Episode 19: Inside Shadowserver - The Front Line of Global Cyber Defense | Piotr Kijewski

Episode 19: Inside Shadowserver - The Front Line of Global Cyber Defense | Piotr Kijewski

Recorded live at RSA Conference, THREATCON1 hosts Patrick Garrity (Security Researcher at VulnCheck) and Kimber Duke (Director of Product at VulnCheck) sit down with Piotr Kijewski, CEO of The Shadowserver Foundation, to explore the evolving landscape of cyber threats, vulnerability exploitation, and global threat intelligence. As one of the most respected nonprofit organizations in cybersecurity, Shadowserver collects and shares threat intelligence at massive scale, helping governments, ISPs, enterprises, and security teams identify compromised systems, track active exploitation, and respond to emerging cyber threats. In this conversation, Piotr shares how Shadowserver grew from a volunteer incident-response initiative into a globally trusted organization monitoring cyber activity across more than 175 countries. The discussion covers the rise of ransomware and extortion operations, the return of large-scale botnets, residential proxy networks, IoT security risks, rapidly accelerating vulnerability exploitation, and the growing challenge of AI-generated security misinformation. The team also explores how Shadowserver detects exploitation in the wild, supports law enforcement operations, assists with botnet takedowns, and helps defenders gain visibility into their external attack surface before attackers strike. Topics Covered: * How Shadowserver became a global cybersecurity force * The evolution of cybercrime over the past 20 years * Why exploitation is happening faster than ever * Residential proxy networks and IoT botnets * Tracking known exploited vulnerabilities (KEVs) * The challenges of securing network edge devices * AI-generated vulnerability research and "AI slop" * Botnet disruptions, sinkholing, and law enforcement operations * Building effective cyber threat intelligence partnerships * Practical advice for security teams and defenders Whether you're a CISO, vulnerability management leader, SOC analyst, threat hunter, security researcher, or cybersecurity professional, this episode offers valuable insight into the threats shaping today's internet and the organizations working behind the scenes to make it safer. Links: Shadow Server https://www.shadowserver.org/ [https://www.shadowserver.org/] Vulncheck https://www.vulncheck.com/ [https://www.vulncheck.com/] THREATCON1 https://www.threatcon1.org/ [https://www.threatcon1.org/] #CyberSecurity #ThreatIntelligence #VulnerabilityManagement #Shadowserver #RSAConference #CyberDefense #ThreatHunting #VulnCheck #Botnets #Ransomware #InfoSec #CyberThreats #THREATCON1Podcast #VulnerabilityResearch #NetworkSecurity

Episode 18: The New Cyber Battlefield: Iran, Ransomware & the Threats Hiding in Plain Sight | Cynthia Kaiser and Johnny Collins of Halcyon

In this special live episode recorded at RSA Conference, ThreatCon1 hosts Patrick Garrity and Kimber Duke sit down with Cynthia Kaiser, SVP of Ransomware Research at Halcyon and former FBI Cyber Executive, alongside Johnny Collins, Director of Intelligence Operations at Halcyon. The discussion explores how ransomware has evolved from financial crime into a growing national security threat. Cynthia and Johnny share firsthand insights from decades of experience across the FBI, NSA, Mandiant, and the private sector, including the discovery of Scattered Spider, investigations into major cyber campaigns, and emerging threats tied to geopolitical conflicts. Topics include: • The evolution of ransomware and why attacks are now measured in minutes instead of days • How groups like Scattered Spider changed the cyber threat landscape • The growing overlap between nation-state operations and cybercriminal activity • Iranian-linked ransomware campaigns and their connection to geopolitical conflict • Why healthcare and critical infrastructure remain prime targets • The hidden reality of ransomware payments and repeat victimization • How public and private sector organizations can work together to disrupt cybercriminal networks • What security leaders should be doing now to prepare for the next wave of attacks Whether you're a security practitioner, threat intelligence professional, executive, or simply interested in how cyber threats are shaping global events, this conversation provides valuable insights into the rapidly evolving threat landscape. Guests: Cynthia Kaiser – SVP, Ransomware Research, Halcyon | Former FBI Cyber Executive Johnny Collins – Director of Intelligence Operations, Halcyon Hosts: Patrick Garrity, Security Researcher, VulnCheck Kimber Duke, Director of Product, VulnCheck #CyberSecurity #Ransomware #ThreatIntelligence #Iran #ScatteredSpider #CriticalInfrastructure #HealthcareSecurity #CyberCrime #ThreatCon1 #RSAConference #Halcyon #VulnCheck

Episode 17: How Cyber Threat Hunters Think | Joe Slowik of Dataminr on Threat Intel, Detection Engineering & Cyber Warfare

