
The Defender's Advantage Podcast
The Defender's Advantage Podcast covers the latest cybersecurity threats and trends. Host Luke McNamara from Google Threat Intelligence Group interviews analysts, researchers, and other experts on nation-state activity, cybercrime, malware, incident response, and defensive strategies.
Episodes
Google's Disruption Mission
Host Luke McNamara is joined by Charley Snyder, Head of Disruption Operations at Google Threat Intelligence Group, to delve into how Google is crafting a more coordinate approach to disrupting adversary cyber operations. Charley describes how this disruption focus is not hacking back, how it builds on existing work across Google security teams, and some of the recent wins such as the IPIDEA and GR
Takeaways from the 2026 M-Trends Report
Host Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss the 2026 edition of Mandiant's M-Trends Report. Chris dives into the latest trends observed in breached throughout 2025 and into this year, noting some of the key aspects organizations should focus on in applying these insights into today's threat landscape. https://cloud.google.com/security/resource
Using GTI to Hunt Adversaries on the Dark Web
In this episode of the Defenders Advantage Podcast, host Luke McNamara sits down with Google Threat Intelligence experts Jose Nazario and Brandon Wood. They dive into the rollout of new dark web and underground monitoring capabilities, explaining how AI is fundamentally changing the way defenders track adversaries.https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intellige
How Android Combats Mobile Scams
Host Luke McNamara is joined by Eugene Liderman, Senior Director in Android's Security and Privacy Group, to discuss the evolving world of mobile-targeting scams. Eugene details some of the unique aspects to mobile scams, regional variations in tactics by scammers, and the steps Android has taken to combat this problem.
UNC5221 and the BRICKSTORM Campaign
Sarah Yoder (Manager, Mandiant Consulting) and Ashley Pearson (Senior Analyst, Advanced Practices on Google Threat Intelligence Group) join host Luke McNamara to discuss UNC5221 and their operations involving BRICKSTORM backdoor. This highly sophisticated, suspected China-nexus cyber-espionage threat group is known for aggressively targeting internet-facing network appliances (like VPNs and firewa
How vSphere Became a Target for Adversaries
Stuart Carrera (Senior Consultant, Mandiant Consulting) joins host Luke McNamara to discuss how threat actors are increasingly targeting the VMware vSphere estate, and leveraging in this environment to conduct extortion and data theft. Stuart details why this has become an attractive target, and ways organizations can better engineer detections to respond to this activity. https://cloud.google.com
AI Tools and Sentiment Within the Underground Cyber Crime Community
Michelle Cantos (Senior Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss some of the recent trends in underground marketplaces around the selling of illicit AI tools and services. Michelle discusses GTIG's research into this space, how threat actors are seeking to leverage these models, use cases being discussed, and more.
Protecting the Core: Securing Protection Relays in Modern Substations
Host Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid.https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations
The Rise of ClickFix
Dima Lenz (Security Engineer, Google Threat Intelligence Group) joins host Luke McNamara to discuss how threat actors have been using ClickFix to socially engineer users. Dima recounts the growth of this technique in 2024, some of the campaigns and actors that have leveraged it, and where it may be headed next.
Vishing in the Wild
Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employee
Responding to a DPRK ITW Incident
JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. htt
UNC5221 and The Targeting of Ivanti Connect Secure VPNs
Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cl
Windows Remote Desktop Protocol: Remote to Rogue
Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were using to likely support cyber espionage goals. He delves into these findings and the usage of RemoteApps and victim file mapping via RDP, and closes with som
Cybersecurity Conversations with the C-Suite and Board
Imran Ahmad (Senior Partner, Canadian Head of Technology and Canadian Co-Head of Cybersecurity and Data Privacy at Norton Rose Fulbright) joins host Luke McNamara to discuss how executives are thinking about cyber risk in a changing and evolving landscape. He touches on the importance of training before a breach, how ransomware has changed security conversations with boards, and the promise and ri
What to Watch For in 2025
Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecasthttps://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security
Signals of Trouble
Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure
Agentic AI in Cybersecurity
Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security
The Art of Remediation in Incident Response
Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more.
