Cyber Threat Intelligence Podcast

Want a front-row seat to how cyber threat intelligence turns noise into decisions that save real money and protect trust? Pedro Kertzman sits down with Alex Keedy, a seasoned CTI leader with experience at Flashpoint, ZeroFox, Intel 471, Deloitte, and Booz Allen Hamilton, to unpack the craft of translating technical signal into business impact. From a political science beginning to profiling actors and advising executives, Alex shows why great intelligence starts with curiosity and ends with clarity: here’s what’s happening, what it means for us, and what we should do next.We dig into the tough question every leader asks: how do you prove ROI for attacks that never landed? Alex breaks down practical models that map blocked activity to benchmark costs, balance tangible savings with brand and trust impacts, and prioritize the few actions that reduce the most risk. For mid-sized organizations, she lays out a pragmatic roadmap: start small, tap managed services, automate the obvious, and use early wins to earn budget. You’ll hear how a$10 stolen credential becomes a$50M outage, why ransomware-as-a-service thrives, and how to disrupt that supply chain before it reaches your environment.Alex also opens the curtains on dark web tradecraft. Reputation-driven marketplaces demand embedded personas to validate threats, verify leaks, and ask the questions victims can’t. That access helps teams confirm exposure, guide response, and even support law enforcement—with examples spanning financial fraud, takedowns, and human trafficking investigations. Along the way, we share actionable learning paths: SANS webcasts, vendor blogs, Security+ or Network+ for baseline fluency, and community routes like B‑Sides and scholarships that lower barriers for new talent.If you care about cybersecurity strategy, budget impact, and real-world outcomes, this conversation delivers the playbook: align intelligence to business risk, measure what matters, and communicate in plain language. Subscribe, share with a teammate who needs stronger CTI outcomes, and leave a review telling us the one question you want answered next.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

"Basically, everyone just do  whatever they feel like and then call it intelligence." With these provocative words, Freddy Murre cuts straight to the heart of what's wrong with most cyber threat intelligence practices today.Drawing from 13 years of intelligence experience spanning military operations and private sector work, Freddy exposes the critical disconnect between intelligence methodology and what many CTI teams actually deliver. Most security teams, he argues, are producing cyber threat information, not intelligence—pushing technical indicators without context, relevance, or the crucial "so what" that decision-makers need.The conversation explores how CTI professionals often fall back on their technical comfort zones rather than embracing true intelligence tradecraft. Freddy walks us through the intelligence cycle, explaining how requirements drive collection and analysis to produce actionable insights. He challenges the industry norm of one-directional "data dumps" from vendors to customers, advocating instead for a more tailored approach that considers each organization's specific technologies, vulnerabilities, and business needs.Perhaps most valuable is Freddy's practical guidance on stakeholder engagement—identifying who your intelligence serves, understanding their decision-making needs, and continually validating that your work delivers measurable value. "If they can't articulate the decisions they made based on your intelligence," he warns, "you're in a dark space." His Ferrari analogy brilliantly illustrates how CTI teams must find the right fit between capabilities and stakeholder requirements.The episode also tackles AI's impact on intelligence work, with Freddy offering a sobering assessment of large language models' limitations while acknowledging their potential benefits when properly understood as tools rather than solutions. Whether you're a seasoned CTI professional or just building your program, this conversation provides an essential framework for elevating your practice from information sharing to true intelligence production.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

