Howard and Liam delve into the challenges and opportunities that AI presents for security professionals, exploring topics such as transparency, explainability, and the potential for AI to revolutionize threat detection. They share their insights on how AI is being used to augment security teams, improve efficiency, and help organizations make better decisions about their security posture. They also discuss the importance of a hybrid approach, combining AI with traditional security methods to create a more effective overall solution.

This episode is a must-watch for anyone interested in the future of cybersecurity and the role that AI will play in shaping it. Tune in to learn how AI is transforming security operations and what it means for the future of cyber defense.

Howard Smith:

Howard Smith is a managing director at First Analysis and is a managing partner of the firm’s venture funds. He has over three decades of experience at First Analysis and works with entrepreneurs as an investor and as an advisor on growth transactions to help build leading technology businesses. 

Howard leads the firm’s work in the cybersecurity, internet infrastructure and Internet of Things sectors. He also built the firm’s historical franchises in call centers and computer telephony. His thought-leading research in these areas has been cited for excellence by the Wall Street Journal and other publications. He’s provided strategic advice to numerous technology companies in capital raising and buy- and sell-side M&A transactions, and as a board member.

Prior to joining First Analysis in 1994, he was a senior tax consultant with Arthur Andersen & Co. He earned an MBA with honors from the University of Chicago and a bachelor’s degree in accounting with highest honors from the University of Illinois at Urbana-Champaign. He is a certified public accountant.

LIam Moran: 

Liam Moran is an associate with First Analysis. Prior to joining First Analysis in 2020, he was in the executive development program with Macy’s, where he was responsible for managing the financial modeling surrounding Macy’s $3 billion asset-based loan, capital project valuations, and corporate forecasting.

Liam graduated from Kenyon College with a bachelor’s degree in economics and a concentration in integrated program in humane studies. He was a four-year member of the Kenyon varsity swimming team.

Important Links:

• Howard Smith LinkedIn: https://www.linkedin.com/in/hosmith/ 
• Liam Moran LinkedIn: https://www.linkedin.com/in/liamjmoran/
• The “Quarterly Insights into Cyber Security,” January 28, 2025 edition: https://www.firstanalysis.com/Integrative-research/Cybersecurity-Jan-2025 
• First Analysis website: https://www.firstanalysis.com/ 

Tony kicks the episode off with his recent experience setting up and maintaining a FedRAMP environment. He highlights the challenges of FedRAMP authorization that arise from controls needed and the additional steps that must be taken for each control.

Tony also reflects on an ongoing Blue Team activity he participated in with a large retail organization and shares a fascinating example of a credential-stuffing attack, where a highly organized adversary routinely changed tactics to avoid capture.

Peter and Tony close out the episode with some advice for Blue Team hopefuls or SOC team members early in their careers: embrace the chaos, don’t shy away from the hard work, and above all stay curious.

This interview provides great insight into what young cybersecurity professionals could expect to see out in the field, and Tony provides wisdom that can only be gained through years of experience.

Biography

Tony Wilson is an IT Security Director at Wolters Kluwer. He is responsible for supporting the CISO and Divisional CIO/CTOs in developing, aligning, and implementing the global information security strategy. As one of the lead incident handlers during the infamous Target Corporation data breach of 2013 and its aftermath, he has an acute appreciation for the value of sound information security. He holds a Bachelors degree in MIS and has obtained over a dozen certifications including CISSP, CISM, and GCIH. He has also taught a cybersecurity bootcamp at the University of Minnesota and maintains mentor relationships with his former students.

Tony was born and raised in Saint Paul, Minnesota, and will debate anyone over its superiority over Minneapolis. He’s closer to 50 than 30, but still enjoys to break a sweat by staying active and lifting weights. Other “hobbies” include blockchain investment, serverless architecture engineering, and cocktail experimentation.

Important Links:

• LinkedIn: https://www.linkedin.com/in/tony-wilson-58b3b89/

You'll learn how LLMs are revolutionizing threat detection by analyzing vast amounts of data to identify patterns and anomalies that might escape traditional methods. We also explore how LLMs are assisting with data summarization and analysis, freeing up security professionals' valuable time for more strategic tasks.

The conversation doesn't shy away from the challenges either. We'll discuss the importance of using LLMs responsibly and with proper guidance to avoid potential inaccuracies or misleading information.

This episode is a must-listen for anyone interested in the future of cybersecurity and how AI is transforming the way we protect our data and systems. You'll gain a deeper understanding of:

• The specific applications of LLMs in threat detection, data analysis, and other security tasks.
• The benefits and limitations of using AI in cybersecurity.
• How security professionals can leverage LLMs to enhance their effectiveness.
• The importance of human expertise and critical thinking alongside AI technology.

Tune in and discover how LLMs are becoming a game-changer in the fight against cybercrime!

Biography

Tj Nel is the Director of ARMOR for the Insikt Group at Recorded Future, overseeing multiple teams of researchers and analysts who provide technical analysis across Advanced Reversing, Malware, Operations, and Reconnaissance. Before Recorded Future, he worked as the Director of Detection Research at SecureWorks, leading teams responsible for technical analysis and development of detection content for various security products. He has experience in malware research and incident response and has held various positions at CYDERES and Arbor Networks. Tj organizes his local Security BSides conference and leads a local information security group. In addition to numerous industry certifications, Tj is currently pursuing his Ph.D.

