April 15, 2025 • 38 mins
Cherie Burgett takes us on a fascinating journey from her days as a Radio Shack employee and avid gamer to becoming the Director of Cyber Intelligence Operations for the Mining and Metals Information Sharing and Analysis Center. Her story demolishes the myth that cybersecurity professionals must follow traditional career paths, demonstrating how life skills, natural curiosity, and a hacker mentality can translate into powerful cyber defense capabilities.
The conversation reveals profound insights about the evolving threat landscape where criminals have developed specialized supply chains and even customer support systems. "It takes a lot more skills to defend than it does to attack," Cherie notes, highlighting the asymmetric challenge defenders face. We learn how threat actors now specialize in different attack phases—initial access brokers selling to ransomware operators—creating a complex criminal ecosystem that demands collaborative defensive approaches.
What sets this episode apart is Cherie's perspective on the human dimension of threat intelligence. With background in Bible college studying hermeneutics (the art of interpretation), she brings humanities-focused analysis to technical challenges. "Threat intelligence to me is the most human of the cyber disciplines," she explains, emphasizing that we're ultimately "protecting people, not systems." This philosophy shapes her approach to intelligence sharing, where she insists on providing context and actionable insights rather than merely distributing raw data or "story time" recitations of headlines.
Whether you're an experienced CTI professional or considering entering the field from an unconventional background, this episode offers valuable guidance on building skills, avoiding analytical biases, and connecting with industry resources. Follow Cherie on LinkedIn or through MMISAC publications to continue learning from her unique perspective on making threat intelligence truly human-centered and impactful.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Cherie Burgett (00:17):
No one person should be responsible for
everything.
On this episode of Season 1, ourhost, Pedro Kertzman, will chat
with Cherie Burgett.
She has worked with the miningand metals ISAC since its
inception.
As the Director of CyberIntelligence Operations, cherie
is responsible for researchingand analyzing the ever-changing
threat landscape affecting themining and metals sectors.
With a unique philosophy andapproach to cyber threat
intelligence, incorporatinglessons learned from studies in
(00:39):
the arts and humanities, sheprovides a nuanced perspective
on the ethics and humancondition relating to threat
actor groups and the peopledefending our critical
infrastructure.
Over to you, pedro.
Pedro Kertzman (00:55):
Cherie, thanks a lot for coming to the show.
It's great to have you here.
Thanks for coming.
Cherie Burgett (01:00):
Thanks, I'm really excited to be here
Awesome.
Pedro Kertzman (01:03):
Would you mind sharing with us a little bit
about your story, your careerjourney up until your current
role?
Cherie Burgett (01:11):
Sure, it's actually, I think, kind of
unique.
I guess about 10 years ago,maybe 11 years ago, I went to
DEF CON just for fun.
So before that I was a gamer.
I really liked playing videogames, played a whole lot of
(01:32):
MMOs, I did a whole lot ofvolunteer work for the military,
I was an FRG leader, I did awhole lot of community building
and I hadn't had a paying job in15 years when I just decided to
go to DEF CON for the firsttime.
My last paying job before thiswas working at a Radio Shack.
(01:53):
So you know dating myself alittle bit, but I worked at
Radio Shack when it was stillkind of cool.
I'm pretty sure I had an A-pluscertification out of working
for Radio Shack, but I wasreally good at helping people
solve their problems and I lovethe people that came into the
store.
So that's kind of my backgroundin a nutshell.
(02:18):
And then I went to DEF CON justfor fun.
It was basically my escape frommy real life.
It was the thing I wanted to dofor fun.
So that was kind of my once ayear week vacation away from the
family.
I went to DEF CON and had fun.
And because I went to DEF CON afew years in a row and was
talking to the same people.
(02:39):
It actually led to somementoring and I got serious
about wanting to join thisindustry, so sort of late in
life.
And then someone I met atDuckCon was creating an ISAC for
an industry that didn't haveone, which is the mining and
(03:04):
metal sector.
They currently didn't have one.
They is the mining, mining andmetal sector.
They currently didn't have one.
They had a series of cyberattacks and, uh, the only by the
same threat actor, and the onlyway that that happens is by not
sharing information.
And when he pitched the isac tome, I'm like well, what can I
do to help with that?
I have no experience in this.
But he's like actually you do,because you know how to get
(03:24):
people together and collaborateand solve problems.
You have this experience.
You're technical enough becauseyou know your gaming experience
, you can do this.
And you just you know.
And so I was brought in as asecurity program manager and I
helped develop the program thatis the threat intelligence
sharing program that we havetoday.
(03:47):
So, that's basically how I gotin.
It was what I saw is a vacationand fun time.
You know people actually do fora living.
So, sometimes the thing thatyou do when you're
procrastinating with your lifeis the thing you should actually
be doing with your life so yeah, yeah, they say uh, you know,
(04:07):
do something you love and don'twork in your life or something I
, I absolutely agree with that.
That's uh, it doesn't.
It doesn't always feel likework and there's some things
that you can turn your hobbiesinto work and then it becomes
work.
But this is uh this issomething that I actually really
enjoy really got into threatintelligence.
Pedro Kertzman (04:25):
Uh, through this I feel you yeah, that's awesome
.
Thanks for sharing your yourstory with us and, uh, you
mentioned something aboutcollaboration, right?
I think it's uh so importantwithin our so part of the
industry.
If you will, would you mindexpanding a little bit more on
that please?
Cherie Burgett (04:46):
So basically what I do is because no one
person should be responsible foreverything, and the industry
that I am saddled with theresponsibility of building this
whole threat landscape didn'tactually have a picture to begin
with.
Building this whole threatlandscape didn't actually have a
picture to begin with, and sothe only way that you can do
that is by, you know, buildingrelationships with people in
(05:10):
that sector, in that industry,so that we can share
intelligence with each other.
And you can only do that bygoing to places, going to the
conferences, going and talkingto people and meeting them
face-to-face, because there's awhole lot of trust that's
involved in sharing informationthat becomes intelligence People
(05:35):
.
We have a security culture anda privacy culture that we're
used to dealing with, and whenwe're talking about, we want to
keep a lot of these thingssecret, but when we're talking
about bad guys, the criminalsthat want to do us harm, we cut
ourselves off from the abilityto crowdsource the collaborative
(06:01):
defense, because if we're onlyseeing one part of the picture,
then maybe somebody elseactually sees more of it and we
can, and maybe we know expertsthat that have like a special
niche that could actually helpsolve that problem.
And so that's basically what Ido is I I help link up people
with people that can help solvetheir problems.
Pedro Kertzman (06:22):
And you mentioned about ISAC, what Would
you mind sharing with the folkslistening if they're not 100%
sure what it is the role theyplay within the CTI industry?
Cherie Burgett (06:33):
So an ISAC is an Information Sharing Analysis
Center.
You can also.
There are also organizationsthat are called ISAUs, where
it's an information sharingorganization.
Basically, the two are the same, depending on what acronym they
chose to use.
Every sector has an ISAC andthat, if you're new to a certain
(07:03):
sector, you just started,you're responsible for a team
and a company.
If you never worked in, say,mining metals, or you know the
water industry, the first stepthat you should be doing is
reaching out to that sector'sISAC, because they have people
that are experts at what they do.
They have people that have beenworking in that sector for
years and there's a sharedknowledge that you can get by
(07:24):
joining that ISAC.
