March 19, 2025 • 47 mins
Threat intelligence forms the backbone of effective cybersecurity strategy, but what does it really take to build a successful CTI program? In this fascinating conversation, Stryker, a threat intelligence analyst at a major US insurance company, challenges conventional wisdom by asserting that while every organization needs threat information, not every organization requires a dedicated threat intelligence team.
Drawing from her unconventional journey from marketing professional to threat intelligence analyst, Stryker offers a refreshing perspective on career transitions in cybersecurity. "I'm a poster child for having to do everything the difficult way," she admits, before revealing how she recontextualized her decade of content marketing experience into valuable security skills. Her story demolishes the myth that there's only one path into the industry, though she acknowledges the reality: "It's not an entry-level position... you have to be that much better than everybody else to overcome bias."
The conversation delves into the maturity spectrum of threat intelligence capabilities, from organizations just beginning to monitor key resources to those with fully dedicated teams. Stryker provides practical advice on selecting security partners who offer contextual guidance rather than checkbox compliance: "Listen for the ones who say 'no, and here's why, but here's what you can do instead.' That's the sign of an organization that wants to be a partner."
For professionals looking to sharpen their CTI knowledge, Stryker emphasizes the importance of primary sources over media summaries and shares her methodology for building a comprehensive intelligence feed. She also reveals her unique approach to helping others transition into cybersecurity through her "Career Campaigns" workshop, which uses tabletop RPG concepts to help people reimagine their professional skills.
Whether you're building a threat intelligence program, considering a career pivot, or simply fascinated by the evolving landscape of cybersecurity, this episode offers invaluable insights from someone who's navigated the journey firsthand. Subscribe now for more conversations with Cyber Threat Intelligence thought leaders who are reshaping how we think about CTI.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
A. Stryker (00:00):
Every organization needs threat information in
order to make sure they'restaying safe.
Rachael Tyrell (00:05):
Hello and welcome to Episode 2, Season 1
of your Cyber ThreatIntelligence podcast.
Whether you're a seasoned CTIexpert, a cybersecurity
professional or simply curiousabout the digital battlefield,
our expert guests and hosts willbreak down complex topics into
actionable insights.
On this episode of Season 1,our host, pedro Kurtzman, will
(00:26):
chat with Stryker, who is athreat intelligence analyst at a
US insurance company, where shetranslates technical research
and qualitative intelligenceinto the so what and what now
solutions that keep more peoplesafe and secure.
Her previous talks given atB-Sides, las Vegas, def Con and
Sector cover career transitionsand advanced adversary tactics.
Over to you, pedro.
Pedro Kertzman (00:51):
Strucker, thanks a lot for being on the show.
So glad to have you here.
A. Stryker (00:56):
Thank you so much for having me, Pedro.
I'm really excited.
Pedro Kertzman (00:58):
Would you like to maybe start introducing
yourself or mentioning thatlittle disclaimer?
A. Stryker (01:09):
start introducing yourself or mentioning that a
little disclaimer.
Yes, bless you, most cybersecurity professionals at some
point.
It has been my understandingthat they will get intimately
familiar with their legaldepartment, and so I have been
instructed to say hi, my name isStryker.
I work for a large US insurancecompany that you may or may not
know, and the followingconversation will be my personal
(01:31):
opinions, experience, researchetc.
And is not necessarilyreflective of what we do at work
or what my employer thinks, etc.
Beyond that, hi, I'm Stryker.
I'm a threat intel analystworking on a team of about five
or six people.
We are a private threatintelligence group and team
(01:55):
within a larger cybersecurityorganization, which is quite a
privilege for many organizationswho often have CTI kind of
wound into, either deliberatelyor just through circumstance and
life wound into their overallsecurity operations.
So our team is primarilyfocused on external threat
(02:16):
indicators and our job is toread through all of our lovely
alerts, all of our differentmedia sources I do a lot of
reading, which is fun Boil itdown to the pieces that matter
and then get that information indifferent formats and different
emphases to the different teamsto be able to do something
about it or at least have itconsidered as they work on more
(02:38):
strategic projects.
One of the key points that weoften are focusing on is well,
why does this matter to our orgversus what we find personally
interesting, which can be quitethe struggle.
There's lots of things I wantto know more about that aren't
necessarily important to anybodyat my organization.
(02:58):
And how do we best communicatethat information?
What format?
What are they most interestedin?
How can we anticipate and bemore proactive with that
information?
One of the other things our CTIgroup does as well is we have
threat hunters who then ouranalysts, our intelligence
analysts, will give our threathunters, hey, heads up, this
(03:22):
happened.
Our threat hunters, hey, headsup, this happened.
And they can go into our EDRand our logs and our SIEM and
our source and see, hey, have wealerted to something like this
retrospectively?
And if we haven't, let's getsome automations and some hunts
in place so that we can makesure that we continue to be
covered.
That is also kind of a uniquefunction within the Threat Intel
program, which I'm really ourhunters do a wonderful job
(03:46):
perfect.
Pedro Kertzman (03:46):
Yeah, thanks for the overview and, uh, I usually
uh like asking the guests uhtheir journey to cti.
Um, you know, for peoplelistening, do they have to go
through military first and thenonly then they will be, you know
, worthy uh within the ctiindustry?
Or you know your journey, sopeople can kind of uh demystify
(04:07):
a little bit.
A. Stryker (04:08):
You know how to get into into the industry I am an
odd duck and I think that is agood place to start.
Um, I did not pick the easy wayinto the industry.
I am a poster child for havingto do everything the difficult
way.
I will agree with people onlinewho say that cybersecurity in
(04:32):
general is not an entry-levelposition.
It is not something that mostpeople without years of personal
experience I'm not even goingto say they need professional
experience, but if you haven'tbeen intimately involved with,
you know networking, cloud work,um, doing lots of projects on
your own and really gettinginvolved in that way it's going
(04:53):
to be difficult to prove theexpertise you need, not only on
an it level but on a cyber levelum, in order to get that first
position.
So that's just setting thestandard of the easiest way to
get in right, and that isactually how I think one of my
colleagues actually got in.
She worked in militaryintelligence.
(05:17):
After, to your point about doyou have?
to go military, one of themended up going into the military
and was in Intel for quite afew years and then left and was
a consultant at a consultingfirm for six years before
arriving at our organization.
So that's another pathway, too,that many people take to get
(05:38):
into private sector intelligenceor cybersecurity, frankly, is
to start in the military andthen move to a consulting firm
and then, oftentimes, becausethey have security clearances,
those are very desirable.
So then all of the federalcontractors like, hey, I can pay
you twice what you're making inthe military.
Just do what you did as mycontractor.
(06:00):
I have another coworker whoalso came from the military and
then went to a cybersecurityvendor after her time in the
military as an Intel analyst,and so that's a second route
(06:22):
that many cybersecurity vendorswhether that's a managed
services provider, a managedservices and security provider,
managed security servicesprovider, rather, so an MSP and
MSSP you have all of yourvarious makers and purveyors of
security tech.
They all want that militarycyber experience.
(06:44):
They all want that militarycyber experience.
So again'm very good at certainparts of what I do.
This is not necessarilysomething I would recommend
(07:11):
doing, but I do have lessonsfrom how I approached it.
Long story short, my degree isin professional writing From
many years ago.
I worked as a marketer for 10plus years and the fun thing
about my brand of marketing iscalled content marketing.
So it's all about how do youmake things of value for people
that they don't have to pay forand they can use right away.
(07:34):
That isn't required for, uh,they don't have to do a demo,
they don't have to buy your goodor service.
It is valuable for them, as youare and as they are.
Right then, I spent 10 plusyears doing this, uh, and went
into a whole bunch of differentindustries, from K through 12,
private school consultingthrough a, basically an eBay for
(07:58):
businesses, where I once wroteup something on how do you sell
a chocolate manufacturing lineout of Dubai Like a used one.
How do you find sellers forthat?
That was an interesting one,and ultimately I ended up at a
cybersecurity vendor.
My husband at the time was adeveloper, had been for our
(08:18):
entire relationship, and Iwanted to know more about his
world and I had been exposed toit through that, and so I
started writing these papers,these research papers, these
tools, these webinars forcybersecurity experts, and one
of the things you have to dowhen you're writing these sorts
of things.
If you if is, you get to knowthe community, you get to know
(08:38):
the people that you're trying toappeal to and work for and it
turns.
I love them.
They are my tribe, my people,um, and I had always felt a
little bit weird in marketing,and I I'll pause there and say
that almost every cyber securityperson I have met to a person
(09:03):
have not felt comfortable attheir first not cyber position,
and this often takes the form ofthey used to work in IT at a
help desk and they were tired ofjust doing things.
They wanted to, one, make moremoney but, two, to solve the
(09:26):
problems of the business, notnecessarily by facilitating
operations, but by stopping badguys from stopping the business.
Like there is this wanting todo more and not feeling at home
or at ease with your originalworkmates that I think almost
everyone I have met who work inInfoSec or cybersecurity, which
(09:47):
are different discovered at somepoint, and so I had that same
feeling just in marketing.
I never belonged in marketing.
I was always asking, okay, soideally that's what happens, but
what about this very obviousrisk that you could possibly be
having?
Or I was looking at the dataand saying, ok, this is the
(10:07):
thing that we really need to bedoing most based on the data,
and a lot of organizations wantto say they're data driven.
Most of the time they'reemotional people making data
driven decisions.
I found kindred spirits insecurity who said no, you're
right, that that makes completesense.
You should do it that way, orum.
