Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. Join the Recorded Future team, special guests, and our partners from the CyberWire to learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence.
London has, for centuries, enjoyed its status as one of the cornerstones of the global economy. So it makes sense that it would also be a beacon of innovation and investment in cybersecurity. Our guest today is Jonathan Luff. He’s the co-founder of Epsilon Advisory Partners and CyLon, an incubator for early-stage cybersecurity companies based in the United Kingdom. He discusses his story of his early career in public service, sharing his talents and expertise around the world, his transition from public servant to entrepreneur, and why he believes the U.K. is well positioned for leadership in the growing global cybersecurity industry.
Recorded Future’s Allan Liska is our guest once again this week. This time, he brings a collection of interesting trends and anomalies that he and his team have been tracking. They publish these on the Recorded Future website under the title of “pulse reports.” We’ll take a closer look at ransomware in international financial institutions, credential leaks in the biotech and pharmaceutical industries, as well as the rise of retail phishing campaigns in the midst of the global pandemic.
Our guest is John Zanni, CEO at Acronis SCS, a company dedicated to providing secure backup, disaster recovery, and cyber protection for the U.S. public sector. He shares his unconventional journey into a career in cybersecurity, as well as insights on the unique challenges public sector organizations face when trying to protect valuable assets. We’ll also get John’s thoughts on threat intelligence, the skills and traits he looks for when hiring, and why he thinks cybersecurity organizations should be recruiting workers from the U.S. military.
Alex Noga is a solutions engineering manager at Recorded Future, and on this week’s show, he joins us to share his insights on enhancing organizations’ ability to make the most of the information they’re gathering by adopting security intelligence. He explains how this approach helps analysts connect the dots and empowers them to focus on the signals that matter — all while blocking out the noise.
Our guest this week is Rick Howard, chief analyst and chief security officer at the CyberWire. Rick’s career included stops in the U.S. Army in signals intelligence, teaching computer science at Westpoint, and pioneering roles in threat intelligence for the military. He’s the former chief security officer for Palo Alto Networks, where he helped create and manage their Unit 42 threat intelligence team. He shares his insights on his career as a network defender, his take on the essential role of threat intelligence, and what he looks for when hiring members of his team.
Our guest is James Dawson. He’s an IT risk analyst, providing advice to global organizations on the issues of threat and cyber risk. He’s consulted with many organizations in the financial industry, including Danske Bank and Freddie Mac. James Dawson shares his views on the importance of being able to evaluate risk, and to do so with open eyes and a level head. He emphasizes the value in taking risks in the workplace, especially for younger workers looking to make their mark. He shares his thoughts on threat intelligence, and the challenges organizations face when trying to cut through all of the noise.
Our guest is Chris Cochran, threat intelligence and operations lead at Netflix, and cohost of the Hacker Valley Podcast. We discuss his career in cybersecurity, from his ambitious beginnings as a student, his service in the U.S. Marine Corp and his time at U.S. Cyber Command, as a member of the team pioneering threat intelligence before it was even known by that name. He shares his thoughts on leadership, and well as his development of an intelligence framework that goes by the acronym EASY.
Our guest is Adeel Saeed, veteran cybersecurity expert, technologist, and former CISO at State Street, previously having worked for organizations including the London Stock Exchange and the American Stock Exchange. Our conversation centers on Adeel’s mantra of planning for resilience and eventuality amid a growing range of global threats — in the cyber realm and beyond. He shares his experience after 9/11, how it’s informed his approach to preparing for the worst, and how sometimes, luck plays a part in disaster recovery. We’ll get his views on threat intelligence, and learn why he thinks now is a great time to join the cybersecurity industry.
Our guest is Mihoko Matsubara, chief cybersecurity strategist at Japanese telecommunications company NTT Corporation in Tokyo, where she’s responsible for cybersecurity thought leadership. Previously, Mihoko worked at the Japanese Ministry of Defense and was VP and public sector chief security officer for Asia-Pacific at Palo Alto Networks. Our conversation explores the different approaches to cybersecurity seen in Japan, and the impact those cultural differences have on that nation’s security. We’ll also learn more about Mihoko’s efforts to bridge that gap of understanding, and to help build trust and safety around the world.
Yolonda Smith is head of cybersecurity at Sweetgreen, a fast casual restaurant chain that focuses on salads, with over 100 locations coast to coast in the U.S. Yolonda shares the challenges of securing the array of elements involved in a farm-to-table food service organization, from supply chains to customer credit cards. We’ll learn about her humble beginnings in the Air Force, her approach to problem solving and collaboration, as well her pioneering role in threat hunting — before many people were even calling it that.
Our guest this week is Bob Stasio, global cyber threat leader at Dupont, a global Fortune 500 company with around 35,000 employees. Bob shares his professional pathway beginning in the U.S. Army, with stops along the way at NSA and U.S. Cyber Command, and at private sector companies like Bloomberg and IBM. In this episode, we get Bob’s take on threat intelligence and learn why he thinks automation is one of the key components to future success in securing organizations — both internally and online.
On today’s show, we welcome back Recorded Future’s senior vice president of global intelligence, Levi Gundert, to discuss his newly published book, “The Risk Business: What CISOs Need to Know About Risk-Based Cybersecurity.” In our conversation, Levi makes the case for risk-based cybersecurity and describes the various challenges that organizations face when implementing it. He also proposes updated frameworks and explains the value of strategic threat intelligence.
Our guest today is Nick Kael. He’s chief technology officer at Ericom Software, a company that provides secure web isolation and remote application access software and cloud services. In our conversation, Nick shares his professional journey, including the important lessons his experience in the U.S. military have provided. We’ll learn about his leadership style, his take on threat intelligence, what he looks for when hiring, and his approach to his day-to-day responsibilities.
Researchers from Recorded Future’s Insikt Group have been tracking the increased use of automation by a variety of threat actors around the world. Similar to the way that legitimate businesses use automation to increase their efficiency and productivity, the bad guys have adopted various tools to help maximize their profits and scale operations. They’ve built a thriving underground marketplace, and there’s no sign that they’re slowing down. Roman Sannikov leads Recorded Future’s cybercrime and underground intelligence team, and he joins us to share their findings.
