Future of Threat Intelligence

In this week's episode of the Future of Cyber Risk podcast, David speaks to Carolyn Kissane, Associate Dean of the MS in Global Affairs and MS in Global Security, Conflict, and Cyber Crime at the NYU Center for Global Affairs. They discuss how the Center for Global Affairs prepares students for how cyber security will play a bigger role in geopolitics, energy resource management, and global conflict. They also talk about the rise of cyber attacks being used by governments against other nations, how to anticipate a future where AI and robotics contribute to warfare, and what practitioners can do today to increase their cyber risk awareness. Topics discussed: What a day-in-the-life of an associate dean is like in a Center that helps students understand geopolitics and energy security, and prepares them for the future of global affairs. Why governments around the world today are quick to respond with cyber attacks that can significantly impact energy resources, and how it's become part of global warfare. What practitioners get wrong about the interaction of cyber security and global affairs, and why they need to be prepared for a variety of attacks, big and small. An overview of the MS in Global Affairs and MS in Global Security, Conflict, and Cyber Crime programs, including what courses students can take and the faculty’s expertise. How emerging technologies like AI and robotics will impact global warfare in the near future. Advice for practitioners on how to become more prepared for the future of cyber risk.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Assaf Kipnis, Owner and Head Consultant/Advisor at ASK Integrity Solutions, which conducts adversarial network analysis, risk assessment, and counter-threat intel. They discuss the day-to-day activities of threat intelligence and hunting down adversaries, what adversary accounts typically look like on social media, and how digging deeper into those accounts can reveal connections leading to large-scale takedowns. They also discuss common scams prevalent today, how everyday people can keep themselves safe online, and what organizations can do to improve their threat intelligence. Topics discussed: The day-to-day efforts and expectations around threat hunting, and why once you find an adversary you should monitor them to learn from them. How to dig deeper into adversary accounts to connect the dots and take down networks at scale. What fake accounts typically look like on social media sites, and the scams they're typically perpetuating. The types of scams big organizations are performing, including one called "pig butchering," and why it's not just a certain segment of the population that falls for these. What everyday people can look out for to keep themselves safe online, including not taking financial advice from someone they don't know. Advice for organizations on how to perform better threat intelligence, including why you should reassess your metrics and goals.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Dr. Eugene H. Spafford, Professor of Computer Sciences at Purdue University, Dr. Leigh Metcalf, Senior Network Security Research Analyst at CERT, and Dr. Josiah Dykstra, Technical Director, Critical Networks & Systems at NSA, authors of the book Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us. They discuss the various myths and misconceptions that can hamper security, how to mitigate bias during incident response, and how to use critical thinking to avoid assumptions around threat intelligence. Topics discussed: The processes, approaches, or methodologies cybersecurity professionals can use to identify misconceptions or myths, including education and critical thinking. How myths perpetuate on cybersecurity, especially when there's no "precise definition of what cybersecurity is." How to mitigate bias through planning and practice, especially during incident response. How to avoid misconceptions about threat intelligence by not making assumptions about data and instead using critical thinking and context. Why academic programs for cybersecurity need a wider array of educational opportunities to train different roles. Advice for security practitioners that include to be an enabler of safety, to never stop learning, and to embrace differences and ambiguity.  

