Inside Security Intelligence (Recorded Future)

We welcome cybersecurity leader and entrepreneur Andy France, in a conversation led by Recorded Future Co-Founder and CEO Christopher Ahlberg. Andy France’s career in cybersecurity spans over four decades, including positions as the deputy director of cyber defense for the UK government, along with positions at Darktrace, Deloitte, GSK, and Lloyds Banking Group. He serves on a number of cybersecurity advisory boards, and is currently the co-founder and director at Prevalent AI. Andy France addresses the “big-picture” items in cybersecurity, considering what it might take to fix, once and for all, the fundamental issues security professionals face. He considers the often-used comparison of cybersecurity to public health, and provides advice on effective implementation of threat intelligence.

In this episode of the Recorded Future podcast, we examine how threat intelligence applies to a variety of roles within an organization, and how security professionals can integrate it to empower their team to operate with greater speed and efficiency. How does threat intelligence apply to SOCs, to incident response, or vulnerability management? And how do corporate leaders make the case that threat intelligence is a worthwhile investment? Joining us to address these questions is Chris Pace, technology advocate at Recorded Future.

Our guest today is Michelle Dennedy. She’s vice president and chief privacy officer for Cisco. An outspoken advocate for building technologies that not only enhance our lives but also promote integrity and respect for people regardless of their level of technical sophistication, Michelle is leading the charge for better understanding and implementation of privacy and data security policies around the world. Our conversation includes her thoughts on why organizations find privacy so challenging, the differences between aspirational messaging and foundational values, and where she thinks the next generation of security and privacy professionals may take us.

Recorded Future’s Insikt Group recently released research outlining China’s attempts at what they describe as digital colonization. A focus of China’s efforts involve providing attractive, cost-effective infrastructure deals for developing African nations, using technology sourced from China, technology that includes substantial surveillance capabilities. For some regimes this is all the better, but for others it means joining the online global marketplace in exchange for allowing Chinese authorities an unfettered view into their nation’s online activities.  To help us understand the implications of this bargain we welcome back to our program Recorded Future’s Charity Wright, expert cyber threat intelligence analyst. 

Raytheon is one of the largest defense contractors in the world, with over 60 thousand employees and annual revenues near $25 billion. They’ve been in business for nearly a hundred years, with humble beginnings in vacuum tube manufacturing, RADAR systems and microwaves during World War II, and post-war expansions into everything from missiles and aircraft to refrigeration and robotics. Our guest today is Michael Daly, chief technology officer for cybersecurity at Raytheon. He shares his experiences spinning up a cybersecurity team at Raytheon, the challenges of doing so within such a large organization, and the importance of a strong corporate culture to ensure safety and security.  

Researchers from Recorded Future’s Insikt Group have previously analyzed both the U.S. and Chinese national vulnerability databases, examining the speed of publication of cybersecurity vulnerabilities, and how each respective country considers its NVD in the broader context of the national mission of cyber defense and operations. Recorded Future’s research team recently set their investigative sights on Russia’s vulnerability database to see how it compares. Priscilla Moriuchi is director of strategic threat development at Recorded Future, and she joins us to share what they found.

The last few years, and the most recent election cycle in particular, have brought unprecedented levels of misinformation and disinformation to the fore. This era of online disinformation bots, fake news, and  interference from foreign adversaries has sown the seeds of division in our culture, much of it distributed and amplified on social media platforms.  Jane Lytvynenko is a senior reporter at Buzzfeed News, and the past several years she’s been focused on disinformation — where it comes from, who’s seeing it, how it works, and what might be done to defend against it. She joins us to share her insights.

Joining us today is Dana Pickett. He’s CISO for Edwards Performance Solutions, as well as a principal for the cybersecurity services they offer. With over three decades in the industry, Dana has witnessed the inception and evolution of cybersecurity, from mainframes to the IoT. He shares his thoughts on what it takes to be a successful CISO, the importance of focusing on business outcomes, effective communication with the board, proactive versus reactive threat intelligence, the utility of frameworks, and the value of peer groups.

Researchers at Recorded Future have recently detected and described a new kind of influence operation that they’ve named “Fishwrap.” The technique involves recycling previously published news accounts of terrorist activities and amplifying their exposure through social media, with the apparent intent of sowing the seeds of distrust and unease. Our guest today is Staffan Truvé, CTO and co-founder of Recorded Future. He’ll describe the tools they used to uncover the Fishwrap campaign, the conclusions they’ve reached from the information they’ve gathered, and the ways we can all prepare ourselves to spot them.

Our guest this week is a true internet pioneer. Paul Vixie describes himself as a “long time defender of the internet.” He’s  an author or co-author of several RFC documents and open source software systems including BIND and Cron, a serial entrepreneur now CEO and co-founder of his fifth startup company, Farsight Security, and an inductee into the Internet Hall of Fame.  He joins us with insights on how we are suffering the ramifications of early internet design choices, what that means for global networking going forward, and, specifically, why he believes it’s best not to rely on outsourcing your DNS.

Criminal markets on dark web forums are the online version of a bad neighborhood, complete with sellers, buyers, and people who make their living connecting those groups. They tend to be self-policing, and so when an individual discovers a fundamental flaw in the technical foundation of the community and then decides to take advantage of that flaw to hold entire markets for ransom, that tends to get people’s attention. It’s a high-stakes game. Daniel Byrnes is a senior threat intelligence analyst with Recorded Future’s Insikt Group, and he found himself on a journey down a dark web rabbit hole to try to make sense of the situation.

In this episode of the Recorded Future podcast, we explore the unique challenges associated with securing your C-Suite executives. Not only are they attractive targets for scammers and fraudsters, when it comes to security, they’re often afforded a level of flexibility and deference not given to other employees. What’s the most effective approach for educating executives on the critical role of security, and how do you extend that behavior beyond the office walls? In a world where business email compromise and phishing run rampant and attacks happen at the hardware DNA level, translating security strategy to the common language of risk management can be an effective approach. Joining us once again to address these questions is Dr. Christopher Pierson, CEO at Binary Sun Cyber Risk Advisors.