How to Run an Effective Tabletop Exercise
Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-ex
Using LLMs to Analyze Windows Binaries
Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more.For more on this topic: https://blog.virustotal.com/2023/04/introducin
How Threat Actors Bypass Multi-Factor Authentication
Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more fea
TAG's Work Tracking Commercial Surveillance Vendors
Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation.
What Iranian Threat Actors Have Been Up To This Year
Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros. For more on this topic, please see: https://blog.google/technology/safety-security/tool-of-first-resort-isr
Mandiant's Approach to Securely Using AI Solutions
Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security o
Lessons Learned from Responding to Cloud Compromises
Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more. Will and Omar's talk at
The ORB Networks
Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leveraged by China-nexus APTs, and what this all
Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances
Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following the disclosure and widespread exploitati
M-Trends 2024 with Mandiant Consulting Vice President Jurgen Kutscher
Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For more on the M-Trends 2024 report: htt
Assessing the State of Multifaceted Extortion Operations
Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups have played out in the threat landscape, why
Hunting for "Living off the Land" Activity
Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more.
Director of NSA's Cybersecurity Collaboration Center on Trends in 2024
Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations, and more.
The North Korean IT Workers
Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignmen
Prescriptions for a Healthy Cybersecurity Future with Google Cloud's OCISO
Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management, threat modeling, and more. For more on the work
Is The CTI Lifecycle Due For An Update?
Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop
Threat Trends: Hacktivists' Continued Use of DDoS
For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last year.
Threat Trends: Tales from the 2023 Trenches
Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023. Josh and Doug cover what is happening with business email compromise (BEC), common initial infection vectors, social engineering tactics, and more.
Threat Trends: DHS Secretary Alejandro Mayorkas in Conversation with Kevin Mandia
Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape, collaboration between the private sector and government, improving the talent gap in cyber, and ongoing DHS initiatives to foster greater cyber security. For more on the Departm
Threat Trends: Addressing Risk in the Cloud with Wiz
Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-cloud
Threat Trends: Unraveling WyrmSpy and DragonEgg Mobile Malware with Lookout
Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41Follow Kristina on X @chmodxx_
Threat Trends: The Implications of the MOVEit Compromise
Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in comparison to FIN11's previous operations, why the impact from this operation may impact organizations for some time, and what this spells for the changing la
Threat Trends: A Requirements-Driven Approach to Cyber Threat Intelligence
Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in this area, and the importance of recurring stakeholder feedback to a well-functioing CTI team. Follow Jamie at @TheCollierJam on Twitter. For more on A Requirements
Frontline Stories: Crisis Communications During a Breach
Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.
Threat Trends: UNC961 and How Managed Defense Approaches Threat Hunting
Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions. For more, please see: https://www.mandiant.com/resources/blog/unc961-multiverse-financially-motivatedFollow Ryan @heferyzan and Tim @Sa1jak on Twitter.
Frontline Stories: The Executive's Role in Cybersecurity
What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and understanding their role during a breach.
Threat Trends: Bonus Episode - How Will AI Impact Threat Intelligence?