In this week's episode of the Future of Cyber Risk podcast, David speaks to Andy Piazza, Global Head of Threat Intelligence at IBM X-Force, a threat intelligence sharing platform. They discuss the day-to-day responsibilities of IBM's threat intelligence team in creating strategy and overseeing threat collection, the ways in which threat actors are leveraging ransomware today, and why businesses should lean into their security vendors to help them stay protected. They also discuss the best skills for security practitioners, overcoming visibility challenges, and clear and concise communication is key. Topics discussed: What a day in the life of the head of threat intelligence is like, and how Andy works to drive strategy, support clients, and inform threat collection teams. Why the biggest thing businesses get wrong is treating security as a separate department, and why securing data is a basic requirement, not a separate cost center. How threat actors work today, why they're focused on "double extortion," and why we need to think differently about ransomware.   Why businesses should rely more on their security vendor's capabilities instead of trying to build it themselves. How to overcome the challenges that will arise as security teams gain more visibility into OT devices. Advice to security practitioners, including the need for more concise communication and why it's crucial to understand your team's processes.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Jordan Howell, Assistant Professor and Cybersecurity Researcher at University of South Florida. They discuss how Jordan works with his students each day, how there needs to be a shift in academia to focus on more holistic training, and the variety of skills that students need to have to be successful security practitioners. They also talk about how AI can be a tool to either close or expand gaps in security, how scholarship around cybercriminal behavior needs be improved, and advice for those just starting out in their security careers. Topics discussed: A day-in-the-life of how Jordan works with students and industries to advance cybersecurity training and skills acquisition. The biggest differences between academia and industry when it comes to cybersecurity, and where there needs to be a paradigm shift towards a more holistic approach. How AI can be a tool to bridge divides between human behavior, intelligence gathering, and technical components — if you know how to use it. Why the current scholarship around cybercriminal behavior is lacking, and how to improve it. Why students need to learn a variety of cybersecurity skills in order to be prepared for the future of their industry. Advice for those just starting out in their security career or those still in high school, including why it's important to be a continuous, lifelong learner.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Erik Rasmussen, Global Head of Cybersecurity and Risk Management at Grobstein Teeple LLP, a leading consulting firm offering cybersecurity and business consulting services. They discuss what it means to be a leader in the cybersecurity world, how Erik's secret service and social sciences background contribute to his consulting, and how he works with clients on a daily basis. They also discuss what security practitioners tend to get wrong, what skills are important for security, and advice for new security professionals. Topics discussed: Erik's background that lead him to security, from majoring in history, to attending law school, to being recruited to the secret service, to finally moving into the private sector as a security consultant. The day-to-day work as a security consultant, which includes working with clients on incident response, strategic management, overflow monitoring, security testing, and more. What security practitioners get wrong about risk, and why solving problems involves putting people before the technology. What skills are necessary to possess in security, and the importance of reading, writing, and ongoing learning. How security professionals can be better writers, and communicate their ideas and findings more clearly to those who may not have security backgrounds. Advice for security professionals on how to improve networking skills, how to collaborate with others, and why it's beneficial to focus on just a few areas of expertise.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Brian Stack, VP of Engineering & Dark Web Intelligence at Experian Consumer Services, which offers online credit reports, scores, and monitoring products. They discuss what Brian's dark web team does in order to protect customer identities, the hurdles they've had to overcome to be effective globally, and the biggest challenges to security today in general. They also talk about practical ways businesses can reduce their risk, why it's necessary to think beyond just technology, and how the future of cyber risk will focus on analytics, prevention, and education. Topics discussed: Brian's background, that started in computer science, then led him to working on the US missile shield and starting his own software company before finding his way to Experian to lead a dark web team. What the dark web team does each day, including building relationships in dark web forums for leads, and how they go about protecting customer credentials and identity. How the dark web team has overcome various challenges like language barriers and expanding their team to be located around the world. What priorities small businesses and enterprises should have when it comes to cyber security, like training, encryption, investing in cloud security, and more. The skills security practitioners should possess, including learning the fundamentals, mastering the tools, and studying psychology.  The biggest challenges to cybersecurity today, including geopolitical conflict and the ease at which you can purchase malware-as-a-service. Why the future of cyber risk will center around analytics, prevention, and education, and why monitoring and alerting will be table stakes.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, a company that offers compliance and cybersecurity solutions. They discuss how Selena's background in journalism informs what she does today, what a day in the life of a threat intelligence analyst looks like, and the best skills to have in security, which include empathy and critical thinking. They also discuss how ransomware is surfacing opportunities for change, the future of cyber risk and awareness, and advice for security practitioners. Topics discussed: How Selena got into threat intelligence through her former career as a journalist in the cybersecurity space, and how that work — asking questions, developing hypotheses, and communicating — relates to the threat intelligence she does now. A day in the life of a threat intelligence analyst focused on cybercrime, the different actors Selena tracks, and the reports she writes to keep customers informed. Why the best skill to have in security is empathy, and the importance of remembering that there's a human victim at the end of every attack. The need for critical thinking skills in security in order to consider different perspectives and solve problems, as well as good communication skills to articulate why certain issues matter. How the biggest challenge today — ransomware — has exposed weakness in organizations and industries, and how there will hopefully be a shift in resourcing organizations for increased protection. Why the future of cyber risk is heading towards more awareness, and how more mindfulness and improved behaviors will increasingly make a threat actor's job harder to do. Advice for others in cybersecurity, including a caveat around AI and optimism around how cybersecurity truly makes the world better.

In this week's episode of the Future of Cyber Risk podcast, David speaks to Philipp Amann, Head of Strategy, European Cybercrime Centre at Europol. They discuss the need for collaboration between industry and law enforcement to help combat cybercrime, and how to go about fostering trust and information exchange in more effective and sustainable ways. They also talk about the major risks to organizations today, like legacy systems, ransomware, and AI, and how to better manage complexity to reduce cyber risk. Topics discussed: Philipp's broad background in intelligence and cybersecurity, from starting in the military and moving to governance roles in cybercrime, to his current role at Europol. The need for collaboration to combat cybercrime, and how it requires resources, trust, common ground, incentives, and sustainable approaches. How understanding cybercrime requires knowledge across a variety of areas, especially to articulate cybercrime issues to non-technical audiences. The challenges to information sharing across alliances with different limitations and legislations to consider, and the need to address those challenges to reach common goals. Why one of the biggest risks to organizations today is legacy systems that may still be infected with older vulnerabilities, and why security teams need to focus on both zero-day and 1000-day vulnerabilities. The ways in which criminals are already beginning to exploit AI and use it to impersonate CEOs, write better code, or create more convincing spam emails. The rise in the crime-as-a-service model, which could include rogue cryptocurrency exchanges, criminal VPN services, or other malicious businesses.

In this week's special episode of the Future of Cyber Risk podcast, David speaks to Team Cymu's Josh Picolet, Director of S2 Threat Analysis Unit, and Wassim Tawbi, Head of Product Management, about their new product, Pure Signal Scout. They discuss the customer needs that Scout was created to meet, the collaboration behind how the product was developed, and the elements of Scout's design and interface. They also talk about the benefits Pure Signal Scout offers in terms of speed, ease of use, and access to rich data that can help make threat hunting more targeted and effective — and makes threat hunting more accessible for teams who may not have had access to advanced capabilities before. Topics discussed: The origins of Pure Signal Scout and the customer pain points around ease of use, speed, and efficacy that lead to its creation. How Pure Signal Scout's design and interface enables security teams to visualize threat intelligence more easily. The different ways in which Team Cymru collaborate to create Pure Signal Scout, from development and early testing, to how marketing positions the product, to support for the product after launch. How Pure Signal Scout was built to be user friendly by being faster, more flexible, and more initiative for threat hunters. The possibilities that Pure Signal Scout offers to security teams, including building an internal systems of alerting using Scout's API. How Pure Signal Scout differentiates from other threat intelligence platforms on the market, especially in terms of the quality of the data offered. The impact that Pure Signal Scout will make out, giving security teams the increased ability to proactively watch and block threats, and improve their security posture.