Cyber Threat Intelligence Podcast Fri, 13 Mar 2026 20:24:25 -0600 https://www.cyberthreatintelligencepodcast.com/ en-us © 2026 Cyber Threat Intelligence Podcast yes Support this Podcast 7d948bb4-197b-514e-af56-ef39137f72c2 pedro@cyberthreatintelligencepodcast.com Pedro Kertzman episodic false Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.


In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.


Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.


Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.


Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.

]]> Buzzsprout (https://www.buzzsprout.com) Pedro Kertzman pedro@cyberthreatintelligencepodcast.com https://storage.buzzsprout.com/2wtglqa9zr55vuzcpp7y2oyhtac1?.jpg Cyber Threat Intelligence Podcast https://www.cyberthreatintelligencepodcast.com/ Pedro Kertzman How Militarization, Language, And Policy Shape Modern Hacktivism (Anastasia Sentsova & Pedro Kertzman) How Militarization, Language, And Policy Shape Modern Hacktivism (Anastasia Sentsova & Pedro Kertzman) The moment a “hacktivist” group starts speaking with a state’s voice, the puzzle of attribution changes. We explore how Russian-speaking cybercrime transformed after 2022, why so many crews began to move in sync with national narratives, and what language, targeting, and coordination can reveal about influence without leaning on weak assumptions. Our guest, analyst Anastasia Sentsova, brings deep regional fluency and years of fieldwork to explain how militarization, culture, and policy shape a pipeline that normalizes digital action and pulls volunteers toward more aggressive operations.

We walk through the rise of coordinated Telegram ecosystems, including bot-driven “cyber squads” that gamify propaganda with ranks, points, and real-world rewards. That may sound harmless, but it builds habits, grows networks, and legitimizes escalation. From there, it’s a short step to DDoS—and increasingly—intrusions that touch critical infrastructure. We also examine the ransomware world’s political boundaries: no-go lists that evolved from domestic targets to BRICS countries, selective law enforcement pressure following diplomatic milestones, and the unspoken bargain that keeps operators productive so long as they toe the line.

Rather than force-fit labels like sponsored or tolerated, we talk about influence as a measurable spectrum. Indicators include state rhetoric in native-language posts, synchronized activity with kinetic events, target selection aligned with policy goals, and public signaling when named individuals “celebrate” sanctions without consequence. For practitioners, we offer concrete ways to avoid Western bias, validate translations, and build multi-source cases with explicit confidence levels. And we look ahead: the proxy model travels, youth pipelines deepen skills, and hybrid operations blur the boundary between hacktivists and APTs.

If this kind of clear-eyed CTI resonates, follow the show, share it with your team, and leave a review so others can find it. Join our LinkedIn group, Cyber Threat Intelligence Podcast, to keep the conversation going and tell us what signals you’re tracking next.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> The moment a “hacktivist” group starts speaking with a state’s voice, the puzzle of attribution changes. We explore how Russian-speaking cybercrime transformed after 2022, why so many crews began to move in sync with national narratives, and what language, targeting, and coordination can reveal about influence without leaning on weak assumptions. Our guest, analyst Anastasia Sentsova, brings deep regional fluency and years of fieldwork to explain how militarization, culture, and policy shape a pipeline that normalizes digital action and pulls volunteers toward more aggressive operations.

We walk through the rise of coordinated Telegram ecosystems, including bot-driven “cyber squads” that gamify propaganda with ranks, points, and real-world rewards. That may sound harmless, but it builds habits, grows networks, and legitimizes escalation. From there, it’s a short step to DDoS—and increasingly—intrusions that touch critical infrastructure. We also examine the ransomware world’s political boundaries: no-go lists that evolved from domestic targets to BRICS countries, selective law enforcement pressure following diplomatic milestones, and the unspoken bargain that keeps operators productive so long as they toe the line.

Rather than force-fit labels like sponsored or tolerated, we talk about influence as a measurable spectrum. Indicators include state rhetoric in native-language posts, synchronized activity with kinetic events, target selection aligned with policy goals, and public signaling when named individuals “celebrate” sanctions without consequence. For practitioners, we offer concrete ways to avoid Western bias, validate translations, and build multi-source cases with explicit confidence levels. And we look ahead: the proxy model travels, youth pipelines deepen skills, and hybrid operations blur the boundary between hacktivists and APTs.

If this kind of clear-eyed CTI resonates, follow the show, share it with your team, and leave a review so others can find it. Join our LinkedIn group, Cyber Threat Intelligence Podcast, to keep the conversation going and tell us what signals you’re tracking next.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18594273 Tue, 03 Mar 2026 00:00:00 -0700 2756 2 1 full false Cyber Threat Intelligence Podcast - Season 2 Premiere Cyber Threat Intelligence Podcast - Season 2 Premiere 🎙 Season 2 Starts March 3rd

Season 1 was about building foundations.
Season 2 is about raising the bar.

We’re diving deeper into the Cyber, Threats, and Intelligence, with practitioners who live it every day.


FULL Video: https://youtu.be/oa2t9GQl6EU


📅 Premiere: March 3rd
🔔 Subscribe now so you don’t miss it.

The threat landscape evolves.
So should we.




Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> 🎙 Season 2 Starts March 3rd

Season 1 was about building foundations.
Season 2 is about raising the bar.

We’re diving deeper into the Cyber, Threats, and Intelligence, with practitioners who live it every day.


FULL Video: https://youtu.be/oa2t9GQl6EU


📅 Premiere: March 3rd
🔔 Subscribe now so you don’t miss it.

The threat landscape evolves.
So should we.




Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18697159 Mon, 16 Feb 2026 20:00:00 -0700 40 2 full false Season 1 Finale Season 1 Finale Want fewer fire drills and smarter security moves? This season finale brings together the strongest lessons from our guests on how cyber threat intelligence turns uncertainty into clarity—and clarity into action. We share what actually works when the data is partial, the stakes are high, and leadership wants proof that CTI moves the needle on risk and cost.

We start with the core: prioritization under uncertainty. You’ll hear how teams use intelligence to decide what to patch first, where controls matter most, and how to focus limited resources without missing the threats that can take a business offline or put customer data at risk. We dig into the language of value—money saved, revenue protected, efficiency gained—and why BLUF, clear implications, and stakeholder interviews beat jargon every time. If you’ve wrestled with KPIs, KRIs, or ROI, we unpack practical metrics that reflect real outcomes, not vanity numbers.

From there, we look ahead. Forecasting adversary capabilities, mapping susceptibility, and choosing proactive mitigations can shift a security program from reactive to resilient. You’ll get candid perspectives on building CTI the right way—starting tactically and growing into operational and strategic impact, or choosing a build-vs-buy path aligned to budget and goals. We also talk careers and team shape: why diverse backgrounds thrive in CTI, how small teams can deliver outsized results, and the discipline of deciding what you will not do so you can excel at what matters.

If you want CTI to influence decisions at every level—SOC, IR, red and purple teams, and the board—this wrap-up offers the playbook: stakeholder-first communication, focused scope, useful metrics, and a relentless push toward proactive defense. Follow, share, and leave a review to help more practitioners find these insights—and tell us: what CTI metric best proves your impact?

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Want fewer fire drills and smarter security moves? This season finale brings together the strongest lessons from our guests on how cyber threat intelligence turns uncertainty into clarity—and clarity into action. We share what actually works when the data is partial, the stakes are high, and leadership wants proof that CTI moves the needle on risk and cost.

We start with the core: prioritization under uncertainty. You’ll hear how teams use intelligence to decide what to patch first, where controls matter most, and how to focus limited resources without missing the threats that can take a business offline or put customer data at risk. We dig into the language of value—money saved, revenue protected, efficiency gained—and why BLUF, clear implications, and stakeholder interviews beat jargon every time. If you’ve wrestled with KPIs, KRIs, or ROI, we unpack practical metrics that reflect real outcomes, not vanity numbers.

From there, we look ahead. Forecasting adversary capabilities, mapping susceptibility, and choosing proactive mitigations can shift a security program from reactive to resilient. You’ll get candid perspectives on building CTI the right way—starting tactically and growing into operational and strategic impact, or choosing a build-vs-buy path aligned to budget and goals. We also talk careers and team shape: why diverse backgrounds thrive in CTI, how small teams can deliver outsized results, and the discipline of deciding what you will not do so you can excel at what matters.

If you want CTI to influence decisions at every level—SOC, IR, red and purple teams, and the board—this wrap-up offers the playbook: stakeholder-first communication, focused scope, useful metrics, and a relentless push toward proactive defense. Follow, share, and leave a review to help more practitioners find these insights—and tell us: what CTI metric best proves your impact?

