Cyber Threat Intelligence Podcast

Want a front-row seat to how cyber threat intelligence turns noise into decisions that save real money and protect trust? Pedro Kertzman sits down with Alex Keedy, a seasoned CTI leader with experience at Flashpoint, ZeroFox, Intel 471, Deloitte, and Booz Allen Hamilton, to unpack the craft of translating technical signal into business impact. From a political science beginning to profiling actors and advising executives, Alex shows why great intelligence starts with curiosity and ends with clarity: here’s what’s happening, what it means for us, and what we should do next.We dig into the tough question every leader asks: how do you prove ROI for attacks that never landed? Alex breaks down practical models that map blocked activity to benchmark costs, balance tangible savings with brand and trust impacts, and prioritize the few actions that reduce the most risk. For mid-sized organizations, she lays out a pragmatic roadmap: start small, tap managed services, automate the obvious, and use early wins to earn budget. You’ll hear how a$10 stolen credential becomes a$50M outage, why ransomware-as-a-service thrives, and how to disrupt that supply chain before it reaches your environment.Alex also opens the curtains on dark web tradecraft. Reputation-driven marketplaces demand embedded personas to validate threats, verify leaks, and ask the questions victims can’t. That access helps teams confirm exposure, guide response, and even support law enforcement—with examples spanning financial fraud, takedowns, and human trafficking investigations. Along the way, we share actionable learning paths: SANS webcasts, vendor blogs, Security+ or Network+ for baseline fluency, and community routes like B‑Sides and scholarships that lower barriers for new talent.If you care about cybersecurity strategy, budget impact, and real-world outcomes, this conversation delivers the playbook: align intelligence to business risk, measure what matters, and communicate in plain language. Subscribe, share with a teammate who needs stronger CTI outcomes, and leave a review telling us the one question you want answered next.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Curiosity can rewrite a career—and change how an investigation ends. We sit down with Valeri Soloninka, a Russian-speaking cybersecurity professional now protecting government entities in the UAE, to trace a path from hands-on engineering to enterprise SOC work and into the high-impact world of operational and tactical cyber threat intelligence. Along the way, we unpack how fundamentals like networking, DNS, and OS internals still power great CTI, even as LLMs speed up drafting and research.Valeri takes us inside Russia’s cybersecurity market—large, regulated, and comparatively closed—where public reporting is scarce and partnerships carry the weight of intelligence sharing. That perspective meets a striking case from the Middle East: identifying Lazarus Group activity tied to Russian-language lures, a reminder that geopolitics and targeting rarely align neatly. Allies still spy, strategic programs demand data, and defenders must follow evidence over assumptions. We break down how to translate adversary tactics into detections, drive incident response with attribution-aware guidance, and help vulnerability teams prioritize what matters.Thinking about moving from SOC to CTI? Valeri’s playbook emphasizes relentless curiosity, a bias for action, and the technical backbone to make sense of infrastructure, indicators, and behavior at speed. We also talk candidly about the Gulf market—its boom years, current hiring realities, and why safety, services, and zero income tax continue to draw talent. For learners at every stage, you’ll hear practical recommendations on podcasts, YouTube channels, Reddit communities, and books that build lasting baselines.Join us for a candid, story-driven look at building a meaningful CTI career, spotting threats where others aren’t looking, and becoming the teammate IR and SOC leaders seek out when stakes are high. If this conversation helps you think differently, subscribe, share the show with a colleague, and leave a quick review to help others find it. What topic should we dig into next?Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Remember when critical infrastructure defenders had to convince people that cyber attacks were even possible? Those days are gone. Today's challenge is prioritizing defenses in a landscape where threats are multiplying faster than resources.Sarah Freeman, Chief Engineer for Intelligence Modeling and Simulation at MITRE's Cyber Infrastructure Protection Innovation Center, takes us on a journey through the evolution of industrial security. With over a decade of experience protecting the systems that power our world, she offers a refreshing perspective that cuts through both complacency and fear.The conversation explores how industrial security has matured from basic awareness to strategic defense. Sarah reveals how threat actors have shifted tactics, increasingly targeting third-party providers as a way to compromise multiple critical infrastructure customers simultaneously. "More and more of the actors target those companies deliberately," she explains. "By compromising this one entity, they have theoretical access to all of these customers."We dive into the practical challenges of security in operational technology environments, where the sheer volume of vulnerabilities has become overwhelming. Rather than attempting to patch everything, Sarah advocates for a more targeted approach based on anticipating adversary capabilities—a "cyber forecast" that helps organizations focus limited resources where they matter most.The discussion also tackles the integration of artificial intelligence into traditionally isolated control systems, offering insights on balancing innovation with security. For threat intelligence professionals looking to specialize in industrial security, Sarah provides guidance on essential resources and community connections.Whether you're responsible for critical infrastructure protection or simply interested in understanding the unique challenges of securing systems where digital meets physical, this episode offers valuable perspective from someone who's been on the front lines since before most people recognized the threat existed.Listen now to gain insights that will help you think more strategically about protecting the systems that power our modern world. Want to connect with other CTI professionals? Join our LinkedIn group "Cyber Threat Intelligence Podcast" to continue the conversation.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Imagine a criminal enterprise so sophisticated it employs lawyers, creates flashy recruitment videos, and operates its own university. Welcome to the modern ransomware ecosystem, expertly decoded by threat intelligence researcher Tammy Harper in this eye-opening episode.Harper pulls back the curtain on the surprisingly corporate structure of ransomware operations, revealing a three-tiered hierarchy ranging from invite-only "syndicates" managing millions in cryptocurrency to small "operators" struggling to recruit talent, down to inexperienced "script kiddies" with minimal operational security. The business models are equally fascinating – Ransomware-as-a-Service providers take a 20% cut while offering everything from malware payloads to secure communication channels and victim-shaming blogs.What's truly alarming is how these criminal groups continue to innovate their extortion techniques. As fewer victims pay ransoms (just one in twenty pay significant amounts), gangs are escalating pressure tactics. Some offer affiliates legal counsel to identify regulatory pressure points, others implement AI-assisted negotiations to counter traditional stalling tactics, and some are even calling victims' clients directly to orchestrate supply chain attacks.Harper dispels common misconceptions about attack vectors too. Modern ransomware rarely arrives as an email attachment – instead, attacks begin with phishing emails containing Trojans, followed by extensive reconnaissance lasting weeks or even months. "When you see your systems encrypted," she warns, "it's too late." The longest compromise she witnessed lasted a full year from initial infection to ransomware deployment, despite law enforcement warnings to the victim.Whether you're a cybersecurity professional or simply curious about digital threats, this episode provides rare insights into a criminal ecosystem that continues to evolve despite increasing law enforcement pressure. Listen now to understand the tactics that make modern ransomware so persistent and how organizations can better protect themselves.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!