive meaningful security improvements across your organization.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!