Season 1 - Episode 6 (Pedro Kertzman & Aaron Roberts)
What happens when you combine the precision of open-source intelligence with the strategic focus of cyber threat intelligence? Aaron Roberts, founder of Prospective Intelligence and author of "Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers," reveals the powerful intersection where these disciplines meet.Aaron's journey from aspiring football coach to cyber threat expert provides a fascinating backdrop to our conversation. After starting in IT support and gradually moving through cybersecurity roles, he discovered the power of OSINT in identifying threats before they materialize. This evolution shaped his unique perspective on threat intelligence - one that values both commercial tools and grassroots solutions from the OSINT community.The most compelling insights emerge when Aaron discusses the practical realities of threat intelligence on a budget. Rather than viewing financial constraints as limitations, he demonstrates how they can drive innovation. From leveraging free GitHub repositories to repurposing marketing tools for security, Aaron reveals how small and medium businesses can build sophisticated threat detection capabilities without breaking the bank. His mention of C2Tracker - a free tool that can identify command and control infrastructure before many commercial feeds - highlights how open-source approaches sometimes outperform their expensive counterparts.Perhaps most valuable is Aaron's framework for attack surface intelligence. By examining credentials exposed in data breaches and stealer logs, identifying vulnerabilities in internet-facing systems, monitoring brand sentiment, and detecting typosquat domains, he creates a comprehensive view of organizational risk. This methodology helps companies understand how attackers perceive them - vital intelligence for preemptive defense.Throughout our discussion, one theme remains constant: effective threat intelligence requires more than technical prowess. Understanding business context, establishing clear intelligence requirements, and communicating findings effectively transform raw data into actionable insights. As Aaron puts it, "You can spend all day writing reports about ransomware groups, but if you don't understand what the business is trying to do, you can't really protect it."Want to strengthen your organization's security posture through practical, intelligence-led approaches? Connect with us on LinkedIn in the Cyber Threat Intelligence Podcast group to continue the conversation and discover how these principles might apply to your unique security challenges.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
What does it take to succeed in cyber threat intelligence today? Josh Darby McLellan draws from his unique journey through geopolitical risk into the CTI space to reveal practical insights for both aspiring analysts and established professionals.The conversation opens with Josh's unexpected path into threat intelligence, highlighting a crucial revelation for newcomers: you don't need special access or expensive tools to begin gaining CTI experience. With abundant open-source resources available, anyone can practice analysis workflows, build a portfolio, and demonstrate genuine passion before landing their first role.Beyond technical foundations like the Diamond Model and Kill Chain, Josh emphasizes communication as perhaps the most critical skill for CTI professionals. "Your entire CTI process will fall completely flat if you are not able to communicate that intelligence in a way that lands with your stakeholders," he notes. This challenge becomes especially apparent when teams struggle to translate their value into language business leaders understand—a persistent hurdle for many CTI programs.The discussion explores how collaboration across traditionally competitive organizations creates powerful intelligence sharing networks, particularly within industries facing similar threats. Josh also tackles AI's impact, warning that "your job won't be replaced by AI, but by someone who can use AI," encouraging analysts to embrace tools that automate repetitive tasks while preserving human judgment for critical analysis.Looking ahead, Josh predicts short-term challenges for CTI teams proving their worth during economic uncertainty, but remains optimistic about the field's future as cyber attacks continue increasing in volume and severity against a fractured geopolitical landscape. For those intrigued by this dynamic field, his advice is simple: dive in, leverage free resources, and discover if this intellectually stimulating career path is right for you.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
43:21
Season 1 - Episode 4 (Pedro Kertzman & Cherie Burgett)
