What if you could pivot from a career in intelligence analysis to becoming a cybersecurity expert, all by leveraging self-taught skills and open-source intelligence? Join us as Scott Small reveals his inspiring journey, transitioning from dealing with physical security threats to mastering cybersecurity. He shares the invaluable role of supportive hiring managers and highlights how programming in Python opened doors in the private sector, showcasing the diverse paths available in this dynamic field.
Creating your own opportunities is crucial in technical fields, and Scott emphasizes the power of initiative. From starting a blog to contributing to community repositories, he offers practical advice for building a robust portfolio. We also discuss the importance of networking, the impact of geopolitical events on cyber threats, and how storytelling bridges gaps within the security sector. Scott’s insights provide a roadmap for aspiring professionals eager to break into cybersecurity.
Artificial intelligence is revolutionizing cyber threat intelligence, but it comes with its own set of challenges. Scott and I delve into the complexities of AI-generated data, the necessity of rigorous validation, and the importance of frameworks like MITRE ATT&CK. We explore enhancing detection capabilities and the role of consistent practice in writing and data visualization for professional growth. Whether you’re a seasoned expert or just starting out, this episode is packed with actionable insights to help you navigate the evolving landscape of cybersecurity.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, scott ?
00:00:00
It's great to get you on the podcast.
00:00:03
I think that this has been in the making for a while now and
00:00:07
I'm really excited for our conversation.
00:00:10
Speaker 2: Yeah, for sure, joe thanks a lot for having me on.
00:00:12
Speaker 1: Looking forward to chatting as well, excited about
00:00:17
it, feeling you know what made them want to get into IT, what
00:00:22
made you want to get into security?
00:00:24
Because you know.
00:00:32
I find that if other people that maybe are looking to get
00:00:33
into security or maybe they're trying to get into IT, hearing
00:00:35
similar background is always very helpful, right, because you
00:00:39
can get into that mentality of, oh, this isn't for me, this
00:00:41
isn't, I don't have the right background, right, I didn't
00:00:44
start coding when I was 10 or whatever.
00:00:45
You can get into that mentality and hearing someone else with
00:00:49
that similar background, right, you can say, oh well, maybe if
00:00:53
he did it I could do it too.
00:00:55
Speaker 2: Yeah, absolutely.
00:00:56
So I totally agree with you.
00:00:58
I've been very much driven throughout my career by, you
00:01:00
know, watching others that I admire and learning about how
00:01:02
they kind of grew, and either folks from a distance or people
00:01:06
that I knew directly.
00:01:07
So, yeah, I've had very much kind of a winding path to
00:01:11
cybersecurity.
00:01:12
I'm more and more convinced every day that no one has a
00:01:15
traditional path into this field , and I'm very representative of
00:01:19
that.
00:01:19
So I kind of always, from a very early age, wanted or hoped to
00:01:23
work in security and national security specifically.
00:01:26
I always figured that I would work for the government, a
00:01:30
three-letter agency.
00:01:31
That actually never has been the case, but I've loved the
00:01:34
career that I've had so far.
00:01:36
So I actually did academic studies in security studies, but
00:01:40
it was very focused on physical security and international
00:01:44
security risks and geopolitics, and that's actually how I
00:01:47
started my career.
00:01:48
So I got started working as an intelligence analyst for a firm
00:01:53
that looked at country-level risks for physical security
00:01:58
threats, so things like terrorism and even down to drug
00:02:02
trafficking and cargo theft, so very different than what I'm
00:02:06
doing right now, but it actually very much introduced me to
00:02:09
first of all on like open source intelligence and research and
00:02:13
also just thinking about kind of risks generally, which is very,
00:02:16
very important for security, taking a little bit higher level
00:02:20
look at what you're doing, but really about how it works.
00:02:23
From there they kind of started the transition to more
00:02:26
quote-unquote, traditional cybersecurity.
00:02:28
My experience with doing research online honestly taught
00:02:31
me a lot of the skills that laid the foundation for what I'm
00:02:34
doing right now.
00:02:35
So being able to look up and find information that you're
00:02:38
searching for led me to looking at threats that were playing out
00:02:42
online so threats to brands, phishing and domain risks,
00:02:47
things along those lines and then that kind of transitioned
00:02:50
me more into what is probably the more traditional
00:02:53
cybersecurity and the technical skills that I now have.
00:02:55
So starting to dabble in entirely self-taught in
00:02:59
programming and Python, but just realizing that those skills
00:03:02
were literally necessary to do data analysis and intelligence
00:03:06
research.
00:03:07
And that brings me to my current role, which is Director
00:03:10
of Cyber Threat Intelligence for a software as a service.
00:03:15
Speaker 1: Yeah, it's really, it's fascinating.
00:03:17
You know, I've done over 200 episodes at this point and I
00:03:23
haven't heard anyone else with almost a similar background to
00:03:27
mine, right, but you know, you kind of had that same mentality,
00:03:31
or I did as well to you, where I went to college and I fully
00:03:35
intended on working at a three-letter agency, fully
00:03:39
intended on, you know, like, living abroad and, and you know,
00:03:43
going to like the darkest hole on the earth to, you know, do
00:03:46
whatever, right, like I fully intended on that.
00:03:49
I applied several times, never worked out for whatever reason.
00:03:54
It was very frustrating, very like almost heartbreaking even
00:03:57
to me, um and so that that's just really fascinating, right,
00:04:00
like I've I've never had someone else on that was like, oh yeah,
00:04:04
I, I wanted to go down this path and I ended up in in it,
00:04:07
you know, yeah for sure.
00:04:09
Speaker 2: Yeah, yeah, so I've definitely been there.
00:04:11
I know exactly what you, what you mean and what it's really.
00:04:13
It's.
00:04:14
It's been so fulfilling working entirely in the private sector.
00:04:16
Um, I was definitely fortunate at the time that I was
00:04:19
graduating, that, uh, an opportunity opened up that was
00:04:22
near my college and I was able to get that foot in the door.
00:04:25
That's so important.
00:04:26
But I'm very, very much seeing a lot more opportunities in the
00:04:29
private sector right now, which is very encouraging.
00:04:33
There's just so many more of them available that people can
00:04:36
get their start, and if they transition into maybe what they
00:04:39
thought they might be doing, then that's great.
00:04:40
But I think getting the experience it's going to open
00:04:43
your eyes so much to so many different paths that you may
00:04:46
never want to go back to the way you originally thought, because
00:04:48
that's very much kind of how I was in the beginning as well.
00:04:50
But, yeah, cybersecurity roles, intelligence roles with large
00:04:54
organizations, banks, all types of companies, everyone has
00:04:59
digital assets, everyone has cybersecurity needs and, finally
00:05:03
, the jobs are starting to drop.
00:05:10
Speaker 1: We're in a weird spot right now, in 2024, but it
00:05:11
comes and goes.
