Home Podcasts Future of Threat Intelligence
Future of Threat Intelligence

Future of Threat Intelligence

Team Cymru 115 Episodes Jul 2, 2026

Future of Threat Intelligence is a podcast that explores the shift from reactive detection to proactive threat management in cybersecurity. Hosts engage with top cybersecurity leaders and practitioners to uncover strategies for anticipating and neutralizing threats. Each episode provides actionable insights to help organizations stay ahead of emerging trends and technologies.

Episodes

Why the old phishing training is obsolete after deepfake attacks Jul 2, 2026 00:42:58 Resource constraints, not attacker sophistication, are the biggest cyber threat facing state and local governments, and AI is widening the gap by making low-skill attackers faster and more convincing. In our latest episode of the Future of Threat Intelligence podcast, Randy Rose, VP of Security Operations and Intelligence, Center for Internet Security, shared how community defense, essential contr
Coalition's Daniel Woods on the attorney-client privilege tactic shaping every IR investigation Jun 18, 2026 00:42:46 Daniel Woods, Principal Security Researcher at Coalition, sits at an intersection most security practitioners never access: underwriting data, claims history, and live forensics findings from the same vantage point. In this conversation, he traces how cyber insurance evolved from a 10% loss ratio product in the late 1990s to carriers reportedly hitting 130%+ during the ransomware era, and what tha
How Akira hits thousands of SMBs with $50K-$150K ransoms undetected | Alex Bovicelli Jun 4, 2026 00:26:26 In part two of this conversation, Alex Bovicelli, Senior Director of Threat Intelligence at Tokio Marine HCC - Cyber & Professional Lines Group,  gets into what the industry keeps getting wrong about ransomware targeting. The organizations getting hit most often are not the ones making headlines, and the attack methods used against them require far less sophistication than most practitioners a
The CVSS problem: why severity scores don't predict what gets exploited May 21, 2026 00:45:12 Patrick Garrity, Security Researcher at VulnCheck, has a data problem with how the industry prioritizes vulnerabilities, and the data is his own. After manually categorizing roughly 800 exploited vulnerabilities by technology type each year, what he keeps finding is that the CVSS severity distribution of exploited CVEs tracks closely with the overall CVE population. Meaning the scoring system most
Unit 42's Andrew Rathbun on the Sysmon Configuration Mistake Enterprises Are Making May 7, 2026 00:42:22 Andrew Rathbun, Senior Consultant at Palo Alto Networks Unit 42, has spent years tearing apart Windows endpoints across ransomware, APT, insider threat, and DPRK IT worker cases. His read on the state of enterprise Windows logging is blunt: most organizations have spent significant money on detection tooling while leaving the native forensic record so truncated that proving an intrusion timeline i
Trend AI's Robert McArdle on Criminal Business Models Surviving Tech Revolutions Apr 23, 2026 00:40:03 After 18 years tracking cybercriminal operations at Trend AI, Robert McArdle, Director of Cybercrime Research, has developed a framework for predicting how threat actors adopt new technology: the answer consistently comes down to economics, not capability. He breaks down three rules of thumb his team uses: criminals want an easy life, any new technology must beat the ROI of their current model, an
Scott Scher on Why CTI Teams Forecast Instead of Predict Apr 9, 2026 00:45:16 Scott Scher, Cyber Threat Intelligence Lead, makes a distinction that reframes how intel teams should think about their own value: they are forecasters, not predictors. That shift in framing has concrete consequences for how CTI programs justify themselves internally, and Scott argues that the most meaningful metric isn't alert volume or report count, but the decisions intel has actually influence
You Can't Trust Your Zoom Call Anymore. Deepfakes, DPRK & the New Attack Surface Mar 26, 2026 00:42:30 Deepfakes have moved well past the uncanny valley and into active threat operations, and Tom Cross, Head of Threat Research at GetReal, has the client-side case studies to back it up. Tom explains how North Korean IT worker infiltration campaigns have transformed HR and video conferencing from administrative functions into active attack surface, albeit one that most security teams aren't monit
Two Minds. One Reframe. A Shift That Won't Wait. Mar 19, 2026 00:42:17 Vincent Passaro, Engineering Manager at Stripe Security, didn't get there through a slide deck or a company mandate. He got there through a shower thought that followed a conversation with a friend, and it broke how he'd been thinking about building, leading, and even measuring his own team.The reframe was simple and did not start with "we're all going to be software developers. R
TIG Risk Services' Duaine Labno on How Remote Hiring Became an Opening for Infiltration Mar 12, 2026 00:30:54 What happens when a DPRK IT worker operation lands inside one of your clients, and the three-letter agency you call says they can't show up? Duaine Labno, Director of Special Investigations & Threat Intelligence at TIG Risk Services, walks through exactly that case: his team built a ruse to recover the compromised laptop, staged a physical handoff at corporate HQ, filmed the courier, ran h
Thermo Fisher's Matt McKnew on the Evolution of Ransomware as a Service Mar 5, 2026 00:34:31 When Matt McKnew, Senior Manager of Incident Response at Thermo Fisher,  tracked down the Nimda worm in 2001 by analyzing packet captures to identify NetBIOS saturation patterns, threat actors weren't trying to get paid; they were causing disruption. Today, he's defending against ransomware groups that operate like businesses, complete with service models and affiliate networks. Matt expla
Tokio Marine HCC's Alex Bovicelli on the SMB Ransomware Wave the Industry Isn't Talking About Feb 26, 2026 00:37:15 Running CTI at a cyber insurance carrier and across more than tens of thousands of companies forces a triage discipline most programs never need to build. Alex Bovicelli, Senior Director of Threat Intelligence at Tokio Marine HCC, describes how his team scaled by narrowing focus to one thing: the initial access vectors threat actors are actually using right now: not CVSS scores, not spray-and-pray

Recommended