Here is all of the reasons whywe wanted to do something this
(10:28):
way.
Um people in cyber also reallylove to explain how they got
from point a to b, which Ireally appreciate.
It teaches me.
I uh then paid for um as amarketer.
I was still working for thiscompany at the time.
Um I paid to go to blackhat anddefcon by myself.
Um had a friend go with me so Ididn't get lost in vegas and
(10:49):
completely alone, but uh, I, uh,I went and I basically found
people and said, hey, uh, do youthink you guys could use
somebody like me who's good withwords?
And I was told by a lot ofreally lovely people yes, yes,
we could use you.
And so I then spent that entirefall blitzing a whole bunch of
(11:14):
certifications at least examsand realizing that a lot of the
work I had done in my marketinglife had been security and had
been cyber related, because whenyou work for smaller businesses
and you're one of the moretechnically inclined people, you
just end up either being the ITperson or the person running
digital cloud services.
(11:34):
And so I had done a lot of thiswork previously.
I just hadn't known the wordsto use for that.
I had done access controls, butI didn't think about it except
in the frame of well, if I givethis person, god, powers over my
database, they're going toscrew everything up, so I should
probably make sure they don'thave access.
And that was that was how Ithought of it.
(11:56):
But it is governance, and therewas a lot of examples like that
.
Another great example I was incharge of updating our WordPress
site and I did the cardinal sinof pushing out a patch on a uh
right before a weekend.
You never pushed a productionon a weekend on a.
Friday, rather like right beforethe weekend, and uh, and that
(12:18):
is something most people in itor security have done at some
point.
And and I killed the website andthen had to bring it back and
roll back to last known goodright.
And that is a uniquely IT andsecurity idea that I had done
just because it needed to bedone.
And so I spent a lot of timethat fall recontextualizing all
(12:42):
of my previous experience insuch a way that I realized, hey,
these specific areas ofsecurity could probably use
somebody like me who likes towrite and won't shut up.
So I ended up being recruitedby another cybersecurity
vendor's internal research teamThreat Intelligence and Research
(13:03):
, and I helped them figure outhow to speak to technical
prospects, using the researchand delivering the research in
such a way that people wereasking for more of it.
And then I found my way to mycurrent intelligence team, where
I'm doing much the same, as Ilearn how to stand up a MISP
(13:25):
threat intelligence platform, orTIP.
I'm learning how to triagealerts within other types of
platforms that we have and inputindicators of compromise.
I'm learning how to best assistand how incidents work and how
to offer the information in thecontext that they need that can
assist without being overlyburdensome.
(13:47):
How do I?
I want to get much more intodigital forensics and learn how
to really parse through themetadata and the logs.
I do some of it now just to seeif I can see what I see read in
the incident reports, just kindof reverse engineering it.
But that kind of work our threathunters will often show you how
they.
They happily, once a week, willshow how, how they do their
(14:09):
different scripts and theirdifferent tools.
So, um, the long and short ofhow I got into cyber was I was a
precocious marketer who workedher butt off to be able to
codify my previous securityexperience that I didn't realize
I had while leaning into thestrengths of writing and
(14:30):
analysis and research that I hadfrom my previous career.
And it took a lot of work and alot of luck and a lot of
applications.
But I've landed incybersecurity and this is where
I firmly plan to stay for theforeseeable ever.
Pedro Kertzman (14:48):
Oh, wow, that's awesome, really interesting
story.
Thanks for sharing with us.
I'm probably biased because Ididn't have like a traditional
path to the cybersecurityindustry, but I think if you
really love it and that's your,let's say, end goal, you can
make your way to it.
Your, let's say, end goal, youcan make your way to it.
(15:09):
There are so manycertifications, labs, hands-on
projects you name it blogs, anysource of information.
You can get there.
Create your own, let's say,personal experience, projects,
certifications and so on, andthen you're going to have a
better shot to make into theindustry and growing, uh, within
the industry it.
A. Stryker (15:29):
It doesn't.
It's a bias and I'll say rightnow there is a definite bias in
cyber security hiring managersand infosec hiring managers,
where they are looking forpeople who came up through the
pipeline just like them and theydon't understand that people
can pivot in.
It's not an entry levelposition.
I'm not an entry levelcandidate because of my years of
(15:52):
experience and these otherthings that your team because
they all came up through thispipeline lack, and the hiring
managers who would appreciatethe skills that I have
understood that that was a gapin their current team that they
needed resolved and I wasuniquely qualified to do so.
So it's.
It's very difficult to overcomethat bias and you have to be
(16:13):
that much better than everybodyelse in order to overcome that,
and I've talked about thispreviously.
But there is what's fair andthere is what is, and you can
rail forever that it's not fair,that X, y, z, well sorry, it's
what is, and until you're hiringpeople, you need to be able to
(16:33):
withstand that.
You know, cry about it for anight and then you do what you
can to confront it.
Certifications will never beseen as well as experience.
Pedro Kertzman (16:45):
That's right.
A. Stryker (16:45):
Personal projects can do a lot for you, depending
on the project and what you do.
I accidentally stood up a tipbecause I got tired of losing
links for all of my differentresources.
I accidentally made a libraryand was like, hey, anybody else
get tired of re-downloading theNIST password guidance for like
the fifth time here.
(17:06):
You can just grab it from here.
So it's a lot of what you do onyour personal time.
It's acknowledging that it'snot fair, that your previous
experience isn't weighed thesame way, but, at the same time,
understanding that's what makesyou a unique candidate and I
think actually to that point,and I would love your take on
(17:26):
this.
Actually, it's my opinion thatone of the weak, one of the
worst parts about people tryingto break into cybersecurity is
that they just want to.
They just say, well, I'm goingto work in cyber and they're
like, okay, great, what?
And they just kind of blanketyou and they don't know what
they want to do specifically.
I mean, I was there, right, Ifound all of these different
(17:48):
bits and pieces of cybersecurityreally interesting.
I got two auditorcertifications because I thought
, hey, that seems like somethingI could do and be good at.
I was halfway through takingthe CISA the Certified
Information Systems Auditor Exam, and I realized that I would
die if I had to do this on aregular basis.
So understanding audits isreally useful for me because
(18:10):
then I can give my teams and Iknow compliance a little bit,
and and risk and and I can offerup information to them that and
know that that will be usefuland what they need.
Um, but it turns out I don'twant to be an auditor.
So, yeah, I want to move intocyber security, but I don't want
to do that.
Or I'd love to be a SOC analyst.
I joke around and say like Iwanted to use my superpowers for
(18:32):
good instead of email, so likeI want to do.
And a SOC position seemed likeone if any position is entry,
it's SOC.
If any position is entry, it'sSOC.
And two, it seemed like a goodopportunity for me to get a lot
of experience and actuallyreally helping people with what
I did in my analysis and such.
It turns out that's where agreat bit of the IT pipeline
(18:55):
really comes into play, to beable to remediate those
immediately.
And frankly, I don't have thatyet I don't.
And so even if it is anentry-level security position,
I'm not suitable for it and Ihazard a guess.
There are entry-level cyberpeople, people who want to get
into cyber, who think that theycan apply for that because it is
(19:17):
entry, and they just don't havethe skills required for it.
So you need to niche down anddecide what are you good at?
What is in demand?
What are you good at what is indemand and how can I focus on
finding that?
And and I think people need toniche down and focus on
something, if they want to moveinto cyber and have it, be that
perfect uh isekai moment betweenwhat's in demand, what they're
(19:38):
good at, and what they want todo.
So awesome.
Pedro Kertzman (19:41):
Uh, specifically about the, the cti expertise
you got through all your pastroles in the current one, but I
imagine you saw a lot of teamsbuilding CTI programs or trying
to get better at it.
Any you know do's and don'ts.
A. Stryker (20:00):
I think to me, one of the most intriguing things I
learned about CTI as aspeciality within cybersecurity
is exactly how intimidatinglyniche it can be from providers,
from organizations.
There are very feworganizations that have the both
(20:22):
maturity and the bandwidth andthe resources to hire the kind
of very experienced and and eachin their own way, um but very
niche personnel to say not onlyam I in tech and not only am I
in cyber security, but I'm inthreat intelligence and I am so
specialized that I'm just doingthis one little tiny research
(20:44):
and communications bit withinthis bigger niche.
And it takes a very mature andwell-resourced and
well-prioritized program to havea threat intelligence program,
and for me, I'm not sure that'sa bad thing Doing it now.
For the last couple of years, Ithink I've come to an
(21:04):
understanding that everyorganization, in my opinion,
needs a threat intelligencesource.
Every organization needs threatintelligence or information.
Rather, I guess, if you want tobe more specific, every
organization needs threatinformation in order to make
sure they're staying safe andsecure.
Does every organization,however, need a threat
(21:26):
intelligence program and athreat intelligence analyst
who's dedicated to that?
I don't think so.
I think it's a maturity level,so you can start off with.
Okay, here are the top fiveresources we're going to grab in
general to make sure that we'reabreast of the latest intrigues
, and maybe one or tworesearchers specifically
pertaining to our tech stackthat we're going to subscribe to
(21:49):
in an RSS feed or a feedlyright, and we're just going to
look through that every morningand if something comes up that's
interesting, we'll dig into itand that's it right.
That's like your baseline, inmy opinion, what people need.
Then you have the program whereyou have.
You're slowly growing.