The COVID-19 global pandemic has set us all back on our heels, as we make adjustments to our day-to-day lives and prepare for what is yet to come. The situation is evolving quickly, and when it comes to security, there are a number of concerns — starting with the massive shift for many to working from home. Add to that the general feeling of unease that comes with so much uncertainty, along with threat actors who are all too willing to take advantage of the situation. Allan Liska is a threat intelligence analyst at Recorded Future, and he returns to our show with some practical advice for staying safe and protecting your organization during this time.
Despite the cybersecurity industry’s best efforts, ransomware continues to affect individuals and organizations of just about every shape and size — from mom-and-pop shops, to global organizations, and even municipalities. As the developers of ransomware continue to bring in their ill-gotten gains, they’ve invested in infrastructure and customer service to keep it easy to deploy their wares and collect their loot. Lorne Hazlewood is a senior information security analyst at BKD LLP. He joins us to share his insights on ransomware, where he thinks it’s headed, and what we all can do to best protect ourselves against it.
Many organizations find themselves puzzling through the countless security products and services on offer these days, decoding the buzzwords and acronyms, hoping to find clarity and understanding. MSSP and MDR services are among those offerings. MSSP stands for managed security service provider, and MDR is managed detection and response. Our guest today will help sort out the sometimes subtle differences between the two. Sean Blenkhorn is chief product officer at eSentire, and he shares his insights on modern threat hunting and how threat intelligence can enhance those capabilities.
When it comes to incident response — just like in sports — you’ve got to practice like you play. In warfare, they say, “No plan survives contact with the enemy,” and heavyweight boxing champion Mike Tyson had his own version: “Everyone has a plan until they get punched in the face.” The point is, until you are actually in the heat of a high-pressure situation, it’s highly unlikely that you’ll be able to predict how you and the members of your team will react. Our guest this week is Christopher Crummey. He’s executive director of the X-Force Command Centers at IBM Security. Christopher and his team create highly realistic simulations of cybersecurity incidents to help organizations evaluate how they’ll respond when the heat is on and the pressure is high.
There’s that old saying, “The more things change, the more things stay the same.” In cyber security and incident response, even with all of the new tools, increased speed and mounting threats, a large part of keeping any organization safe comes down to taking care of the basics, the tried and true techniques that have served us well for decades. Our guest this week is Gavin Reid, chief information security officer at Recorded Future. He’s a firm believer in taking care of the basics, empowering employees to collaborate and take healthy risks, and making sure that your communications style is concise, and actionable. All good advice, tried and true.
Our guest this week is DK Lee. He’s an information sharing operations manager at FS-ISAC, the financial services information sharing and analysis center. They’re an industry consortium focused on reducing cyber risk in the global financial system, and count over seven thousand financial institutions as members. DK joins us to share his insights on threat intelligence, along with his opinions on leadership, organizational maturity, and checking your ego at the door.
Our guest is Oscar Jonsson. He’s the director of the Stockholm Free World Forum, a Swedish foreign and security policy think tank, and an associated researcher at the Swedish Defense University. Previously, Oscar was a subject-matter expert at the Policy and Plans Department at the Swedish Armed Forces Headquarters. Our conversation focuses on Oscar’s recent book, “The Russian Understanding of War: Blurring the Lines Between War and Peace.” In it, he tracks the history of Russian tactics and strategies, and explores how Russia sees itself in the online global community.
Hakan Tanriverdi is a journalist covering cybersecurity for Germany’s public broadcasting network. In our conversation this week, we discuss the challenges of reporting on a highly technical subject area, making your stories accessible to the general public, and having the courage to ask the obvious questions. We’ll get his insights on being a good consumer of news, as well as his thoughts on where journalism is headed.
Our guest this week is Jeremy Blackthorne, president of the Boston Cybernetics Institute. They provide a variety of cybersecurity services, and our conversation focuses on their unique approach to training, specifically for members of the U.S. military. Jeremy served in the U.S. Marine Corps, and we explore the advantages that provides when approaching both training and operational security issues. We’ll get his take on threat intelligence, as well.
Our guest this week is Nico Dekens. Online, people know him as the “Dutch OSINT Guy,” a handle he’s earned through his extensive knowledge and background in open source intelligence. Nico shares his own history getting into the field, as well as some real-world examples of how he goes about gathering OSINT, and how individuals can do a better job protecting themselves online. And, of course, we’ll get his insights on threat intelligence as well.
Our guest this week is Steven Atnip. He’s a senior advisor for Verizon’s threat research advisory center and the dark web hunting team. Steven shares his early career experience in the U.S. Navy and explains why he believes the military provides unique opportunities for people looking to launch their careers. We’ll hear his views on the importance of company culture, being a lifelong learner, how to step up to challenges of an organization running at scale, as well as his insights on security and threat intelligence. We caught up with Steven Atnip at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C.
Our guest this week is Daniel Cuthbert. He’s the global head of cybersecurity research for Banco Santander, and he sits on both the Black Hat review board and the Black Hat training board. Our conversation centers on his work in the financial industry, his unusual path to cybersecurity, and his thoughts on creative diversity. We get his take on threat intelligence, as well as his insights on team leadership and seeking a career in security.
Joining us this week is Espen Johansen, operations and security manager at Visma, an information technology and services company headquartered in Oslo. He shares insights on the types of attacks he sees targeting organizations like Visma, and the lessons learned from a nation-state attack Visma experience in August 2018. He’ll give us his take on threat intelligence, as well as advice for organizations looking to just beginning their threat intelligence journey. We sat down with Espen Johansen at Recorded Future’s 2019 RFun Predict conference in Washington DC.
