Scott Scher, Associate Director - Cyber Threat Intelligence, DTCC has built his career on a counterintuitive premise: effective intelligence teams provide justification for security decisions rather than predictions about future threats. This reframing shifts CTI from being blamed for "unforeseen events” towards being recognized as a core  function that builds defensible risk management frameworks across entire security organizations.  Scott discusses managing upward to leadership that lacks CTI expertise while maintaining technical rigor, the transition from tactical analyst to strategic leader, and why intelligence teams must proactively define AI integration rather than having it imposed by vendors promising to automate analysis workflows. His perspective on team culture emphasizes empowerment through transparency, creating psychological safety where challenging leadership demonstrates engagement rather than insubordination, and hiring for thinking process rather than technical credentials.  Stories We’re Telling Today:  Intelligence as organizational justification creating defensible risk decisions rather than attempting to predict future threat actor behavior Structured analytic techniques and admiralty coding turning subjective assessments into methodology-backed frameworks Using structured disagreement where leaders deliberately argue opposing positions to stress-test analysis and eliminate groupthink Managing upward to senior leadership lacking CTI expertise who make decisions based on informal channels rather than formal intelligence assessments AI's capability to replicate core intelligence functions and why teams must proactively define integration approaches Hiring for thinking process and intellectual curiosity rather than technical credentials alone Creating psychological safety where team members can challenge leadership decisions, demonstrating engagement, not insubordination Process documentation and structured methodologies serving as essential scaffolding that enables consistency, training, and institutional knowledge retention Too busy; didn’t listen:  Scott Scher positions CTI as organizational justification for security decisions rather than prediction, creating defensible frameworks. Structured analytic techniques, source reliability coding, and documented methodologies elevate subjective analysis into quantifiable risk management that withstands executive scrutiny. Effective intelligence leadership requires building team cultures where challenging leadership demonstrates intellectual engagement. AI can already replicate core intelligence functions, making it imperative that CTI teams define integration approaches before vendors impose automation from above. The transition to senior leadership involves managing upward to executives who lack CTI expertise, balancing technical skill maintenance with strategic stakeholder relationship building. Skip to the Highlight of the episode:  [14:51 - 15:11] Diversity of thought is probably the most important thing you can have. Diversity in other areas as well is equally as important. And that brings different perspectives. Diversity of life experiences. Diversity of socioeconomic experience, things like that. Difference in education, all of that. I think that's all super important because it brings all those perspectives, because that's what you need.  Listen to more episodes:  Apple  Spotify  YouTube Website

Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, built his security career on self-taught technical skills while competitors relied on computer science degrees, proving that intelligence analysis fundamentals combined with relentless curiosity often produce superior threat researchers. Scott shares how his background in critical thinking and intelligence studies created stronger foundations than formal technical training and how diverse career backgrounds generate the different perspectives needed to stay ahead of evolving attackers. Scott also tells Ben why maintaining varied information feeds without getting distracted requires deliberate discipline, how he uses AI daily to process unstructured public threat reports while checking for hallucinations through prompt refinement, and why building trust in remote security teams demands reliability during late-night incidents more than technical brilliance. He reveals his approach to staying current when attackers evolve tactics weekly, the specific frameworks he learned from extracurricular intelligence work that shaped his career more than classroom education, and why documenting your analytical process publicly benefits the community even when the topic has been extensively covered. Stories We’re Telling Today:  How intelligence fundamentals and curiosity create more adaptable analysts than pure technical training Why diverse backgrounds and perspectives generates superior analytical products, allowing security problems to be approached from unexpected angles that purely technical analysts miss Building operational trust in distributed security teams through consistent reliability, empathy for colleagues' challenges, and proactive gap-filling based on understanding teammates' strengths Balancing emerging trend awareness with daily responsibilities by maintaining primary research sources alongside peripheral feeds Leveraging AI for processing unstructured public threat reporting while maintaining accuracy through output verification and prompt refinement when hallucinations occur How early career mistakes with data interpretation, particularly reading too much into face-value metrics without considering underlying variables, build essential analytical skepticism Creating effective remote work patterns by maintaining consistent schedules, incorporating physical activity, and recreating beneficial office environment routines  Network building strategies that emphasize maintaining connections before needing help and leveraging conferences Information sharing through informal channels including trust-based Slack groups, security-focused newsletters, and social media tracking AI's dual impact as attackers leverage it to lower barriers to entry while defenders use it to process larger data volumes How increased law enforcement success against ransomware groups may push criminals deeper underground Too busy; didn’t listen:  Curiosity and willingness to continuously learn outweigh formal technical