You've gotten yourcybersecurity team and you have
an analyst or two who are incharge of modifying your WAF,
(22:14):
modifying your EDR, programmingautomations into SOAR, and they
start to need more discreteindicators of compromise and
more, and then hopefully,they're thinking more
strategically into somethinglike the MITRE tactics,
techniques and procedures, ttpsyou have, and at that point they
(22:36):
can then start to synthesize alittle bit more discreetly on.
Ok, so I'll spend like half ofmy time plugging in indicators
into a central dashboard andputting that out, or I'll spend
half of my time looking throughall of the research reports and
digging into well, we just sawthis.
Is this really a problem?
Like that's your middle kind ofmaturity and at the far end then
(23:00):
, and at that point as well,you'll probably also be
receiving services from, forexample, an MSSP that has a
threat intel unit inside of it,who provide monthly or quarterly
threat landscapes for you orhave a certain number of
retainer hours that you can graband ask them to do a more
personalized analysis.
(23:20):
Maybe you have an incidentresponse on retainer, like a
Mandian or 42, where you can askthem and you can then
participate in that.
Maybe there's an FS communitysharing, excuse me, an ISAC.
So since I'm at an insurancecompany, for example, we have an
FS financial services ISACmembership.
(23:41):
Those are open to organizationsthat don't have a threat intel.
It's just a matter of sharinginformation.
So, like that's, that's middlesecure, uh, middle maturity,
final maturity, or a more mature, the most mature program, uh,
outside of a dedicated threatIntel consultancy or the
military uh is going to bestanding up your own threat
Intel dedicated team, um, andthere are levels of maturity
(24:04):
within that.
But when you have people workingfull time just collecting
information and sortinginformation about your
organization, that is a matureprogram and no organization
should feel discouraged thatthey don't have that.
It is a sign of that you'redoing something right, that you
can afford to be proactive inthat way, and so keeping the
(24:29):
rest of your house in order,using the rest of your resources
well and that includes yourtime and your budget is really
important.
I used to be the kind of personwho would be like yes, give me
all of the toys.
I once asked for a verysophisticated toy early in my
career, had my boss sign a twoyear contract and then realized
that in order to make proper useof this toy, I would have to
(24:50):
dedicate half of my time at work, and I was already struggling
to finish my full workload.
So, since then I've been a lotmore understanding of just
wanting all of the toys, wantingall of the features, wanting
all of this resource.
But you have to.
It is a mark of maturity to beable to resource that
(25:13):
appropriately.
So that would be my what Ithink the most important thing
of do or do not, when you'rethinking about setting up a
Thread threat intel program doyou have enough of your basics
covered right now that you canafford to have someone dedicated
to this, and then at that pointcan you afford to resource them
(25:33):
properly?
Dark web based intelligenceplatforms cost tens of thousands
, if not more, monthly, yearly.
It is a huge expense anddedicated resource for a
comparatively small team.
And so it's okay it is reallyokay if you're not there yet,
(25:58):
and making sure you have themechanisms and the information
distribution in place to knowwhat you would do with a team
like that before you hire them,before you do that, I think
that's that's really importantperfect.
Pedro Kertzman (26:11):
Yeah, you touched on a very good point.
You have to have your basicscovered, otherwise you're.
If you're thinking aboutspinning up, skipping steps and
going straight up, let's build acti team but you don't have
your basics covered, it's gonnabe like a really complicated.
You touched on the other uhaspect throughout these material
levels of cti programs, thekind of outsourcing slash,
(26:34):
partnering with more matureproviders, uh, mssps and so on,
it could be a shortcut a littlebit if you don't have all
in-house resources.
Any insights on that?
The kinds of MSSPs, cti kind ofmindset, using those external
(27:07):
companies to help them navigatethat new journey, kind of thing.
A. Stryker (27:12):
I think one of the best things you can do when
you're sussing out a third-partyvendor or service is to think
to yourself am I asking thisbecause I have a checkbox I have
to fill for some reason, right?
Do I have an audit or acompliance requirement that I
(27:32):
want to apply for cyberinsurance?
And if I don't have a SIEM,which you should have a SIEM.
But if I don't have a SIEM,they're not going to pass me and
so I can't get cyber insurance.
So I just want a cheapest bitof technology I possibly can to
just check off that box.
Is that why you're looking foradvanced security capabilities?
Or are you looking for securitycapabilities that will not
(27:57):
check a box but will addressunderlying risk and concerns?
There's an ongoing debate insome of my circles concerns
there's an ongoing debate insome of my circles, for example,
about the value of GRC andauditors.
I am firmly on the stance thatI think governance, risk and
compliance.
Grc governance in particular isreally important to
cybersecurity because it helpssecurity prove business value to
(28:22):
doing the things that we knowwe all should do, despite the
inconvenience and the expense.
We are a cost center Showinghow this matches compliance,
which would be a bigger costcenter if it's not met is a
great way to justify it inbusiness speak.
And I think and that's reallyimportant to me as kind of a
bridge between somebody who usedto work strictly in business
(28:42):
ops versus now in security Ithink that's really important.
But so many people, so manybusinesses, just see something
like a SOC 2 or an ISO as acheckbox right.
It's just something that youhave to get in order to get this
type of contract or to fulfillthis type of requirement as a
supplier in the EU or whatever.
It is a darn shame when it'sjust seen as a checkbox
(29:08):
requirement and, on top of that,when auditors themselves are
uneducated within the reason forwhy they're asking for that
control, why they're seeking outthat control.
There is a very funny story of afriend of mine who was letting
me peer over his shoulder, in amanner of speaking, on their SOC
2, his startup's first SOC 2audit, because I had never gone
(29:32):
through it and wanted to.
I was asking lots of questionsand trying to contextualize my
theoretical knowledge with whathe was doing in the real world
and all of that fun stuff.
Right, god bless him.
I owe him a lot and he wascomplaining to me that his audit
he did not have a perfect,every control met score and I
said, well, why not?
You worked really hard on this.
And he said, well, I refuse toput in place.
(29:54):
He subscribed to a verymilitary concept, though he had
never been, which is you neverissue a command you know won't
be followed.
He does not subscribe topolicies that just won't or
can't be enforced or followed orjust culturally not going to
work, because that's a falsesense of security and that's
just a checkbox.
Right On the auditor's list wasthe requirement for a clean
(30:17):
desk, which makes a lot of sense.
On-prem does not make a lot ofsense.
Remote.
There is no way to enforce that.
Your associates are scatteredeverywhere, often at home.
Yes, there is of course, riskof somebody going in and popping
in a USB or leaving somethingon a desk or taking something
(30:39):
right, but it's less than whenyou are in office, where they're
all centralized and so a threatactor can know exactly this is
where, etc.
It does not make sense in hiscase to have a clean desk policy
.
Now, this has been debatedbetween friends when I've
brought this up so clearly thereare two sides to this, but in
his opinion.
This was a stupid ask and hisand they had different
(31:02):
remediations available for that,for example.
Uh, the part of their one ofthe other controls and something
that I think applies here wasthe fact that they had no
removable memory permissions,like that was a control.
That's part of the risk ofhaving a clean desk that you're
remediating by having a cleandesk.
So the auditor was so literalshe would not take alternative
(31:26):
controls and because he did nothave a clean desk policy written
up, because he's not going toissue a policy that's not going
to be followed.
It was there, and so the reasonI bring up this story and going
back to your original questionof how do you pick an MSP or an
MSSP, of how do you pick an MSPor an MSSP, think about does
(31:47):
this provider offer truecybersecurity advice?
That's been contextualized on aper environment and per client
maturity level basis.
Do you have to sign writers, forexample, if your IT and
security people go in and changethings that the MSSP has to do?
I had put in place becausethey're going to be the ones who
(32:10):
have to fix it when somebodyscrews it up, and you know
people who are just checking abox don't really care on the
efficacy of it.
Mssps, who will be ultimatelyresponsible for that security
program, will say, oh no, youare assigning something that if
we have to go in and fix this,you're going to pay for that.
This isn't you know, you've,you've, this is this is our
(32:34):
domain.
When you ask for the SOC 2controls, when you ask for the
ISO audit, are you just askingto see if they have it because
you've been taught that that'ssomething you can ask for, or
are you going to read it and seeif the controls that they have
are things that you would wantto have echoed at your
(32:55):
organization?
Are they things?
Can they walk you through?
You have this control at yourorganization.
Is it possible to do it at myorganization and listen for the
ones who say no, and here's why.
But here's what you can doinstead.
And that is the sign of anorganization that wants to be a
partner and will give you thecontext that you need.
(33:16):
And that's the sign that anyintel they give you as well will
be contextualized Versus a.
Here's a roundup of everydifferent industry ever, and you
work in this very niche one,for example.
So that that would be.
That's a very long windedanswer to say if you're looking
at outsourcing this kind of workin security, whether it's
(33:39):
intelligence or otherwise,consider do you need a checkbox
and that's also okay if you door do you need somebody to
advise you?
Checkboxes will say they advise, they won't.
Pedro Kertzman (33:53):
No, that's great insight, Thank you.
That's a good one to digest howyou sharp your CTI knowledge
sources of information where youlike to go to blogs, other
podcasts, you name it.
Where you like to go to blogs,other podcasts, you name it.
Where you like to go to learnmore about our industry so I
think there's there's twodifferent angles to that one.
A. Stryker (34:11):
Uh, where I go for cti content, there's how do I
learn more about cti?
And then where do I get myintelligence feeds, my
information feeds, um which, uh,by the way, there is a
difference between threatinformation and threat
intelligence.
Threat information is simplythe data that threat actors or
researchers are providing.
(34:32):
Intelligence is the synthesisand contextualization of that
data.