Our guest this week is Edward Davis. He’s president and CEO of The Edward Davis Company, a business strategy and security services firm, but he is perhaps best known for his role as former police commissioner for the city of Boston — a role he held during the tragic Boston Marathon bombing in 2013. In the aftermath of that event, he was the face of the city, as his team coordinated and collaborated with other local and national law enforcement agencies. We discuss his experience with the Boston Marathon bombing, get his insights on law enforcement in the age of ransomware, and hear his thoughts on the role of threat intelligence. Joining this episode’s conversation is Recorded Future’s Allan Liska.
Booking.com is one of the leading travel booking sites in the world, facilitating over one and a half million room nights via their platform every day. With that many clients, in addition to a network of third-party suppliers and partners around the world, Booking.com successfully fends off more than their fair share of attempted attacks. Our guests today are two members from Booking.com’s security team who work every day to help protect the organization — Anastasios Pingios, principal security engineer, and Stuart Shevlin, intelligence program lead. We caught up with Anastasios and Stuart at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C.
Our guest today is O’Shea Bowens. He’s CEO of Null Hat Security and a SOC manager for Toast, a Boston-area firm, where he focuses on threat hunting, incident response, SOC operations, and cloud computing. O’Shea shares his early beginnings as a teenage hacker learning the ropes, his career path, and why he believes it’s important to be a role model, a mentor, and to have a presence in the security community.
If you are of a certain age — an age where you may have spent a good bit of your time online using Myspace — you may recall an incident with the Samy worm, which in 2005 spread through Myspace so quickly and uncontrollably that they had to temporarily shut the service down to regain control. It was, by all accounts, a prank that got out of hand, but the authorities were not amused, and Samy Kamkar, who wrote the worm, was eventually sentenced to probation, community service, and a hefty fine. Since then, Samy Kamkar has set his sights on security research, with a specific focus on open source software. We caught up with Samy at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C., where he was delivering one of the keynote presentations.
Our guest today is Syra Arif, a senior advisory solutions architect in the security and risk practice at ServiceNow, a global cloud computing company. Syra shares her insights on providing customers with solutions to the business challenges of governance, risk, and compliance. She shares her experience coming up through the industry as a woman, and we also get her perspective on threat intelligence and why it’s critical for organizations to embrace diversity.
As organizations become increasingly complex in their push for digital transformation, the need for actionable, automated threat intelligence for everyone has never been greater. On this week’s show, we tackle that very topic with Recorded Future’s chief of intelligence solutions, Stuart Solomon. We caught up with Stuart at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C. to discuss threat intelligence, the notion of security intelligence, and some practical considerations for integrating these kinds of tools.
Cities and municipalities have made headlines recently in their efforts to defend themselves from cyber attacks, most notably ransomware. Joining us this week to discuss the unique security challenges faced by municipalities are two guests. Margaret Byrnes is Executive Director of the New Hampshire Municipal Association, a non-profit membership organization that provides education, training, advocacy and legal services to cities and towns across New Hampshire. Joe Howland is Chief Information Security Officer at VC3, a managed IT services company who’s clients include many municipalities throughout the country.
Our guest this week is Jöerg Schauff. He’s a principal consultant at Symantec, focusing on cyber and threat intelligence. He shares his insights on the challenges he sees his clients facing in Germany and how their experiences inform proper defenses internationally. We’ll discuss the differences between run-of-the-mill thieves and nation-state threat groups, as well as how organizations can best make use of threat intelligence and set themselves up for success.
Our guest this week is Quiessence Phillips, deputy CISO and head of threat management for New York City Cyber Command. She’s one of the leaders of a team of cybersecurity professionals working to strengthen and coordinate the cyber defenses of one of the largest and most important cities in the world. Quiessence joins us to share valuable insights into managing the scale of the responsibilities she and her team hold, the techniques she advocates for staying ahead of threats, as well as her thoughts on how best to prepare for a position in the industry.
On this week’s show, we welcome back Lauren Zabierek. The last time she joined us, she was a senior intelligence analyst at Recorded Future, but she’s since taken on the role of director of the cybersecurity project at Harvard’s Belfer Center. She shares the mission of her organization, the role she thinks it has to play on the national and international stage, and why making sure everyone has a seat at the table leads to better, safer outcomes.
Our guest today is Rosa Smothers, senior vice president of cyber operations at KnowBe4, where she leads KnowBe4’s federal practice efforts, including providing cybersecurity advisory services to civilian and military agencies within the U.S. federal government. From her humble beginnings with a used 8-bit home computer, Rosa’s career experience includes over a decade in the CIA, leading cyber operations against terrorists and nation-state adversaries. She served multiple tours overseas as a cybersecurity analyst and technical intelligence officer in the Center for Cyber Intelligence and the Counterterrorism Mission Center, and was highly decorated for her service. She’s a strong advocate and mentor for women starting their careers, and is a member of Women in Defense and InfraGard.
Disinformation campaigns are in the news. Starting with the 2016 U.S. election cycle, continuing in 2018, and now looking ahead to 2020, the threat of online influence operations from foreign adversaries has been top of mind — but there’s a different kind of disinformation for sale on the dark web. Researchers from Recorded Future’s Insikt Group engaged with two threat actors selling their wares on Russian-speaking underground forums. They discovered that disinformation campaigns are readily available, not terribly expensive, and potentially highly effective. Roman Sannikov is director of analyst services at Recorded Future, and he shares what they found.
When we talk about threat intelligence, we often put it in the context of bringing information to the surface, creating context and alerts to let you know what you need to be concerned with. We also speak of cutting through the noise, of pulling the signal out and transforming it into actionable intelligence. Our guest today is Andrew Morris. He’s CEO of GreyNoise Intelligence, a company that describes itself as “anti-threat intelligence.” That’s not to say they’re against threat intelligence — quite the opposite, in fact — but instead of focusing on what should keep you up at night, Andrew and his team analyze the background noise of the internet to determine what you don’t need to worry about. It’s a unique approach that’s perhaps a bit counterintuitive at first, but ultimately, they say it helps you filter out useless noise and focus your time and resources on what really matters.
