This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

This is an automatically generated narration of a KELA blog. To read the full blog go to www.kelacyber.com/blog

In this episode of the Future of Cybercrime podcast, Zaira speaks with Irina Nesterovsky, Chief Research Officer of KELA. They explore the world of cyberthreats and the method to the madness that is cyber threat research and investigation.    Topics discussed include: 

• The “How” Behind the power of KELA's cyber threat intelligence
• The traits that make for a great intelligence analyst 
• A look into a prominent cyberattack and surfacing attribution
• Recommendations on how to leverage threat intelligence to improve your Security function

  Resources: 

• Irina on LinkedIn: https://www.linkedin.com/in/irina-nesterovsky-95017442?originalSubdomain=il
• KELA Cyber Intelligence Center: https://www.kelacyber.com/resources/research/ 
• KELA Cyber: https://www.kelacyber.com/ 

In this episode of the Future of Cybercrime podcast, Zaira speaks with Nirali Bhatia, Cyber Psychologist and CEO of Cyber BAAP. They explore the world of cyber psychology and how useful it is during threat investigations and ransomware negotiations.    Topics discussed include: 

• Nirali’s understanding of threat actor psychology
• How cyber psychology is applicable to ransomware negotiations 
• The effects of cybercrime on the general public 
• Recommendations on how to build cyber psychology education into enterprises and how to teach every day people

  Resources: 

• Nirali on LinkedIn: https://in.linkedin.com/in/nirali-bhatia
• Nirali’s Twitter: https://twitter.com/bhatianirali?lang=en
• Nirali’s Website: https://niralibhatia.com/
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Chris Kirsch, CEO of runZero and seasoned social engineering practitioner. They explore the world of “hacking humans” from building target profiles to everyday hacks and exploiting trust.    Topics discussed include: 

• Chris’ perspective on what makes for a good social engineering exercise 
• A walk-thru of competition hacks and client exercises
• Key advice for all listeners on how to identify social engineering 
• Recommendations on how to build a social-engineering proof organization 

Resources: 

• Chris on LinkedIn: https://www.linkedin.com/in/ckirsch/
• Chris’s Twitter: https://twitter.com/chris_kirsch
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Raveed Laeb, VP of Product with KELA and seasoned Intelligence practitioner. They build a semantics framework around the cybercrime underground, then dig into its workings to surface the view from everyday KELA intelligence hunters.   Topics discussed include: 

• Raveed’s perspective on what defines the cybercrime underground and the activities that take place therein 
• How transfer learning from any intelligence discipline to cybersecurity is possible 
• How malicious actors act and conduct commerce in the cybercrime underground
• The “how” behind KELA’s “home-brewed” threat intelligence collection, curation, and refinement
• Top 3 “must haves” to build a successful “CTI” or continuous threat intelligence practice 

Resources: 

• Raveed’s on LinkedIn: https://il.linkedin.com/in/raveed-laeb-2a2984ba
• Raveed’s Twitter: https://twitter.com/raveedl?lang=en
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Tyler Wrightson, CEO of Leet Cyber Security, Ethical Hacker, and author of “Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization”. They discuss Tyler’s perspective on the hacker mindset, the state of security in most businesses today, and his perspective on how to improve the cybersecurity practice moving forward. Topics discussed include: 

• Tyler’s background in offensive security and how he plans penetration tests using the adversary's perspective  
• The process of bringing business context into adversarial modes of attack
• The difficulties modern security practitioners face in deterring cyber threats
• Where the modern security defender is missing the mark 
• The “risk perspective” from a hacker’s perspective vs. a security practitioner’s perspective
• Actionable advice for security practitioners, including the importance of understanding the adversary's mindset

Resources: 

• Tyler on LinkedIn: https://www.linkedin.com/in/tyler-wrightson-87aaa15
• Tyler on Twitter: https://twitter.com/tbwrightson?lang=en
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/
•  

In this episode of the Future of Cybercrime podcast, Zaira speaks with Brian Stack, Vice President of Engineering and Dark Web Intelligence at Experian Consumer Services. They discuss Brian’s experiences in the cybersecurity industry, protecting consumers, and the changing landscape of cybercrime. Topics discussed include: 

• Brian's background in computer engineering and experience as a white hat hacker
• Protecting consumers and educating them about cyberattacks, identity theft, and digital security
• The difficulty of navigating the digital world and staying safe, while leveraging the convenience provided by digital technology
• Experian's efforts to provide free content, simple navigation, and focus on prevention, prediction, and analytics
• The use of interviews with customers to gain insight into their needs and desires, and the importance of providing tools, services, and scores to give customers more control and power
• The evolution of the cybercrime underground and threat intelligence over time, including the growth of ransomware
• Biggest misconceptions Brian runs across as it pertains to the cybercrime underground
• Actionable advice for security practitioners, including the importance of understanding human psychology and the manipulation of human behavior in cyberattacks

Resources: 

• Brian on LinkedIn: https://www.linkedin.com/in/brian-stack-777a39/
• Brian on Twitter: https://twitter.com/brianmstack
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/
•  

In this episode of the Future of Cybercrime podcast, Zaira speaks with Eduard Kovacs, a contributing editor to SecurityWeek. They discuss Eduard’s decade-long background as a cybersecurity journalist, the evolving trends in cybercrime over the past decade, the collaborative relationship between journalists and cybersecurity researchers, and how information is obtained from underground forums.  Topics discussed: 

• Eduard’s approach to write with individual readers in mind, even if he is covering a technical topic
• Cyber threat actors are seen as humans, just like journalists and researchers.
• Why collaboration between journalists and cybersecurity researchers is critical.
• The role journalists play in bringing attention to critical vulnerabilities or breaches that companies may ignore.
• The importance of empathy when covering cyber threat actors and why simplicity is key in understanding their behavior.
• What Eduard is seeing in the space as cybersecurity researchers work more and more collaboratively to advance the industry.
• Exploring the accessibility of cybercrime forums for journalists and researchers
• How the threat hunting ecosystem has evolved to evade law enforcement. 

