Podcast

Optiv’s Stu Solomon on Threat Intelligence in a Changing Industry

Posted: 26th March 2018
By: AMANDA MCKEON
Optiv’s Stu Solomon on Threat Intelligence in a Changing Industry

Christopher Ahlberg is CEO of Recorded Future, and this week he leads a conversation with Stu Solomon, chief technology and strategy officer at Optiv, a leading provider of end-to-end cybersecurity solutions.

It’s a wide-ranging discussion, exploring Stu’s experience as a long-time cybersecurity professional, including time in the military, along with his thoughts on effective hiring practices, the changes he’s seen in the industry, the differences between being a great consumer or producer of intel, and where he sees things heading in the future. Stu shares his thoughts on threat intelligence, including thought-provoking views on what to include in threat intelligence reports, how to cut through the noise, and the swinging pendulum of cybersecurity tradecraft.

This podcast was produced in partnership with the CyberWire and Pratt Street Media, LLC.

For those of you who’d prefer to read, here’s the transcript:

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone, and thanks for joining us for episode 49 of the Recorded Future podcast. I'm Dave Bittner from the CyberWire.

We're breaking from our usual format a bit this week, but we think you're going to enjoy it. Christopher Ahlberg is CEO of Recorded Future, and this week, he leads a conversation with Stu Solomon, chief technology and strategy officer at Optiv, a leading provider of end-to-end cybersecurity solutions.

It's a wide-ranging conversation, exploring Stu's experience as a long-time cybersecurity professional, including time in the military, along with his thoughts on effective hiring practices, the changes he's seen in the industry, the differences between being a great consumer or producer of intel, and where he sees things headed in the future. Stay with us.

Christopher Ahlberg:

Alright, so, this is Christopher Ahlberg. I'm the co-founder and CEO of Recorded Future. Great to be here, and I'm here today with Stuart Solomon from Optiv. Welcome.

Stu Solomon:

How are you doing today?

Christopher Ahlberg:

Good. I would love to ask you, just before we dive in, maybe you could give us, you know, your background on yourself.

Stu Solomon:

Yeah, absolutely. Happy to. So, I'm currently the chief technology officer and chief strategy officer for Optiv, responsible for looking at the day to day solutions and go-to market across the security space. For those who aren't familiar with Optiv, Optiv concentrates on bringing the right products and the right solutions to the security space, specifically focused on just that. Day in and day out, we look at things as a security problem that requires a solution versus a technical scenario that creates, I think, more problems, when taken in isolation. Essentially, that’s what I'm focused on day in and day out.

Christopher Ahlberg:

That's great. And probably a good balance to people like myself, for technical geeks who have a tendency of always thinking of technical solutions to everything. That's awesome. I love that. You know, you're obviously one of the long-timers in threat intel, and if I think about the people listening here, I'm sure we have a lot of experts on threat intel here, but we also have some newcomers. So, in your words, what's threat intel all about for you?

Stu Solomon:

So, threat intel, for me, really boils down to a single thing, and that's using context to create decision advantage. I think, very clearly, one of the problems, and part of the evolution, of threat intel was all about, how do you marry up good information to something that actually drives action? And I think that ultimately, the action is predicated on the context that you're able to derive. So when I think about intelligence, that's really what I think about.

Christopher Ahlberg:

That's good. I like that. Information advantage there. You know, that's sort of my background, is in decisions of order, at some level, and I always like to say that having knowledge where the price of oil is going is more valuable than a barrel of oil. You know? That is clear.

Stu Solomon:

And why? Why are those buying decisions made to drive the pricing? I think that's the context that we're often lacking. We look at intelligence as either strategic or tactical. An IOC at the tactical level, or some kind of “in sum” at the strategic level, but what we don't actually think about is all the bits and pieces that have to be analyzed to create the value in the first place.

Christopher Ahlberg:

No, that's great. Great. Context in context of context, and so on. That's excellent. It's funny because when you say information advantage, and so on, you start thinking. I think of either a business world, or I think of a military world, and that leads me to my second question here: You obviously … You have a great background in the military, but you've also done threat intel in the commercial intel provider, iSight. You've been a solutions provider here at Optiv. You guys are an MSSP. You bring a lot of — I'm sure I'm missing a few others — you bring a lot of perspectives to this. So as you think about threat intel in this perspective, or the multiple perspectives that this brings you, what can we learn from that?