So there is definitely adifference between whether or
not you have a threatinformation analyst, which is
also important, or a threatintelligence analyst, which
takes a little bit more nuance.
Yeah, where I go for the latteris I'm thinking back to when I
(34:53):
stood up my personal threatIntel library when I was looking
for sources and trying not toredownload Things all the time.
I Basically had to reverseengineer it.
Nobody at work is in marketingat the time knew any sources.
They knew the things that theirCISOs read or where they, which
mostly boiled down to wherethey could pay to put in a half
(35:15):
hidden article ad, and thatwasn't the information I wanted.
That wasn't where the real meatof it was.
So what I did was I asked mycybersecurity friends okay, can
you recommend general mediaoutlets for me to be able to
reverse engineer?
And among them many I did.
(35:37):
I still pay for a Wall StreetJournal cybersecurity pro
subscription just to keep ahandle on board and compliance
and true CISO exec enterprisekind of stuff, because it
trickles down eventually andpeople you know everybody rips
off of that.
I eventually found you know yourdark readings, your info
(36:02):
securities, your bleepingcomputers, your Krebs on
security Bless that man.
Your bleeping computers, yourKrebs on security, bless that
man.
And from there and I founddifferent cybersecurity
communities to lurk in.
So I'm a member of a telegramchat called Lonely Hackers Club,
for example, that has a wholebunch of first time hackers
(36:26):
going to DEF CON, which is alarge, not InfoSec conference,
it's a large hacker conventionon the tail end of quite a few
cybersecurity conferences out inVegas every August and there's
lots of people in there whoaren't in cyber and there are a
lot who are.
So if you have questions, Iwould ask my friends there hey,
where do you get this?
Who is worth listening to thatkind of thing?
(36:46):
And over time you start tobuild up this list of personal
references.
One of the other places I alsostarted with was looking at tech
stack vendors who were relevantto a large portion of my
audience and I was constantlylooking like that would bring an
exclamation point.
So I would go and find thesecurity bulletin center of all
(37:08):
of my major tech stack vendorsthat I wanted to follow and put
them into my rss feed okay overtime, as I started parsing
through um bleeping computer,for example, would publish
something, or wall streetjournal would publish something,
and they'd researchers at thisplace discovered this cool thing
(37:31):
I went, great, you are asecondary source, now I want my
primary.
I always want my primarysources and I hammer this home I
need primary.
Don't give me some sort ofroundup, give me primary.
So I would go and click andclick and click or do searches
if they didn't have a hyperlink,which is bad form.
Every media outlet who does nothyperlink to their original
(37:52):
source should be drawn andcornered.
Pedro Kertzman (37:54):
That's right.
A. Stryker (37:55):
But I will go online and look up using the clues in
that search that I had to see ifI can find an open source blog
or whatever that original sourcewas, and then they are added to
my feed and over time you willcollect all of the researcher,
the original sources on that andyou're always adding more.
(38:15):
But but that's one of the bestways to kind of start developing
that go to the generalizedmedia outlets, um, and when they
pick up a story that isrelevant for your organization
it is interesting to you go findthat primary source and then
put them into your RSS feed andthen you will always have
primary sourcing on that andit'll be faster and over time
(38:38):
you'll only use BleedingComputer for the weird one-offs
as opposed to as your primary.
There were several mediaoutlets, by the way, it's not
just Bleeding Computer, therewere several media outlets, by
the way, it's not just bleepingcomputer.
Um.
I also made a point ofsubscribing to a lot of um
intelligence and cyber securitygovernment agencies, both at
within the united states um alsoabroad.
(38:59):
So the?
Uh, the national securitycenter out of australia, uh has
some great resources.
Um.
The um, england's cybersecurityCenter as well.
I am blanking completely ontheir names right now, but I
have both of them in my feed.
I can recognize their logospretty much off the bat.
And there are others too.
(39:19):
Look internationally for thosekind of partnerships and that
kind of dense work, particularlyif your organization is
national, and that kind of densework, particularly if your
organization is national, andyou'll be able to start to pick
up some of that as well.
And finally, I have a personalproject on examining the public
SEC reporting on required breachnotifications and then
(39:40):
reconciling it with the MaineAttorney General, because any
organization that operates inMaine is required under certain
circumstances to send out breachnotification letters to Maine
residents.
So you'll often get both publicand private letters with more
details than they'll put in theSEC reports because they lawyer
weasel, word it into differenttypes of breaches and different
(40:05):
moments like that.
So if you're looking to standup a threat intelligence, a
threat information feed, thatway I would start there.
As for where I get moreinformation about how to stand
up threat intelligenceorganizations and learn more
about my craft that way,honestly, it's a lot of asking
(40:27):
my coworkers and not beingafraid to ask questions, so I'm
very confident in the things Ido.
Well, right.
I write really well.
I have a very strange abilityto write a subject line that I
know will be opened.
10 plus years of work meansthat I can effectively
internally fish my coworkers toget them to actually do the
(40:51):
things they need to do, and Iuse that power wisely.
I am not as strong in a lot ofthe other ways, and so I go to
my coworkers and say, hey, canyou help me use Power BI to
automate this dashboard?
Hey, can you teach me how touse our EDR system to do this
hunt?
Can I shadow you for this?
Or I'll ask my boss instead ofsaying boy, why are we doing it
(41:15):
that way?
That's stupid.
We should do it this way.
I've learned that the firstquestion to ask is okay, is
there a reason why we're doingit this way?
What was the historic?
How did this start?
Why is it like this um, isthere somebody we're appealing
to?
Is there a team or something?
And you'll learn a lot of thiscontext for why seemingly
inefficient or odd ways of doingthings became coded into de
(41:39):
facto procedure.
From there, you can also bemuch more politic and saying
this is dumb.
You should do it this way andpick your battles a little bit
more wisely.
I wonder how that happened.
Uh, yeah, I haven't stumbledinto that lay on mind more than
oh, once a month, uh, but bytaking a moment and remembering
(42:01):
to ask why is something likethis, regardless of whether you
think it's be improved, byasking how something came to be,
you can better understand thedrivers, the motivations and the
context.
It's all about context.
Pedro Kertzman (42:17):
Agreed, awesome.
A. Stryker (42:20):
Oddly enough, when you asked me how I got into
cybersecurity, I'm like boyhowdy in April.
So if anybody is in theBaltimore Maryland area in April
, besides charm, so the localscybersecurity conference series,
besides, where individualgeographic regions can, can
choose to run a cybersecurityconference using besides
(42:41):
resources.
It's about a thousand people, alot of fun, two days.
They recently accepted a talkand a workshop that I run called
career campaigns, so it's whereI actually tell the entire
story of how I transitioned intocybersecurity, but using a a
dungeons and dragons or tabletopRPG metaphor.
Pedro Kertzman (43:05):
That's awesome.
A. Stryker (43:07):
So pretend for a moment that your resume is a
character sheet in one of theserole-playing games.
Right?
No way.
So why are you not beingaccepted to your first
cybersecurity campaign party?
And what can you do to eitherreskill or reclass your
character, borrowing from theskills you previously had and
(43:27):
all the work you put into thatcharacter sheet like not
ditching at all?
How do you figure out what tokeep and then what do you
rebuild to be more appealing tothat particular character?
So there's a talk version ofthat and then I actually walk
people through like an entirethree stage mini campaign of a
(43:47):
modified tabletop gaming.
So if anybody really wants tocome in, uh, and join us, uh,
that's that's.
That's been a lot of fun.
I've run this a couple of timesat some different conferences
and people have a good time.
So if you're more curious abouthow do you break into cyber
security or, even better, how doyou break into a different
cyber niche, uh, after you'vebeen working and you're tired of
(44:08):
being pigeonholed and want totry something else, um, come and
have a good time, see adifferent perspective.
We'll roll some dice.
Pedro Kertzman (44:14):
It'll be fun oh, my god, I love that and, uh,
you know, back in the day notlet's not talk years uh, I used
to be a dungeon master myself,so I love dungeons and dragons.
I used to have, like all therule cyclopedia all the rule
books, the wrath of immortals,and all that as well.
I used to, yeah, play a lot, soI love the idea.
A. Stryker (44:33):
I have the lore book on my coffee table right now
for fun awesome any blogs ifpeople want to follow you, learn
more from you.
Pedro Kertzman (44:40):
Blogs, linkedin, any other social media.
You often publish stuff.
A. Stryker (44:45):
Right now it's my LinkedIn page so you can just
look up Stryker S-T-R-Y-K-E-R inThread Intel and I'll pop up.
I have a personal, if you'recurious about a lot of the other
talks I've given, I spoke atDEF CON 32 on an adversary
village panel about adversarialtactics and what my cyber vendor
(45:09):
was seeing for a lot of smbsand that kind of work.
That was a really great panel.
Um, I have links to that.
I have links to some of myother talks, um on my linkedin
and in my personal portfolio,which is striker s-t-r-y-k-e-r.
No n-o.
Striking s-t-r-i-k-i-ncom,which is a yes, it is a pun on
(45:32):
Dora the Explorer.
My son was four and goingthrough a Dora phase, so you can
go there.
Also, the Lonely Hackers Club onTelegram.
It's a community again forfirst tim timers to defcon or
just people who are interestedin hacking.
Uh, we highly encourage peopleto give it a try first and then
(45:53):
ask us questions.
And no, we will not hack yourex's instagram.
Do not ask us to do illegalthings.
Some of us have clearances andwe will not risk other people's
uh performances.
I go by striker there as well.