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18536330 Tue, 20 Jan 2026 00:00:00 -0700 1430 1 24 full false Season 1 - Episode 23 (Pedro Kertzman & Alex Keedy) Season 1 - Episode 23 (Pedro Kertzman & Alex Keedy) Want a front-row seat to how cyber threat intelligence turns noise into decisions that save real money and protect trust? Pedro Kertzman sits down with Alex Keedy, a seasoned CTI leader with experience at Flashpoint, ZeroFox, Intel 471, Deloitte, and Booz Allen Hamilton, to unpack the craft of translating technical signal into business impact. From a political science beginning to profiling actors and advising executives, Alex shows why great intelligence starts with curiosity and ends with clarity: here’s what’s happening, what it means for us, and what we should do next.

We dig into the tough question every leader asks: how do you prove ROI for attacks that never landed? Alex breaks down practical models that map blocked activity to benchmark costs, balance tangible savings with brand and trust impacts, and prioritize the few actions that reduce the most risk. For mid-sized organizations, she lays out a pragmatic roadmap: start small, tap managed services, automate the obvious, and use early wins to earn budget. You’ll hear how a$10 stolen credential becomes a$50M outage, why ransomware-as-a-service thrives, and how to disrupt that supply chain before it reaches your environment.

Alex also opens the curtains on dark web tradecraft. Reputation-driven marketplaces demand embedded personas to validate threats, verify leaks, and ask the questions victims can’t. That access helps teams confirm exposure, guide response, and even support law enforcement—with examples spanning financial fraud, takedowns, and human trafficking investigations. Along the way, we share actionable learning paths: SANS webcasts, vendor blogs, Security+ or Network+ for baseline fluency, and community routes like B‑Sides and scholarships that lower barriers for new talent.

If you care about cybersecurity strategy, budget impact, and real-world outcomes, this conversation delivers the playbook: align intelligence to business risk, measure what matters, and communicate in plain language. Subscribe, share with a teammate who needs stronger CTI outcomes, and leave a review telling us the one question you want answered next.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Want a front-row seat to how cyber threat intelligence turns noise into decisions that save real money and protect trust? Pedro Kertzman sits down with Alex Keedy, a seasoned CTI leader with experience at Flashpoint, ZeroFox, Intel 471, Deloitte, and Booz Allen Hamilton, to unpack the craft of translating technical signal into business impact. From a political science beginning to profiling actors and advising executives, Alex shows why great intelligence starts with curiosity and ends with clarity: here’s what’s happening, what it means for us, and what we should do next.

We dig into the tough question every leader asks: how do you prove ROI for attacks that never landed? Alex breaks down practical models that map blocked activity to benchmark costs, balance tangible savings with brand and trust impacts, and prioritize the few actions that reduce the most risk. For mid-sized organizations, she lays out a pragmatic roadmap: start small, tap managed services, automate the obvious, and use early wins to earn budget. You’ll hear how a$10 stolen credential becomes a$50M outage, why ransomware-as-a-service thrives, and how to disrupt that supply chain before it reaches your environment.

Alex also opens the curtains on dark web tradecraft. Reputation-driven marketplaces demand embedded personas to validate threats, verify leaks, and ask the questions victims can’t. That access helps teams confirm exposure, guide response, and even support law enforcement—with examples spanning financial fraud, takedowns, and human trafficking investigations. Along the way, we share actionable learning paths: SANS webcasts, vendor blogs, Security+ or Network+ for baseline fluency, and community routes like B‑Sides and scholarships that lower barriers for new talent.

If you care about cybersecurity strategy, budget impact, and real-world outcomes, this conversation delivers the playbook: align intelligence to business risk, measure what matters, and communicate in plain language. Subscribe, share with a teammate who needs stronger CTI outcomes, and leave a review telling us the one question you want answered next.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18369467 Tue, 06 Jan 2026 00:00:00 -0700 1991 1 23 full false Season 1 - Episode 22 (Pedro Kertzman & Valerii Soloninka) Season 1 - Episode 22 (Pedro Kertzman & Valerii Soloninka) Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.

Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.

Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.

Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.

Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.

Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.

Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18070899 Tue, 23 Dec 2025 00:00:00 -0700 1716 1 22 full false Season 1 - Episode 21 (Pedro Kertzman & Charlotte Guiney) Season 1 - Episode 21 (Pedro Kertzman & Charlotte Guiney) What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.

We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.

Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.

If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.

We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.

Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.

If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-18153615 Tue, 09 Dec 2025 00:00:00 -0700 1609 1 21 full false Season 1 - Episode 20 (Pedro Kertzman & Sarah Freeman) Season 1 - Episode 20 (Pedro Kertzman & Sarah Freeman) Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.

Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.

The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."

We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.

The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.

Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.

Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.

Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.

The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."

We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.

The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.

Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.

Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17691344 Tue, 25 Nov 2025 00:00:00 -0700 2264 1 20 full false Season 1 - Episode 19 (Pedro Kertzman & Tammy Harper) Season 1 - Episode 19 (Pedro Kertzman & Tammy Harper) Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.

Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.

What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.

Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.

Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.

Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.

What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.

Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.

Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17797428 Tue, 11 Nov 2025 00:00:00 -0700 2408 1 19 full false Season 1 - Episode 18 (Pedro Kertzman & Freddy Murre) Season 1 - Episode 18 (Pedro Kertzman & Freddy Murre) "Basically, everyone just do  whatever they feel like and then call it intelligence." With these provocative words, Freddy Murre cuts straight to the heart of what's wrong with most cyber threat intelligence practices today.

Drawing from 13 years of intelligence experience spanning military operations and private sector work, Freddy exposes the critical disconnect between intelligence methodology and what many CTI teams actually deliver. Most security teams, he argues, are producing cyber threat information, not intelligence—pushing technical indicators without context, relevance, or the crucial "so what" that decision-makers need.

The conversation explores how CTI professionals often fall back on their technical comfort zones rather than embracing true intelligence tradecraft. Freddy walks us through the intelligence cycle, explaining how requirements drive collection and analysis to produce actionable insights. He challenges the industry norm of one-directional "data dumps" from vendors to customers, advocating instead for a more tailored approach that considers each organization's specific technologies, vulnerabilities, and business needs.

Perhaps most valuable is Freddy's practical guidance on stakeholder engagement—identifying who your intelligence serves, understanding their decision-making needs, and continually validating that your work delivers measurable value. "If they can't articulate the decisions they made based on your intelligence," he warns, "you're in a dark space." His Ferrari analogy brilliantly illustrates how CTI teams must find the right fit between capabilities and stakeholder requirements.

The episode also tackles AI's impact on intelligence work, with Freddy offering a sobering assessment of large language models' limitations while acknowledging their potential benefits when properly understood as tools rather than solutions. Whether you're a seasoned CTI professional or just building your program, this conversation provides an essential framework for elevating your practice from information sharing to true intelligence production.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> "Basically, everyone just do  whatever they feel like and then call it intelligence." With these provocative words, Freddy Murre cuts straight to the heart of what's wrong with most cyber threat intelligence practices today.

Drawing from 13 years of intelligence experience spanning military operations and private sector work, Freddy exposes the critical disconnect between intelligence methodology and what many CTI teams actually deliver. Most security teams, he argues, are producing cyber threat information, not intelligence—pushing technical indicators without context, relevance, or the crucial "so what" that decision-makers need.

The conversation explores how CTI professionals often fall back on their technical comfort zones rather than embracing true intelligence tradecraft. Freddy walks us through the intelligence cycle, explaining how requirements drive collection and analysis to produce actionable insights. He challenges the industry norm of one-directional "data dumps" from vendors to customers, advocating instead for a more tailored approach that considers each organization's specific technologies, vulnerabilities, and business needs.

Perhaps most valuable is Freddy's practical guidance on stakeholder engagement—identifying who your intelligence serves, understanding their decision-making needs, and continually validating that your work delivers measurable value. "If they can't articulate the decisions they made based on your intelligence," he warns, "you're in a dark space." His Ferrari analogy brilliantly illustrates how CTI teams must find the right fit between capabilities and stakeholder requirements.

The episode also tackles AI's impact on intelligence work, with Freddy offering a sobering assessment of large language models' limitations while acknowledging their potential benefits when properly understood as tools rather than solutions. Whether you're a seasoned CTI professional or just building your program, this conversation provides an essential framework for elevating your practice from information sharing to true intelligence production.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17620405 Tue, 28 Oct 2025 00:00:00 -0600 4003 1 18 full false Season 1 - Episode 17 (Pedro Kertzman & Dr. Jean Nestor Dahj) Season 1 - Episode 17 (Pedro Kertzman & Dr. Jean Nestor Dahj) Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.

What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.

You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.

Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.

Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.

What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.

You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.

Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.

Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17620835 Tue, 14 Oct 2025 00:00:00 -0600 2533 1 17 full false Season 1 - Episode 16 (Pedro Kertzman & Gert-Jan Bruggink) Season 1 - Episode 16 (Pedro Kertzman & Gert-Jan Bruggink) The cybersecurity industry has a people problem. While we chase after the latest tools and technologies, we're overlooking what Gert-Jan Bruggink calls "the human element" – the critical factor that connects technical solutions with actual security outcomes. In this thought-provoking conversation, Gert-Jan shares his journey from security engineering to pioneering scenario-based threat intelligence, revealing how his curiosity drove him to understand the "why" behind security implementations.

Gert-Jan pulls no punches in addressing what he sees as an existential threat to the Cyber Threat Intelligence field. "If the CTI industry does not resolve this situation before 2030, the current commoditized form will become obsolete," he warns, highlighting the dangerous disconnect between technical intelligence and strategic applications. His work developing the CTI Capability Maturity Model (CTI-CMM) represents a community-driven effort to bridge these gaps through continuous improvement and practitioner leadership.

The discussion takes a fascinating turn when Gert-Jan introduces systems thinking as the missing piece in modern cybersecurity approaches. Rather than viewing security in silos, he advocates for understanding the entire organizational ecosystem and the narratives that connect problems across different departments. This holistic perspective helps explain why even sophisticated security tools often fail to deliver their promised value – they're implemented without consideration for the broader context.

What sets this conversation apart is Gert-Jan's balanced view of technology and humanity. He doesn't reject technological solutions but argues for a hybrid approach that leverages both human intelligence and technological advancements. His insights on tracking subtle adversary trends over time demonstrate the irreplaceable value of human analysis and pattern recognition in threat intelligence.

Ready to transform how you think about cybersecurity? Listen now and discover why the future of CTI depends not just on better tools, but on fundamentally rethinking our approach to the human elements of security. Share your thoughts with us on LinkedIn and join the conversation about building a more resilient cybersecurity community.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> The cybersecurity industry has a people problem. While we chase after the latest tools and technologies, we're overlooking what Gert-Jan Bruggink calls "the human element" – the critical factor that connects technical solutions with actual security outcomes. In this thought-provoking conversation, Gert-Jan shares his journey from security engineering to pioneering scenario-based threat intelligence, revealing how his curiosity drove him to understand the "why" behind security implementations.

Gert-Jan pulls no punches in addressing what he sees as an existential threat to the Cyber Threat Intelligence field. "If the CTI industry does not resolve this situation before 2030, the current commoditized form will become obsolete," he warns, highlighting the dangerous disconnect between technical intelligence and strategic applications. His work developing the CTI Capability Maturity Model (CTI-CMM) represents a community-driven effort to bridge these gaps through continuous improvement and practitioner leadership.

The discussion takes a fascinating turn when Gert-Jan introduces systems thinking as the missing piece in modern cybersecurity approaches. Rather than viewing security in silos, he advocates for understanding the entire organizational ecosystem and the narratives that connect problems across different departments. This holistic perspective helps explain why even sophisticated security tools often fail to deliver their promised value – they're implemented without consideration for the broader context.

What sets this conversation apart is Gert-Jan's balanced view of technology and humanity. He doesn't reject technological solutions but argues for a hybrid approach that leverages both human intelligence and technological advancements. His insights on tracking subtle adversary trends over time demonstrate the irreplaceable value of human analysis and pattern recognition in threat intelligence.

Ready to transform how you think about cybersecurity? Listen now and discover why the future of CTI depends not just on better tools, but on fundamentally rethinking our approach to the human elements of security. Share your thoughts with us on LinkedIn and join the conversation about building a more resilient cybersecurity community.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17539218 Tue, 30 Sep 2025 00:00:00 -0600 2900 1 16 full false Season 1 - Episode 15 (Pedro Kertzman & Adam Goss) Season 1 - Episode 15 (Pedro Kertzman & Adam Goss) What does it take to become a cybersecurity "unicorn"? According to Adam Goss, it's the rare combination of threat intelligence expertise with cross-domain skills that truly drives innovation in our industry.

Adam takes us on his unconventional journey from aspiring penetration tester to CTI specialist and educator, revealing the critical mindset shifts required when transitioning between security roles. Most fascinating is his comparison between SOC and CTI approaches to bias - while SOC analysts leverage bias for quick decision-making, CTI professionals must actively combat it, asking deeper questions before jumping to conclusions.

The conversation turns deeply personal when Adam shares how a seemingly successful threat detection of a Cobalt Strike beacon ultimately missed crucial indicators that led to a devastating ransomware outbreak. This painful lesson transformed his entire career trajectory, highlighting why technology alone fails without the right people and processes - ultimately inspiring him to found Craven Security to make CTI education more accessible.

For those looking to develop their own CTI expertise, Adam provides a treasure trove of resources - from hands-on platforms like TryHackMe to industry reports, conferences, and specialized books that bridge tactical and strategic intelligence needs. His recommended reading covers everything from intelligence-driven incident response to honeypot deployment and strategic analysis frameworks.

Perhaps most refreshing is Adam's closing perspective on maintaining balance in security careers. Despite the high-stakes nature of our work, he reminds us to focus on the aspects we genuinely enjoy, treat work as just work, and prioritize health and family over professional pressures - wisdom that might be the most valuable intelligence shared in the entire conversation.

Connect with us on LinkedIn at Cyber Threat Intelligence Podcast to join the conversation and recommend future guests with unique CTI perspectives to share.


Resources:

https://kravensecurity.com/

https://www.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/

https://chrissanders.org/2020/09/idh-release/

https://collegepublishing.sagepub.com/products/critical-thinking-for-strategic-intelligence-3-265236

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What does it take to become a cybersecurity "unicorn"? According to Adam Goss, it's the rare combination of threat intelligence expertise with cross-domain skills that truly drives innovation in our industry.

Adam takes us on his unconventional journey from aspiring penetration tester to CTI specialist and educator, revealing the critical mindset shifts required when transitioning between security roles. Most fascinating is his comparison between SOC and CTI approaches to bias - while SOC analysts leverage bias for quick decision-making, CTI professionals must actively combat it, asking deeper questions before jumping to conclusions.

The conversation turns deeply personal when Adam shares how a seemingly successful threat detection of a Cobalt Strike beacon ultimately missed crucial indicators that led to a devastating ransomware outbreak. This painful lesson transformed his entire career trajectory, highlighting why technology alone fails without the right people and processes - ultimately inspiring him to found Craven Security to make CTI education more accessible.

For those looking to develop their own CTI expertise, Adam provides a treasure trove of resources - from hands-on platforms like TryHackMe to industry reports, conferences, and specialized books that bridge tactical and strategic intelligence needs. His recommended reading covers everything from intelligence-driven incident response to honeypot deployment and strategic analysis frameworks.

Perhaps most refreshing is Adam's closing perspective on maintaining balance in security careers. Despite the high-stakes nature of our work, he reminds us to focus on the aspects we genuinely enjoy, treat work as just work, and prioritize health and family over professional pressures - wisdom that might be the most valuable intelligence shared in the entire conversation.

Connect with us on LinkedIn at Cyber Threat Intelligence Podcast to join the conversation and recommend future guests with unique CTI perspectives to share.


Resources:

https://kravensecurity.com/

https://www.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/

https://chrissanders.org/2020/09/idh-release/

https://collegepublishing.sagepub.com/products/critical-thinking-for-strategic-intelligence-3-265236

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17449293 Tue, 16 Sep 2025 00:00:00 -0600 1652 1 15 full false Season 1 - Episode 14 (Pedro Kertzman & Sam Flockhart) Season 1 - Episode 14 (Pedro Kertzman & Sam Flockhart) How does a military intelligence background translate to cyber threat intelligence? Sam Flockhart, a former UK military intelligence operator who now heads threat management at a global bank, reveals the fascinating journey and powerful parallels between these worlds.

Sam opens up about his transition from conventional military intelligence to the cyber realm despite having "absolutely no cyber knowledge" initially. He shares a critical insight for job seekers: while certifications matter, demonstrating real knowledge and preparation during interviews often matters more. Sam explains how anticipating common interview questions about threat actors, their methodologies, and recent attacks can set candidates apart.

Drawing from his military expertise on Russia and Ukraine, Sam offers a riveting deep dive into why ransomware predominantly emerges from Russian-speaking regions. He explains the cultural concept of "Kresha" (roof/protection) that allows these groups to operate with impunity and traces how post-Soviet history created the perfect ecosystem for cybercrime to flourish. This cultural understanding adds a crucial dimension to technical threat analysis that many professionals overlook.

The conversation explores how military intelligence frameworks have shaped modern CTI practices. From tactics, techniques, and procedures (TTPs) to intelligence collection plans and priority intelligence requirements - these structured approaches have been adopted by the cyber community. Sam also discusses the nuances of intelligence sharing in private sector environments compared to military settings, where different constraints and opportunities exist.

