Cyber Threat Intelligence Podcast

Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

"Basically, everyone just do  whatever they feel like and then call it intelligence." With these provocative words, Freddy Murre cuts straight to the heart of what's wrong with most cyber threat intelligence practices today.Drawing from 13 years of intelligence experience spanning military operations and private sector work, Freddy exposes the critical disconnect between intelligence methodology and what many CTI teams actually deliver. Most security teams, he argues, are producing cyber threat information, not intelligence—pushing technical indicators without context, relevance, or the crucial "so what" that decision-makers need.The conversation explores how CTI professionals often fall back on their technical comfort zones rather than embracing true intelligence tradecraft. Freddy walks us through the intelligence cycle, explaining how requirements drive collection and analysis to produce actionable insights. He challenges the industry norm of one-directional "data dumps" from vendors to customers, advocating instead for a more tailored approach that considers each organization's specific technologies, vulnerabilities, and business needs.Perhaps most valuable is Freddy's practical guidance on stakeholder engagement—identifying who your intelligence serves, understanding their decision-making needs, and continually validating that your work delivers measurable value. "If they can't articulate the decisions they made based on your intelligence," he warns, "you're in a dark space." His Ferrari analogy brilliantly illustrates how CTI teams must find the right fit between capabilities and stakeholder requirements.The episode also tackles AI's impact on intelligence work, with Freddy offering a sobering assessment of large language models' limitations while acknowledging their potential benefits when properly understood as tools rather than solutions. Whether you're a seasoned CTI professional or just building your program, this conversation provides an essential framework for elevating your practice from information sharing to true intelligence production.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!