There has been a growing number of ransomware attacks targeting cities and towns across the U.S. Once hit, cities and towns face a number of tough decisions — pay the ransom, restore from backup — and all of this happens with a backdrop of needing to provide vital services to citizens. To add insult to injury, many cities and towns face tight IT and security budgets. They’ve been asking for more security and better backup tools, but are quite often being told that the money is simply not there. Recorded Future’s Allan Liska knows a thing or two about ransomware. He’s co-author of the book, “Ransomware: Defending Against Digital Extortion,” and he recently published the results of some ransomware research that he and his team at Recorded Future have been working on. He’ll share their findings, along with advice for keeping your organization safe.
Our guest today is Matt Devost. He’s CEO and co-founder of OODA LLC, a company that helps clients identify, manage, and respond to global risks and uncertainties. Matt Devost has been at the intersection of public policy and cybersecurity since it became possible to align the two. He has expertise in counterterrorism, critical infrastructure protection, intelligence, risk management, and cybersecurity issues. In addition to sharing the story of his career journey, we’ll get his insights on managing cyber risk in a complex world, as well as his thoughts on threat intelligence.
Our guest today is Josh Kamdjou. He’s co-founder of Sublime Security, a company that’s looking to address the widespread security issues of phishing and spearphishing by offering open source tools that alert users to a range of potential indicators, as well as giving users the opportunity to share their findings with the community, to more quickly spread the word about new and growing threats. We’ll learn about his career journey, get his thoughts on threat intelligence, and hear his advice for folks looking to enter the field.
Recent protests in Hong Kong have highlighted a growing trend in online influence operations, in this case from mainland China. Officials there have been using Western social media platforms to influence public perception of the Hong Kong protests. Those social media platforms have, in turn, shut down accounts they’ve determined are posting what they call “inauthentic content.” Researchers in Recorded Future’s Insikt Group have been analyzing these attempts at online influence operations and have published a report titled “Chinese State Media Seeks to Influence International Perceptions of Hong Kong Protests.” Priscilla Moriuchi is head of nation-state research at Recorded Future, and she joins us to share their findings.
Our guest today is Cody Cornell. He’s CEO of Swimlane, a SOAR platform provider. Cody began his career in the U.S. Coast Guard and has spent 15 years in IT and security, including roles with the U.S. Defense Information Systems Agency, the Department of Homeland Security (DHS), American Express, and IBM Global Business Services. We’ll learn about his career path from sailor to CEO, he’ll share his insider perspective on SOAR platforms and how organizations are using them, and we’ll learn about how he thinks organizations are best implementing threat intelligence to protect not just themselves, but the community as a whole.
Our guest today is Larci Robertson. She’s a senior manager in cyber threat intelligence at Epsilon, a marketing and advertising firm in Irving, Texas. Larci got started in threat intelligence right after college when she joined the U.S. Navy, back before the term “threat intelligence” had been coined. She eventually left the service and worked with a number of defense contractors, before moving to the private sector as a senior cyber threat analyst at PepsiCo, and ultimately to her current position with Epsilon. She shares her career journey, her strategies for protecting her organization and managing resources, and her insights from nearly two decades in the threat intelligence business.
Our guest today is Monzy Merza. He’s the VP and head of security research at Splunk. He shares his journey into tech and security, including leadership positions in both the government and private sectors, his thoughts on threat intelligence and the maturity companies need to properly implement it, as well as his perspective on the current state of SIEMs, and how they’ll need to evolve to keep up with the changes happening in the industry and the world at large.
Our guest is John Moran, senior product manager at DFLabs, whose offerings include a SOAR platform for cybersecurity. John shares his career journey from public safety to digital forensics and cybersecurity, his thoughts on some of the benefits and misconceptions surrounding SOAR deployment, insights on threat intelligence, and much more.
Our guest is Jason Bernier. He’s a penetration tester, working to help organizations ensure their systems are secure, and helping them understand where their weaknesses may be. He’s got some insightful stories to share from his work, along with practical advice for folks looking to find their place in the industry. To be sure, it’s serious work, but there’s no question Jason is passionate about his job, and he has a good time doing it.
Criminal markets on dark web forums are the online version of a bad neighborhood, complete with sellers, buyers, and people who make their living connecting those groups. They tend to be self-policing, and so when an individual discovers a fundamental flaw in the technical foundation of the community and then decides to take advantage of that flaw to hold entire markets for ransom, that tends to get people’s attention. It’s a high-stakes game. Daniel Byrnes is a senior threat intelligence analyst with Recorded Future’s Insikt Group, and he found himself on a journey down a dark web rabbit hole to try to make sense of the situation.
Our guest today is Micah Hoffman. He’s principal consultant at Spotlight Infosec, and one of the founders of the OSINT Curious web site, an online destination for enthusiasts and students of open source intelligence gathering and analysis techniques. He shares his professional journey from psychology to information security, his insights on the growing availability and important of open source intelligence, his emphasis on ethics, and how organizations can best integrate open source tools into their security strategies.
Researchers at Recorded Future have recently detected and described a new kind of influence operation that they’ve named “Fishwrap.” The technique involves recycling previously published news accounts of terrorist activities and amplifying their exposure through social media, with the apparent intent of sowing the seeds of distrust and unease. Our guest today is Staffan Truvé, CTO and co-founder of Recorded Future. He’ll describe the tools they used to uncover the Fishwrap campaign, the conclusions they’ve reached from the information they’ve gathered, and the ways we can all prepare ourselves to spot them.
Our guest today is Tracy Maleeff. Before earning a position as a cyber analyst at a Fortune 500 company, she ran her own firm, providing information security and competitive intelligence research. Prior to that she worked as a Library Resources Manager for a major law firm. Tracy shares the story of her unusual career journey from library science to cyber security, her advice for getting up to speed after a mid-career course change, as well as her thoughts on team building and the importance of diversity throughout an organization.
