Season 1 - Episode 10 (Pedro Kertzman & Kees Pouw)
Ever wonder how top security teams stay one step ahead of cybercriminals? The answer lies in the ancient wisdom of Sun Tzu: "If you know yourself and know your enemy, you'll win all battles." This principle forms the foundation of effective Cyber Threat Intelligence (CTI). To celebrate our 10th episode, we had an insightful conversation with Kees Pouw, a veteran CISO with over two decades of cybersecurity experience, where we explore how organizations can build powerful CTI capabilities that transform their security posture. Drawing from his experience as both a consultant and in-house security leader, Kees breaks down the mystique surrounding threat intelligence and delivers practical insights on implementation. "The best battles are won before they're fought," Kees explains, highlighting how proper intelligence allows organizations to deter attackers through strategic preparation. By understanding specific attacker techniques—like Lockbit's targeting of VMware ESXi hosts—security teams can focus limited resources on the most critical defenses. We dive deep into the four core domains of comprehensive CTI: threat intelligence feeds, dark web monitoring, digital risk protection, and attack surface management. For organizations just starting their CTI journey, Kees offers a pragmatic roadmap, suggesting which capabilities to prioritize and how to grow organically from existing security operations. The conversation takes a fascinating turn when we explore how agentic AI is revolutionizing threat intelligence. Kees shares his "wow moment" realizing how AI agents can automate complex research tasks that previously required specialized human expertise—potentially transforming how organizations process the massive volumes of intelligence data. Whether you're looking to build your first CTI program or enhance existing capabilities, this episode provides a masterclass in making threat intelligence both practical and powerful. Subscribe now to continue learning from cybersecurity leaders who are shaping the future of digital defense.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
47:24
--------
47:24
Season 1 - Episode 9 (Pedro Kertzman & Scott Scher)
What happens when traditional intelligence methodology meets modern cybersecurity? Scott Scher, CTI Associate Director with expertise in nation-state threat actors and cybercriminal groups, reveals a powerful perspective: successful CTI professionals are intelligence analysts first and cybersecurity specialists second.Drawing from his background in international security policy and experience across government and private sectors, Scott breaks down the critical distinction between collecting data and generating actionable intelligence. He unpacks how established intelligence frameworks provide the foundation for effective cyber threat analysis, while the technical cybersecurity knowledge can be built on top of this analytical foundation.Scott shares practical wisdom on building effective CTI programs, beginning with establishing clear processes, creating functional data pipelines, and most critically, understanding stakeholder needs. He explains that many organizations fall into the trap of overcollection – gathering excessive threat feeds without the capacity to transform them into actionable insights. Instead, he advocates for regular evaluation of intelligence sources using frameworks like the Admiralty Code to assess reliability and value.The conversation delves into the crucial difference between threat (composed of intent, capability, and opportunity) and risk (which incorporates business impact). This distinction becomes essential when communicating with executives who need to understand potential consequences in business terms. Scott provides concrete examples of how to tailor intelligence for different stakeholders – from tactical information for SOC analysts to strategic insights for CISOs making resource allocation decisions.Whether you're building a CTI function from scratch, looking to improve stakeholder engagement, or seeking to make your intelligence more actionable, this episode offers a masterclass in intelligence-driven cybersecurity. Subscribe now to learn how to transform technical threats into business insights that drive meaningful security improvements across your organization.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
56:10
--------
56:10
Season 1 - Episode 8 (Pedro Kertzman & Ritu Gill)
The digital world is full of breadcrumbs that tell our stories - are you carefully tracking who follows them back to you? In this eye-opening conversation with OSINT expert Ritu Gill, we pull back the curtain on the fascinating world of Open Source Intelligence and why proper tool vetting matters more than you might think.Drawing from her 18 years in Canadian law enforcement and extensive consulting experience, Ritu reveals why careless tool selection could mean someone is "capturing every keystroke" as you conduct investigations. Her practical advice for both beginners and experienced practitioners cuts through the noise in an increasingly crowded OSINT landscape."Without analyzing and adding value to the information, it is not intelligence," Ritu explains, highlighting the crucial distinction between collecting data and producing actionable intelligence. Her emphasis on ethical considerations - the principle of "OSINT for good" - serves as a timely reminder that with great investigative power comes great responsibility.Whether you're looking to build your skills through free resources like Sophia Santos' exercises, gamified platforms like GeoGuessr, or real-world missing persons cases with TraceLabs, this episode provides concrete pathways for growth. Networking emerges as a powerful career accelerator, with events like OsmosisCon offering invaluable opportunities to connect with the community.Ready to enhance your digital intelligence capabilities while maintaining ethical standards? Follow Ritu's newsletter at forensicosint.com, explore the resources mentioned in our show notes, and join our LinkedIn community to continue the conversation. Your journey into the world of OSINT starts with understanding not just what you can find, but how to find it responsibly.Resources:https://www.raebaker.nethttps://www.linkedin.com/in/espen-ringstad-80297464/https://www.geoguessr.comhttps://www.tracelabs.orghttps://www.kasescenarios.comhttps://www.forensicosint.com/newsletterhttps://gralhix.comhttps://osmosisinstitute.orghttps://www.linkedin.com/feed/update/urn:li:activity:7317909650798977024/Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