credentials in security analysis. Building trust in distributed security teams requires consistent reliability during high-pressure incidents, empathy for teammates' technical gaps, and proactive communication. AI effectively processes unstructured public threat reports when outputs are verified and prompts are refined to prevent hallucinations. Diverse career backgrounds create superior analytical products because varied perspectives allow approaching security problems from angles purely technical analysts miss. Maintaining professional networks before needing help, documenting analytical processes publicly despite existing coverage, and staying active in informal sharing communities builds the resilience security professionals need for long-term success. Skip to the Highlight of the episode:  [11:45-12:11] “You need to be able to trust and rely on the support of your colleagues to get through those moments. So understanding where folks are coming from, what

Most leaders avoid failure, but Jeremy Turner, VP of Threat Intelligence & Research at SecurityScorecard, has built his leadership philosophy around deliberately seeking challenges where failure is probable. His counterintuitive approach stems from a simple insight: advanced persistent threats succeed through persistence, not technical sophistication, so security teams must embody the same mindset to stay ahead.  Jeremy shares how his failure-driven approach transforms team performance, from screening for initiative and persistence over technical credentials to creating remote work environments that mirror the knowledge transfer of on-site security operations centers.. His decision-making framework favors seeking independent input first, welcoming contributions from junior and non-expert analysts before the group discussions.  Stories We’re Telling Today:  How early career failures led to a framework for understanding organizational culture and objectives before making technical recommendations The transition from technical contributor to management role and letting go of hands-on research while maintaining technical credibility  Why storytelling separates effective threat intel leaders from analysts who are technically competent but can't influence executive decision-making Remote team management strategies that create immersive knowledge transfer environments without physical NOC proximity Screening methodologies that prioritize initiative and persistence when building high-performance threat intelligence teams Historical pattern analysis for threat prediction using adversary reward models and technology complexity assessments Socratic mentoring approaches that identify which team members deserve leadership investment through challenge-based evaluation Decision-making frameworks that prevent groupthink by gathering independent perspectives before collaborative discussions How accepting operational chaos without rigid structure enables adaptive leadership in rapidly changing threat landscapes Applying hacker mentality principles to leadership development and creative problem-solving in security operations Too busy; didn’t listen:  Persistence and initiative matter more than technical credentials when building elite threat intelligence teams, as advanced persistent threats succeed through monitoring infrastructure. Security leadership requires balancing technical expertise with cultural sensitivity and storytelling ability, as technical accuracy becomes worthless without proper communication. Remote threat intelligence team management demands specific strategies to replicate immersive knowledge transfer environments. Conduct independent conversations before group meetings to prevent groupthink, and deliberately include perspectives from junior analysts without domain expertise. Failure-driven leadership deliberately seeks challenges where setbacks are likely, understanding that controlled chaos and adaptive thinking drive breakthrough operations more than rigid planning Skip to the Highlight of the episode:  [10:09-10:30] The combination of persistence and initiative is really the greatest criteria for success. And one, when I'm looking at new team members, those are the two qualities that I'm really most interested in because anybody with those qualities can be successful in this field, especially with good advice, mentoring, and also the trust and faith to give them the challenges that will help them get there and the confidence to deal with failure.    Speaker Jeremy Turner, VP of Threat Intelligence & Research, SecurityScorecard Jeremy brings over two decades of experience in threat intelligence, including roles at the Pentagon doing computer network defense and at Crumpton Group working with former CIA executives. His background spans reverse engineering, network exploration, and building threat intelligence capabilities for advanced security operations. Listen to more episodes:  Apple  Spotify  Yo

In the transition from Assistant Chief to Chief, Ely Reyes learned that while you do gain authority, you also lose the safety net of upward accountability. As Director of Public Safety & Chief of Police at Cedar Hill, Ely has also learned to center on treating small problems with the same attention as major crises, recognizing that what matters in the daily work of frontline officers must also matter to their leaders. This approach builds a culture where no task is too small,finger-pointing disappears, and the team’s standard —The Cedar Hill Way— is upheld.   