For aspiring CTI professionals, Sam's advice is practical and actionable: prepare thoroughly by researching top threats, understand organizational stakeholders who consume intelligence, and familiarize yourself with various intelligence sources. This episode offers invaluable guidance for anyone looking to enter the field or enhance their threat intelligence capabilities through a deeper understanding of the human element behind cyber attacks.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> How does a military intelligence background translate to cyber threat intelligence? Sam Flockhart, a former UK military intelligence operator who now heads threat management at a global bank, reveals the fascinating journey and powerful parallels between these worlds.

Sam opens up about his transition from conventional military intelligence to the cyber realm despite having "absolutely no cyber knowledge" initially. He shares a critical insight for job seekers: while certifications matter, demonstrating real knowledge and preparation during interviews often matters more. Sam explains how anticipating common interview questions about threat actors, their methodologies, and recent attacks can set candidates apart.

Drawing from his military expertise on Russia and Ukraine, Sam offers a riveting deep dive into why ransomware predominantly emerges from Russian-speaking regions. He explains the cultural concept of "Kresha" (roof/protection) that allows these groups to operate with impunity and traces how post-Soviet history created the perfect ecosystem for cybercrime to flourish. This cultural understanding adds a crucial dimension to technical threat analysis that many professionals overlook.

The conversation explores how military intelligence frameworks have shaped modern CTI practices. From tactics, techniques, and procedures (TTPs) to intelligence collection plans and priority intelligence requirements - these structured approaches have been adopted by the cyber community. Sam also discusses the nuances of intelligence sharing in private sector environments compared to military settings, where different constraints and opportunities exist.

For aspiring CTI professionals, Sam's advice is practical and actionable: prepare thoroughly by researching top threats, understand organizational stakeholders who consume intelligence, and familiarize yourself with various intelligence sources. This episode offers invaluable guidance for anyone looking to enter the field or enhance their threat intelligence capabilities through a deeper understanding of the human element behind cyber attacks.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17396803 Tue, 02 Sep 2025 00:00:00 -0600 1697 1 14 full false Season 1 - Episode 13 (Pedro Kertzman & Bianca Miclea) Season 1 - Episode 13 (Pedro Kertzman & Bianca Miclea) What does it take to build an effective Cyber Threat Intelligence function from scratch? In this eye-opening conversation, Bianca Miclea shatters the myth that cybersecurity is only for those with traditional technical backgrounds.

Bianca shares her remarkable journey from politics student to cybersecurity leader, revealing how her academic background became an unexpected asset in the CTI world. "It was one of those 'this is really cool, but I could never do this' thoughts," she explains, describing her initial hesitation before diving into the field. This refreshing perspective demonstrates how diverse educational paths can strengthen cybersecurity teams—an important message for anyone contemplating a career transition.

The conversation explores what makes CTI truly valuable: actionable intelligence that connects directly to security operations. Bianca walks us through her experience establishing a CTI team at a major financial institution, emphasizing the critical difference between information collection and intelligence that drives meaningful security improvements. Her implementation of monthly Mitre ATT&CK exercises brings together cross-functional teams to identify control gaps and assign clear accountability—a practice listeners can immediately adopt to enhance their security posture.

Perhaps most valuable is Bianca's practical advice for managing the overwhelming information flow in threat intelligence. Her concept of "reporting thresholds" offers a framework for prioritization that helps CTI teams focus on what truly matters while preventing analyst burnout. Combined with her insights on board communication, community engagement, and measuring CTI effectiveness, this episode delivers a masterclass in modern threat intelligence leadership.

Ready to transform how you think about threat intelligence? Subscribe now, share with your network, and join our LinkedIn community to continue the conversation about building CTI programs that deliver genuine security value.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What does it take to build an effective Cyber Threat Intelligence function from scratch? In this eye-opening conversation, Bianca Miclea shatters the myth that cybersecurity is only for those with traditional technical backgrounds.

Bianca shares her remarkable journey from politics student to cybersecurity leader, revealing how her academic background became an unexpected asset in the CTI world. "It was one of those 'this is really cool, but I could never do this' thoughts," she explains, describing her initial hesitation before diving into the field. This refreshing perspective demonstrates how diverse educational paths can strengthen cybersecurity teams—an important message for anyone contemplating a career transition.

The conversation explores what makes CTI truly valuable: actionable intelligence that connects directly to security operations. Bianca walks us through her experience establishing a CTI team at a major financial institution, emphasizing the critical difference between information collection and intelligence that drives meaningful security improvements. Her implementation of monthly Mitre ATT&CK exercises brings together cross-functional teams to identify control gaps and assign clear accountability—a practice listeners can immediately adopt to enhance their security posture.

Perhaps most valuable is Bianca's practical advice for managing the overwhelming information flow in threat intelligence. Her concept of "reporting thresholds" offers a framework for prioritization that helps CTI teams focus on what truly matters while preventing analyst burnout. Combined with her insights on board communication, community engagement, and measuring CTI effectiveness, this episode delivers a masterclass in modern threat intelligence leadership.

Ready to transform how you think about threat intelligence? Subscribe now, share with your network, and join our LinkedIn community to continue the conversation about building CTI programs that deliver genuine security value.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17362073 Tue, 19 Aug 2025 00:00:00 -0600 2485 1 13 full false Season 1 - Episode 12 (Pedro Kertzman & Jason Chan) Season 1 - Episode 12 (Pedro Kertzman & Jason Chan) What does cybersecurity look like when you're protecting the world's largest streaming service and content studio? Jason Chan, who built and led Netflix's security team for over a decade, takes us behind the scenes of securing one of the most transformative companies in modern history.

From Netflix's humble beginnings as a DVD-by-mail service to its evolution into a global streaming behemoth operating in 200+ countries with hundreds of millions of subscribers, Jason shares the security journey that paralleled this remarkable business transformation. At the heart of Netflix's approach was strategic storytelling—creating a clear picture for both technical and non-technical stakeholders about not just what needed protection, but who the company needed protection from.

The threats Netflix faced were as unique as its business model. Account takeover schemes where compromised credentials were resold on international black markets. Content protection challenges to prevent pre-release leaks of shows and even physical-digital security concerns around protecting high-profile people like the Obamas. Through it all, Jason's team developed a pragmatic approach focused on preventing the most catastrophic outcomes: service unavailability and data breaches.

Perhaps most remarkable was Netflix's commitment to open-source security. At a time when most companies guarded their security practices closely, Netflix released groundbreaking tools that shaped today's security landscape—including Security Monkey (the first cloud security posture management tool) and Fido (an early security orchestration platform). As Jason explains: "We're not going to compete on security, we're going to compete on entertaining the world."

Whether you're building a security program from scratch or leading a mature team, Jason's insights on prioritization, vendor partnerships, and community collaboration offer a masterclass in effective security leadership. Subscribe now to hear the full conversation about securing one of the world's most innovative companies during its remarkable transformation.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What does cybersecurity look like when you're protecting the world's largest streaming service and content studio? Jason Chan, who built and led Netflix's security team for over a decade, takes us behind the scenes of securing one of the most transformative companies in modern history.

From Netflix's humble beginnings as a DVD-by-mail service to its evolution into a global streaming behemoth operating in 200+ countries with hundreds of millions of subscribers, Jason shares the security journey that paralleled this remarkable business transformation. At the heart of Netflix's approach was strategic storytelling—creating a clear picture for both technical and non-technical stakeholders about not just what needed protection, but who the company needed protection from.

The threats Netflix faced were as unique as its business model. Account takeover schemes where compromised credentials were resold on international black markets. Content protection challenges to prevent pre-release leaks of shows and even physical-digital security concerns around protecting high-profile people like the Obamas. Through it all, Jason's team developed a pragmatic approach focused on preventing the most catastrophic outcomes: service unavailability and data breaches.

Perhaps most remarkable was Netflix's commitment to open-source security. At a time when most companies guarded their security practices closely, Netflix released groundbreaking tools that shaped today's security landscape—including Security Monkey (the first cloud security posture management tool) and Fido (an early security orchestration platform). As Jason explains: "We're not going to compete on security, we're going to compete on entertaining the world."

Whether you're building a security program from scratch or leading a mature team, Jason's insights on prioritization, vendor partnerships, and community collaboration offer a masterclass in effective security leadership. Subscribe now to hear the full conversation about securing one of the world's most innovative companies during its remarkable transformation.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17244945 Tue, 05 Aug 2025 00:00:00 -0600 2174 1 12 full false Season 1 - Episode 11 (Pedro Kertzman & Ondra Rojčík) Season 1 - Episode 11 (Pedro Kertzman & Ondra Rojčík) From nuclear weapons research to reshaping Europe's stance on Chinese technology in critical infrastructure, Andra Rojčík's journey into cyber threat intelligence defies conventional career paths. As a principal CTI analyst who teaches intelligence analysis tradecraft, Andra brings unique perspectives from his experience at NATO, the Czech Intelligence Agency, and now Red Hat.

