Threat Intelligence, AI, and Thinking like a Threat Actor, with Sherrod DeGrippo
09/04/23 • 26 min
This month we welcome Sherrod DeGrippo on the Cyber Insider podcast’s latest episode. Sherrod is Director of Threat Intelligence Strategy at Microsoft. She was selected as Cybersecurity woman of the year in 2022 and Cybersecurity PR Spokesperson of the year for 2021. Previously, she was VP of Threat Research and Detection at Proofpoint, where she led a global team of threat researchers, malware reverse engineers and threat intelligence analysts. Her career in cybersecurity spans 19 years with prior roles including leading Red Team Services at Nexum, senior solutions engineer for Symantec, senior security consultant for Secureworks, and senior network security analyst for the National Nuclear Security Administration (NNSA). She is a frequently cited threat intelligence expert in media including televised appearances on the BBC news, and commentary in the Wall Street Journal, CNN, New York Times, and more. Having presented at Black Hat, RSA conference, RMISC, BrunchCon, and others, Sherrod is a well-known public speaker. In her personal time, Sherrod spends time with her rescue dog Boris Karloff.
Threat intelligence can provide insights into the tactics, techniques, and procedures used by threat actors, allowing organizations to better protect themselves. However, the use of threat intelligence varies depending on an organization's maturity level and ability to effectively utilize the information. Sherrod highlights the role of threat actor psychology in understanding their motives and objectives. She discusses the evolving nature of threat intelligence and the need for organizations to evaluate its value and determine how it can be used to enhance their security posture. Additionally, this episode explores emerging trends such as the potential use of AI by threat actors and the increasing involvement of CFOs in security decision-making.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
This month we welcome Sherrod DeGrippo on the Cyber Insider podcast’s latest episode. Sherrod is Director of Threat Intelligence Strategy at Microsoft. She was selected as Cybersecurity woman of the year in 2022 and Cybersecurity PR Spokesperson of the year for 2021. Previously, she was VP of Threat Research and Detection at Proofpoint, where she led a global team of threat researchers, malware reverse engineers and threat intelligence analysts. Her career in cybersecurity spans 19 years with prior roles including leading Red Team Services at Nexum, senior solutions engineer for Symantec, senior security consultant for Secureworks, and senior network security analyst for the National Nuclear Security Administration (NNSA). She is a frequently cited threat intelligence expert in media including televised appearances on the BBC news, and commentary in the Wall Street Journal, CNN, New York Times, and more. Having presented at Black Hat, RSA conference, RMISC, BrunchCon, and others, Sherrod is a well-known public speaker. In her personal time, Sherrod spends time with her rescue dog Boris Karloff.
Threat intelligence can provide insights into the tactics, techniques, and procedures used by threat actors, allowing organizations to better protect themselves. However, the use of threat intelligence varies depending on an organization's maturity level and ability to effectively utilize the information. Sherrod highlights the role of threat actor psychology in understanding their motives and objectives. She discusses the evolving nature of threat intelligence and the need for organizations to evaluate its value and determine how it can be used to enhance their security posture. Additionally, this episode explores emerging trends such as the potential use of AI by threat actors and the increasing involvement of CFOs in security decision-making.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Previous Episode
Tracing Cryptocurrency Payments and the Role of Threat Intelligence, with Jackie Burns Koven
This month we welcome Jackie Burns Koven as a special guest on the Cyber Insider podcast. Jackie is the Head of Cyber Threat Intelligence at Chainalysis, leading the team tracking cybercriminals and nation state actors stealing, scamming, and extorting cryptocurrency. She is also a member of the Ransomware Task Force, which unites key stakeholders across industry, government, and civil society to innovate new solutions countering the ransomware threat. Prior to joining Chainalysis, she served in the U.S. Intelligence Community.
One of the key aspects of blockchain technology is its transparency. Unlike traditional bank transfers, cryptocurrency transactions are visible to anyone on the network.