Our guest today is Denver Durham. He’s a threat intelligence consultant at Recorded Future, with a background in the U.S. Army as an intelligence analyst, working in signals intel and all-source intel supporting counterterrorism,and later in the private sector in a SOC (security operations center) as a cyber threat analyst, performing attribution and analytics. On today’s show, he takes us through what he believes are some of the most relevant questions for a SOC analyst, including collecting and prioritizing indicators of compromise, handling news feeds, managing firewall alerts, and performing trend analysis. We’ll learn about the types of reports a SOC analyst is likely to generate, how to make good use of some third-party rules, and he’ll share his advice for anyone considering a career as a SOC analyst.

Our guest is John Zanni, CEO at Acronis SCS, a company dedicated to providing secure backup, disaster recovery, and cyber protection for the U.S. public sector. He shares his unconventional journey into a career in cybersecurity, as well as insights on the unique challenges public sector organizations face when trying to protect valuable assets.  We’ll also get John’s thoughts on threat intelligence, the skills and traits he looks for when hiring, and why he thinks cybersecurity organizations should be recruiting workers from the U.S. military.

Our guest today is Bob Gourley, author of the book “The Cyber Threat: Know the Threat to Beat the Threat.” Earlier in his career, Bob spent 20 years as a U.S. Navy intelligence officer. One of his last assignments with the military was as director of intelligence for the first Department of Defense cyber defense organization. He’s currently a partner at Cognitio Corp, where he leads research and analysis activities, due diligence assessments, and strategic cybersecurity reviews for clients. Bob sat down with us at our annual user conference at the Newseum in Washington, D.C. for a wide-ranging conversation on what it was like to define emerging cybersecurity missions for the Department of Defense, the importance of looking back to history as a guide, and the growing need for threat intelligence and basic cyber hygiene.

Cities and municipalities have made headlines recently in their efforts to defend themselves from cyber attacks, most notably ransomware. Joining us this week to discuss the unique security challenges faced by municipalities are two guests. Margaret Byrnes is Executive Director of the New Hampshire Municipal Association, a non-profit membership organization that provides education, training, advocacy and legal services to cities and towns across New Hampshire. Joe Howland is Chief Information Security Officer at VC3, a managed IT services company who’s clients include many municipalities throughout the country.

Joining us this week is Ryan Chapman, Principal Incident Response & Forensics Consultant at Blackberry.  Our conversation centers on his belief that most organizations aren’t nearly as prepared for a ransomware incident as they think they are, a belief that has been formed from countless engagements with groups who found out the hard way that their backups have issues, or their overall incident response plan comes up short. We explore the spectrum of reasons why that may be so, and discuss practical ways for security professionals to balance their organization’s resources with their appetite for risk.

Schneider Electric is a global energy management and automation company headquartered in France, employing over 144,000 people around the world. With a history dating back to the 1830s, these days Schneider Electric enjoys success in industrial control systems, industrial safety systems, electric power distribution and grid automation, smart grid technology, and data center power and cooling. Our guest today is Andrew Kling, senior director of cybersecurity and system architecture at Schneider Electric. He shares his professional journey, his experience pioneering many of the security measures we take for granted today, the shift to being proactive in his sector, and the importance of threat intelligence.

Recorded Future’s Insikt Group recently published a report titled, Dark Covenant: Connections Between the Russian State and Criminal Actors. The report outlines the categories of cyber criminals enjoying privileged status within Russia, along with their often fluid relationships with official Russian authorities.  Joining us to discuss the report is a Senior Threat Intelligence Analyst from Recorded Future’s Insikt group. Due to the sensitive nature of the report and her part in gathering information in it, we are respecting her request to remain anonymous. 

Our guest today is O’Shea Bowens. He’s CEO of Null Hat Security and a SOC manager for Toast, a Boston-area firm, where he focuses on threat hunting, incident response, SOC operations, and cloud computing. O’Shea shares his early beginnings as a teenage hacker learning the ropes, his career path, and why he believes it’s important to be a role model, a mentor, and to have a presence in the security community.

The SANS Institute is a well-known and respected cooperative research and education organization. Since its founding in 1989, it’s worked with over 165,000 security professionals around the world, providing training and certification. It also provides free access to a huge library of research documents about information security, and it runs the Internet Storm Center, which it describes as the internet’s early warning system. Our guest today is Dr. Johannes Ullrich, and he’s responsible for that early warning system. He’s a popular public speaker and host of the ISC StormCast daily podcast, a daily briefing of cybersecurity news that professionals around the world rely on to stay up to date.

Scholars and researchers from the think tank New America recently released an education policy initiative titled, Teaching Cyber Citizenship — Bridging Education and National Security to Build Resilience to New Online Threats. The report outlines challenges facing educators when it comes to preparing students for the online world, describes the broad spectrum of reasons why it’s important that they are properly prepared, and provides resources and potential solutions for communities and school systems to adopt.  Joining us this week are two of the report's coauthors, Lisa Guernsey, director of New America’s Teaching, Learning and Tech Program, and Peter W. Singer, strategist and senior fellow.

Our guest today is Steve Povolny, head of advanced threat research at McAfee. We’ll learn how he came to lead his team of researchers at the well-known security company, his philosophy on leadership, and why investing in research makes sense for McAfee (and most companies). We’ll also cover how to strike a balance between maintaining a healthy competitive advantage in the marketplace, while contributing to the larger threat research community and helping to make the world a safer place. He shares his thoughts on threat intelligence, why he believes it’s grown in importance for most organizations, and we’ll get his advice on choosing what kinds of services you might need.

Whether you felt 2017 flew by or you just couldn’t wait for it to be over, from a cybersecurity point of view there’s no question it was an interesting year. There was something for everyone, including ransomware, botnets, major data breaches, IoT issues, as well as business and policy concerns. Our guest today is Dr. Chris Pierson. He’s the CEO and founder of Binary Sun Cyber Risk Advisors, and a familiar voice for those of us who follow cybersecurity. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a distinguished fellow of the Ponemon Institute.  Together, we’ll take a look back at 2017 and try to make sense of what it all means as we head into the new year, what 2018 may have in store for the cybersecurity industry, and how best to prepare.

Our guest today is Niloofar Razi Howe. She’s a respected technology executive, entrepreneur, board member and investor, having served as Chief Strategy officer for Endgame and, later, RSA Security. She’s a life member of the Council on Foreign relations, and a Recorded Future board member. Our conversation touches a range of topics, from her start as an attorney and entrepreneur, her shift to venture capital, and her executive level assignments as chief strategy officer. We’ll get her take on where she thinks the VC money will be headed in cyber security, as well as her thoughts on why it’s important to make time for giving back.