Pedro Kertzman (07:25):
What kind of collaboration you have.
Is it threat feeds, data feeds,reports, meetings?
Cherie Burgett (07:31):
A lot.
Yes, all of the above.
So what we do is we have anewsletter that goes out.
We have a threat intelligenceplatform that we share articles
and indicators of compromisethrough.
Those are like IP addresses andhash values at the very lowest
(07:54):
level of what we share, but whatwe really like to share is the
finished intelligence.
So those are the things that weput.
We put it all together, it's,it's analyzed and we tell you
why this is important for yourbusiness to pay attention to.
Pedro Kertzman (08:11):
That's awesome.
Yeah, Thanks for sharing,sharing all that.
How do you call them?
Like associates?
Customers for the ISAC?
Cherie Burgett (08:19):
So we we call our members members and we're
very particular about what weuse.
We don't like calling themclients or customers, because we
want it to be more of acollaborative organization where
the member has ownership of theorganization, and so if you
don't like your ISAC, you as amember should be able to do
(08:42):
something to change it orimprove it, and so the ISAC is
only as good as its members.
Pedro Kertzman (08:48):
Makes sense.
Cherie Burgett (08:49):
Yeah, that's super interesting and you know,
talking with all those folksfrom different geographies, I
would guess levels of experienceany like type of skills or
(09:09):
skill sets that you see that aresuper valuable for people
within the CTI industry.
So I think one of the ways thatyou can tell if someone is
actually really good at CTI ishow well they research things.
Like if they are someone thatis the person that wants to know
everything about a product or aperson and they can dig up
information that you didn't knowexisted on them, they're
probably good at cti yeah,curious by nature, yeah yeah,
(09:34):
yeah, and I think, uh, uh, likeyou all know that person that is
better than the fbi detectiveat figuring out.
you know, uh, what everybody isup to.
They're probably decent at CTIbecause they know how to Google.
There's you know a lot, of, alot of the tools that I use are
(09:55):
just search engine tools.
You know, because you're you'relooking at, you know the open
web and you're looking at thedark web and you're looking at
what's available in your threatintelligence platform and you're
looking to feed that and so,basically, the internet is your
whole playground.
Pedro Kertzman (10:16):
Yeah, it's one of those people that won't rest
until they get to the verybottom of that.
They want to solve the puzzle.
Yes.
Cherie Burgett (10:28):
If you're, if you like, solving puzzles.
But then again you also have tokind of keep an open mind, like
because you can intentionallyadd bias.
And so if you, you know, if youhave this idea in your head
that it must be the Russians,and so everything that you dig
up about them is like, oh, thisalso leads back to the Russians
(10:48):
and you're convinced that it'sthe Russians and it's because
you've already created that bias.
But if you have an open mind andyou let the data speak for
itself, when you do the analysis, then you can say oh actually,
if I didn't see that this onething you know was different to
this outlying you know incidentinstance, I would have believed
(11:11):
that, and so it's being able tokeep that open mind when you're
doing the actual analysisportion of the CTI, especially
because the sometimes superclever threat actors they can
try actually to make you believethat they are somebody else or
(11:33):
so I think a very good exampleof this is, um, the use of ai.
Now, um, and because we havereally awesome ai tools that can
even change your accent in realtime, someone can call in and
have a North American accent andcall center use these all the
time.
Now it's sometimes you pick upthe phone, you think you're
(11:57):
talking to a robot.
It's actually a human with AI,altering AI accent, softening
software that they're using, andif they're using the software
and it's not tuned correctly, itcan sound robotic, but if it is
tuned well, their accent willbe like a very natural sounding
(12:20):
accent and so uh, the it makesattribution to the types of
threat actors that you'redealing with even harder,
because they are able to.
You know it's not just vpnsthat they're using to change
their um and their uh, their ipaddresses.
Now they can actually changetheir voice and that's uh cool
(12:44):
and uh and interesting and alsomakes our jobs harder yeah, no,
that's, that's a good one.
Pedro Kertzman (12:50):
Honestly, I never I didn't know about these
ones.
Um, I think I should try thoseto see if alleviates my accent a
little bit or I don't get toobored with my own voice?
Cherie Burgett (12:59):
Yeah, absolutely , you can try them.
They're.
You know on all of theirwebsites that I've seen there's
a you're supposed to only use itfor ethical reasons, like
there's a code of ethics, butyou know threat actors won't pay
attention to that.
You know their code of ethicsis their own.
Pedro Kertzman (13:19):
Yeah, exactly no , but that's good to know.
Yeah, attribution is probablyone of the most complicated
parts on this whole threatresearch CTI, because sometimes
if they're really good onobfuscating the original, if
they have a massive botnetbetween the real guys triggering
stuff and the end user orclient or host being attacked or
(13:44):
victims, uh it's really hard topinpoint who this is coming.
Cherie Burgett (13:49):
yeah, and and also the um, uh, the the threat
actors have are kind of uh,specializing in, uh, what they
do, and so maybe theirspecialization is in initial
access and then they sell thataccess to another group that
will install the malware or dothe exfiltration, because they
(14:10):
have their supply chain alreadyestablished.
You know, it's its own businessmodel, own business model.
And so if you only have theindicators for the ransomware,
you don't have the.
You know you don't have theinitial access.
(14:31):
And so that's why I thinkcollaborating and seeing you
know what other people areseeing and their behaviors and
being able to put that wholepicture together is so important
, because their ecosystem ismuch more complex than it used
to be.
It used to be one threat actorthat would get in and do the job
, but now they have their ownsupply chain.
Pedro Kertzman (14:53):
Yeah, they used to do the whole thing start to
finish and now they just need tospecialize in one little uh
part of the equation.
I remember, uh, some collegestudents asking me, um, some
time ago, with the proper cybersecurity knowledge, how damaging
could you be to a company?
(15:15):
They were asking me that andI'm like, even if I didn't have
as much knowledge, because I canbasically buy most of that
stuff out there.
Yeah, you know initial accessbrokers, info stealers,
ransomware packages and all that.
I mean you need to know how tomanipulate that to ransomware
(15:39):
yourself, I guess.
But it's just like the barriersjust lower way, lower right now
.
Cherie Burgett (15:47):
If you, you know , wanted to set up a ransomware
operation right now, you could,and with very little like.
It takes a lot more skills todefend than it does to attack.
It takes it, you know, becausethey have.
They even have customer supportand step-by-step instructions
and like, if only cybersecuritywas this easy.
Pedro Kertzman (16:11):
It's funny For exactly the same students I
mentioned about the customerservice and they were like dying
laughing, thinking I was joking, I'm serious, unfortunately,
they do'm serious, unfortunately, they do have it.
They do have it.
I remember the I think it waschildren's hospital in toronto,
(16:34):
canada.
Yeah, they got ransomware a fewyears ago and because of the
hash, everybody was jumping onattribution that particular
threat actor.
But it was actually one oftheir customers from the
ransomware service offering.
They had that, uh, send apackage to to the children's
(16:58):
hospital and because of thehashes and and all that, people
quote unquote, startedpublishing articles about how
those guys would be able totarget like a children's
hospital.
And they came publicly say no,we don't do children's hospital,
wait up.
And then they found out, oh,it's one of our customers, so
(17:20):
here's the decryption key so youcan.
