Recorded Future - Inside Threat Intelligence for Cyber Security

By Recorded Future

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in iTunes

Open RSS feed

Open Website

Rate for this podcast


Recorded Future takes you inside the world of cyber threat intelligence. We’re sharing stories from the trenches and the operations floor as well as giving you the skinny on established and emerging adversaries. We also talk current events, technical tradecraft, and offer up insights on the big picture issues in our industry. Join the Recorded Future team, special guests, and our partners from the CyberWire to learn everything you want to know (and maybe some things you’d rather not know) about the world of cyber threat intelligence.

Episode Date
069 A CISO's Journey From City to the Private Sector

Our guest is Gary Hayslip. He’s vice president and chief information security officer at Webroot, a cybersecurity and threat intelligence company. Prior to joining Webroot he was the CISO for the city of San Diego, and before that served active duty with the U.S. Navy and as a U.S. Federal Government employee.

He’s the author of the "CISO Desk Reference Guide," and is an active cyber evangelist and popular keynote speaker.

He shares his thoughts on team building, recruiting talent in a highly competitive jobs market, and the importance of actionable threat intelligence.

Aug 13, 2018
068 Protecting Missiles From Malware

Raytheon is one of the largest defense contractors in the world, with over 60 thousand employees and annual revenues near $25 billion. They’ve been in business for nearly a hundred years, with humble beginnings in vacuum tube manufacturing, RADAR systems and microwaves during World War II, and post-war expansions into everything from missiles and aircraft to refrigeration and robotics.

Our guest today is Michael Daly, chief technology officer for cybersecurity at Raytheon. He shares his experiences spinning up a cybersecurity team at Raytheon, the challenges of doing so within such a large organization, and the importance of a strong corporate culture to ensure safety and security.


Aug 06, 2018
067 Quantifying Cyber Risk

This week we’re joined by Alexander Schlager, executive director of security services at Verizon. He has experience in both the technical and sales sides of the communications and security worlds, having gained experience in a variety of positions around the globe. Our conversation focuses on his belief that organizations need to concentrate on quantifying their cyber risk, and using what they learn to evaluate and plan their security programs. He explains why Verizon invests in reports like the DBIR and the Verizon Risk Report, and of course, we’ll get his take on the importance of threat intelligence.

Jul 30, 2018
066 Securing Your Firmware

These days, most of us have a pretty good handle on protecting the software our computers run from viruses and other types of malware. We’re careful about downloading and installing software from unknown, insecure sources, and run antivirus applications to help keep everything safe. But what about the system-level code that runs deep within the devices we rely on every day? What about the firmware?

Our guest today is Terry Dunlap. He’s CEO and co-founder of ReFirm Labs, a tech startup that’s focused on firmware — analyzing the code and helping manufacturers, organizations, and governments ensure their devices haven’t been compromised. He’s got a colorful history that includes teenage hacking, time at the NSA, and the founding of several companies.


Jul 23, 2018
065 Enabling Deeper Board-Level Understanding

Our guest today is Bryan Littlefair. He’s CEO at Cambridge Cyber Advisers, and previously held the Global CISO position at Aviva and Vodafone Group. His current focus is working with board-level executives to enable a deeper understanding of cybersecurity and how it relates to business risk. He shares his thoughts on the communications gap between IT professionals and board members, effective ways to overcome it, and the importance of threat intelligence in gauging risk and setting priorities.

Jul 16, 2018
064 How to Keep Finished Intelligence Fresh

Our guest today is Storm Swendsboe. He’s an analyst services manager at Recorded Future, leading a team of intelligence analysts providing on-demand reports for their customers. In our conversation he explains the different types of reports his team provides, with a focus on finished intelligence. Swendsboe answers questions like where does finished intelligence it fits in an organization’s threat intelligence strategy? How it can be customized for specific audiences? And how to make sure a report doesn’t quickly become out of date the moment it’s published.  

Jul 09, 2018
063 Protecting Critical Infrastructure

Our guest today is Joe Slowik. He works in adversary hunting and threat intelligence at Dragos, a company specializing in securing industrial control systems and critical infrastructure. He shares the story of his unconventional path to a career in security, including time in the U.S. Navy and at Los Alamos National Labs, where protecting scientists, engineers, and researchers presented its own unique set of challenges. He shares his informed opinions on threat intelligence, with tips on how, in his view, many organizations could benefit from adjusting their focus and their approach.

Jul 02, 2018
062 Securing the C-Suite

In this episode of the Recorded Future podcast, we explore the unique challenges associated with securing your C-Suite executives. Not only are they attractive targets for scammers and fraudsters, when it comes to security, they’re often afforded a level of flexibility and deference not given to other employees. What’s the most effective approach for educating executives on the critical role of security, and how do you extend that behavior beyond the office walls? In a world where business email compromise and phishing run rampant and attacks happen at the hardware DNA level, translating security strategy to the common language of risk management can be an effective approach.

Joining us once again to address these questions is Dr. Christopher Pierson, CEO at Binary Sun Cyber Risk Advisors.

Jun 25, 2018
061 How to Empower Teams With Threat Intelligence

In this episode of the Recorded Future podcast, we examine how threat intelligence applies to a variety of roles within an organization, and how security professionals can integrate it to empower their team to operate with greater speed and efficiency. How does threat intelligence apply to SOCs, to incident response, or vulnerability management? And how do corporate leaders make the case that threat intelligence is a worthwhile investment?

Joining us to address these questions is Chris Pace, technology advocate at Recorded Future.

Jun 18, 2018
060 Optimizing the Intelligence Cycle at Optum

Our guest today is Vince Peeler. He’s the manager of cyber intelligence services at Optum, one of the largest healthcare and services providers in the world. He shares his unlikely journey from a career as a naval aviator to cybersecurity, and how lessons he learned in the military help inform his approach to cyber threats today. We’ll also focus on the intelligence cycle, and the role it can play in organizing and focusing the efforts of cybersecurity teams. He offers tips on integrating threat intelligence, and making the most of automation to enable your analysts to maximize their effectiveness.