During his time leading the Strategic Cyber Threat Intelligence function at the Czech National Cybersecurity Agency, Andra's team produced analysis on Huawei that transformed the European narrative around technology sovereignty. "Technology is actually a pretty political issue," Andra explains, challenging the previously accepted notion that technology remains neutral regardless of origin.

The conversation explores fascinating contrasts between government and private sector intelligence work. While government analysts often face unpredictable demands from high-level officials who understand intelligence terminology, private sector CTI requires translating insights into actionable steps for stakeholders who may rarely encounter intelligence products. This demands CTI professionals go beyond assessments to help operationalize findings into concrete security controls.

Andra breaks down the discipline into three essential components that every analyst must develop: Cyber (information security concepts), Threat (adversary operations), and Intelligence (analytical principles). Many technically-skilled professionals overlook the intelligence tradecraft element, which Andra addresses through workshops helping analysts avoid "admiring problems" and instead deliver actionable intelligence. For those looking to develop their skills, he recommends resources like "Thinking Fast and Slow" by Daniel Kahneman and "Critical Thinking for Strategic Intelligence" by Katherine Hibbs Pherson and Randolph H. Pherson.

Whether you're contemplating a career pivot into cyber threat intelligence or seeking to strengthen your analytical capabilities, this episode offers valuable insights from someone who has successfully navigated both government and corporate intelligence landscapes. Connect with us on LinkedIn to share your thoughts or suggest future guests for the Cyber Threat Intelligence Podcast.


References:

https://www.linkedin.com/in/orojcik/
https://medium.com/@orojcik

Books:
Daniel Kahneman: Thinking Fast and Slow
Katherine and Randolph Pherson: Critical Thinking for Strategic Intelligence
Cole Nussebaumer Knaflic: Storytelling With Data 

CTI Intro books:
Thomas Roccia: Visual Threat Intelligence 
Rebekah Brown and Scott Roberts: Intelligence-Driven Incident Response

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> From nuclear weapons research to reshaping Europe's stance on Chinese technology in critical infrastructure, Andra Rojčík's journey into cyber threat intelligence defies conventional career paths. As a principal CTI analyst who teaches intelligence analysis tradecraft, Andra brings unique perspectives from his experience at NATO, the Czech Intelligence Agency, and now Red Hat.

During his time leading the Strategic Cyber Threat Intelligence function at the Czech National Cybersecurity Agency, Andra's team produced analysis on Huawei that transformed the European narrative around technology sovereignty. "Technology is actually a pretty political issue," Andra explains, challenging the previously accepted notion that technology remains neutral regardless of origin.

The conversation explores fascinating contrasts between government and private sector intelligence work. While government analysts often face unpredictable demands from high-level officials who understand intelligence terminology, private sector CTI requires translating insights into actionable steps for stakeholders who may rarely encounter intelligence products. This demands CTI professionals go beyond assessments to help operationalize findings into concrete security controls.

Andra breaks down the discipline into three essential components that every analyst must develop: Cyber (information security concepts), Threat (adversary operations), and Intelligence (analytical principles). Many technically-skilled professionals overlook the intelligence tradecraft element, which Andra addresses through workshops helping analysts avoid "admiring problems" and instead deliver actionable intelligence. For those looking to develop their skills, he recommends resources like "Thinking Fast and Slow" by Daniel Kahneman and "Critical Thinking for Strategic Intelligence" by Katherine Hibbs Pherson and Randolph H. Pherson.

Whether you're contemplating a career pivot into cyber threat intelligence or seeking to strengthen your analytical capabilities, this episode offers valuable insights from someone who has successfully navigated both government and corporate intelligence landscapes. Connect with us on LinkedIn to share your thoughts or suggest future guests for the Cyber Threat Intelligence Podcast.


References:

https://www.linkedin.com/in/orojcik/
https://medium.com/@orojcik

Books:
Daniel Kahneman: Thinking Fast and Slow
Katherine and Randolph Pherson: Critical Thinking for Strategic Intelligence
Cole Nussebaumer Knaflic: Storytelling With Data 

CTI Intro books:
Thomas Roccia: Visual Threat Intelligence 
Rebekah Brown and Scott Roberts: Intelligence-Driven Incident Response

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17248328 Tue, 22 Jul 2025 00:00:00 -0600 2150 1 11 full false Season 1 - Episode 10 (Pedro Kertzman & Kees Pouw) Season 1 - Episode 10 (Pedro Kertzman & Kees Pouw) Ever wonder how top security teams stay one step ahead of cybercriminals? The answer lies in the ancient wisdom of Sun Tzu: "If you know yourself and know your enemy, you'll win all battles." This principle forms the foundation of effective Cyber Threat Intelligence (CTI).
 
To celebrate our 10th episode, we had an insightful conversation with Kees Pouw, a veteran CISO with over two decades of cybersecurity experience, where we explore how organizations can build powerful CTI capabilities that transform their security posture. Drawing from his experience as both a consultant and in-house security leader, Kees breaks down the mystique surrounding threat intelligence and delivers practical insights on implementation.
 
 "The best battles are won before they're fought," Kees explains, highlighting how proper intelligence allows organizations to deter attackers through strategic preparation. By understanding specific attacker techniques—like Lockbit's targeting of VMware ESXi hosts—security teams can focus limited resources on the most critical defenses.
 
 We dive deep into the four core domains of comprehensive CTI: threat intelligence feeds, dark web monitoring, digital risk protection, and attack surface management. For organizations just starting their CTI journey, Kees offers a pragmatic roadmap, suggesting which capabilities to prioritize and how to grow organically from existing security operations.
 
 The conversation takes a fascinating turn when we explore how agentic AI is revolutionizing threat intelligence. Kees shares his "wow moment" realizing how AI agents can automate complex research tasks that previously required specialized human expertise—potentially transforming how organizations process the massive volumes of intelligence data.
 
 Whether you're looking to build your first CTI program or enhance existing capabilities, this episode provides a masterclass in making threat intelligence both practical and powerful. Subscribe now to continue learning from cybersecurity leaders who are shaping the future of digital defense.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Ever wonder how top security teams stay one step ahead of cybercriminals? The answer lies in the ancient wisdom of Sun Tzu: "If you know yourself and know your enemy, you'll win all battles." This principle forms the foundation of effective Cyber Threat Intelligence (CTI).
 
To celebrate our 10th episode, we had an insightful conversation with Kees Pouw, a veteran CISO with over two decades of cybersecurity experience, where we explore how organizations can build powerful CTI capabilities that transform their security posture. Drawing from his experience as both a consultant and in-house security leader, Kees breaks down the mystique surrounding threat intelligence and delivers practical insights on implementation.
 
 "The best battles are won before they're fought," Kees explains, highlighting how proper intelligence allows organizations to deter attackers through strategic preparation. By understanding specific attacker techniques—like Lockbit's targeting of VMware ESXi hosts—security teams can focus limited resources on the most critical defenses.
 
 We dive deep into the four core domains of comprehensive CTI: threat intelligence feeds, dark web monitoring, digital risk protection, and attack surface management. For organizations just starting their CTI journey, Kees offers a pragmatic roadmap, suggesting which capabilities to prioritize and how to grow organically from existing security operations.
 
 The conversation takes a fascinating turn when we explore how agentic AI is revolutionizing threat intelligence. Kees shares his "wow moment" realizing how AI agents can automate complex research tasks that previously required specialized human expertise—potentially transforming how organizations process the massive volumes of intelligence data.
 
 Whether you're looking to build your first CTI program or enhance existing capabilities, this episode provides a masterclass in making threat intelligence both practical and powerful. Subscribe now to continue learning from cybersecurity leaders who are shaping the future of digital defense.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17352840 Tue, 08 Jul 2025 00:00:00 -0600 2844 1 10 full false Season 1 - Episode 9 (Pedro Kertzman & Scott Scher) Season 1 - Episode 9 (Pedro Kertzman & Scott Scher) What happens when traditional intelligence methodology meets modern cybersecurity? Scott Scher, CTI Associate Director with expertise in nation-state threat actors and cybercriminal groups, reveals a powerful perspective: successful CTI professionals are intelligence analysts first and cybersecurity specialists second.

Drawing from his background in international security policy and experience across government and private sectors, Scott breaks down the critical distinction between collecting data and generating actionable intelligence. He unpacks how established intelligence frameworks provide the foundation for effective cyber threat analysis, while the technical cybersecurity knowledge can be built on top of this analytical foundation.

Scott shares practical wisdom on building effective CTI programs, beginning with establishing clear processes, creating functional data pipelines, and most critically, understanding stakeholder needs. He explains that many organizations fall into the trap of overcollection – gathering excessive threat feeds without the capacity to transform them into actionable insights. Instead, he advocates for regular evaluation of intelligence sources using frameworks like the Admiralty Code to assess reliability and value.