He tells Ben his systematic succession planning involves sending leadership teams to three-week executive programs in Boston, ensuring every level understands both operational and administrative complexities before promotion. He also reveals his counterintuitive financial counseling approach with new officers, discussing 401k planning and deferred compensation before their first paycheck to prevent the career burnout that happens when officers are mentally ready to retire but are financially unprepared. Stories We’re Telling Today:  The psychological transition from Assistant Chief to Chief and learning to own every decision without blame deflection Building organizational trust through consistent attention to small problems that matter to individual team members Creating "The Cedar Hill Way" culture that eliminates the "not my job" mentality through leadership modeling and clear expectations Systematic succession planning methodology using 3-week executive leadership programs to prepare lieutenants and assistant chiefs for administrative complexities Financial counseling strategies for new officers that address 401k planning and deferred compensation to prevent career burnout Maintaining operational credibility as an executive by working patrol shifts, covering holidays, and demonstrating frontline competency AI integration approaches in security operations that focus on legal boundaries and community trust rather than technological resistance Hiring and screening methodologies using psychological testing, polygraph examinations, and core values assessment to maintain low vacancy rates How crisis psychology from military intelligence background helps separate facts from assumptions during high-pressure decision making Community engagement strategies that create positive interactions before emergency responses to build trust and cooperation Too busy; didn’t listen:  Ely Reyes built organizational trust in Cedar Hill by treating small problems with the same attention as major crises, creating a "Cedar Hill Way" culture. His succession planning involves sending all leadership team members to executive programs in Boston, ensuring preparation for both operational and administrative responsibilities before promotion. He provides financial advice to every new officer about 401k planning and deferred compensation, recognizing that officers become mentally ready to retire but are rarely financially prepared. The hardest leadership transition is from Assistant Chief to Chief because you lose the safety net of upward accountability and must own every decision without someone above you to blame. AI integration in security requires focusing on legal boundaries and community trust rather than resisting technological change. Skip to the Highlight of the episode:  [18:11-18:19] “And so I think success for the team is that they have the confidence to do their jobs, but they know that if they need something, that we're here for them.”    SpeakerEly ReyesDirector of Public Safety & Chief of PoliceCedar Hill Listen to more episodes:  Apple  Spotify  YouTube Website

Kyle Wilhoit, Technical Director of Threat Research at Unit 42 Palo Alto Networks, has an approach to leading threat intelligence teams that centers on two core practices that maintain both technical excellence and organizational trust. His "scheduling curiosity" framework dedicates one hour daily to pure research exploration, allowing him to ask "what if" questions that drive breakthrough thinking while staying grounded in hands-on technical work. Then, Kyle builds trust that operates up and out to other organizational teams through cross-collaboration, and down into his own team structure while he handles strategic business context.   Kyle also tells Ben why decision debt — the baggage from previous organizational choices — represents the biggest challenge for new security leaders. His hiring philosophy centers on identifying candidates with 60% of required technical skills plus the right mindset, using experiential questioning to screen for curiosity rather than relying on technical trivia. Kyle shares his structured mentoring approach that pairs early-career researchers with principal-level technical guides while he handles strategic business context, creating a systematic pathway for talent development and retention. Stories We’re Telling Today:  The "scheduling curiosity" approach to maintaining technical edge as a leader through daily research time separate from managing The strategic challenge of decision debt and how previous organizational choices create baggage that new leaders must navigate Systematic mentoring framework that pairs junior researchers with principal-level technical mentors while leaders handle business context Why hiring for 60% technical skills plus right mindset outperforms traditional approaches that prioritize complete technical qualifications The balance between strategic threat landscape communication for executives and hands-on technical artifact analysis in senior intelligence roles Cross-team collaboration strategies that break down natural intelligence silos through technical contribution and bridge-building The threat that generative AI poses to foundational skill development and why junior professionals risk losing critical capabilities The importance of consistent one-on-one schedules that eliminate employee anxiety about access to leadership Too busy; didn’t listen:  “Scheduling curiosity" for pure research exploration, maintaining technical edge while managing people Hiring focused on candidates with 60% of technical requirements plus the right learning mindset Decision debt from previous organizational choices represents the biggest challenge for new security leaders Structured mentoring that pairs junior researchers with principal-level technical guides while leaders handle strategic business context Skip to the Highlight of the episode:  [45:11-45:27] Use it to do the functions that you already know how to do. As an example, if you already know how to pull strings and look for any unique strings in a binary, have an LLM do that for you automatically. You already know how to do it. It's nothing that's complex.   Listen to more episodes:  Apple  Spotify  YouTube

The most damaging security breaches often happen not because of weak technology, but because overwhelmed human operators start cutting corners under pressure. Aamir Lakhani, Global Director of Threat Intelligence & AI at Fortinet, witnessed this firsthand when investigating a recent breach at a mature global organization that spent heavily on security but still fell victim when their SOC team began muting alerts instead of investigating them. His approach to building resilient security teams focuses on screening for emotional intelligence and persistence rather than pure technical ability, administering CTF challenges where he hires based on how candidates handle frustration and collaborate under pressure. Aamir's leadership evolution from individual contributor to team builder required learning what he calls "staying at the bottom of the ladder," he tells Ben, acting as a cheerleader for his team rather than climbing over them. This philosophy emerged from fighting his promotion to management because he was focused on personal achievement rather than team development, until a mentor taught him that empowering others actually freed him to work on more complex technical challenges.  