Telegram isn’t just where fraud gets discussed, it’s where entire criminal markets operate in the open. I sit down with Eric Huber, who leads adversary intelligence and disruption work at TD Bank Group, to map how cyber-enabled financial crime really works today: the blend of fraud, payments, cybersecurity, cryptocurrency, and now AI. If you’ve ever wondered why CTI in banking feels different than “classic” threat intel, this conversation makes the overlap tangible and practical.

We get into what Eric is seeing in Southeast Asia focused fraud ecosystems, including why the scale on Telegram can be overwhelming and how to find signal without drowning in noise. We talk about the reality of doing OSINT in a regulated financial services environment, where legal, privacy, vendor reviews, and governance controls are not red tape but part of doing investigations safely. Along the way, Eric shares a simple approach that works: start with a few sources, iterate, validate with peers, and keep your assumptions testable.

From there, we connect the dots between telecom and banking with SIM swap attacks, insider risk, and why phone number takeover is still a fast path to account takeover and crypto theft. We also explore cryptocurrency fraud and blockchain analysis, including how public ledger data can help you evaluate criminal tooling and payment flows. Finally, we dig into AI in cybersecurity: where it accelerates analysis, where hallucinations can mislead teams, and why human QA and strong data handling matter more than ever.

Subscribe, share this with a teammate, and leave a review if it helps. What part of the fraud and cyber threat landscape do you want us to unpack next?

Send us Fan Mail

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

The fastest way to fall behind in cybersecurity is to stay reactive while attackers iterate in real time. We sit down with Will Thomas, known across the CTI community as “BushidoToken” to get practical about what actually helps defenders: threat actor profiling that is repeatable, actionable, and built for change.

We start with how Will builds community-ready resources like the ransomware tool matrix and his threat actor profiling guide, then zoom into the Conti leaks and what hundreds of thousands of internal ransomware messages can teach us. From “salary day” breakdowns to operator behavior during major incidents, we talk about why these datasets are a gold mine and how to avoid getting lost in the volume. Will shares a concrete workflow for large-scale analysis using JSON exports, regex searches, CyberChef, and Elasticsearch so you can extract IOCs, wallets, infrastructure clues, and the higher-level “so what” that drives detections and threat hunting.

From there, we shift into emerging threats and modern intrusion tradecraft: hacktivism that ranges from empty noise to destructive campaigns, EDR bypass techniques like bring-your-own vulnerable drivers and “EDR-on-EDR” tactics, and the steady rise of legitimate tools abused for access. We also dig into identity-led attacks where stolen credentials, social engineering, and SSO platforms like Okta can make endpoint controls less decisive. Finally, we unpack threat intelligence exchange beyond IOC feeds, including why STIX/TAXII still matters, how data quality and freshness drive results, and why a bidirectional TIP and SIEM relationship enables better correlation and “sightings.”

Subscribe, share the episode with your team, and leave a review, then tell us: what part of your threat intelligence program needs the biggest upgrade right now?

Send us Fan Mail

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

Most organizations say they “do CTI,” but what they really have is a pile of threat feeds, glossy reports, and alerts nobody trusts. We sit down with Joshua Copeland, cybersecurity executive, board advisor, and creator of the Unpopular Opinion series, to get brutally practical about what cyber threat intelligence should be: decision support that changes behavior inside a real security program.

We talk through what it looks like to operationalize threat intelligence in security operations and threat hunting, including a trap that catches even mature teams: tuning everything around a baseline that might include attacker behavior. If a threat actor moves low and slow, “normal” network traffic can quietly become the attack. Joshua shares how strong CTI teams use frameworks like MITRE ATT&CK to turn a single piece of intel into targeted hunts, better detections, and smarter prioritization instead of endless IOC matching that breaks the moment infrastructure changes.

The conversation also goes upstream into hiring and leadership. We dig into why certifications and degrees can’t substitute for critical thinking, how to interview with open ended scenarios that reveal real judgment, and how state level fusion centers can help public sector teams share actionable guidance. We also unpack why ransomware hits schools and why student data can be the real prize, then shift to the business case: translating CTI into risk reduction, downtime avoidance, insurance impact, and clear ROI.

We close with a grounded take on AI in cybersecurity: it can add speed, but only with tight guardrails, source checking, and humans staying accountable. If you found this valuable, subscribe, share the episode with your team, and leave a review so more practitioners can find it.

Send us Fan Mail

Support the show

Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!