Future of Cyber Crime

In this episode of the Future of Cybercrime podcast, Zaira speaks with Irina Nesterovsky, Chief Research Officer of KELA. They explore the world of cyberthreats and the method to the madness that is cyber threat research and investigation. 
 
Topics discussed include: 
The “How” Behind the power of KELA's cyber threat intelligence
The traits that make for a great intelligence analyst 
A look into a prominent cyberattack and surfacing attribution
Recommendations on how to leverage threat intelligence to improve your Security function
 
Resources: 
Irina on LinkedIn: https://www.linkedin.com/in/irina-nesterovsky-95017442?originalSubdomain=il
KELA Cyber Intelligence Center: https://www.kelacyber.com/resources/research/ 
KELA Cyber: https://www.kelacyber.com/ 

In this episode of the Future of Cybercrime podcast, Zaira speaks with Nirali Bhatia, Cyber Psychologist and CEO of Cyber BAAP. They explore the world of cyber psychology and how useful it is during threat investigations and ransomware negotiations. 
 
Topics discussed include: 
Nirali’s understanding of threat actor psychology
How cyber psychology is applicable to ransomware negotiations 
The effects of cybercrime on the general public 
Recommendations on how to build cyber psychology education into enterprises and how to teach every day people
 
Resources: 
Nirali on LinkedIn: https://in.linkedin.com/in/nirali-bhatia
Nirali’s Twitter: https://twitter.com/bhatianirali?lang=en
Nirali’s Website: https://niralibhatia.com/
KELA (Cyber Threat Intelligence): https://www.kelacyber.com/

In this episode of the Future of Cybercrime podcast, Zaira speaks with Chris Kirsch, CEO of runZero and seasoned social engineering practitioner. They explore the world of “hacking humans” from building target profiles to everyday hacks and exploiting trust. 
 
Topics discussed include: 
Chris’ perspective on what makes for a good social engineering exercise 
A walk-thru of competition hacks and client exercises
Key advice for all listeners on how to identify social engineering 
Recommendations on how to build a social-engineering proof organization 
Resources: 
Chris on LinkedIn: https://www.linkedin.com/in/ckirsch/
Chris’s Twitter: https://twitter.com/chris_kirsch
KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Raveed Laeb, VP of Product with KELA and seasoned Intelligence practitioner. They build a semantics framework around the cybercrime underground, then dig into its workings to surface the view from everyday KELA intelligence hunters.
 
Topics discussed include: 
Raveed’s perspective on what defines the cybercrime underground and the activities that take place therein 
How transfer learning from any intelligence discipline to cybersecurity is possible 
How malicious actors act and conduct commerce in the cybercrime underground
The “how” behind KELA’s “home-brewed” threat intelligence collection, curation, and refinement
Top 3 “must haves” to build a successful “CTI” or continuous threat intelligence practice 
Resources: 
Raveed’s on LinkedIn: https://il.linkedin.com/in/raveed-laeb-2a2984ba
Raveed’s Twitter: https://twitter.com/raveedl?lang=en
KELA (Cyber Threat Intelligence): https://www.kelacyber.com

In this episode of the Future of Cybercrime podcast, Zaira speaks with Tyler Wrightson, CEO of Leet Cyber Security, Ethical Hacker, and author of “Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization”. They discuss Tyler’s perspective on the hacker mindset, the state of security in most businesses today, and his perspective on how to improve the cybersecurity practice moving forward.
Topics discussed include: 
Tyler’s background in offensive security and how he plans penetration tests using the adversary's perspective  
The process of bringing business context into adversarial modes of attack
The difficulties modern security practitioners face in deterring cyber threats
Where the modern security defender is missing the mark 
The “risk perspective” from a hacker’s perspective vs. a security practitioner’s perspective
Actionable advice for security practitioners, including the importance of understanding the adversary's mindset
Resources: 
Tyler on LinkedIn: https://www.linkedin.com/in/tyler-wrightson-87aaa15
Tyler on Twitter: https://twitter.com/tbwrightson?lang=en
KELA (Cyber Threat Intelligence): https://www.kelacyber.com/
 

In this episode of the Future of Cybercrime podcast, Zaira speaks with Brian Stack, Vice President of Engineering and Dark Web Intelligence at Experian Consumer Services. They discuss Brian’s experiences in the cybersecurity industry, protecting consumers, and the changing landscape of cybercrime.
Topics discussed include: 
Brian's background in computer engineering and experience as a white hat hacker
Protecting consumers and educating them about cyberattacks, identity theft, and digital security
The difficulty of navigating the digital world and staying safe, while leveraging the convenience provided by digital technology
Experian's efforts to provide free content, simple navigation, and focus on prevention, prediction, and analytics
The use of interviews with customers to gain insight into their needs and desires, and the importance of providing tools, services, and scores to give customers more control and power
The evolution of the cybercrime underground and threat intelligence over time, including the growth of ransomware
Biggest misconceptions Brian runs across as it pertains to the cybercrime underground
Actionable advice for security practitioners, including the importance of understanding human psychology and the manipulation of human behavior in cyberattacks
Resources: 
Brian on LinkedIn: https://www.linkedin.com/in/brian-stack-777a39/
Brian on Twitter: https://twitter.com/brianmstack
KELA (Cyber Threat Intelligence): https://www.kelacyber.com/
 