Deepfakes continue to be a growing security concern. As the technology to alter video footage and replace one person's face with another’s has advanced in ease, sophistication and availability, the use of deepfakes has become more broadly prevalent, extending beyond novelty use to become another tool in the adversary’s playbook.  Our guest today is Andrei Barysevich, cofounder and CEO of fraud intelligence firm Gemini Advisory. He shares his insights on the growing criminal market for deepfakes, and how organizations can best prepare themselves to defend against them.

Recent protests in Hong Kong have highlighted a growing trend in online influence operations, in this case from mainland China. Officials there have been using Western social media platforms to influence public perception of the Hong Kong protests. Those social media platforms have, in turn, shut down accounts they’ve determined are posting what they call “inauthentic content.”  Researchers in Recorded Future’s Insikt Group have been analyzing these attempts at online influence operations and have published a report titled “Chinese State Media Seeks to Influence International Perceptions of Hong Kong Protests.” Priscilla Moriuchi is head of nation-state research at Recorded Future, and she joins us to share their findings.

Our guest is Sal Aurigema, associate professor of computer information systems at the University of Tulsa. He shares his experience in nuclear engineering and serving aboard submarines in the U.S. Navy, his shift to the intelligence community, and his pivot to teaching in higher education.  We’ll learn about Sal’s approach to inspiring his students and why he emphasizes the importance of curating their own personal security intelligence feed. He also explains why he believes there’s a place in cybersecurity for people from all walks of life, and not just those with an interest in computer science and technology.

Our guest today is Myke Cole. He’s a cyber threat intelligence analyst with a large metropolitan police department, and a member of the United States Coast Guard reserve, supporting maritime search and rescue and law enforcement around New York City. He is also an award-winning, best-selling author of fantasy fiction, perhaps best known for his “Shadow Ops” series of novels, combining military action with magic and sorcery. And if that weren’t enough, he’s also featured in the CBS reality TV series, “Hunted,” where he’s one of an elite team of fugitive hunters. Mr. Cole shares his unlikely path to cybersecurity, how his ability to conjure convincing characters in his fantasy novels transfers to understanding the minds of cyber adversaries, and the importance of creativity and taking risks.

Recorded Future’s Allan Liska is our guest once again this week. This time, he brings a collection of interesting trends and anomalies that he and his team have been tracking. They publish these on the Recorded Future website under the title of “pulse reports.” We’ll take a closer look at ransomware in international financial institutions, credential leaks in the biotech and pharmaceutical industries, as well as the rise of retail phishing campaigns in the midst of the global pandemic.

Security professionals at institutions of higher education face a broad spectrum of challenges, from protecting the internal networks of their organizations, to securing intellectual property of research groups, to protecting the personal information of thousands of students and staff every year. Our guest is Bob Turner, chief information security officer and director of the office of cybersecurity at the University of Wisconsin, Madison. He shares insights from his experience leading a team of professionals and students who are tasked with protecting a wide variety of information and systems.

Our guest today is Matt Devost. He’s CEO and co-founder of OODA LLC, a company that helps clients identify, manage, and respond to global risks and uncertainties. Matt Devost has been at the intersection of public policy and cybersecurity since it became possible to align the two. He has expertise in counterterrorism, critical infrastructure protection, intelligence, risk management, and cybersecurity issues.  In addition to sharing the story of his career journey, we’ll get his insights on managing cyber risk in a complex world, as well as his thoughts on threat intelligence.

Each year Verizon publishes its Data Breach Investigation Report, or DBIR, the annual survey of the state of cybersecurity using data gathered from tens of thousands of incidents from around the world. It’s earned a reputation as a must-read report, for its thoroughness and approachability. Marc Spitler is a senior manager of Verizon Security Research, and one of the lead authors of the report. He joins us to share the behind-the-scenes story of what goes into the DBIR, how his team chooses the year’s hot topics, and how they protect their efforts from undo influence.  

When you’re responsible for safeguarding the money, not to mention the personal financial information of your clients, what are your specific needs when it comes to threat intelligence? Where do you begin, and how do you get the best bang for your buck? Is open source intelligence enough, or should you invest in a paid solution from the outset? What about regulators? And how do you get buy-in from the board? Here to answer these and many other questions is Dr. Christopher Pierson. He’s chief security officer and general counsel at Viewpost, an electronic invoice, payment, and cash management company. He also serves as a special government employee on the Department of Homeland Security Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee, and is a distinguished fellow of the Ponemon Institute.

Joining us this week is Pierre Noel, managing director for Europe at Astari, a company providing global cyber resilience services for businesses.  Pierre Noel has enjoyed a remarkably broad professional career, with time spent at IBM, KPMG, Microsoft and Huawei, in both deeply technical and business roles. He shares his insights on the ways culture impacts security, the importance of threat intelligence (if your organization is ready for it), and why he believes things are likely to get a lot worse before they get better.

By now, you’ve surely heard that Equifax, one of the largest credit reporting companies in the U.S., suffered a huge data breach. How bad was it? Reports say over 143 million sets of personal information may have been lost on U.S. residents alone, including names, social security numbers, birth dates, addresses, and in some cases driver license numbers. Reports say Equifax neglected to patch a known vulnerability in a timely manner, and took even longer to go public with news of the breach. The story is still developing, but it’s shaping up to be one of the most significant security breaches yet. John Wetzel is head of threat intelligence training at Recorded Future, and he joins us today to help make sense of what happened to Equifax, how it might have been prevented, and what a breach of this size means for all of us.

In our first episode, we start with the basics of threat intelligence. We talk about its emergence in cyber security and offer some relevant definitions. We describe where threat intelligence comes from, its purpose, and the context in which it's used. In an age of information overload, we also look at the path from data, to information, to actionable intelligence. These are important distinctions when organizations requiring threat intelligence faced the prospect of sorting through competing claims, products, and services in the marketplace. As organizations adopt threat intelligence and look to protect themselves in a rapidly evolving threat landscape, discerning value, establishing priorities, and setting measureable goals become critical. We talk through these issues with Staffan Truvé, our CTO and Co-founder; Levi Gundert, our VP of Intelligence & Strategy; and Robert M. Lee, CEO and founder, Dragos Security.