Jun 11, 2018
059 Keeping Verizon's DBIR Trusted and Relevant

Each year Verizon publishes its Data Breach Investigation Report, or DBIR, the annual survey of the state of cybersecurity using data gathered from tens of thousands of incidents from around the world. It’s earned a reputation as a must-read report, for its thoroughness and approachability.

Marc Spitler is a senior manager of Verizon Security Research, and one of the lead authors of the report. He joins us to share the behind-the-scenes story of what goes into the DBIR, how his team chooses the year’s hot topics, and how they protect their efforts from undo influence.


Jun 04, 2018
058 McAfee's Steve Povolny Leads Threat Research

Our guest today is Steve Povolny, head of advanced threat research at McAfee. We’ll learn how he came to lead his team of researchers at the well-known security company, his philosophy on leadership, and why investing in research makes sense for McAfee (and most companies). We’ll also cover how to strike a balance between maintaining a healthy competitive advantage in the marketplace, while contributing to the larger threat research community and helping to make the world a safer place. He shares his thoughts on threat intelligence, why he believes it’s grown in importance for most organizations, and we’ll get his advice on choosing what kinds of services you might need.

May 29, 2018
057 ICS Security Concerns Explained

Our guest today is Joe Weiss. He’s the managing partner of Applied Control Solutions, a firm that provides consulting services to optimize and secure industrial control systems. He’s been in the industry for over 40 years and has earned a reputation as an outspoken and sometimes contrarian advocate for improved ICS security. He’s been a featured speaker at dozens of conferences, has written countless book and articles, and has testified before Congress multiple times.

Our conversation centers on what he sees as critical shortcomings in the current approach to securing critical infrastructure, including the electrical grid, manufacturing, railways, and water supplies. Are IT and OT professionals simply talking past each other, or is there more to it than that? Joe Weiss has strong opinions on that and many other topics, opinions formed from a long, fruitful career fighting to keep those systems safe.

May 21, 2018
056 Iran Retaliation Likely After Nuclear Deal Dropped

For the past six month or so, researchers in Recorded Future’s Insikt Group have been dissecting the structure of cyber operations groups within the Islamic Republic of Iran. In recent years that nation has regularly used offensive cyber campaigns in response to sanctions or other provocations. On May 8, 2018, President Trump announced the U.S. will withdraw from the Iran nuclear deal, leading to concerns that Iran is likely to respond with cyberattacks on Western businesses.

Levi Gundert joins us once again to provide context to the situation. He’s one of the authors of a newly published report from Recorded Future, titled, “Iran’s Hacker Hierarchy Exposed.” The report describes a culture of distrust and a tension between the desire for technical capabilities versus religiosity.

May 14, 2018
055 Former GCHQ Andy France Targets Big Cyber Problems

We welcome cybersecurity leader and entrepreneur Andy France, in a conversation led by Recorded Future Co-Founder and CEO Christopher Ahlberg. Andy France’s career in cybersecurity spans over four decades, including positions as the deputy director of cyber defense for the UK government, along with positions at Darktrace, Deloitte, GSK, and Lloyds Banking Group. He serves on a number of cybersecurity advisory boards, and is currently the co-founder and director at Prevalent AI.

Andy France addresses the “big-picture” items in cybersecurity, considering what it might take to fix, once and for all, the fundamental issues security professionals face. He considers the often-used comparison of cybersecurity to public health, and provides advice on effective implementation of threat intelligence.

May 07, 2018
054 NYC CISO Geoff Brown on Public Privacy and Security

This week we welcome back to our show Geoff Brown, chief information security officer for the City of New York. In a city with 8 million citizens that’s also a global center of commerce, innovation, and tourism, protecting the public when they use publicly available online resources is an effort toward making everyone safer.

New York City’s leadership is in the process of implementing a new initiative they’re calling “NYC Secure” that aims to better protect the city’s residents, workers, and visitors from cyber threats. Geoff Brown describes the new initiative, and explains how it could serve as a model for other municipalities and communities around the world.


Apr 30, 2018
053 The Importance of Adversarial Focus

Our guest today is Greg Reith. Greg began his career with U.S. Army Special Forces with a specialty in operations and intelligence. His experience includes counter intelligence, analysis, and collection at both tactical and strategic levels. At the end of his career in the military, he transitioned into Information Technology and was an information systems security officer. Most recently, Greg led the T-Mobile threat intelligence team as a senior security engineer and developed the T-Mobile threat intelligence strategy.

We’ll learn about his career, get his thoughts on leadership and assembling teams, and how he’s learned to integrate threat intelligence into his work. He’ll also describe a technique called “adversarial focus.” We’ll learn what that is and why it’s important to understand.


Apr 23, 2018
052 7 of the Top 10 Vulnerabilities Target Microsoft

Researchers at Recorded Future recently published a report titled, “The Top 10 Vulnerabilities Used by Cybercriminals.” The report reveals that seven out of the top 10 most exploited vulnerabilities in 2017 targeted Microsoft products.

We’ve got pair of experts from Recorded Future to take us through their findings. Scott Donnelly, vice president of technical solutions, looks at the technical side of the research and what the findings represent in terms of trends. A little later in the podcast we’ll hear from Adrian Porcescu, EMEA professional services manager, for his take on the practical implications of the report’s findings, and how organizations can use this information for setting priorities and planning their defenses.

Apr 16, 2018
051 Graham Cluley on Privacy, IoT Risks, and Ransomware

Graham Cluley is well known in the cybersecurity industry as a popular speaker, writer, independent security analyst, and cohost of the Smashing Security podcast. He’s had senior roles at Sophos and McAfee, and is a member of the Infosecurity Europe Hall of Fame.

He joins us this week for a wide-ranging conversation, including his humble beginnings writing software to protect against malware before that was really even a thing, his thoughts on the latest trends and techniques the bad guys are using, and how we as a community should protect ourselves against them. And, of course, we get his take on threat intelligence, and why he thinks it’s playing an ever-increasing role as organizations stand up their cyber defense strategies.

Apr 09, 2018
050 CSO Jim Routh Leads Aetna’s Pioneering Security Team

Jim Routh is chief security officer of Aetna, a Fortune 500 company offering health care, dental, pharmacy, group life, disability, and long-term care insurance and employee benefits. With annual revenue exceeding 60 billion dollars and nearly 50 thousand employees, there’s a lot to secure.

