Explore every episode of the podcast Intelligence Tradecraft - Sharpen your analytic edge
| Title | Pub. Date | Duration | |
|---|---|---|---|
| From UK Police Intelligence to academia: Support versus specialist - Interview with Nadia Tuominen (S2E2) | 25 Feb 2026 | 01:18:26 | |
Summary Listen to Nadia Tuominen's path from crime science student to intelligence analyst in London’s Metropolitan Police, where she learned mostly on the job in a changing organization. She explains how austerity and lack of development pushed her to leave for sports integrity in tennis, then into the financial sector to work on economic crime. A later shift into academia and training lets her “close the circle” by teaching police officers and practitioners, creating qualifications she wishes had existed earlier. Across her journey, she emphasizes intelligence as a reasoning process, the importance of frameworks, elevating analysts from “support staff” to specialists, and helping people think better rather than just learn tools. Nadia emphasizes the need for analysts to be proactive, build relationships, and continuously develop their skills to adapt to the changing landscape of intelligence work. Key takeaways
Resources and references mentioned
Chapters 02:59 Journey into Intelligence and Law Enforcement 05:56 Training and Development in Intelligence Analysis 09:12 Transitioning from Law Enforcement to Sports Integrity 12:07 Understanding Intelligence Frameworks 14:51 Exploring Financial Crime and Economic Crime 17:49 The Role of Academia in Intelligence Analysis 20:51 Training and Cognitive Function in Intelligence 23:59 Defining Intelligence: Perspectives and Processes 27:10 The Importance of Forward-Looking Intelligence 29:57 Analysts as Specialists, Not Support Staff 37:13 The Role of Analysts in Decision Making 38:25 Understanding AI and Its Implications 40:30 Critical Thinking in AI Usage 42:35 Explainability and Trust in AI 44:22 Evaluating AI vs Human Intelligence 46:24 The Importance of Input in AI 48:28Training and Experience in Intelligence Analysis 55:33 Measuring the Value of Intelligence 01:01:05 The Dialogue of Intelligence 01:04:17 The Future of AI in Intelligence 01:12:10 Preparing for a Career in Intelligence | |||
| Lessons from a Former NCIS Analyst: Navigating Cyber Threats and board rooms - Interview with Teresa Walsh (S2E1) | 25 Feb 2026 | 01:33:15 | |
Summary Here, Teresa Walsh, a former NCIS analyst and current Chief Intelligence Officer (CINO), shares how intelligence tradecraft, critical thinking, and stakeholder-focused analysis must underpin cyber threat intelligence in an AI-saturated world, especially in heavily regulated sectors like finance. She discusses the importance of understanding the audience in intelligence work, the challenges of transitioning from government to private sector, and the evolving role of AI in the field. Teresa emphasizes the need for critical thinking, continuous training, and the significance of stakeholder engagement in delivering valuable intelligence. The conversation also touches on the future of intelligence, the impact of AI, and the importance of measuring success and value in intelligence work. Key takeaways
Resources and references mentioned
| |||
| From Collections Manager in the FBI to Teaching Analytic Tradecraft: Analytic Skills versus Cyber Skills - Interview with Elizabeth Dos Santos (S1E7) | 21 Dec 2025 | 01:31:52 | |
Summary In this podcast episode, Elizabeth Dos Santos shares her journey from a 25-year career in the FBI, focusing on intelligence analysis and counter-terrorism, to the private sector, teaching intelligence. She discusses the challenges she faced, the importance of communication skills, and her transition to the private sector. Elizabeth emphasizes the role of AI in intelligence, the need for critical thinking, and the significance of structured analytic techniques in training. She also provides valuable advice for aspiring intelligence analysts, highlighting the importance of writing and presentation skills. Takeaways
Resources and references mentioned
Chapters 00:00 Introduction to Elizabeth Dos Santos 01:51 Journey into Intelligence 08:44 Career Development in the FBI 12:40 Challenges and Growth in Intelligence 19:39 Transitioning to the Private Sector 27:52 The Role of AI in Intelligence 53:23 Advice for Aspiring Intelligence Analysts 01:07:29 The Importance of Communication in Intelligence 01:14:19 Structured Analytic Techniques and IAP 01:18:19 Conclusion and Reflections on Intelligence This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 13th, 2025 in Copenhagen, Denmark. | |||
| From Manual Googling to Sophisticated Insight: Government Lessons for the Private Sector - Interview with Terry Pattar (S1E6) | 03 Dec 2025 | 01:02:42 | |