Resources: 

• Eduard on SecurityWeek: https://www.securityweek.com/contributors/eduard-kovacs/
• Eduard on Twitter: https://twitter.com/EduardKovacs
• Eduard on LinkedIn: https://www.linkedin.com/in/eduard-kovacs-7b796134/

In this episode, Zaira speaks to Mathew J. Schwartz, Executive Editor at Data Breach Today and an award-winning journalist. They discuss how Mathew was drawn to writing about cybersecurity for a career, how journalists can better seek out the truth to cyber crime situations and not let criminals control the narrative, and the evolution of business resiliency to breaches and attacks. Topics discussed:

• How Mathew combined his longtime fascination with hacking and computer crime with his love of writing into a career that tells the stories — and the truth — of the cybercrime world.
• The search for truth in cyber crime, why it’s necessary to look at multiple sources to confirm that truth, and why you should question what the crooks say about themselves because their "truth" is likely a self-promotional lie.
• How a journalist digs into cyber crime events by asking blue-sky questions to find out why certain targets are hit, and whether certain sectors are more vulnerable or whether attackers are simply being opportunistic.
• Why ransomware is an exciting and fascinating topic to cover, especially since both threats and business security are constantly evolving.
• How business resiliency to ransomware attacks has changed, and how more companies are putting security measures in place so as not to need to pay ransom.
• How cybercrime journalism will evolve in the coming years, and why it's necessary to use the correct language and terminologies to make cybercrime reporting more objective.
• Pieces of advice for future journalists, and why a journalist's job is to demystify the cybersecurity world.

Resources Mention: 

• DataBreachToday.com
• @EuroInfoSec on Twitter and Mastodon

In this episode, Zaira speaks to Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea. With nearly thirty years in the industry, Carson discusses how he's seen cybersecurity evolve, how ethical hacking is a skill and a mindset rather than a crime, and why security should focus not on protecting computers but protecting people and society.  Topics discussed:

• Joseph's nearly thirty-year background in security, from managing mainframes, learning COBOL, and programming with hole punches, to his security work today that has included architectural designs, cybersecurity awareness training, and ethical hacking.
• How creating better security starts by understanding the humans behind the machines, and how security isn't about protecting computers but about protecting society.
• How Joseph got started with hacking, and why hacking is a skill and a mindset that helps make people safe.
• How the cybersecurity industry can help its image by talking less about how scary the work can be and instead show how fun it can be.
• The value of learning from failures while ethically hacking, understanding that you may not find the answer the first time, and learning the fundamentals to help you understand how to pivot.
• The evolution of the state of cybercrime, from hacktivists curious about what they could do, to today's business of organized cybercrime — and why ransomware is the "perfect weapon" for immediate impact.
• The importance of closing skills gaps and hiring from diverse backgrounds to strengthen security teams, as well as the importance of providing psychological support to teams managing high-stress environments during and after attacks.

Resources Mention: 

• LinkedIn: https://www.linkedin.com/in/josephcarson/
• Twitter: @joe_carson
• KELA (Cybercrime Threat Intelligence): https://www.kelacyber.com/
•  

In this episode, Zaira Pirzada speaks to Alex Tilley, APAC Intelligence and Research head at Dell SecureWorks. A highly awarded cybercrime researcher, Tilley was at the forefront of research and countermeasures when phishing and malware first began to attack banking platforms and their customers. He moved on to become a senior cybercrime technical analyst with the Australian Federal Police, where he focused his analytical approach on the "who" and "why" of cybercrime fighting. Tilley became a recognized technical expert at the Supreme Court level in the prosecution of cybercrime and child-protection related offenses before moving back to the private sector, where he now serves in his current role. In this episode, Zaira and Alex discuss what security teams do right, where they can improve in their never-ending battle against threat actors, and his actionable tips for defenders.  Topics discussed:

• Alex summarizes his view about the current state of cybercrime today.
• He shares his thoughts on the evolution of cybercrime threat intelligence.
• Zaira and Alex explore things security teams can do to improve.
• They discuss some of the benefits of employee retention within the security team.
• The balance between former government intel specialists and private intelligence training opportunities. 
• Alex gives valuable suggestions for ways business leaders can incentivize security teams to be more effective.

Resources Mention: 

• Secureworks.com
• Alex Tilley on LinkedIn

In this episode, Zaira Pirzada speaks to Harlan Carvey, Senior Incident Responder, R&D at Huntress. During the episode, they talk about how today's current incident response business model can be improved to promote better threat intelligence gathering and collaboration.  Topics discussed:

• Harlan explains that in twenty years of incident response work, every job has been unique.
• He shines light on the state of cybercrime from the responder and attacker perspectives.
• The importance of collaboration between incident responders and threat intelligence professionals. 
• How teams can improve their effectiveness by sharing intelligence gathered during incident response. 
• Why it's important for incident responders to recognize that even if the hardware and software are the same as a previous job, many other factors make each job unique.
• How he has seen defensive techniques and practices from years ago find application in modern incident response. 
• Harlan’s predictions on the future of the cybercrime underground, including how shortcomings we see in cybersecurity today are likely to continue until there is a financial incentive for end users to demand better.

Resources Mention: 

• WindowsIR Kindle Edition
• Harlan Carvey on Twitter
• Harlan Carvey on LinkedIn