Stu Solomon:

Yeah, so, in every single one of those scenarios, whether it's military intelligence, or it's commercial application intelligence, or it's action day in and day out, security operations and the use of intelligence — in every single scenario, it all boiled down to the same basic concept, which is consumption. Being able to take all the disparate data points that are involved in creating that context in and of itself is still meaningless, if I didn't have a way on the other side of it to actually apply it and use it. So the breakdown always happens at that consumption layer, and therefore, the value is derived on your ability to consume rapidly and effectively back toward that decision vantage concept.

Christopher Ahlberg:

That's good. And so, if we think about that, is the onus on producing that, is that on the producer or the consumer? Do we want better producers or do we actually want better consumers? Or a little bit of both?

Stu Solomon:

I think that's a really, really great question. I think about that all the time. And what I would argue is this: Those who have worked with me over the years have heard me say this many, many times over, but at the beginning of it, when the threat analysts begin to assemble the intelligence product, they should ask themselves that basic question of, "Now that I know this, what do I want my consumer to do with it?" Asking that very simple question, you find that the intelligence product changes meaningfully. Again, whether you're dealing with the IOCs and trying to decide which technical elements you want to include in a report and with what volume. If you think about how it's going to be consumed, that meaningfully changes the way that you're going to construct the product. If you're building a more strategic summary of the same thing, ultimately, putting that lens of what the consumer will do with it in the analysts' mind as they're creating it is… I think the onus is on the producer, up front.

Now, on the flip side, and to your point, the opposite side of it is, the receiver has to derive value from it and they have to understand what that value means. That value oftentimes — and this is an interesting breakdown inside of enterprises — the consumer of the threat intelligence normally isn't the same one who takes action on it. They're now going to add an analytical lens to say, "Why is this meaningful to my environment, and who should I route it to? Either in an automated fashion or by hand to be able to allow them to take action?" And so, that middle layer within the receiver of the intelligence has to ask that same question of, "Now that I know this, what do I do with it? And how will somebody else down the line derive value from it?" So I think the onus is on both sides of the equation, but it's always predicated on that same central point of consumption.

Christopher Ahlberg:

Yeah. That's great, and if you think about it from a military point of view, where people have produced military intel, arguably for … I was going to say decades, but thousands of years, at some level. If you take it a big step back, you know, just think about the U.S. intelligence community with 17 intel agencies producing stuff ultimately up to the president — what can we learn from that process as we think about intel for corporations?

Stu Solomon:

So that process actually is, I think, indicative of one of the great challenges that we have in the commercial intelligence community, and it really boils down to a notion of fusion. So the idea that there's a single source of truth, and that there's a single source that has the most credibility and the most capability, is generally unrealistic. Unrealistic because it's an arms race, if you will, inside of the commercial intelligence community, in that, no matter how hard you try, no matter how much money you spend, you're going to continuously chase after things that you may or may not have full visibility into. And the consumer of that on the enterprise side, the consumer of that on the military side — the best analyst from a consumption perspective is the one who fuses together multiple sources to create an outcome tailored to their environment.

Christopher Ahlberg:

I think that's so, so true. And I think, you know, to go “cyber” on this, when people talk about open sources, whether it's dark web, closed sources, or whatever we want to call it — and then, you know, more technical data. And people get into all these arguments about, “What's the most meaningful source?” And I like to say all-source, because that's when we can start cutting across. And that's actually not just true in intel, it's true in business analysis. It's true of the guy who's finding new oil fields, what have you. It's always true. When I can look across data and get that context that you're saying, now that's when I can make a difference.

Stu Solomon:

And related to that, that's where, in the next layer down, you get into the cyber side because it is a more technical intelligence element, and because there are so many data points and there's so much telemetry associated with creating that context. The next layer down, which I think is really critical, is the normalization layer. So what is that Rosetta Stone, to be able to marry up data elements? Do you have the right data model when you're consuming your technical intelligence to be able to translate that into something useful inside of a SOC? Those kinds of scenarios are really, really important, and when you think about the disparate sources that come together in a fusion center, having that normalization layer is really critical.

Christopher Ahlberg:

You know, the risk is, when you and I — who have been passionate about this for a long time — we talk about it, and we can end up being fairly theoretical about it, so the risk is that somebody's sitting there thinking, "Oh, I thought about getting into that intel stuff," and they're like, "Oh, man, that seems awfully complicated." So is the risk, and maybe the simple question, can we simplify this to be meaningful for somebody who does not have a big SOC? Can we get it to them too?