Summary In this conversation, Terry shares his journey from government intelligence to the private sector, discussing the evolution of training and methodologies in intelligence analysis. He emphasizes the importance of structured analytical techniques and the challenges faced in adapting these methods in the private sector. The discussion also touches on the impact of geopolitics on cyber threats and the role of AI in intelligence work, highlighting the need for critical thinking and planning in the analysis process. Terry reflects on the differences between open source intelligence and open source information, and the importance of understanding biases in AI tools. Takeaways
Resources and references mentioned
Chapters 00:00 Introduction to Terry's Journey 02:54 Training and Development in Intelligence 05:52 Transitioning from Government to Private Sector 08:58 Challenges in Intelligence Analysis 11:50 The Role of Planning in Intelligence Work 14:51 The Maturity of Intelligence in the Private Sector 17:53 The Impact of Geopolitics on Cyber Intelligence 20:56 The Future of AI in Intelligence 23:43 Open Source Intelligence vs. Open Source Information 26:47 Advice and Reflections on Intelligence Work This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 3rd, 2025 in London, England. | |||
| CTI Analysis, Co-Authoring a SANS course, and Building a vibrant CTI sharing community - Interview with Will Thomas (S1E5) | 26 Nov 2025 | 00:55:09 | |
In this conversation, Freddy and Will delve into the world of Cyber Threat Intelligence (CTI) and sharing communities, exploring of Will T, the journey of a cybersecurity professional, the importance of training and community, the challenges faced in threat reporting, and the impact of AI on the field. They discuss the evolution of CTI, the necessity for critical thinking, and the ethical considerations surrounding the use of AI in intelligence work. The conversation emphasizes the need for collaboration and knowledge sharing within the cybersecurity community to enhance overall effectiveness against cyber threats. Takeaways
Resources & References Mentioned
Chapters 00:00 Introduction to Cyber Threat Intelligence 02:48 Career Journey in Cybersecurity 06:08 Understanding Cyber Threat Intelligence 09:06 The Role of Training in Cyber Intelligence 11:57 Teaching and Sharing Knowledge in Cybersecurity 15:08 The Importance of Community in Cyber Intelligence 17:54 Challenges in Cyber Threat Reporting 20:56 The Impact of AI on Cyber Threat Intelligence 24:08 Future of AI in Cybersecurity 26:47 Ethics and Challenges of AI in Intelligence 29:57 Conclusion and Final Thoughts This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on May 2nd, 2025 in Bournemouth, England. | |||
| From the CIA to inspiring global intelligence communities - Interview with Kathy Pherson (S1E4) | 26 Nov 2025 | 01:46:14 | |
Step inside the real world of intelligence with Kathy Pherson, a pioneering CIA analyst whose career arc spans from a curious Kansas City upbringing to the highest levels of global intelligence. In this episode, Kathy reveals how she navigated the challenges of intelligence writing, honed her craft in security and Latin American analysis, and ultimately transformed the field with innovative structured analytic techniques.Kathy has candid reflections on balancing data and practical countermeasures, adapting to the evolving demands of intelligence, and the crucial role of critical thinking in a world increasingly shaped by AI. Learn how Kathy’s work at the White House, her leadership of Pherson Associates, and her presidency at the International Association for Intelligence Education are shaping future intelligence professionals. With stories of teamwork, adaptation, and even a personal mission to fight rare diseases, this conversation promises to intrigue, inspire, and challenge your ideas about intelligence analysis, education, and the intersection with advanced technologies. Takeaways
Resources and References Mentioned
Chapters
This interview was recorded on May 2nd, 2025 in London, England. | |||
| From Cargo Theft to Cyber Threats: An Intelligence Journey - Interview with Scott Small (S1E3) | 28 Sep 2025 | 01:17:28 | |
In this conversation, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, shares his journey into the field of CTI, discussing his background, current responsibilities, and the importance of curiosity and empathy in intelligence analysis. He emphasizes the role of AI and open-source intelligence in enhancing threat detection and response, while also addressing the challenges of implementing threat-informed defense strategies. The discussion highlights stakeholder engagement, the value of writing in intelligence, and the need for continuous learning and networking within the cybersecurity community. Takeaways