00:05:12
Yeah, that's fascinating.
00:05:13
You know when you were.
00:05:14
So when you were, you know, in college, I guess, looking at
00:05:19
that first initial threat intel job, did you do any online
00:05:25
training?
00:05:25
Did you do any certifications?
00:05:27
You know what was?
00:05:28
What was your entry path other than that degree in?
00:05:33
You know, in security?
00:05:34
Right, because a lot of people are trying to piece that
00:05:38
together and they feel like, oh, this is an industry where I
00:05:41
need direct experience.
00:05:43
Right, I need that experience.
00:05:44
I need that 10 years of experience coming right out of
00:05:47
college to get in and whatnot, and that's not typically the
00:05:50
case, right, if you at least have a halfway competent hiring
00:05:54
manager, you know they'll understand like, hey, we can
00:05:57
take someone out of college, but what was that like for you?
00:06:01
Speaker 2: Yeah for sure.
00:06:02
So it's definitely super tough.
00:06:03
Even entry-level jobs are looking for some sort of
00:06:06
experience, which is a complete catch-22.
00:06:08
What I really credit to allowing me to get my start it
00:06:12
literally helped me kind of bump up above a few other candidates
00:06:15
when I was getting my first job is my college program, and this
00:06:19
might be a little bit specific to Intel and cyber Intel, but I
00:06:22
know it's important for cybersecurity generally or
00:06:25
anyone doing Intel type of work.
00:06:27
My college program had basically like an intelligence newsletter
00:06:30
that students were.
00:06:32
It was optional, I think now it's actually required, which is
00:06:34
probably for the best, but you could work, you know, as an
00:06:39
extracurricular to support this newsletter.
00:06:42
Essentially, that gave me the foundations.
00:06:44
I had no idea what I was doing when I started working on it,
00:06:47
but just through trial and error again doing some of that online
00:06:50
research, learning how to analyze a news report and a news
00:06:54
story and then write about it it's, I think, kind of common
00:06:59
knowledge these days.
00:07:00
But if it's not, writing skills is super important or just
00:07:03
communication ability.
00:07:04
At the end of the day, whether you're doing a written term,
00:07:07
that experience starting in college allowed me to reference
00:07:10
back and say, hey, yeah, I mean, it was a club basically, but I
00:07:14
have examples of a small portfolio that I can point to
00:07:17
that allowed me to do that.
00:07:18
Yeah, I was putting in some extra time on top of classwork
00:07:22
but again, it gave me that foundation to be able to
00:07:25
reference back to.
00:07:26
So not every program has that, but it was definitely something
00:07:29
that actually encouraged me to go to the school, that I did and
00:07:32
be riddled.
00:07:33
So, as you're evaluating and getting into a program, see if
00:07:36
they have something like that or there's increasingly community
00:07:39
initiatives that maybe you can contribute to as well on these
00:07:42
days, which is encouraging too, we can go down the discussion of
00:07:46
certifications.
00:07:47
I actually do not have probably any of the major well-known
00:07:50
certifications.
00:07:51
Again, I think I was lucky to have those initial work
00:07:55
experiences and the club experience in college that I've
00:07:59
been able to keep building upon, so it's not that they're not
00:08:02
important.
00:08:02
If you want to go that route, that's great, but I just want to
00:08:05
encourage folks that it's not an absolute necessity and
00:08:09
fortunately there's some new, very encouraging free
00:08:14
certifications as well.
00:08:15
There's like a google foundations of cyber security
00:08:18
that I've heard really good things about as well, so it
00:08:20
doesn't have to be even paid once you can do things with free
00:08:24
resources too.
00:08:26
Speaker 1: Yeah, it's interesting you using that
00:08:29
newsletter right to kind of pivot into the industry to some
00:08:33
extent.
00:08:34
And I feel like people always get caught up in, you know, no
00:08:38
opportunity being handed to them , right, you know, if you're,
00:08:41
you know I'm just thinking back to when I was in college.
00:08:42
Right, you know, if you're, if you're you know, I'm just
00:08:44
thinking back to when I was in college, right, let's say I,
00:08:48
let's say I wanted to go down that security path.
00:08:50
Right, I am, I'm doing everything that I possibly can
00:08:54
to get in there.
00:08:55
Right, because I know after school I need experience.
00:08:58
Everyone's going to want something you know to some
00:09:01
extent that you can at least talk to.
00:09:03
Right, and if they don't have that newsletter, you know, say
00:09:07
I'm in your situation.
00:09:08
They don't have that newsletter .
00:09:10
I'm going to try and put something like that together on
00:09:12
my own and maybe it is only, you know, unofficial to like all
00:09:17
the, all the students you know at my college or whatever it
00:09:20
might be right, it doesn't have to be an official sort of thing,
00:09:24
but doing that analysis, doing that breakdown, getting that
00:09:28
practice in, even if you look stupid to the other 20
00:09:32
students at your school, right, and it's just another email that
00:09:36
they delete immediately.
00:09:37
You're still getting that experience.
00:09:39
You still have a body of work that you can show for it.
00:09:42
You know and I think that that is also something really
00:09:45
critical that people miss oftentimes, right, if the
00:09:49
opportunity doesn't already exist for them, it's like
00:09:53
they're they're stopping right there and they're saying, okay,
00:09:55
this probably isn't for me, when in all actuality, it's like no,
00:09:59
there's a gap, like you saying that there's nothing there.
00:10:02
There's a gap, obviously, and you should be, should be,
00:10:06
working to kind of fill it.
00:10:08
That's when I decided to start this podcast.
00:10:10
Right, I felt like there was a gap between getting someone's
00:10:16
honest, unfiltered opinion in different areas of security,
00:10:21
getting their unfiltered story of how they got in.
00:10:24
When this episode goes live one , this sentence will be in it
00:10:28
and two, your story is going to be untouched, right.
00:10:31
So I give people the opportunity to tell their story
00:10:34
how they want it to be told, and that's something you know.
00:10:37
Go to these other podcasts, right, I'm not going to name any
00:10:39
, because I know a lot of the creators and I like them, right.
00:10:42
But you go to a lot of these other podcasts and they're
00:10:45
cutting up and dicing up these interviews and it's like man
00:10:48
don't know that person at all right.
00:10:50
It's a different feel.
00:10:52
Speaker 2: Yeah, yeah for sure, and it is pretty rare and you
00:10:54
know, if you haven't had the opportunity to go to the
00:10:57
conferences and all that and do you know face-to-face networking
00:11:00
, you're going to have a certain impression of folks from a
00:11:02
distance.
00:11:02
So I think that's definitely super important, huge advocate
00:11:06
and fan of the networking.
00:11:08
It's not easy to do.
00:11:09
I think most of us are introverts, but I always find it
00:11:15
actually easiest to talk about when we're talking about
00:11:15
technical subjects and things that I know are in the least
00:11:18
interest of them.