This week, we welcome back Levi Gundert, Recorded Future’s vice president of intelligence and risk. In a wide-ranging conversation, we discuss Insikt Group’s research into APT10, the challenges of authentication at scale, the importance of framing communication in terms of quantifying risk, and what it means to be an ethical hacker. Levi also shares the potential trends he’ll be following in the coming year.

There’s an increasing awareness of foreign influence on American institutions through social media. U.S. intelligence agencies have asserted that Russians made a concerted effort to disrupt and influence the 2016 presidential election, and there’s widespread evidence that Russia continues to sow the seeds of discord with the aim of eroding Westerners’ trust and confidence in their political systems and social norms. Recorded Future’s Insikt Group recently published findings from their research into Chinese efforts to sway public opinion via social media, and how their goals and tactics are markedly different from those of the Russians. We welcome back Recorded Future’s Priscilla Moriuchi to the show. She shares Insikt Group’s findings and helps put it all into broader perspective.

Jim Routh is chief security officer of Aetna, a Fortune 500 company offering health care, dental, pharmacy, group life, disability, and long-term care insurance and employee benefits. With annual revenue exceeding 60 billion dollars and nearly 50 thousand employees, there’s a lot to secure. In this episode, we explore Jim Routh’s career path, the unique challenges he faces as CSO for such a large public company, how he delegates authority and manages his time, his approach to threat intelligence, and his somewhat contrary approach to communicating risk with the Aetna board. We learn about Aetna’s move away from using Social Security numbers as identifiers, as well as their efforts to phase out traditional password-based user logins, all in the name of improving customer convenience and security. He also explains his adoption of model-driven security and the rise of unconventional controls.  

Our guest today is Tracy Maleeff. Before earning a position as a cyber analyst at a Fortune 500 company, she ran her own firm, providing information security and competitive intelligence research. Prior to that she worked as a Library Resources Manager for a major law firm. Tracy shares the story of her unusual career journey from library science to cyber security, her advice for getting up to speed after a mid-career course change, as well as her thoughts on team building and the importance of diversity throughout an organization.

Graham Cluley is well known in the cybersecurity industry as a popular speaker, writer, independent security analyst, and cohost of the Smashing Security podcast. He’s had senior roles at Sophos and McAfee, and is a member of the Infosecurity Europe Hall of Fame. He joins us this week for a wide-ranging conversation, including his humble beginnings writing software to protect against malware before that was really even a thing, his thoughts on the latest trends and techniques the bad guys are using, and how we as a community should protect ourselves against them. And, of course, we get his take on threat intelligence, and why he thinks it’s playing an ever-increasing role as organizations stand up their cyber defense strategies.

Our guest today is Martijn Grooten. He’s editor at Virus Bulletin, an online forum for sharing the latest cybersecurity research and intelligence, which dates back to 1989. They’re also an independent testing and certification body, and they hold a popular international security conference annually. Our conversation spans a range of topics, including the evolution of threats that Martijn has tracked over the past several decades, the current state of malicious email campaigns, why he believes some organizations overstate the potential impact of nation-state attacks, his thoughts on threat intelligence, and his recommendations for how organizations can best protect themselves.

When we talk about threat intelligence, we often put it in the context of bringing information to the surface, creating context and alerts to let you know what you need to be concerned with. We also speak of cutting through the noise, of pulling the signal out and transforming it into actionable intelligence. Our guest today is Andrew Morris. He’s CEO of GreyNoise Intelligence, a company that describes itself as “anti-threat intelligence.” That’s not to say they’re against threat intelligence — quite the opposite, in fact — but instead of focusing on what should keep you up at night, Andrew and his team analyze the background noise of the internet to determine what you don’t need to worry about. It’s a unique approach that’s perhaps a bit counterintuitive at first, but ultimately, they say it helps you filter out useless noise and focus your time and resources on what really matters.

Perdue Farms is a major U.S. agricultural business, best known for its processing of chicken, turkey, and pork, and is one the nation’s top providers of grain. Founded nearly a century ago as a “mom-and-pop” business with a small flock of chickens, today the company marks sales in excess of $6.5 billion a year and has over 20,000 employees. Chris Wolski is head of information security and data protection at Perdue Farms, and he joins us to describe the unique intersection of cyber and physical systems he and his team help protect.

Turning information into actionable intelligence is a critical activity for organizations of all types and sizes. The challenge remains sifting through the enormous amount of data coming at us from all angles and at ever-increasing rates. In this episode, we give the scoop on Recorded Future’s new team dedicated to helping organizations overcome these challenges. Insikt Group is a team of veteran threat researchers that back up the intelligence analysts, engineers, and data scientists that create and deliver our products. The word “insikt” is Swedish for insight and highlights the team’s core mission of finding insights that reduce risks. We speak once again with Levi Gundert, Vice President of Intelligence and Strategy at Recorded Future. We cover some of the research being done by the Insikt Group, including “Fatboy,” a new ransomware-as-a-service product, as well as how Chinese and Russian cyber communities are digging into malware from the April Shadow Brokers release.

On this week’s show, we welcome back Lauren Zabierek. The last time she joined us, she was a senior intelligence analyst at Recorded Future, but she’s since taken on the role of director of the cybersecurity project at Harvard’s Belfer Center. She shares the mission of her organization, the role she thinks it has to play on the national and international stage, and why making sure everyone has a seat at the table leads to better, safer outcomes.

The research and advisory firm Gartner recently took a closer look at security threat intelligence, and published a comprehensive report with their findings, the Gartner Market Guide for Security Threat Intelligence Products and Services. The report explains the different use cases for threat intelligence, makes recommendations for how best to implement it in your organization, and provides guidance on evaluating vendors. In this episode of the Recorded Future podcast we are joined once again by Allan Liska, senior threat intelligence analyst at Recorded Future, to walk through some of the key takeaways from the Gartner report, and to see how the report aligns with Allan’s experience. You can download a free copy of the report at: https://go.recordedfuture.com/gartner-market-guide

Recorded Future’s Insikt Group recently published research titled “Underlying Dimensions of Yemen’s Civil War: Control of the Internet.” It’s a detailed analysis of the role the internet has played in this ongoing bloody conflict, as rival factions fight to gain control of information, access, and infrastructure. Local and international interests all come in to play. Here to guide us through the research are Recorded Future’s Winnona DeSombre, threat intelligence researcher, and Greg Lesnewich, threat intelligence analyst.