Resources references mentioned
Chapters 00:00 Introduction to Cyber Threat Intelligence 02:47 Scott Small's Background and Career Path 06:10 Understanding Threat Informed Defense 08:59 The Role of TTPs in Cybersecurity 11:51 The Importance of Storytelling in Cyber Intelligence 15:05 Challenges in Implementing Threat Informed Defense 17:52 The Role of AI and Machine Learning in Cyber Intelligence 21:01 Evaluating Open Source Intelligence (OSINT) 23:56 Identifying Trustworthy Sources in Cyber Intelligence 26:59 Lessons Learned from Mistakes in Cyber Intelligence 29:44 Case Study: Analyzing the Akira Ransomware Group 33:10 Future of Cyber Threat Intelligence 38:06 Navigating the Landscape of Cyber Threat Intelligence 43:37 The Path to Becoming a Cyber Intelligence Analyst 46:08 The Importance of Writing in Cyber Intelligence 49:31 Essential Skills for a Successful Analyst 51:14 Structured Analytical Techniques in Cyber Intelligence 54:30 Implementing Intelligence Tradecraft in Organizations 58:02 Proactive vs. Reactive Intelligence 01:01:33 The Role of AI in Cyber Threat Intelligence 01:09:53 The Future of Automated Threats and Defenses 01:15:15 The Value of Networking and Community in Cyber Intelligence This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 23rd, 2025 during the FIRST CTI Conference in Berlin. | |||
| Storytelling, Stakeholders, and Communicating CTI to the Board - Interview with Gert-Jan Bruggink (S1E2) | 28 Sep 2025 | 01:14:24 | |
In this conversation, Freddy and Gert-Jan delve into the complexities of cybersecurity and cyber threat intelligence (CTI), exploring the importance of decision-making informed by intelligence, the challenges of training and development in the field, and the significance of metrics in demonstrating value. They discuss the evolving role of AI in cybersecurity, the necessity of critical thinking, and the importance of mentorship and community support for aspiring professionals. Takeaways
Resources and references mentioned
Chapters 00:00 Introduction to Gert-Jan and the CTI Conference 02:50 Gert-Jan's Journey in Cybersecurity 05:51 The Role of Intelligence in Decision Making 08:50 Training and Development in Cyber Threat Intelligence 12:06 Consultancy and the Importance of Storytelling 14:46 Generating and Consuming Intelligence 17:37 The Distinction Between OSINT and OSINF 20:49 Prioritization and Decision Making in Intelligence 23:54 The Art of Failure and Learning 26:55 Navigating the Intelligence Cycle 29:53 Responding to Incidents and Public Perception 35:38 Critical Thinking in Source Assessment 39:48 Understanding Source Reliability 43:04 The Role of AI in Intelligence 51:31 Metrics and Measuring Impact 01:06:02 Advice for Aspiring CTI Professionals 01:11:49 Reflecting on Influential Figures This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 21st, 2025 during the FIRST CTI Conference in Berlin. | |||
| Insights into Cyber Threat Intelligence: From Government to Private Sector - Interview with Garrett Carstens (S1E1) | 28 Sep 2025 | 00:54:27 | |
Join us in the first episode of our podcast where we interview Garrett Carstens in beautiful Berlin. Garrett shares his extensive experience in cyber threat intelligence, from his beginnings at the US Department of Defense to his current role as VP of Intel Operations at Intel 471. We delve into the transition from government to private sector, the importance of critical thinking in cyber intelligence, the evolution of threat intelligence, and how to effectively measure success in this field. Garrett also discusses the role of artificial intelligence and machine learning in cyber intelligence and provides practical advice for those looking to make a similar career transition. Resources and references mentioned:
This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview was recorded in April 21st, 2025 during the FIRST CTI Conference in Berlin | |||
| From GCHQ to Building effective OSINT and Cyber Threat Intelligence (CTI) Functions - Interview with Aaron Roberts (S2E3) | 25 Mar 2026 | 01:23:37 | |
Summary In cybersecurity, understanding the intricacies of intelligence tradecraft can make all the difference. In this insightful interview, cybersecurity expert Aaron Roberts shares his journey from military intelligence to founding Perspective Intelligence. He discusses the evolution of cyber threat intelligence, practical training approaches, the impact of AI, and how to build a successful intelligence function. Aaron’s path into intelligence started with a fascination for intelligence and a local awareness of GCHQ, the UK’s Government Communications Headquarters. He candidly shares, "I always tell people this story and I don't think anyone believes me, but I used to watch a lot of 24." He recalls, "I was always interested in military history and intelligence