Stories We’re Telling Today:  The challenge of maintaining human judgment in security operations when overwhelmed teams resort to muting alerts Hiring methodology that prioritizes emotional resilience and collaborative ability over pure technical assessment scores Evolution from individual contributor to team leader, acting as team cheerleader rather than climbing over direct reports Balancing technical execution with leadership responsibilities through structured time allocation and deliberate practice in both domains  Building professional communities in security by overcoming introversion and social barriers through conference networking and cross-industry collaboration Customer relationship management during high-stakes security incidents, focusing on collaborative improvement rather than blame Mentoring framework for next-generation security professionals that considers long-term career sustainability and life goals Industry collaboration practices including competitor intelligence sharing and joint threat response coordination that transcends business competition Decision-making frameworks for complex security challenges that break overwhelming problems into manageable sequential steps while leveraging both AI tools and human judgment Educational approach for security newcomers that emphasizes foundational learning, frustration tolerance, and realistic career trajectory planning in an evolving threat landscape Too busy; didn’t listen:  Hire security team members who demonstrate persistence, curiosity, and collaborative ability under pressure, prioritizing emotional intelligence over pure technical skill. A recent breach at a mature global organization occurred not from weak technology but because overwhelmed SOC analysts began muting alerts instead of investigating them. A leadership philosophy involving "staying at the bottom of the ladder" as a team cheerleader rather than climbing over direct reports, balancing 65% technical work with 35% leadership responsibilities. Industry collaboration across competing vendors proves essential for effective threat response, as demonstrated by the successful coordination that neutralized the VPN Filter attack through shared intelligence. Consider not just technical goals but what kind of life your career will enable, with honest discussions about AI's impact on various security specializations. Skip to the Highlight of the episode:  [14:57-15:16] "When I first started off, I was an individual contributor and I really enjoyed that and just kind of by force, kind of by accident, I became a team lead, a manager, and I fought it every step of the way, and I really felt like I wasn't a good manager at first because it was still more about me as an individual figuring out like, hey, what do

Most security organizations promote their best technical performers into leadership roles without any formal training, creating a pipeline of struggling managers who burn out trying to stay hands-on while scaling teams. Daniel Schwalbe, CISO & Head of Investigations, DomainTools, demonstrates why structured leadership development matters more than technical expertise when building security organizations that can handle both complex threats and human dynamics.  Daniel tells Ben why security leadership demands different trust-building approaches, including creating "cone of silence" environments where teams can process high-stress investigations while maintaining strict operational security. He shares practical strategies for identifying natural leaders, implementing formal development programs, and building professional networks that provide career-long value in an industry where knowing the right people can determine success during critical incidents. Stories We’re Telling Today:  The gap between technical expertise and leadership capability in security organizations, and the need forstructured approaches to development rather than hoping contributors figure it out. Trust-building frameworks for security teams who handle sensitive investigations, including "doors closed" policies for processing stress while maintaining discretion. Remote security team management strategies that account for the unique challenges of professionals working from home with access to confidential data and ongoing investigations. Professional networking as a core security competency, with specific approaches to building relationships that provide career-long value and crisis response capabilities. Leadership transition challenges when moving from hands-on technical roles to executive positions, including delegation strategies. Building effective interview processes for remote security positions, including screening for team fit and remote work capability while controlling for sophisticated infiltration attempts. Too busy; didn’t listen:  Security organizations consistently promote technical experts into leadership roles without formal training, creating management problems that could be solved with structured development programs similar to government service models. Building trust in security teams requires different approaches than other departments because team members have access to sensitive data and investigations, demanding "cone of silence" environments for processing stress. Professional networking remains the most undervalued skill in security, with career-long implications for crisis response capabilities and advancement opportunities that many junior professionals miss. Remote security team management presents unique challenges when professionals work from home with access to confidential information, requiring specific cultural adaptations and trust-building frameworks. The transition from hands-on technical work to executive leadership represents the defining challenge for security professionals, requiring identity shifts and delegation skills that most organizations don't teach. Skip to the Highlight of the episode:  [24:18-24:41] “You can't have somebody go on social media and be like, “Oh, the thing that we found today!” So when we were still in person in an office, I instituted a rule: when the doors are closed in the office suite, you can say almost anything you want. And if there is a frustrating entity you're dealing with, fine, vent in this closed space. But nothing leaves that area.  Listen to more episodes:  Apple  Spotify  YouTube Website

