Summary

In this conversation, Terry shares his journey from government intelligence to the private sector, discussing the evolution of training and methodologies in intelligence analysis. He emphasizes the importance of structured analytical techniques and the challenges faced in adapting these methods in the private sector. The discussion also touches on the impact of geopolitics on cyber threats and the role of AI in intelligence work, highlighting the need for critical thinking and planning in the analysis process. Terry reflects on the differences between open source intelligence and open source information, and the importance of understanding biases in AI tools.

Takeaways

• Terry is a senior director for customer success at Atreides.
• He has a mixed career in both government and private sectors.
• Training in intelligence has evolved significantly over the years.
• Open source intelligence became more prominent after 2008.
• Structured analytical techniques are crucial for effective analysis.
• Planning is essential before diving into information collection.
• The maturity of intelligence practices varies between sectors.
• Geopolitical events significantly influence cyber threats.
• AI tools can assist but come with their own challenges.
• Understanding biases in AI is critical for effective intelligence.

Resources and references mentioned

• SATs training - https://inteltradecraft.com/sat-certifications
• SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
• Structured Analytic Techniques (SAT) training - https://inteltradecraft.com/sat-certifications
• Arno exemplifies "spending time to save time" - https://opensourceintelligence.biz/vague-osint-questions/
• ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf
• Intelligence agencies are starting to crowdsource information and recruits! For example, the MI6 platform, Silent Courier: https://www.gov.uk/government/news/new-dark-web-portal-launched-to-recruit-spies-to-support-uk-security

Chapters

00:00 Introduction to Terry's Journey

02:54 Training and Development in Intelligence

05:52 Transitioning from Government to Private Sector

08:58 Challenges in Intelligence Analysis

11:50 The Role of Planning in Intelligence Work

14:51 The Maturity of Intelligence in the Private Sector

17:53 The Impact of Geopolitics on Cyber Intelligence

20:56 The Future of AI in Intelligence

23:43 Open Source Intelligence vs. Open Source Information

26:47 Advice and Reflections on Intelligence Work

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 3rd, 2025 in London, England.

In this conversation, Freddy and Will delve into the world of Cyber Threat Intelligence (CTI) and sharing communities, exploring of Will T, the journey of a cybersecurity professional, the importance of training and community, the challenges faced in threat reporting, and the impact of AI on the field.

They discuss the evolution of CTI, the necessity for critical thinking, and the ethical considerations surrounding the use of AI in intelligence work. The conversation emphasizes the need for collaboration and knowledge sharing within the cybersecurity community to enhance overall effectiveness against cyber threats.

Takeaways

• The importance of foundational knowledge in cybersecurity.
• Real-world experience is crucial for developing analytical skills.
• Training can significantly enhance an analyst's capabilities.
• Community support is vital for sharing knowledge and resources.
• AI can assist in summarizing and analyzing data but has limitations.
• Ethical considerations are paramount when using AI in intelligence.
• Critical thinking is essential in evaluating threat reports.
• Transparency in threat reporting builds trust with stakeholders.
• Continuous learning and adaptation are necessary in cybersecurity.
• Collaboration within the community can lead to better threat mitigation.

Resources & References Mentioned

• Rob M. Lee - https://www.dragos.com/team/robert-m-lee/
• SANS FOR578: https://www.sans.org/cyber-security-courses/cyber-threat-intelligence/
• SANS FOR589: https://www.sans.org/cyber-security-courses/cybercrime-investigations/
• Chainalysis Blockchain Intelligence: https://www.chainalysis.com/blockchain-intelligence/
• SANS blog post on Admiralty Scale https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/
• Oracle incident - https://www.csoonline.com/article/3953644/oracle-quietly-admits-data-breach-days-after-lawsuit-accused-it-of-cover-up.html
• Flavio Queiroz's LinkedIn post - https://www.linkedin.com/posts/flavioqueiroz_threathunting-threatdetection-threatanalysis-activity-7310254153732141056-b-Ba/
• Council of Experts: https://blog.bushidotoken.net/2024/04/strengthening-proactive-cti-through.html
• Will's Projects: https://github.com/BushidoUK#-my-projects
• Ransomware Tool Matrix: https://github.com/BushidoUK/Ransomware-Tool-Matrix
• Curated Intelligence: https://www.curatedintel.org/
• MITRE ATT&CK: https://attack.mitre.org/
• Diamond Model of Intrusion Analysis: https://www.activeresponse.org/wp-content/uploads/2013/07/diamond.pdf?adlt=strict
• Mapping TTPs: https://github.com/BushidoUK/MITRE-Mappings
• Curated Intel website - https://www.curatedintel.org/
• Microsoft Security Copilot: https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot

• 
  

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:48 Career Journey in Cybersecurity

06:08 Understanding Cyber Threat Intelligence

09:06 The Role of Training in Cyber Intelligence

11:57 Teaching and Sharing Knowledge in Cybersecurity

15:08 The Importance of Community in Cyber Intelligence

17:54 Challenges in Cyber Threat Reporting

20:56 The Impact of AI on Cyber Threat Intelligence

24:08 Future of AI in Cybersecurity

26:47 Ethics and Challenges of AI in Intelligence

29:57 Conclusion and Final Thoughts

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 2nd, 2025 in Bournemouth, England.

Step inside the real world of intelligence with Kathy Pherson, a pioneering CIA analyst whose career arc spans from a curious Kansas City upbringing to the highest levels of global intelligence. In this episode, Kathy reveals how she navigated the challenges of intelligence writing, honed her craft in security and Latin American analysis, and ultimately transformed the field with innovative structured analytic techniques.