Just feel free to come on, sayhi and be prepared for lots of
really silly things and somevery smart and caring people who
(46:14):
want to share our love of bothsecurity and, more importantly,
how to hack things with morepeople.
Pedro Kertzman (46:22):
Stryker.
Thank you so very much.
What an insightful conversation.
I really appreciate you comingto the show and I hope I'll see
you next time.
A. Stryker (46:30):
Yeah, no, thank you so much, Pedro.
Anytime Give me a ring.
This was fun.
Thanks so much.
Rachael Tyrell (46:36):
And that's a wrap.
Thanks for tuning in.
If you found this episodevaluable, don't forget to
subscribe, share and leave areview.
Got thoughts or questions?
Connect with us on our LinkedIngroup Cyber Threat Intelligence
Podcast.
We'd love to hear from you Ifyou know anyone with CTI
expertise that would like to beinterviewed in the show.
Just let us know.
Until next time,
Every organization needs threat information in
order to make sure they'restaying safe.
Rachael Tyrell (00:05):
Hello and welcome to Episode 2, Season 1
of your Cyber ThreatIntelligence podcast.
Whether you're a seasoned CTIexpert, a cybersecurity
professional or simply curiousabout the digital battlefield,
our expert guests and hosts willbreak down complex topics into
actionable insights.
On this episode of Season 1,our host, pedro Kurtzman, will
(00:26):
chat with Stryker, who is athreat intelligence analyst at a
US insurance company, where shetranslates technical research
and qualitative intelligenceinto the so what and what now
solutions that keep more peoplesafe and secure.
Her previous talks given atB-Sides, las Vegas, def Con and
Sector cover career transitionsand advanced adversary tactics.
Over to you, pedro.
Pedro Kertzman (00:51):
Strucker, thanks a lot for being on the show.
So glad to have you here.
A. Stryker (00:56):
Thank you so much for having me, Pedro.
I'm really excited.
Pedro Kertzman (00:58):
Would you like to maybe start introducing
yourself or mentioning thatlittle disclaimer?
A. Stryker (01:09):
start introducing yourself or mentioning that a
little disclaimer.
Yes, bless you, most cybersecurity professionals at some
point.
It has been my understandingthat they will get intimately
familiar with their legaldepartment, and so I have been
instructed to say hi, my name isStryker.
I work for a large US insurancecompany that you may or may not
know, and the followingconversation will be my personal
(01:31):
opinions, experience, researchetc.
And is not necessarilyreflective of what we do at work
or what my employer thinks, etc.
Beyond that, hi, I'm Stryker.
I'm a threat intel analystworking on a team of about five
or six people.
We are a private threatintelligence group and team
(01:55):
within a larger cybersecurityorganization, which is quite a
privilege for many organizationswho often have CTI kind of
wound into, either deliberatelyor just through circumstance and
life wound into their overallsecurity operations.
So our team is primarilyfocused on external threat
(02:16):
indicators and our job is toread through all of our lovely
alerts, all of our differentmedia sources I do a lot of
reading, which is fun Boil itdown to the pieces that matter
and then get that information indifferent formats and different
emphases to the different teamsto be able to do something
about it or at least have itconsidered as they work on more
(02:38):
strategic projects.
One of the key points that weoften are focusing on is well,
why does this matter to our orgversus what we find personally
interesting, which can be quitethe struggle.
There's lots of things I wantto know more about that aren't
necessarily important to anybodyat my organization.
(02:58):
And how do we best communicatethat information?
What format?
What are they most interestedin?
How can we anticipate and bemore proactive with that
information?
One of the other things our CTIgroup does as well is we have
threat hunters who then ouranalysts, our intelligence
analysts, will give our threathunters, hey, heads up, this
(03:22):
happened.
Our threat hunters, hey, headsup, this happened.
And they can go into our EDRand our logs and our SIEM and
our source and see, hey, have wealerted to something like this
retrospectively?
And if we haven't, let's getsome automations and some hunts
in place so that we can makesure that we continue to be
covered.
That is also kind of a uniquefunction within the Threat Intel
program, which I'm really ourhunters do a wonderful job
(03:46):
perfect.
Pedro Kertzman (03:46):
Yeah, thanks for the overview and, uh, I usually
uh like asking the guests uhtheir journey to cti.
Um, you know, for peoplelistening, do they have to go
through military first and thenonly then they will be, you know
, worthy uh within the ctiindustry?
Or you know your journey, sopeople can kind of uh demystify
(04:07):
a little bit.
A. Stryker (04:08):
You know how to get into into the industry I am an
odd duck and I think that is agood place to start.
Um, I did not pick the easy wayinto the industry.
I am a poster child for havingto do everything the difficult
way.
I will agree with people onlinewho say that cybersecurity in
(04:32):
general is not an entry-levelposition.
It is not something that mostpeople without years of personal
experience I'm not even goingto say they need professional
experience, but if you haven'tbeen intimately involved with,
you know networking, cloud work,um, doing lots of projects on
your own and really gettinginvolved in that way it's going
(04:53):
to be difficult to prove theexpertise you need, not only on
an it level but on a cyber levelum, in order to get that first
position.
So that's just setting thestandard of the easiest way to
get in right, and that isactually how I think one of my
colleagues actually got in.
She worked in militaryintelligence.
(05:17):
After, to your point about doyou have?
to go military, one of themended up going into the military
and was in Intel for quite afew years and then left and was
a consultant at a consultingfirm for six years before
arriving at our organization.
So that's another pathway, too,that many people take to get
(05:38):
into private sector intelligenceor cybersecurity, frankly, is
to start in the military andthen move to a consulting firm
and then, oftentimes, becausethey have security clearances,
those are very desirable.
So then all of the federalcontractors like, hey, I can pay
you twice what you're making inthe military.
Just do what you did as mycontractor.
(06:00):
I have another coworker whoalso came from the military and
then went to a cybersecurityvendor after her time in the
military as an Intel analyst,and so that's a second route
(06:22):
that many cybersecurity vendorswhether that's a managed
services provider, a managedservices and security provider,
managed security servicesprovider, rather, so an MSP and
MSSP you have all of yourvarious makers and purveyors of
security tech.
They all want that militarycyber experience.
(06:44):
They all want that militarycyber experience.
So again'm very good at certainparts of what I do.
This is not necessarilysomething I would recommend
(07:11):
doing, but I do have lessonsfrom how I approached it.
Long story short, my degree isin professional writing From
many years ago.
I worked as a marketer for 10plus years and the fun thing
about my brand of marketing iscalled content marketing.
So it's all about how do youmake things of value for people
that they don't have to pay forand they can use right away.
(07:34):
That isn't required for, uh,they don't have to do a demo,
they don't have to buy your goodor service.
It is valuable for them, as youare and as they are.
Right then, I spent 10 plusyears doing this, uh, and went
into a whole bunch of differentindustries, from K through 12,
private school consultingthrough a, basically an eBay for
(07:58):
businesses, where I once wroteup something on how do you sell
a chocolate manufacturing lineout of Dubai Like a used one.
How do you find sellers forthat?
That was an interesting one,and ultimately I ended up at a
cybersecurity vendor.
My husband at the time was adeveloper, had been for our
(08:18):
entire relationship, and Iwanted to know more about his
world and I had been exposed toit through that, and so I
started writing these papers,these research papers, these
tools, these webinars forcybersecurity experts, and one
of the things you have to dowhen you're writing these sorts
of things.
If you if is, you get to knowthe community, you get to know
(08:38):
the people that you're trying toappeal to and work for and it
turns.
I love them.
They are my tribe, my people,um, and I had always felt a
little bit weird in marketing,and I I'll pause there and say
that almost every cyber securityperson I have met to a person
(09:03):
have not felt comfortable attheir first not cyber position,
and this often takes the form ofthey used to work in IT at a
help desk and they were tired ofjust doing things.
They wanted to, one, make moremoney but, two, to solve the
(09:26):
problems of the business, notnecessarily by facilitating
operations, but by stopping badguys from stopping the business.
Like there is this wanting todo more and not feeling at home
or at ease with your originalworkmates that I think almost
everyone I have met who work inInfoSec or cybersecurity, which
(09:47):
are different discovered at somepoint, and so I had that same
feeling just in marketing.
I never belonged in marketing.
I was always asking, okay, soideally that's what happens, but
what about this very obviousrisk that you could possibly be
having?
Or I was looking at the dataand saying, ok, this is the
(10:07):
thing that we really need to bedoing most based on the data,
and a lot of organizations wantto say they're data driven.
Most of the time they'reemotional people making data
driven decisions.
I found kindred spirits insecurity who said no, you're
right, that that makes completesense.
You should do it that way, orum.
Here is all of the reasons whywe wanted to do something this
(10:28):
way.
Um people in cyber also reallylove to explain how they got
from point a to b, which Ireally appreciate.
It teaches me.
I uh then paid for um as amarketer.
I was still working for thiscompany at the time.
Um I paid to go to blackhat anddefcon by myself.
Um had a friend go with me so Ididn't get lost in vegas and
(10:49):
completely alone, but uh, I, uh,I went and I basically found
people and said, hey, uh, do youthink you guys could use
somebody like me who's good withwords?
And I was told by a lot ofreally lovely people yes, yes,
we could use you.
And so I then spent that entirefall blitzing a whole bunch of
(11:14):
certifications at least examsand realizing that a lot of the
work I had done in my marketinglife had been security and had
been cyber related, because whenyou work for smaller businesses
and you're one of the moretechnically inclined people, you
just end up either being the ITperson or the person running
digital cloud services.