But up until that point I don'tremember how many days uh that
they were really in trouble uh,in the hospital.
So I guess even, yeah, some badguys might have some lines.
Cherie Burgett (17:36):
They they don't cross there there is kind of
some people don't have linesthey cross.
It depends on which countryyou're coming the attack is
coming from.
There are some countries thatabsolutely hate certain
countries and so there's nothingoff limits.
You know, providers, theyactually do kind of have like a
(18:04):
code of conduct.
We don't do this, you know, andthey, they have their
affiliates agree to that andsometimes, depending on the
affiliate or you know the scriptkitty, they might not even know
who they're ransoming.
They, you know they just theyjust happen to have access that
they bought to something andthey didn't know what it was
because they didn't bother to dothe who has look up on them
like you know, like you shouldprobably know who you're, who
(18:28):
you're attacking, but sometimes,like they're not, they're not
all great, um uh, they don't allpossess the technical skills or
, you know they, they just kindof wanted to make a quick buck
yeah, yeah, exactly so.
Pedro Kertzman (18:44):
Yeah, what about , um, you know, we, I think we
have given a fair amount ofbackground information to
everybody at this point.
Um, and super important, thisskill you mentioned, right, the
curiosity for for people, uh, inthe industry, and what about
overall for protectioners or CTIteams, any do's and don'ts that
(19:08):
are top of mind, kind of thing.
Cherie Burgett (19:13):
I have a few, some things I'm actually pretty
passionate about, but I thinkthe most important thing to
remember is what you're doingand why, and so it is your job
to get.
The most important thing toremember is what you're doing
and why, and so it is your jobto get the most relevant and
actionable information into thehands that need them and in the
method that is most that theycan use it.
(19:35):
Times when I get on some ofthese sharing calls with
different organizations and theyuh, it kind of goes into what
some people refer to as storytime, where they're basically
just reading off headlines anduh, and not saying anything
(19:56):
about the headlines, about whythey think it might be important
or why they should payattention to it, or they're
reading, worse, cve lists, andthe CVE lists are the ones that
I think are just kind ofridiculous to share on a phone
call, because you can't doanything with that information
just by hearing it.
It's not the best way to sharethat information.
(20:17):
An email or a tip would bebetter.
An email or a tip would bebetter.
Something is something that, butyour job as a CTI analyst is to
actually analyze like it's notjust to share, pass forward
information.
You have to.
You have to be able to decidewhether or not it's information
worth sharing to that person andthat they can use it, and you
(20:41):
can throw everything you wantinto your tip.
Um, that's, that's what it'sthere for you can.
You can have that as acatch-all, but what you're
actually sharing out to thepeople your team, the executives
you want to make sure it'stailored for them and they know
exactly what to do with thatinformation actionable.
Pedro Kertzman (20:57):
Yeah, no, that's .
That's a good point.
I think it also brings thedon'ts as well, like just don't
go on a start time mode, I guess.
Cherie Burgett (21:08):
Well.
So I think sometimes we get waytoo focused on the granular the
CVEs, the IOCs, mapping it tothe ATT&CK framework, and I
think there's just so much more,because I think a lot of that
work can be automated.
You can have AI scrape a lot ofthat information and they can
(21:31):
sort that for you.
That's not real analysis work.
I think the real analysis workis figuring out why this is
important and what we can doabout it, and so I think that's
the real analysis is.
I've kind of made a rule that Idon't share anything with
anyone unless I can tell themwhy I'm sharing it with them,
(21:53):
why this is important, and Iwill put that reason right up at
the top of the page, and that'show I share things.
And because of what it does isit forces me to make sure that
what I'm sharing with them isactionable, is important, and
they know what, but they knowwhy it's important oh, that's,
(22:14):
that's great insight, thank you.
Pedro Kertzman (22:17):
Anything that you know today that you wish you
knew back in the early DEF CONyears, that is super either
knowledge or skill that you havenow that you wish you knew that
back in the day.
Cherie Burgett (22:32):
So this is very general for cybersecurity, I
think, is I wish I knew that Ibelonged to this industry back
then, wish I knew that Ibelonged to this industry back
then Because and I think thatwas the hardest thing for me to
learn was that my skills wereactually valuable, that I was
good at what I did, and and itwas because you know of I think
(22:59):
a lot of people discount theirlife skills, as you know of.
I think a lot of peoplediscount their life skills, as
you know, as actual skills thatare useful in this industry,
especially since we're likehacker culture.
You know, things that you do inlife like hacker is more of a
state of mind, it is a lifestyle.
They're the people that kind ofbend the rules or they, when
(23:22):
they get a shiny new you knowgame, uh, they look for ways to
break it, or they look for waysto, you know, turn off the guard
rails or they look for the tcodes.
You know that's that's kind ofhacker mentality and your life
skills, uh, that you, you know.
Um, I I went through a brieftime where I was extreme
couponing because to me thosewere exploits in real life, like
(23:46):
just it's a lifestyle and Ithink a lot more people belong
to this life than actuallyrealize and I think the
gatekeeping that we have in thisindustry is kind of a shame
because there are so many peoplethat I think would do such have
(24:08):
an amazing impact but theydon't quite feel like they
belong because they didn't join.
They didn't, you know, join thetraditional way or they didn't
start out as you know a SOCanalyst to you know they didn't
start out with the pen testingtechnical roles.
(24:31):
That people think that at CTIRis that when I meet them in
person, it doesn't matter whatbackground they came from, they
think, like me I'm alwaysshocked and blown away that they
(24:53):
have shared interests becausewe didn't have this club.
That kind of all got togetherand predetermined what cyber
threat intelligence was, theperson that kind of works in
cyber threat intelligence wasgoing to be like, and I'm not
sure if you noticed as a, as apodcast host, but we share
(25:13):
similar traits and that alwayslike surprises me, the people
that work in it, because wedon't interact with each other a
whole lot that's right, youknow, funny.
Pedro Kertzman (25:24):
You mentioned that and probably because we are
already entirely on the CTIindustry or surrounded by it or
part of it, the curiosity thatyou mentioned.
It's really common.
Cherie Burgett (25:43):
Yeah, I think we are the people that get excited
when we see a torch network.
We are the people that getexcited when we see a torch
network, like I don't know.
It's sort of like a I'm notsure the right word for that but
there's definitely a traitwhere we see some, we don't mind
seeing a little bit ofdestruction.
We kind of like, ooh, what'sthat?
(26:06):
It's like driving by a fire.
We're the one who wants to seehow, we want to know how it
started.
Pedro Kertzman (26:12):
Yeah or the pattern.
Cherie Burgett (26:15):
Yeah, we're curious about the destruction
that just happened.
Pedro Kertzman (26:19):
Yeah, well, we can take some teachings out of
any single episode, good or badout there.
If it's bad, maybe thelearnings you can get.
It's's avoiding the next one,and probably that's the most
important thing.
Cherie Burgett (26:36):
Uh, well, you're exactly right.
I I really think it's aboutpreventing the next one from
happening and learning uh,learning from our mistakes, or
learning why it was.
You know why it happened.
Maybe.
Maybe we can course correct orput you know, put a little bit
of mitigation into it or write anew playbook that is specific
(27:00):
to this thing, so that if ithappens again to another company
, then they already have theplaybook written for them, they
know how to respond to it yeah,yeah, uh.