When 90% of internet-connected systems worldwide depended on your software and a single vulnerability could crash entire sectors, crisis leadership took on existential importance. Christopher Budd, Founder & Principal at Christopher Budd Communications tells Ben that security success often means choosing between bad and worse outcomes. His experience building global incident response processes showcases why traditional leadership approaches fail during security crises and how to build organizational resilience that doesn't depend on individual heroics. Christopher also discusses his framework for crisis communications where managing panic becomes a core leadership responsibility not found in any job description. His approach to team sustainability includes two business-critical rules: mandatory disconnection during time off to prevent burnout and stress-testing organizational resilience by removing key personnel during exercises. He explores how security leaders must develop tolerance for being misunderstood while their best work preventing disasters goes unrecognized, how diverse perspectives strengthen security thinking, and his mentoring philosophy emphasizes fostering curiosity over technical conformity.  Stories We’re Telling Today:  Crisis leadership frameworks for managing incidents where success means achieving bad outcomes instead of catastrophic ones. Organizational resilience strategies that stress-test systems by removing key personnel during exercises and mandating true disconnection during time off periods. Building sustainable security teams by recognizing and countering the competitive culture that drives talented professionals toward burnout. Trust-building methodologies for security leaders whose best work preventing disasters goes unrecognized while visible failures draw criticism from those being protected. Crisis communication techniques for managing expectations during incidents, including the critical importance of conservative promises and understanding how missed expectations fuel panic. The professionalization of threat actor organizations, including their development of professional services, customer support, and business operations that mirror legitimate enterprises. Mentoring approaches that prioritize curiosity and diverse perspectives over technical conformity, recognizing that security requires people who can see systems differently than their intended use. Burnout recognition and prevention frameworks specifically designed for security professionals, including identification of the "grinding gears" phase where continued effort becomes counterproductive. Leadership transition strategies for security professionals moving from technical execution to team management, emphasizing the importance of knowing when to rely on team expertise rather than individual technical knowledge. Too busy; didn’t listen:  Christopher Budd's 10 years at Microsoft's Security Response Center taught him that security success often means choosing bad outcomes over catastrophic ones, with the challenge that outsiders only see the bad results. His crisis leadership approach centers on becoming a "dispeller of panic" and managing expectations conservatively, as missed promises during incidents amplify crisis impact exponentially. Organizational resilience requires stress-testing through mandatory time off and removing key personnel during exercises to prevent single points of failure and identify system vulnerabilities. Security team sustainability demands actively countering the competitive masochism culture where professionals pride themselves on extreme workload tolerance, leading to burnout among the most dedicated performers. Effective security leadership involves building trust while accepting that your best work preventing disasters will go unrecognized, requiring internal motivation focused on mission rather than external validation. Skip to the Highlight of the episode: [23:27-23:45] "The saying

The most sophisticated security tools fail when leaders don't understand the business context they're supposed to protect. Michael Freeman, Head of Threat Intelligence at Armis, learned this lesson during a major security incident where his team had the intelligence from day one but missed the breach because they didn't understand what was important to the business. The most effective security leaders aren't just technical experts, he tells Ben, they're business translators who understand that at the core of every decision lies human motivation. Michael discusses his evolution from pure technical execution to leadership through strategic energy management rather than time management, scheduling his calendar around the types of thinking required rather than random meeting distribution. He also shares his hiring methodology: he gives candidates real problems, not to test what they know, but to observe how they approach what they don't know, because the questions people ask reveal more about their leadership potential than their technical answers. Stories We’re Telling Today:  How missing a security breach despite having day-one intelligence taught the critical importance of understanding business context. The evolution from hands-on keyboard work to leadership through energy management rather than time management. Building trust and credibility in high-stakes environments by demonstrating curiosity and humility. A hiring methodology that evaluates how candidates think and approach unknown problems rather than testing existing technical knowledge or credentials. Balancing deep technical expertise with leadership responsibilities through a structured 80/20 approach where leaders handle strategy and validation while teams execute core work. Why understanding human motivation and business drivers creates more effective security outcomes than purely technical approaches. The transition from individual contributor to leader requires fundamental shifts in what defines success and personal value creation. Mentoring approaches that build foundational understanding from assembly language up. Too busy; didn’t listen:  Michael's team missed a major breach despite having day-one intelligence because they didn't understand the business context, fundamentally changing his approach to security leadership. Michael's hiring process focuses on how candidates think through unknown problems rather than testing technical knowledge, revealing leadership potential through question patterns. Energy management trumps time management for leaders — Michael clusters similar meeting types together rather than randomly distributing them throughout the week. Building trust in high-stakes environments requires demonstrating curiosity and humility rather than asserting technical superiority. Skip to the Highlight of the episode:  [25:23-25:42] “Another thing I've found to help me manage that is not managing my time, but manage my energy. So in the past, it'd be really hard to contact switch where I'm on one meeting, where I'm doing sales for two to three meetings, then I'm in three deep technical meetings, and the first one or two, I'm like, wait, my mind is not there just yet..”   Listen to more episodes: Apple  Spotify  YouTube Website