The conversation delves into the crucial difference between threat (composed of intent, capability, and opportunity) and risk (which incorporates business impact). This distinction becomes essential when communicating with executives who need to understand potential consequences in business terms. Scott provides concrete examples of how to tailor intelligence for different stakeholders – from tactical information for SOC analysts to strategic insights for CISOs making resource allocation decisions.

Whether you're building a CTI function from scratch, looking to improve stakeholder engagement, or seeking to make your intelligence more actionable, this episode offers a masterclass in intelligence-driven cybersecurity. Subscribe now to learn how to transform technical threats into business insights that drive meaningful security improvements across your organization.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What happens when traditional intelligence methodology meets modern cybersecurity? Scott Scher, CTI Associate Director with expertise in nation-state threat actors and cybercriminal groups, reveals a powerful perspective: successful CTI professionals are intelligence analysts first and cybersecurity specialists second.

Drawing from his background in international security policy and experience across government and private sectors, Scott breaks down the critical distinction between collecting data and generating actionable intelligence. He unpacks how established intelligence frameworks provide the foundation for effective cyber threat analysis, while the technical cybersecurity knowledge can be built on top of this analytical foundation.

Scott shares practical wisdom on building effective CTI programs, beginning with establishing clear processes, creating functional data pipelines, and most critically, understanding stakeholder needs. He explains that many organizations fall into the trap of overcollection – gathering excessive threat feeds without the capacity to transform them into actionable insights. Instead, he advocates for regular evaluation of intelligence sources using frameworks like the Admiralty Code to assess reliability and value.

The conversation delves into the crucial difference between threat (composed of intent, capability, and opportunity) and risk (which incorporates business impact). This distinction becomes essential when communicating with executives who need to understand potential consequences in business terms. Scott provides concrete examples of how to tailor intelligence for different stakeholders – from tactical information for SOC analysts to strategic insights for CISOs making resource allocation decisions.

Whether you're building a CTI function from scratch, looking to improve stakeholder engagement, or seeking to make your intelligence more actionable, this episode offers a masterclass in intelligence-driven cybersecurity. Subscribe now to learn how to transform technical threats into business insights that drive meaningful security improvements across your organization.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17206088 Tue, 24 Jun 2025 00:00:00 -0600 3370 1 9 full false Season 1 - Episode 8 (Pedro Kertzman & Ritu Gill) Season 1 - Episode 8 (Pedro Kertzman & Ritu Gill) The digital world is full of breadcrumbs that tell our stories - are you carefully tracking who follows them back to you? In this eye-opening conversation with OSINT expert Ritu Gill, we pull back the curtain on the fascinating world of Open Source Intelligence and why proper tool vetting matters more than you might think.

Drawing from her 18 years in Canadian law enforcement and extensive consulting experience, Ritu reveals why careless tool selection could mean someone is "capturing every keystroke" as you conduct investigations. Her practical advice for both beginners and experienced practitioners cuts through the noise in an increasingly crowded OSINT landscape.

"Without analyzing and adding value to the information, it is not intelligence," Ritu explains, highlighting the crucial distinction between collecting data and producing actionable intelligence. Her emphasis on ethical considerations - the principle of "OSINT for good" - serves as a timely reminder that with great investigative power comes great responsibility.

Whether you're looking to build your skills through free resources like Sophia Santos' exercises, gamified platforms like GeoGuessr, or real-world missing persons cases with TraceLabs, this episode provides concrete pathways for growth. Networking emerges as a powerful career accelerator, with events like OsmosisCon offering invaluable opportunities to connect with the community.

Ready to enhance your digital intelligence capabilities while maintaining ethical standards? Follow Ritu's newsletter at forensicosint.com, explore the resources mentioned in our show notes, and join our LinkedIn community to continue the conversation. Your journey into the world of OSINT starts with understanding not just what you can find, but how to find it responsibly.


Resources:

https://www.raebaker.net

https://www.linkedin.com/in/espen-ringstad-80297464/

https://www.geoguessr.com

https://www.tracelabs.org

https://www.kasescenarios.com

https://www.forensicosint.com/newsletter

https://gralhix.com

https://osmosisinstitute.org

https://www.linkedin.com/feed/update/urn:li:activity:7317909650798977024/

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> The digital world is full of breadcrumbs that tell our stories - are you carefully tracking who follows them back to you? In this eye-opening conversation with OSINT expert Ritu Gill, we pull back the curtain on the fascinating world of Open Source Intelligence and why proper tool vetting matters more than you might think.

Drawing from her 18 years in Canadian law enforcement and extensive consulting experience, Ritu reveals why careless tool selection could mean someone is "capturing every keystroke" as you conduct investigations. Her practical advice for both beginners and experienced practitioners cuts through the noise in an increasingly crowded OSINT landscape.

"Without analyzing and adding value to the information, it is not intelligence," Ritu explains, highlighting the crucial distinction between collecting data and producing actionable intelligence. Her emphasis on ethical considerations - the principle of "OSINT for good" - serves as a timely reminder that with great investigative power comes great responsibility.

Whether you're looking to build your skills through free resources like Sophia Santos' exercises, gamified platforms like GeoGuessr, or real-world missing persons cases with TraceLabs, this episode provides concrete pathways for growth. Networking emerges as a powerful career accelerator, with events like OsmosisCon offering invaluable opportunities to connect with the community.

Ready to enhance your digital intelligence capabilities while maintaining ethical standards? Follow Ritu's newsletter at forensicosint.com, explore the resources mentioned in our show notes, and join our LinkedIn community to continue the conversation. Your journey into the world of OSINT starts with understanding not just what you can find, but how to find it responsibly.


Resources:

https://www.raebaker.net

https://www.linkedin.com/in/espen-ringstad-80297464/

https://www.geoguessr.com

https://www.tracelabs.org

https://www.kasescenarios.com

https://www.forensicosint.com/newsletter

https://gralhix.com

https://osmosisinstitute.org

https://www.linkedin.com/feed/update/urn:li:activity:7317909650798977024/

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17234880 Tue, 10 Jun 2025 00:00:00 -0600 1760 1 8 full false Season 1 - Episode 7 (Pedro Kertzman & John Doyle) Season 1 - Episode 7 (Pedro Kertzman & John Doyle) What does the future of Cyber Threat Intelligence look like beyond basic feeds and reports? Former CIA analyst John Doyle takes us behind the curtain of modern CTI operations, revealing how smart teams are delivering value across entire organizations.

With over 16 years tracking state-sponsored APT groups and now serving as a principal intelligence enablement consultant, Doyle explains how CTI roles are evolving to meet expanding demands. "Organizations use CTI for one of three reasons," he shares. "You've saved the company money, you're making the company money, or you're improving efficiency." This value-driven approach has transformed how CTI teams position themselves in the security ecosystem.

The conversation explores frameworks revolutionizing how teams measure their impact, including the CTI-CMM with its newly developed metrics system. Doyle also highlights unexpected partnerships forming between threat intelligence and other business units—from security awareness to HR—as threats like North Korean IT workers infiltrating legitimate companies create challenges that span traditional departmental boundaries.

For practitioners seeking growth, Doyle maps out the conference landscape from Washington DC's CyberWarCon to European events like FIRST CTI, noting that despite the industry's introverted reputation, these gatherings feature "the smartest people in the world who are super humble" and eager to share knowledge. He also details how AI is transforming intelligence workflows, enabling resource-constrained teams to operate at much higher capacity while maintaining the critical human judgment that separates great analysis from mere data processing.

Whether you're building a CTI program, looking to prove your team's value, or simply curious about how intelligence tradecraft translates from government to private sector, this conversation offers practical insights into an industry where collaboration remains the ultimate competitive advantage. As Doyle concludes, "The more opportunity we have to work with each other and grow from one another, the better off we're going to be."


Resources:

https://cti-cmm.org/

https://medium.com/@likethecoins

https://klrgrz.medium.com/

https://services.google.com/fh/files/misc/cti-analyst-core-competencies-framework-v1.pdf

https://www.sans.org/white-papers/2025-cti-survey-webcast-forum-navigating-uncertainty-todays-threat-landscape/

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What does the future of Cyber Threat Intelligence look like beyond basic feeds and reports? Former CIA analyst John Doyle takes us behind the curtain of modern CTI operations, revealing how smart teams are delivering value across entire organizations.

With over 16 years tracking state-sponsored APT groups and now serving as a principal intelligence enablement consultant, Doyle explains how CTI roles are evolving to meet expanding demands. "Organizations use CTI for one of three reasons," he shares. "You've saved the company money, you're making the company money, or you're improving efficiency." This value-driven approach has transformed how CTI teams position themselves in the security ecosystem.