Pedro Kertzman (27:11):
Well, I think at this point, if uh people had
the opportunity to listen allthe past episodes, they will see
that so many differentbackgrounds and everybody is
doing, I would say, really wellwithin the, the cti industry and
, most importantly to me, isadding a lot of value to their
(27:33):
teams and their you name andmembers, customers, partners and
that and that's I think it's soimportant, especially life
skills in general writing, likeone very specific part of the
cti role or teams will always bewriting reports.
(27:58):
If you don't have, if you onlyhave across your team the best
mauer researchers, reverseengineers and one of people only
focused on numbers, who isgonna write that report?
Cherie Burgett (28:16):
so you have, as a, as a cti leader I think you
should pay attention to thismultiple skill sets that you're
gonna need to have a winning,winning team yeah, um, yeah,
definitely, the verbal andwritten communication are key,
um, because it's it being ableto uh put your you know, um
(28:42):
analysis into words and explainto people why they need to do
something.
Um is is the whole, uh, uh, isthe whole reason for CTI in the
first place is so that they canmake decisions, so that they can
know what might be coming.
So that they can.
(29:02):
If your information that you'resharing with them is not having
any kind of impact on the, therole or or their decisions that
are being made um, then you'redoing it wrong.
Pedro Kertzman (29:14):
You're not sharing the right information,
or you're sharing it, um in away that's not consumable for
them, so you have to change thatyeah, I think you mentioned
right the reasoning why you'resharing that it's so, having
that in mind, uh, all the timeis super important to decide
what to share, how to.
Cherie Burgett (29:35):
Yeah, one of the things that kind of in my
background.
So, from before all of this, ina past life I actually went to
Bible college, and so one of thethings that you learn in Bible
college is hermeneutics, whichis the art of interpretation,
(29:55):
which is something that Irecently connected to.
How I actually analyze writtentext is by using these
interpretation techniques, andso that's one of the things that
I'm actually working on writingmore about, so that more people
can you know.
Oh, maybe someone who in a pastlife did you know study
(30:20):
theology?
Maybe there is a path for themto work in cybersecurity
security um, maybe someone who,uh, is into philosophy or
psychology or, um, even the arts, I think are are all things
that can be used.
Uh, threat intelligence to meis the most human of cyber, of
(30:42):
the cyber disciplines, and so, Ithink, bringing a lot of
humanities into it, becausewe're dealing with people, we're
communicating with people,we're working with people.
We're not protecting systems,we're protecting people, and so
they have safe operations.
So so that's what?
And we're protecting themagainst people.
And I know, even with AI, it'sstill.
(31:04):
It's still person versus person.
Just because you have softwarein the middle doesn't make it
any less yeah, I, I like the um,we're protecting people instead
of uh systems.
Pedro Kertzman (31:15):
That's.
That's really nice because, uh,it makes a lot of sense.
It makes it.
It's a very good way to to putit.
And what about your knowledgeabout uh, cti?
I'm not, you know, data feedsand things like that, but how
you update your knowledge acrossthings happening across the CTI
industry, any specific blog,book, podcast you like to use to
(31:39):
sharpen your knowledge?
Cherie Burgett (31:43):
So I'm constantly in the CTI or
intelligence feeds and readingarticles.
I subscribe to a few that Iconstantly read, you know the
general ones, like bleepingcomputer and the hacker news.
They're usually fairly current.
(32:04):
They don't have a whole lot ofcontent that is specifically
mining focused.
So a lot of the intelligencethat I get is through our
members.
But I would recommend to someonewho is new to CTI is to start
following some of the cybersecurity blogs, and there's an
(32:26):
interesting one that's actuallya Russian site that I like to go
to that has, uh, ransom,ransomware notes and samples of
those, because I like to see howthe notes are being crafted and
I I read ransom notes for fun,so some other people might
actually do that too.
But, um, I like to see how theyare threatening, what kind of
(32:48):
psychological tactics thatthey're using.
But I would just recommendgoing, having a list, you know,
bookmarking them and maybecoming up with like a sample
question for like a samplebusiness like and just sort of
practice answering thosequestions like and you can
(33:10):
actually have AI come up withsome of those questions.
A lot of people in CTI actuallyuse AI.
Now to what's a good questionto come up with for this
specific instance, and they'llcome up with some questions and
then you can practice answeringthose questions and if you find
anything cool or interesting,what you can also do is share it
(33:34):
.
And you can do all of thiswithout having any CTI
background whatsoever, withoutneeding to get the job first,
and you can actually just shareyour passion for cybersecurity
and cyber threat intelligencewith the world on LinkedIn and
that may get you noticed.
As you know someone who'spassionate about cybersecurity
at CTI and I don't know a CISOin the world that would pass up
(33:57):
the opportunity to have somebodywork for their team that would
actually do it for free onLinkedIn.
So there's your path to gettingyou know.
Noticed is is to you.
You know, come up with somesample questions and answer them
and share them on linkedin no,that's a great, great advice.
Pedro Kertzman (34:16):
Yeah, nice and um, still about like sharing
your or collaboration.
If anybody happens to belistening to podcasts and
happens to to work on the miningindustry, that is not 100 sure
how they should first, uh, getin touch with isaac.
(34:37):
What's the best way?
Cherie Burgett (34:39):
so, uh, so you can look up all the isaacs.
You know, um, whether it's uhwater or uh health or mining um,
you can just Google it.
But our website is mmisacorgand most ISACs will have a
(34:59):
similar naming convention.
They'll usually be either a orgor a com.
Just look up your, look up yourindustry's ISAC and you know
they should have a contact pageand contact us.
But definitely reach out toyour ISAC.
They are your best resource forpeople who are in that sector
(35:26):
that have probably alreadysolved the problems that you're
trying to solve.
Pedro Kertzman (35:31):
Yeah, awesome, don't try to reinvent the wheel,
kind of thing.
Cherie Burgett (35:35):
Well, we don't need to put ourselves at any
more disadvantages than we'realready at.
We're already on the short endof the stick being defenders.
We don't need to create morewalls and create more silos and
create another paywall forintelligence.
That should be free and that's.
That's a bit of a rant, but theand and there are security
(35:59):
there.
There are companies that aremonetizing cyber threat
intelligence for open sourcestuff that I think should just
be free, which is which is to,is crazy.
If it starts out with a trafficlight protocol clear, it should
stay clear, like there's noreason to pay for all that.
Pedro Kertzman (36:18):
Awesome.
And what if people wants tolearn more from you?
Follow you articles, blog posts, linkedin, you name it how they
do that.
Cherie Burgett (36:27):
So some of my articles are actually published
on the MMIS sec web page, um,and you can go to mmi secorg and
read them there.
Um, we also have a monthlynewsletter that is available for
everyone.
Whether you are part of themining sector or not, you can
sign up, and you can sign upthrough that page.
Um, and we also have, or I alsoshare regularly on LinkedIn,
(36:54):
posts and articles that Ipublish and those are all
available.
So definitely connect with meon LinkedIn.
I'm usually not superparticular about who connects to
me.
If I see that you are actuallya human being that works in
cybersecurity, odds are I willaccept your request.
Pedro Kertzman (37:12):
Awesome, Cherie.
Thank you so very much.
It was great having you hereSuper insightful conversation,
and I hope I'll see you around.