Stu Solomon:

Absolutely. And just hearkening back to the beginning of the conversation, if you just think about notions of strategic, operational, and tactical intelligence products in usage, take it a step back from that and think about what your sourcing plan is to be able to answer your intelligence requirements. If your intelligence requirements are nothing more than, "I have a question that I need answered, and I need data or intelligence to support that question," you don't need to be technically astute, nor do you have to have a core intelligence background to understand there are business questions and security questions that you need to answer, and there are tactical, technical, and larger-picture strategic opportunities to be able to answer those questions. Your ability to consume is really predicated more on your ability to ask the question than necessarily to know how to answer the question.

Christopher Ahlberg:

That's good. That's good. I think people sometimes forget, having that 25-year history as an intel professional — just sit down and write down what sorts of questions you're trying to answer. And then, think about what sort of data you are going to need to support those. Some of them, you're going to find, are really hard, and some of them, actually, you may not need too much work to be able to make a dent in what you want to accomplish. So it's good. It's good.

Now, pivoting a little bit. We'll hire, I’d like to think, people who are retiring out of military, law enforcement, the intelligence community, all of this. And you know, I think we love this because these people are super competent. They're wonderful. They're smart. They're hardworking. A lot of good things come with that.

Stu Solomon:

I'm smiling.

Christopher Ahlberg:

Yeah. But it's good. I like to think so, and we've been very successful with that here at Recorded Future, I'd like to think. And it's fantastic. Now, what do you think is the key learning here, for both people leaving the government, as well as, you know, for them to be able to be successful in more of a commercial world? I bet you we have quite a few of those here on the line today, as well as those people hiring, quote unquote, "from the government," to be a good, I don't know — consumer isn’t the right word, but a good place for people to land. So, any learnings from both sides of the equation there?

Stu Solomon:

That's a great question, actually. So, I'm going to go in slightly different direction than I think you might have suspected when asking the question. One of the key differences in the military and government intelligence world versus in the commercial world is that the producer of the intelligence doesn't necessarily have contact with the end user. They don't necessarily have to build the ROI, or the return on investment, on the business case, around the expenses associated with it, and the art and science associated with cultivating sources of information, fusing it together to create analytic products. They're very, very siloed by necessity in that production process of the intelligence.

Christopher Ahlberg:

Yeah.

Stu Solomon:

When you cross over into the commercial space, it's now a business conversation of, "How much money is this costing me to create more value?" And that chain doesn't have the same siloed scenario associated with it. Being able to cross over from a business construct on the government side that doesn't take that into account, with virtually unlimited funds and resources and support, into a commercial space where it's very hard to build that return on investment business case for the intelligence itself becomes an interesting tipping point in the relationship.

Christopher Ahlberg:

Mm-hmm (affirmative).

Stu Solomon:

One could think about … Business economics of the intelligence relationship is very different.

Christopher Ahlberg:

Now, if you then take that and say, "Look, what about this from a people point of view?" You know, like when we ... So, I like that, it sort of tells you something about the context of how you are going to work and how you want to think about people in this, but more from people themselves … Any angle on that?

Stu Solomon:

I think the people themselves ... It actually starts to go down a slightly different path as well, especially when you think about it from a cybersecurity perspective. The idea that the intelligence product has to be cultivated in such a way that it gets rapidly ingested day in and day out in security operations decision making, means, again, a very different kind of product. So, fusing IOCs and IOAs with the analysis into an actual product that has all of the above is not something that you would necessarily see. Again, always thinking about the customer in mind, and then, I think that takes a different mindset and a different process to be able to think about the technical and the traditional intelligence components, all in a single product curation.

Christopher Ahlberg:

Now, so, over time — I don't know, to put you on the spot, but how long have you done intel?

Stu Solomon:

A long, long time.

Christopher Ahlberg:

Long time? That's a good, diplomatic answer.

Stu Solomon:

A long, long time.

Christopher Ahlberg:

A long, long time. So, but if you think about it from … Specifically, sort of in the ... People hear, "cyber threat intel,” and it sounds like we're doubling up on words, but we'll call it that: Cyber threat intel. So, if you think about as long as you've been doing this, what are the key trends you've seen over time — evolutions? What are the key themes that you've seen over that time period?