The cybersecurity industry has a people problem. While we chase after the latest tools and technologies, we're overlooking what Gert-Jan Bruggink calls "the human element" – the critical factor that connects technical solutions with actual security outcomes. In this thought-provoking conversation, Gert-Jan shares his journey from security engineering to pioneering scenario-based threat intelligence, revealing how his curiosity drove him to understand the "why" behind security implementations.Gert-Jan pulls no punches in addressing what he sees as an existential threat to the Cyber Threat Intelligence field. "If the CTI industry does not resolve this situation before 2030, the current commoditized form will become obsolete," he warns, highlighting the dangerous disconnect between technical intelligence and strategic applications. His work developing the CTI Capability Maturity Model (CTI-CMM) represents a community-driven effort to bridge these gaps through continuous improvement and practitioner leadership.The discussion takes a fascinating turn when Gert-Jan introduces systems thinking as the missing piece in modern cybersecurity approaches. Rather than viewing security in silos, he advocates for understanding the entire organizational ecosystem and the narratives that connect problems across different departments. This holistic perspective helps explain why even sophisticated security tools often fail to deliver their promised value – they're implemented without consideration for the broader context.What sets this conversation apart is Gert-Jan's balanced view of technology and humanity. He doesn't reject technological solutions but argues for a hybrid approach that leverages both human intelligence and technological advancements. His insights on tracking subtle adversary trends over time demonstrate the irreplaceable value of human analysis and pattern recognition in threat intelligence.Ready to transform how you think about cybersecurity? Listen now and discover why the future of CTI depends not just on better tools, but on fundamentally rethinking our approach to the human elements of security. Share your thoughts with us on LinkedIn and join the conversation about building a more resilient cybersecurity community.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What does it take to become a cybersecurity "unicorn"? According to Adam Goss, it's the rare combination of threat intelligence expertise with cross-domain skills that truly drives innovation in our industry.Adam takes us on his unconventional journey from aspiring penetration tester to CTI specialist and educator, revealing the critical mindset shifts required when transitioning between security roles. Most fascinating is his comparison between SOC and CTI approaches to bias - while SOC analysts leverage bias for quick decision-making, CTI professionals must actively combat it, asking deeper questions before jumping to conclusions.The conversation turns deeply personal when Adam shares how a seemingly successful threat detection of a Cobalt Strike beacon ultimately missed crucial indicators that led to a devastating ransomware outbreak. This painful lesson transformed his entire career trajectory, highlighting why technology alone fails without the right people and processes - ultimately inspiring him to found Craven Security to make CTI education more accessible.For those looking to develop their own CTI expertise, Adam provides a treasure trove of resources - from hands-on platforms like TryHackMe to industry reports, conferences, and specialized books that bridge tactical and strategic intelligence needs. His recommended reading covers everything from intelligence-driven incident response to honeypot deployment and strategic analysis frameworks.Perhaps most refreshing is Adam's closing perspective on maintaining balance in security careers. Despite the high-stakes nature of our work, he reminds us to focus on the aspects we genuinely enjoy, treat work as just work, and prioritize health and family over professional pressures - wisdom that might be the most valuable intelligence shared in the entire conversation.Connect with us on LinkedIn at Cyber Threat Intelligence Podcast to join the conversation and recommend future guests with unique CTI perspectives to share.Resources:https://kravensecurity.com/https://www.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/https://chrissanders.org/2020/09/idh-release/https://collegepublishing.sagepub.com/products/critical-thinking-for-strategic-intelligence-3-265236Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

How does a military intelligence background translate to cyber threat intelligence? Sam Flockhart, a former UK military intelligence operator who now heads threat management at a global bank, reveals the fascinating journey and powerful parallels between these worlds.Sam opens up about his transition from conventional military intelligence to the cyber realm despite having "absolutely no cyber knowledge" initially. He shares a critical insight for job seekers: while certifications matter, demonstrating real knowledge and preparation during interviews often matters more. Sam explains how anticipating common interview questions about threat actors, their methodologies, and recent attacks can set candidates apart.Drawing from his military expertise on Russia and Ukraine, Sam offers a riveting deep dive into why ransomware predominantly emerges from Russian-speaking regions. He explains the cultural concept of "Kresha" (roof/protection) that allows these groups to operate with impunity and traces how post-Soviet history created the perfect ecosystem for cybercrime to flourish. This cultural understanding adds a crucial dimension to technical threat analysis that many professionals overlook.The conversation explores how military intelligence frameworks have shaped modern CTI practices. From tactics, techniques, and procedures (TTPs) to intelligence collection plans and priority intelligence requirements - these structured approaches have been adopted by the cyber community. Sam also discusses the nuances of intelligence sharing in private sector environments compared to military settings, where different constraints and opportunities exist.For aspiring CTI professionals, Sam's advice is practical and actionable: prepare thoroughly by researching top threats, understand organizational stakeholders who consume intelligence, and familiarize yourself with various intelligence sources. This episode offers invaluable guidance for anyone looking to enter the field or enhance their threat intelligence capabilities through a deeper understanding of the human element behind cyber attacks.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!