Cherie Burgett (37:21):
I definitely hope to see you around.
Thank you for having me, it'sbeen a pleasure.
Pedro Kertzman (37:25):
Awesome, thank you.
Rachael Tyrell (37:29):
And that's a wrap.
Thanks for tuning in.
If you found this episodevaluable, don't forget to
subscribe, share and leave areview.
Got thoughts or questions?
Connect with us on our LinkedIngroup Cyber Threat Intelligence
Podcast.
We'd love to hear from you Ifyou know anyone with CTI
expertise that would like to beinterviewed in the show.
Just let us know.
Until next time, stay sharp andstay secure.
(37:50):
You.
No one person should be responsible for
everything.
On this episode of Season 1, ourhost, Pedro Kertzman, will chat
with Cherie Burgett.
She has worked with the miningand metals ISAC since its
inception.
As the Director of CyberIntelligence Operations, cherie
is responsible for researchingand analyzing the ever-changing
threat landscape affecting themining and metals sectors.
With a unique philosophy andapproach to cyber threat
intelligence, incorporatinglessons learned from studies in
(00:39):
the arts and humanities, sheprovides a nuanced perspective
on the ethics and humancondition relating to threat
actor groups and the peopledefending our critical
infrastructure.
Over to you, pedro.
Pedro Kertzman (00:55):
Cherie, thanks a lot for coming to the show.
It's great to have you here.
Thanks for coming.
Cherie Burgett (01:00):
Thanks, I'm really excited to be here
Awesome.
Pedro Kertzman (01:03):
Would you mind sharing with us a little bit
about your story, your careerjourney up until your current
role?
Cherie Burgett (01:11):
Sure, it's actually, I think, kind of
unique.
I guess about 10 years ago,maybe 11 years ago, I went to
DEF CON just for fun.
So before that I was a gamer.
I really liked playing videogames, played a whole lot of
(01:32):
MMOs, I did a whole lot ofvolunteer work for the military,
I was an FRG leader, I did awhole lot of community building
and I hadn't had a paying job in15 years when I just decided to
go to DEF CON for the firsttime.
My last paying job before thiswas working at a Radio Shack.
(01:53):
So you know dating myself alittle bit, but I worked at
Radio Shack when it was stillkind of cool.
I'm pretty sure I had an A-pluscertification out of working
for Radio Shack, but I wasreally good at helping people
solve their problems and I lovethe people that came into the
store.
So that's kind of my backgroundin a nutshell.
(02:18):
And then I went to DEF CON justfor fun.
It was basically my escape frommy real life.
It was the thing I wanted to dofor fun.
So that was kind of my once ayear week vacation away from the
family.
I went to DEF CON and had fun.
And because I went to DEF CON afew years in a row and was
talking to the same people.
(02:39):
It actually led to somementoring and I got serious
about wanting to join thisindustry, so sort of late in
life.
And then someone I met atDuckCon was creating an ISAC for
an industry that didn't haveone, which is the mining and
(03:04):
metal sector.
They currently didn't have one.
They is the mining, mining andmetal sector.
They currently didn't have one.
They had a series of cyberattacks and, uh, the only by the
same threat actor, and the onlyway that that happens is by not
sharing information.
And when he pitched the isac tome, I'm like well, what can I
do to help with that?
I have no experience in this.
But he's like actually you do,because you know how to get
(03:24):
people together and collaborateand solve problems.
You have this experience.
You're technical enough becauseyou know your gaming experience
, you can do this.
And you just you know.
And so I was brought in as asecurity program manager and I
helped develop the program thatis the threat intelligence
sharing program that we havetoday.
(03:47):
So, that's basically how I gotin.
It was what I saw is a vacationand fun time.
You know people actually do fora living.
So, sometimes the thing thatyou do when you're
procrastinating with your lifeis the thing you should actually
be doing with your life so yeah, yeah, they say uh, you know,
(04:07):
do something you love and don'twork in your life or something I
, I absolutely agree with that.
That's uh, it doesn't.
It doesn't always feel likework and there's some things
that you can turn your hobbiesinto work and then it becomes
work.
But this is uh this issomething that I actually really
enjoy really got into threatintelligence.
Pedro Kertzman (04:25):
Uh, through this I feel you yeah, that's awesome
.
Thanks for sharing your yourstory with us and, uh, you
mentioned something aboutcollaboration, right?
I think it's uh so importantwithin our so part of the
industry.
If you will, would you mindexpanding a little bit more on
that please?
Cherie Burgett (04:46):
So basically what I do is because no one
person should be responsible foreverything, and the industry
that I am saddled with theresponsibility of building this
whole threat landscape didn'tactually have a picture to begin
with.
Building this whole threatlandscape didn't actually have a
picture to begin with, and sothe only way that you can do
that is by, you know, buildingrelationships with people in
(05:10):
that sector, in that industry,so that we can share
intelligence with each other.
And you can only do that bygoing to places, going to the
conferences, going and talkingto people and meeting them
face-to-face, because there's awhole lot of trust that's
involved in sharing informationthat becomes intelligence People
(05:35):
.
We have a security culture anda privacy culture that we're
used to dealing with, and whenwe're talking about, we want to
keep a lot of these thingssecret, but when we're talking
about bad guys, the criminalsthat want to do us harm, we cut
ourselves off from the abilityto crowdsource the collaborative
(06:01):
defense, because if we're onlyseeing one part of the picture,
then maybe somebody elseactually sees more of it and we
can, and maybe we know expertsthat that have like a special
niche that could actually helpsolve that problem.
And so that's basically what Ido is I I help link up people
with people that can help solvetheir problems.
Pedro Kertzman (06:22):
And you mentioned about ISAC, what Would
you mind sharing with the folkslistening if they're not 100%
sure what it is the role theyplay within the CTI industry?
Cherie Burgett (06:33):
So an ISAC is an Information Sharing Analysis
Center.
You can also.
There are also organizationsthat are called ISAUs, where
it's an information sharingorganization.
Basically, the two are the same, depending on what acronym they
chose to use.
Every sector has an ISAC andthat, if you're new to a certain
(07:03):
sector, you just started,you're responsible for a team
and a company.
If you never worked in, say,mining metals, or you know the
water industry, the first stepthat you should be doing is
reaching out to that sector'sISAC, because they have people
that are experts at what they do.
They have people that have beenworking in that sector for
years and there's a sharedknowledge that you can get by
(07:24):
joining that ISAC.
Pedro Kertzman (07:25):
What kind of collaboration you have.
Is it threat feeds, data feeds,reports, meetings?
Cherie Burgett (07:31):
A lot.
Yes, all of the above.
So what we do is we have anewsletter that goes out.
We have a threat intelligenceplatform that we share articles
and indicators of compromisethrough.
Those are like IP addresses andhash values at the very lowest
(07:54):
level of what we share, but whatwe really like to share is the
finished intelligence.
So those are the things that weput.
We put it all together, it's,it's analyzed and we tell you
why this is important for yourbusiness to pay attention to.
Pedro Kertzman (08:11):
That's awesome.
Yeah, Thanks for sharing,sharing all that.
How do you call them?
Like associates?
Customers for the ISAC?
Cherie Burgett (08:19):
So we we call our members members and we're
very particular about what weuse.
