Season 1 - Episode 17 (Pedro Kertzman & Dr. Jean Nestor Dahj)
Data science meets threat intelligence in this fascinating conversation with Dr. Jean Nestor Dahj, who reveals why the analytical mindset serves as the perfect foundation for effective cyber threat intelligence work. With over eight years in information security and a strong background in data science, Dr. Nestor-Dodge shares how his experience analyzing vast datasets naturally evolved into identifying patterns in threat actor behavior.What sets this episode apart is Dr. Nestor's practical approach to implementing CTI across organizations. Rather than isolating threat intelligence as a separate function, he advocates for integrating the "CTI mentality" throughout security teams. This revolutionary perspective transforms how security professionals approach their work—from SOC analysts contextualizing alerts with threat data to red teams emulating industry-specific threat actors during penetration tests.You'll discover why threat intelligence goes far beyond collecting indicators of compromise. Dr. Nestor breaks down how properly implemented CTI enables proactive defense, prioritizes risks based on context, and provides the narrative needed to justify security investments to executive teams. His framework for evaluating threat intelligence sources ensures you're getting actionable information rather than noise.Whether you're new to the field or looking to enhance your existing CTI program, this episode delivers concrete strategies you can implement immediately. From leveraging open-source feeds to integrating with security tools through STIX/TAXII, Dr. Nestor-Dodge provides a roadmap for organizations at any maturity level. And for those considering a career in threat intelligence, he outlines learning paths from the essential MITRE ATT&CK framework to advanced certifications.Join us for this insightful conversation that reframes threat intelligence as a continuous journey rather than a destination—and discover why the fusion of data science and security expertise creates the most effective defense against evolving threats.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
42:13
--------
42:13
Season 1 - Episode 16 (Pedro Kertzman & Gert-Jan Bruggink)
The cybersecurity industry has a people problem. While we chase after the latest tools and technologies, we're overlooking what Gert-Jan Bruggink calls "the human element" – the critical factor that connects technical solutions with actual security outcomes. In this thought-provoking conversation, Gert-Jan shares his journey from security engineering to pioneering scenario-based threat intelligence, revealing how his curiosity drove him to understand the "why" behind security implementations.Gert-Jan pulls no punches in addressing what he sees as an existential threat to the Cyber Threat Intelligence field. "If the CTI industry does not resolve this situation before 2030, the current commoditized form will become obsolete," he warns, highlighting the dangerous disconnect between technical intelligence and strategic applications. His work developing the CTI Capability Maturity Model (CTI-CMM) represents a community-driven effort to bridge these gaps through continuous improvement and practitioner leadership.The discussion takes a fascinating turn when Gert-Jan introduces systems thinking as the missing piece in modern cybersecurity approaches. Rather than viewing security in silos, he advocates for understanding the entire organizational ecosystem and the narratives that connect problems across different departments. This holistic perspective helps explain why even sophisticated security tools often fail to deliver their promised value – they're implemented without consideration for the broader context.What sets this conversation apart is Gert-Jan's balanced view of technology and humanity. He doesn't reject technological solutions but argues for a hybrid approach that leverages both human intelligence and technological advancements. His insights on tracking subtle adversary trends over time demonstrate the irreplaceable value of human analysis and pattern recognition in threat intelligence.Ready to transform how you think about cybersecurity? Listen now and discover why the future of CTI depends not just on better tools, but on fundamentally rethinking our approach to the human elements of security. Share your thoughts with us on LinkedIn and join the conversation about building a more resilient cybersecurity community.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
48:20
--------
48:20
Season 1 - Episode 15 (Pedro Kertzman & Adam Goss)
What does it take to become a cybersecurity "unicorn"? According to Adam Goss, it's the rare combination of threat intelligence expertise with cross-domain skills that truly drives innovation in our industry.Adam takes us on his unconventional journey from aspiring penetration tester to CTI specialist and educator, revealing the critical mindset shifts required when transitioning between security roles. Most fascinating is his comparison between SOC and CTI approaches to bias - while SOC analysts leverage bias for quick decision-making, CTI professionals must actively combat it, asking deeper questions before jumping to conclusions.The conversation turns deeply personal when Adam shares how a seemingly successful threat detection of a Cobalt Strike beacon ultimately missed crucial indicators that led to a devastating ransomware outbreak. This painful lesson transformed his entire career trajectory, highlighting why technology alone fails without the right people and processes - ultimately inspiring him to found Craven