Want fewer fire drills and smarter security moves? This season finale brings together the strongest lessons from our guests on how cyber threat intelligence turns uncertainty into clarity—and clarity into action. We share what actually works when the data is partial, the stakes are high, and leadership wants proof that CTI moves the needle on risk and cost.

We start with the core: prioritization under uncertainty. You’ll hear how teams use intelligence to decide what to patch first, where controls matter most, and how to focus limited resources without missing the threats that can take a business offline or put customer data at risk. We dig into the language of value—money saved, revenue protected, efficiency gained—and why BLUF, clear implications, and stakeholder interviews beat jargon every time. If you’ve wrestled with KPIs, KRIs, or ROI, we unpack practical metrics that reflect real outcomes, not vanity numbers.

From there, we look ahead. Forecasting adversary capabilities, mapping susceptibility, and choosing proactive mitigations can shift a security program from reactive to resilient. You’ll get candid perspectives on building CTI the right way—starting tactically and growing into operational and strategic impact, or choosing a build-vs-buy path aligned to budget and goals. We also talk careers and team shape: why diverse backgrounds thrive in CTI, how small teams can deliver outsized results, and the discipline of deciding what you will not do so you can excel at what matters.

If you want CTI to influence decisions at every level—SOC, IR, red and purple teams, and the board—this wrap-up offers the playbook: stakeholder-first communication, focused scope, useful metrics, and a relentless push toward proactive defense. Follow, share, and leave a review to help more practitioners find these insights—and tell us: what CTI metric best proves your impact?

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Want a front-row seat to how cyber threat intelligence turns noise into decisions that save real money and protect trust? Pedro Kertzman sits down with Alex Keedy, a seasoned CTI leader with experience at Flashpoint, ZeroFox, Intel 471, Deloitte, and Booz Allen Hamilton, to unpack the craft of translating technical signal into business impact. From a political science beginning to profiling actors and advising executives, Alex shows why great intelligence starts with curiosity and ends with clarity: here’s what’s happening, what it means for us, and what we should do next.

We dig into the tough question every leader asks: how do you prove ROI for attacks that never landed? Alex breaks down practical models that map blocked activity to benchmark costs, balance tangible savings with brand and trust impacts, and prioritize the few actions that reduce the most risk. For mid-sized organizations, she lays out a pragmatic roadmap: start small, tap managed services, automate the obvious, and use early wins to earn budget. You’ll hear how a$10 stolen credential becomes a$50M outage, why ransomware-as-a-service thrives, and how to disrupt that supply chain before it reaches your environment.

Alex also opens the curtains on dark web tradecraft. Reputation-driven marketplaces demand embedded personas to validate threats, verify leaks, and ask the questions victims can’t. That access helps teams confirm exposure, guide response, and even support law enforcement—with examples spanning financial fraud, takedowns, and human trafficking investigations. Along the way, we share actionable learning paths: SANS webcasts, vendor blogs, Security+ or Network+ for baseline fluency, and community routes like B‑Sides and scholarships that lower barriers for new talent.

If you care about cybersecurity strategy, budget impact, and real-world outcomes, this conversation delivers the playbook: align intelligence to business risk, measure what matters, and communicate in plain language. Subscribe, share with a teammate who needs stronger CTI outcomes, and leave a review telling us the one question you want answered next.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.

Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.

Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.

Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.

We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.

Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.

If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.

Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.

The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."

We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.

The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.

Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.

Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.

Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.

What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.

Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.

Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

"Basically, everyone just do whatever they feel like and then call it intelligence." With these provocative words, Freddy Murre cuts straight to the heart of what's wrong with most cyber threat intelligence practices today.

Drawing from 13 years of intelligence experience spanning military operations and private sector work, Freddy exposes the critical disconnect between intelligence methodology and what many CTI teams actually deliver. Most security teams, he argues, are producing cyber threat information, not intelligence—pushing technical indicators without context, relevance, or the crucial "so what" that decision-makers need.

The conversation explores how CTI professionals often fall back on their technical comfort zones rather than embracing true intelligence tradecraft. Freddy walks us through the intelligence cycle, explaining how requirements drive collection and analysis to produce actionable insights. He challenges the industry norm of one-directional "data dumps" from vendors to customers, advocating instead for a more tailored approach that considers each organization's specific technologies, vulnerabilities, and business needs.

Perhaps most valuable is Freddy's practical guidance on stakeholder engagement—identifying who your intelligence serves, understanding their decision-making needs, and continually validating that your work delivers measurable value. "If they can't articulate the decisions they made based on your intelligence," he warns, "you're in a dark space." His Ferrari analogy brilliantly illustrates how CTI teams must find the right fit between capabilities and stakeholder requirements.

The episode also tackles AI's impact on intelligence work, with Freddy offering a sobering assessment of large language models' limitations while acknowledging their potential benefits when properly understood as tools rather than solutions. Whether you're a seasoned CTI professional or just building your program, this conversation provides an essential framework for elevating your practice from information sharing to true intelligence production.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.

What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.

You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.

Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.

Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!