In this episode, we explore Jim Routh’s career path, the unique challenges he faces as CSO for such a large public company, how he delegates authority and manages his time, his approach to threat intelligence, and his somewhat contrary approach to communicating risk with the Aetna board. We learn about Aetna’s move away from using Social Security numbers as identifiers, as well as their efforts to phase out traditional password-based user logins, all in the name of improving customer convenience and security. He also explains his adoption of model-driven security and the rise of unconventional controls.


Apr 02, 2018
049 Optiv’s Stu Solomon on Threat Intelligence in a Changing Industry

Christopher Ahlberg is CEO of Recorded Future, and this week he leads a conversation with Stu Solomon, chief technology and strategy officer at Optiv, a leading provider of end-to-end cybersecurity solutions.

It’s a wide-ranging discussion, exploring Stu’s experience as a long-time cybersecurity professional, including time in the military, along with his thoughts on effective hiring practices, the changes he’s seen in the industry, the differences between being a great consumer or producer of intel, and where he sees things heading in the future. Stu shares his thoughts on threat intelligence, including thought-provoking views on what to include in threat intelligence reports, how to cut through the noise, and the swinging pendulum of cybersecurity tradecraft.


Mar 25, 2018
048 Resiliency in the Face of High-Profile Breaches and Trendy Threats

There’s a natural tendency, not just in cyber security, to be drawn to bright, shiny objects. If you’re a security professional, you’ve likely had to respond to questions from management and your coworkers about the latest high-profile breach or ransomware incident. For sure, that’s part of the job, but how do you make sure you’re not spending too much time reacting to the latest threat, when you could be strengthening your internal resiliency plans? On today’s episode of the Recorded Future podcast, we address the downside of headline chasing, and the need for resiliency within security, so that basic, fundamental tasks don’t lead to mass chaos within organizations.

We’ve got two guests today, Zak and Ryan. They are both high-level security professionals at a major financial services organization, and in order to minimize the number of hoops they’d have to jump through to get permission from their employer to appear on our show, we’re going to respect their request to keep things on a first name basis.

Mar 19, 2018
047 Chinese Government Alters Threat Database Records

In episode 29 of this podcast we heard from Bill Ladd, Chief Data Scientist at Recorded Future, about the differences between the US and Chinese cyber threat vulnerability reporting systems. He pointed out the difference in speed-of-publishing between the two, with the Chinese generally being faster, as well as their conclusion that the Chinese National Vulnerability Database (CNNVD) is essentially a shell for the Chinese MSS, the Ministry of State Security. This being the case, there’s evidence that the Chinese evaluate high-threat vulnerabilities for their potential operational utility before releasing them for publication.

Since then, researchers at Recorded Future have taken another look at the CNNVD and discovered the outright manipulation of publication dates of vulnerabilities. Priscilla Moriuchi is Director of Strategic Threat Development at Recorded Future, and along with Bill Ladd she’s coauthor of their research analysis, “Chinese Government Alters Threat Database Records.” She joins us to discuss their findings, and their broader implications.

Mar 09, 2018
046 False Flags From Olympic Destroyer

The 2018 Olympic Games in PyeongChang recently concluded, but not without attempts at disruption from cyberattackers. A major telecom and IT provider was targeted with a multi-pronged campaign to gather credentials, move laterally within networks, and destroy data. It borrows bits of code from previously known campaigns, and was an aggressive effort to spread quickly and cause maximum damage to systems.

Greg Lesnewich is a threat intelligence analyst with Recorded Future’s Insikt Group, and he joins us to provide an overview of the malware campaign named Olympic Destroyer. We’ll get technical details, as well as a sense for why attribution is notoriously difficult in cases like this, and whether or not we’re seeing evidence of a false flag operation.


Mar 05, 2018
045 McAfee's Michael Rea on Managing Formal Intelligence Requirements

Our guest today is Michael Rea. He’s a threat intelligence professional currently working at McAfee. He’s got prior experience in the US Navy, serving at sea and at shore, including positions at Cyber Command and NSA. We’ll discuss his career, how threat intelligence differs between the military and the private sector, and why it’s valuable to formalize the management of your threat intelligence requirements, how best to do that, and why that helps make IT teams more effective. He explains the importance of identifying the use case for threat intelligence, and how to best cut through marketing noise and hype to make sure your threat intelligence provider aligns with your organization’s needs.

Feb 26, 2018
044 Takeaways From the Gartner Threat Intelligence Market Guide

The research and advisory firm Gartner recently took a closer look at security threat intelligence, and published a comprehensive report with their findings, the Gartner Market Guide for Security Threat Intelligence Products and Services. The report explains the different use cases for threat intelligence, makes recommendations for how best to implement it in your organization, and provides guidance on evaluating vendors.

In this episode of the Recorded Future podcast we are joined once again by Allan Liska, senior threat intelligence analyst at Recorded Future, to walk through some of the key takeaways from the Gartner report, and to see how the report aligns with Allan’s experience.

You can download a free copy of the report at:

Feb 19, 2018
043 Litecoin Set to Leapfrog Leading Cryptocurrencies

You’d have to be living under a virtual rock to not have noticed that virtual currencies like Bitcoin have taken off, attracting investors, speculators, and, of course, criminals, all looking to profit from the enthusiasm surrounding these cryptocurrencies. Bitcoin has been the gold standard in online currency exchange for bad guys, but its surging popularity has led to recent slowdowns in transaction processing speed and increased transaction fees. This has prompted criminals to start looking elsewhere, to other virtual currencies like Dash, Monero, and Litecoin.

Andrei Barysevich is Recorded Future’s director of advanced collection, and he’s the co-author of a recent blog post titled, “Litecoin Emerges as the Next Dominant Dark Web Currency.” He’ll take us through the research from Recorded Future’s Insikt Group explaining what factors cause groups of online fraudsters to switch from one cryptocurrency to another.