Security to make CTI education more accessible.For those looking to develop their own CTI expertise, Adam provides a treasure trove of resources - from hands-on platforms like TryHackMe to industry reports, conferences, and specialized books that bridge tactical and strategic intelligence needs. His recommended reading covers everything from intelligence-driven incident response to honeypot deployment and strategic analysis frameworks.Perhaps most refreshing is Adam's closing perspective on maintaining balance in security careers. Despite the high-stakes nature of our work, he reminds us to focus on the aspects we genuinely enjoy, treat work as just work, and prioritize health and family over professional pressures - wisdom that might be the most valuable intelligence shared in the entire conversation.Connect with us on LinkedIn at Cyber Threat Intelligence Podcast to join the conversation and recommend future guests with unique CTI perspectives to share.Resources:https://kravensecurity.com/https://www.oreilly.com/library/view/intelligence-driven-incident-response/9781098120672/https://chrissanders.org/2020/09/idh-release/https://collegepublishing.sagepub.com/products/critical-thinking-for-strategic-intelligence-3-265236Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
27:32
--------
27:32
Season 1 - Episode 14 (Pedro Kertzman & Sam Flockhart)
How does a military intelligence background translate to cyber threat intelligence? Sam Flockhart, a former UK military intelligence operator who now heads threat management at a global bank, reveals the fascinating journey and powerful parallels between these worlds.Sam opens up about his transition from conventional military intelligence to the cyber realm despite having "absolutely no cyber knowledge" initially. He shares a critical insight for job seekers: while certifications matter, demonstrating real knowledge and preparation during interviews often matters more. Sam explains how anticipating common interview questions about threat actors, their methodologies, and recent attacks can set candidates apart.Drawing from his military expertise on Russia and Ukraine, Sam offers a riveting deep dive into why ransomware predominantly emerges from Russian-speaking regions. He explains the cultural concept of "Kresha" (roof/protection) that allows these groups to operate with impunity and traces how post-Soviet history created the perfect ecosystem for cybercrime to flourish. This cultural understanding adds a crucial dimension to technical threat analysis that many professionals overlook.The conversation explores how military intelligence frameworks have shaped modern CTI practices. From tactics, techniques, and procedures (TTPs) to intelligence collection plans and priority intelligence requirements - these structured approaches have been adopted by the cyber community. Sam also discusses the nuances of intelligence sharing in private sector environments compared to military settings, where different constraints and opportunities exist.For aspiring CTI professionals, Sam's advice is practical and actionable: prepare thoroughly by researching top threats, understand organizational stakeholders who consume intelligence, and familiarize yourself with various intelligence sources. This episode offers invaluable guidance for anyone looking to enter the field or enhance their threat intelligence capabilities through a deeper understanding of the human element behind cyber attacks.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
28:17
--------
28:17
Season 1 - Episode 13 (Pedro Kertzman & Bianca Miclea)
What does it take to build an effective Cyber Threat Intelligence function from scratch? In this eye-opening conversation, Bianca Miclea shatters the myth that cybersecurity is only for those with traditional technical backgrounds.Bianca shares her remarkable journey from politics student to cybersecurity leader, revealing how her academic background became an unexpected asset in the CTI world. "It was one of those 'this is really cool, but I could never do this' thoughts," she explains, describing her initial hesitation before diving into the field. This refreshing perspective demonstrates how diverse educational paths can strengthen cybersecurity teams—an important message for anyone contemplating a career transition.The conversation explores what makes CTI truly valuable: actionable intelligence that connects directly to security operations. Bianca walks us through her experience establishing a CTI team at a major financial institution, emphasizing the critical difference between information collection and intelligence that drives meaningful security improvements. Her implementation of monthly Mitre ATT&CK exercises brings together cross-functional teams to identify control gaps and assign clear accountability—a practice listeners can immediately adopt to enhance their security posture.Perhaps most valuable is Bianca's practical advice for managing the overwhelming information flow in threat intelligence. Her concept of "reporting thresholds" offers a framework for prioritization that helps CTI teams focus on what truly matters while preventing analyst burnout. Combined with her insights on board communication, community engagement, and measuring CTI effectiveness, this episode delivers a masterclass in modern threat intelligence leadership.Ready to transform how you think about threat intelligence? Subscribe now, share with your network, and join our LinkedIn community to continue the conversation about building CTI programs that deliver genuine security value.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.
France