What does it take to become a cybersecurity "unicorn"? According to Adam Goss, it's the rare combination of threat intelligence expertise with cross-domain skills that truly drives innovation in our industry.

Adam takes us on his unconventional journey from aspiring penetration tester to CTI specialist and educator, revealing the critical mindset shifts required when transitioning between security roles. Most fascinating is his comparison between SOC and CTI approaches to bias - while SOC analysts leverage bias for quick decision-making, CTI professionals must actively combat it, asking deeper questions before jumping to conclusions.

The conversation turns deeply personal when Adam shares how a seemingly successful threat detection of a Cobalt Strike beacon ultimately missed crucial indicators that led to a devastating ransomware outbreak. This painful lesson transformed his entire career trajectory, highlighting why technology alone fails without the right people and processes - ultimately inspiring him to found Craven Security to make CTI education more accessible.

For those looking to develop their own CTI expertise, Adam provides a treasure trove of resources - from hands-on platforms like TryHackMe to industry reports, conferences, and specialized books that bridge tactical and strategic intelligence needs. His recommended reading covers everything from intelligence-driven incident response to honeypot deployment and strategic analysis frameworks.

Perhaps most refreshing is Adam's closing perspective on maintaining balance in security careers. Despite the high-stakes nature of our work, he reminds us to focus on the aspects we genuinely enjoy, treat work as just work, and prioritize health and family over professional pressures - wisdom that might be the most valuable intelligence shared in the entire conversation.

Connect with us on LinkedIn at Cyber Threat Intelligence Podcast to join the conversation and recommend future guests with unique CTI perspectives to share.

Resources:

https://kravensecurity.com/

https://www.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/

https://chrissanders.org/2020/09/idh-release/

https://collegepublishing.sagepub.com/products/critical-thinking-for-strategic-intelligence-3-265236

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

How does a military intelligence background translate to cyber threat intelligence? Sam Flockhart, a former UK military intelligence operator who now heads threat management at a global bank, reveals the fascinating journey and powerful parallels between these worlds.

Sam opens up about his transition from conventional military intelligence to the cyber realm despite having "absolutely no cyber knowledge" initially. He shares a critical insight for job seekers: while certifications matter, demonstrating real knowledge and preparation during interviews often matters more. Sam explains how anticipating common interview questions about threat actors, their methodologies, and recent attacks can set candidates apart.

Drawing from his military expertise on Russia and Ukraine, Sam offers a riveting deep dive into why ransomware predominantly emerges from Russian-speaking regions. He explains the cultural concept of "Kresha" (roof/protection) that allows these groups to operate with impunity and traces how post-Soviet history created the perfect ecosystem for cybercrime to flourish. This cultural understanding adds a crucial dimension to technical threat analysis that many professionals overlook.

The conversation explores how military intelligence frameworks have shaped modern CTI practices. From tactics, techniques, and procedures (TTPs) to intelligence collection plans and priority intelligence requirements - these structured approaches have been adopted by the cyber community. Sam also discusses the nuances of intelligence sharing in private sector environments compared to military settings, where different constraints and opportunities exist.

For aspiring CTI professionals, Sam's advice is practical and actionable: prepare thoroughly by researching top threats, understand organizational stakeholders who consume intelligence, and familiarize yourself with various intelligence sources. This episode offers invaluable guidance for anyone looking to enter the field or enhance their threat intelligence capabilities through a deeper understanding of the human element behind cyber attacks.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What does it take to build an effective Cyber Threat Intelligence function from scratch? In this eye-opening conversation, Bianca Miclea shatters the myth that cybersecurity is only for those with traditional technical backgrounds.

Bianca shares her remarkable journey from politics student to cybersecurity leader, revealing how her academic background became an unexpected asset in the CTI world. "It was one of those 'this is really cool, but I could never do this' thoughts," she explains, describing her initial hesitation before diving into the field. This refreshing perspective demonstrates how diverse educational paths can strengthen cybersecurity teams—an important message for anyone contemplating a career transition.

The conversation explores what makes CTI truly valuable: actionable intelligence that connects directly to security operations. Bianca walks us through her experience establishing a CTI team at a major financial institution, emphasizing the critical difference between information collection and intelligence that drives meaningful security improvements. Her implementation of monthly Mitre ATT&CK exercises brings together cross-functional teams to identify control gaps and assign clear accountability—a practice listeners can immediately adopt to enhance their security posture.