The transition from technical security expert to effective people leader is way more challenging than it might sound. Darren LaCasse, Director of Threat Intelligence, Detection, & Response at Elastic, learned this lesson through a management mistake that almost cost him a team member and taught him the fundamental difference between managing work output and leading human beings. His journey from classified government security to distributed enterprise operations offers hard-won insights into building resilient security teams that can sustain month-long incident responses without burning out talented professionals.   Ben sits down with Darren to explore how security leaders can maintain technical credibility while developing the people-first mindset required for modern distributed security operations. Darren shares his framework for global incident response that prioritizes sustainable team performance over heroic individual efforts, plus his approach to building trust across geographically distributed security teams through structured vulnerability and systematic information sharing practices. Stories We’re Telling Today:  The evolution from technical expert to people-first leader, including the critical mindset shift from doing the work to enabling others to excel at the work. Sustainable incident response operations using follow-the-sun models that prevent burnout-induced decision failures during extended security breaches. Building and maintaining trust across distributed security teams through systematic information sharing and structured vulnerability in leadership. Hiring and screening methodologies for identifying trustworthy security professionals who can handle sensitive information appropriately. Balancing technical engagement with strategic leadership responsibilities without becoming a hands-on keyboard bottleneck during incidents. Threat landscape monitoring strategies using social media and industry networks to identify emerging threats before formal intelligence channels. Mental models for security decision-making using frameworks like the Eisenhower Matrix to prioritize high-impact, low-effort security initiatives. Too busy; didn’t listen:  Darren emphasizes that month-long security incidents require sustainable 8-hour workdays with natural handoffs rather than 16-hour shifts that lead to decision failures. His biggest leadership mistake involved nearly putting an employee on a performance improvement plan without understanding their personal challenges, teaching him that technical performance issues often stem from human factors. The "say-to-do ratio" serves as his foundational leadership metric, with personal integrity and reliability building the trust necessary for effective security team operations. Despite formal industry sharing groups like ISACs, threat intelligence collaboration remains limited, with organizations reluctant to share actionable intelligence even in trusted environments. The transition from technical expert to people leader requires actively stepping back from hands-on work while maintaining architectural thinking about systems and strategic technical engagement. Skip to the Highlight of the episode:  [12:33-13:19] A lady by the name Deb Worrall took a chance on me and said, “Come work on our security team. I know you want to do that.” So I moved into the classified security space, and she not only took a chance on me, but gave me permission to change things and said, “Figure out how we can do all of this better. I don't care if you get it wrong, but keep us moving in the direction of better.” So she gave me enough room to run and try things, to learn, to grow and share that feedback. She said, “I want to get here.” She didn't tell me how to get there. She let me figure out that path, and I think that was one of the most impactful things in my career to just see like, “Oh, someone trusts me, someone said, ‘I want to do this, you figure it out, you're the technical per

Duaine Labno, Director of Special Investigations and Threat Intelligence at TIG Risk Services, shares with Ben how his background in law enforcement shaped his leadership and approach to building elite security teams, including the application of hostage negotiation techniques often overlooked in the industry. With 26 years of experience, Duaine shares how crisis psychology sharpens threat assessment, from recognizing psychological triggers to staying composed under pressure and separating facts from assumptions. His ethical decision-making framework and commitment to 260 hours of annual team training create what he calls "control during chaos" — a model where silence signals precision, not uncertainty. Listen now or read along! Stories We’re Telling Today:  How hostage negotiation principles translate directly to threat intelligence work. The systematic approach to building "elite" security teams through 260 hours of mandatory annual training focused on scenario-based exercises with realistic environmental stressors. Rapid operational redesign after an emergency, demonstrating how security teams can implement real-time employee tracking integration. The mental models for critical decision-making under pressure, emphasizing evidence-based analysis over third-hand information. Why "control during chaos" represents peak team performance, with effective communication happening through technology channels. The challenging transition from hands-on investigator to security leader, particularly learning when to step back and trust team training. Advanced screening techniques for identifying tenacity in security personnel, using stress-situation interviews to evaluate both technical competence and human interaction capabilities. Building trust within security teams through the "family philosophy" approach that balances high performance standards with open communication and mutual accountability. The evolution of physical security threats requiring constant intelligence monitoring through multiple news sources and real-time threat feeds. Mentoring approaches for developing the next generation of security leaders, including succession planning and the importance of evolving threat landscapes.   