In this episode of the Future of Cybercrime podcast, Zaira speaks with Eduard Kovacs, a contributing editor to SecurityWeek. They discuss Eduard’s decade-long background as a cybersecurity journalist, the evolving trends in cybercrime over the past decade, the collaborative relationship between journalists and cybersecurity researchers, and how information is obtained from underground forums. 
Topics discussed: 
Eduard’s approach to write with individual readers in mind, even if he is covering a technical topic
Cyber threat actors are seen as humans, just like journalists and researchers.
Why collaboration between journalists and cybersecurity researchers is critical.
The role journalists play in bringing attention to critical vulnerabilities or breaches that companies may ignore.
The importance of empathy when covering cyber threat actors and why simplicity is key in understanding their behavior.
What Eduard is seeing in the space as cybersecurity researchers work more and more collaboratively to advance the industry.
Exploring the accessibility of cybercrime forums for journalists and researchers
How the threat hunting ecosystem has evolved to evade law enforcement. 
Resources: 
Eduard on SecurityWeek: https://www.securityweek.com/contributors/eduard-kovacs/
Eduard on Twitter: https://twitter.com/EduardKovacs
Eduard on LinkedIn: https://www.linkedin.com/in/eduard-kovacs-7b796134/

In this episode, Zaira speaks to Mathew J. Schwartz, Executive Editor at Data Breach Today and an award-winning journalist. They discuss how Mathew was drawn to writing about cybersecurity for a career, how journalists can better seek out the truth to cyber crime situations and not let criminals control the narrative, and the evolution of business resiliency to breaches and attacks.
Topics discussed:
How Mathew combined his longtime fascination with hacking and computer crime with his love of writing into a career that tells the stories — and the truth — of the cybercrime world.
The search for truth in cyber crime, why it’s necessary to look at multiple sources to confirm that truth, and why you should question what the crooks say about themselves because their "truth" is likely a self-promotional lie.
How a journalist digs into cyber crime events by asking blue-sky questions to find out why certain targets are hit, and whether certain sectors are more vulnerable or whether attackers are simply being opportunistic.
Why ransomware is an exciting and fascinating topic to cover, especially since both threats and business security are constantly evolving.
How business resiliency to ransomware attacks has changed, and how more companies are putting security measures in place so as not to need to pay ransom.
How cybercrime journalism will evolve in the coming years, and why it's necessary to use the correct language and terminologies to make cybercrime reporting more objective.
Pieces of advice for future journalists, and why a journalist's job is to demystify the cybersecurity world.
Resources Mention: 
DataBreachToday.com
@EuroInfoSec on Twitter and Mastodon

In this episode, Zaira speaks to Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea. With nearly thirty years in the industry, Carson discusses how he's seen cybersecurity evolve, how ethical hacking is a skill and a mindset rather than a crime, and why security should focus not on protecting computers but protecting people and society. 
Topics discussed:
Joseph's nearly thirty-year background in security, from managing mainframes, learning COBOL, and programming with hole punches, to his security work today that has included architectural designs, cybersecurity awareness training, and ethical hacking.
How creating better security starts by understanding the humans behind the machines, and how security isn't about protecting computers but about protecting society.
How Joseph got started with hacking, and why hacking is a skill and a mindset that helps make people safe.
How the cybersecurity industry can help its image by talking less about how scary the work can be and instead show how fun it can be.
The value of learning from failures while ethically hacking, understanding that you may not find the answer the first time, and learning the fundamentals to help you understand how to pivot.
The evolution of the state of cybercrime, from hacktivists curious about what they could do, to today's business of organized cybercrime — and why ransomware is the "perfect weapon" for immediate impact.
The importance of closing skills gaps and hiring from diverse backgrounds to strengthen security teams, as well as the importance of providing psychological support to teams managing high-stress environments during and after attacks.
Resources Mention: 
LinkedIn: https://www.linkedin.com/in/josephcarson/
Twitter: @joe_carson
KELA (Cybercrime Threat Intelligence): https://www.kelacyber.com/
 

In this episode, Zaira Pirzada speaks to Alex Tilley, APAC Intelligence and Research head at Dell SecureWorks. A highly awarded cybercrime researcher, Tilley was at the forefront of research and countermeasures when phishing and malware first began to attack banking platforms and their customers. He moved on to become a senior cybercrime technical analyst with the Australian Federal Police, where he focused his analytical approach on the "who" and "why" of cybercrime fighting. Tilley became a recognized technical expert at the Supreme Court level in the prosecution of cybercrime and child-protection related offenses before moving back to the private sector, where he now serves in his current role.
In this episode, Zaira and Alex discuss what security teams do right, where they can improve in their never-ending battle against threat actors, and his actionable tips for defenders. 
Topics discussed:
Alex summarizes his view about the current state of cybercrime today.
He shares his thoughts on the evolution of cybercrime threat intelligence.
Zaira and Alex explore things security teams can do to improve.
They discuss some of the benefits of employee retention within the security team.
The balance between former government intel specialists and private intelligence training opportunities. 
Alex gives valuable suggestions for ways business leaders can incentivize security teams to be more effective.
Resources Mention: 
Secureworks.com
Alex Tilley on LinkedIn