We don't like calling themclients or customers, because we
want it to be more of acollaborative organization where
the member has ownership of theorganization, and so if you
don't like your ISAC, you as amember should be able to do
(08:42):
something to change it orimprove it, and so the ISAC is
only as good as its members.
Pedro Kertzman (08:48):
Makes sense.
Cherie Burgett (08:49):
Yeah, that's super interesting and you know,
talking with all those folksfrom different geographies, I
would guess levels of experienceany like type of skills or
(09:09):
skill sets that you see that aresuper valuable for people
within the CTI industry.
So I think one of the ways thatyou can tell if someone is
actually really good at CTI ishow well they research things.
Like if they are someone thatis the person that wants to know
everything about a product or aperson and they can dig up
information that you didn't knowexisted on them, they're
probably good at cti yeah,curious by nature, yeah yeah,
(09:34):
yeah, and I think, uh, uh, likeyou all know that person that is
better than the fbi detectiveat figuring out.
you know, uh, what everybody isup to.
They're probably decent at CTIbecause they know how to Google.
There's you know a lot, of, alot of the tools that I use are
(09:55):
just search engine tools.
You know, because you're you'relooking at, you know the open
web and you're looking at thedark web and you're looking at
what's available in your threatintelligence platform and you're
looking to feed that and so,basically, the internet is your
whole playground.
Pedro Kertzman (10:16):
Yeah, it's one of those people that won't rest
until they get to the verybottom of that.
They want to solve the puzzle.
Yes.
Cherie Burgett (10:28):
If you're, if you like, solving puzzles.
But then again you also have tokind of keep an open mind, like
because you can intentionallyadd bias.
And so if you, you know, if youhave this idea in your head
that it must be the Russians,and so everything that you dig
up about them is like, oh, thisalso leads back to the Russians
(10:48):
and you're convinced that it'sthe Russians and it's because
you've already created that bias.
But if you have an open mind andyou let the data speak for
itself, when you do the analysis, then you can say oh actually,
if I didn't see that this onething you know was different to
this outlying you know incidentinstance, I would have believed
(11:11):
that, and so it's being able tokeep that open mind when you're
doing the actual analysisportion of the CTI, especially
because the sometimes superclever threat actors they can
try actually to make you believethat they are somebody else or
(11:33):
so I think a very good exampleof this is, um, the use of ai.
Now, um, and because we havereally awesome ai tools that can
even change your accent in realtime, someone can call in and
have a North American accent andcall center use these all the
time.
Now it's sometimes you pick upthe phone, you think you're
(11:57):
talking to a robot.
It's actually a human with AI,altering AI accent, softening
software that they're using, andif they're using the software
and it's not tuned correctly, itcan sound robotic, but if it is
tuned well, their accent willbe like a very natural sounding
(12:20):
accent and so uh, the it makesattribution to the types of
threat actors that you'redealing with even harder,
because they are able to.
You know it's not just vpnsthat they're using to change
their um and their uh, their ipaddresses.
Now they can actually changetheir voice and that's uh cool
(12:44):
and uh and interesting and alsomakes our jobs harder yeah, no,
that's, that's a good one.
Pedro Kertzman (12:50):
Honestly, I never I didn't know about these
ones.
Um, I think I should try thoseto see if alleviates my accent a
little bit or I don't get toobored with my own voice?
Cherie Burgett (12:59):
Yeah, absolutely , you can try them.
They're.
You know on all of theirwebsites that I've seen there's
a you're supposed to only use itfor ethical reasons, like
there's a code of ethics, butyou know threat actors won't pay
attention to that.
You know their code of ethicsis their own.
Pedro Kertzman (13:19):
Yeah, exactly no , but that's good to know.
Yeah, attribution is probablyone of the most complicated
parts on this whole threatresearch CTI, because sometimes
if they're really good onobfuscating the original, if
they have a massive botnetbetween the real guys triggering
stuff and the end user orclient or host being attacked or
(13:44):
victims, uh it's really hard topinpoint who this is coming.
Cherie Burgett (13:49):
yeah, and and also the um, uh, the the threat
actors have are kind of uh,specializing in, uh, what they
do, and so maybe theirspecialization is in initial
access and then they sell thataccess to another group that
will install the malware or dothe exfiltration, because they
(14:10):
have their supply chain alreadyestablished.
You know, it's its own businessmodel, own business model.
And so if you only have theindicators for the ransomware,
you don't have the.
You know you don't have theinitial access.
(14:31):
And so that's why I thinkcollaborating and seeing you
know what other people areseeing and their behaviors and
being able to put that wholepicture together is so important
, because their ecosystem ismuch more complex than it used
to be.
It used to be one threat actorthat would get in and do the job
, but now they have their ownsupply chain.
Pedro Kertzman (14:53):
Yeah, they used to do the whole thing start to
finish and now they just need tospecialize in one little uh
part of the equation.
I remember, uh, some collegestudents asking me, um, some
time ago, with the proper cybersecurity knowledge, how damaging
could you be to a company?
(15:15):
They were asking me that andI'm like, even if I didn't have
as much knowledge, because I canbasically buy most of that
stuff out there.
Yeah, you know initial accessbrokers, info stealers,
ransomware packages and all that.
I mean you need to know how tomanipulate that to ransomware
(15:39):
yourself, I guess.
But it's just like the barriersjust lower way, lower right now
.
Cherie Burgett (15:47):
If you, you know , wanted to set up a ransomware
operation right now, you could,and with very little like.
It takes a lot more skills todefend than it does to attack.
It takes it, you know, becausethey have.
They even have customer supportand step-by-step instructions
and like, if only cybersecuritywas this easy.
Pedro Kertzman (16:11):
It's funny For exactly the same students I
mentioned about the customerservice and they were like dying
laughing, thinking I was joking, I'm serious, unfortunately,
they do'm serious, unfortunately, they do have it.
They do have it.
I remember the I think it waschildren's hospital in toronto,
(16:34):
canada.
Yeah, they got ransomware a fewyears ago and because of the
hash, everybody was jumping onattribution that particular
threat actor.
But it was actually one oftheir customers from the
ransomware service offering.
They had that, uh, send apackage to to the children's
(16:58):
hospital and because of thehashes and and all that, people
quote unquote, startedpublishing articles about how
those guys would be able totarget like a children's
hospital.
And they came publicly say no,we don't do children's hospital,
wait up.
And then they found out, oh,it's one of our customers, so
(17:20):
here's the decryption key so youcan.
But up until that point I don'tremember how many days uh that
they were really in trouble uh,in the hospital.
So I guess even, yeah, some badguys might have some lines.
Cherie Burgett (17:36):
They they don't cross there there is kind of
some people don't have linesthey cross.
It depends on which countryyou're coming the attack is
coming from.
There are some countries thatabsolutely hate certain
countries and so there's nothingoff limits.
You know, providers, theyactually do kind of have like a
(18:04):
code of conduct.
We don't do this, you know, andthey, they have their
affiliates agree to that andsometimes, depending on the
affiliate or you know the scriptkitty, they might not even know
who they're ransoming.
They, you know they just theyjust happen to have access that
they bought to something andthey didn't know what it was
because they didn't bother to dothe who has look up on them
like you know, like you shouldprobably know who you're, who
(18:28):
you're attacking, but sometimes,like they're not, they're not
all great, um uh, they don't allpossess the technical skills or
, you know they, they just kindof wanted to make a quick buck
yeah, yeah, exactly so.