Feb 12, 2018
042 Understanding Your Environment and Communicating the Threat

Building a successful threat intelligence operation and team involves many important considerations. What are your organizations critical assets, who are your potential adversaries, and how do you best communicate with the rest of your organization to ensure your efforts are properly focused and your conclusions properly understood and implemented?
Our guest today is AJ Nash. He’s the cyber threat intelligence evangelist and manager of intelligence services at Symantec. It’s a big company, offering a diverse array of cybersecurity products and services, with some well-known brands like Norton and LifeLock, as well as threat intelligence products and services.

Our conversation covers a wide range of topics, including the foundations of intelligence and the intelligence life cycle, the challenges of moving from the military to the private sector, leadership styles, and how to be sure you’re asking the right questions when it comes to threat intelligence.

Feb 05, 2018
041 Where Does a SIEM Fit In?

In today’s episode, we’re talking SIEMs. That’s short for security information and event management, and it typically describes software or services that provide real-time logging and analysis of security alerts. A SIEM gathers information from a variety of network software and devices and correlates, aggregates, and alerts users of issues requiring attention. They can monitor and manage user access privileges, help with compliance through the automated gathering of relevant data, and provide users with the ability to aggregate and analyze log files that might be spread across the network.

Monzy Merza is head of security research at Splunk, a well-known SIEM provider, and he joins us to share his thoughts on SIEMs, how they fit into the security lifecycle, where threat intelligence comes in, and how successful organizations are best utilizing them.

Jan 29, 2018
040 North Korea Targets South Korean Cryptocurrency

Facing sanctions from much of the rest of the world, North Korea has turned to cybercrime to help finance their operations. The Lazarus Group is well known as a state-sponsored team of criminal hackers serving North Korean interests, and in 2017 they set their sights on cryptocurrency users and exchanges in South Korea with a spear phishing campaign. Additionally, they’ve targeted South Korean college students interested in foreign affairs, part of a group called “Friends of MOFA” (Ministry of Foreign Affairs).

Juan Andres Guerrero-Saade is a principal security researcher for Recorded Future’s Insikt Group, and he joins us to help explain what the North Koreans are up to, the methods and tools they are using, just how sophisticated they may or may not be, and why, in the end, sophistication might not really matter much.

Jan 22, 2018
039 Protecting Philips Healthcare From Cyber Threats

Philips is a company with a long, storied history, going back over 120 years, and many technological achievements to brag about. From light bulbs to radios, consumer devices like electric shavers, the compact cassette, and the co-invention of the compact disc along with Sony, they’ve been an innovative, influential company for generations.

These days, Philips primarily focuses on healthcare, and they employ over 100,000 people in 60 countries.

Praveen Sharma is one of those employees, and our guest today. She’s the director of the cyber research and development center at Philips Healthcare, where she leads a team responsible for developing in-house tools and concepts that help Philips rapidly detect and respond to existing and emerging threats. She is also responsible for looking at the cyber technologies that are on the horizon and the risks of these technologies to Philips.

Jan 15, 2018
038 The 5 Most Relevant Questions for a SOC Analyst

Our guest today is Denver Durham. He’s a threat intelligence consultant at Recorded Future, with a background in the U.S. Army as an intelligence analyst, working in signals intel and all-source intel supporting counterterrorism,and later in the private sector in a SOC (security operations center) as a cyber threat analyst, performing attribution and analytics.

On today’s show, he takes us through what he believes are some of the most relevant questions for a SOC analyst, including collecting and prioritizing indicators of compromise, handling news feeds, managing firewall alerts, and performing trend analysis. We’ll learn about the types of reports a SOC analyst is likely to generate, how to make good use of some third-party rules, and he’ll share his advice for anyone considering a career as a SOC analyst.

Jan 08, 2018
037 2017 Cybersecurity in Review and Predictions for the New Year

Whether you felt 2017 flew by or you just couldn’t wait for it to be over, from a cybersecurity point of view there’s no question it was an interesting year. There was something for everyone, including ransomware, botnets, major data breaches, IoT issues, as well as business and policy concerns.

Our guest today is Dr. Chris Pierson. He’s the CEO and founder of Binary Sun Cyber Risk Advisors, and a familiar voice for those of us who follow cybersecurity. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a distinguished fellow of the Ponemon Institute. 

Together, we’ll take a look back at 2017 and try to make sense of what it all means as we head into the new year, what 2018 may have in store for the cybersecurity industry, and how best to prepare.

Jan 02, 2018
036 Dispelling Cybersecurity Myths

In this episode, we have a conversation with Gavin Reid, chief security architect at Recorded Future. Before joining Recorded Future, he helped design the systems that protect organizations like NASA, Cisco, and Fidelity. We’ll get his take on the state of the industry, and why he believes there are a number of cybersecurity myths that are in need of being dispelled, including the notion that companies need to “do more with less.” Are boards of directors finally getting up to speed and recognizing the realities of their defensive postures? What are some of the most effective ways to make sure the basics are being taken care of, all while managing the practical challenges of the busy day-to-day demands of a modern corporate environment? The tools are available, according to Reid. The trick is knowing how to best implement them.

Dec 18, 2017
035 Predicting Future Threats With Machine Learning

In this episode, we take a closer look at some of the specifics of artificial intelligence and machine learning, and how cybersecurity professionals can benefit from including these tools in their threat intelligence arsenals. We’ll discuss clustering, natural language processing or NLP, and supervised learning, and we’ll find out why combining the talents of humans with the speed and analytical capabilities of computers, the so-called digital centaurs, could provide even more powerful solutions in the future.

Joining us are two experts in machine learning. Christopher Sestito is manager of threat intelligence at Cylance, a company that’s all-in when it comes to AI technology, and Staffan Truvé, co-founder and chief technology officer at Recorded Future.

4 Ways Machine Learning Is Powering Smarter Threat Intelligence
By Staffan Truvé

Dec 11, 2017
034 ICS is Serious Business, But There's No Need to Panic

There’s been a good bit of attention aimed at Industrial Control Systems (ICS), lately, the systems that monitor and help keep our critical infrastructure running. The electrical grid tends to get the most attention, but ICS includes water, dams, communications systems, pipelines, natural gas, transportation, and other process control systems. As more and more of these systems get connected to the internet they can make an attractive target for cyber criminals or state actors who are up to no good.  