(11:34):
And so I had done a lot of thiswork previously.
I just hadn't known the wordsto use for that.
I had done access controls, butI didn't think about it except
in the frame of well, if I givethis person, god, powers over my
database, they're going toscrew everything up, so I should
probably make sure they don'thave access.
And that was that was how Ithought of it.
(11:56):
But it is governance, and therewas a lot of examples like that
.
Another great example I was incharge of updating our WordPress
site and I did the cardinal sinof pushing out a patch on a uh
right before a weekend.
You never pushed a productionon a weekend on a.
Friday, rather like right beforethe weekend, and uh, and that
(12:18):
is something most people in itor security have done at some
point.
And and I killed the website andthen had to bring it back and
roll back to last known goodright.
And that is a uniquely IT andsecurity idea that I had done
just because it needed to bedone.
And so I spent a lot of timethat fall recontextualizing all
(12:42):
of my previous experience insuch a way that I realized, hey,
these specific areas ofsecurity could probably use
somebody like me who likes towrite and won't shut up.
So I ended up being recruitedby another cybersecurity
vendor's internal research teamThreat Intelligence and Research
(13:03):
, and I helped them figure outhow to speak to technical
prospects, using the researchand delivering the research in
such a way that people wereasking for more of it.
And then I found my way to mycurrent intelligence team, where
I'm doing much the same, as Ilearn how to stand up a MISP
(13:25):
threat intelligence platform, orTIP.
I'm learning how to triagealerts within other types of
platforms that we have and inputindicators of compromise.
I'm learning how to best assistand how incidents work and how
to offer the information in thecontext that they need that can
assist without being overlyburdensome.
(13:47):
How do I?
I want to get much more intodigital forensics and learn how
to really parse through themetadata and the logs.
I do some of it now just to seeif I can see what I see read in
the incident reports, just kindof reverse engineering it.
But that kind of work our threathunters will often show you how
they.
They happily, once a week, willshow how, how they do their
(14:09):
different scripts and theirdifferent tools.
So, um, the long and short ofhow I got into cyber was I was a
precocious marketer who workedher butt off to be able to
codify my previous securityexperience that I didn't realize
I had while leaning into thestrengths of writing and
(14:30):
analysis and research that I hadfrom my previous career.
And it took a lot of work and alot of luck and a lot of
applications.
But I've landed incybersecurity and this is where
I firmly plan to stay for theforeseeable ever.
Pedro Kertzman (14:48):
Oh, wow, that's awesome, really interesting
story.
Thanks for sharing with us.
I'm probably biased because Ididn't have like a traditional
path to the cybersecurityindustry, but I think if you
really love it and that's your,let's say, end goal, you can
make your way to it.
Your, let's say, end goal, youcan make your way to it.
(15:09):
There are so manycertifications, labs, hands-on
projects you name it blogs, anysource of information.
You can get there.
Create your own, let's say,personal experience, projects,
certifications and so on, andthen you're going to have a
better shot to make into theindustry and growing, uh, within
the industry it.
A. Stryker (15:29):
It doesn't.
It's a bias and I'll say rightnow there is a definite bias in
cyber security hiring managersand infosec hiring managers,
where they are looking forpeople who came up through the
pipeline just like them and theydon't understand that people
can pivot in.
It's not an entry levelposition.
I'm not an entry levelcandidate because of my years of
(15:52):
experience and these otherthings that your team because
they all came up through thispipeline lack, and the hiring
managers who would appreciatethe skills that I have
understood that that was a gapin their current team that they
needed resolved and I wasuniquely qualified to do so.
So it's.
It's very difficult to overcomethat bias and you have to be
(16:13):
that much better than everybodyelse in order to overcome that,
and I've talked about thispreviously.
But there is what's fair andthere is what is, and you can
rail forever that it's not fair,that X, y, z, well sorry, it's
what is, and until you're hiringpeople, you need to be able to
(16:33):
withstand that.
You know, cry about it for anight and then you do what you
can to confront it.
Certifications will never beseen as well as experience.
Pedro Kertzman (16:45):
That's right.
A. Stryker (16:45):
Personal projects can do a lot for you, depending
on the project and what you do.
I accidentally stood up a tipbecause I got tired of losing
links for all of my differentresources.
I accidentally made a libraryand was like, hey, anybody else
get tired of re-downloading theNIST password guidance for like
the fifth time here.
(17:06):
You can just grab it from here.
So it's a lot of what you do onyour personal time.
It's acknowledging that it'snot fair, that your previous
experience isn't weighed thesame way, but, at the same time,
understanding that's what makesyou a unique candidate and I
think actually to that point,and I would love your take on
(17:26):
this.
Actually, it's my opinion thatone of the weak, one of the
worst parts about people tryingto break into cybersecurity is
that they just want to.
They just say, well, I'm goingto work in cyber and they're
like, okay, great, what?
And they just kind of blanketyou and they don't know what
they want to do specifically.
I mean, I was there, right, Ifound all of these different
(17:48):
bits and pieces of cybersecurityreally interesting.
I got two auditorcertifications because I thought
, hey, that seems like somethingI could do and be good at.
I was halfway through takingthe CISA the Certified
Information Systems Auditor Exam, and I realized that I would
die if I had to do this on aregular basis.
So understanding audits isreally useful for me because
(18:10):
then I can give my teams and Iknow compliance a little bit,
and and risk and and I can offerup information to them that and
know that that will be usefuland what they need.
Um, but it turns out I don'twant to be an auditor.
So, yeah, I want to move intocyber security, but I don't want
to do that.
Or I'd love to be a SOC analyst.
I joke around and say like Iwanted to use my superpowers for
(18:32):
good instead of email, so likeI want to do.
And a SOC position seemed likeone if any position is entry,
it's SOC.
If any position is entry, it'sSOC.
And two, it seemed like a goodopportunity for me to get a lot
of experience and actuallyreally helping people with what
I did in my analysis and such.
It turns out that's where agreat bit of the IT pipeline
(18:55):
really comes into play, to beable to remediate those
immediately.
And frankly, I don't have thatyet I don't.
And so even if it is anentry-level security position,
I'm not suitable for it and Ihazard a guess.
There are entry-level cyberpeople, people who want to get
into cyber, who think that theycan apply for that because it is
(19:17):
entry, and they just don't havethe skills required for it.
So you need to niche down anddecide what are you good at?
What is in demand?
What are you good at what is indemand and how can I focus on
finding that?
And and I think people need toniche down and focus on
something, if they want to moveinto cyber and have it, be that
perfect uh isekai moment betweenwhat's in demand, what they're
(19:38):
good at, and what they want todo.
So awesome.
Pedro Kertzman (19:41):
Uh, specifically about the, the cti expertise
you got through all your pastroles in the current one, but I
imagine you saw a lot of teamsbuilding CTI programs or trying
to get better at it.
Any you know do's and don'ts.
A. Stryker (20:00):
I think to me, one of the most intriguing things I
learned about CTI as aspeciality within cybersecurity
is exactly how intimidatinglyniche it can be from providers,
from organizations.
There are very feworganizations that have the both
(20:22):
maturity and the bandwidth andthe resources to hire the kind
of very experienced and and eachin their own way, um but very
niche personnel to say not onlyam I in tech and not only am I
in cyber security, but I'm inthreat intelligence and I am so
specialized that I'm just doingthis one little tiny research
(20:44):
and communications bit withinthis bigger niche.
And it takes a very mature andwell-resourced and
well-prioritized program to havea threat intelligence program,
and for me, I'm not sure that'sa bad thing Doing it now.
For the last couple of years, Ithink I've come to an
(21:04):
understanding that everyorganization, in my opinion,
needs a threat intelligencesource.
Every organization needs threatintelligence or information.
Rather, I guess, if you want tobe more specific, every
organization needs threatinformation in order to make
sure they're staying safe andsecure.
Does every organization,however, need a threat
(21:26):
intelligence program and athreat intelligence analyst
who's dedicated to that?
I don't think so.
I think it's a maturity level,so you can start off with.
Okay, here are the top fiveresources we're going to grab in
general to make sure that we'reabreast of the latest intrigues
, and maybe one or tworesearchers specifically
pertaining to our tech stackthat we're going to subscribe to
(21:49):
in an RSS feed or a feedlyright, and we're just going to
look through that every morningand if something comes up that's
interesting, we'll dig into itand that's it right.
That's like your baseline, inmy opinion, what people need.
Then you have the program whereyou have.
You're slowly growing.
You've gotten yourcybersecurity team and you have
an analyst or two who are incharge of modifying your WAF,
(22:14):
modifying your EDR, programmingautomations into SOAR, and they
start to need more discreteindicators of compromise and
more, and then hopefully,they're thinking more
strategically into somethinglike the MITRE tactics,
techniques and procedures, ttpsyou have, and at that point they
(22:36):
can then start to synthesize alittle bit more discreetly on.
Ok, so I'll spend like half ofmy time plugging in indicators
into a central dashboard andputting that out, or I'll spend
half of my time looking throughall of the research reports and
digging into well, we just sawthis.
Is this really a problem?
Like that's your middle kind ofmaturity and at the far end then
(23:00):
, and at that point as well,you'll probably also be
receiving services from, forexample, an MSSP that has a
threat intel unit inside of it,who provide monthly or quarterly
threat landscapes for you orhave a certain number of
retainer hours that you can graband ask them to do a more
personalized analysis.
(23:20):
Maybe you have an incidentresponse on retainer, like a
Mandian or 42, where you can askthem and you can then
participate in that.