Too busy; didn’t listen:  Duaine Labno's hostage negotiation background directly enhances threat intelligence work through pattern recognition, de-escalation techniques, and comprehensive situational assessment skills. The 2023 Michigan State shooting exposed critical gaps in employee accountability, leading to complete system redesign within 24 hours integrating real-time tracking with risk management software. Elite security teams require 260 hours of annual training focused on "control during chaos" where silence during critical incidents indicates peak performance rather than confusion. The hardest leadership transition involves stepping back from hands-on investigative work and trusting team training, requiring deliberate development of delegation skills over natural problem-solving instincts. Screening for tenacity through stress-situation interviews reveals both technical competence and human interaction capabilities, essential for security professionals who deal with people during traumatic situations. Skip to the Highlight of the Episode [8:10-9:22] And when we do scenario-based training, I'm all about control during the chaos, everyone has to stay calm. So it's great walking into the room when they are working as a team and you have silence, I mean, there's not a lot of talking. They are communicating with each other, they're using technology to communicate with each other, but they've really honed in on that skill set to be able to work under a chaotic situation. So that's one of the things that I try and push towards my people. And as probably you've seen throughout your career, many of these events sometimes can be reported as being more chaotic than they really are. So we have to take control of our own emotions, hav

The most effective security leaders don't abandon their technical foundation when they move into management — they transform it into strategic advantage while treating leadership itself as a discipline worthy of rigorous investigation.  On this episode of Human Element, Robert McArdle, Director FTR & Cybercrime Research at Trend Micro, tells Ben how applying analytical thinking to human psychology and team dynamics creates more impactful security leadership than traditional management approaches. His teams investigate future threats and operational intelligence across distributed locations, requiring leadership methods that build genuine trust and collaboration without traditional hierarchical proximity.  Robert's approach centers on leading people to their success rather than positioning himself as the central authority, extending beyond typical coaching to actively helping team members transition beyond his organization when it serves their career growth. Stories We’re Telling Today:  Treating leadership development as a research discipline enables technical professionals to transition into management roles without sacrificing their analytical strengths. The strategic approach to maintaining technical credibility while scaling impact through delegation, including which technical knowledge to retain versus outsource to team members. Engineering trust and psychological bonds in distributed security teams through designed experiences that create shared positive memories and laughter. Why authentic leadership consistently outperforms attempting to fit predetermined management personas, especially when leading teams of highly skilled technical investigators. The Hedgehog Principle framework for developing security professionals by identifying intersections between passion, capability, and business value. Debunking the "too small to be targeted" myth and why opportunistic attacks make every organization vulnerable regardless of perceived value or size. Building effective team cultures around clear lighthouse vision statements that inspire multi-year commitment while maintaining tactical flexibility. Balancing lifelong learning commitment with leadership responsibilities through dedicated daily learning blocks and strategic knowledge consumption. Remote team meeting methodologies that prioritize problem-solving over status updates, including agenda sharing and systematic participation management.   Too busy; didn’t listen:  Robert McArdle treats leadership development like research — applying the same analytical approach to understanding human psychology and team dynamics that he used in technical security roles. Delegation was Robert’s biggest leadership challenge, requiring active training to stop jumping in and solving every problem personally while maintaining strategic technical knowledge to amplify team capabilities. Building trust in remote security teams requires engineering shared laughter experiences, understanding that positive psychological bonds form through dopamine responses rather than scheduled video calls. The "too small to be targeted" security myth ignores that most attacks are opportunistic rather than targeted, making every internet-connected organization vulnerable regardless of size or perceived value. Effective security leadership means positioning yourself at the back of the room during team recognition moments, leading people to their success rather than taking center stage for achievements. Skip to the Highlight of the episode:  “People who would say, “But our company is too small to be targeted by attacker X, Y, Z,” or “What do we have that's worth stealing from.” If you're thinking that your company is too small and doesn't have any worth stealing, your company shouldn't be in business too much longer. Because you are clearly worthless. So everybody has something of value that needs to be defended. And also, criminals don't really target. In most cases, they're a lot more opportunis