Listeners will hear her candid reflections on balancing data and practical countermeasures, adapting to the evolving demands of intelligence, and the crucial role of critical thinking in a world increasingly shaped by AI. Learn how Kathy’s work at the White House, her leadership of Pherson Associates, and her presidency at the International Association for Intelligence Education are shaping future intelligence professionals. With stories of teamwork, adaptation, and even a personal mission to fight rare diseases, this conversation promises to intrigue, inspire, and challenge your ideas about intelligence analysis, education, and the intersection with advanced technologies - Intelligence Tradecraft Podcast S1E4

In this conversation, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, shares his journey into the field of CTI, discussing his background, current responsibilities, and the importance of curiosity and empathy in intelligence analysis.

He emphasizes the role of AI and open-source intelligence in enhancing threat detection and response, while also addressing the challenges of implementing threat-informed defense strategies. The discussion highlights stakeholder engagement, the value of writing in intelligence, and the need for continuous learning and networking within the cybersecurity community.

Takeaways

• Curiosity is essential for success in intelligence analysis.
• Writing helps clarify thoughts and improve analytical skills.
• AI is transforming the landscape of cybersecurity and threat intelligence.
• Stakeholder engagement is crucial for effective intelligence sharing.
• Open-source intelligence provides valuable insights for threat analysis.
• Empathy allows analysts to understand diverse perspectives in intelligence.
• Structured analytic techniques enhance the quality of intelligence analysis.
• Networking within the cybersecurity community fosters collaboration and learning.
• Trustworthy sources are vital for accurate intelligence gathering.
• Incident-driven intelligence can lead to proactive security measures.

Resources references mentioned

• Tidal Cyber web site - https://www.tidalcyber.com/
• What are TTPs - https://csrc.nist.gov/glossary/term/tactics_techniques_and_procedures
• Cyber Kill Chain - https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Unified Kill chain - https://www.unifiedkillchain.com/
• my LinkedIn - https://www.linkedin.com/in/fmurre/
• my GitHub - https://github.com/Errum/IntelArchitectureMap
• Katie Nickels - CTI study plan 1 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
• Katie Nickels - CTI study plan 2 - https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-2-d04b7a529d36
• Curated Intel CTI fundamentals - https://github.com/curated-intel/CTI-fundamentals
• Intelligence Tradecraft Structured Analytic Techniques (SAT) training - https://inteltradecraft.com/sat-certifications
• Workshop I teach at FIRST CTI - https://www.first.org/conference/firstcti25/program#pIntelligence-Collection-Planning-Workshop-How-to-Create-A-Plan-that-Synchronizes-Collection-with-Your-Stakeholders-Needs
• NFCERT CTL - https://communication.nfcert.org/hubfs/CTL_Reports/2025%20TLP_CLEAR%20NFCERT%20Cyber%20Threat%20Landscape%20(CTL)%20Report%20v1.0.pdf

Chapters

00:00 Introduction to Cyber Threat Intelligence

02:47 Scott Small's Background and Career Path

06:10 Understanding Threat Informed Defense

08:59 The Role of TTPs in Cybersecurity

11:51 The Importance of Storytelling in Cyber Intelligence

15:05 Challenges in Implementing Threat Informed Defense

17:52 The Role of AI and Machine Learning in Cyber Intelligence

21:01 Evaluating Open Source Intelligence (OSINT)

23:56 Identifying Trustworthy Sources in Cyber Intelligence

26:59 Lessons Learned from Mistakes in Cyber Intelligence

29:44 Case Study: Analyzing the Akira Ransomware Group

33:10 Future of Cyber Threat Intelligence

38:06 Navigating the Landscape of Cyber Threat Intelligence

43:37 The Path to Becoming a Cyber Intelligence Analyst

46:08 The Importance of Writing in Cyber Intelligence

49:31 Essential Skills for a Successful Analyst

51:14 Structured Analytical Techniques in Cyber Intelligence

54:30 Implementing Intelligence Tradecraft in Organizations

58:02 Proactive vs. Reactive Intelligence

01:01:33 The Role of AI in Cyber Threat Intelligence

01:09:53 The Future of Automated Threats and Defenses

01:15:15 The Value of Networking and Community in Cyber Intelligence

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 23rd, 2025 during the FIRST CTI Conference in Berlin.

Join us in the first episode of our podcast where we interview Garrett Carstens in beautiful Berlin.

Garrett shares his extensive experience in cyber threat intelligence, from his beginnings at the US Department of Defense to his current role as VP of Intel Operations at Intel 471.

We delve into the transition from government to private sector, the importance of critical thinking in cyber intelligence, the evolution of threat intelligence, and how to effectively measure success in this field. Garrett also discusses the role of artificial intelligence and machine learning in cyber intelligence and provides practical advice for those looking to make a similar career transition.

Resources and references mentioned:

• Intel471 - https://www.intel471.com/

• SANS blog - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/

• FIRST CTI Conference Agenda - https://www.first.org/conference/firstcti25/program

• LinkedIn post on "what makes something intelligence?" - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m

• The Intelligence Architecture Mind Map on GitHub - https://github.com/Errum/IntelArchitectureMap

• SANS courses FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence

• FOR589 Cybercrime Investigations - https://www.sans.org/cyber-security-courses/cybercrime-investigations

• Intel471 Handbook - https://www.intel471.com/resources/cyber-underground-handbook

• GitHub Repo - https://github.com/intel471/CU-GIR

This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 21st, 2025 during the FIRST CTI Conference in Berlin