Our guest this week is Robert M. Lee. He’s CEO at Dragos , a company dedicated to the security of critical systems. Before Dragos he was in the U.S. Air Force, where he served as a Cyber Warfare Operations Officer in the U.S. Intelligence Community.

Dec 04, 2017
033 AI, Robots, and Cyborgs — Inside IoT with Chris Poulin

In this episode of the Recorded Future podcast we take a closer look at the Internet of Things (IoT). It’s a wide-ranging category, spanning everything from connected thermostats, refrigerators, and security cameras to industrial control systems, self-driving cars, and medical devices. It’s hardly an exaggeration to say that if a device has a power source, somebody is thinking up a way to connect it to the internet. And with that comes opportunities for improving our lives and the world we live in, as well as risks to our security and privacy.

Our guest this week is Chris Poulin. He’s a principal at Booz Allen Hamilton, where he leads the company’s Internet of Things security practice.

Nov 27, 2017
032 The Practical in Practice — Use Cases for Threat Intelligence

In this episode of the Recorded Future podcast, we take a closer look at the practical application of threat intelligence. Some security teams still meet threat intelligence with a skeptical eye, wondering how adding even more information to the flow of data they’re already receiving could improve their security posture. In reality, they’re likely already using some degree of threat intelligence even if they don’t realize it. We’ll explore ways that organizations can determine how much threat intelligence is the right amount, when it’s time to engage with a third-party provider, and when it’s not. We’ll review case studies from FaceBook and Akamai, and we’ll discuss the importance of context when transforming information into intelligence.

Our guide this week is Allan Liska. He’s a Solutions Architect at Recorded Future, and author of the newly published e-book Threat Intelligence in Practice.

Nov 20, 2017
031 No Phishing Allowed

This episode focuses on phishing, where a bad actor pretends to be someone they’re not in order to get a user to reveal information, like a login or password, or to get them to perform a task, like transferring money.

 Phishing has been around for quite a while. Many of us remember breathless email requests from a certain Nigerian Prince looking to share millions of dollars. It’s still around today because it works and it’s inexpensive to do, taking advantage of human nature and most people’s tendency to be helpful and trusting.

 Our guest today is Oren Falkowitz, CEO and founder of Area 1 Security, a company that specializes in protecting organizations from phishing attacks. He describes the history and continued effectiveness of phishing campaigns, the techniques that companies like Area 1 Security use to defend against them, and whether or not he thinks it’s a problem we’ll ultimately solve.


Nov 13, 2017
030 A Look Into the Thriving Dark Web Criminal Market

The recent Equifax breach highlights the vulnerability of our personal data online, and serves as a reminder that there’s an active, thriving, global criminal market for that sort of information.

In this episode of the Recorded Future podcast we return to the dark web, with Recorded Future’s director of advanced collection, Andrei Barysevich as our guide. He’ll separate fact from fiction, and help us gain a better understanding of the mysterious and increasingly volatile world of the online criminal underground. What sorts of information and services are actually available for purchase in these markets, how does law enforcement respond, and what are the challenges of gathering threat intelligence in an environment where trust and anonymity are the coins of the realm?

Nov 06, 2017
029 Why Does the U.S. Lag Behind China in Vulnerability Reporting?

The U.S. National Vulnerability Database, or NVD, is, in part, a collection of security-related reports. Software vulnerabilities are assigned CVE numbers, which stands for common vulnerabilities and exposures, which help track the issues and provide a common reference for referring to a specific flaw. China has a database of their own, the Chinese National Vulnerability Database, or CNNVD. 

Our guest today is Dr. Bill Ladd, chief data scientist at Recorded Future. His team noticed that publicly known vulnerabilities were showing up more quickly in China’s database than in the U.S., quite often taking days instead of weeks. This not only has the potential to put U.S. defenders at a disadvantage, it could also give black hats the upper hand. 

In this episode we’ll learn why the NVD lags behind the CNNVD, why it matters, and what could be done to correct it.

Oct 30, 2017
028 Know the Threat to Beat the Threat

Our guest today is Bob Gourley, author of the book “The Cyber Threat: Know the Threat to Beat the Threat.” Earlier in his career, Bob spent 20 years as a U.S. Navy intelligence officer. One of his last assignments with the military was as director of intelligence for the first Department of Defense cyber defense organization. He’s currently a partner at Cognitio Corp, where he leads research and analysis activities, due diligence assessments, and strategic cybersecurity reviews for clients.

Bob sat down with us at our annual user conference at the Newseum in Washington, D.C. for a wide-ranging conversation on what it was like to define emerging cybersecurity missions for the Department of Defense, the importance of looking back to history as a guide, and the growing need for threat intelligence and basic cyber hygiene.

Oct 23, 2017
027 The Facts on Equifax With John Wetzel

By now, you’ve surely heard that Equifax, one of the largest credit reporting companies in the U.S., suffered a huge data breach. How bad was it? Reports say over 143 million sets of personal information may have been lost on U.S. residents alone, including names, social security numbers, birth dates, addresses, and in some cases driver license numbers. Reports say Equifax neglected to patch a known vulnerability in a timely manner, and took even longer to go public with news of the breach. The story is still developing, but it’s shaping up to be one of the most significant security breaches yet.

John Wetzel is head of threat intelligence training at Recorded Future, and he joins us today to help make sense of what happened to Equifax, how it might have been prevented, and what a breach of this size means for all of us.

Oct 09, 2017
026 NYC CISO Geoff Brown Protects the Greatest City in the World

When someone mentions New York City, there are a variety of images that may come to mind. The Statue of Liberty, the Empire State Building, Times Square, or maybe Wall Street or Central Park. And, of course, 9/11. It’s no wonder the city of New York is often called “the greatest city in the world.”

Mayors of other cities may take issue with that label, but there’s no argument that New York is one of the largest, most important cities in the world, with over eight and half million people.

Geoff Brown is the chief information security officer for New York City, and he’s our special guest today. He heads up New York City Cyber Command, a new cybersecurity organization for the city of New York that works across more than 100 agencies and offices to prevent, detect, respond, and recover from cyber threats.