00:11:18
That's where I'm actually super capable of doing that.
00:11:22
I definitely wanted to validate or support the Institute about
00:11:25
just working on something because if, yeah, there's a
00:11:30
chance that a gap does exist, or even if it doesn't, it honestly
00:11:33
probably does.
00:11:34
But even if it doesn't, the experience of working on
00:11:36
something is going to let you grow and evolve or nothing else.
00:11:40
Have that portfolio.
00:11:42
I have seen actual criticism just at least in my discourse
00:11:45
but of people writing blogs that were kind of reiterating
00:11:50
something that was already out there.
00:11:51
And no, don't go copy what other people have done.
00:11:54
But even if you are kind of re-analyzing, re-synthesizing
00:11:59
other stuff that's already out there, you will grow as a
00:12:02
researcher and an analyst.
00:12:03
In doing that You'll learn so much.
00:12:05
So, yeah, already out there, you will grow as a researcher
00:12:05
and an analyst.
00:12:05
In doing that You'll learn so much.
00:12:06
So, yeah, go out there.
00:12:07
Set up the Medium blog.
00:12:08
Do something on GitHub it's completely free.
00:12:10
You know bare bones kind of thing.
00:12:12
It's not just about writing.
00:12:14
I don't want to make it seem like that.
00:12:16
If you are more on the pure you know, coding or technical side,
00:12:19
I've contributed to specifically push myself with my
00:12:24
skills to.
00:12:26
There are community repositories for creating, like
00:12:29
cyber detection rules.
00:12:31
You can go learn about the format that they use.
00:12:33
There are great trainings out there and you can contribute to
00:12:37
the main repository.
00:12:38
Put that on your resume.
00:12:40
That's an actual contribution that you have made, and you
00:12:43
probably learned a lot along the way too.
00:12:45
So there's lots of projects out there along those lines yeah,
00:12:49
it's a really good point.
00:12:50
Speaker 1: You know someone, someone was talking to me years
00:12:53
ago about how to get their start as a developer.
00:12:56
Right, it wasn't even getting into security, like they just
00:12:59
graduated and they couldn't land a job as a developer, and my
00:13:02
very, very first question to them was do you have a GitHub?
00:13:05
You know, like, what's your GitHub?
00:13:07
How is someone going to hire you if they don't know you know
00:13:12
your work, right?
00:13:13
Like, as a developer, that's probably your most valuable
00:13:16
thing.
00:13:16
I mean, like if you were going to invest time anywhere, it
00:13:19
should be your own personal GitHub.
00:13:21
Yeah, and you know, I think he didn't take my advice very well
00:13:29
and he's still in the same position.
00:13:31
You know that he was in before.
00:13:34
It's like man, you have to take that initiative.
00:13:37
You know, if you're not taking that initiative, you're probably
00:13:39
not.
00:13:39
You're not going to go far in this field, right?
00:13:43
You're not going to go far in this field, right.
00:13:44
But to kind of circle back to threat intel, right, with the
00:13:49
craziness in the world, I always wonder how that impacts the
00:13:54
different attacks that you might be seeing, potentially in
00:13:58
different specific countries.
00:14:01
That may not be a part of a kinetic attack right now.
00:14:05
Let's just use.
00:14:07
What's going on with Israel, palestine and whatnot?
00:14:10
Right, what's going on over there?
00:14:12
Does it impact the EU in some way?
00:14:16
Does it impact America in some way?
00:14:17
Have you noticed anything like that with the different threat
00:14:21
feeds and whatnot?
00:14:23
Speaker 2: Oh yeah, absolutely.
00:14:25
I think in many ways, most ways , cyber is kind of a reflection
00:14:29
of the physical space for sure, both in terms of attack surface.
00:14:36
So as we see more of a shift towards cloud environments, we
00:14:38
see attackers shifting that way, but very much in a geopolitical
00:14:41
context as well, I think, probably one of the most notable
00:14:44
most recent.
00:14:45
So we can definitely go back to kind of Russia, ukraine and
00:14:48
maybe the attacks stemming from there.
00:14:49
The one that's been top of mind for us.
00:14:51
We tracked very closely with the conflict in the Middle East
00:14:56
of attempts to disrupt any operations, organizations,
00:15:01
countries that had any remote association with Israel, and
00:15:06
some of these attacks actually were quite disruptive or at
00:15:09
least had the real potential to be disruptive.
00:15:12
Quite a few of them are.
00:15:15
When we talk about hacktivism, it is traditionally seen as
00:15:18
maybe a less impactful type of attack.
00:15:21
Many actors have maybe let's call it basic ways to you know,
00:15:26
get their name out there, maybe promote a message and deface a
00:15:30
website, and that's notable against media usually.
00:15:33
But it's not the most disruptive attack.
00:15:35
What we did see is adversaries, most likely aligned, if not
00:15:40
directly supported, with Iranian government, going out and
00:15:45
successfully into critical infrastructure in the United
00:15:48
States, water utility organizations and what they were
00:15:53
doing, targeting them, maybe because it's, you know, low
00:15:56
hanging fruit, but because of the attention that it was going
00:16:01
to get.
00:16:01
Attention that it was going to get.
00:16:05
Hey, we hacked a water company in the United States and putting
00:16:07
up defecitant messages on the actual controllers for some of
00:16:09
the water facilities and treatment plants Definitely
00:16:12
something that got a lot of attention.
00:16:14
But they were in a network for critical infrastructure and that
00:16:18
does show that there was at least potential for a series.
00:16:21
I think they adjusted some water levels.
00:16:23
It didn't lead to running out of water in a town or whatever,
00:16:28
but it was more notable than a basic website that they used.
00:16:33
Speaker 1: Yeah, it kind of sounds like they may have been
00:16:35
kind of just more testing, right , kind of like, well, let's see,
00:16:41
let's see if we can get in oh, we got in.
00:16:44
Well, let's see if we could, you know, change water levels
00:16:47
you know we won't do anything that'll damage anything right
00:16:49
now and then let's show that we were there, right, let's prove
00:16:53
it, let's deface it, make sure that people know that we were
00:16:59
there, whatnot?
00:16:59
We do see that a lot and I wonder, because, you know, right
00:17:01
now we're, we're really in a tumultuous time, kind of all
00:17:07
over the world, you know, and in america, for sure, you know,
00:17:11
it's election season and it's, um, you know, as being a
00:17:16
security expert, right, or maybe that's the first time I've ever
00:17:19
called myself a security expert , but being in security, right,
00:17:22
you kind of identify different attacks, different attack
00:17:26
vectors, you know, because I'm starting to think, if I wanted
00:17:30
to control how a population thinks, I wanted to control how
00:17:34
a population votes, right, irrespective of the actual
00:17:37
attacker.
00:17:38
How am I going to do that?
