North Korea is infiltrating Fortune 500 companies with fake employees. They create authentic LinkedIn profiles, excel in remote interviews, collect salaries, and secretly steal intellectual property, cryptocurrency, and system access. This isn't a future threat. It's happening right now across more than 40 countries. In this episode of Follow the White Rabbit, Link11 ISO Kofi Osae-Attah sits down with Kritika Roy, a senior threat intelligence researcher at DCSO in Berlin. Together, they map the threat landscape that most security teams only partially see.

Kritika's work sits at the intersection of geopolitics and cybersecurity — and that intersection is where the full picture emerges. China is running long-term intelligence operations aligned with its five-year economic plan. Russia is focused on disruption and sabotage, especially since invading Ukraine. Iran is tracking dissidents and targeting organizations with Israeli ties. And North Korea? It's doing it all — stealing money to fund weapons programs, embedding operatives inside companies, and learning by doing. The line between nation-state espionage and cybercrime has blurred to the point of being nearly indistinguishable. Threat actors are buying ransomware on the dark web as if it were Amazon. Attribution is becoming more difficult. Defenders are falling behind.

The most important insight from this conversation isn't technical; it's contextual. Geopolitics determines who targets you, when, and why. A NATO summit, a trade dispute, or an election can trigger a wave of tailored phishing campaigns and targeted intrusions. Kritika's advice to security teams isn't to become intelligence agencies. Rather, it's to read the news, understand the motivations behind attacks, and stop treating every threat with the same level of urgency. Prioritize based on context. If you're hiring remotely, ask your candidates what the local food is like. You'll be surprised at how much that one question can reveal.

1. North Korean IT workers are already inside companies. They are hired through legitimate job platforms, work as regular employees, and use their access to steal money, intellectual property, and system knowledge. The fix? At a minimum, conduct one in-person interview.
2. Geopolitics is a threat intelligence tool. Phishing lures are timed to coincide with summits, elections, and conflicts. Knowing what's happening in the world allows you to anticipate what's coming at your organization.
3. The four main threat actors have different goals. China wants intelligence. Russia wants to cause disruption. North Korea wants money and knowledge. Iran targets dissidents and organizations related to Israel. Knowing who you're up against changes everything about how you defend yourself.
4. The line between cybercrime and nation-state activity is disappearing. Nation-state actors are purchasing off-the-shelf malware on the dark web. Attribution is becoming more difficult. Security teams need to adapt their thinking.
5. Fundamentals still win. Patch management, identity security, endpoint visibility, and regular red team exercises are not boring basics; they're essential. They're the difference between being resilient and being exposed.

Subscribe to Follow the White Rabbit.

If this conversation changed the way you think about hiring, threat intelligence, or geopolitics, tell someone. Subscribe on your preferred platform, leave a review, and share this episode with your security and HR teams. Both need to hear it.

Take a look at Kritika Roy's Linkedin profile or the DCSO Website

MITRE ATT&CK – North Korea Threat Groups

FBI Advisory: North Korean IT Worker Threat (2024)

Mandiant / Google: APT Overview by Nation State

In this episode of Follow the Rabbit, host Kofi Osae-Attah sits down with Luigi Rebuffi, founder of the European Cybersecurity Organization (ECSO) and the Women4Cyber Foundation, for a deep dive. Drawing on his 40-year background in nuclear engineering, Luigi challenges the industry to move beyond digital resilience, which he views as a static buzzword, toward a more holistic, systemic approach to resilience.

He argues that most organizations are fighting the "old war," treating cybersecurity as a linear compliance checklist. In contrast, systemic resilience is inspired by complex systems theory. It focuses on nonlinear interdependencies (the "mesh"), where a failure in a minor component can lead to a crisis, but where optimized investment in these interactions can also create "double value," improving safety and operational efficiency.

The conversation also covers the "positive cascade" of the human factor, why government resilience must shift from "fortress" mentalities to flexible meshes, and how a Bayesian approach to risk management can help leaders navigate a non-binary world.

