In this first episode of 2025, I picked a topic that is one of the few areas of security that is both 'hype' and 'real'. Threat Intelligence. It is an area that you can get great information for free but also overpay for what you get.

I wanted to take a different approach to discussing this one, so I contacted a well-respected colleague of mine, Justin Lentz. Who happens to work in the SMB Threat Intel space to come on the podcast and share his experiences and thoughts.

Talking Points:

• How do you approach a smaller client when it comes to TI?
• What is different when it comes to a client that has some experience with TI?
• What are some pitfalls when you look at the different TI providers out there?
• What happens when you run into data that is not relevant to your company's process?
  • Asking clients what is the problem that you are trying to solve?
• What do you do when you have a low or limited budget?
• What is his experiences running into this type of project (open source tools, using Azure, etc.)
• What does it look like a year later?
  • SaaS platform
  • Partnering with different groups, agencies, etc.
  • The 'addiction' on wanting to get more data
  • Creating a Circle of Trust to share valuable information

Episode Charity:

Corewell Health's Blue Envelope Student Suicide Prevention Program

Episode Sponsor:

Solis Security is a cyber security managed service provider specializing in Threat Intelligence and Incident Response.

In this special episode, I finally get a chance to do a virtual fireside chat with my talented and funny CISO Scott Dresen. I actually started working with Scott while he was the Chief Technology Officer for Spectrum Health. It was in this role that Scott down the path to becoming the Chief Information Security Officer for Corewell Health. So you can say he has been here for the entire Information Security program revamp that started back in 2016.

Talking Points:

• Back in 2016 you were the CTO when the Information Security program was 'rebooted'. What were some of your biggest challenges and frustrations back then?
• In 2018 you assumed the dual role of CTO and CISO, what was the hardest thing you had to change/overcome with having that dual role?
• Let's talk to WannaCry incident, what did the high level leadership view look like and what decisions needed to happen?
• In 2019 you had to re-evaluate the state of the security program at the halfway part of the timeline. During that you had to make some hard choice about the direction we needed to go in order to compete things. How did you come up with those decisions?
• You have had the distinct 'pleasure' of being a part of both a small healthcare and large scale acquisitions, what are some valuable lessons learned from each?
• In 2020 you had to pivot from an almost entirely in-person workforce to almost 100% remote, how did you manage to accomplish this in a timely and successful manner?
• In 2023 you had a chance to speak in front of congress around healthcare security, walk me through how that came about, how you felt in the moment and what things would you do differently (in hindsight)
• What has been the hardest part of planning and implementing Artificial Intelligence security?
• Heading into 2025, what advice do you have for other healthcare security leaders as they face the challenges of tighter budgets, smarter threat actors and changing business strategies?

Episode Charities:

• Toys for Tots of Grand Rapids - Presents for less fortunate children
• North Kent Connect - A great foundation that helps families with items that may not be covered by other programs
• YMCA of Greater Grand Rapids - Great organization promoting healthy lifestyles

Episode Sponsor:

Cloud Con - Michigan's premier security and infrastructure conference!

*Disclaimer* While this episode deals with an incredibly important topic, there are potential dangers in doing this type of work. PLEASE do your homework and be well prepared should you go down this path, as your life can be impacted with a wrong turn.

In this episode, which is the first of a listener requested one around technical topics.

With cybercrime and threat actor activity on the rise, it is more important than ever to understand the dark web and monitor it for potential risks or signs of a breach. There are several tools and intel providers that can do this, but they’re not cheap. So why don’t we just do it ourselves?

Python can handle simple tasks surrounding dark web scanning and offers more customization for complex tasks. Using strictly free open-source libraries and any system you have available, you can set up an automated scanner and detect threats as they arise.

Scan for IP addresses, potentially compromised emails, crypto addresses, and any regex patterns that you desire. Map your findings to the most relevant onion sites and get an understanding of where your adversaries tend to operate. This is just a start. From here, you can go almost anywhere.

Episode Charity:

Proceeds from this episode's sponsorship will be going towards the Baker-Bonsai Friendship Fund. Bruce Baker was a great bonsai tree artist and along with Deal Bull, helped make the art of bonsai be something wonderful that can be shared for future generations at the Frederik Meijer Gardens.

Episode Sponsor:

Cloud Security Alliance of West Michigan

Talking Points:

• Why is it important that you at least have a basic understanding of the Dark Web is you are in the Small and Medium sized Business (SMB) space.
• Pros and Cons of Build vs Buy
• What safeguards do you want when out in the fringes?
• What are the mental health aspects of doing this type of work? How manage those pressures?
• What are Seed URLs?
• How to use Dark Web templates for scanning.

Description credit to GrrCon