The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better. In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the near future to scale attacks, while Vijay Ganti, Head of Product Management, Threat Intelligence, Detection & Analytics for Google Cloud Security, walks thro
Threat Trends: M-Trends 2023
Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year around dwell time, ransomware, top initial intrusion vectors, and more. For more on Mandiant's 14th iteration of M-Trends, check out: https://www.mandi
Frontline Stories: Exposure Management Beyond Vulnerabilities
Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk.Jonathan shares his experiences from BugBounty, penetration testing and working with customers to solve the growing problem of too many CVEs, too little prioritiza
Threat Trends: How APT43 Targets Security Policy Experts Focused on North Korea
With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. Follow Jenny on Twitter @j3nnyt0wn and 38 North at https://www.38north.org/ Find Mandiant's full report on APT43 here: https://www.mandiant.com/res
Threat Trends: A Retrospective on Zero-Days in 2022 with Project Zero and Mandiant
Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting things they each observed last year. Jared covers some of the threat actors that drove last year's trends in observed zero-days, and Maddie highlights how v
Threat Trends: Head of TAG on Commercial Spyware, Cyber Activity in Eastern Europe and More
Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware vendors, and how that is impacting the threat landscape today. While this threat has evolved over the years as vendors come and go, Shane highlights dri
Frontline Stories: A CISO's Perspective on Managing a Breach
Have you ever wondered what a breach is really like from a CISO's perspective?Fred Thiele, CISO at Interactive, joins host Kerry Matre to discuss managing data breaches from his personal experiences.Fred dives into examples from his past, pointing out the depth and long tail of a breach. He explains all of the bits of a breach that go beyond incident response including working with insurance
Threat Trends: An Episode (Mostly) About Non-Ransomware Cyber Crime
Kimberly Goody and Jeremy Kennelly from Mandiant’s Financial Crime Analysis team join host Luke McNamara to discuss trends in the cyber crime landscape. Kimberly and Jeremy dive into the ongoing nature of banking malware repurposed for other types of financially-motivated crime, SIM swapping, experimentation with file types and post-compromise exploitation frameworks, and more. Of course, the disc
Threat Trends: APT by USB
In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.Tyler details the activity outlined in the most recent blog on a new cyber espionage operation attributed to Turla Team (UNC4210), distri
Skills Gap: Addressing the Cyber Mobilization Crisis
Our latest episode in The Defender’s Advantage Podcast Skills Gap series features Mandiant EVP and Chief of Business Operations Barbara Massa and Director of HR for Google Cloud Margaret Clarke who joined host Kevin Bordlemay to discuss the initiatives from Mandiant and Google Cloud to address the cyber mobilization crisis we are facing. Recent data shows that there are over 700,000 cybersecurity
Frontline Stories: Get the Facts on Fraud
We are kicking off a new year of The Defender’s Advantage Podcast with a new episode of the Frontline Stories series. This week, host Kerry Matre is joined by Mary Writz, SVP of Product for fraud prevention platform Sift for a discussion on fraud. Mary discusses the ins and outs of fraud, including the types of fraud, the industries typically impacted and how fraud connects with cyber security and
Threat Trends: A Year in Review with Sandra Joyce
This week’s episode of the Threat Trends series is the final episode of 2022 for The Defender’s Advantage Podcast. To wrap up our year and provide a glimpse into what we can expect from 2023, Sandra Joyce, VP of Mandiant Intelligence, joins host Luke McNamara for a discussion on some of the highlights from the past year. Sandra chats through aspects of the Russian invasion on Ukraine, activity fro
Frontline Stories: A Conversation on Third-Party Risk Management
This week’s episode of The Defender’s Advantage Podcast features British American Tobacco CISO, Dawn-Marie Hutchinson joins Frontline Stories host Kerry Matre for a discussion on third-party risk management. Over the course of the conversation, Dawn-Marie discusses the approach that she takes in third-party risk management and the process of conducting risk assessments. She also shares how she enc
Skills Gap: Transitioning from Military Service to a Role in Cyber
This week’s episode of The Defender’s Advantage Podcast features four members of Team Mandiant who previously served in the United States military and transitioned into careers in the cyber security industry. Skills Gap host Kevin Bordlemay was joined by Paul Shaver, Thomas Worthington, Lauren Krukar, and Brian Timberlake for a discussion on what the transition out of service looks like and the re