Takeaways

1. Resilience Beyond the Digital: Digital resilience is only one sub-element of a larger system. Systemic resilience considers the interaction of all parts - mechanical, environmental, and human - to prevent total collapse.
2. The "Ferrari" Analogy: You can have the perfect cybersecurity "engine" (tools), but if your "tires" (human training or third-party dependencies) are flat, the system won't be resilient. We must assess the interaction between parts, not just isolated components.
3. The Human Factor as a Resource: Although the human factor is often blamed as a vulnerability, it is fundamental to resilience. Luigi argues that organizational systems should be designed so that human error doesn't lead to catastrophic failure.
4. From Linear to Systemic Risk: Traditional risk management is Newtonian, or cause-and-effect. Modern resilience requires a Bayesian approach that maps the probability of "hidden crises" within a complex mesh of factors.
5. Sovereignty as a Dynamic Mesh: Government resilience shouldn't rely on building a static "fortress." True sovereignty comes from controlling the "mesh" - the links and interactions between existing partners - to maintain control.

Why Listen?

Are you tired of the same old "compliance-first" discussions? This episode offers a radical, engineer-led perspective on the future of European strategy. Luigi Rebuffi offers a blueprint for how organizations and governments can stop constructing static fortresses and begin to understand the dynamic interdependencies of the modern world.

Love the show? Make sure to like, follow, and subscribe to the Follow the Rabbit podcast!

You'll find Luigi on Linkedin.

Here you find more information about the ECSO.

In this episode of Follow the Rabbit, host Kofi Osae-Attah is joined by Erlend Andreas Gjære, co-founder and CEO of Secure Practice. Together, they debunk the common misconception that "people are the weakest link." Erlend argues that, with the right focus, the human element can be an organization’s greatest asset. He believes this shift requires a change in focus from basic security awareness to true preparedness.

The conversation moves beyond traditional "checkbox" compliance to explore how storytelling and interactive exercises can foster genuine employee engagement. Erlend shares the fascinating story of a company summer party that was transformed by a high-stakes simulation. This example proves that a resilient security culture is built through shared experiences rather than dry e-learning modules.

Finally, they discuss the psychology of phishing and explain why the best technology investment can't replace human intuition. Understanding how our brains process urgency and fear enables leaders to build a culture of reporting and recovery that transforms potential disasters into minor footnotes.

1. People are the last line of defense. Calling employees the "weakest link" is a big mistake. When a user clicks a link, it is often the final step in a system-wide failure rather than an isolated human error.
2. Preparedness > Awareness: Knowing a policy and acting on it are not the same. Preparedness involves co-creating organizational resilience by practicing how the company would function during an incident.
3. The Psychology of the Click: Phishing exploits instinctive "System 1" thinking. Training should focus on helping employees "slow down" and engage in "System 2" thinking, or logical reasoning, when they feel an emotional trigger, such as urgency.
4. Culture is a Conversation: A strong security culture isn't just a poster on a wall. It’s measured by how frequently and comfortably security is discussed at all levels of the business.
5. The Business Case for People: It is often easier to buy a tool than to change a habit. However, the real business case for security lies in investing in people who understand the business processes they are protecting.

Why Listen?

If you want to transition your team from fear-based compliance to confidence-based preparedness, this conversation is essential. Erlend Andreas Gjære offers a refreshing, human-centric approach to modern cybersecurity leadership.

Don't forget to like, share, and subscribe to the Follow the Rabbit podcast! Join us as we explore the people and technology that protect the future of the internet.

You'll find Erlend on Linkedin.

Find more about Secure Practice here.

Erlend also founded She speakes Cyber.

In this episode of Follow the Rabbit, host Kofi Osae-Attah sits down with Luigi Lenguito, the CEO and co-founder of BforeAI, for an in-depth discussion about the revolutionary field of predictive security. Luigi explains his "Pre-Crime" philosophy, which shifts the cybersecurity posture from "assume breach" and reactive threat detection to a model of preemptive measures that identifies malicious infrastructure - the criminal "DevOps" - before a single victim is affected.

Drawing an analogy to weather forecasting, Lenguito illustrates how data and supercomputing have transformed our ability to predict hurricanes. He argues that cybersecurity is currently in an "emergency room" phase - stressful and reactive - and that predictive intelligence is the key to moving "left of boom." By isolating and shutting down infrastructure before phishing pages or campaigns go live, organizations can stop being victims and become active participants in their own defense.

The conversation also addresses the role of automation in scaling these defenses. Given the predicted 5,000% increase in threats over the last year, Luigi makes a bold case for aggressive preemptive measures, even at the cost of minor false positives. He explains why the future is human-augmented, not human-operated, and how this shift enables CISOs to safeguard the ultimate business case for security: Brand trust.

