by Team Cymru
Welcome to the Future of Threat Intelligence podcast, where we explore the transformative shift from reactive detection to proactive threat management. Join us as we engage with top cybersecurity leaders and practitioners, uncovering strategies that empower organizations to anticipate and neutralize threats before they strike. Each episode is packed with actionable insights, helping you stay ahead of the curve and prepare for the trends and technologies shaping the future.
Language
🇺🇲
Publishing Since
6/28/2022
Email Addresses
0 available
Phone Numbers
0 available
April 10, 2025
Jill Rhodes, SVP & CISO at Option Care Health, shares her unconventional journey from international development lawyer stationed in Bolivia and Moscow to healthcare leader, where she built the security program from the ground up as the organization’s first CISO. Jill outlines for David how a transformative assignment at an intelligence agency sparked her cybersecurity passion before she helped build cloud environments for the intelligence community. Now, she’s leveraging this background to develop what she calls the rainbow of security — a visual security model for board communications — while building a security culture so pervasive that employees discuss security without her team present. Her approach, balancing legal analytical thinking with strategic security vision, demonstrates how healthcare CISOs can navigate a complex regulatory landscape of HIPAA plus 50 different state laws while maintaining the essential visibility needed for comprehensive threat intelligence. Topics discussed: - Transforming organizational behavior through the Ambassador Program that deploys 100+ non-technical employees as security advocates. - Conducting pre-meeting content reviews with non-technical audiences including family members and business partners to ensure security concepts are translated from technical language into business value propositions. - Navigating the complex healthcare regulatory landscape that requires simultaneous compliance with federal HIPAA requirements and 50 distinct state privacy laws versus the unified security framework of intelligence agencies. - Implementing the rainbow of security visualization framework that maps security controls from perimeter to internal systems, making complex security architecture understandable to board members while facilitating threat intelligence integration. - Building security teams through maturity-based prioritization by conducting comprehensive security maturity assessments before hiring, then strategically filling gaps starting with technical experts to complement leadership’s strategic orientation. - Measuring security program effectiveness through cultural integration metrics rather than technical KPIs by tracking whether security considerations arise organically in conversations when security personnel aren’t present. - Applying intelligence community verification methodology to threat intelligence by requiring multiple non-derivative data sources to validate information, particularly crucial as healthcare-specific threat intelligence accessibility has declined. Key Takeaways: - Implement a security ambassador program by recruiting non-technical employees across your organization to meet monthly, discuss security topics relevant to both work and personal life, and serve as security advocates within their departments. - Translate technical security concepts for board presentations by testing your content on non-technical family members and business partners first — if they don’t understand it, executives won’t either. - Construct your security team strategically by first conducting a comprehensive security maturity assessment to identify gaps, then hiring for skills that complement leadership’s background rather than duplicating existing expertise. - Develop a visual security framework that maps controls from perimeter to internal systems, making complex architecture understandable to executives while providing structure for threat intelligence integration. - Measure security program effectiveness through cultural indicators rather than just technical metrics, specifically tracking whether security considerations arise organically in conversations when security personnel aren’t present. - Validate threat intelligence using the intelligence community verification methodology by requiring multiple non-derivative data sources before acting on information, especially important as healthcare-specific intelligence becomes less accessible.
March 20, 2025
In this episode of The Future of Threat Intelligence, Dmitri Alperovitch, Co-founder & Executive Chairman at Silverado Policy Accelerator and Author of World on the Brink: How America Can Beat China in the Race for the 21st Century, delivers a stark warning about the second Cold War with China that's unfolding, from military and nuclear arms races to space competition and technological rivalry. Dmitri also shares how the Volt Typhoon intrusions represent deliberate "preparation of the battlefield" for potential conflict. He explains why Salt Typhoon could represent one of America's greatest counterintelligence failures. Topics discussed: The evolution of Chinese cyber operations from noisy, sloppy techniques in 2010 to today's sophisticated threats that represent unprecedented counterintelligence failures. How the Volt Typhoon intrusions into critical infrastructure serve as "preparation of the battlefield" designed to impede America's ability to defend Taiwan during potential conflict. The concrete evidence of China's Taiwan invasion preparations, including specialized bridge barges designed to land armored forces directly onto Taiwan's highways. Why Taiwan's 40% share of global semiconductor manufacturing creates catastrophic economic risk that could trigger a 5% compression in global GDP if disrupted. The fundamental flaw in prevention-focused security models and why CrowdStrike's hunt-focused approach better addresses persistent nation-state threats. Why the concept of "deterrence by denial" fails in cyberspace, unlike in physical warfare where anti-ship capabilities and other tactics can effectively deter invasion. The organizational dysfunction in US government cybersecurity, where even CISA lacks operational control over civilian networks and agencies operate in