The NIST Cybersecurity Framework has become a valuable tool for evaluating security across a variety of business sectors. Originally published in 2014 and targeting critical infrastructure, the framework continues to evolve to meet the changing needs of organizations in the U.S. and around the world. Its popularity stems from its thoroughness, applicability, and approachability. Our guests today are Ken Durbin, senior strategist for global government affairs and cybersecurity at Symantec, and Allan Liska, senior solutions architect at Recorded Future. They’re going to walk us through the NIST Cybersecurity Framework and help us understand how to make the most of it within our own organizations.
Joining us today is John TerBush, senior threat intelligence researcher at Recorded Future. John is an instructor with the SANS Institute, currently teaching a course on open source intelligence that he helped develop. Before joining Recorded Future, he was a senior cyber threat intelligence analyst and subject matter expert with consulting firm Booz Allen Hamilton’s Cyber4Sight, and before that he worked for Symantec as a security operations center analyst. Earlier in his career, he worked as a researcher and private investigator. Our conversation explores the value proposition of threat intelligence, and how organizations can dial in how they use it to manage risk, keep their business leaders informed, and get the best bang for their cybersecurity buck.
Our guest today is Tanya Janca. She’s a senior cloud advocate at Microsoft, where she specializes in application security. She’s a popular speaker at security conferences around the world, evangelizing software security and advocating for developers. And she’s a leader in the Open Web Application Security Project (OWASP) community, as well as an advocate and mentor for underrepresented communities in the security industry. She discusses her journey from software developer to security practitioner, how “security is everybody’s job” and why that makes strong communication between teams so important, and the need for diversity in the IT industry today.
Threat Intelligence is a wide ranging term, and it can mean different things to different people as they consider the variety of ways to best integrate it into their organization’s cyber defense strategies. In today’s show, we’re exploring the possibilities for leveraging threat intelligence throughout your organization, from the SOC to the board room, from incident response to fraud protection, and much more. Joining us to guide our journey is Recorded Future’s Mike Petronaci. Before joining Recorded Future, Mike spent time working in the U.S. Department of Defense, as well as with industry leading organizations like Akamai and Cybereason.
Our guest today is Niloofar Razi Howe. She’s a respected technology executive, entrepreneur, board member and investor, having served as Chief Strategy officer for Endgame and, later, RSA Security. She’s a life member of the Council on Foreign relations, and a Recorded Future board member. Our conversation touches a range of topics, from her start as an attorney and entrepreneur, her shift to venture capital, and her executive level assignments as chief strategy officer. We’ll get her take on where she thinks the VC money will be headed in cyber security, as well as her thoughts on why it’s important to make time for giving back.
Our guest today is Martijn Grooten. He’s editor at Virus Bulletin, an online forum for sharing the latest cybersecurity research and intelligence, which dates back to 1989. They’re also an independent testing and certification body, and they hold a popular international security conference annually. Our conversation spans a range of topics, including the evolution of threats that Martijn has tracked over the past several decades, the current state of malicious email campaigns, why he believes some organizations overstate the potential impact of nation-state attacks, his thoughts on threat intelligence, and his recommendations for how organizations can best protect themselves.
In this episode, we check in with Recorded Future’s Levi Gundert and Allan Liska for a refresher on threat intelligence, including how they have come to describe it and why some people have a hard time wrapping their heads around what, exactly, it is and is not. We’ll find out whether threat intelligence is for everyone, and if so, how organizations of different sizes can best engage and make use of actionable threat intelligence. And we’ll learn how combining the strengths of human analysts with the capabilities of state-of-the-art machine learning provides the best of both worlds.
StubHub is the world’s largest ticket marketplace, where buyers and sellers of tickets for sports, concerts, theater, and other live entertainment events connect and do business. They partner with over a hundred entertainment venues and sports teams, enabling the exchange of hundreds of millions of tickets each year. With all of that money flowing through their system, they naturally attract their share of fraudsters. One of the people on the front lines protecting StubHub and their users is Sandeep Abraham, StubHub’s only combination threat analyst and investigator. He joins us this week to describe the challenges StubHub faces and how he uses a unique approach of empathy and emotional intelligence, alongside more straightforward threat hunting techniques, to stay one step ahead of the fraudsters.
Our guest today is Brian Haugli. He’s a partner at Side Channel Security, a consulting firm in the Boston area. Prior to forming Side Channel Security, he was chief security officer for The Hanover Insurance Group. Earlier in his career, he held civilian leadership positions at the Pentagon, helping organizations in the Department of Defense implement cybersecurity best practices. Today, he helps organizations of all sizes to evaluate their security using a risk-based approach, while taking advantage of his own expertise in threat intelligence implementations and strategic organizational initiatives.
Joining us today is Dana Pickett. He’s CISO for Edwards Performance Solutions, as well as a principal for the cybersecurity services they offer. With over three decades in the industry, Dana has witnessed the inception and evolution of cybersecurity, from mainframes to the IoT. He shares his thoughts on what it takes to be a successful CISO, the importance of focusing on business outcomes, effective communication with the board, proactive versus reactive threat intelligence, the utility of frameworks, and the value of peer groups.
Our guest today is Michelle Dennedy. She’s vice president and chief privacy officer for Cisco. An outspoken advocate for building technologies that not only enhance our lives but also promote integrity and respect for people regardless of their level of technical sophistication, Michelle is leading the charge for better understanding and implementation of privacy and data security policies around the world. Our conversation includes her thoughts on why organizations find privacy so challenging, the differences between aspirational messaging and foundational values, and where she thinks the next generation of security and privacy professionals may take us.
Our guest today is Brian Martin, vice president of vulnerability intelligence at Risk Based Security, a company that provides risk identification and security management tools leveraging their data-breach and vulnerability intelligence. Brian shares his experience turning data into meaningful, actionable intelligence, common misperceptions he’s encountered along the way, and why he thinks companies shopping around for threat intelligence need to be careful to ask the right questions.
To celebrate one hundred episodes of our show, we’ve got a special guest this week. The grugq is well-known in hacker and information security circles around the world, and a respected voice at conferences and on social media. He’s a bit mysterious, preferring to keep his real name under wraps. The grugq joins us this week to discuss influence operations — their history, why they work, and how recent examples like the Russian meddling in the 2016 U.S. elections might be a sign of things to come.