Our guest today is Nick Kael. He’s chief technology officer at Ericom Software, a company that provides secure web isolation and remote application access software and cloud services. In our conversation, Nick shares his professional journey, including the important lessons his experience in the U.S. military have provided. We’ll learn about his leadership style, his take on threat intelligence, what he looks for when hiring, and his approach to his day-to-day responsibilities.

Our guest this week is Nico Dekens. Online, people know him as the “Dutch OSINT Guy,” a handle he’s earned through his extensive knowledge and background in open source intelligence.  Nico shares his own history getting into the field, as well as some real-world examples of how he goes about gathering OSINT, and how individuals can do a better job protecting themselves online. And, of course, we’ll get his insights on threat intelligence as well.

Our guest this week is Jeff Fagnan, founder and managing director at Accomplice, a venture capital firm focused on seed-stage technology companies. He’s worked with well-known companies such as Carbon Black, FreshBooks, Patreon, Veracode, and yes, Recorded Future. Jeff shares his perspective on what he looks for in a hopeful entrepreneur, the hard problems he wants to see them tackling and the importance of their ability to communicate their vision and their passion. We’ll hear his optimistic vision of the coming year, and why he believes cyber security is a foundational element of every modern company.

As organizations become increasingly complex in their push for digital transformation, the need for actionable, automated threat intelligence for everyone has never been greater. On this week’s show, we tackle that very topic with Recorded Future’s chief of intelligence solutions, Stuart Solomon. We caught up with Stuart at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C. to discuss threat intelligence, the notion of security intelligence, and some practical considerations for integrating these kinds of tools.

Our guest today is Dale Drew. He’s chief security officer at Zayo Group, a global provider of communications, colocation, and cloud infrastructure. Previously, he’s held leadership positions at some of the largest and most influential telecommunications companies in the world, including CenturyLink, Level 3 Communications, and MCI Communications. He shares the story of his unlikely start in the security industry, sparked by a stolen family checkbook, which led to a position with the Arizona Attorney General’s office, working to fight organized crime and racketeering. We’ll get his views on threat intelligence, and we’ll learn why he’s leading an effort to champion open source tools in the industry.

Many organizations find themselves puzzling through the countless security products and services on offer these days, decoding the buzzwords and acronyms, hoping to find clarity and understanding. MSSP and MDR services are among those offerings. MSSP stands for managed security service provider, and MDR is managed detection and response. Our guest today will help sort out the sometimes subtle differences between the two. Sean Blenkhorn is chief product officer at eSentire, and he shares his insights on modern threat hunting and how threat intelligence can enhance those capabilities.

Our guest today is Vince Peeler. He’s the manager of cyber intelligence services at Optum, one of the largest healthcare and services providers in the world. He shares his unlikely journey from a career as a naval aviator to cybersecurity, and how lessons he learned in the military help inform his approach to cyber threats today. We’ll also focus on the intelligence cycle, and the role it can play in organizing and focusing the efforts of cybersecurity teams. He offers tips on integrating threat intelligence, and making the most of automation to enable your analysts to maximize their effectiveness.

We are joined this week by Roman Sannikov, director of cybercrime and underground intelligence at Recorded Future.  The focus of our conversation is a report recently published by Recorded Future’s Insikt research team, titled Russian-Related Threats to the 2020 US Presidential Election. In reviewing the report’s findings, we’ll explore the methods Russian actors have employed in their effort to disrupt and influence the 2020 U.S. presidential election, the context within which these efforts are best considered, and how as individuals, organizations and nation wide we can best counter these efforts to help ensure a safe, smooth election process.

The recent Equifax breach highlights the vulnerability of our personal data online, and serves as a reminder that there’s an active, thriving, global criminal market for that sort of information. In this episode of the Recorded Future podcast we return to the dark web, with Recorded Future’s director of advanced collection, Andrei Barysevich as our guide. He’ll separate fact from fiction, and help us gain a better understanding of the mysterious and increasingly volatile world of the online criminal underground. What sorts of information and services are actually available for purchase in these markets, how does law enforcement respond, and what are the challenges of gathering threat intelligence in an environment where trust and anonymity are the coins of the realm?

Threat Intelligence is a wide ranging term, and it can mean different things to different people as they consider the variety of ways to best integrate it into their organization’s cyber defense strategies. In today’s show, we’re exploring the possibilities for leveraging threat intelligence throughout your organization, from the SOC to the board room, from incident response to fraud protection, and much more. Joining us to guide our journey is Recorded Future’s Mike Petronaci. Before joining Recorded Future, Mike spent time working in the U.S. Department of Defense, as well as with industry leading organizations like Akamai and Cybereason.

The Emotet malware and cybercrime campaign recently made headlines, not for infecting victims with Trickbot or Qbot malware or spinning up a new botnet, but instead for being taken down by law enforcement. In January of this year, an international effort led by Europol took control of Emotet infrastructure, effectively taking it down, as well as making arrests of alleged perpetrators in Ukraine.  To help us understand the impact of the takedown on the global malware ecosystem, I’m joined this week by Greg Lesnewich, senior intelligence analyst with Recorded Future’s Insikt Group.

Our guest today is Storm Swendsboe. He’s an analyst services manager at Recorded Future, leading a team of intelligence analysts providing on-demand reports for their customers. In our conversation he explains the different types of reports his team provides, with a focus on finished intelligence. Swendsboe answers questions like where does finished intelligence it fits in an organization’s threat intelligence strategy? How it can be customized for specific audiences? And how to make sure a report doesn’t quickly become out of date the moment it’s published.  

Disinformation campaigns are in the news. Starting with the 2016 U.S. election cycle, continuing in 2018, and now looking ahead to 2020, the threat of online influence operations from foreign adversaries has been top of mind — but there’s a different kind of disinformation for sale on the dark web. Researchers from Recorded Future’s Insikt Group engaged with two threat actors selling their wares on Russian-speaking underground forums. They discovered that disinformation campaigns are readily available, not terribly expensive, and potentially highly effective. Roman Sannikov is director of analyst services at Recorded Future, and he shares what they found.

