Threat Vector

Follow the Crypto

Every threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. ⁠Jackie Burns Koven⁠ leads cyber threat intelligence at Chainalysis, where she tracks how criminal and nation-state actors use cryptocurrency to fund attacks, launder proceeds, and pay for the tools and infrastructure that power the underground economy. Before Chainalysis, she worked in the U.S. Intelligence Community on nuclear proliferation. She also serves on the Ransomware Task Force, the cross-sector coalition working to disrupt the financial ecosystem that makes ransomware profitable. In this conversation recorded live at the Links conference in New York, guest host ⁠Michael Sikorski⁠, CTO of Unit 42, talks with Jackie about how blockchain intelligence works as a threat intelligence discipline, why open-source cryptocurrency is more exposed than most defenders realize, and what the financial signatures of threat actors can reveal that traditional IOCs cannot.

Transcript

The Human Side of Threat Intelligence

Ingrid Parker, Director of Intel Response at Unit 42, has a background that doesn't fit the mold: art student, Army linguist, systems administrator deployed to Afghanistan, co-author of 11 Strategies of a World-Class Cybersecurity Operations Center. In this conversation, she and host David Moulton dig into what it actually feels like to do threat intelligence at the highest levels — how you build the kind of thinking that lets you get inside an adversary's head, what you look for when you're hiring for that skill, and what the job quietly costs the people who do it well.

Transcript

AI in the Wrong Hands

AI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. ⁠Assaf Keren⁠, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets specific about what happens when powerful tools fall into the wrong hands, and what leaders need to do before they get caught off-guard.

Transcript

Operation Winter SHIELD: What the FBI Wants Industry to Do Now

The FBI sees every breach. You see yours. ⁠Adam Maddock⁠, Section Chief of the FBI's Cyber Technical Analytics and Operations Section, and ⁠Jarrod Schlenker⁠, Assistant Section Chief leading the FBI Cyber Division's private-sector engagement, join ⁠David Moulton⁠ to walk through Operation Winter SHIELD, the FBI's public campaign built on what investigators see repeated across hundreds and thousands of cases. Ten defenses. All of them rooted in real intrusions. Most of them still missing from too many organizations.

Transcript

Breach School

What does it take to go from staring at forensic images to sitting across from a CEO whose company is on fire? ⁠Steve Elovitz⁠ has spent his entire career in the room when things go wrong. He started in forensics and eDiscovery at PwC, moved to Booz Allen doing government work, then spent a decade at Mandiant before joining Unit 42 to lead North America consulting and incident response. The throughline across all of it: empathy. In this conversation, Steve reflects on what two decades of incident response actually teaches you about the people on the other side of a breach. The executives fighting for their jobs. The CISOs trying to communicate while everything's on fire. The analysts who need someone to have their backs. You'll hear how Steve's understanding of the job evolved as he moved from technical analyst to executive advisor, what the shift from forensic imaging to real-time response felt like from inside it, why identity keeps showing up in nearly every postmortem, and what briefing a board looks like when you get 15 minutes instead of the hour you planned for. Steve has advised Fortune 500 boards and C-suites through some of the most damaging breaches of the past two decades. His biggest lesson turned out to be the one no certification teaches. This episode is essential listening if you're a security professional trying to grow from analyst to advisor, or a leader building a team that can sustain this kind of work over a career.

Transcript