Cherie Burgett takes us on a fascinating journey from her days as a Radio Shack employee and avid gamer to becoming the Director of Cyber Intelligence Operations for the Mining and Metals Information Sharing and Analysis Center. Her story demolishes the myth that cybersecurity professionals must follow traditional career paths, demonstrating how life skills, natural curiosity, and a hacker mentality can translate into powerful cyber defense capabilities.The conversation reveals profound insights about the evolving threat landscape where criminals have developed specialized supply chains and even customer support systems. "It takes a lot more skills to defend than it does to attack," Cherie notes, highlighting the asymmetric challenge defenders face. We learn how threat actors now specialize in different attack phases—initial access brokers selling to ransomware operators—creating a complex criminal ecosystem that demands collaborative defensive approaches.What sets this episode apart is Cherie's perspective on the human dimension of threat intelligence. With background in Bible college studying hermeneutics (the art of interpretation), she brings humanities-focused analysis to technical challenges. "Threat intelligence to me is the most human of the cyber disciplines," she explains, emphasizing that we're ultimately "protecting people, not systems." This philosophy shapes her approach to intelligence sharing, where she insists on providing context and actionable insights rather than merely distributing raw data or "story time" recitations of headlines.Whether you're an experienced CTI professional or considering entering the field from an unconventional background, this episode offers valuable guidance on building skills, avoiding analytical biases, and connecting with industry resources. Follow Cherie on LinkedIn or through MMISAC publications to continue learning from her unique perspective on making threat intelligence truly human-centered and impactful.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
38:20
Season 1 - Episode 3 (Pedro Kertzman & Pedro Barros)
Navigating the world of threat intelligence feeds requires a critical eye and regular evaluation. Security analyst and educator Pedro Barros takes us through his journey from SOC analyst to threat intelligence professional, explaining why CTI should function as a pillar supporting all cybersecurity operations.Pedro highlights a persistent problem in threat intelligence practice: the proliferation of "combo lists" - recycled data from old breaches presented as new threats. "If you're going to give me some intelligence, do some more work on it," he challenges feed providers, stressing the need for context that makes alerts truly actionable. Without proper evaluation, these feeds create false alarms that waste precious security resources.The conversation delves into practical evaluation strategies for threat intelligence sources. Rather than simply accumulating feeds, Pedro recommends quarterly assessments focused on accuracy, timeliness, and relevance. This process should incorporate feedback from SOC analysts, detection engineers, and vulnerability management teams to ensure intelligence serves its purpose across the organization.For aspiring CTI professionals, Pedro emphasizes understanding adjacent security disciplines as foundational knowledge. He recommends "Visual Threat Intelligence" by Thomas Roccia as essential reading, describing it as so engaging he "started reading it one day and finished it the same day." He also highlights the need for more academic programs to include dedicated threat intelligence courses as the field continues to mature.Visit Pedro's blog at pemblabs.net to follow his work, including his upcoming analysis of a sophisticated phishing campaign using targeted delivery methods and Telegram bots. Connect with our community on the Cyber Threat Intelligence Podcast LinkedIn group to continue the conversation about building intelligence capabilities that actually matter.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
32:07
Season 1 - Episode 2 (Pedro Kertzman & A. Stryker)
Threat intelligence forms the backbone of effective cybersecurity strategy, but what does it really take to build a successful CTI program? In this fascinating conversation, Stryker, a threat intelligence analyst at a major US insurance company, challenges conventional wisdom by asserting that while every organization needs threat information, not every organization requires a dedicated threat intelligence team.Drawing from her unconventional journey from marketing professional to threat intelligence analyst, Stryker offers a refreshing perspective on career transitions in cybersecurity. "I'm a poster child for having to do everything the difficult way," she admits, before revealing how she recontextualized her decade of content marketing experience into valuable security skills. Her story demolishes the myth that there's only one path into the industry, though she acknowledges the reality: "It's not an entry-level position... you have to be that much better than everybody else to overcome bias."The conversation delves into the maturity spectrum of threat intelligence capabilities, from organizations just beginning to monitor key resources to those with fully dedicated teams. Stryker provides practical advice on selecting security partners who offer contextual guidance rather than checkbox compliance: "Listen for the ones who say 'no, and here's why, but here's what you can do instead.' That's the sign of an organization that wants to be a partner."For professionals looking to sharpen their CTI knowledge, Stryker emphasizes the importance of primary sources over media summaries and shares her methodology for building a comprehensive intelligence feed. She also reveals her unique approach to helping others transition into cybersecurity through her "Career Campaigns" workshop, which uses tabletop RPG concepts to help people reimagine their professional skills.Whether you're building a threat intelligence program, considering a career pivot, or simply fascinated by the evolving landscape of cybersecurity, this episode offers invaluable insights from someone who's navigated the journey firsthand. Subscribe now for more conversations with Cyber Threat Intelligence thought leaders who are reshaping how we think about CTI.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.