Pedro Kertzman (18:44):
Yeah, what about , um, you know, we, I think we
have given a fair amount ofbackground information to
everybody at this point.
Um, and super important, thisskill you mentioned, right, the
curiosity for for people, uh, inthe industry, and what about
overall for protectioners or CTIteams, any do's and don'ts that
(19:08):
are top of mind, kind of thing.
Cherie Burgett (19:13):
I have a few, some things I'm actually pretty
passionate about, but I thinkthe most important thing to
remember is what you're doingand why, and so it is your job
to get.
The most important thing toremember is what you're doing
and why, and so it is your jobto get the most relevant and
actionable information into thehands that need them and in the
method that is most that theycan use it.
(19:35):
Times when I get on some ofthese sharing calls with
different organizations and theyuh, it kind of goes into what
some people refer to as storytime, where they're basically
just reading off headlines anduh, and not saying anything
(19:56):
about the headlines, about whythey think it might be important
or why they should payattention to it, or they're
reading, worse, cve lists, andthe CVE lists are the ones that
I think are just kind ofridiculous to share on a phone
call, because you can't doanything with that information
just by hearing it.
It's not the best way to sharethat information.
(20:17):
An email or a tip would bebetter.
An email or a tip would bebetter.
Something is something that, butyour job as a CTI analyst is to
actually analyze like it's notjust to share, pass forward
information.
You have to.
You have to be able to decidewhether or not it's information
worth sharing to that person andthat they can use it, and you
(20:41):
can throw everything you wantinto your tip.
Um, that's, that's what it'sthere for you can.
You can have that as acatch-all, but what you're
actually sharing out to thepeople your team, the executives
you want to make sure it'stailored for them and they know
exactly what to do with thatinformation actionable.
Pedro Kertzman (20:57):
Yeah, no, that's .
That's a good point.
I think it also brings thedon'ts as well, like just don't
go on a start time mode, I guess.
Cherie Burgett (21:08):
Well.
So I think sometimes we get waytoo focused on the granular the
CVEs, the IOCs, mapping it tothe ATT&CK framework, and I
think there's just so much more,because I think a lot of that
work can be automated.
You can have AI scrape a lot ofthat information and they can
(21:31):
sort that for you.
That's not real analysis work.
I think the real analysis workis figuring out why this is
important and what we can doabout it, and so I think that's
the real analysis is.
I've kind of made a rule that Idon't share anything with
anyone unless I can tell themwhy I'm sharing it with them,
(21:53):
why this is important, and Iwill put that reason right up at
the top of the page, and that'show I share things.
And because of what it does isit forces me to make sure that
what I'm sharing with them isactionable, is important, and
they know what, but they knowwhy it's important oh, that's,
(22:14):
that's great insight, thank you.
Pedro Kertzman (22:17):
Anything that you know today that you wish you
knew back in the early DEF CONyears, that is super either
knowledge or skill that you havenow that you wish you knew that
back in the day.
Cherie Burgett (22:32):
So this is very general for cybersecurity, I
think, is I wish I knew that Ibelonged to this industry back
then, wish I knew that Ibelonged to this industry back
then Because and I think thatwas the hardest thing for me to
learn was that my skills wereactually valuable, that I was
good at what I did, and and itwas because you know of I think
(22:59):
a lot of people discount theirlife skills, as you know of.
I think a lot of peoplediscount their life skills, as
you know, as actual skills thatare useful in this industry,
especially since we're likehacker culture.
You know, things that you do inlife like hacker is more of a
state of mind, it is a lifestyle.
They're the people that kind ofbend the rules or they, when
(23:22):
they get a shiny new you knowgame, uh, they look for ways to
break it, or they look for waysto, you know, turn off the guard
rails or they look for the tcodes.
You know that's that's kind ofhacker mentality and your life
skills, uh, that you, you know.
Um, I I went through a brieftime where I was extreme
couponing because to me thosewere exploits in real life, like
(23:46):
just it's a lifestyle and Ithink a lot more people belong
to this life than actuallyrealize and I think the
gatekeeping that we have in thisindustry is kind of a shame
because there are so many peoplethat I think would do such have
(24:08):
an amazing impact but theydon't quite feel like they
belong because they didn't join.
They didn't, you know, join thetraditional way or they didn't
start out as you know a SOCanalyst to you know they didn't
start out with the pen testingtechnical roles.
(24:31):
That people think that at CTIRis that when I meet them in
person, it doesn't matter whatbackground they came from, they
think, like me I'm alwaysshocked and blown away that they
(24:53):
have shared interests becausewe didn't have this club.
That kind of all got togetherand predetermined what cyber
threat intelligence was, theperson that kind of works in
cyber threat intelligence wasgoing to be like, and I'm not
sure if you noticed as a, as apodcast host, but we share
(25:13):
similar traits and that alwayslike surprises me, the people
that work in it, because wedon't interact with each other a
whole lot that's right, youknow, funny.
Pedro Kertzman (25:24):
You mentioned that and probably because we are
already entirely on the CTIindustry or surrounded by it or
part of it, the curiosity thatyou mentioned.
It's really common.
Cherie Burgett (25:43):
Yeah, I think we are the people that get excited
when we see a torch network.
We are the people that getexcited when we see a torch
network, like I don't know.
It's sort of like a I'm notsure the right word for that but
there's definitely a traitwhere we see some, we don't mind
seeing a little bit ofdestruction.
We kind of like, ooh, what'sthat?
(26:06):
It's like driving by a fire.
We're the one who wants to seehow, we want to know how it
started.
Pedro Kertzman (26:12):
Yeah or the pattern.
Cherie Burgett (26:15):
Yeah, we're curious about the destruction
that just happened.
Pedro Kertzman (26:19):
Yeah, well, we can take some teachings out of
any single episode, good or badout there.
If it's bad, maybe thelearnings you can get.
It's's avoiding the next one,and probably that's the most
important thing.
Cherie Burgett (26:36):
Uh, well, you're exactly right.
I I really think it's aboutpreventing the next one from
happening and learning uh,learning from our mistakes, or
learning why it was.
You know why it happened.
Maybe.
Maybe we can course correct orput you know, put a little bit
of mitigation into it or write anew playbook that is specific
(27:00):
to this thing, so that if ithappens again to another company
, then they already have theplaybook written for them, they
know how to respond to it yeah,yeah, uh.
Pedro Kertzman (27:11):
Well, I think at this point, if uh people had
the opportunity to listen allthe past episodes, they will see
that so many differentbackgrounds and everybody is
doing, I would say, really wellwithin the, the cti industry and
, most importantly to me, isadding a lot of value to their
(27:33):
teams and their you name andmembers, customers, partners and
that and that's I think it's soimportant, especially life
skills in general writing, likeone very specific part of the
cti role or teams will always bewriting reports.
(27:58):
If you don't have, if you onlyhave across your team the best
mauer researchers, reverseengineers and one of people only
focused on numbers, who isgonna write that report?
Cherie Burgett (28:16):
so you have, as a, as a cti leader I think you
should pay attention to thismultiple skill sets that you're
gonna need to have a winning,winning team yeah, um, yeah,
definitely, the verbal andwritten communication are key,
um, because it's it being ableto uh put your you know, um
(28:42):
analysis into words and explainto people why they need to do
something.