Our guest today is Rosa Smothers, senior vice president of cyber operations at KnowBe4, where she leads KnowBe4’s federal practice efforts, including providing cybersecurity advisory services to civilian and military agencies within the U.S. federal government. From her humble beginnings with a used 8-bit home computer, Rosa’s career experience includes over a decade in the CIA, leading cyber operations against terrorists and nation-state adversaries. She served multiple tours overseas as a cybersecurity analyst and technical intelligence officer in the Center for Cyber Intelligence and the Counterterrorism Mission Center, and was highly decorated for her service. She’s a strong advocate and mentor for women starting their careers, and is a member of Women in Defense and InfraGard.

Looking back at predictions about what to expect in cyber security in 2017, one thing on just about everyone’s list was ransomware. It’s quickly risen to one of today’s top cyber threats and shows no signs of slowing down. In this episode, we speak with someone who quite literally wrote the book on ransomware. Allan Liska is a Senior Solutions Architect at Recorded Future, and coauthor of the book, “Ransomware – Defending Against Digital Extortion,” published by O'Reilly. In our conversation, we give some background the emergence of ransomware, some of the varieties organizations might encounter, how businesses can protect themselves, the pros and cons of paying up, and of course, the value of threat intelligence when it comes to dealing with the very real risks posed by ransomware. 

Hakan Tanriverdi is a journalist covering cybersecurity for Germany’s public broadcasting network. In our conversation this week, we discuss the challenges of reporting on a highly technical subject area, making your stories accessible to the general public, and having the courage to ask the obvious questions. We’ll get his insights on being a good consumer of news, as well as his thoughts on where journalism is headed.

There’s that old saying, “The more things change, the more things stay the same.” In cyber security and incident response, even with all of the new tools, increased speed and mounting threats, a large part of keeping any organization safe comes down to taking care of the basics, the tried and true techniques that have served us well for decades. Our guest this week is Gavin Reid, chief information security officer at Recorded Future. He’s a firm believer in taking care of the basics, empowering employees to collaborate and take healthy risks, and making sure that your communications style is concise, and actionable. All good advice, tried and true.

While certainly not new to the world of international espionage or hacking, you will find the Russians at the intersection of global politics and cyber security today. With recent events like the hacking of the Democratic National Committee in the run up to last year’s US presidential election, the ongoing investigations into Russian interference in that election, and even questions about the Russian relationships with key players in the new US administration, the Russians are often top of mind when it comes to possible threat actors. They are central players in stories all over the news today, whether we’re talking about nation-state activities or the work of criminal gangs. But what’s the real story? In this episode, we welcome back Andrei Barysevich, Director of Advanced Collection at Recorded Future, to give us his take.

Joining us this week is Jack Cable. He’s a security researcher and student at Stanford University, currently a researcher with the Stanford Internet Observatory and the Stanford Empirical Security Research Group. Jack built a reputation for himself in hacker circles as a talented and prolific bug bounty hunter, and is ranked within the top 100 hackers all-time on HackerOne. He started his cyber security pursuits as a teenager, and joined the Defense Digital Service out of high school, where he helped run the Hack the Pentagon bug bounty portfolio, advised on the next iteration of the DoD Vulnerability Disclosure Program, and built innovative cybersecurity assessment tools.

Chances are you’re familiar with GDPR, the European Union’s General Data Protection Regulation. It went into full effect back in May of this year, with the goal of improving the privacy and security of European citizens in particular, but the global community overall as well. One of the impacts of GDPR was that it made the WHOIS database private. WHOIS is the searchable online directory of domain name registrations, and some security researchers had concerns that spammers might take advantage of this anonymity to increase their registration rate of domain names, making it easier for them to send out their spam. Allan Liska is a senior security architect at Recorded Future and analyzed several months’ worth of data on spam rates to see if the expected uptick came to pass. Allan wasn’t alone on this project — he had assistance from his son, Bruce, who interned at Recorded Future this past summer and co-authored the report. We’ll hear from Bruce as well.

Our guest today is Brian Haugli. He’s a partner at Side Channel Security, a consulting firm in the Boston area. Prior to forming Side Channel Security, he was chief security officer for The Hanover Insurance Group. Earlier in his career, he held civilian leadership positions at the Pentagon, helping organizations in the Department of Defense implement cybersecurity best practices. Today, he helps organizations of all sizes to evaluate their security using a risk-based approach, while taking advantage of his own expertise in threat intelligence implementations and strategic organizational initiatives.

Our guest this week is Thomas H. Davenport. He’s a world-renowned thought leader and author, and is the president’s distinguished professor of information technology and management at Babson College, a fellow of the MIT Center for Digital Business, and an independent senior advisor to Deloitte Analytics. Tom Davenport is author and co-author of 15 books and more than 100 articles. He helps organizations to revitalize their management practices in areas such as analytics, information and knowledge management, process management, and enterprise systems. His most recent book is “The AI Advantage: How to Put the Artificial Intelligence Revolution to Work (Management on the Cutting Edge).” Returning to the show to join the discussion is Recorded Future’s chief data scientist, Bill Ladd.

Our guest this week is DK Lee. He’s an information sharing operations manager at FS-ISAC, the financial services information sharing and analysis center. They’re an industry consortium focused on reducing cyber risk in the global financial system, and count over seven thousand financial institutions as members.  DK joins us to share his insights on threat intelligence, along with his opinions on leadership, organizational maturity, and checking your ego at the door.

In episode 29 of this podcast we heard from Bill Ladd, Chief Data Scientist at Recorded Future, about the differences between the US and Chinese cyber threat vulnerability reporting systems. He pointed out the difference in speed-of-publishing between the two, with the Chinese generally being faster, as well as their conclusion that the Chinese National Vulnerability Database (CNNVD) is essentially a shell for the Chinese MSS, the Ministry of State Security. This being the case, there’s evidence that the Chinese evaluate high-threat vulnerabilities for their potential operational utility before releasing them for publication. Since then, researchers at Recorded Future have taken another look at the CNNVD and discovered the outright manipulation of publication dates of vulnerabilities. Priscilla Moriuchi is Director of Strategic Threat Development at Recorded Future, and along with Bill Ladd she’s coauthor of their research analysis, “Chinese Government Alters Threat Database Records.” She joins us to discuss their findings, and their broader implications.