There’s an increasing awareness of foreign influence on American institutions through social media. U.S. intelligence agencies have asserted that Russians made a concerted effort to disrupt and influence the 2016 presidential election, and there’s widespread evidence that Russia continues to sow the seeds of discord with the aim of eroding Westerners’ trust and confidence in their political systems and social norms. Recorded Future’s Insikt Group recently published findings from their research into Chinese efforts to sway public opinion via social media, and how their goals and tactics are markedly different from those of the Russians. We welcome back Recorded Future’s Priscilla Moriuchi to the show. She shares Insikt Group’s findings and helps put it all into broader perspective.
Our guest today is Mollie MacDougall, threat intelligence manager at Cofense, a company that specializes in phishing defense, threat intelligence, and cyber incident response. She shares the story of her unconventional professional journey and the role she plays in coordinating communications between technical and non-technical people in her own organization, as well as her insights on the broad spectrum of phishing threats organizations face, how they are quickly evolving, and the most effective strategies to protect your organization. We’ll talk threat intelligence as well, hearing her thoughts on how to make sure your analysts aren’t getting too much noise in the threat intelligence signal.
Our guest today is Chris Betz, senior vice president and chief security officer at CenturyLink. His career journey has led him through a variety of well-known organizations, including the U.S. Air Force, NSA, CBS, Microsoft, Apple, and now CenturyLink. He shares some of the lessons he’s learned along the way, his leadership style, the challenges he sees the industry facing in the near future, as well as his thoughts on threat intelligence and privacy.
2018 was an interesting year for ransomware — there were more documented ransomware campaigns than the year before, but there was also a feeling that the focus had shifted to other forms of cybercrime, like cryptojacking. Our guest today is Allan Liska, senior solutions architect at Recorded Future. He’s the author of a recently published blog post, “4 Ransomware Trends to Watch in 2019.” We discuss the growth of the ransomware market, its impact (or lack thereof), the most effective avenues for ransomware infection, how one strain has found success by bucking the trends, and the increasingly fuzzy line between criminal groups and nation-state actors.
This week, we welcome back Levi Gundert, Recorded Future’s vice president of intelligence and risk. In a wide-ranging conversation, we discuss Insikt Group’s research into APT10, the challenges of authentication at scale, the importance of framing communication in terms of quantifying risk, and what it means to be an ethical hacker. Levi also shares the potential trends he’ll be following in the coming year.
On today’s show, we take a closer look at finished intelligence. What are the best ways to define it, who’s the best audience for it, and how can you be sure you’re getting the best bang for your buck when you request it? And what’s the best plan for dialing in finished intelligence when it comes to managing resources and supplementing the other types of intelligence your organization may generate or consume? Joining us to help answer these questions is David Carver, team lead for subscription services at Recorded Future. He’ll provide practical insights based on his experience collaborating with customers.
Our guest today is Mike Morris, chief technology officer at root9B, where he’s chief architect behind the design and integration of their Active Adversary Pursuit threat hunting platform. Mike began his career in the U.S. Air Force and was an integral part of many of the Department of Defense’s pioneering efforts to help protect the nation’s cyber infrastructure. Mike shares the story of his professional journey from the military to the private sector, his philosophy on threat hunting and threat intelligence, how he thinks organizations can best build effective teams, and much more.
Many organizations find themselves faced with the challenge of managing third-party risk, working with business partners, vendors, and suppliers to ensure that they are handling security and managing vulnerabilities at an acceptable level. Traditionally, this has been accomplished through static assessments — snapshots of a security posture at a specific moment in time — done at regular intervals. There are limitations to this approach, since businesses don’t operate in static environments, and things change in real time. Our guest today is Jon Oltsik, senior principal analyst and ESG fellow at the Enterprise Strategy Group. He’s author of a recently published study, “Third-Party Risk: Why Real-Time Intelligence Matters.”
Each year, security firm NopSec publishes their annual State of Vulnerability Risk Management Report, analyzing all of the vulnerabilities listed in the National Vulnerability Database, the NVD, along with those uploaded to their own platform by their clients. They consider a number of factors, including CVSS score, description, type, and vendor affected, to see which factors contribute to vulnerabilities being incorporated into malware and exploited in the wild. For this year’s report, NopSec invited Recorded Future to contribute their unique insights into how geopolitics affect government run vulnerability databases. Joining us today are Sanja Nedic, data scientist at NopSec, and Adrian Sanabria, VP of strategy and product marketing at NopSec.
Our guest today is Robb Reck, chief information security officer at Ping Identity. With nearly 20 years of experience in IT security, compliance, and systems and networking, Robb has witnessed the evolution of the space. He shares his professional journey, his management style and philosophy when it comes to hiring, and where he sees the intersection of identity management and threat intelligence. We’ll hear about his role with Ping Identity, protecting the organization and its customers, and where he sees identity management and access control heading in the future, as sensitive data flows more freely between organizations, individuals, and third parties.
Our guest this week is Thomas H. Davenport. He’s a world-renowned thought leader and author, and is the president’s distinguished professor of information technology and management at Babson College, a fellow of the MIT Center for Digital Business, and an independent senior advisor to Deloitte Analytics. Tom Davenport is author and co-author of 15 books and more than 100 articles. He helps organizations to revitalize their management practices in areas such as analytics, information and knowledge management, process management, and enterprise systems. His most recent book is “The AI Advantage: How to Put the Artificial Intelligence Revolution to Work (Management on the Cutting Edge).” Returning to the show to join the discussion is Recorded Future’s chief data scientist, Bill Ladd.
Schneider Electric is a global energy management and automation company headquartered in France, employing over 144,000 people around the world. With a history dating back to the 1830s, these days Schneider Electric enjoys success in industrial control systems, industrial safety systems, electric power distribution and grid automation, smart grid technology, and data center power and cooling. Our guest today is Andrew Kling, senior director of cybersecurity and system architecture at Schneider Electric. He shares his professional journey, his experience pioneering many of the security measures we take for granted today, the shift to being proactive in his sector, and the importance of threat intelligence.