Oct 02, 2017
025 TTPs From A Through Z With Levi Gundert

You’re likely familiar with the phrase, “know your enemy.” The idea being, the more you know about your adversary, their motivations, methods, and capabilities, the better advantage you’ll have when it’s time to defend yourself.

In cybersecurity threat intelligence, we speak of threat actor tactics, techniques, and procedures, or TTPs. TTPs can come from a variety of sources, including open source, darknets, scanning and crawling, and others, but to turn the raw data from TTPs into actionable intelligence, you need to know how to set your priorities based on your organization’s needs.

Joining us once again to help make sense of all of this is Levi Gundert, vice president of intelligence and strategy at Recorded Future.

Sep 25, 2017
024 Protecting a Global Telecommunications Company

Our guest today is BT’s Vice President, Security UK and Continental Europe, Luke Beeson. Located in London, he leads teams who deliver cybersecurity services to customers, while simultaneously protecting BT’s own systems. We discuss the challenges a large organization like BT faces when it comes to protecting themselves and their clients, the affect the upcoming GDPR regulations may have on the company and organizations around the world, and how they set their priorities across a broad spectrum of products and services. We’ll also get his take on the role of threat intelligence in his day-to-day security strategies.

Sep 18, 2017
023 Analyst and Fantasy Author Myke Cole

Our guest today is Myke Cole. He’s a cyber threat intelligence analyst with a large metropolitan police department, and a member of the United States Coast Guard reserve, supporting maritime search and rescue and law enforcement around New York City. He is also an award-winning, best-selling author of fantasy fiction, perhaps best known for his “Shadow Ops” series of novels, combining military action with magic and sorcery. And if that weren’t enough, he’s also featured in the CBS reality TV series, “Hunted,” where he’s one of an elite team of fugitive hunters.

Mr. Cole shares his unlikely path to cybersecurity, how his ability to conjure convincing characters in his fantasy novels transfers to understanding the minds of cyber adversaries, and the importance of creativity and taking risks.

Sep 11, 2017
022 Follow the Money: Threat Intelligence for Financial Institutions

When you’re responsible for safeguarding the money, not to mention the personal financial information of your clients, what are your specific needs when it comes to threat intelligence? Where do you begin, and how do you get the best bang for your buck? Is open source intelligence enough, or should you invest in a paid solution from the outset? What about regulators? And how do you get buy-in from the board?

Here to answer these and many other questions is Dr. Christopher Pierson. He’s chief security officer and general counsel at Viewpost, an electronic invoice, payment, and cash management company. He also serves as a special government employee on the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee, and is a distinguished fellow of the Ponemon Institute.

Sep 05, 2017
021 Chasing Risky Internet Business

As security professionals, we’re relied upon to protect our networks from malicious traffic. But what’s the best strategy for determining the most likely sources of risky traffic? Is it safe to assume that traffic from certain countries is more suspicious than others, or that some hosting infrastructures are more likely to be compromised? With a growing consensus that IP blocklists are rapidly becoming obsolete, a more sophisticated approach is needed.

Our guest today is Dr. Bill Ladd, chief data scientist at Recorded Future. He’s the author of the report, "From Chasing Risk Lists to ASN Policies: Large-Scale Analysis of Risky Internet Activity." The report takes a data-driven look at a variety of ways to determine risky ASNs and IP addresses. In this episode Bill Ladd gives us an overview of his team’s research and findings.

Aug 28, 2017
020 Russia Revisited: How Did We Get Here?

In this episode we take a closer look at Russia. Here in the United States, there’s been no shortage of news about Russia, its alleged interference in our presidential election, and its greater role in the global cybersecurity ecosystem. But how did we get here? What’s the historical context for Russia’s cybersecurity strategy and posture, how does it compare to other players around the world, and what are our options for dealing with it? How do Russia’s relationships with its neighbors inform its approach to online warfare, and how do Russian citizens perceive their place in the world?

On today’s podcast we’re joined by Peter Debbins, an instructor at the Academy for Defense Intelligence, where he teaches on a wide range of Russian-related topics. His background includes service in the U.S. Army as an officer, experience in the private sector, and as a Russian-area analyst.  

Aug 21, 2017
019 Women in Intelligence: Navigating a Male-Dominated Field

In today’s episode we hear from three women working in cybersecurity intelligence. We’ll learn about their sometimes indirect journeys toward tech, challenges they faced along the way, and we’ll get their advice for navigating what is still a male-dominated field.

Emily Wilson is director of analysis at Terbium Labs, where she leads a team focused on exploring and analyzing data from the dark web.

Lauren Zabierek is a senior analyst with Recorded Future, providing threat intelligence for its customers.

Teresa Shea is currently an executive vice president at In-Q-Tel. Prior to that she spent 35 years at the NSA, rising to the role of director of signals intelligence before retiring from the agency in 2015.

Aug 14, 2017
018 North Korea's Not So Crazy After All

When it comes to North Korea, there are a variety of images that may come to mind. Eccentric, erratic leadership, suffering citizens, isolation from the rest of the global community, and lately, of course, the testing of nuclear weapons and long-range missiles. When it comes to cybersecurity and threat intelligence, North Korea is known for cybercrime, perhaps most notably the WannaCry ransomware and the Sony hack.

Our guest today is Priscilla Moriuchi, director of strategic threat development at Recorded Future and former enduring threat manager for East Asia and Pacific at NSA. Her team is responsible for a pair of research reports recently posted to the Recorded Future website, “North Korea Is Not Crazy,” and, “North Korea’s Ruling Elite Are Not Isolated.”

The reports reveal that North Korean threat actors are not crazy or irrational: they just have a wider operational scope than most other intelligence services, along with unique insights into how North Korean leadership and ruling elite use the internet and what that can tell us about their plans and intentions.


Aug 07, 2017
017 Black Hat and DEF CON 2017 Recap

The Black Hat 2017 conference just wrapped up in Las Vegas, followed immediately by the DEF CON hacker convention. Between the two shows, it’s one of the largest annual gatherings of cybersecurity professionals and enthusiasts in the world. Black Hat features a trade show floor with vendors representing all aspects of the cybersecurity community, plus high-profile keynote speakers and educational sessions covering a variety of research and industry developments. This year was Black Hat’s 20th anniversary. And DEF CON celebrated its 25th year as a destination for everyone from cybersecurity hackers to lock pickers.