00:17:39
Well, I'm going to do that, you know, through social media, I'm
00:17:43
going to do that through the news, I'm going to do that, you
00:17:46
know, from all these different angles and whatnot.
00:17:48
I think I kind of like shield myself from it, right, because I
00:17:51
do like 15 minutes of Twitter a day and like that is that's
00:17:55
like more than enough internet for me for the day.
00:17:59
Right, I don't watch any other news or anything.
00:18:01
But you know, as a security person, right, I'm starting to
00:18:05
think like that could absolutely be propaganda, or this news
00:18:10
outlet could absolutely be influenced in some way, even if
00:18:14
they are unwitting to the influence.
00:18:17
Right, are you also tracking, you know, threats like that
00:18:22
internally in America?
00:18:23
Because it's always very easy for us I feel like in America,
00:18:27
it is so extremely easy for us to think of an attack, think of
00:18:32
a terrorist attack, a kinetic attack, of really any kind, and
00:18:37
I mean we just think about it in another country, right, it's so
00:18:40
hard for us to ever think of even the riots that take place
00:18:46
in the EU, in France, for instance, in the UK, for
00:18:49
instance, of that level of I don't want to even call it
00:18:52
violence, but you know what I'm saying.
00:18:55
It's a different kind of riot than what we would ever
00:18:58
experience in America.
00:18:59
It's hard for us to picture that internally, right?
00:19:03
Speaker 2: Yeah, yeah, for sure.
00:19:04
Yeah, I mean, I think we have witnessed, and we are very much
00:19:08
still in the thick of it and we will continue to witness, this
00:19:13
information inability to kind of trust and rely on.
00:19:16
Basically, in my opinion, you know most of what you're reading
00:19:20
, especially on social media, do you think?
00:19:22
You know, given my career, I've always taken a lot of
00:19:24
skepticism to basically anything that I read, because you don't
00:19:27
have to do that if you're talking about sources, but, man,
00:19:31
you absolutely have to with basically everything that you're
00:19:34
reading, not to say that you can't trust anything.
00:19:36
You have to have some sort of kind of baseline but you can't
00:19:40
just go in and take everything at face value or a lot of it.
00:19:45
We absolutely saw an impact on our previous elections with
00:19:49
disinformation and influence operations and we're seeing a
00:19:52
lot of those kinds of activities kind of playing out right now.
00:19:55
I think the you know the damage has been done in terms of, you
00:20:00
know, weakening confidence in you know the information that's
00:20:04
out there, and so I think we're just operating, at least right
00:20:07
now and for this next selection cycle, under kind of the new
00:20:10
normal.
00:20:10
Unfortunately there's no you know kind of consistent way to
00:20:15
go in with verifying you know who you are and what you're
00:20:19
publishing out there.
00:20:20
There are some systems, but even those are being manipulated
00:20:23
with everything that's at Twitter and X right now.
00:20:25
I think one thing that's been really interesting I never would
00:20:28
have wanted it to play out this way, but with the change in
00:20:31
ownership at Twitter and X I mean, I think, most of us I can
00:20:36
say that my feed has dramatically changed in terms of
00:20:39
, without me changing anything in terms of you know what I was
00:20:43
following or anything.
00:20:44
The nature of the information on there is just change, and so
00:20:49
you know, that's been, I think, maybe kind of a wake up call for
00:20:52
more folks and there's not a lot of remediation to be.
00:20:58
There is.
00:20:58
I've used the platform so much less now for, you know, never
00:21:01
used it much for personal purposes, definitely not anymore
00:21:04
, but even for, you know, work purposes it's useful, um, right
00:21:08
now.
00:21:08
So I don't know, that's a bit doom and gloom, but if nothing
00:21:11
else, I think, uh, a lot more, uh, wake up call to what is
00:21:16
going on.
00:21:16
This is easy to get siloed and maybe isolate yourself away from
00:21:18
the worst of the disinformation .
00:21:19
A lot more wake-up call to what is going on.
00:21:20
This is easy to get siloed and maybe isolate yourself away from
00:21:22
the worst of the disinformation .
00:21:23
Previously that's how I saw myself, but now you can't avoid
00:21:25
it.
00:21:26
Speaker 1: Yeah, yeah, it's a weird place right now and you
00:21:34
know, full honesty, right, like I think I had a Twitter account,
00:21:37
you know back when, right like I think I had a twitter account,
00:21:39
you know back when it was twitter, right, um, I never,
00:21:42
like never, literally never used it.
00:21:44
Um, I I think when I actually decided to start using it a
00:21:48
little bit more, it was when this podcast kind of kicked off.
00:21:52
Right, it was actually probably like a year or two into it
00:21:55
being kicked off, so it wasn't even like an immediate thing.
00:22:00
So I also that kind of coincided with new ownership and
00:22:05
I've only seen this feed being just like I don't know,
00:22:11
constantly feel like I am being socially engineered to some
00:22:16
extent when I'm, when I'm in my feet and I'm not like I'm not
00:22:20
someone that's like anti, you know Elon or anything like that.
00:22:23
Like I, I drive a Tesla, my wife drives a Tesla.
00:22:26
Like I like the product and all that sort of stuff.
00:22:29
Right, like I like SpaceX, I like space overall, but so I
00:22:33
don't have that reference point of like beforehand, right,
00:22:36
because I literally didn't even use the platform.
00:22:38
But now I mean, like when I go into it, it's just like it's
00:22:43
depressing, because I'm not really into politics, you know,
00:22:47
like that's not really my thing, even though I kind of studied
00:22:50
it a little bit in college, but like now, it's just like nonstop
00:22:54
.
00:22:54
It's just like nonstop, you know, telling you about one side
00:22:57
or the other.
00:22:58
And one thing you know that you mentioned that I recently
00:23:02
experienced, right, so I saw someone post like on Facebook,
00:23:06
saying that, like you know, chatgpt didn't even acknowledge,
00:23:10
you know, the assassination attempt on Trump's life, right?
00:23:13
I was like surely, surely that's incorrect, right, surely
00:23:19
that's wrong.
00:23:19
And so I went into Chad GPT and I pay for Chad GPT for
00:23:24
different reasons, right, so I have that, like that enhanced or
00:23:28
whatever it is, you know the enhanced capabilities of it and
00:23:32
I go into it.
00:23:33
And I just asked a simple question when did the
00:23:36
assassination attempt on former President Trump take place?
00:23:40
And it took it a couple minutes , right, and several prompts of
00:23:48
me saying, no, you're wrong, it took place in 2024.
00:23:53
No, you're wrong again, it took place in Pennsylvania, 2024.
00:24:00
No, you're wrong, again, it took place in Pennsylvania.
00:24:01
Like I had, I literally had defeated the details of that
00:24:02
attempt for it to acknowledge and say, oh, I was wrong, you
00:24:06
know, it took place on this date , this time.