Perhaps most valuable is Bianca's practical advice for managing the overwhelming information flow in threat intelligence. Her concept of "reporting thresholds" offers a framework for prioritization that helps CTI teams focus on what truly matters while preventing analyst burnout. Combined with her insights on board communication, community engagement, and measuring CTI effectiveness, this episode delivers a masterclass in modern threat intelligence leadership.

Ready to transform how you think about threat intelligence? Subscribe now, share with your network, and join our LinkedIn community to continue the conversation about building CTI programs that deliver genuine security value.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What does cybersecurity look like when you're protecting the world's largest streaming service and content studio? Jason Chan, who built and led Netflix's security team for over a decade, takes us behind the scenes of securing one of the most transformative companies in modern history.

From Netflix's humble beginnings as a DVD-by-mail service to its evolution into a global streaming behemoth operating in 200+ countries with hundreds of millions of subscribers, Jason shares the security journey that paralleled this remarkable business transformation. At the heart of Netflix's approach was strategic storytelling—creating a clear picture for both technical and non-technical stakeholders about not just what needed protection, but who the company needed protection from.

The threats Netflix faced were as unique as its business model. Account takeover schemes where compromised credentials were resold on international black markets. Content protection challenges to prevent pre-release leaks of shows and even physical-digital security concerns around protecting high-profile people like the Obamas. Through it all, Jason's team developed a pragmatic approach focused on preventing the most catastrophic outcomes: service unavailability and data breaches.

Perhaps most remarkable was Netflix's commitment to open-source security. At a time when most companies guarded their security practices closely, Netflix released groundbreaking tools that shaped today's security landscape—including Security Monkey (the first cloud security posture management tool) and Fido (an early security orchestration platform). As Jason explains: "We're not going to compete on security, we're going to compete on entertaining the world."

Whether you're building a security program from scratch or leading a mature team, Jason's insights on prioritization, vendor partnerships, and community collaboration offer a masterclass in effective security leadership. Subscribe now to hear the full conversation about securing one of the world's most innovative companies during its remarkable transformation.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

From nuclear weapons research to reshaping Europe's stance on Chinese technology in critical infrastructure, Andra Rojčík's journey into cyber threat intelligence defies conventional career paths. As a principal CTI analyst who teaches intelligence analysis tradecraft, Andra brings unique perspectives from his experience at NATO, the Czech Intelligence Agency, and now Red Hat.

During his time leading the Strategic Cyber Threat Intelligence function at the Czech National Cybersecurity Agency, Andra's team produced analysis on Huawei that transformed the European narrative around technology sovereignty. "Technology is actually a pretty political issue," Andra explains, challenging the previously accepted notion that technology remains neutral regardless of origin.

The conversation explores fascinating contrasts between government and private sector intelligence work. While government analysts often face unpredictable demands from high-level officials who understand intelligence terminology, private sector CTI requires translating insights into actionable steps for stakeholders who may rarely encounter intelligence products. This demands CTI professionals go beyond assessments to help operationalize findings into concrete security controls.

Andra breaks down the discipline into three essential components that every analyst must develop: Cyber (information security concepts), Threat (adversary operations), and Intelligence (analytical principles). Many technically-skilled professionals overlook the intelligence tradecraft element, which Andra addresses through workshops helping analysts avoid "admiring problems" and instead deliver actionable intelligence. For those looking to develop their skills, he recommends resources like "Thinking Fast and Slow" by Daniel Kahneman and "Critical Thinking for Strategic Intelligence" by Katherine Hibbs Pherson and Randolph H. Pherson.

Whether you're contemplating a career pivot into cyber threat intelligence or seeking to strengthen your analytical capabilities, this episode offers valuable insights from someone who has successfully navigated both government and corporate intelligence landscapes. Connect with us on LinkedIn to share your thoughts or suggest future guests for the Cyber Threat Intelligence Podcast.

References:

https://www.linkedin.com/in/orojcik/
https://medium.com/@orojcik

Books:
Daniel Kahneman: Thinking Fast and Slow
Katherine and Randolph Pherson: Critical Thinking for Strategic Intelligence
Cole Nussebaumer Knaflic: Storytelling With Data

CTI Intro books:
Thomas Roccia: Visual Threat Intelligence
Rebekah Brown and Scott Roberts: Intelligence-Driven Incident Response

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Ever wonder how top security teams stay one step ahead of cybercriminals? The answer lies in the ancient wisdom of Sun Tzu: "If you know yourself and know your enemy, you'll win all battles." This principle forms the foundation of effective Cyber Threat Intelligence (CTI).

To celebrate our 10th episode, we had an insightful conversation with Kees Pouw, a veteran CISO with over two decades of cybersecurity experience, where we explore how organizations can build powerful CTI capabilities that transform their security posture. Drawing from his experience as both a consultant and in-house security leader, Kees breaks down the mystique surrounding threat intelligence and delivers practical insights on implementation.