Our guest today is Joe Weiss. He’s the managing partner of Applied Control Solutions, a firm that provides consulting services to optimize and secure industrial control systems. He’s been in the industry for over 40 years and has earned a reputation as an outspoken and sometimes contrarian advocate for improved ICS security. He’s been a featured speaker at dozens of conferences, has written countless book and articles, and has testified before Congress multiple times. Our conversation centers on what he sees as critical shortcomings in the current approach to securing critical infrastructure, including the electrical grid, manufacturing, railways, and water supplies. Are IT and OT professionals simply talking past each other, or is there more to it than that? Joe Weiss has strong opinions on that and many other topics, opinions formed from a long, fruitful career fighting to keep those systems safe.

Joining us this week is Aarti Borkar, vice president of product for IBM Security. She shares the story of her professional journey, starting out as a self-described data-geek through the path that led her to the leadership position she holds today. She shares her views on artificial intelligence, and how she believes it can be an enabler for security and the business itself. And we’ll get her thoughts on welcoming new and diverse talent to the field.

Our guest this week is Jöerg Schauff. He’s a principal consultant at Symantec, focusing on cyber and threat intelligence. He shares his insights on the challenges he sees his clients facing in Germany and how their experiences inform proper defenses internationally. We’ll discuss the differences between run-of-the-mill thieves and nation-state threat groups, as well as how organizations can best make use of threat intelligence and set themselves up for success.

Our guest is Mihoko Matsubara, chief cybersecurity strategist at Japanese telecommunications company NTT Corporation in Tokyo, where she’s responsible for cybersecurity thought leadership. Previously, Mihoko worked at the Japanese Ministry of Defense and was VP and public sector chief security officer for Asia-Pacific at Palo Alto Networks. Our conversation explores the different approaches to cybersecurity seen in Japan, and the impact those cultural differences have on that nation’s security. We’ll also learn more about Mihoko’s efforts to bridge that gap of understanding, and to help build trust and safety around the world.

Joining us this week is Jon Ford, Managing Director of Global Government Services & Insider Threat Risk Solutions at Mandiant. Our conversation centers on his experience with effective insider threat programs, from both a technical and human perspective. With twenty years of experience in the FBI before joining Mandiant, Jon Ford gained extensive knowledge from bringing to justice some of the world’s most notorious cyber criminals, knowledge which informs his approach to solving today’s most pressing security issues.

Our guest today is Shamla Naidoo, a managing partner at IBM Security. With a career spanning over three decades, including 20 years as a CISO, Shamla has excelled in a variety of positions, from engineer to executive.  Shamla joins us with perspectives on why security teams need to effectively communicate with their organization’s board of directors, the best ways to make security indispensable to a business, and why those communication skills are critical to the success and security of an organization. We’ll learn about the unique way she goes about building her teams, and why she believes there are opportunities in cybersecurity for just about everyone.

Our guest this week is Rick Howard, chief analyst and chief security officer at the CyberWire. Rick’s career included stops in the U.S. Army in signals intelligence, teaching computer science at Westpoint, and pioneering roles in threat intelligence for the military. He’s the former chief security officer for Palo Alto Networks, where he helped create and manage their Unit 42 threat intelligence team.  He shares his insights on his career as a network defender, his take on the essential role of threat intelligence, and what he looks for when hiring members of his team.

Ransomware threat actors continue to make their way into systems of organizations big and small all over the world, leading to business interruptions, financial loss, and reputational damage. Even more troubling are recent reports attributing loss of life to ransomware attacks on medical facilities.    Our guest this week is Recorded Future threat intelligence analyst Dmitry Smilyanets. He brings his experience and unique insights to the conversation, with the latest tactics, techniques and procedures he and his colleagues are tracking from ransomware operators. 

Our guest today is Brian Martin, vice president of vulnerability intelligence at Risk Based Security, a company that provides risk identification and security management tools leveraging their data-breach and vulnerability intelligence. Brian shares his experience turning data into meaningful, actionable intelligence, common misperceptions he’s encountered along the way, and why he thinks companies shopping around for threat intelligence need to be careful to ask the right questions.

We're sharing a special bonus episode in your feed this week, from the CyberWire's CSO Perspectives podcast hosted by Rick Howard.  This episode, Cybersecurity First Principles: Intrusion Kill Chains, Rick talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.

Researchers from Recorded Future’s Insikt Group have been tracking the increased use of automation by a variety of threat actors around the world. Similar to the way that legitimate businesses use automation to increase their efficiency and productivity, the bad guys have adopted various tools to help maximize their profits and scale operations. They’ve built a thriving underground marketplace, and there’s no sign that they’re slowing down. Roman Sannikov leads Recorded Future’s cybercrime and underground intelligence team, and he joins us to share their findings.

Our guest this week is Andy Ellis, chief security officer of Akamai Technologies. He shares the professional journey that led him to Akamia, along with his recollections of the early days of online data sharing when bandwidth was expensive and pipes were small, and the uncertainty of being part of an ambitious internet startup. We’ll learn about his management style, the importance of a company culture built on trust and communication, and, of course, we’ll get Andy’s take on threat intelligence.

Our guest today is Sherri Davidoff. She’s the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the hacker culture at MIT, where she adopted the hacker nickname Alien.  She also discusses her insights on the evolution of ransomware, and how she and her team help negotiate with the ransomers on behalf of her clients. We’ll learn more about her leadership style, the importance of team building, and what she looks for when hiring.

Our guest is Oscar Jonsson. He’s the director of the Stockholm Free World Forum, a Swedish foreign and security policy think tank, and an associated researcher at the Swedish Defense University. Previously, Oscar was a subject-matter expert at the Policy and Plans Department at the Swedish Armed Forces Headquarters.  Our conversation focuses on Oscar’s recent book, “The Russian Understanding of War: Blurring the Lines Between War and Peace.” In it, he tracks the history of Russian tactics and strategies, and explores how Russia sees itself in the online global community.

Sharing insights on the tools, technologies, and processes that underpin threat intelligence is one of the primary aims of this podcast. One of the processes that’s getting a lot of attention these days is threat hunting. In this episode, we’ll talk about what exactly threat hunting is, how it’s done, and its value to organizations looking to strengthen their security posture, gain situational awareness, and of course, enhance their threat intelligence. To get past the buzzwords and down to business, we have as our guide Keith Gilbert, a security technologist at Sqrrl, a firm that specializes in the art and science of threat hunting.  