Threat Trends: Reflections on Russian Cyber Threat Activity During the War in Ukraine
This week’s episode of The Defender’s Advantage Podcast features Mandiant analysts Gabby Roncone, John Wolfram and Tyler McLellan who joined Threat Trends host Luke McNamara for a discussion on Russian cyber operations over the last year.The group discusses the Russia linked threat groups and activity Mandiant has been tracking related to the conflict in Ukraine, including UNC2589 and APT29. They
Frontline Stories: Cyber Insurance to Make Companies Safer
This week’s episode of The Defender’s Advantage Podcast features Davis Hake, co-founder of cyber insurance company Resilience, who joined Frontline Stories host Kerry Matre for a discussion on the role of cyber insurance. During the conversation, Davis explains the model for how cyber insurance is sold, the application process and how insurance companies work with clients to determine their risks
Threat Trends: Tracking DPRK Use of Cryptocurrencies
This week’s episode of The Defender’s Advantage Podcast features Mandiant’s Michael Barnhart and Joe Dobson who joined Threat Trends host Luke McNamara for a discussion on recent cyber activity out of North Korea, including the targeting of cryptocurrency. Michael and Joe discuss some of the North Korean threat groups Mandiant is following and a view of the threat landscape in the region. They als
Skills Gap: Finding Your Fit in Cyber
On this week’s episode of The Defender’s Advantage Podcast, Mandiant’s Nader Zaveri and Simran Sakraney join Skills Gap host Chris Campbell for a discussion on how the cyber security industry and the companies within it can attract candidates from underrepresented groups and foster diversity. Nader and Simran share their individual journeys into the industry and their perspectives on how organizat
Threat Trends: Inside Google Cloud's Threat Horizons Report
This week’s episode of The Defender’s Advantage Podcast features Stan Trepetin, Technical Product Manager at Google Cloud, who joined Threat Trends host Luke McNamara to discuss the Threat Horizon’s Report produced by the Google Cybersecurity Action Team. Stan highlights several articles from the latest report in the quarterly series, including a piece on the importance of sharing information on s
Skills Gap: More Than a Resume
On this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Mandiant’s Fernando Tomlinson and Matt Boyle for a discussion on the value of hiring individuals from diverse professional backgrounds and ensuring accessibility to certifications and tools for those interested in transitioning to the cyber security field. Fernando and Matt share their th
Threat Trends: The Threat Landscape in APJ
This week’s episode of The Defender’s Advantage Podcast, Mandiant’s Yihao Lim joins the Threat Trends series to chat with host Luke McNamara about the threat landscape in the Asia-Pacific region. Yihao discusses recent IO campaigns in the region, particularly DragonBridge and HaiEnergy, and how these attacks influence how organizations view disinformation campaigns in APJ. He also discusses the im
Frontline Stories: The Evolution of the CISO
The latest episode of The Defender’s Advantage Podcast Frontline Stories series features Uplight CISO Alex Wood joining host Kerry Matre to discuss how his role has evolved over the course of his career, for example, changes in the CISO reporting structure and the role’s shift to encompass a business focus as opposed to being exclusively technical. He also discusses his own unique journey from ma
Threat Trends: Metador, Mercenaries, and LABScon with SentinelOne
The latest episode of The Defender’s Advantage Podcast features SentinelOne researchers Tom Hegel and Juan Andres Guerrero-Saade who joined host Luke McNamara to discuss some of the latest research they presented at LABScon, September 20-24. Juan shares details around his team’s findings on Metador, a threat actor that primarily targets telecommunications and internet services providers, as well
Threat Trends: The Security Landscape Facing Manufacturing
The latest episode in The Defender’s Advantage Podcast Threat Trends series features Todd Boppell, COO of the National Association of Manufacturers (NAM), who joined host Luke McNamara to discuss cyber security in the manufacturing landscape. During the conversation Todd shares the top concerns for NAM’s member organizations, how the industry approaches cyber security, and the challenges and oppor
Skills Gap: Expanding Diversity in Cyber Security
In this week’s episode of The Defender’s Advantage Podcast, Skills Gap series host Chris Campbell is joined by Dawn Hagen and Kevin Bordlemay for a discussion on diversity, inclusion, and belonging initiatives. The group discusses Mandiant’s internal focus on diversity, including employee resource groups, as well as efforts to build awareness of career paths in cyber security via middle school, hi
