All Episodes
Displaying 41 - 60 of 130 in total
Episode 41: Detecting Abnormal User Behavior
Attackers often succeed not because they're invisible, but because they mimic normal user behavior—until they don’t. In this episode, we explore how user and entity be...
Episode 42: Security Scripting and Automation Basics
Not all threats require a human response—and not all analysis can scale without scripting. In this episode, we dive into the scripting and automation fundamentals anal...
Episode 43: Threat Actor Categories and Profiles
Understanding the adversary is the first step to anticipating their next move. In this episode, we profile the major categories of threat actors you need to know for t...
Episode 44: Insider Threats and Supply Chain Risks
Some of the most damaging threats come from within—or through trusted partners. In this episode, we explore the two primary forms of insider threats: intentional actor...
Episode 45: Threat Intelligence Confidence Levels and TTPs
All threat intelligence is not created equal. In this episode, we explore how analysts evaluate the reliability of threat intelligence based on confidence levels—speci...
Episode 46: Open Source Threat Intelligence Collection
Not all threat intelligence comes with a price tag. In this episode, we explore the value and limitations of open source intelligence (OSINT) in cybersecurity operatio...
Episode 47: Closed Source Threat Intel and Information Sharing
Some of the most actionable threat intelligence is found behind closed doors. In this episode, we examine closed source threat intel—feeds and services provided by ven...
Episode 48: How Threat Intelligence Powers Security Functions
Threat intelligence is more than just information—it’s fuel for proactive defense. In this episode, we show how threat intel informs and enhances nearly every security...
Episode 49: Indicators of Compromise and Threat Hunting
Threat hunting begins where automation ends. In this episode, we break down the lifecycle of Indicators of Compromise (IoCs)—how they are discovered, validated, and ap...
Episode 50: Threat Hunting Focus Areas and Active Defense
Hunting threats means knowing where to look—and what to expect. In this episode, we identify the key focus areas for threat hunting operations, including misconfigured...
Episode 51: Standardizing and Automating Security Processes
Consistency is key in security operations, especially when teams are responding to high volumes of alerts under time pressure. In this episode, we dive into the benefi...
Episode 52: Streamlining with SOAR and Threat Feed Enrichment
Security Orchestration, Automation, and Response (SOAR) platforms help security teams move faster and more intelligently. In this episode, we go deeper into how SOAR s...
Episode 53: Integrating APIs and Plugins for Efficiency
Modern security platforms rarely operate in silos. In this episode, we explore how APIs, webhooks, and plugins allow your tools to communicate—enabling integrations th...
Episode 54: Single Pane of Glass: Visibility in the SOC
In complex environments, visibility is everything. But when your tools are spread across different dashboards and platforms, critical context can be lost. This episode...
Episode 55: Domain 2 Overview – Vulnerability Management in Practice
Welcome to Domain 2: Vulnerability Management. In this foundational episode, we set the stage for everything you’ll learn in the coming sessions—from scanning tools an...
Episode 56: Asset Discovery in the Wild
Before you can scan for vulnerabilities, you need to know what assets you’re protecting. In this episode, we focus on the first step of the vulnerability management li...
Episode 57: Vulnerability Scanning – Special Considerations
Not all scans are created equal. In this episode, we explore the many considerations that go into planning and executing a vulnerability scan without disrupting busine...
Episode 58: Internal vs. External Scanning Strategies
Where you scan from is just as important as what you’re scanning. This episode breaks down the difference between internal and external vulnerability scans—what each o...
Episode 59: Agent-Based vs. Agentless Scanning
Should you deploy agents on every device, or scan remotely without them? In this episode, we compare agent-based and agentless vulnerability scanning approaches and ex...
Episode 60: Credentialed vs. Non-Credentialed Scans
Credentials can change everything. In this episode, we explore the differences between credentialed and non-credentialed scans—and why access matters when identifying ...
