In this episode of the Future of Cybercrime podcast, Zaira speaks with Irina Nesterovsky, Chief Research Officer of KELA. They explore the world of cyberthreats and the method to the madness that is cyber threat research and investigation.

Topics discussed include:

• The “How” Behind the power of KELA's cyber threat intelligence
• The traits that make for a great intelligence analyst
• A look into a prominent cyberattack and surfacing attribution
• Recommendations on how to leverage threat intelligence to improve your Security function

Resources:

• Irina on LinkedIn: https://www.linkedin.com/in/irina-nesterovsky-95017442?originalSubdomain=il
• KELA Cyber Intelligence Center: https://www.kelacyber.com/resources/research/
• KELA Cyber: https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Nirali Bhatia, Cyber Psychologist and CEO of Cyber BAAP. They explore the world of cyber psychology and how useful it is during threat investigations and ransomware negotiations.

Topics discussed include:

• Nirali’s understanding of threat actor psychology
• How cyber psychology is applicable to ransomware negotiations
• The effects of cybercrime on the general public
• Recommendations on how to build cyber psychology education into enterprises and how to teach every day people

Resources:

• Nirali on LinkedIn: https://in.linkedin.com/in/nirali-bhatia
• Nirali’s Twitter: https://twitter.com/bhatianirali?lang=en
• Nirali’s Website: https://niralibhatia.com/
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Chris Kirsch, CEO of runZero and seasoned social engineering practitioner. They explore the world of “hacking humans” from building target profiles to everyday hacks and exploiting trust.

Topics discussed include:

• Chris’ perspective on what makes for a good social engineering exercise
• A walk-thru of competition hacks and client exercises
• Key advice for all listeners on how to identify social engineering
• Recommendations on how to build a social-engineering proof organization

Resources:

• Chris on LinkedIn: https://www.linkedin.com/in/ckirsch/
• Chris’s Twitter: https://twitter.com/chris_kirsch
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Raveed Laeb, VP of Product with KELA and seasoned Intelligence practitioner. They build a semantics framework around the cybercrime underground, then dig into its workings to surface the view from everyday KELA intelligence hunters.

Topics discussed include:

• Raveed’s perspective on what defines the cybercrime underground and the activities that take place therein
• How transfer learning from any intelligence discipline to cybersecurity is possible
• How malicious actors act and conduct commerce in the cybercrime underground
• The “how” behind KELA’s “home-brewed” threat intelligence collection, curation, and refinement
• Top 3 “must haves” to build a successful “CTI” or continuous threat intelligence practice

Resources:

• Raveed’s on LinkedIn: https://il.linkedin.com/in/raveed-laeb-2a2984ba
• Raveed’s Twitter: https://twitter.com/raveedl?lang=en
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Tyler Wrightson, CEO of Leet Cyber Security, Ethical Hacker, and author of “Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization”. They discuss Tyler’s perspective on the hacker mindset, the state of security in most businesses today, and his perspective on how to improve the cybersecurity practice moving forward.

Topics discussed include:

• Tyler’s background in offensive security and how he plans penetration tests using the adversary's perspective
• The process of bringing business context into adversarial modes of attack
• The difficulties modern security practitioners face in deterring cyber threats
• Where the modern security defender is missing the mark
• The “risk perspective” from a hacker’s perspective vs. a security practitioner’s perspective
• Actionable advice for security practitioners, including the importance of understanding the adversary's mindset

Resources:

• Tyler on LinkedIn: https://www.linkedin.com/in/tyler-wrightson-87aaa15
• Tyler on Twitter: https://twitter.com/tbwrightson?lang=en
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Brian Stack, Vice President of Engineering and Dark Web Intelligence at Experian Consumer Services. They discuss Brian’s experiences in the cybersecurity industry, protecting consumers, and the changing landscape of cybercrime.

Topics discussed include:

• Brian's background in computer engineering and experience as a white hat hacker
• Protecting consumers and educating them about cyberattacks, identity theft, and digital security
• The difficulty of navigating the digital world and staying safe, while leveraging the convenience provided by digital technology
• Experian's efforts to provide free content, simple navigation, and focus on prevention, prediction, and analytics
• The use of interviews with customers to gain insight into their needs and desires, and the importance of providing tools, services, and scores to give customers more control and power
• The evolution of the cybercrime underground and threat intelligence over time, including the growth of ransomware
• Biggest misconceptions Brian runs across as it pertains to the cybercrime underground
• Actionable advice for security practitioners, including the importance of understanding human psychology and the manipulation of human behavior in cyberattacks

Resources:

• Brian on LinkedIn: https://www.linkedin.com/in/brian-stack-777a39/
• Brian on Twitter: https://twitter.com/brianmstack
• KELA (Cyber Threat Intelligence): https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Eduard Kovacs, a contributing editor to SecurityWeek. They discuss Eduard’s decade-long background as a cybersecurity journalist, the evolving trends in cybercrime over the past decade, the collaborative relationship between journalists and cybersecurity researchers, and how information is obtained from underground forums.

Topics discussed:

• Eduard’s approach to write with individual readers in mind, even if he is covering a technical topic
• Cyber threat actors are seen as humans, just like journalists and researchers.
• Why collaboration between journalists and cybersecurity researchers is critical.
• The role journalists play in bringing attention to critical vulnerabilities or breaches that companies may ignore.
• The importance of empathy when covering cyber threat actors and why simplicity is key in understanding their behavior.
• What Eduard is seeing in the space as cybersecurity researchers work more and more collaboratively to advance the industry.
• Exploring the accessibility of cybercrime forums for journalists and researchers
• How the threat hunting ecosystem has evolved to evade law enforcement.

Resources:

• Eduard on SecurityWeek: https://www.securityweek.com/contributors/eduard-kovacs/
• Eduard on Twitter: https://twitter.com/EduardKovacs
• Eduard on LinkedIn: https://www.linkedin.com/in/eduard-kovacs-7b796134/

In this episode, Zaira speaks to Mathew J. Schwartz, Executive Editor at Data Breach Today and an award-winning journalist. They discuss how Mathew was drawn to writing about cybersecurity for a career, how journalists can better seek out the truth to cyber crime situations and not let criminals control the narrative, and the evolution of business resiliency to breaches and attacks.

Topics discussed:

• How Mathew combined his longtime fascination with hacking and computer crime with his love of writing into a career that tells the stories — and the truth — of the cybercrime world.
• The search for truth in cyber crime, why it’s necessary to look at multiple sources to confirm that truth, and why you should question what the crooks say about themselves because their "truth" is likely a self-promotional lie.
• How a journalist digs into cyber crime events by asking blue-sky questions to find out why certain targets are hit, and whether certain sectors are more vulnerable or whether attackers are simply being opportunistic.
• Why ransomware is an exciting and fascinating topic to cover, especially since both threats and business security are constantly evolving.
• How business resiliency to ransomware attacks has changed, and how more companies are putting security measures in place so as not to need to pay ransom.
• How cybercrime journalism will evolve in the coming years, and why it's necessary to use the correct language and terminologies to make cybercrime reporting more objective.
• Pieces of advice for future journalists, and why a journalist's job is to demystify the cybersecurity world.

Resources Mention:

• DataBreachToday.com
• @EuroInfoSec on Twitter and Mastodon