Our guest this week is Edward Davis. He’s president and CEO of The Edward Davis Company, a business strategy and security services firm, but he is perhaps best known for his role as former police commissioner for the city of Boston — a role he held during the tragic Boston Marathon bombing in 2013. In the aftermath of that event, he was the face of the city, as his team coordinated and collaborated with other local and national law enforcement agencies. We discuss his experience with the Boston Marathon bombing, get his insights on law enforcement in the age of ransomware, and hear his thoughts on the role of threat intelligence. Joining this episode’s conversation is Recorded Future’s Allan Liska.

In this episode of the Recorded Future podcast, we take a closer look at the practical application of threat intelligence. Some security teams still meet threat intelligence with a skeptical eye, wondering how adding even more information to the flow of data they’re already receiving could improve their security posture. In reality, they’re likely already using some degree of threat intelligence even if they don’t realize it. We’ll explore ways that organizations can determine how much threat intelligence is the right amount, when it’s time to engage with a third-party provider, and when it’s not. We’ll review case studies from FaceBook and Akamai, and we’ll discuss the importance of context when transforming information into intelligence. Our guide this week is Allan Liska. He’s a Solutions Architect at Recorded Future, and author of the newly published e-book Threat Intelligence in Practice.

This week we welcome back to our program security pioneer Graham Cluley. After starting his career writing the original version of Dr. Solomon’s Antivirus Toolkit for Windows, Graham moved on to senior position at Sophos and McAfee. In 2011 he was inducted into the Infosecurity Europe Hall of Fame. These days, he’s an independent blogger, podcaster and media pundit. Our conversation takes a sometimes nostalgic look back at the origins of computer malware, what it was like fighting the good fight back then, how things have developed over the years, and what he thinks the future may hold. 

Our guest this week is Mark Goodman, managing director at MassMutual Ventures.  Mark shares the story of his circuitous path to the VC world, with stops along the way at a family furniture business and a PhD in philosophy. We’ll find out what it takes for a hopeful startup to catch his eye, whether or not he thinks cyber continues to be a hot area for investment, as well as his thoughts on what it takes to be a successful venture capital investor.

To celebrate one hundred episodes of our show, we’ve got a special guest this week. The grugq is well-known in hacker and information security circles around the world, and a respected voice at conferences and on social media. He’s a bit mysterious, preferring to keep his real name under wraps. The grugq joins us this week to discuss influence operations — their history, why they work, and how recent examples like the Russian meddling in the 2016 U.S. elections might be a sign of things to come.

London has, for centuries, enjoyed its status as one of the cornerstones of the global economy. So it makes sense that it would also be a beacon of innovation and investment in cybersecurity. Our guest today is Jonathan Luff. He’s the co-founder of Epsilon Advisory Partners and CyLon, an incubator for early-stage cybersecurity companies based in the United Kingdom. He discusses his story of his early career in public service, sharing his talents and expertise around the world, his transition from public servant to entrepreneur, and why he believes the U.K. is well positioned for leadership in the growing global cybersecurity industry.

The global transition to 5G mobile technology is well underway, with ongoing network build-out and increased availability of 5G enabled devices able to take advantage of the increased speed and capacity of the next generation network.  The transition has attracted an odd type of controversy, primarily from conspiracy theorists who claim that 5G is responsible for everything from brain cancer to COVID-19, or that it’s some sort of high tech mind-control system put in place by some secret global governing body. Most find these ideas farfetched and absurd, but there are enough people out there who follow this line of thinking that it presents real security issues for the companies who are responsible for installing and maintaining these networks.  Joining us this week is Dave Brown, cyber intelligence professional at telecommunications giant BT. One of his primary responsibilities is protecting the people and infrastructure responsible for making 5G a reality. He shares his insights on the tools, tactics and procedures he uses to counter the flood of misinformation, and to ensure the physical protection and availability of 5G for consumers, businesses, and the public sector alike.

Our guest this week is Steven Atnip. He’s a senior advisor for Verizon’s threat research advisory center and the dark web hunting team. Steven shares his early career experience in the U.S. Navy and explains why he believes the military provides unique opportunities for people looking to launch their careers. We’ll hear his views on the importance of company culture, being a lifelong learner, how to step up to challenges of an organization running at scale, as well as his insights on security and threat intelligence. We caught up with Steven Atnip at Recorded Future’s RFUN: Predict 2019 conference in Washington, D.C.

Philips is a company with a long, storied history, going back over 120 years, and many technological achievements to brag about. From light bulbs to radios, consumer devices like electric shavers, the compact cassette, and the co-invention of the compact disc along with Sony, they’ve been an innovative, influential company for generations. These days, Philips primarily focuses on healthcare, and they employ over 100,000 people in 60 countries. Praveen Sharma is one of those employees, and our guest today. She’s the director of the cyber research and development center at Philips Healthcare, where she leads a team responsible for developing in-house tools and concepts that help Philips rapidly detect and respond to existing and emerging threats. She is also responsible for looking at the cyber technologies that are on the horizon and the risks of these technologies to Philips.

The Recorded Future team is proud to have recently published its first book, “The Threat Intelligence Handbook — A Practical Guide for Security Teams to Unlocking the Power of Intelligence.” The book aims to provide readers with the information they’ll need to integrate threat intelligence into their organizations, to ensure that it’s actionable, and to put it in the hands of people who can most effectively make use of it. Joining us once again is Recorded Future’s Chris Pace, who served as editor of the new book. He’ll take us through the process he and his colleagues went through to organize and write it, and why he believes the book is valuable for those both new to threat intelligence and the more experienced readers as well.  

Our guest this week is Rachel Lerman, technology reporter at The Washington Post. She’s coauthor of a recent piece featured in the Post’s technology section titled, The Anatomy of a Ransomware Attack. The piece explains the who, what, when, where, and why of the growing, global problem of ransomware attacks. It’s one of those helpful explainers that those of us in the cybersecurity business can keep at the ready to pass on to our friends and colleagues who ask what this whole ransomware thing is all about, and why they should be concerned.

In this episode, we check in with Recorded Future’s Levi Gundert and Allan Liska for a refresher on threat intelligence, including how they have come to describe it and why some people have a hard time wrapping their heads around what, exactly, it is and is not. We’ll find out whether threat intelligence is for everyone, and if so, how organizations of different sizes can best engage and make use of actionable threat intelligence. And we’ll learn how combining the strengths of human analysts with the capabilities of state-of-the-art machine learning provides the best of both worlds.