00:24:09
Um, the, these people were involved, right, like, and
00:24:12
figured, okay, like, well, this is a, an LLM, right, so it's
00:24:16
learning for me, kind of like I'm also learning from it, right
00:24:19
?
00:24:19
And so, surely, a couple of days later, I went and tried the
00:24:24
I mean the exact same question, like I.
00:24:26
I literally just started a new chat, copied the question that I
00:24:30
had initially put it into the new chat, and it gave me the
00:24:35
same kind of response Right, no, that never happened.
00:24:38
And I'm just sitting here like this is like blatant
00:24:42
disinformation, like whether you're right or left right, like
00:24:46
we're not even talking about politics, like this is a
00:24:48
historical event that occurred and they're trying to say that
00:24:51
it didn't happen.
00:24:52
Speaker 2: But it's like what is going on here, you know, like
00:24:56
it's crazy I think not to not to spin it too optimistically
00:24:59
because it's it's like what is going on here, you know, like
00:25:00
it's crazy.
00:25:02
I think not to not to spin it too optimistically because it's
00:25:03
not optimistic, but I think the process that you took is exactly
00:25:05
what I want to see happening more.
00:25:07
And again, it's unfortunate that we have to do this.
00:25:09
But I mean, I would have encouraged this and I think this
00:25:12
would have been smart, you know , 10, 20, 50 years ago, to kind
00:25:15
of evaluate the information through that lens.
00:25:18
So you took an approach that I've definitely had before,
00:25:21
which is like there's no way that that's right, but then you
00:25:23
actually like looked into it a little bit and you tried to
00:25:26
experiment it yourself and at the end of the day it is very
00:25:29
unfortunate that it was correct, but like taking the lens and
00:25:33
then taking the steps to kind of look into it a little bit
00:25:35
yourself, man, that is like super important and I'm not
00:25:43
trying to paint it too rosy, but like doing some of that
00:25:45
evaluation yourself like teaches you, like when red flags should
00:25:46
go up and maybe when you maybe trust something a little bit
00:25:48
more, without needing to check every single thing.
00:25:50
So you know, uh, the use issues are present on on both sides of
00:25:55
the aisle.
00:25:55
I feel pretty confident it's worse on one side, but it's
00:26:01
definitely an issue on all or both sides.
00:26:03
So you always have to take all the information through at least
00:26:08
some sort of critical lens for sure.
00:26:10
Speaker 1: Yeah, yeah, absolutely.
00:26:12
It's kind of the unfortunate state of the world, you know,
00:26:18
yeah, like you know, when the 2020 election was going on, you
00:26:25
know there was a huge like push for like fact checkers and you
00:26:30
know all this sort of stuff.
00:26:31
Right, and me, being the security person that I am, my
00:26:36
first question was like, well, who runs the fact checker?
00:26:40
Because if I'm an opponent right or a threat to America
00:26:48
overall and I want to influence the population, well, don't I
00:26:53
just have to go and buy whoever owns that thing?
00:26:56
I'll just pay them off and have them tweak it a little bit,
00:27:00
right?
00:27:00
That was my biggest thing, and I had some friends that were
00:27:03
like, oh, you're just a conspiracy theorist.
00:27:05
I'm like, no, that's what you do, that's literally what you do
00:27:10
.
00:27:10
That's what America has done in other countries.
00:27:13
That's literally what we've done in all over Africa.
00:27:14
That's literally what we've done in other countries.
00:27:15
That's literally what we've done in all over Africa.
00:27:17
That's literally what we've done in other elections.
00:27:19
It's not necessarily like a Russia or Iran or name your
00:27:25
opponent of America.
00:27:27
It's something that we've done.
00:27:29
It's just something that I always tell people.
00:27:35
You know, yeah, you can, you can trust different sources.
00:27:39
But if it sounds a little bit, just a little bit off or a
00:27:43
little bit weird, right, like you should absolutely do your
00:27:47
own checking there.
00:27:47
There's been several times when and I'm not saying I'm, I'm like
00:27:52
on the right or on the left or anything like that I'm I'm
00:27:54
literally not trying to have a biased, you know, discussion
00:28:00
about it, right, but, like there were, there was some like you
00:28:03
know, accusations, right, that was made about Trump saying
00:28:06
something and I had to go back and find the actual, like the
00:28:10
legit video, right, and I had to basically watch it all the way
00:28:15
through.
00:28:15
It came up to the point where he said what they claimed that
00:28:19
they said, and they took it like completely out of context.
00:28:23
They like literally took different words in the sentence,
00:28:27
put them together as if it was his own only statement in that
00:28:32
sentence, and it just took it completely out of context, right
00:28:36
, and I'm just sitting here like , like man, this is frustrating,
00:28:39
right, because I'm someone that'll do it, you know, if, if
00:28:42
I'm like interested, you know, like, if I have the time or
00:28:45
whatever, Right, um, and I'll do it, you know, for both sides,
00:28:49
all sides, like it doesn't even.
00:28:50
It's really frustrating because 99% of the people out there
00:28:56
that are not in security, are not in threat intelligence at
00:29:00
all, do not have the background in international relations and
00:29:04
politics and whatnot, like you and I might do.
00:29:08
They're not going to do that.
00:29:09
They're not going to do the research right.
00:29:13
They're going to take whatever news outlet they believe in and
00:29:16
take that as fact and then take everything else that's wrong and
00:29:19
it's like.
00:29:19
It's like we're in a weird place and I I apologize, I mean
00:29:23
I didn't mean to take this conversation this direction
00:29:26
right, but I think it also plays into threat intel right,
00:29:30
because we're in a really interesting time where, as
00:29:35
threat intel, as a threat intel expert that you are right and as
00:29:39
a security person that I am we're like seeing some of these
00:29:44
like tactics, you know, being played out in real time, like
00:29:48
against actual populations, and it's a it's an interesting time
00:29:52
yeah, no, you're, you're absolutely right.
00:29:54
Speaker 2: you, you, uh, you know, uh for better, for we
00:29:56
can't get away from a lot of these topics because they touch
00:29:59
literally everything, including cyber.
00:30:01
For sure, I think, one of the things that stands out that
00:30:05
loops back very directly to what I do and AI, uh and and
00:30:08
increased interest and desire, and there are a lot of benefits
00:30:19
of using AI for cybersecurity, but that automatically
00:30:22
introduces, you know, bias and a lot of concerns with how is the
00:30:26
algorithm generating the answers that it is, and if
00:30:29
you're using those uh utilities for cyber threat intelligence
00:30:34
work, you're exposing yourself big time to misinformation or
00:30:38
just, you know, unvalidated info that's making its way into your
00:30:42
work.
00:30:43
I absolutely use AI as part of, you know, my daily work, but in
00:30:49
a very kind of limited slice.
00:30:51
I do see again makes me a little bit concerned.
