THREATCON1 PODCAST

Recorded live at the RSA Conference, this episode of the THREATCON1 Podcast features a deep-dive conversation with Joe Slowik — one of the cybersecurity industry’s leading voices in cyber threat intelligence, detection engineering, and adversary operations.

Hosted by Patrick Garrity and Kimber Duke from VulnCheck, the discussion explores how modern threat actors operate, why most organizations still struggle with cybersecurity fundamentals, and how defenders can build stronger, intelligence-driven security programs.

ABOUT OUR GUEST:

Before joining Dataminr, Joe held cybersecurity and threat intelligence roles across government and industry, including work with Dragos, Gigamon, Huntress, and MITRE. His background spans Navy cyber warfare operations, incident response, threat hunting, intrusion analysis, and large-scale detection engineering.

In this episode, the conversation covers:

• How cyber threat intelligence actually supports real security outcomes
• Why detection engineering is becoming essential for modern security teams
• The mindset defenders need to think like attackers
• Lessons from the Black Basta ransomware chat leaks
• Threat hunting methodologies and operational security practices
• VPN abuse, proxy infrastructure, and telecom compromise risks
• Why healthcare and manufacturing continue to be high-risk targets
• How attackers prioritize targets using sales and marketing-style tactics
• The future of cybersecurity talent, hacker culture, and defensive operations
• Why strong cybersecurity still comes down to fundamentals and operational discipline

‍

Whether you work in a SOC, lead a security team, build detection content, hunt threats, or simply want to better understand how modern cyber adversaries operate, this episode delivers practical insights from leaders working on the front lines of cybersecurity.

Dataminr uses AI and real-time event discovery to help organizations detect emerging risks, cyber threats, geopolitical events, and breaking incidents faster — enabling security teams to respond before threats escalate.

VulnCheck provides exploit and vulnerability intelligence designed to help organizations prioritize real-world threats, understand exploitation activity, and stay ahead of emerging vulnerabilities before attackers weaponize them.

‍

Recorded live at the RSA Conference, this episode of THREATCON1 features a deep dive into the evolving world of cybersecurity with Casey Ellis, Founder of Bugcrowd.

Joined by Patrick Garrity (Security Researcher) and Kimber Duke (Director of Product at VulnCheck), the conversation explores how the industry is changing—and why many of the core problems remain the same.

From the rise of AI-powered capabilities to the growing importance of vulnerability disclosure programs, this episode unpacks the tension between speed, innovation, and security.

🔍 What You’ll Learn

- Why cybersecurity today feels “faster, louder, and more chaotic”

- How AI is expanding both opportunity and risk in hacking

- The evolution of bug bounty programs and ethical hacking

- Why most software is built without security as a priority

- The reality of vulnerability disclosure—and why it’s still broken

- The importance of empathy between researchers and organizations

- How community plays a critical role in modern security

- The legal risks hackers face—and how initiatives like the Security Research Legal Defense Fund are changing that

⚡ Key Insights

- “We’re solving the same problems—just faster and louder.”

- Security often comes second to shipping products quickly

- Ethical hackers are now gaining a seat at the leadership table

- Clear vulnerability disclosure processes can prevent real-world damage

- The future of cybersecurity depends on collaboration, not silos

👤 About the Guest

Casey Ellis is the Founder of Bugcrowd, a pioneer in crowdsourced cybersecurity and bug bounty programs. With over a decade of experience shaping how organizations work with ethical hackers, Casey has played a key role in advancing vulnerability disclosure practices globally.

🔗 Resources & Projects Mentioned

Disclose.io — Improving vulnerability disclosure standards https://disclose.io

Security Research Legal Defense Fund — Supporting ethical hackers facing legal challenges https://srldf.org

🎙️ About THREATCON1

THREATCON1 brings together leading voices in cybersecurity to explore the biggest challenges, ideas, and innovations shaping the industry today. https://threatcon1.org

‍

In this live episode recorded at RSA Conference, the THREATCON1 team sits down with Joe Silva, Founder & CEO of Spektion, for a deep dive into the evolving reality of enterprise cybersecurity in the age of AI and explosive software complexity.

Joe shares his unique journey from military intelligence and government service, through roles at iSight Partners, Symantec, TransUnion, and JLL as CISO, to now building a cybersecurity startup focused on redefining how organizations understand and manage exploitability.

At the core of the conversation is a shift away from traditional vulnerability management and CVE-driven thinking toward runtime, behavior-based visibility. Joe explains how modern environments are increasingly filled with custom-built tools, AI-generated code, and rapidly evolving software that often falls outside traditional security models.

Key topics covered include:

- Why CVE-based vulnerability management is no longer enough

- How runtime telemetry reveals true exploitability in real time

- The growing problem of alert fatigue and the move toward “non-alerting” security models

- Why most enterprise environments contain far more custom and unknown software than teams realize

- The rise of AI-generated code and its impact on secure development practices

- The shift from patching toward mitigation as a primary security strategy

- How supply chain attacks are evolving in an AI-accelerated development world

- Why memory-based vulnerabilities remain one of the most under-addressed systemic risks

The discussion also explores a forward-looking reality: security teams must increasingly operate at machine speed, focusing less on perfect prevention and more on fast detection, prioritisation, and mitigation of real exploitable conditions.