Threat Trends: APT42 - Crooked Charms, Cons, and Compromises
This week’s episode of The Defender’s Advantage Podcast features Emiel Haeghebaert and Ashley Zaya who joined Threat Trends series host Luke McNamara to discuss Mandiant’s most recently graduated APT group, APT42. Mandiant has identified APT42 as an Iranian-sponsored cyber espionage group tasked with conducting information collection and surveillance operations against individuals and organizatio
Frontline Stories: Discussing the Impact of CISA KEV with Nucleus Security
This latest installment of the Frontline Stories series, part of The Defender’s Advantage Podcast, features Nucleus Security Co-Founder and CEO Stephen Carter, who joined our host Kerry Matre for a conversation on CISA KEV. CISA’s Known Exploited Vulnerabilities list prioritizes vulnerabilities the agency has determined to be exploited in the wild and mandates that specified U.S. civilian agencies
Skills Gap: Building a Successful Security Operations Team
The latest episode of the Skills Gap series, part of The Defender’s Advantage Podcast, features Mandiant Managed Defense team members Robert Parker and David Lindquist, who joined host Chris Campbell to discuss what they look for when hiring for their team. They detail the skills they look for most as they interview candidates and their tips for those looking to enhance their marketability in the
Threat Trends: Building Cyber Resiliency Within Financial Services with FS-ISAC
In the latest Threat Trends episode of The Defender’s Advantage Podcast, host Luke McNamara is joined by Teresa Walsh, Global Head of Intelligence at the Financial Services Information Sharing and Analysis Center (FS-ISAC), for a deep dive on the financial services industry. Teresa discusses her journey from roles in government and how her experience has shaped her view of financial services. She
Frontline Stories: Shields Up, Mandiant
In this week’s episode of The Defender’s Advantage Podcast, Kerry Matre, host of the Frontline Stories series, is joined by Mandiant’s Tim Crothers and Matt Shelton who discuss their role in protecting the company from attackers. Both share their professional journeys, how changes at the company have impacted their responsibilities, and some standout moments they’ve experienced while safeguarding
Threat Trends: Securing the Vote in 2022
In the latest Threat Trends episode of The Defender’s Advantage Podcast, Mandiant’s Jon Ford and Stacy O’Mara join host Luke McNamara for a conversation on election security. They discuss how organizations involved in the process of elections should think of cyber security in the lead up to these events, preparedness steps they have seen states take, and the evolution of the federal approach in th
Skills Gap: Looking Beyond the Unicorn Candidate
All too often, hiring managers find themselves seeking candidates who fit 100% of the description for the role they are trying to fill. Because of this, they overlook a swath of applicants who are good for the job. In this week’s Skills Gap episode of The Defender’s Advantage Podcast, host Chris Campbell speaks with Mandiant consulting team members Dan Nutting, Kal Guntuku, and Chris Linklater abo
Threat Trends: How Adversaries Are Leveraging AI in Cyber Operations
In this Threat Trends episode of The Defender’s Advantage Podcast, hear from Michelle Cantos who joins host Luke McNamara to discuss artificial intelligence (AI) in cyber and how adversaries are using AI in their activities today. Michelle details manipulated media techniques such as artificially generated images and vishing, tactics that have been increasingly employed by threat actors. She also
Bonus: Securing OT/ICS Systems with Nozomi Networks
This special episode of The Defender’s Advantage Podcast features Mandiant CTO Marshall Heilman speaking with Edgard Capdevielle, CEO of Nozomi Networks. The conversation, recorded in-person at RSA Conference 2022, delves into the partnership between Mandiant and Nozomi, and how the organizations can take on escalating cyber risks to secure cyber-physical infrastructure. Marshall and Edgard discus
Threat Trends: An Interview with the Danish Tech Ambassador
In this week’s episode of The Defender’s Advantage Podcast Threat Trends series, host Luke McNamara is joined by Anne Marie Engtoft Larsen to discuss her role as Danish Tech Ambassador and how the role has evolved since Denmark appointed the first Tech Ambassador in 2017. She chats about her views on cyber diplomacy and the value of partnerships with private sector cyber security companies. Ambass
Skills Gap: Bridging the Skills Gap
This week’s episode of The Defender’s Advantage Podcast kicks off our new monthly series, Skills Gap, which focuses on thoughts, ideas, and initiatives for narrowing the skills gap in cyber security. Our host Chris Campbell was joined for this conversation by Mandiant’s John Doyle, Principal Consultant, and Matt Shelton, Director of Technology Risk and Threat Intelligence, to discuss talent and br