The conversation explores frameworks revolutionizing how teams measure their impact, including the CTI-CMM with its newly developed metrics system. Doyle also highlights unexpected partnerships forming between threat intelligence and other business units—from security awareness to HR—as threats like North Korean IT workers infiltrating legitimate companies create challenges that span traditional departmental boundaries.

For practitioners seeking growth, Doyle maps out the conference landscape from Washington DC's CyberWarCon to European events like FIRST CTI, noting that despite the industry's introverted reputation, these gatherings feature "the smartest people in the world who are super humble" and eager to share knowledge. He also details how AI is transforming intelligence workflows, enabling resource-constrained teams to operate at much higher capacity while maintaining the critical human judgment that separates great analysis from mere data processing.

Whether you're building a CTI program, looking to prove your team's value, or simply curious about how intelligence tradecraft translates from government to private sector, this conversation offers practical insights into an industry where collaboration remains the ultimate competitive advantage. As Doyle concludes, "The more opportunity we have to work with each other and grow from one another, the better off we're going to be."


Resources:

https://cti-cmm.org/

https://medium.com/@likethecoins

https://klrgrz.medium.com/

https://services.google.com/fh/files/misc/cti-analyst-core-competencies-framework-v1.pdf

https://www.sans.org/white-papers/2025-cti-survey-webcast-forum-navigating-uncertainty-todays-threat-landscape/

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17201001 Tue, 27 May 2025 00:00:00 -0600 3214 1 7 full false Season 1 - Episode 6 (Pedro Kertzman & Aaron Roberts) Season 1 - Episode 6 (Pedro Kertzman & Aaron Roberts) What happens when you combine the precision of open-source intelligence with the strategic focus of cyber threat intelligence? Aaron Roberts, founder of Prospective Intelligence and author of "Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers," reveals the powerful intersection where these disciplines meet.

Aaron's journey from aspiring football coach to cyber threat expert provides a fascinating backdrop to our conversation. After starting in IT support and gradually moving through cybersecurity roles, he discovered the power of OSINT in identifying threats before they materialize. This evolution shaped his unique perspective on threat intelligence - one that values both commercial tools and grassroots solutions from the OSINT community.

The most compelling insights emerge when Aaron discusses the practical realities of threat intelligence on a budget. Rather than viewing financial constraints as limitations, he demonstrates how they can drive innovation. From leveraging free GitHub repositories to repurposing marketing tools for security, Aaron reveals how small and medium businesses can build sophisticated threat detection capabilities without breaking the bank. His mention of C2Tracker - a free tool that can identify command and control infrastructure before many commercial feeds - highlights how open-source approaches sometimes outperform their expensive counterparts.

Perhaps most valuable is Aaron's framework for attack surface intelligence. By examining credentials exposed in data breaches and stealer logs, identifying vulnerabilities in internet-facing systems, monitoring brand sentiment, and detecting typosquat domains, he creates a comprehensive view of organizational risk. This methodology helps companies understand how attackers perceive them - vital intelligence for preemptive defense.

Throughout our discussion, one theme remains constant: effective threat intelligence requires more than technical prowess. Understanding business context, establishing clear intelligence requirements, and communicating findings effectively transform raw data into actionable insights. As Aaron puts it, "You can spend all day writing reports about ransomware groups, but if you don't understand what the business is trying to do, you can't really protect it."

Want to strengthen your organization's security posture through practical, intelligence-led approaches? Connect with us on LinkedIn in the Cyber Threat Intelligence Podcast group to continue the conversation and discover how these principles might apply to your unique security challenges.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What happens when you combine the precision of open-source intelligence with the strategic focus of cyber threat intelligence? Aaron Roberts, founder of Prospective Intelligence and author of "Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers," reveals the powerful intersection where these disciplines meet.

Aaron's journey from aspiring football coach to cyber threat expert provides a fascinating backdrop to our conversation. After starting in IT support and gradually moving through cybersecurity roles, he discovered the power of OSINT in identifying threats before they materialize. This evolution shaped his unique perspective on threat intelligence - one that values both commercial tools and grassroots solutions from the OSINT community.

The most compelling insights emerge when Aaron discusses the practical realities of threat intelligence on a budget. Rather than viewing financial constraints as limitations, he demonstrates how they can drive innovation. From leveraging free GitHub repositories to repurposing marketing tools for security, Aaron reveals how small and medium businesses can build sophisticated threat detection capabilities without breaking the bank. His mention of C2Tracker - a free tool that can identify command and control infrastructure before many commercial feeds - highlights how open-source approaches sometimes outperform their expensive counterparts.

Perhaps most valuable is Aaron's framework for attack surface intelligence. By examining credentials exposed in data breaches and stealer logs, identifying vulnerabilities in internet-facing systems, monitoring brand sentiment, and detecting typosquat domains, he creates a comprehensive view of organizational risk. This methodology helps companies understand how attackers perceive them - vital intelligence for preemptive defense.

Throughout our discussion, one theme remains constant: effective threat intelligence requires more than technical prowess. Understanding business context, establishing clear intelligence requirements, and communicating findings effectively transform raw data into actionable insights. As Aaron puts it, "You can spend all day writing reports about ransomware groups, but if you don't understand what the business is trying to do, you can't really protect it."

Want to strengthen your organization's security posture through practical, intelligence-led approaches? Connect with us on LinkedIn in the Cyber Threat Intelligence Podcast group to continue the conversation and discover how these principles might apply to your unique security challenges.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17133339 Tue, 13 May 2025 00:00:00 -0600 4304 1 6 full false Season 1 - Episode 5 (Pedro Kertzman & Josh Darby MacLellan) Season 1 - Episode 5 (Pedro Kertzman & Josh Darby MacLellan) What does it take to succeed in cyber threat intelligence today? Josh Darby McLellan draws from his unique journey through geopolitical risk into the CTI space to reveal practical insights for both aspiring analysts and established professionals.

The conversation opens with Josh's unexpected path into threat intelligence, highlighting a crucial revelation for newcomers: you don't need special access or expensive tools to begin gaining CTI experience. With abundant open-source resources available, anyone can practice analysis workflows, build a portfolio, and demonstrate genuine passion before landing their first role.

Beyond technical foundations like the Diamond Model and Kill Chain, Josh emphasizes communication as perhaps the most critical skill for CTI professionals. "Your entire CTI process will fall completely flat if you are not able to communicate that intelligence in a way that lands with your stakeholders," he notes. This challenge becomes especially apparent when teams struggle to translate their value into language business leaders understand—a persistent hurdle for many CTI programs.

The discussion explores how collaboration across traditionally competitive organizations creates powerful intelligence sharing networks, particularly within industries facing similar threats. Josh also tackles AI's impact, warning that "your job won't be replaced by AI, but by someone who can use AI," encouraging analysts to embrace tools that automate repetitive tasks while preserving human judgment for critical analysis.

Looking ahead, Josh predicts short-term challenges for CTI teams proving their worth during economic uncertainty, but remains optimistic about the field's future as cyber attacks continue increasing in volume and severity against a fractured geopolitical landscape. For those intrigued by this dynamic field, his advice is simple: dive in, leverage free resources, and discover if this intellectually stimulating career path is right for you.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> What does it take to succeed in cyber threat intelligence today? Josh Darby McLellan draws from his unique journey through geopolitical risk into the CTI space to reveal practical insights for both aspiring analysts and established professionals.

The conversation opens with Josh's unexpected path into threat intelligence, highlighting a crucial revelation for newcomers: you don't need special access or expensive tools to begin gaining CTI experience. With abundant open-source resources available, anyone can practice analysis workflows, build a portfolio, and demonstrate genuine passion before landing their first role.

Beyond technical foundations like the Diamond Model and Kill Chain, Josh emphasizes communication as perhaps the most critical skill for CTI professionals. "Your entire CTI process will fall completely flat if you are not able to communicate that intelligence in a way that lands with your stakeholders," he notes. This challenge becomes especially apparent when teams struggle to translate their value into language business leaders understand—a persistent hurdle for many CTI programs.

The discussion explores how collaboration across traditionally competitive organizations creates powerful intelligence sharing networks, particularly within industries facing similar threats. Josh also tackles AI's impact, warning that "your job won't be replaced by AI, but by someone who can use AI," encouraging analysts to embrace tools that automate repetitive tasks while preserving human judgment for critical analysis.