Maybe there's an FS communitysharing, excuse me, an ISAC.
So since I'm at an insurancecompany, for example, we have an
FS financial services ISACmembership.
(23:41):
Those are open to organizationsthat don't have a threat intel.
It's just a matter of sharinginformation.
So, like that's, that's middlesecure, uh, middle maturity,
final maturity, or a more mature, the most mature program, uh,
outside of a dedicated threatIntel consultancy or the
military uh is going to bestanding up your own threat
Intel dedicated team, um, andthere are levels of maturity
(24:04):
within that.
But when you have people workingfull time just collecting
information and sortinginformation about your
organization, that is a matureprogram and no organization
should feel discouraged thatthey don't have that.
It is a sign of that you'redoing something right, that you
can afford to be proactive inthat way, and so keeping the
(24:29):
rest of your house in order,using the rest of your resources
well and that includes yourtime and your budget is really
important.
I used to be the kind of personwho would be like yes, give me
all of the toys.
I once asked for a verysophisticated toy early in my
career, had my boss sign a twoyear contract and then realized
that in order to make proper useof this toy, I would have to
(24:50):
dedicate half of my time at work, and I was already struggling
to finish my full workload.
So, since then I've been a lotmore understanding of just
wanting all of the toys, wantingall of the features, wanting
all of this resource.
But you have to.
It is a mark of maturity to beable to resource that
(25:13):
appropriately.
So that would be my what Ithink the most important thing
of do or do not, when you'rethinking about setting up a
Thread threat intel program doyou have enough of your basics
covered right now that you canafford to have someone dedicated
to this, and then at that pointcan you afford to resource them
(25:33):
properly?
Dark web based intelligenceplatforms cost tens of thousands
, if not more, monthly, yearly.
It is a huge expense anddedicated resource for a
comparatively small team.
And so it's okay it is reallyokay if you're not there yet,
(25:58):
and making sure you have themechanisms and the information
distribution in place to knowwhat you would do with a team
like that before you hire them,before you do that, I think
that's that's really importantperfect.
Pedro Kertzman (26:11):
Yeah, you touched on a very good point.
You have to have your basicscovered, otherwise you're.
If you're thinking aboutspinning up, skipping steps and
going straight up, let's build acti team but you don't have
your basics covered, it's gonnabe like a really complicated.
You touched on the other uhaspect throughout these material
levels of cti programs, thekind of outsourcing slash,
(26:34):
partnering with more matureproviders, uh, mssps and so on,
it could be a shortcut a littlebit if you don't have all
in-house resources.
Any insights on that?
The kinds of MSSPs, cti kind ofmindset, using those external
(27:07):
companies to help them navigatethat new journey, kind of thing.
A. Stryker (27:12):
I think one of the best things you can do when
you're sussing out a third-partyvendor or service is to think
to yourself am I asking thisbecause I have a checkbox I have
to fill for some reason, right?
Do I have an audit or acompliance requirement that I
(27:32):
want to apply for cyberinsurance?
And if I don't have a SIEM,which you should have a SIEM.
But if I don't have a SIEM,they're not going to pass me and
so I can't get cyber insurance.
So I just want a cheapest bitof technology I possibly can to
just check off that box.
Is that why you're looking foradvanced security capabilities?
Or are you looking for securitycapabilities that will not
(27:57):
check a box but will addressunderlying risk and concerns?
There's an ongoing debate insome of my circles concerns
there's an ongoing debate insome of my circles, for example,
about the value of GRC andauditors.
I am firmly on the stance thatI think governance, risk and
compliance.
Grc governance in particular isreally important to
cybersecurity because it helpssecurity prove business value to
(28:22):
doing the things that we knowwe all should do, despite the
inconvenience and the expense.
We are a cost center Showinghow this matches compliance,
which would be a bigger costcenter if it's not met is a
great way to justify it inbusiness speak.
And I think and that's reallyimportant to me as kind of a
bridge between somebody who usedto work strictly in business
(28:42):
ops versus now in security Ithink that's really important.
But so many people, so manybusinesses, just see something
like a SOC 2 or an ISO as acheckbox right.
It's just something that youhave to get in order to get this
type of contract or to fulfillthis type of requirement as a
supplier in the EU or whatever.
It is a darn shame when it'sjust seen as a checkbox
(29:08):
requirement and, on top of that,when auditors themselves are
uneducated within the reason forwhy they're asking for that
control, why they're seeking outthat control.
There is a very funny story of afriend of mine who was letting
me peer over his shoulder, in amanner of speaking, on their SOC
2, his startup's first SOC 2audit, because I had never gone
(29:32):
through it and wanted to.
I was asking lots of questionsand trying to contextualize my
theoretical knowledge with whathe was doing in the real world
and all of that fun stuff.
Right, god bless him.
I owe him a lot and he wascomplaining to me that his audit
he did not have a perfect,every control met score and I
said, well, why not?
You worked really hard on this.
And he said, well, I refuse toput in place.
(29:54):
He subscribed to a verymilitary concept, though he had
never been, which is you neverissue a command you know won't
be followed.
He does not subscribe topolicies that just won't or
can't be enforced or followed orjust culturally not going to
work, because that's a falsesense of security and that's
just a checkbox.
Right On the auditor's list wasthe requirement for a clean
(30:17):
desk, which makes a lot of sense.
On-prem does not make a lot ofsense.
Remote.
There is no way to enforce that.
Your associates are scatteredeverywhere, often at home.
Yes, there is of course, riskof somebody going in and popping
in a USB or leaving somethingon a desk or taking something
(30:39):
right, but it's less than whenyou are in office, where they're
all centralized and so a threatactor can know exactly this is
where, etc.
It does not make sense in hiscase to have a clean desk policy
.
Now, this has been debatedbetween friends when I've
brought this up so clearly thereare two sides to this, but in
his opinion.
This was a stupid ask and hisand they had different
(31:02):
remediations available for that,for example.
Uh, the part of their one ofthe other controls and something
that I think applies here wasthe fact that they had no
removable memory permissions,like that was a control.
That's part of the risk ofhaving a clean desk that you're
remediating by having a cleandesk.
So the auditor was so literalshe would not take alternative
(31:26):
controls and because he did nothave a clean desk policy written
up, because he's not going toissue a policy that's not going
to be followed.
It was there, and so the reasonI bring up this story and going
back to your original questionof how do you pick an MSP or an
MSSP, of how do you pick an MSPor an MSSP, think about does
(31:47):
this provider offer truecybersecurity advice?
That's been contextualized on aper environment and per client
maturity level basis.
Do you have to sign writers, forexample, if your IT and
security people go in and changethings that the MSSP has to do?
I had put in place becausethey're going to be the ones who
(32:10):
have to fix it when somebodyscrews it up, and you know
people who are just checking abox don't really care on the
efficacy of it.
Mssps, who will be ultimatelyresponsible for that security
program, will say, oh no, youare assigning something that if
we have to go in and fix this,you're going to pay for that.
This isn't you know, you've,you've, this is this is our
(32:34):
domain.
When you ask for the SOC 2controls, when you ask for the
ISO audit, are you just askingto see if they have it because
you've been taught that that'ssomething you can ask for, or
are you going to read it and seeif the controls that they have
are things that you would wantto have echoed at your
(32:55):
organization?
Are they things?
Can they walk you through?
You have this control at yourorganization.
Is it possible to do it at myorganization and listen for the
ones who say no, and here's why.
But here's what you can doinstead.
And that is the sign of anorganization that wants to be a
partner and will give you thecontext that you need.
(33:16):
And that's the sign that anyintel they give you as well will
be contextualized Versus a.
Here's a roundup of everydifferent industry ever, and you
work in this very niche one,for example.
So that that would be.
That's a very long windedanswer to say if you're looking
at outsourcing this kind of workin security, whether it's
(33:39):
intelligence or otherwise,consider do you need a checkbox
and that's also okay if you door do you need somebody to
advise you?
Checkboxes will say they advise, they won't.
Pedro Kertzman (33:53):
No, that's great insight, Thank you.
That's a good one to digest howyou sharp your CTI knowledge
sources of information where youlike to go to blogs, other
podcasts, you name it.
Where you like to go to blogs,other podcasts, you name it.
Where you like to go to learnmore about our industry so I
think there's there's twodifferent angles to that one.
A. Stryker (34:11):
Uh, where I go for cti content, there's how do I
learn more about cti?
And then where do I get myintelligence feeds, my
information feeds, um which, uh,by the way, there is a
difference between threatinformation and threat
intelligence.
Threat information is simplythe data that threat actors or
researchers are providing.
(34:32):
Intelligence is the synthesisand contextualization of that
data.
So there is definitely adifference between whether or
not you have a threatinformation analyst, which is
also important, or a threatintelligence analyst, which
takes a little bit more nuance.
Yeah, where I go for the latteris I'm thinking back to when I
(34:53):
stood up my personal threatIntel library when I was looking
for sources and trying not toredownload Things all the time.
I Basically had to reverseengineer it.
Nobody at work is in marketingat the time knew any sources.
They knew the things that theirCISOs read or where they, which
mostly boiled down to wherethey could pay to put in a half
(35:15):
hidden article ad, and thatwasn't the information I wanted.
That wasn't where the real meatof it was.
So what I did was I asked mycybersecurity friends okay, can
you recommend general mediaoutlets for me to be able to
reverse engineer?
And among them many I did.
(35:37):
I still pay for a Wall StreetJournal cybersecurity pro
subscription just to keep ahandle on board and compliance
and true CISO exec enterprisekind of stuff, because it
trickles down eventually andpeople you know everybody rips
off of that.