Stu Solomon:

That's actually an interesting question. I see a pendulum swing, and it keeps swinging back and forth between how many ... What creates value in an intelligence product? Is it indicators? Or is it analysis? That pendulum keeps swinging back and forth, I think, as hiring cycles on the commercial side are proliferated. But what I find most interesting in that scenario, and I think that's driving it, is this generally funny notion of automation orchestration. So, if we go back 10 years in the security space, the notion of IBSs — they're evolving into an IPS, into blocking. It was seen as almost comical, because how could we possibly set up a block in line, in place, without human intervention, to be able to make good decisions?

Christopher Ahlberg:

Yup.

Stu Solomon:

Yet today, 10 years later, the notion of automation orchestration is the only way that we're going to see it.

Christopher Ahlberg:

You're right. That goes back and forth.

Stu Solomon:

That's right. It goes back and forth. Now, why is it acceptable? It's acceptable because good threat intelligence is now fused into the enrichment layer of the decision making in the first place. So, an automated decision that's predicated on an enriched alert is something to have higher confidence in, to be able to automate the action on top. And so, I think there's more of a reliance on those IOCs now with high fidelity because of the rest of the resource constraints in the cybersecurity space.

Christopher Ahlberg:

And if you take that one step forward, where do you think … If we look, say, the next two, three years here, or even just the next year, what are the key trends that you think we're going to see in threat intel from now and onwards? Is it more of the same? Is there anything radical around the corner? You and I have spoken about getting threat intel. It's going to be fundamentally embedded into security architectures, and I'm super excited about it. It is like, no wonder. But I love that idea though, that, you know … I was with this CISO, on the phone yesterday, from a very big company, and I don't know if he really knew what we were going to ... You know? He probably knew that we were going to talk about intel and stuff, but one of the initial things he said was, "Look, we have an intel-driven security program." And I was like, "Whoa!"

Stu Solomon:

That's my dream. That's my dream come true.

Christopher Ahlberg:

I know. It feels like it's taken five years. You know? If you said that five years ago.

Stu Solomon:

10 years.

Christopher Ahlberg:

Yeah, 10 years ago. But even five years ago, people would have been like, "What are you talking about?" So that was pretty cool. But what do you think the next, you know ... One trend would be, hopefully, we're going to see that everywhere, and I like to say, "Who would go to war without intel, ever?" That would be pretty crazy, so I think the same thing applies here. But that being said, is there any other sort of thing that you think of from a trends point of view?

Stu Solomon:

No, I actually like where you're going. I think the final bastion of our industry is the notion of “intelligence-led.” If you look at automation orchestration scenarios, which are so necessary and relevant, they're predicated on trust in the information in the first place, but then you go a step further and you look at some of the more popular trends today, as jargony as they are, with AI and machine learning, what are they really doing? What they're really doing is, they’re trying to change the decision and action cycle based on patterns. What is intelligence?

Christopher Ahlberg:

Yup. Yup.

Stu Solomon:

It's changing the decision cycle and action cycle based on patterns, and matching together that context with the pattern of behavior and activity. So, I actually see the concepts as merging into one and the same. That you can't automate something. You can't create machine learning without understanding what the outcome needs to look like. And those are predicated on intelligence concepts in the first place.

Christopher Ahlberg:

I think that's great. And I think, unfortunately, for most people in intelligence ... They end up being this ugly stepchild — or maybe not so ugly — but for the threat intel guys, I think I can see that. But it's sort of lived a little bit on the side, but as it is, and really will be, sort of a core part of the architecture and of the process. To your point, you need to know what outcomes you're driving for, and it goes back to your production and consumption point again. That's there.

I think those two points, again, being a good consumer and a good producer — even a great consumer and great producer — if you take the points from what we've talked about, people would like to hear more about that, if you would condense it. So, to be a great consumer of intel, what do you need to think about? And I think it's as important as five years ago when I got into this. I think very few people are really in threat intel at all. You'd find it in the largest banks, and so, again, putting government agencies aside, you'd find it in the largest of places, and even less, so fewer people who actually produce their own intel. Now, we have tons of people in the world who are consuming threat intel, but still, very few people actually produce their own threat intel. You know, there are a few places, absolutely, but not many. But if people are going to produce their own little checklists of three things to get right if they're going to be a great consumer of intel, where do you put that? What's on the top?

Stu Solomon:

I love that. Number one. I think number one, even before getting anything else, is to understand what your consumer base looks like. Who are you trying to convey this to, and what is the lens in which they're going to listen to the conveyance? Do you have to influence, day in and day out, for situational awareness, your executive leadership team? It's a very different conversation than if you have to provide the technical transmission of information into your SOC, to be able to run enrichment across their various learning mechanisms and priorities.