Recorded live at the RSA Conference, this episode of the THREATCON1 Podcast features a deep-dive conversation with Joe Slowik — one of the cybersecurity industry’s leading voices in cyber threat intelligence, detection engineering, and adversary operations. Hosted by Patrick Garrity and Kimber Duke from VulnCheck, the discussion explores how modern threat actors operate, why most organizations still struggle with cybersecurity fundamentals, and how defenders can build stronger, intelligence-driven security programs. ABOUT OUR GUEST: Before joining Dataminr, Joe held cybersecurity and threat intelligence roles across government and industry, including work with Dragos, Gigamon, Huntress, and MITRE. His background spans Navy cyber warfare operations, incident response, threat hunting, intrusion analysis, and large-scale detection engineering. In this episode, the conversation covers: * How cyber threat intelligence actually supports real security outcomes * Why detection engineering is becoming essential for modern security teams * The mindset defenders need to think like attackers * Lessons from the Black Basta ransomware chat leaks * Threat hunting methodologies and operational security practices * VPN abuse, proxy infrastructure, and telecom compromise risks * Why healthcare and manufacturing continue to be high-risk targets * How attackers prioritize targets using sales and marketing-style tactics * The future of cybersecurity talent, hacker culture, and defensive operations * Why strong cybersecurity still comes down to fundamentals and operational discipline Whether you work in a SOC, lead a security team, build detection content, hunt threats, or simply want to better understand how modern cyber adversaries operate, this episode delivers practical insights from leaders working on the front lines of cybersecurity. Dataminr uses AI and real-time event discovery to help organizations detect emerging risks, cyber threats, geopolitical events, and breaking incidents faster — enabling security teams to respond before threats escalate. VulnCheck provides exploit and vulnerability intelligence designed to help organizations prioritize real-world threats, understand exploitation activity, and stay ahead of emerging vulnerabilities before attackers weaponize them.

Episode 16: From ‘Hackers Are Criminals’ to Industry Leaders — What Changed? | Casey Ellis of Bugcrowd

Recorded live at the RSA Conference, this episode of THREATCON1 features a deep dive into the evolving world of cybersecurity with Casey Ellis, Founder of Bugcrowd. Joined by Patrick Garrity (Security Researcher) and Kimber Duke (Director of Product at VulnCheck), the conversation explores how the industry is changing—and why many of the core problems remain the same. From the rise of AI-powered capabilities to the growing importance of vulnerability disclosure programs, this episode unpacks the tension between speed, innovation, and security. 🔍 What You’ll Learn - Why cybersecurity today feels “faster, louder, and more chaotic” - How AI is expanding both opportunity and risk in hacking - The evolution of bug bounty programs and ethical hacking - Why most software is built without security as a priority - The reality of vulnerability disclosure—and why it’s still broken - The importance of empathy between researchers and organizations - How community plays a critical role in modern security - The legal risks hackers face—and how initiatives like the Security Research Legal Defense Fund are changing that ⚡ Key Insights - “We’re solving the same problems—just faster and louder.” - Security often comes second to shipping products quickly - Ethical hackers are now gaining a seat at the leadership table - Clear vulnerability disclosure processes can prevent real-world damage - The future of cybersecurity depends on collaboration, not silos 👤 About the Guest Casey Ellis is the Founder of Bugcrowd, a pioneer in crowdsourced cybersecurity and bug bounty programs. With over a decade of experience shaping how organizations work with ethical hackers, Casey has played a key role in advancing vulnerability disclosure practices globally. 🔗 Resources & Projects Mentioned Disclose.io — Improving vulnerability disclosure standards https://disclose.io Security Research Legal Defense Fund — Supporting ethical hackers facing legal challenges https://srldf.org 🎙️ About THREATCON1 THREATCON1 brings together leading voices in cybersecurity to explore the biggest challenges, ideas, and innovations shaping the industry today. https://threatcon1.org

Episode 15: Most Enterprise Software Is Already Exploitable (And No One Knows It) | Joe Silva, CEO of Spektion

In this live episode recorded at RSA Conference, the THREATCON1 team sits down with Joe Silva, Founder & CEO of Spektion, for a deep dive into the evolving reality of enterprise cybersecurity in the age of AI and explosive software complexity. Joe shares his unique journey from military intelligence and government service, through roles at iSight Partners, Symantec, TransUnion, and JLL as CISO, to now building a cybersecurity startup focused on redefining how organizations understand and manage exploitability. At the core of the conversation is a shift away from traditional vulnerability management and CVE-driven thinking toward runtime, behavior-based visibility. Joe explains how modern environments are increasingly filled with custom-built tools, AI-generated code, and rapidly evolving software that often falls outside traditional security models. Key topics covered include: - Why CVE-based vulnerability management is no longer enough - How runtime telemetry reveals true exploitability in real time - The growing problem of alert fatigue and the move toward “non-alerting” security models - Why most enterprise environments contain far more custom and unknown software than teams realize - The rise of AI-generated code and its impact on secure development practices - The shift from patching toward mitigation as a primary security strategy - How supply chain attacks are evolving in an AI-accelerated development world - Why memory-based vulnerabilities remain one of the most under-addressed systemic risks The discussion also explores a forward-looking reality: security teams must increasingly operate at machine speed, focusing less on perfect prevention and more on fast detection, prioritisation, and mitigation of real exploitable conditions. A candid, practical, and forward-thinking conversation on what it truly takes to secure modern software ecosystems.