I eventually found you know yourdark readings, your info
(36:02):
securities, your bleepingcomputers, your Krebs on
security Bless that man.
Your bleeping computers, yourKrebs on security, bless that
man.
And from there and I founddifferent cybersecurity
communities to lurk in.
So I'm a member of a telegramchat called Lonely Hackers Club,
for example, that has a wholebunch of first time hackers
(36:26):
going to DEF CON, which is alarge, not InfoSec conference,
it's a large hacker conventionon the tail end of quite a few
cybersecurity conferences out inVegas every August and there's
lots of people in there whoaren't in cyber and there are a
lot who are.
So if you have questions, Iwould ask my friends there hey,
where do you get this?
Who is worth listening to thatkind of thing?
(36:46):
And over time you start tobuild up this list of personal
references.
One of the other places I alsostarted with was looking at tech
stack vendors who were relevantto a large portion of my
audience and I was constantlylooking like that would bring an
exclamation point.
So I would go and find thesecurity bulletin center of all
(37:08):
of my major tech stack vendorsthat I wanted to follow and put
them into my rss feed okay overtime, as I started parsing
through um bleeping computer,for example, would publish
something, or wall streetjournal would publish something,
and they'd researchers at thisplace discovered this cool thing
(37:31):
I went, great, you are asecondary source, now I want my
primary.
I always want my primarysources and I hammer this home I
need primary.
Don't give me some sort ofroundup, give me primary.
So I would go and click andclick and click or do searches
if they didn't have a hyperlink,which is bad form.
Every media outlet who does nothyperlink to their original
(37:52):
source should be drawn andcornered.
Pedro Kertzman (37:54):
That's right.
A. Stryker (37:55):
But I will go online and look up using the clues in
that search that I had to see ifI can find an open source blog
or whatever that original sourcewas, and then they are added to
my feed and over time you willcollect all of the researcher,
the original sources on that andyou're always adding more.
(38:15):
But but that's one of the bestways to kind of start developing
that go to the generalizedmedia outlets, um, and when they
pick up a story that isrelevant for your organization
it is interesting to you go findthat primary source and then
put them into your RSS feed andthen you will always have
primary sourcing on that andit'll be faster and over time
(38:38):
you'll only use BleedingComputer for the weird one-offs
as opposed to as your primary.
There were several mediaoutlets, by the way, it's not
just Bleeding Computer, therewere several media outlets, by
the way, it's not just bleepingcomputer.
Um.
I also made a point ofsubscribing to a lot of um
intelligence and cyber securitygovernment agencies, both at
within the united states um alsoabroad.
(38:59):
So the?
Uh, the national securitycenter out of australia, uh has
some great resources.
Um.
The um, england's cybersecurityCenter as well.
I am blanking completely ontheir names right now, but I
have both of them in my feed.
I can recognize their logospretty much off the bat.
And there are others too.
(39:19):
Look internationally for thosekind of partnerships and that
kind of dense work, particularlyif your organization is
national, and that kind of densework, particularly if your
organization is national, andyou'll be able to start to pick
up some of that as well.
And finally, I have a personalproject on examining the public
SEC reporting on required breachnotifications and then
(39:40):
reconciling it with the MaineAttorney General, because any
organization that operates inMaine is required under certain
circumstances to send out breachnotification letters to Maine
residents.
So you'll often get both publicand private letters with more
details than they'll put in theSEC reports because they lawyer
weasel, word it into differenttypes of breaches and different
(40:05):
moments like that.
So if you're looking to standup a threat intelligence, a
threat information feed, thatway I would start there.
As for where I get moreinformation about how to stand
up threat intelligenceorganizations and learn more
about my craft that way,honestly, it's a lot of asking
(40:27):
my coworkers and not beingafraid to ask questions, so I'm
very confident in the things Ido.
Well, right.
I write really well.
I have a very strange abilityto write a subject line that I
know will be opened.
10 plus years of work meansthat I can effectively
internally fish my coworkers toget them to actually do the
(40:51):
things they need to do, and Iuse that power wisely.
I am not as strong in a lot ofthe other ways, and so I go to
my coworkers and say, hey, canyou help me use Power BI to
automate this dashboard?
Hey, can you teach me how touse our EDR system to do this
hunt?
Can I shadow you for this?
Or I'll ask my boss instead ofsaying boy, why are we doing it
(41:15):
that way?
That's stupid.
We should do it this way.
I've learned that the firstquestion to ask is okay, is
there a reason why we're doingit this way?
What was the historic?
How did this start?
Why is it like this um, isthere somebody we're appealing
to?
Is there a team or something?
And you'll learn a lot of thiscontext for why seemingly
inefficient or odd ways of doingthings became coded into de
(41:39):
facto procedure.
From there, you can also bemuch more politic and saying
this is dumb.
You should do it this way andpick your battles a little bit
more wisely.
I wonder how that happened.
Uh, yeah, I haven't stumbledinto that lay on mind more than
oh, once a month, uh, but bytaking a moment and remembering
(42:01):
to ask why is something likethis, regardless of whether you
think it's be improved, byasking how something came to be,
you can better understand thedrivers, the motivations and the
context.
It's all about context.
Pedro Kertzman (42:17):
Agreed, awesome.
A. Stryker (42:20):
Oddly enough, when you asked me how I got into
cybersecurity, I'm like boyhowdy in April.
So if anybody is in theBaltimore Maryland area in April
, besides charm, so the localscybersecurity conference series,
besides, where individualgeographic regions can, can
choose to run a cybersecurityconference using besides
(42:41):
resources.
It's about a thousand people, alot of fun, two days.
They recently accepted a talkand a workshop that I run called
career campaigns, so it's whereI actually tell the entire
story of how I transitioned intocybersecurity, but using a a
dungeons and dragons or tabletopRPG metaphor.
Pedro Kertzman (43:05):
That's awesome.
A. Stryker (43:07):
So pretend for a moment that your resume is a
character sheet in one of theserole-playing games.
Right?
No way.
So why are you not beingaccepted to your first
cybersecurity campaign party?
And what can you do to eitherreskill or reclass your
character, borrowing from theskills you previously had and
(43:27):
all the work you put into thatcharacter sheet like not
ditching at all?
How do you figure out what tokeep and then what do you
rebuild to be more appealing tothat particular character?
So there's a talk version ofthat and then I actually walk
people through like an entirethree stage mini campaign of a
(43:47):
modified tabletop gaming.
So if anybody really wants tocome in, uh, and join us, uh,
that's that's.
That's been a lot of fun.
I've run this a couple of timesat some different conferences
and people have a good time.
So if you're more curious abouthow do you break into cyber
security or, even better, how doyou break into a different
cyber niche, uh, after you'vebeen working and you're tired of
(44:08):
being pigeonholed and want totry something else, um, come and
have a good time, see adifferent perspective.
We'll roll some dice.
Pedro Kertzman (44:14):
It'll be fun oh, my god, I love that and, uh,
you know, back in the day notlet's not talk years uh, I used
to be a dungeon master myself,so I love dungeons and dragons.
I used to have, like all therule cyclopedia all the rule
books, the wrath of immortals,and all that as well.
I used to, yeah, play a lot, soI love the idea.
A. Stryker (44:33):
I have the lore book on my coffee table right now
for fun awesome any blogs ifpeople want to follow you, learn
more from you.
Pedro Kertzman (44:40):
Blogs, linkedin, any other social media.
You often publish stuff.
A. Stryker (44:45):
Right now it's my LinkedIn page so you can just
look up Stryker S-T-R-Y-K-E-R inThread Intel and I'll pop up.
I have a personal, if you'recurious about a lot of the other
talks I've given, I spoke atDEF CON 32 on an adversary
village panel about adversarialtactics and what my cyber vendor
(45:09):
was seeing for a lot of smbsand that kind of work.
That was a really great panel.
Um, I have links to that.
I have links to some of myother talks, um on my linkedin
and in my personal portfolio,which is striker s-t-r-y-k-e-r.
No n-o.
Striking s-t-r-i-k-i-ncom,which is a yes, it is a pun on
(45:32):
Dora the Explorer.
My son was four and goingthrough a Dora phase, so you can
go there.
Also, the Lonely Hackers Club onTelegram.
It's a community again forfirst tim timers to defcon or
just people who are interestedin hacking.
Uh, we highly encourage peopleto give it a try first and then
(45:53):
ask us questions.
And no, we will not hack yourex's instagram.
Do not ask us to do illegalthings.
Some of us have clearances andwe will not risk other people's
uh performances.
I go by striker there as well.
Just feel free to come on, sayhi and be prepared for lots of
really silly things and somevery smart and caring people who
(46:14):
want to share our love of bothsecurity and, more importantly,
how to hack things with morepeople.
Pedro Kertzman (46:22):
Stryker.
Thank you so very much.
What an insightful conversation.
I really appreciate you comingto the show and I hope I'll see
you next time.
A. Stryker (46:30):
Yeah, no, thank you so much, Pedro.
Anytime Give me a ring.
This was fun.
Thanks so much.
Rachael Tyrell (46:36):
And that's a wrap.
Thanks for tuning in.
If you found this episodevaluable, don't forget to
subscribe, share and leave areview.
Got thoughts or questions?
Connect with us on our LinkedIngroup Cyber Threat Intelligence
Podcast.
We'd love to hear from you Ifyou know anyone with CTI
expertise that would like to beinterviewed in the show.
Just let us know.
Until next time,
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com