Threat actors typically rely on cryptocurrency exchanges or services to convert their funds into currency or stablecoins. However, Jackie notes that the number of exchanges used by threat actors has consolidated rapidly due to increased scrutiny and the detection of illicit activity:
“Because of this steady and unpredictable takedown and action against these exchanges that were providing laundering services for ransomware actors, ransomware actors have less and less options and places to put their funds. So in addition to exchanges, we're actually seeing more threat actors that are just holding on to the fund, just sitting on it in private wallets, whether that's because they're paranoid or unsure of trusting their funds into centralized services because of the risk of the funds getting frozen or the full service getting taken down.”
When discussing potential solutions to the ransomware problem, our guest emphasizes the need for a concerted effort from governments, private sector entities, and the cybersecurity community. Jackie acknowledges the progress made in preventing bad actors from cashing out and the increased sharing of information through public advisories:
"And I think there's been great gains made by global governments on making it harder for bad actors to cash out, on identifying centers of gravity, figuring out ways to notify victims in advance, helping private and public sector entities harden their defenses, get the training they need, getting back."
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Next Episode
MSP Risk Landscape, Assume Breach Mindset and more, with Ryan Weeks
This month’s guest on the Cyber Insider is Ryan Weeks. As the former Chief Information Security Officer (CISO) for Datto, Ryan built and piloted Datto’s industry leading Information Security program prior to the 2023 acquisition of the company. Currently, Ryan is advising IT Channel cybersecurity startups and is the Partner and Director of Content for Right of Boom, a cybersecurity education company purpose built for MSPs. Ryan loves sharing his knowledge and experiences of all things cybersecurity almost as much as he loves his family, fishing and surfing.
The risk landscape for Managed Service Providers (MSPs) has undergone a significant transformation in recent years. Ryan highlights the pivotal year of 2018 when MSPs became a prime target for cyberattacks. He explains, "There was a large spate of attacks against MSPs, and it completely turned the risk landscape on its head." This shift in focus by threat actors towards MSPs has created unique challenges for the industry.
Ryan emphasizes the importance of understanding the threat landscape and the need for MSPs to adopt a threat-informed cyber defense approach. He states, "You can't have an effective cyber defense if you don't have some resemblance of an understanding of your adversary and how they might seek to compromise your business." MSPs must be aware of the industries they serve and the specific threats they face to build resilient cybersecurity programs.
Rather than viewing a breach as a failure, Ryan encourages organizations to see it as an opportunity for improvement. He states, "The breach isn't the bad thing; it's the motivation for us to make ourselves better so that when it happens, we're more prepared to operate through it." Adopting this mindset allows organizations to focus on building robust capabilities and response plans to mitigate the impact of cyber incidents.
Looking ahead, the future of cybersecurity relies on continuous education, collaboration, and the development of robust capabilities. As our guest aptly puts it, "The breach isn't the bad thing; it's what you do when you get breached that matters." With the right mindset, knowledge, and proactive measures, organizations can turn cyber incidents into opportunities for growth and improvement in the ever-changing world of cybersecurity.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
The Cyber Insider - Threat Intelligence, AI, and Thinking like a Threat Actor, with Sherrod DeGrippo
Transcript
0:00:03
Luke Connolly
Welcome to The Cyber Insider, the podcast that takes you behind the scenes of the cyber world with exclusive interviews, insights, and expert analysis. Tune in and stay ahead of the game. Welcome to the Cyber Insider Emsisoft's Podcast. All about cybersecurity. Your hosts today are Brett Callow, threat analyst here at Emsisoft, and I'm Luke, partner manager. We're very excited to have Sherrod DeGrippo with us today.
0:00:29
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-cyber-insider-250053/threat-intelligence-ai-and-thinking-like-a-threat-actor-with-sherrod-d-33132415"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to threat intelligence, ai, and thinking like a threat actor, with sherrod degrippo on goodpods" style="width: 225px" /> </a>
Copy