00:30:54
This move to prompt the GPT to say, hey, what are the you know
00:31:01
latest threat actors targeting my industry, and just taking
00:31:05
those results at face value and dropping that into your Intel
00:31:08
report to your leadership.
00:31:09
That's very concerning to me and quite honestly goes
00:31:12
completely counter to, you know, the the basic principles of
00:31:17
kind of our field.
00:31:18
Speaker 1: I think so again, don't get me wrong very little
00:31:26
right, yeah, like you know how I primarily use it is, uh, it
00:31:31
kind of like prompts my brain to go down different paths, right,
00:31:36
like you know, recently.
00:31:38
So I'm getting my phd in like securing satellites that's
00:31:41
probably the simplest way that I can explain it and I I was
00:31:44
using ChatGPT to give me, you know, critical, like articles or
00:31:49
topics on securing satellites, what are the different, you know
00:31:53
, components of it, right, and it brought in like propulsion
00:31:56
systems and energy systems and how you have to, you know,
00:32:02
estimate out the different systems of your, of your
00:32:05
satellite for, like, the darker periods when it goes around the
00:32:08
earth and whatnot and all this sort of stuff, right, those are.
00:32:11
Those are two areas that I would not have thought of as a
00:32:14
security, you know, expert security person in this field.
00:32:18
Um, I would have thought about propulsion, right, like I never,
00:32:22
never, would have thought about that.
00:32:24
I would have been thinking about, like, the different
00:32:25
computers on the satellite to, you know, accomplish what we're
00:32:30
trying to accomplish with, like a communication satellite, for
00:32:33
instance, right, and so I think it's, I think the AI is, it's a
00:32:39
really good tool, but it shouldn't be like that end all
00:32:41
be all.
00:32:42
You know, and I feel like I feel like the same with you know
00:32:46
really any like media outlet, media platform.
00:32:49
It's a really good tool.
00:32:50
It should prompt questions for you to go and check, but it
00:32:53
shouldn't be that end-all be-all sort of thing.
00:32:56
We always have that question in our head, that kind of nags at
00:33:01
us to be like well, is it really like that or is it something
00:33:04
else?
00:33:04
Is there nuances with it?
00:33:04
We're probably like built a little bit differently in that
00:33:15
regard, but how do you train people to do that more?
00:33:20
Is that even possible?
00:33:22
Speaker 2: Yeah, it's definitely a great question, something
00:33:25
I've thought a lot about, and I worry that at a certain point,
00:33:29
with people who have really strong mentalities, that it may
00:33:32
not be able to convince them.
00:33:34
But what I always try to do is just exactly the process you
00:33:37
talked about earlier is kind of, you know, show the work that
00:33:40
got to this answer and if the steps aren't there to be able to
00:33:44
recreate it, like to me that's a huge red flag because I am
00:33:46
that way and I want to be able to recreate it.
00:33:47
Like to me that's a huge red flag because I am that way and I
00:33:49
want to be able to verify it.
00:33:50
Now, not everyone is necessarily that way.
00:33:53
I'm constantly optimistic and I'm of the mind that if I can
00:33:57
show someone that maybe, uh, the the evidence that they try to
00:34:00
present is is like, literally that's the case and I'm hopeful
00:34:04
that that might, you know, change their opinion.
00:34:06
But we all know that there are going to be situations where
00:34:08
people won't.
00:34:09
Maybe it creates and that's a little you gotta.
00:34:12
You gotta come at it with a little bit of kind of a give and
00:34:15
take.
00:34:15
You can't just say, well, yeah, I'm showing my work and
00:34:18
therefore it's right, because that's going to turn people off
00:34:20
as well.
00:34:21
Hey, the great point about you know, uh, organizations and even
00:34:24
countries have have scooped up you know outlets um, to be able
00:34:27
to promote certain narratives there.
00:34:30
I have found uh uh uh sites, uh , ostensibly portraying
00:34:36
themselves as fact checkers, that were, like, literally
00:34:39
intended to promote disinformation.
00:34:41
So that's a huge concern as well.
00:34:42
What I would say is like, like, if you're interested in this
00:34:46
and if you care about the validity of the data, take a
00:34:50
look at who owns the site or the new site and it's all those
00:34:54
thread problems.
00:34:55
Maybe it's not leading you to a point that's maybe not very
00:34:59
positive, but at least you've taken the steps and if it's not
00:35:03
transparent, it's a very difficult problem to solve.
00:35:07
Speaker 1: You know, for threat intel in 2024, what are some of
00:35:12
the challenges of being in the space, right?
00:35:15
I mean, we probably talked about, like the biggest one of
00:35:17
misinformation and whatnot, what it's like being in that area
00:35:29
with that specialty.
00:35:30
Because I've never been in threat intel, right, I've used
00:35:32
lightly some you know threat intel solutions out there, right
00:35:36
, but that was several years ago , and so I'm trying to find, I
00:35:41
guess, maybe the value, what the different areas of threat intel
00:35:46
could include, right, because for me, I'm coming at this from
00:35:50
a very limited approach.
00:35:51
I'm coming at it from okay, you're taking the news in a
00:35:54
region and you're developing threats off of that and you're
00:35:57
basing it on some other criteria , right, but there might be more
00:36:01
to it.
00:36:01
What's that like?
00:36:04
Speaker 2: Yeah, so the fundamental challenge is exactly
00:36:06
what you just described.
00:36:07
It's proving and demonstrating consistently the value of a
00:36:11
cyber threat intelligence program.
00:36:12
And the big reason I say that is because so much cyber threat
00:36:17
intelligence is happening these days in the private sector.
00:36:20
And intelligence for private sector is fundamentally
00:36:24
different than what it naturally evolved from, which was
00:36:28
intelligence for military purposes.
00:36:31
In the military and in the government, situational
00:36:34
awareness quote-unquote is a valid, desired outcome of an
00:36:39
intelligence function.
00:36:40
You're keeping decision makers kind of in the know.
00:36:42
You're dealing with much more access to kind of secret sources
00:36:46
that may yield information.
00:36:48
But situational awareness is often the end goal and it's a
00:36:51
valid one In a private enterprise for so many reasons
00:36:55
we can unpack.
00:36:56
But situational awareness really means very little.
00:37:00
You need to be able to operationally show and
00:37:03
demonstrate how the intelligence contributed to some sort of
00:37:08
operational change in the security posture, and that's
00:37:12
what so many teams and organizations struggle to do.
00:37:15
And I think that is because, with intelligence being born out
00:37:19
of military and government agencies, the approach to
00:37:23
intelligence often has been and very much continues to be.
00:37:26
Here is a daily report or briefing with a summary of the
00:37:31
news, maybe some very light analysis sprinkled in.
00:37:33
That analysis is always supposed to be kind of a
00:37:37
dividing line where you're not offering perspectives and
00:37:40
decisions.
00:37:41
That can't be the case in an enterprise and in the private
00:37:45
sector, because there needs to be some clear action taken as a
00:37:49
result of intelligence.