BT is a global telecommunications giant, headquartered in London with over 100,000 employees all over the world. In addition to telephone services in Great Britain, BT provides broadband internet, fiber-optic communications, digital television, and even supply chain management services. They also provide IT and network security services. Our guest today is Mark Hughes, who served as the CEO of BT Security from 2013 to 2018. He oversaw the security of BT’s internal networks and assets, as well as the services they provide to outside clients. He shares with us his techniques for building effective, collaborative security teams, how he earns buy-in from both his colleagues and his board of directors, and the importance of threat intelligence. He’ll also share his experience gearing up for the 2012 London Olympic Games, and why he thinks it was a milestone moment for cybersecurity.
Our guest today is Aaron Gee-Clough. He’s chief technology officer for King & Union, a company that aims to bring increased collaboration to threat intelligence analysts, allowing them to more easily visualize and manage threat data in real time. We discuss the benefits and challenges in bringing meaningful, actionable threat intelligence to small and mid-sized organizations, what he thinks machine learning can and cannot bring to the table, the distinction between threat intelligence and lists of bad IPs, and how many organizations are already exercising their impulse to collaborate and share information, even if they’re doing it in unofficial or inefficient ways.
Recorded Future’s Insikt Group recently published research titled “Underlying Dimensions of Yemen’s Civil War: Control of the Internet.” It’s a detailed analysis of the role the internet has played in this ongoing bloody conflict, as rival factions fight to gain control of information, access, and infrastructure. Local and international interests all come in to play. Here to guide us through the research are Recorded Future’s Winnona DeSombre, threat intelligence researcher, and Greg Lesnewich, threat intelligence analyst.
Our guest today is Jason Kichen. He’s director of cybersecurity services at Versive, a cybersecurity company that delivers advanced threat detection and automation. Prior to Versive, Jason spent nearly 15 years in the U.S. Intelligence Community as an expert in technical and offensive cyber operations. He was responsible for the design and execution of advanced technical operations all over the world. He has two Director of National Intelligence Meritorious Unit Citations and a National Intelligence Professional Award from the National Counterproliferation Center. We’ll learn about his experience in the intelligence community, how it differs from the private sector, and the challenges he faced transitioning between the two. We’ll get his take on threat intelligence and how he thinks organizations can build effective security teams.
Today we welcome Maggie McDaniel, senior director of Insikt Group at Recorded Future. She’s had leadership positions in the U.S. government intelligence community, as well as the financial services sector. We’ll be discussing her recent blog post, “Communicating Threat Intelligence Relevance.” In it, she describes a framework that helps get to the core of what matters, helps explain what it means for your organization, and provides justification to the powers that be, all while improving communications throughout the company.
Joining us today is Derrick Pendleton. He’s a senior digital forensic incident response analyst at Legg Mason in Baltimore. He shares his experience cutting his teeth on security within the federal government, the specific benefits he believes that environment provided, and how he’s brought those skills to his work protecting the employees, partners, and customers of Legg Mason, one of the largest asset management firms in the world. We’ll get his take on threat intelligence and incident response, as well as his words of wisdom for folks looking to get a start in the security business.
Our guest today is Dale Drew. He’s chief security officer at Zayo Group, a global provider of communications, colocation, and cloud infrastructure. Previously, he’s held leadership positions at some of the largest and most influential telecommunications companies in the world, including CenturyLink, Level 3 Communications, and MCI Communications. He shares the story of his unlikely start in the security industry, sparked by a stolen family checkbook, which led to a position with the Arizona Attorney General’s office, working to fight organized crime and racketeering. We’ll get his views on threat intelligence, and we’ll learn why he’s leading an effort to champion open source tools in the industry.
Our guest today is Rick Tracy. He’s chief security officer at Telos, a cybersecurity, IT risk management and compliance, secure mobility, and identity management company. In addition to his duties as CSO, Rick is co-inventor of Xacta, a cyber risk management platform. Rick shares his experience from over three decades in the industry, his thoughts on regulations like GDPR and what we might expect to see here in the U.S., how he handles briefing his board of directors, the helpful utility of the NIST framework, and how threat intelligence can inform an organization’s approach to managing risk.
Joining us today is Nicolas Cairns, director of Aegis 9 Security Intelligence, a cybersecurity firm located in Canberra, Australia. In his career, Nicolas has worked in both offensive and defensive cybersecurity operations, threat intelligence, malware analysis, digital forensics and incident response, as well as threat and risk assessment. He shares his experience building a career in security, transitioning from the military to the private sector, having a hand in Australia’s first intelligence collection system, and working as a pen tester. Throughout it all, his career has been marked by a strong work ethic and desire to keep learning, to keep improving, and to put in the extra time and effort. We’ll hear his thoughts on threat intelligence, specifically how organizations can best manage the growing volume of information available, and how to best transform that information into actionable intelligence.
Our guest today is Paul Kurtz. He’s the co-founder and CEO of TruSTAR Technology, a company that develops collaborative intelligence-sharing platforms with the goal of streamlining the distribution of actionable information for cybersecurity professionals. Paul Kurtz began working in cybersecurity at the White House in the late 1990s, and later served in senior positions relating to critical infrastructure and counterterrorism on the White House's National Security and Homeland Security Councils under Presidents Clinton and Bush. We’ll hear his views on information sharing and threat intelligence, and we’ll find out why he thinks that we may not be able to count on the government to protect us in the cyber realm.
The Recorded Future team is proud to have recently published its first book, “The Threat Intelligence Handbook — A Practical Guide for Security Teams to Unlocking the Power of Intelligence.” The book aims to provide readers with the information they’ll need to integrate threat intelligence into their organizations, to ensure that it’s actionable, and to put it in the hands of people who can most effectively make use of it. Joining us once again is Recorded Future’s Chris Pace, who served as editor of the new book. He’ll take us through the process he and his colleagues went through to organize and write it, and why he believes the book is valuable for those both new to threat intelligence and the more experienced readers as well.
