Cyber Threat Intelligence Podcast cover art

Cyber Threat Intelligence Podcast

Cyber Threat Intelligence Podcast

By: Pedro Kertzman
Listen for free

Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.


In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.


Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.


Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.


Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.

© 2026 Cyber Threat Intelligence Podcast
Episodes
  • Building Cyber Threat Intelligence In Government (Liam Ryan & Pedro Kertzman)
    Jun 23 2026

    Your CTI program can publish reports all day and still fail one basic test: does it change what anyone does next? That question drives our conversation with Liam, a cyber threat intelligence analyst supporting the Government of Alberta and the Cyber Alberta community, where “relevance” is not theoretical, it is local, proximate, and tied to real incidents across the province.

    We get specific about what it takes to build and mature a public sector cyber threat intelligence function from the early days: governance, executive support, a clear mandate, and intelligence requirements that stop CTI from becoming an overloaded side task. Liam shares the reality of serving both internal stakeholders and a community of more than a thousand organizations, including the hard part: creating two-way collaboration when most threat intelligence distribution methods are naturally one-way.

    We also dig into the maturity roadmap that makes progress repeatable: start with a strong foundation, earn targeted investment in tooling and training, then automate and improve iteratively. Along the way we talk hackathons as a way to protect deep work, KPIs that actually reflect value, and why “actionability” is the real definition of intelligence. Finally, we hit the OSINT tipping point and why intrusion analysis using your own telemetry often becomes the highest-relevance intelligence you can produce.

    Subscribe, share the episode with a CTI teammate, and leave a review so more analysts can find the show.

    Send us Fan Mail

    Support the show

    Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    Show More Show Less
    17 mins
  • Beyond CVSS With EPSS, SSVC, And Real Attack Signals (Brandon Parsons & Pedro Kertzman)
    Jun 9 2026

    CVSS can scream “critical” while the real risk in your environment is quietly sitting somewhere else and threat actors know it. We sit down with Brandon, a former United States Marine Corps intelligence specialist and longtime cyber threat intelligence practitioner, to get brutally practical about what actually drives smart vulnerability prioritization in 2025.

    We talk through why vulnerability management is so hard at scale, where EPSS and SSVC help (and where they can mislead), and why the CISA Known Exploited Vulnerabilities (KEV) catalog is a solid baseline but not the standard by itself. Brandon shares the products he screens for because attackers keep coming back to them: Citrix NetScaler, VMware ESXi and vCenter, Veeam Backup and Replication, Fortinet, Ivanti, file transfer tools, RMM software, and high-impact on-prem deployments. The throughline is adversary incentive: if taking out backups or gaining initial access raises the odds of a payout, expect fast “dogpiling” once research and proof of concept exploits hit the public.

    Then we pivot into the phishing and social engineering wave: device code phishing kits that steal refresh tokens and access tokens, Microsoft Teams phishing that abuses trust, callback phishing that hides the danger in a phone number, and the growing use of burnable infrastructure like workers.dev and pages.dev. We also dig into the dark web economy behind phishing as a service and why some groups are literally hiring English-speaking social engineers.

    Subscribe, share this with a teammate who owns patching or identity, and leave a review so more defenders can find the show. What’s the one vulnerability or phishing tactic you’re most worried about right now?

    Send us Fan Mail

    Support the show

    Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    Show More Show Less
    48 mins
  • From Law Enforcement To Adversary Intelligence In Modern Banking (Eric Huber & Pedro Kertzman)
    May 26 2026

    Telegram isn’t just where fraud gets discussed, it’s where entire criminal markets operate in the open. I sit down with Eric Huber, who leads adversary intelligence and disruption work at TD Bank Group, to map how cyber-enabled financial crime really works today: the blend of fraud, payments, cybersecurity, cryptocurrency, and now AI. If you’ve ever wondered why CTI in banking feels different than “classic” threat intel, this conversation makes the overlap tangible and practical.

    We get into what Eric is seeing in Southeast Asia focused fraud ecosystems, including why the scale on Telegram can be overwhelming and how to find signal without drowning in noise. We talk about the reality of doing OSINT in a regulated financial services environment, where legal, privacy, vendor reviews, and governance controls are not red tape but part of doing investigations safely. Along the way, Eric shares a simple approach that works: start with a few sources, iterate, validate with peers, and keep your assumptions testable.

    From there, we connect the dots between telecom and banking with SIM swap attacks, insider risk, and why phone number takeover is still a fast path to account takeover and crypto theft. We also explore cryptocurrency fraud and blockchain analysis, including how public ledger data can help you evaluate criminal tooling and payment flows. Finally, we dig into AI in cybersecurity: where it accelerates analysis, where hallucinations can mislead teams, and why human QA and strong data handling matter more than ever.

    Subscribe, share this with a teammate, and leave a review if it helps. What part of the fraud and cyber threat landscape do you want us to unpack next?

    Send us Fan Mail

    Support the show

    Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

    Show More Show Less
    25 mins
adbl_web_anon_alc_button_suppression_t1
No reviews yet