00:37:50
So it's pretty rare but it's very much increasing.
00:37:53
It's literally the focus of my work.
00:37:55
These work is to be able to show it was very clear evidence
00:38:00
and backed up by data what steps can you take as a result of
00:38:03
this intelligence in very concrete ways and just to not go
00:38:08
too deep into it, but to give an example.
00:38:10
So everything I work on and my company is based on it's a
00:38:15
framework or a knowledge base known as MITRED.
00:38:18
What this is is essentially kind of like a reference library
00:38:23
of, at a certain relatively high level, all the known
00:38:28
adversary techniques that attackers can use to carry out
00:38:32
malicious activity.
00:38:33
When I report in my day-to-day job about the latest adversary
00:38:38
trends and cyber attacks, I talk about those in terms of minor
00:38:42
attack techniques.
00:38:43
The value there is you're able to relate an attacker technique
00:38:48
directly to some security tool or technology and you're able to
00:38:52
say well, if we were exposed to this attack, how would my tools
00:38:56
be able to react?
00:38:58
Do I have gaps in those tools and, if so, am I able to close
00:39:01
them by introducing some new process or detection rule or
00:39:05
technology?
00:39:05
That's just kind of the mindset and approach.
00:39:07
It's oversimplifying it, but it's all geared towards, again,
00:39:11
action and operationalization of the intel, and that's kind of
00:39:17
where I see things needing to go , because there's been yeah,
00:39:22
that is definitely very true.
00:39:25
Speaker 1: There's been no real actionable information with it.
00:39:31
When you, when you, even, you know, I, I can't remember,
00:39:36
literally cannot remember the vendor name and if I could
00:39:39
remember it I would not say it because I don't feel like it
00:39:42
ensued today.
00:39:42
But you know, I had a vendor pitch me very like closely after
00:39:48
log4j came out and they're they're like oh yeah, we saw
00:39:53
that, you know, month before.
00:39:54
It was a big deal.
00:39:55
We saw it in october, whatever it was.
00:39:58
And you know, we started to you know, notify, right, some
00:40:02
customers that may have been impacted.
00:40:05
But we didn't really know.
00:40:06
And they then like changed the conversation to like, oh, you
00:40:11
have to build in this detection for it.
00:40:13
And I literally said this is a zero day.
00:40:17
How am I going to build a detection for a zero day?
00:40:20
If I build a detection for a zero day, that means I know what
00:40:24
the zero day is and I should be selling it because it's worth a
00:40:28
lot of money, right, and they like had no real good rebuttal,
00:40:33
you know, because it's like, how am I supposed to build
00:40:36
something off of something I don't know?
00:40:38
You know, like your whole job is to basically go buy these zero
00:40:44
days and create a detection off of it and put it in your
00:40:47
platform and say you found it before anyone else.
00:40:49
Like that that's what you should be doing on the back end.
00:40:52
But you're not doing that, you know.
00:40:54
And that that action part was always the most frustrating part
00:40:59
to me, because even if it could tell me, like you're at risk,
00:41:04
right of this zero day, for instance, it still would not
00:41:08
tell me oh, is CrowdStrike prepared for it?
00:41:11
Is my PAM solution prepared for it?
00:41:14
Is my SIM even set up to log for it?
00:41:17
You know, like, what do I need to do?
00:41:19
And so, like I'm saying that that detection part that you
00:41:22
talked about, that's really interesting because that
00:41:25
actually gives you actionable information right, yeah, yeah,
00:41:29
absolutely.
00:41:30
Speaker 2: So.
00:41:30
I've definitely seen those as well.
00:41:32
But the example that you talked about is an especially bad one
00:41:35
and I almost want to say that maybe it's just due to kind of
00:41:38
the unfortunate you know marketing and maybe lack of
00:41:42
understanding of you know what's going on under the hood who
00:41:45
knows?
00:41:45
But to circle it back to what you said, yeah, huge, huge
00:41:49
proponent of kind of detections, knowing how they work.
00:41:51
This is a little bit newer area and it's typically still
00:41:56
reserved for a little bit better resource, more mature teams.
00:41:59
But I am a massive proponent of what's known as the simulation
00:42:04
and testing, and this is not anything new to those in the
00:42:07
programming and coding space.
00:42:08
You go out and unit test your code to make sure that
00:42:10
everything runs.
00:42:11
Precisely that same mindset can and should be applied and it's
00:42:15
getting a lot easier to apply it to the security space as well.
00:42:20
There are great open-source projects.
00:42:21
The most well-known is Red Canary's Atomic Bread Team
00:42:24
project, but they're basically just it's like a framework for
00:42:28
running Python and PowerShell scripts that let you kind of run
00:42:32
these adversary techniques in a limited environment and let you
00:42:35
see how your detections are actually operating.
00:42:37
It's definitely a stretch goal and sometimes a little bit
00:42:41
easier said than done, but anytime you put in place any new
00:42:45
security process or even policy mitigation, you're already
00:42:49
taking that mindset.
00:42:50
So maybe you go run the test script and see if it actually
00:42:54
triggered the detection or if it's more of kind of a policy
00:42:57
approach.
00:42:57
Go do the tabletop exercise Again, easier said than done,
00:43:01
but that's what you want to be thinking about to make sure like
00:43:03
all this stuff actually worked the way it did.
00:43:06
Or, you know, do some of the the user training and awareness.
00:43:09
You know phishing tests.
00:43:10
If you deploy a new email security solution, see how well
00:43:13
that's working.
00:43:13
That's just the mindset that I want to try to promote because,
00:43:17
believe it or not, that's that's not super widely adopted, but
00:43:20
that's how you have at least a lot more confidence that the
00:43:23
tools, technology, processes are all.
00:43:25
Speaker 1: Yeah, yeah, that is.
00:43:27
It's so critical and a lot of people don't want to do that
00:43:31
work either.
00:43:31
Right, and it's because it's long, it's tedious, takes a lot
00:43:35
of time and effort, right?
00:43:36
I'll give you an example.
00:43:38
I was POCing different WAF solutions for our cloud
00:43:42
environment and I deployed one solution, very simple solution,
00:43:49
right, it was so simple to deploy and I didn't have to
00:43:53
configure it at all that I literally, quite literally,
00:43:55
forgot it was on my application.
00:43:58
Still, it's so lightweight, it's just in the code, you know,
00:44:01
you're not doing anything else else.
00:44:03
And I eventually deployed, like another, another WAF basically
00:44:08
on top of it, and I started launching attacks at it.
00:44:11
Right, because I would create very specific rule sets and
00:44:14
whatnot.
00:44:14
And then I'll I'll launch a test at it to make sure, like,
00:44:18
hey, this rule is doing what it should.
00:44:20
Be right, because how else are you going to know that it's
00:44:23
protecting you from cross-site scripting unless you're throwing
00:44:26
cross-site scripting at this vulnerable app?