• LinkedIn: https://www.linkedin.com/in/tjnel/

In this episode, Peter Manev chats with Brent Deterding about his ongoing projects, favorite security tools, and strategies for cybersecurity risk management.

Brent shares tips for achieving a budget surplus by optimizing security protocols and cutting unnecessary expenses. He emphasizes quick decision-making and clear communication during crises and highlights the importance of focusing on real risks over hypothetical threats.

Brent also discusses five essential cybersecurity tools: multi-factor authentication, no BYOD policy, EDR, rapid vulnerability patching, and privileged access management. Gain insights into Brent's approach to cybersecurity management and career advice for aspiring professionals in the field.

Biography

Brent Deterding is an Executive CISO who enables Afni and its global workforce of 11,000+ to support their clients safely and securely. He leads a team of over 20. Brent is a spirited and thoughtful conversationalist who does not shy away from challenging topics. Brent and his wife of 20+ years share a passion for adoption, foster care, and leading youth.

LinkedIn: https://www.linkedin.com/in/brent-deterding

Danny highlights the challenges malware analysts face, particularly when encountering new or custom threats, and describes how they exploit the tendency of malware authors to reuse code from previous projects, turning their predictable habit into a valuable clue. Danny also explains that while larger malware samples might contain pre-written libraries, making them initially easier to dissect; it’s the smaller, more sophisticated malware written in languages like Go that can present a new challenge. The conversation concludes by delving into the motivations driving malware attacks.

Whether you're a cybersecurity professional or simply curious about the digital threats lurking online, this interview with Danny Quist offers a fascinating glimpse into the world of malware analysis. 

Key Takeaways:

• Reverse engineering challenges: Malware analysis is complex, especially for new or custom malware. However, reverse engineers can exploit the fact that malware authors often reuse code from previous projects or libraries.
• Finding the right tool: The best tool for reverse engineering depends on the situation. Danny discusses using Binary Ninja, IDA Pro, and Ghidra, each with its pros and cons.
• Process for analyzing new malware: When encountering new malware, analysts need to identify the existing code (e.g., libraries) and the new code written by the malware author. This helps focus the analysis effort.
• Difficulties of different malware types: Large malware is easier to analyze because it often contains pre-written libraries. Smaller malware written in complex languages (e.g., Go) can be trickier.
• Challenges of catching malware actors: While finding and catching malware actors is difficult, it's not impossible. They make mistakes, and security researchers can use various techniques to track them down.
• Motivations of malware actors: Malware actors can be financially motivated or have other goals. Some target specific entities, while others deploy ransomware and spam malware more broadly.

Biography

Danny Quist is the CTO of Unit129, Inc., a security startup. Previously he has worked at Redacted, Bechtel, MIT Lincoln Laboratory, and Los Alamos National Laboratory as an incident responder, reverse engineer, and manager of security engineering. His primary interests are weird incident response problems, reverse engineering strange malware, and managing security and engineering teams. Danny holds a Ph.D. in Computer Science from New Mexico Tech. He has previously spoken at Blackhat, Defcon, RSA, ShmooCon, and CactusCon.

LinkedIn: https://www.linkedin.com/in/dannyquist

In this episode, you’ll learn:

• Essential environments: Explore popular options like Remnix and Flare VM to set up your secure analysis workspace.
• Powerful tools: Discover functionalities of Olefile, oledump, and Cyber Chef used to dissect and decode suspicious files.
• Valuable resources: Gain access to helpful materials like Josh’s GitHub repository and curated malware sample libraries.

The world of malware analysis can be daunting, but with the right guidance and tools, you can start chipping away at the mystery behind malicious files. Listen to this episode, because Dr. Josh Stroschein will equip you with the foundational knowledge to become a threat-hunting hero.

About Josh Stroschein

Josh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer at Google (Chronicle), where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.

Where to find Josh Stroschein?

• The Cyber Yeti - https://www.thecyberyeti.com
• LinkedIn - https://www.linkedin.com/in/joshstroschein

• Linkedin: https://www.linkedin.com/in/rhaist/?originalSubdomain=de
• Twitter: https://twitter.com/roberthaist?lang=en
• TeamViewer: https://www.teamviewer.com/en/?utm_source=google&utm_medium=cpc&utm_campaign=restofeurope%7Cb%7Cpr%7C22%7Caug%7Ctv-core-brand-only-exact-sn%7Cnew%7Ct0%7C0&utm_content=Exact&utm_term=teamviewer&gad=1&gclid=CjwKCAjwkeqkBhAnEiwA5U-uMz3g8awZAQqM9vEwpBzoBmSsb0sEn8vO7laNbpqWKPeG40-5BdMDqhoCTxMQAvD_BwE 
• Public library for threat intel reports: https://orkl.eu

• Diana Kelley's LinkedIn Profile
• Cybrize
• Cyber Future Foundation
• WiCys - Women in Cybersecurity
• Executive Women's Forum

Each episode is an interview-style conversation between the host and one guest. Blue Team Diaries is a podcast by Stamus Networks that is available in audio and video formats wherever you get your podcasts.