Christopher Ahlberg:

Yup. Yup.

Stu Solomon:

So, number one: Know your audience. And create the right level of conversation with the right audience member.

Christopher Ahlberg:

Some intel people who are great do that, and then, there are some other intel people who are just frankly not. And I think that's where we're seeing ... I remember at our user conference, Errol Weiss talked about how he literally created, in his works, having people being both the producers of threat intel, and then other people who are sort of “relationship people,” because it's hard to find both of those competencies in one person.

Stu Solomon:

That's right. Exactly. So, I think that's number one. And number two is, again, going back to your intelligence requirements — what questions do you actually need to answer? And how do you prioritize those questions? And how do you, in turn — number three — build a sourcing plan around them? So, who is your audience and how are they going to consume it? What questions, what requirements do you have? And then, what data elements and intelligence sources do you need to be able to feed into that to answer those questions?

Christopher Ahlberg:

And then just repeat from there.

Stu Solomon:

And then repeat from there. It's the classic intelligence lifecycle.

Christopher Ahlberg:

Yeah, yeah. Exactly. That's good.

Stu Solomon:

And then if you look at, "Okay, what's the quality of the results, and in turn, how is it consumed in the most efficient manner possible? What are the elements that people find most value in?" It becomes a virtuous cycle. But as ridiculous as it sounds, those first three elements get broken down so quickly in the process because we become either too technically elegant or too analytically sexy to really think about the real basics of why you're producing in the first place, and for what reasons.

Christopher Ahlberg:

So, switching gears a little bit: In this wonderful world of cyber here, because we're doing all this stuff for a reason and we like to make the world better — the internet better, whatever way we want to think about it — it’s interesting because we're obviously doing this against some pretty interesting adversaries out there, be it nation states, or criminals, or what have you. You know, they are quite competent in this, but is there anything in particular in all this that terrifies you if you think about ... Do we have, sort of, 10 great years ahead of us? Do you think we're going to have some nasty years ahead of us? What do you think? Anything in particular that stands out? None of us like to be fear mongers — it's easy to be that, and say, "Oh, everything's going to fall apart." But even so, is there anything that stands out for you?

Stu Solomon:

Well, the first thing that always stands out for me is the knee-jerk reaction where everybody goes after the most advanced threats, or the most difficult threats, and they forget the basic blocking and tackling inside their programs. The biggest gaps are not going to be the ones where sophisticated actors, in a very targeted way, are penetrating. Those scenarios are going to continue to happen. What scares me the most is when you take your eye off the ball.

Christopher Ahlberg:

That's a very interesting way ... I was sort of expecting you to say, "Look, I'm fearful of this new type of malware, X, Y, Z," but it's taking the eye off the ball from the basics. That's very interesting.

Stu Solomon:

Look, at the end of the day, it behooves actors to do what works, and works in scale.

Christopher Ahlberg:

Yeah.

Stu Solomon:

And most of those are tried and true techniques that are going to involve some semblance of things like social engineering and basic ways to penetrate into an environment. Not necessarily the most sophisticated attacks, but the ones that are going to have the highest rate of success.

Christopher Ahlberg:

And do that at scale.

Stu Solomon:

Yeah, and do that at scale.

Christopher Ahlberg:

As we were talking about before … This keeps repeating now, who in this ... I guess I wasn't successful at squeezing you … If I then instead ask you, so, we got the good guys and the bad guys, who are the defenders and the attackers. Clearly, attackers are using intel, we know that for sure. Intel agencies — I think I've stopped it calling it “APT,” so let's call them “intel agencies” — because in my mind, that's what they are, and they use intel in every form there is. Offenders, criminals — it's a little bit different. They tend to sometimes use intel, and sometimes maybe not so systematically, but one way or another, they do too. And many of them, depending on how sophisticated they are, that is.

Then we go to the defenders who we're talking more about. They're trying to get into this here, but ultimately, if we assume that we have an attacker and a defender, who has the advantage from intel? Is it … I don't know what you call it — where is it the most powerful?

Stu Solomon:

Well, I mean, inherently, the attacker always has the advantage. Where intel helps the defender is to be able to start to mitigate or create residual risk within that advantage. So, thinking of things such as …

Christopher Ahlberg:

Take that apart. That's good. That's good. Yeah.