1. Move "left of boom": Traditional threat detection (EDR/MDR) often means you are already a victim. Predictive security, on the other hand, identifies the "pre-attack" phase, which includes the registration of malicious domains and exfiltration servers.
2. The Weather Forecast Analogy: Just as we use satellites and models to preempt natural disasters, we must use automation to gain the foresight necessary to disrupt cybercrime before it starts.
3. Managing False Positives: Luigi argues for a shift in KPIs. Accepting a 0.05% rate of false positives is a strategic trade-off to avoid months-long, systemic outages that cost millions.
4. Democratized Cybercrime: The barrier to entry for attackers has collapsed due to generative AI (GenAI). There has been a shift from low-volume, high-skill APTs to high-volume, AI-augmented cybercrime using "hacking as a service."
5. The business case for security: Predictive technology protects brand reputation and ensures process resilience (OT/IT uptime). This allows limited human resources to focus on high-level strategy rather than manual takedowns.

Why Listen?

If your security team is experiencing alert fatigue and "emergency room" burnout, this episode provides a roadmap for a more proactive future. Luigi Lenguito offers the executive insight necessary to understand how automation and preventive measures save millions of potential cybercrime victims every day.

Love the show? Make sure to like, push, and subscribe to the Follow the Rabbit podcast!

Links:

You'll find Luigi on Linkedin.

Here you can find more about BforeAI.

In this episode of Follow the Rabbit, host Kofi Osae-Attah sits down with Octavia de Weerdt, the general director of NBIP. They discuss the pervasive rise of botnets and the invisible digital threats lurking in our living rooms. Octavia explains how our digital infrastructure, which we take pride in for its high-speed connectivity and smart home ecosystems, has become a double-edged sword. As we embrace digitalization, we inadvertently provide cybercrime networks with a massive, decentralized army of smart devices to power their next attack.

The conversation delves into the "paradox of the smart home," revealing that everything from routers to connected coffee makers can be exploited by malicious actors. Octavia reveals how these botnets use our personal devices against us, often without our knowledge. She warns that, as the internet security landscape shifts, we must adopt a multi-stakeholder approach balancing technology, European policy, and shared responsibility between manufacturers and providers.

Finally, Octavia highlights the unique Dutch model of collective resilience. By transforming a dense and vulnerable digital infrastructure into a collaborative defense network, the Netherlands is pioneering ways to mitigate cybercrime on a large scale. This episode is a wake-up call for everyone using the internet today. Understanding these hidden threats is the first step toward reclaiming our digital safety.

1. The Invisible Army: Massive botnet armies are active across the internet at any given moment, using compromised smart devices to launch global attacks.
2. The "Smart" Vulnerability: Every unmanaged device in your home, from routers to IoT gadgets, is a potential target for cybercrime.
3. Double-Edged Infrastructure: While our advanced digital infrastructure drives the economy, it also provides attackers with the capacity and speed needed to generate sophisticated digital threats.
4. Shared Responsibility: Protecting the internet requires more than individual caution. It requires stronger European security policies and proactive device management from internet service providers (ISPs).
5. Collective Resilience: The NaWas model demonstrates the importance of not-for-profit, community-driven organizations in defending against volumetric and application-layer attacks.

Why Listen?

If you have a Wi-Fi router or smart devices in your home, you are on the front lines of a global digital war. Octavia De Weerdt breaks down the complex worlds of botnets and internet security in practical, insightful ways that are essential for anyone operating in our highly connected world.

Don't forget to like, push, and subscribe to the Follow the Rabbit podcast! Join us as we explore the people and technology that protect the future of the internet.

You'll find Octavia on Linkedin.

Find more about the NBIP here. Dive deeper into the NaWas project.

In this episode of Follow the Rabbit, host Kofi Osae-Attah welcomes Lili Guo, the CISO and partner at Modelverse. Together, they discuss the delicate balance between automation and human intuition in cybersecurity. Lili shares her experience transitioning from the "dark ages" of 100-page Word documents and endless Excel spreadsheets to establishing functional digital infrastructures. She emphasizes that automation is not only about APIs and dashboards; it's also about reducing the "work burden" and preventing burnout for security analysts.