Recorded Future’s Alex Walker was there, and on today’s show he shares his experience from Black Hat and DEF CON, and how these sorts of gatherings are helping the cybersecurity and threat intelligence communities mature and focus on emerging challenges.  

Jul 31, 2017
016 Making Sense of Artificial Intelligence and Machine Learning

Artificial intelligence (AI) and machine learning (ML) are hot topics in cybersecurity, threat intelligence, and beyond. We hear the terms casually tossed around in conversation, we’re bombarded with AI/ML marketing, and of course, there is no end to the references in movies, literature, and pop culture. Unfortunately, we’re often missing the context or explanation needed to know what they mean or why they matter. Some say AI and ML will be our virtual saviors, others offer cautionary tales of bots gone wrong. In this episode, we welcome back Christopher Ahlberg, CEO at Recorded Future, and Staffan Truvé, Recorded Future’s chief technology officer, for a wide-ranging, spirited discussion to help sort it all out.

Jul 24, 2017
015 Becoming an Analyst Part 2: Educational Foundations

Ever thought of becoming a threat intelligence analyst? This is the second in our occasional series of behind-the-scenes looks at Recorded Future, where we drop in from time to time on team members, to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They share their stories, in their own words. In this episode, we introduce you to Wendy DeLuca and CW Walker. Although they come with experience in analysis and cyber security, neither of them had a conventional technical educational pathway to working in threat intelligence. We’ll find out why, and why both of them consider that an asset.

Jul 17, 2017
014 WannaCry About NotPetya?

As we pass the midpoint of 2017, we’ve had more than a few high-profile malware attacks. Two of the biggest have been WannaCry, the ransomware attack that went worldwide in May, and NotPetya, the destructive campaign that targeted Ukraine in June, but rapidly became a global menace, creating widespread fear and confusion, not to mention business disruptions. Observers are still settling on a final name for NotPetya, by the way. It’s being called Petya, Nyetya, and GoldenEye, but for this show we’re going to go with NotPetya.

In this episode, we’re joined again by Allan Liska, Senior Solutions Architect at Recorded Future, and author of “Ransomware – Defending Against Digital Extortion.” He’ll share his insights on both attacks, and walk us through how his team grappled with the challenge of understanding and communicating the threat to industry. We’ll also talk about what these two attacks mean for the future — do they represent harbingers of the “big one” we all fear? Time to panic? Tune in and find out.

Jul 10, 2017
013 Be Vewy Vewy Quiet: We’re Hunting Threats

Sharing insights on the tools, technologies, and processes that underpin threat intelligence is one of the primary aims of this podcast. One of the processes that’s getting a lot of attention these days is threat hunting. In this episode, we’ll talk about what exactly threat hunting is, how it’s done, and its value to organizations looking to strengthen their security posture, gain situational awareness, and of course, enhance their threat intelligence. To get past the buzzwords and down to business, we have as our guide Keith Gilbert, a security technologist at Sqrrl, a firm that specializes in the art and science of threat hunting.  

Jul 03, 2017
012 Best Practices in Threat Intelligence

It’s fair to say that the term “threat intelligence” has achieved buzzword status in the cyber security world. Confusion over the term’s meaning, not to mention the tidal wave of related products, services, and solutions overwhelming the industry, makes it hard to know where to start when threat intelligence becomes a priority in your organization. To help cut through some of that noise, Recorded Future published a white paper, “Best Practices for Applying Threat Intelligence.” The paper is online, but in this episode, we talk to the report’s author, Chris Pace, Technology Advocate at Recorded Future. He’ll take us through the white paper’s key takeaways and offer his own insights.

Jun 26, 2017
011 Building a Threat Intelligence Company

In the first 10 episodes of the Recorded Future Podcast, we’ve taken some deep dives into many important threat intelligence topics. Of course, there are many more topics to cover in the weeks ahead, but we thought it might be helpful to share a little bit of Recorded Future’s backstory. In this episode, we’ll talk about how the company made its transition from the virtual garage to an international company with offices around the world. Along the way, we’ll touch on issues important to any growing cyber security startup, like establishing and nurturing a diverse corporate culture, attracting the right people, building teams, and doing it all while you are tackling the critical challenges facing the security world today. It’s our hope that this episode will not only provide some context as you hear from Recorded Future analysts and experts throughout the year, but for those looking to build their own companies or threat intelligence teams, we hope to provide some useful lessons. Joining us today are Recorded Future Chief Executive Officer and Co-Founder Christopher Ahlberg, and Andy Palmer, one of Recorded Future’s founding board members.

Jun 19, 2017
010 Becoming an Analyst Part 1: Insights From Former Government Analysts

In this episode of the Recorded Future podcast, we introduce you to two threat intelligence analysts, Lauren Zabierek and Alex Walker. They both have previous experience with threat analysis for the U.S. government – Lauren was formerly in the Air Force, and, inspired to serve after 9/11, took part in missions in Afghanistan. Alex came out of college and joined NSA, where he worked as an intelligence analyst. They share their insights on their day-to-day challenges as analysts at Recorded Future and how they help turn raw data into threat intelligence.

This is the first in an occasional series of behind-the-scenes looks at Recorded Future. Over the next few months we’ll drop in from time to time on some of the Recorded Future team members, to find out what it is they do, how they do it, what made them choose their careers, along with some advice for anyone considering the field. They’ll share their stories, in their own words.

Jun 12, 2017
009 From Russia With Lulz

While certainly not new to the world of international espionage or hacking, you will find the Russians at the intersection of global politics and cyber security today. With recent events like the hacking of the Democratic National Committee in the run up to last year’s US presidential election, the ongoing investigations into Russian interference in that election, and even questions about the Russian relationships with key players in the new US administration, the Russians are often top of mind when it comes to possible threat actors. They are central players in stories all over the news today, whether we’re talking about nation-state activities or the work of criminal gangs. But what’s the real story? In this episode, we welcome back Andrei Barysevich, Director of Advanced Collection at Recorded Future, to give us his take.