Stu Solomon:

So, think about mean time to detect, mean time to respond. As trite as they are, they are the metrics that our industry looks at. If you can recognize sooner and faster a context around a particular IOC present in your environment and are able to marry that backup against the TTPs that are maybe indicative of a particular campaign or set of activities associated with some of the technical indicators you've stripped out, you can then proactively begin to hunt in your environment for other scenarios that may be happening. Look for things like lateral movement, look for things like persistence.

Christopher Ahlberg:

And in particular, ways that they’re associated with this threat actor …

Stu Solomon:

In the first place.

Christopher Ahlberg:

Yeah, yeah.

Stu Solomon:

Exactly.

Christopher Ahlberg:

From the context that you've been gathering …

Stu Solomon:

So now you can ... Exactly. So now, you've got the context and you've got the technical components associated therein. And now, you can start to shrink the potential dwell time, the mean time to detect, mean time to respond, to be able to shift that balance of power not exclusively to you, but at least now, you're able to minimize the potential impacts and/or at least recognize what they might be.

Christopher Ahlberg:

That's good.

Stu Solomon:

So, in that scenario, that's where I think intel really helps a lot, to be able to strike a better balance. It speaks to the efficiency and efficacy of your defenders, and it speaks to the context that you understand the business outcome, or whatever disruption may be created by the attacker scenario in the first place.

Christopher Ahlberg:

And what I like that you did there was that, obviously, there is an element of intel where it's like, you know, think about what sorts of threats I'm going to see over the next year. It's like doing my investments correctly. There's an element of intel, you know, next month and next week. Somebody was talking to me the other day about … A CISO was talking about it on Friday afternoon, figuring out, "Are we going to have a good weekend or a bad weekend?" I love that scenario.

Stu Solomon:

Absolutely.

Christopher Ahlberg:

But now, you on the other hand, put intel into the real, near offensive sort of situation where, what else to call it? IR, I guess.

Stu Solomon:

It's informed IR.

Christopher Ahlberg:

Yeah, yeah. Informed IR. No, that's good. And in-hunting. That's good.

Stu Solomon:

That's right. And then, the second scenario I would think about there is taking that notion and now shifting it back into the way that you assess the efficacy of your controls in the first place. So, think about threat emulation around particular TTPs or actor activity, around the things that are most likely to hit your environment in the first place. So, going out and establishing a threat model that's intelligence-informed, to be able to determine what you want to look at and test the efficacy of in the first place. And then, actually emulating those environments in your penetration testing and your red team and your application security scenarios, all predicated on an intelligence-informed threat model.

Christopher Ahlberg:

Yeah. That's good.

Stu Solomon:

So, another way to start to think about that balance a little bit differently.

Christopher Ahlberg:

Yeah, that's great. So, as my final question, sort of tying back to this — I wasn't able to squeeze you on what is terrifying you in the next 10 years, but let me just ask you: So, clearly, we've seen a lot of crazy stuff here over the last couple of years. We saw elections sort of just being, you know … Not many of us have done this for a while. Cyber has been this “under a rock” sort of thing, and suddenly, it's at the top of a presidential election. It doesn't matter whether you're on one side or another, or right in the middle of it. You open up the paper and it's on the front page of the paper, and people are trying to steal a billion dollars, and they're hacking this, and this, and that. So, that aside, though: In the next 10 years, does it get better or does it get worse?

Stu Solomon:

I think it stays the same. Maybe it gets worse only in that we're even more interconnected and even more reliant on interconnectivity. But at the end of the day, in all of those scenarios, the same basic attack patterns are ever-present, and it goes back to that notion of the social engineering again. Until we take the last mile out of the conversation, which is the end user, they're going to continue to be exploited. They're going to get rid of these damn humans!

Christopher Ahlberg:

Let the robots take over.

Stu Solomon:

It's a stupid human at the end that ultimately gets impacted in some form or fashion.

Dave Bittner:

Our thanks to Stu Solomon from Optiv for joining us, and of course, a big thanks to Christopher Ahlberg from Recorded Future for hosting this week's show.

If you enjoyed this podcast, we hope you'll take the time to rate it and leave a review on iTunes. It really does help people find the show.

Don't forget to sign up for the Recorded Future Cyber Daily email, where every day you'll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

We hope you've enjoyed the show and that you'll subscribe and help spread the word among your colleagues and online. The Recording Future podcast team includes Coordinating Producer Amanda McKeon, Executive Producer Greg Barrette. The show is produced by Pratt Street Media, with Editor John Petrik, Executive Producer Peter Kilpe, and I’m Dave Bittner.

Thanks for listening.

Related