A candid, practical, and forward-thinking conversation on what it truly takes to secure modern software ecosystems.

‍

Recorded live at RSA Conference in San Francisco, Patrick Garrity and Kimber Duke from VulnCheck sit down with Saeed Abbasi, Senior Manager of Security Research at the Qualys Threat Research Unit, for a deep dive into one of the most overlooked attack surfaces in cybersecurity: network edge devices.

From firewalls and VPN gateways to home routers, edge devices sit at the intersection of the internet and corporate networks — making them prime targets for attackers.

In this episode, Saeed shares insights from years of vulnerability research across organizations like Trend Micro, Palo Alto Networks, and Qualys, including:

• Why network edge devices are frequently targeted by attackers

• The challenges organizations face when patching or replacing vulnerable infrastructure

• How botnets exploit consumer routers while ransomware actors target enterprise edge devices

• Why visibility and asset inventory are critical for security teams

• The growing importance of risk-based vulnerability prioritization

• How attackers exploit vulnerabilities within days — or even before patches are available

The conversation also explores broader trends in vulnerability research, the evolution of exploitation timelines, and what organizations can do today to reduce risk at the edge.

If you're responsible for vulnerability management, threat research, or network security, this episode offers valuable insight into how attackers are evolving — and how defenders can keep up.

Guests

Saeed Abbasi – Senior Manager, Security Research, Qualys Threat Research Unit

Hosts

Patrick Garrity – VulnCheck

Kimber Duke – Director of Product, VulnCheck

Recorded live at RSA Conference.

‍

In this episode of the THREATCON1 Podcast, Patrick Garrity is joined by Ryan Dewhurst, Head of Threat Intelligence at WatchTowr, for a deep dive into the rapidly evolving world of vulnerabilities, threat intelligence, and real-world exploitation.

Ryan shares the story of his journey through cybersecurity — from creating the widely used Damn Vulnerable Web Application (DVWA) and the WPScan vulnerability database, to building projects like KevIntel, and now leading threat intelligence efforts at WatchTowr.

The conversation explores how modern attackers operate, why time-to-exploit is shrinking, and why internet-facing infrastructure like routers, firewalls, VPNs, and edge devices has become a primary target for threat actors.

Patrick and Ryan also discuss the growing scale of the vulnerability landscape, the limitations of traditional scoring systems like CVSS, and why organizations must move toward context-driven vulnerability prioritization instead of simply chasing severity scores.

Along the way, they examine how threat intelligence teams detect exploitation in the wild using honeypot networks, reverse engineering, and vulnerability research — and what defenders should be paying attention to as the cybersecurity landscape continues to accelerate.

If you’re interested in emerging threats, exploited vulnerabilities, and the future of cyber defense, this episode is packed with insights.

Topics covered in this episode

• Ryan Dewhurst’s path from DVWA and WPScan to WatchTowr

• The rise of exploited vulnerability intelligence

• Why attackers are increasingly targeting network edge devices

• The shrinking time-to-exploit window

• Zero-day vs end-day vulnerabilities in real attacks

• Detecting exploitation with honeypots and threat telemetry

• Why CVSS scores alone aren’t enough

• The growing challenge of managing vulnerability volume

• What cybersecurity teams should expect in the years ahead

🎧 Subscribe to the THREATCON1 Podcast for more conversations with cybersecurity researchers, threat intelligence leaders, and industry experts exploring the evolving threat landscape.

‍

In this episode of the THREATCON1 Podcast, Tom Bain and Patrick Garrity sit down with Lillian Lang, Senior Manager of Cyber Threat Intelligence at Chevron, to explore how modern cyber threats are evolving—and what defenders must do to stay ahead.

Lillian shares her journey from federal intelligence work after 9/11 to protecting critical infrastructure in the private sector, offering a rare inside look at:

• How nation-state actors target the energy industry
• The real impact of supply-chain vulnerabilities and zero-day exploits
• Why third-party risk and business continuity are now core security concerns
• The growing role of AI in cyber defense—and the new risks it introduces
• What cyber threat intelligence teams actually do inside global enterprises

‍

This conversation delivers practical insight for cybersecurity professionals, technology leaders, and anyone interested in how critical infrastructure is defended in an increasingly complex threat landscape.

Subscribe for more conversations with the people shaping the future of cybersecurity.

‍

In this episode of the THREATCON 1 Podcast, hosts Tom Bain and Patrick Garrity sit down with Cynthia Kaiser, SVP at Halcyon and former FBI cyber executive, to explore the rapidly evolving world of ransomware, AI-driven threats, and national-security-level cyber defense.

Drawing on two decades inside the FBI—including briefing the President’s Daily Intelligence Brief—Cynthia shares frontline insight into how cyber threats have changed, why ransomware is moving faster than ever, and what organizations must do now to stay protected.