Our guest today is Tod Beardsley. He’s director of research at Rapid7, a cybersecurity company providing technology, services, and research to organizations around the world. Tod manages software vulnerability research efforts at Rapid7, handles vulnerability disclosures, contributes to Rapid7's data science-driven research projects, and serves as the primary spokesperson for Rapid7 on security and research topics in the media and on podcasts like this one. Tod shares his professional journey, his views on the challenges facing the cybersecurity industry, his take on threat intelligence, and his belief that, as professionals, we share a responsibility for instilling our sense of passion for security in our friends and families.
The SANS Institute is a well-known and respected cooperative research and education organization. Since its founding in 1989, it’s worked with over 165,000 security professionals around the world, providing training and certification. It also provides free access to a huge library of research documents about information security, and it runs the Internet Storm Center, which it describes as the internet’s early warning system. Our guest today is Dr. Johannes Ullrich, and he’s responsible for that early warning system. He’s a popular public speaker and host of the ISC StormCast daily podcast, a daily briefing of cybersecurity news that professionals around the world rely on to stay up to date.
Chances are you’re familiar with GDPR, the European Union’s General Data Protection Regulation. It went into full effect back in May of this year, with the goal of improving the privacy and security of European citizens in particular, but the global community overall as well. One of the impacts of GDPR was that it made the WHOIS database private. WHOIS is the searchable online directory of domain name registrations, and some security researchers had concerns that spammers might take advantage of this anonymity to increase their registration rate of domain names, making it easier for them to send out their spam. Allan Liska is a senior security architect at Recorded Future and analyzed several months’ worth of data on spam rates to see if the expected uptick came to pass. Allan wasn’t alone on this project — he had assistance from his son, Bruce, who interned at Recorded Future this past summer and co-authored the report. We’ll hear from Bruce as well.
Perdue Farms is a major U.S. agricultural business, best known for its processing of chicken, turkey, and pork, and is one the nation’s top providers of grain. Founded nearly a century ago as a “mom-and-pop” business with a small flock of chickens, today the company marks sales in excess of $6.5 billion a year and has over 20,000 employees. Chris Wolski is head of information security and data protection at Perdue Farms, and he joins us to describe the unique intersection of cyber and physical systems he and his team help protect.
Researchers from Recorded Future’s Insikt Group have previously analyzed both the U.S. and Chinese national vulnerability databases, examining the speed of publication of cybersecurity vulnerabilities, and how each respective country considers its NVD in the broader context of the national mission of cyber defense and operations. Recorded Future’s research team recently set their investigative sights on Russia’s vulnerability database to see how it compares. Priscilla Moriuchi is director of strategic threat development at Recorded Future, and she joins us to share what they found.
We’ve got a special episode of the Recorded Future podcast for this week. Staffan Truvé, Recorded Future’s CTO and co-founder, returns to the show to lead a conversation with our guest Rolf Rosenvinge. Rolf is CEO of RCG – CyberInsights, a Stockholm-based cybersecurity management consulting firm. He shares his views on the state of cybersecurity in the EU; the effects GDPR is having; the evolving relationship between CTOs, CISOs, and boards; and the role of threat intelligence as we look toward the future.
Researchers from Recorded Future’s Insikt Group have been tracking new malware targeting the Tibetan community, continuing an ongoing effort by the Chinese state to use cyberespionage to keep tabs on perceived domestic threats. They’ve uncovered a sophisticated new backdoor with some peculiar characteristics, and also concluded that many of these activities are being originated from servers located at a major Chinese research university. Winnona DeSombre and Sanil Chohan, threat intelligence researchers at Recorded Future, are co-authors of the report “Chinese Cyberespionage Originating from Tsinghua University Infrastructure,” along with their colleague Justin Grosfelt. Winnona and Sanil are our guests today, and they’ll take us through what they’ve learned. https://www.recordedfuture.com/chinese-cyberespionage-operations/
Our guest is Gary Hayslip. He’s vice president and chief information security officer at Webroot, a cybersecurity and threat intelligence company. Prior to joining Webroot he was the CISO for the city of San Diego, and before that served active duty with the U.S. Navy and as a U.S. Federal Government employee. He’s the author of the "CISO Desk Reference Guide," and is an active cyber evangelist and popular keynote speaker. He shares his thoughts on team building, recruiting talent in a highly competitive jobs market, and the importance of actionable threat intelligence.
Raytheon is one of the largest defense contractors in the world, with over 60 thousand employees and annual revenues near $25 billion. They’ve been in business for nearly a hundred years, with humble beginnings in vacuum tube manufacturing, RADAR systems and microwaves during World War II, and post-war expansions into everything from missiles and aircraft to refrigeration and robotics. Our guest today is Michael Daly, chief technology officer for cybersecurity at Raytheon. He shares his experiences spinning up a cybersecurity team at Raytheon, the challenges of doing so within such a large organization, and the importance of a strong corporate culture to ensure safety and security.
This week we’re joined by Alexander Schlager, executive director of security services at Verizon. He has experience in both the technical and sales sides of the communications and security worlds, having gained experience in a variety of positions around the globe. Our conversation focuses on his belief that organizations need to concentrate on quantifying their cyber risk, and using what they learn to evaluate and plan their security programs. He explains why Verizon invests in reports like the DBIR and the Verizon Risk Report, and of course, we’ll get his take on the importance of threat intelligence.
These days, most of us have a pretty good handle on protecting the software our computers run from viruses and other types of malware. We’re careful about downloading and installing software from unknown, insecure sources, and run antivirus applications to help keep everything safe. But what about the system-level code that runs deep within the devices we rely on every day? What about the firmware? Our guest today is Terry Dunlap. He’s CEO and co-founder of ReFirm Labs, a tech startup that’s focused on firmware — analyzing the code and helping manufacturers, organizations, and governments ensure their devices haven’t been compromised. He’s got a colorful history that includes teenage hacking, time at the NSA, and the founding of several companies.