"The best battles are won before they're fought," Kees explains, highlighting how proper intelligence allows organizations to deter attackers through strategic preparation. By understanding specific attacker techniques—like Lockbit's targeting of VMware ESXi hosts—security teams can focus limited resources on the most critical defenses.

We dive deep into the four core domains of comprehensive CTI: threat intelligence feeds, dark web monitoring, digital risk protection, and attack surface management. For organizations just starting their CTI journey, Kees offers a pragmatic roadmap, suggesting which capabilities to prioritize and how to grow organically from existing security operations.

The conversation takes a fascinating turn when we explore how agentic AI is revolutionizing threat intelligence. Kees shares his "wow moment" realizing how AI agents can automate complex research tasks that previously required specialized human expertise—potentially transforming how organizations process the massive volumes of intelligence data.

Whether you're looking to build your first CTI program or enhance existing capabilities, this episode provides a masterclass in making threat intelligence both practical and powerful. Subscribe now to continue learning from cybersecurity leaders who are shaping the future of digital defense.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What happens when traditional intelligence methodology meets modern cybersecurity? Scott Scher, CTI Associate Director with expertise in nation-state threat actors and cybercriminal groups, reveals a powerful perspective: successful CTI professionals are intelligence analysts first and cybersecurity specialists second.

Drawing from his background in international security policy and experience across government and private sectors, Scott breaks down the critical distinction between collecting data and generating actionable intelligence. He unpacks how established intelligence frameworks provide the foundation for effective cyber threat analysis, while the technical cybersecurity knowledge can be built on top of this analytical foundation.

Scott shares practical wisdom on building effective CTI programs, beginning with establishing clear processes, creating functional data pipelines, and most critically, understanding stakeholder needs. He explains that many organizations fall into the trap of overcollection – gathering excessive threat feeds without the capacity to transform them into actionable insights. Instead, he advocates for regular evaluation of intelligence sources using frameworks like the Admiralty Code to assess reliability and value.

The conversation delves into the crucial difference between threat (composed of intent, capability, and opportunity) and risk (which incorporates business impact). This distinction becomes essential when communicating with executives who need to understand potential consequences in business terms. Scott provides concrete examples of how to tailor intelligence for different stakeholders – from tactical information for SOC analysts to strategic insights for CISOs making resource allocation decisions.

Whether you're building a CTI function from scratch, looking to improve stakeholder engagement, or seeking to make your intelligence more actionable, this episode offers a masterclass in intelligence-driven cybersecurity. Subscribe now to learn how to transform technical threats into business insights that drive meaningful security improvements across your organization.

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

The digital world is full of breadcrumbs that tell our stories - are you carefully tracking who follows them back to you? In this eye-opening conversation with OSINT expert Ritu Gill, we pull back the curtain on the fascinating world of Open Source Intelligence and why proper tool vetting matters more than you might think.

Drawing from her 18 years in Canadian law enforcement and extensive consulting experience, Ritu reveals why careless tool selection could mean someone is "capturing every keystroke" as you conduct investigations. Her practical advice for both beginners and experienced practitioners cuts through the noise in an increasingly crowded OSINT landscape.

"Without analyzing and adding value to the information, it is not intelligence," Ritu explains, highlighting the crucial distinction between collecting data and producing actionable intelligence. Her emphasis on ethical considerations - the principle of "OSINT for good" - serves as a timely reminder that with great investigative power comes great responsibility.

Whether you're looking to build your skills through free resources like Sophia Santos' exercises, gamified platforms like GeoGuessr, or real-world missing persons cases with TraceLabs, this episode provides concrete pathways for growth. Networking emerges as a powerful career accelerator, with events like OsmosisCon offering invaluable opportunities to connect with the community.

Ready to enhance your digital intelligence capabilities while maintaining ethical standards? Follow Ritu's newsletter at forensicosint.com, explore the resources mentioned in our show notes, and join our LinkedIn community to continue the conversation. Your journey into the world of OSINT starts with understanding not just what you can find, but how to find it responsibly.

Resources:

https://www.raebaker.net

https://www.linkedin.com/in/espen-ringstad-80297464/

https://www.geoguessr.com

https://www.tracelabs.org

https://www.kasescenarios.com

https://www.forensicosint.com/newsletter

https://gralhix.com

https://osmosisinstitute.org

https://www.linkedin.com/feed/update/urn:li:activity:7317909650798977024/

Send us a text

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!