00:44:28
You know, you know that the application is vulnerable to it
00:44:31
by default, right, and this security tool needs to do its
00:44:35
job.
00:44:35
And so I threw all these tests at it.
00:44:38
Right, and this this second laugh that I'm talking about it
00:44:42
caught something like six or 7 attacks.
00:44:46
Well, I threw 40 attacks at it, right, um, and so I, I, I
00:44:52
ended up logging into the, the lightweight WAF um console, just
00:44:58
to see if I still had access, because I wanted to get some
00:45:00
screenshots of the stuff that that I had done, you know, and I
00:45:04
noticed, caught all of the attacks that this other thing
00:45:08
missed.
00:45:08
Like I was on the phone with the sales engineer saying like
00:45:12
hey, you guys missed you know 30 000 attacks plus right, 33 000
00:45:18
attacks.
00:45:18
You missed them.
00:45:19
Where the hell did they go?
00:45:21
And he couldn't even tell me, like from his you know console
00:45:26
view.
00:45:26
He's like, yeah, we just never even saw it, you know.
00:45:30
And I'm, I'm sitting here like how is that?
00:45:33
How, how is that you selling me your solution right now?
00:45:36
Speaker 2: yeah, for sure.
00:45:37
No, that that's a huge piece that.
00:45:39
I've talked a lot about detections and then doing the
00:45:41
testing on them, but it's probably one of the least sexy
00:45:44
areas, at least, of security.
00:45:45
But, like the logging of all this, to be able to have
00:45:48
visibility into whether you were even able to detect something.
00:45:52
That's a huge gap that we're seeing more and more of as more
00:45:55
data is coming in.
00:45:56
It's really expensive to store all this stuff, but if you run
00:45:59
some of those tests, you'll often.
00:46:01
Maybe one of the first points is you're going to find that you
00:46:03
actually weren't storing the proper types of logs, or maybe
00:46:06
your vendor wasn't giving you access to them.
00:46:08
So that's a huge piece of the puzzle as well.
00:46:11
It's not super thrilling, but to find out that you probably
00:46:15
should have these types of logs coming in if you want to be able
00:46:18
to say you're detecting this, it's literally the essential
00:46:22
piece to get all the rest of the Right, so you know, where do
00:46:28
you?
00:46:28
Speaker 1: where do you see this section of the security
00:46:31
industry going in the next?
00:46:33
You know, five years.
00:46:34
I would typically say 10 years, but 10 years is probably way
00:46:37
too far out because it's changing so rapidly.
00:46:40
But what do you see?
00:46:41
Where do you?
00:46:42
What do you see as like the next milestones for the industry
00:46:45
?
00:46:45
Right?
00:46:47
Speaker 2: yeah for sure.
00:46:47
So obviously a little biased um with with what we're doing, but
00:46:48
I really do see more of this, you see, as like the next
00:46:48
milestones for the industry, right, yeah for sure, so
00:46:48
obviously a little biased with what we're doing, but I really
00:46:51
do see more of this shift towards a quicker and more
00:46:57
streamlined kind of validation of your security posture and
00:47:01
validation of, at least, like, your confidence that things are
00:47:05
working as they're expecting to be.
00:47:06
I don't think you could ever be 100 validated, and if you ever
00:47:10
did get to that state, uh, tomorrow it's going to change
00:47:13
with just the nature of the environment.
00:47:14
But more of a shift towards, you know, kind of a rapid fire
00:47:18
validation of your security posture.
00:47:21
More of a shift certainly towards kind of tuning all of
00:47:25
those security uh tools, technologies, processes and
00:47:28
defenses towards the threats that matter.
00:47:30
What I focus on again, being in the cyber threat intel space,
00:47:34
is strongly believe that you're not able to defend against every
00:47:39
single attack at every single given point in time.
00:47:41
So you have to prioritize, kind of what you're looking at, so
00:47:44
injecting that threat intel into your defensive work, maybe from
00:47:49
the outset.
00:47:49
If you're building a new security program, I really think
00:47:52
that's the way to go, or at least kind of fine-tuning things
00:47:55
.
00:47:56
Probably the final meta trend that's definitely playing out
00:47:59
literally right now this year, and I think will continue to
00:48:02
play out for as far as I can see , is focus on optimizing your
00:48:08
security stack with what you have in place right now.
00:48:10
Budgets are super tight.
00:48:12
Everywhere In many cases they're being so trying to do as
00:48:16
close to the same level as you can, maybe with less, or maybe
00:48:21
finding ways to maybe do a little bit more with less.
00:48:24
So many of the tools and technologies are so complex
00:48:28
right now.
00:48:28
They have so many capabilities.
00:48:30
I literally talk often with clients who didn't know that
00:48:34
they have an ability to do something with one of their
00:48:36
tools that they already have access to, and that's not their
00:48:39
fault.
00:48:39
It's because the tools are so complex and going back to just
00:48:43
the communication, it's so challenging.
00:48:45
So it's that digging in and sometimes finding new ways to do
00:48:48
things with what you already have, just to be able to.
00:48:52
Speaker 1: Yeah, those are all very valid, very valid points
00:48:56
for sure.
00:48:56
Well, scott, you know we're at the top of our time here and I
00:49:00
really enjoyed our conversation.
00:49:02
It was really fascinating.
00:49:03
We went down some rabbit holes that I definitely did not expect
00:49:06
, that's for sure.
00:49:21
Speaker 2: But yeah, yeah, absolutely Well, scott, you know
00:49:22
, before I let you go, how about you tell my audience?
00:49:23
You know where they could find you if they wanted to connect
00:49:24
with you and you know maybe reach out or whatnot and where
00:49:25
they could find your company.
00:49:26
I would say the best place is probably LinkedIn.
00:49:27
I'm most active there Scott Small on LinkedIn, and it
00:49:28
shouldn't be too hard to find me and I would say either
00:49:31
titlecybercom or website.
00:49:33
We're also very active on, you know, most social media, but
00:49:36
especially LinkedIn.
00:49:37
We really do try to do a lot of sharing back with the community.
00:49:40
Going back to what we talked about before, it helps keep me
00:49:43
fresh, doing a lot of you know writing and you know data
00:49:46
visualizations.
00:49:47
We me fresh doing a lot of you know writing and, and you know
00:49:50
data visualizations.
00:49:51
We're put out a lot.
00:49:51
I'm in share with you and those are just some of the best
00:49:52
places to punch and uh in a central place.
00:49:54
So look forward to connecting with anyone.
00:49:56
I'll do a lot of you know mentorship and just trying to
00:49:58
help folks out who are getting started.
00:50:00
So please reach out to the company or to me.
00:50:02
Speaker 1: Awesome, well, thanks for coming on again and I hope
00:50:06
everyone listening enjoyed this episode.
00:50:07
Bye everyone.