Back

Showing 5 episodes for Threat Intelligence

#178
June 24, 2024

EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts

Guest:

32:31

Topics covered:

  • Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career?  What do you tell people who assume that “TI = lists of bad IPs”?
  • We heard while prepping for this show that you were involved in breaking up a human trafficking ring: tell us about that!
  • In Anton’s experience, a lot  of cyber TI is stuck in “1. Get more TI 2. ??? 3. Profit!” How do you move past that?
  • One aspect of threat intelligence that’s always struck me as goofy is the idea that we can “monitor the dark web” and provide something useful. Can you change my mind on this one?
  • You told us your story of getting into sales, you recently did a successful rotation into the role of Product Manager,, can you tell us about what motivated you to do this and what the experience was like?
  • Are there other parts of your background that inform the work you’re doing and how you see yourself at Google? 
  • How does that impact our go to market for threat intelligence, and what’re we up to when it comes to keeping the Internet and broader world safe?
#175
June 3, 2024

EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons

Guest:

29:29

Topics covered:

  • Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing?
  • We imagine you learned a lot from what you just described – how’s that impacted your work at Google?
  • How have you seen risk management practices and outcomes differ?
  • You now lead Google Threat Horizons reports, do you have a vision for this? How does your past work inform it?
  • Given the prevalence of ransomware attacks, many organizations are focused on external threats. In your experience, does the risk of insider threats still hold significant weight? What type of company needs a dedicated and separate insider threat program?
#156
January 22, 2024

EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive

Guest:

29:29

Topics covered:

  • Could you give us a brief overview of what this power disruption incident was about?
  • This incident involved both Living Off the Land and attacks on operational technology (OT). Could you explain to our audience what these mean and what the attacker did here?
  • We also saw a wiper used to hide forensics, is that common these days?
  • Did the attacker risk tipping their hand about upcoming physical attacks? If we’d seen this intrusion earlier, might we have understood the attacker’s next moves?
  • How did your team establish robust attribution in this case, and how they do it in general? How sure are we, really? 
  • Could you share how this came about and maybe some of the highlights in our relationship helping defend that country?
#155
January 15, 2024

EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?

Guest:

  • Derek Reveron, Professor and Chair of National Security at the US Naval War College
  • John Savage, An Wang Professor Emeritus of Computer Science of Brown University
29:59

Topics covered:

  • You wrote a book on cyber and war, how did this come about and what did you most enjoy learning from the other during the writing process?
  • Is generative AI going to be a game changer in international relations and war, or is it just another tool?
  • You also touch briefly on lethal autonomous weapons systems and ethics–that feels like the genie is right in the very neck of the bottle right now, is it too late?
  • Aside from this book, and the awesome course you offered at Brown that sparked Tim’s interest in this field, how can we democratize this space better? 
  • How does the emergence and shift to Cloud impact security in the cyber age?
  • What are your thoughts on the intersection of Cloud as a set of technologies and operating model and state security (like sovereignty)? Does Cloud make espionage harder or easier? 
#147
November 8, 2023

EP147 Special: 2024 Security Forecast Report

Guest:

25:25

Topics covered:

  • Can you really forecast threats? Won’t the threat actors ultimately do whatever they want?
  • How can clients use the forecast? Or as Tim would say it, what gets better once you read it?
  • What is the threat forecast for cloud environments? “Cyber attacks targeting hybrid and multi-cloud environments will mature and become more impactful“ - what does it mean?
  • Of course AI makes an appearance as well: “LLMs and other gen AI tools will likely be developed and offered as a service to assist attackers with target compromises.” Do we really expect attacker-run LLM SaaS? What model will they use? Will it be good?
  • There are a number of significant elections scheduled for 2024, are there implications for cloud security?
  • Based on the threat information, tell me about something that is going well, what will get better in 2024?