The conversation delves into the architecture of an Information Security Management System (ISMS). Lili demystifies the path to ISO 27001 and other major certifications. She explains that an ISMS is a dynamic, living system, not a static checklist. Organizations can achieve continuous compliance by integrating automation into daily operations rather than just "cramming" for an audit. Lili also shares a strategic "source of truth" approach, showing how to map one set of automated controls across multiple frameworks, such as SOC 2, PCI DSS, and NIST, to save hundreds of manual hours.

Finally, the episode addresses the human element in technology. Although AI is a game-changer for incident management and threat detection, Lili argues that technology cannot replace the cultural context and strategic design that a human CISO provides. Learn how to balance incident detection tools with "fit for purpose" policies to ensure your security measures protect the business without disrupting workflow.

1. Ditch the "Dark Ages" of Excel. The foundation of effective cybersecurity automation is digitalization. The first step to reducing toil is moving lists from Word and Excel into a centralized platform.
2. The ISMS is alive. An Information Security Management System requires continuous improvement and management involvement. Automation should send routine check alerts year-round to keep the system active.
3. Unified Compliance Strategy: By establishing a single source of truth, companies can automate the collection of evidence that satisfies multiple audits (ISO 27001, SOC 2, etc.) simultaneously, reducing redundant work by up to 80%.
4. AI in Incident Management: Automation and AI are essential for filtering false positives, allowing SOC teams to focus on real, high-priority threats.
5. Judgment can't be automated. Security policies must be "fit for purpose." Only humans can understand organizational culture and ensure that security measures don't stifle productivity.

Why Listen?

If your team is stressed for weeks before a security audit, your process is broken. Listen to this episode to learn how to transition from a reactive, manual approach to a proactive, automated security strategy. Whether you're a technical lead or a business executive, Lili Guo provides a blueprint for scaling your security operations using smart technology and human-centric design.

Don't forget to like, push, and subscribe to the Follow the Rabbit podcast! Join us as we explore the intersection of technology, trust, and the people behind them.

You'll find Lili on Linkedin. More about Modelverse here.

In the first episode of the English edition of Follow the Rabbit, host Kofi Osae-Attah sits down with Sabika Ishaq, the chief information security officer (CISO) at Grant Thornton Luxembourg and president of Women4Cyber Luxembourg. Together, they explore the front lines of financial security, revealing why trust is the ultimate currency and how the "human factor" is both our greatest vulnerability and our strongest defense. Sabika introduces her "Three P's" philosophy - People, People, and People - reminding us that, since humans build, use, and abuse technology, they must be at the heart of every strategy.

The conversation demystifies major regulations like DORA and NIS 2, presenting them as essential frameworks for global resilience rather than rigid checklists. Sabika explains how a "see something, say something" security culture can transform a workforce into a human firewall. By shifting the mindset from viewing security as an obstacle to viewing it as a business enabler, organizations can better protect everything from personal banking apps to critical national infrastructure.

Looking ahead, Sabika discusses the double-edged sword of AI and the urgent need for diversity in tech. She explains how neurodiversity and diverse backgrounds detect threats that homogeneous teams often overlook. From encouraging the difficult question of "why?" in the boardroom to offering a roadmap for women transitioning into the field, this episode is a masterclass in leadership, ethics, and the power of the "think before you click" mantra.

1. The Three P's: Cybersecurity is about people—those who build technology, those who use it, and those who abuse it. Resilience starts with the human element.
2. Culture over compliance: A strong security culture means security is part of everyday thinking and employees feel safe reporting incidents.
3. Regulations as Resilience: Frameworks like DORA and NIS 2 shift the focus from mere protection to operational resilience, ensuring that services can withstand global disruptions.
4. The Diversity Advantage: Diverse teams bring a wider range of perspectives, which is essential for solving the constantly evolving "puzzle" of cyber threats.
5. The Golden Rule: The most effective defense for any user is a simple mindset shift. Think before you click, and embrace shared responsibility for data safety.

Why listen?

Cybersecurity is a human problem, not just a technical one. If you want to learn how top-tier financial institutions safeguard your funds, how AI is reshaping the threat landscape, or how to build a career in this high-stakes field, this conversation with Sabika Ishaq is a must-listen.

Don't forget to like, subscribe, and follow the Follow the Rabbit podcast! Help us spread the word by sharing this episode with anyone looking to stay secure in a digital world.

You'll find Sabika on Linkedin. Or you can read her short bio here.

Here are some more facts about the Women4Cyber Foundation. And the Chapter in Luxembourg.