Looking ahead, Josh predicts short-term challenges for CTI teams proving their worth during economic uncertainty, but remains optimistic about the field's future as cyber attacks continue increasing in volume and severity against a fractured geopolitical landscape. For those intrigued by this dynamic field, his advice is simple: dive in, leverage free resources, and discover if this intellectually stimulating career path is right for you.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-17030001 Tue, 29 Apr 2025 00:00:00 -0600 2601 #CTI, #CyberThreatIntelligence, #CyberSecurity 1 5 full false Season 1 - Episode 4 (Pedro Kertzman & Cherie Burgett) Season 1 - Episode 4 (Pedro Kertzman & Cherie Burgett) Cherie Burgett takes us on a fascinating journey from her days as a Radio Shack employee and avid gamer to becoming the Director of Cyber Intelligence Operations for the Mining and Metals Information Sharing and Analysis Center. Her story demolishes the myth that cybersecurity professionals must follow traditional career paths, demonstrating how life skills, natural curiosity, and a hacker mentality can translate into powerful cyber defense capabilities.

The conversation reveals profound insights about the evolving threat landscape where criminals have developed specialized supply chains and even customer support systems. "It takes a lot more skills to defend than it does to attack," Cherie notes, highlighting the asymmetric challenge defenders face. We learn how threat actors now specialize in different attack phases—initial access brokers selling to ransomware operators—creating a complex criminal ecosystem that demands collaborative defensive approaches.

What sets this episode apart is Cherie's perspective on the human dimension of threat intelligence. With background in Bible college studying hermeneutics (the art of interpretation), she brings humanities-focused analysis to technical challenges. "Threat intelligence to me is the most human of the cyber disciplines," she explains, emphasizing that we're ultimately "protecting people, not systems." This philosophy shapes her approach to intelligence sharing, where she insists on providing context and actionable insights rather than merely distributing raw data or "story time" recitations of headlines.

Whether you're an experienced CTI professional or considering entering the field from an unconventional background, this episode offers valuable guidance on building skills, avoiding analytical biases, and connecting with industry resources. Follow Cherie on LinkedIn or through MMISAC publications to continue learning from her unique perspective on making threat intelligence truly human-centered and impactful.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Cherie Burgett takes us on a fascinating journey from her days as a Radio Shack employee and avid gamer to becoming the Director of Cyber Intelligence Operations for the Mining and Metals Information Sharing and Analysis Center. Her story demolishes the myth that cybersecurity professionals must follow traditional career paths, demonstrating how life skills, natural curiosity, and a hacker mentality can translate into powerful cyber defense capabilities.

The conversation reveals profound insights about the evolving threat landscape where criminals have developed specialized supply chains and even customer support systems. "It takes a lot more skills to defend than it does to attack," Cherie notes, highlighting the asymmetric challenge defenders face. We learn how threat actors now specialize in different attack phases—initial access brokers selling to ransomware operators—creating a complex criminal ecosystem that demands collaborative defensive approaches.

What sets this episode apart is Cherie's perspective on the human dimension of threat intelligence. With background in Bible college studying hermeneutics (the art of interpretation), she brings humanities-focused analysis to technical challenges. "Threat intelligence to me is the most human of the cyber disciplines," she explains, emphasizing that we're ultimately "protecting people, not systems." This philosophy shapes her approach to intelligence sharing, where she insists on providing context and actionable insights rather than merely distributing raw data or "story time" recitations of headlines.

Whether you're an experienced CTI professional or considering entering the field from an unconventional background, this episode offers valuable guidance on building skills, avoiding analytical biases, and connecting with industry resources. Follow Cherie on LinkedIn or through MMISAC publications to continue learning from her unique perspective on making threat intelligence truly human-centered and impactful.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-16902495 Tue, 15 Apr 2025 00:00:00 -0600 2300 1 4 full false Season 1 - Episode 3 (Pedro Kertzman & Pedro Barros) Season 1 - Episode 3 (Pedro Kertzman & Pedro Barros) Navigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.

Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.

The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.

For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.

Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Navigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.

Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.

The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.

For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.

Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-16842490 Tue, 01 Apr 2025 00:00:00 -0600 1927 1 3 full false Season 1 - Episode 2 (Pedro Kertzman & A. Stryker) Season 1 - Episode 2 (Pedro Kertzman & A. Stryker) Threat intelligence forms the backbone of effective cybersecurity strategy, but what does it really take to build a successful CTI program? In this fascinating conversation, Stryker, a threat intelligence analyst at a major US insurance company, challenges conventional wisdom by asserting that while every organization needs threat information, not every organization requires a dedicated threat intelligence team.

Drawing from her unconventional journey from marketing professional to threat intelligence analyst, Stryker offers a refreshing perspective on career transitions in cybersecurity. "I'm a poster child for having to do everything the difficult way," she admits, before revealing how she recontextualized her decade of content marketing experience into valuable security skills. Her story demolishes the myth that there's only one path into the industry, though she acknowledges the reality: "It's not an entry-level position... you have to be that much better than everybody else to overcome bias."

The conversation delves into the maturity spectrum of threat intelligence capabilities, from organizations just beginning to monitor key resources to those with fully dedicated teams. Stryker provides practical advice on selecting security partners who offer contextual guidance rather than checkbox compliance: "Listen for the ones who say 'no, and here's why, but here's what you can do instead.' That's the sign of an organization that wants to be a partner."

For professionals looking to sharpen their CTI knowledge, Stryker emphasizes the importance of primary sources over media summaries and shares her methodology for building a comprehensive intelligence feed. She also reveals her unique approach to helping others transition into cybersecurity through her "Career Campaigns" workshop, which uses tabletop RPG concepts to help people reimagine their professional skills.

Whether you're building a threat intelligence program, considering a career pivot, or simply fascinated by the evolving landscape of cybersecurity, this episode offers invaluable insights from someone who's navigated the journey firsthand. Subscribe now for more conversations with Cyber Threat Intelligence thought leaders who are reshaping how we think about CTI.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Threat intelligence forms the backbone of effective cybersecurity strategy, but what does it really take to build a successful CTI program? In this fascinating conversation, Stryker, a threat intelligence analyst at a major US insurance company, challenges conventional wisdom by asserting that while every organization needs threat information, not every organization requires a dedicated threat intelligence team.

Drawing from her unconventional journey from marketing professional to threat intelligence analyst, Stryker offers a refreshing perspective on career transitions in cybersecurity. "I'm a poster child for having to do everything the difficult way," she admits, before revealing how she recontextualized her decade of content marketing experience into valuable security skills. Her story demolishes the myth that there's only one path into the industry, though she acknowledges the reality: "It's not an entry-level position... you have to be that much better than everybody else to overcome bias."

The conversation delves into the maturity spectrum of threat intelligence capabilities, from organizations just beginning to monitor key resources to those with fully dedicated teams. Stryker provides practical advice on selecting security partners who offer contextual guidance rather than checkbox compliance: "Listen for the ones who say 'no, and here's why, but here's what you can do instead.' That's the sign of an organization that wants to be a partner."

For professionals looking to sharpen their CTI knowledge, Stryker emphasizes the importance of primary sources over media summaries and shares her methodology for building a comprehensive intelligence feed. She also reveals her unique approach to helping others transition into cybersecurity through her "Career Campaigns" workshop, which uses tabletop RPG concepts to help people reimagine their professional skills.

Whether you're building a threat intelligence program, considering a career pivot, or simply fascinated by the evolving landscape of cybersecurity, this episode offers invaluable insights from someone who's navigated the journey firsthand. Subscribe now for more conversations with Cyber Threat Intelligence thought leaders who are reshaping how we think about CTI.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-16826846 Wed, 19 Mar 2025 21:00:00 -0600 2848 Cyber Threat Intelligence, Cyber Security, CTI, Information Security 1 2 full false Season 1 - Episode 1 (Pedro Kertzman & Mary D'Angelo) Season 1 - Episode 1 (Pedro Kertzman & Mary D'Angelo) On this episode of Season 1, our Host Pedro Kertzman will chat with Mary D’Angelo, who is a Cyber Threat Intelligence Solutions Lead at Filigran, dedicated to helping organizations integrate actionable threat intelligence across silos. She emphasizes the need for a top-down cultural shift to demonstrate threat intelligence’s ROI to executives. Focused on dark web threats and ransomware attacks, Mary is a strong advocate for democratizing intelligence sharing. She is passionate about mentoring the next generation of cybersecurity professionals while staying at the forefront of emerging threats and AI-driven intelligence.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> On this episode of Season 1, our Host Pedro Kertzman will chat with Mary D’Angelo, who is a Cyber Threat Intelligence Solutions Lead at Filigran, dedicated to helping organizations integrate actionable threat intelligence across silos. She emphasizes the need for a top-down cultural shift to demonstrate threat intelligence’s ROI to executives. Focused on dark web threats and ransomware attacks, Mary is a strong advocate for democratizing intelligence sharing. She is passionate about mentoring the next generation of cybersecurity professionals while staying at the forefront of emerging threats and AI-driven intelligence.

Send a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

]]> Pedro Kertzman Buzzsprout-16730036 Mon, 03 Mar 2025 22:00:00 -0700 1745 Cyber Security, InfoSec, CTI, Cyber Threat Intelligence 1 1 full false Mary D'Angelo Pedro Kertzman