In today's security landscape, decisive leadership often matters more than technical expertise. Caleb Barlow, CEO of Cyberbit, brings a seemingly unconventional but surprisingly common perspective to security incident response, drawing from his background as an EMT and firefighter, where he learned to make consequential decisions with limited data.  His conversation with Ben on this episode of Human Element reveals why the underwhelming decision-making by executive teams during a breach often causes more damage than the threat actor — a stark reality Caleb witnessed firsthand when a CISO asked for PowerPoint slides for next Thursday's meeting during an active breach.  From building commercial cyber ranges that create muscle memory through repetition to explaining why 80-90% of CISOs share backgrounds in military, law enforcement, or emergency response, Barlow illuminates how security professionals must develop crisis decision-making skills through experiential learning rather than relying solely on theoretical knowledge. Stories We’re Telling Today:  How making decisions with limited data, accepting consequences, and being willing to pivot as new information emerges creates more effective security outcomes than traditional corporate decision processes. How pattern recognition and muscle memory developed through repeated security simulations enable leaders to identify attacker behaviors that classroom training cannot teach. Why 90% of breaches result from basic security hygiene failures rather than advanced persistent threats, illustrated by how even training malware gets flagged as APTs by modern EDR solutions. The critical practice of daily standups where 20% of time is deliberately "unproductive" conversation, creating connections that prevent surprise resignations and conflict escalation. How security leaders must ruthlessly filter information sources to combat both the technical barrage and political noise that threatens focus on critical security functions. Applying Colonel John Boyd's air combat decision framework (Observe, Orient, Decide, Act) to cybersecurity, recognizing that non-decisions default control to adversaries. Why filtering candidates based on specific tool experience creates artificial bottlenecks when fundamental skills and mission orientation matter more. Why the hardest career step is becoming a coach rather than the smartest person in the room, requiring communication and leadership skills rarely taught to technical professionals. Too busy; didn’t listen:  Caleb Barlow argues executive indecision during breaches often causes more damage than the attackers themselves, forcing security leaders to make decisions with limited data. His background as an EMT and firefighter shaped his crisis-management approach, where experiential learning through cyber ranges builds the pattern recognition skills that classroom training cannot provide. Daily team scrums with deliberate time for non-work conversation prevent communication gaps and surprise resignations in remote work environments. Most "sophisticated nation-state attacker" claims mask basic security failures — 90% of breaches stem from negligence in implementing fundamental controls. Technical professionals should invest in communication and "soft skills" earlier in their careers, as these become critical for leadership positions and cannot be developed overnight. Skip to the Highlight of the episode: [35:29-35:54] “We've got some tough competition, we've got a great product, but man, there's going to be some tough days. There's going to be some tough quarters. So you better be all in for the mission or there's going to be a Tuesday where you're like, ‘Oh, this is just too hard.’ And if you're not, if you're not really after that success factor, know what it is, and want to work together as a team, then it's not the right place for you.”  Listen to more episodes:  Apple  Spotify  YouTube Website

In this debut conversation on Human Element, Lance James, Chief Innovations Officer & Founder of Unit 221B, joins our host Ben April, CTO of Maltego, to explore the human side of cybersecurity leadership and the transformative experiences that shape effective leaders in the industry. Lance shares his unique pattern recognition abilities that span from technical systems to human behavior, explains his first principles approach to complex security challenges, and details why deliberately slowing down during incident response leads to better outcomes than rushed decision-making.  Through practical examples from his career journey, Lance illustrates how his background in music enhanced his security leadership, why he structures his work week to separate technical deep-work from leadership responsibilities, and how creating psychological safety in teams while maintaining clear boundaries has become his leadership foundation. We look forward to sharing stories like Lance’s — ones that resonate with cybersecurity leaders facing similar challenges and foster a sense of community by sharing the human side of these journeys and the lessons learned along the way that have shaped their guests’ careers and contributed to today’s cybersecurity landscape. Topics Discussed:  - Implementing a ”slow down” methodology during cybersecurity crises that counterintuitively leads to better outcomes by preventing compounding errors that occur during rushed decision-making. - Strategic allocation of dedicated days for technical deep work versus people management to optimize leadership effectiveness without cognitive switching penalties. - Leveraging observational skills traditionally used for threat detection to identify underlying motivations in adversaries and team members alike, creating more effective intervention strategies. - Implementing a structured ”commit to three” framework with feeling acknowledgment and gratitude components that transforms potential attention challenges into leadership advantages. - Applying Zen principles to cybersecurity leadership that enable fresh perspectives on familiar problems, preventing complacency and encouraging continuous discovery. - Modeling transparent knowledge gaps and establishing collaborative rather than hierarchical relationships that accelerate growth in emerging security professionals. - Establishing clear boundaries and rejecting hero-complex tendencies to create more resilient security teams that don’t depend on individual heroics.