silos. Key Takeaways: Implement a hunt-focused security strategy that assumes adversaries will penetrate initial defenses, allocating resources to rapidly detect and eject intruders during their post-exploitation activities before they can accomplish objectives. Evaluate your organization's target value to nation state actors rather than simply comparing your defenses to industry peers, recognizing that highly valuable targets will face persistent campaigns lasting years, regardless of defensive measures. Acknowledge the inherent tension between security and availability requirements in your industry, developing tailored frameworks that balance operational resilience against the risk of catastrophic compromise. Diversify semiconductor supply chains in your technology procurement strategy to reduce dependency on Taiwan-manufactured chips, preparing contingency plans for severe disruptions in global chip availability. Incorporate geopolitical risk analysis into your security planning, particularly regarding China-Taiwan tensions and the projected window of heightened vulnerability identified by intelligence experts. Revise incident response playbooks to address sophisticated nation-state intrusions like Volt Typhoon that target critical infrastructure as "preparation of the battlefield" rather than immediate data theft. Establish clear security governance across organizational silos, addressing the dysfunction that plagues even government agencies where CISA lacks operational control over civilian networks. Shift security metrics from prevention-focused measurements to detection speed, dwell time reduction, and ability to prevent objective completion even after initial compromise. Challenge assumptions about deterrence by denial in your security architecture, recognizing that unlike physical defenses, cyber adversaries have virtually unlimited attack vectors requiring fundamentally different defensive approaches. Prioritize protection of your most valuable digital assets based on adversary objectives rather than spreading resources evenly, recognizing that nation-state actors will specifically target strategic information regardless of general
March 13, 2025
What happens when Microsoft’s on-premises security falls behind while cloud innovation accelerates? In this episode of The Future of Threat Intelligence, Wes Miller, Research Analyst for Microsoft Identity, Security, and Management at Directions on Microsoft, pulls back the curtain on Microsoft’s fragmented security landscape. Having survived the historic Windows security push during his 7 years at Microsoft and spent the last 15 years analyzing their enterprise strategy, Wes delivers an insider’s perspective on why vulnerable legacy systems like Exchange Server, Certificate Services, and Federation Services have become prime attack vectors while Microsoft focuses its innovation almost exclusively on cloud services. He also walks David through why organizations are struggling with critical misconceptions about Entra ID, reveals how Microsoft’s release notes contain hidden threat intelligence, and shares tactical approaches to influence Microsoft’s security roadmap through strategic stakeholder relationships. Topics discussed: - The critical security gap between Microsoft’s cloud-focused investments and neglected on-premises systems like Exchange, Certificate Services, and Federation Services. - How analyzing Microsoft Defender update notes provides a ”hidden” threat intelligence feed that reveals emerging attack patterns targeting enterprise environments. - The misconception that Active Directory and Entra ID are similar systems, when they require fundamentally different security approaches. - Why entitlement management represents the essential intersection between security and identity teams, connecting HR processes directly to access lifecycles. - The strategic challenge of harmonizing legacy and cloud identity systems while protecting non-Microsoft workloads in increasingly Microsoft-centric environments. - Practical methods for large enterprises to influence Microsoft’s security roadmap through targeted stakeholder relationships and coordinated feedback. - How certificate servers often operate as ”forgotten infrastructure” within organizations, creating prime attack vectors that Microsoft’s Defender for Identity is specifically designed to detect. - The threat of Microsoft potentially limiting third-party identity provider integration capabilities, and strategies for maintaining ecosystem diversity. Key Takeaways: - Monitor Microsoft Defender release notes to identify emerging attack patterns that Microsoft is actively detecting across their customer base, providing valuable threat intelligence without additional cost. - Implement entitlement management systems that connect HR processes directly to identity lifecycles, ensuring proper access provisioning and deprovisioning throughout employee transitions. - Audit your on-premises certificate servers and federation services which often operate as ”forgotten infrastructure” and represent prime attack vectors. - Develop a comprehensive strategy for synchronizing Active Directory and Entra ID, recognizing their fundamental architectural differences rather than treating them as interchangeable systems. - Establish strategic relationships with Microsoft stakeholders to influence their security roadmap, leveraging coordinated feedback when features don’t align with real-world enterprise security needs. - Harmonize legacy and cloud identity systems by mapping complete workflows and identifying potential integration gaps between Microsoft’s on-premises and cloud-based security tools. and more! Join us for the 15th anniversary of RISE in San Francisco this April 8-9, where cybersecurity professionals, law enforcement, and threat intelligence analysts come together for two days of TLP-RED content sharing and hands-on collaboration in the fight against cybercrime. Apply now at http://www.cymru.com/rise.
David Spark, Mike Johnson, and Andy Ellis
Johannes B. Ullrich
CISO Series
Patrick Gray
risky.biz
Graham Cluley & Carole Theriault
N2K Networks
Malicious Life
N2K Networks
Jim Love
Recorded Future News
Hacked
Jack Rhysider
SpyCast
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at [email protected] for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.