29:20
--------
29:20
Season 1 - Episode 7 (Pedro Kertzman & John Doyle)
What does the future of Cyber Threat Intelligence look like beyond basic feeds and reports? Former CIA analyst John Doyle takes us behind the curtain of modern CTI operations, revealing how smart teams are delivering value across entire organizations.With over 16 years tracking state-sponsored APT groups and now serving as a principal intelligence enablement consultant, Doyle explains how CTI roles are evolving to meet expanding demands. "Organizations use CTI for one of three reasons," he shares. "You've saved the company money, you're making the company money, or you're improving efficiency." This value-driven approach has transformed how CTI teams position themselves in the security ecosystem.The conversation explores frameworks revolutionizing how teams measure their impact, including the CTI-CMM with its newly developed metrics system. Doyle also highlights unexpected partnerships forming between threat intelligence and other business units—from security awareness to HR—as threats like North Korean IT workers infiltrating legitimate companies create challenges that span traditional departmental boundaries.For practitioners seeking growth, Doyle maps out the conference landscape from Washington DC's CyberWarCon to European events like FIRST CTI, noting that despite the industry's introverted reputation, these gatherings feature "the smartest people in the world who are super humble" and eager to share knowledge. He also details how AI is transforming intelligence workflows, enabling resource-constrained teams to operate at much higher capacity while maintaining the critical human judgment that separates great analysis from mere data processing.Whether you're building a CTI program, looking to prove your team's value, or simply curious about how intelligence tradecraft translates from government to private sector, this conversation offers practical insights into an industry where collaboration remains the ultimate competitive advantage. As Doyle concludes, "The more opportunity we have to work with each other and grow from one another, the better off we're going to be."Resources:https://cti-cmm.org/https://medium.com/@likethecoinshttps://klrgrz.medium.com/https://services.google.com/fh/files/misc/cti-analyst-core-competencies-framework-v1.pdfhttps://www.sans.org/white-papers/2025-cti-survey-webcast-forum-navigating-uncertainty-todays-threat-landscape/Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
--------
53:34
--------
53:34
Season 1 - Episode 6 (Pedro Kertzman & Aaron Roberts)
What happens when you combine the precision of open-source intelligence with the strategic focus of cyber threat intelligence? Aaron Roberts, founder of Prospective Intelligence and author of "Cyber Threat Intelligence: The No-Nonsense Guide for CISOs and Security Managers," reveals the powerful intersection where these disciplines meet.Aaron's journey from aspiring football coach to cyber threat expert provides a fascinating backdrop to our conversation. After starting in IT support and gradually moving through cybersecurity roles, he discovered the power of OSINT in identifying threats before they materialize. This evolution shaped his unique perspective on threat intelligence - one that values both commercial tools and grassroots solutions from the OSINT community.The most compelling insights emerge when Aaron discusses the practical realities of threat intelligence on a budget. Rather than viewing financial constraints as limitations, he demonstrates how they can drive innovation. From leveraging free GitHub repositories to repurposing marketing tools for security, Aaron reveals how small and medium businesses can build sophisticated threat detection capabilities without breaking the bank. His mention of C2Tracker - a free tool that can identify command and control infrastructure before many commercial feeds - highlights how open-source approaches sometimes outperform their expensive counterparts.Perhaps most valuable is Aaron's framework for attack surface intelligence. By examining credentials exposed in data breaches and stealer logs, identifying vulnerabilities in internet-facing systems, monitoring brand sentiment, and detecting typosquat domains, he creates a comprehensive view of organizational risk. This methodology helps companies understand how attackers perceive them - vital intelligence for preemptive defense.Throughout our discussion, one theme remains constant: effective threat intelligence requires more than technical prowess. Understanding business context, establishing clear intelligence requirements, and communicating findings effectively transform raw data into actionable insights. As Aaron puts it, "You can spend all day writing reports about ransomware groups, but if you don't understand what the business is trying to do, you can't really protect it."Want to strengthen your organization's security posture through practical, intelligence-led approaches? Connect with us on LinkedIn in the Cyber Threat Intelligence Podcast group to continue the conversation and discover how these principles might apply to your unique security challenges.Send us a textSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.
Canada - english