Um is is the whole, uh, uh, isthe whole reason for CTI in the
first place is so that they canmake decisions, so that they can
know what might be coming.
So that they can.
(29:02):
If your information that you'resharing with them is not having
any kind of impact on the, therole or or their decisions that
are being made um, then you'redoing it wrong.
Pedro Kertzman (29:14):
You're not sharing the right information,
or you're sharing it, um in away that's not consumable for
them, so you have to change thatyeah, I think you mentioned
right the reasoning why you'resharing that it's so, having
that in mind, uh, all the timeis super important to decide
what to share, how to.
Cherie Burgett (29:35):
Yeah, one of the things that kind of in my
background.
So, from before all of this, ina past life I actually went to
Bible college, and so one of thethings that you learn in Bible
college is hermeneutics, whichis the art of interpretation,
(29:55):
which is something that Irecently connected to.
How I actually analyze writtentext is by using these
interpretation techniques, andso that's one of the things that
I'm actually working on writingmore about, so that more people
can you know.
Oh, maybe someone who in a pastlife did you know study
(30:20):
theology?
Maybe there is a path for themto work in cybersecurity
security um, maybe someone who,uh, is into philosophy or
psychology or, um, even the arts, I think are are all things
that can be used.
Uh, threat intelligence to meis the most human of cyber, of
(30:42):
the cyber disciplines, and so, Ithink, bringing a lot of
humanities into it, becausewe're dealing with people, we're
communicating with people,we're working with people.
We're not protecting systems,we're protecting people, and so
they have safe operations.
So so that's what?
And we're protecting themagainst people.
And I know, even with AI, it'sstill.
(31:04):
It's still person versus person.
Just because you have softwarein the middle doesn't make it
any less yeah, I, I like the um,we're protecting people instead
of uh systems.
Pedro Kertzman (31:15):
That's.
That's really nice because, uh,it makes a lot of sense.
It makes it.
It's a very good way to to putit.
And what about your knowledgeabout uh, cti?
I'm not, you know, data feedsand things like that, but how
you update your knowledge acrossthings happening across the CTI
industry, any specific blog,book, podcast you like to use to
(31:39):
sharpen your knowledge?
Cherie Burgett (31:43):
So I'm constantly in the CTI or
intelligence feeds and readingarticles.
I subscribe to a few that Iconstantly read, you know the
general ones, like bleepingcomputer and the hacker news.
They're usually fairly current.
(32:04):
They don't have a whole lot ofcontent that is specifically
mining focused.
So a lot of the intelligencethat I get is through our
members.
But I would recommend to someonewho is new to CTI is to start
following some of the cybersecurity blogs, and there's an
(32:26):
interesting one that's actuallya Russian site that I like to go
to that has, uh, ransom,ransomware notes and samples of
those, because I like to see howthe notes are being crafted and
I I read ransom notes for fun,so some other people might
actually do that too.
But, um, I like to see how theyare threatening, what kind of
(32:48):
psychological tactics thatthey're using.
But I would just recommendgoing, having a list, you know,
bookmarking them and maybecoming up with like a sample
question for like a samplebusiness like and just sort of
practice answering thosequestions like and you can
(33:10):
actually have AI come up withsome of those questions.
A lot of people in CTI actuallyuse AI.
Now to what's a good questionto come up with for this
specific instance, and they'llcome up with some questions and
then you can practice answeringthose questions and if you find
anything cool or interesting,what you can also do is share it
(33:34):
.
And you can do all of thiswithout having any CTI
background whatsoever, withoutneeding to get the job first,
and you can actually just shareyour passion for cybersecurity
and cyber threat intelligencewith the world on LinkedIn and
that may get you noticed.
As you know someone who'spassionate about cybersecurity
at CTI and I don't know a CISOin the world that would pass up
(33:57):
the opportunity to have somebodywork for their team that would
actually do it for free onLinkedIn.
So there's your path to gettingyou know.
Noticed is is to you.
You know, come up with somesample questions and answer them
and share them on linkedin no,that's a great, great advice.
Pedro Kertzman (34:16):
Yeah, nice and um, still about like sharing
your or collaboration.
If anybody happens to belistening to podcasts and
happens to to work on the miningindustry, that is not 100 sure
how they should first, uh, getin touch with isaac.
(34:37):
What's the best way?
Cherie Burgett (34:39):
so, uh, so you can look up all the isaacs.
You know, um, whether it's uhwater or uh health or mining um,
you can just Google it.
But our website is mmisacorgand most ISACs will have a
(34:59):
similar naming convention.
They'll usually be either a orgor a com.
Just look up your, look up yourindustry's ISAC and you know
they should have a contact pageand contact us.
But definitely reach out toyour ISAC.
They are your best resource forpeople who are in that sector
(35:26):
that have probably alreadysolved the problems that you're
trying to solve.
Pedro Kertzman (35:31):
Yeah, awesome, don't try to reinvent the wheel,
kind of thing.
Cherie Burgett (35:35):
Well, we don't need to put ourselves at any
more disadvantages than we'realready at.
We're already on the short endof the stick being defenders.
We don't need to create morewalls and create more silos and
create another paywall forintelligence.
That should be free and that's.
That's a bit of a rant, but theand and there are security
(35:59):
there.
There are companies that aremonetizing cyber threat
intelligence for open sourcestuff that I think should just
be free, which is which is to,is crazy.
If it starts out with a trafficlight protocol clear, it should
stay clear, like there's noreason to pay for all that.
Pedro Kertzman (36:18):
Awesome.
And what if people wants tolearn more from you?
Follow you articles, blog posts, linkedin, you name it how they
do that.
Cherie Burgett (36:27):
So some of my articles are actually published
on the MMIS sec web page, um,and you can go to mmi secorg and
read them there.
Um, we also have a monthlynewsletter that is available for
everyone.
Whether you are part of themining sector or not, you can
sign up, and you can sign upthrough that page.
Um, and we also have, or I alsoshare regularly on LinkedIn,
(36:54):
posts and articles that Ipublish and those are all
available.
So definitely connect with meon LinkedIn.
I'm usually not superparticular about who connects to
me.
If I see that you are actuallya human being that works in
cybersecurity, odds are I willaccept your request.
Pedro Kertzman (37:12):
Awesome, Cherie.
Thank you so very much.
It was great having you hereSuper insightful conversation,
and I hope I'll see you around.
Cherie Burgett (37:21):
I definitely hope to see you around.
Thank you for having me, it'sbeen a pleasure.
Pedro Kertzman (37:25):
Awesome, thank you.
Rachael Tyrell (37:29):
And that's a wrap.
Thanks for tuning in.
If you found this episodevaluable, don't forget to
subscribe, share and leave areview.
Got thoughts or questions?
Connect with us on our LinkedIngroup Cyber Threat Intelligence
Podcast.
We'd love to hear from you Ifyou know anyone with CTI
expertise that would like to beinterviewed in the show.
Just let us know.
Until next time, stay sharp andstay secure.
(37:50):
You.
Popular Podcasts
NFL Daily with Gregg Rosenthal
Gregg Rosenthal and a rotating crew of elite NFL Media co-hosts, including Patrick Claybon, Colleen Wolfe, Steve Wyche, Nick Shook and Jourdan Rodrigue of The Athletic get you caught up daily on all the NFL news and analysis you need to be smarter and funnier than your friends.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com