In this conversation:

• How AI is reshaping ransomware attacks and social engineering
• Why today’s cyber threats blur the line between espionage and warfare
• The growing gap between government capability and private-sector technology
• What “assume breach” really means in modern cybersecurity
• When (if ever) paying a ransom makes sense
• Practical strategies to contain attacks and protect critical infrastructure

‍

This is a must-watch discussion for security leaders, IT professionals, policymakers, and anyone concerned about the future of cyber defense.

About Cynthia Kaiser

Cynthia is an award-winning cyber executive, former FBI leader, and SVP at Halcyon focused on stopping ransomware and advancing threat intelligence. She has been featured in major global media and previously served as a President’s Daily Brief intelligence briefer across two U.S. administrations.

Subscribe for more conversations with the people shaping the future of cybersecurity.

‍

Tom and Patrick chat with Neil Robinson, Head of Security Engineering and Cybersecurity, Virgin Money. Neil shares his perspectives on tracking and managing emerging cyber threats in the financial services industry, gives us an alternate role or the CISO - The Chief "Translation" Officer, and provides some ways in which he focuses in on reducing noise, creating more effective signal, and how he sees the "AI slop" affecting that signal-to-noise ratio from some intel providers. Finally, Neil make an enormously salient point on how trust factors into threat actor tracking across a targeted "Top 10" threat actors who matter in the financial industry.

THREATCON1 hosts Tom Bain and Patrick Garrity sit down with Nathan Rollings, Field CISO at Zafran, and Yonatan Keller, Analyst Team Lead at Zafran, for a deep, practitioner-focused conversation on the realities of modern vulnerability management.Together, they explore why patching alone can’t keep up with today’s threat landscape — and how security teams can dramatically reduce risk by prioritizing what actually matters.

Tom and Patrick sit down with Tyler Shields, Cybersecurity Strategy Analyst at Omdia, for a wide-ranging conversation on where cybersecurity is heading — and what actually matters to practitioners right now.

‍
The discussion dives deep into the realities behind AI hype, the importance of keeping humans in the loop, and why buyers are overwhelmed by security debt rather than lacking data. Tyler also offers a candid take on the CVE ecosystem, vulnerability scoring fragmentation, and why context — not raw severity scores — is the only thing that makes vulnerability data actionable.

Tom and Patrick sit down with Nabil Hannan, Field CISO at NetSPI, AI-focused startup advisor, and host of the Agent of Influence podcast. Nabil shares his unique perspective on today’s most pressing cybersecurity challenges.

Tom and Patrick sit down with Christine Fignar, Cybersecurity Analyst at the Federal Reserve Bank of Minneapolis, to unpack one of the most misunderstood areas of security: insider threats and human-driven risk. Christine’s background spanning aviation, HR, communications, and counterterrorism gives her a rare perspective on stress, behavior patterns, and the subtle signals that often precede incidents.

‍

We get into her “Cone of Uncertainty” framework for visualizing how threats form and evolve, discuss hiring fraud, offboarding gaps, nation-state recruitment, and why organizations routinely miss early warning signs. A conversation for anyone looking to better understand, track, and communicate human-centric risk.

‍

Tom and Patrick welcomed Simon Goldsmith, CISO, Ovo Energy to the show, to chat about the emerging threat landscape across different industries he’s served in - from the CISO’s perspective. We dig into some of his cyber experiences throughout his career, talk rugby, debate Oasis vs Blur and even drill down into how to counter coordinated nation-state attacks!

Tom and Patrick host Mike Privette, Founder, Return on Security, to get a sense of Mike's perspectives on how he's used his operational background in cyber as a former multi-time CISO to pivot into something entirely different in the cyber market today! Mike brings insights on how he tracks and slices data on all cyber funding and M&A activity with his broad-ranging dataset and his leading newsletter. They cover ground on emerging threats, AI investment in cyber and what pushed him to pursue a unique pivot in his cybersecurity journey!

Tom and Patrick sit down with VP of Security Research, Tod Beardsley. We talk to Tod about his current role leading cyber research at RunZero, his time at CISA, emerging cyber threats he's currently engaged in researching, his perspective on the CVE program and its future - and finally, horror movies, of which Tod is an aficionado and active podcast host himself of Podsothoth: A Lovecraft Book Club. This session isn't THAT scary really...

In this episode, Tom and Patrick chat with former Director of the CIA’s Center for Cyber Intelligence, Andrew Boyd, about the root of today’s emerging cyber threats to both business and to citizens. They dive into his experience in offensive cybersecurity across multiple former government roles, how he grew his skillset into cyber and experiences in serving the U.S. in many innovation-led cyber capacities, and his current cyber-inspired initiatives.

In this episode, Tom and Patrick chat with Jen Easterly, former Director of CISA, for the U.S. government. Topics covered range from public-private collaboration efforts to better protect our national security, to her perspectives on defending against threat actors targeting U.S. interests as well as the impact AI is having on cyber today, with a sneak peak into a few of her upcoming key initiatives. And we go to learn how Jen Easterly spent her summer!