Jun 05, 2017
008 Military Meets Commercial Threat Intelligence

Throughout the history of conflict, threat intelligence has played a vital role in the military. Its arts, tradecraft, and organizing principles have been honed for millennia and have adapted to emerging threats, like those we face in cyberspace today. As commercial organizations confront the mounting challenges of cyber security, they too have begun to create their own threat intelligence teams. So how do these new commercial teams compare to their military counterparts? In this episode, we talk to Alexi Phillipson, a former US Naval Officer, and now a Customer Success Consultant at Recorded Future. Alexi served in counter-terrorism analytical roles, and his postings included the aircraft carrier USS Dwight D. Eisenhower and US Naval Forces Central Command. He now finds himself “parachuting in” to advise the many varieties of commercial threat intelligence teams, and shares with us the differences he sees, lessons learned, and some important things for teams to think about as they help their companies mitigate the increasing risks they face every day in cyberspace. 

May 29, 2017
007 Analyzing the Insider Threat

What exactly is an insider threat? It’s a term we hear a lot in cyber security circles, and of course, the world of threat intelligence. While its meaning seems self-evident, we’ve found that it often brings to mind different things to different people. In this episode, we talk to a real expert on the subject of insider threats, John Wetzel, a Threat Intelligence Analyst at Recorded Future. Before he joined the team, John was a Counterintelligence Special Agent with the Department of Defense. He’ll  share his experiences, describe the types of insider threats you're likely to encounter, and explain the difference between those insiders that are out to do harm to an organization, and very real threats that can come from actions (or inaction) by those with no ill intent at all

May 22, 2017
006 Insikt: Insights to Intelligence

Turning information into actionable intelligence is a critical activity for organizations of all types and sizes. The challenge remains sifting through the enormous amount of data coming at us from all angles and at ever-increasing rates.

In this episode, we give the scoop on Recorded Future’s new team dedicated to helping organizations overcome these challenges.

Insikt Group is a team of veteran threat researchers that back up the intelligence analysts, engineers, and data scientists that create and deliver our products. The word “insikt” is Swedish for insight and highlights the team’s core mission of finding insights that reduce risks.

We speak once again with Levi Gundert, Vice President of Intelligence and Strategy at Recorded Future. We cover some of the research being done by the Insikt Group, including “Fatboy,” a new ransomware-as-a-service product, as well as how Chinese and Russian cyber communities are digging into malware from the April Shadow Brokers release.

May 15, 2017
005 Ransomware by the Book

Looking back at predictions about what to expect in cyber security in 2017, one thing on just about everyone’s list was ransomware. It’s quickly risen to one of today’s top cyber threats and shows no signs of slowing down. In this episode, we speak with someone who quite literally wrote the book on ransomware. Allan Liska is a Senior Solutions Architect at Recorded Future, and coauthor of the book, “Ransomware – Defending Against Digital Extortion,” published by O'Reilly. In our conversation, we give some background the emergence of ransomware, some of the varieties organizations might encounter, how businesses can protect themselves, the pros and cons of paying up, and of course, the value of threat intelligence when it comes to dealing with the very real risks posed by ransomware. 

May 08, 2017
004 Going Dark: Fact vs. Fiction on the Dark Web

Mention the dark web and many people summon imagery of a massive, mysterious online criminal underground, where all manner of products and information are bought, sold and traded, hidden away from the prying eyes of the public and law enforcement. But, is that really what it’s like, or is that just cyber security marketing hype? In this episode, we take a tour of the dark halls and back alleys of the dark web with the aim of separating fact from fiction. We’ll learn the truth about the people and products on the dark web, and find out the part it plays in threat intelligence today. Our tour guides are Andrei Barysevich, Director of Advanced Collection at Recorded Future, and Emily Wilson, Director of Analysis at Terbium Labs.

May 01, 2017
003 It’s Cheap, It’s Easy, It’s Dangerous: Karmen Ransomware Hits the Criminal Black Market

Over the last two years, Ransomware has become the hottest commodity in the criminal black market. And we do mean commodity—it's getting cheaper and more accessible to crooks, even the unskilled ones. On March 4th of this year, a leading cybercriminal, who goes by the name “Dereck1,” mentioned that there was a new ransomware variant out called “Karmen.” But Dereck1 wasn't the one hawking this in the criminal market. Instead, it's a Russian speaker who goes by the name of “DevBitox.” The first infections seem to go back to December of 2016, with victims in Germany and the United States reporting infection. DevBitox is no cryptographic ace—by his own admission, he was involved only with web development and control panel design, the criminal customer's user experience. But Karmen is interesting not only because it's dangerous, but because it's cheap, and because it affords some insight into the way criminal markets function. Joining us to talk about Karmen is Andrei Barysevich, Director of Advanced Collection at Recorded Future.

Apr 24, 2017
002 Feeding Frenzy: The Inside Scoop on Threat Intelligence Feeds.

Threat intelligence feeds have become a staple in the diet of analysts and security professionals at organizations large and small. Some feeds are free, others are offered for sale from security vendors. They can also come in a dizzying array of formats, varying sizes, and include threat information that may or may not add value to your organization. In this episode, we give you the inside scoop on threat intelligence feeds. We’ll tell you what they are, how to select the right ones for your organization, and how to separate the signal from the noise. Join us as we talk about turning those streams of raw information into actionable intelligence. Our guest today is Matt Kodama, Vice President of Products at Recorded Future.

Apr 17, 2017
001 What Exactly Is Threat Intelligence?

In our first episode, we start with the basics of threat intelligence. We talk about its emergence in cyber security and offer some relevant definitions. We describe where threat intelligence comes from, its purpose, and the context in which it's used. In an age of information overload, we also look at the path from data, to information, to actionable intelligence. These are important distinctions when organizations requiring threat intelligence faced the prospect of sorting through competing claims, products, and services in the marketplace. As organizations adopt threat intelligence and look to protect themselves in a rapidly evolving threat landscape, discerning value, establishing priorities, and setting measureable goals become critical. We talk through these issues with Staffan Truvé, our CTO and Co-founder; Levi Gundert, our VP of Intelligence & Strategy; and Robert M. Lee, CEO and founder, Dragos Security.

Apr 10, 2017