services, which guided my career path." This foundational knowledge helped him navigate the complexities of cyber intelligence later on. After working at GCHQ, Aaron faced a significant decision: stay in public service or explore opportunities in the private sector. He explains, "I thought I was always going to be there for life," but personal circumstances and the evolving cybersecurity landscape prompted him to make a change. Aaron’s experiences provide valuable insights into cyber threat intelligence (CTI). He emphasizes the importance of adapting to new threats and technologies. "Cybersecurity is an ever-changing landscape, and staying ahead requires constant learning and adaptation," he advises. One key area Aaron focuses on is Open Source Intelligence (OSINT). He finds it fascinating how the internet can be utilized for intelligence investigations. "Using the internet for intelligence work is incredibly powerful," he states. This approach allows organizations to gather insights that are often overlooked in traditional intelligence methodologies. In 2021, Aaron published his book on cyber threat intelligence, a project that began during the early days of the COVID-19 lockdown. He shares, "I decided to write a book because there wasn’t much available for non-analysts looking to understand threat intelligence better." The process was both challenging and rewarding, providing him with a platform to share his knowledge and experiences. Resource Perspective Intelligence - https://perspectiveintelligence.co.uk/ WannaCry - https://en.wikipedia.org/wiki/WannaCry_ransomware_attack KASE Scenarios OSINT Training Platform - https://kasescenarios.com/ KASE Scenarios PRoject SandShark - https://kasescenarios.com/project-sandshark Diamond Model - https://www.threatintel.academy/wp-content/uploads/2020/07/diamond_summary.pdf Intel architecture mindmap - https://github.com/Errum/IntelArchitectureMap The cyber threat intelligence book - https://www.amazon.com/Cyber-Threat-Intelligence-No-Nonsense-Security/dp/1484272196 TCM Security SOC 101 - https://academy.tcm-sec.com/p/security-operations-soc-101 Michael Koczwara's Hunting Adversary Infrastructure Training Course - https://academy.intel-ops.io/courses/hunting-adversary-infra Intel471 Cyber underground Handbook - https://www.intel471.com/cyber-underground-handbook Admiralty Scale blog post - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/ Chapters 00:00 Introduction to Intelligence Careers 04:21 Transitioning from Government to Private Sector 12:23 Becoming a Published Author 20:37 The Importance of Context in Cyber Intelligence 28:08 Challenges in Open Source Intelligence 36:53 Defining Intelligence: What It Is and Isn't 44:47 Critical Thinking in Intelligence Analysis 51:52 Training and Certifications in Intelligence 59:14 Success Criteria for Intelligence Functions 01:05:07 The Future of Cyber Threat Intelligence 01:11:03 The Role of AI in Intelligence 01:18:18 Advice for Aspiring Intelligence Professionals PS! This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 1st, 2025 in London, UK. | |||
| From UK Defense intelligence, Warning Intelligence, and IEDs, to Private Sector Intelligence - Interview with Will Woodall (S2E4) | 08 Apr 2026 | 01:17:44 | |
Summary Will Woodall shares his 14-year journey through intelligence roles in the UK government and transitioning to private sector intelligence. He explains motivations for leaving government (slow recruitment and limited recognition), contrasts public vs private sector work, and emphasizes core intelligence methodology: the yardstick/estimated probability language, source evaluation and confidence, structured analytical techniques, and clear writing and delivery tailored to customers. In the interview. Will and Freddy debate what distinguishes information from intelligence, how to measure intelligence program value through customer action and feedback, challenges like expert bias and stakeholder alignment, and how AI/LLMs can help with volume and practical tasks but require validation and human questioning. He advises aspiring analysts to pursue analytical subjects, develop domain expertise, and learn core intelligence components. Resources Extrac AI - https://www.extrac.ai/index.html SANS Admiralty Scale blog post 1 - https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system SANS Admiralty Scale blog post 2 - https://www.sans.org/blog/admiralty-code-part-2-ticketmaster-data-breach-claims LinkedIn Post on what makes something intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m King's College London, the Intelligence Studies Program - https://www.kcl.ac.uk/study/postgraduate-taught/courses/intelligence-and-international-security-ma/teaching Structured Analytic Techniques (SATs) Training - https://inteltradecraft.com/sat-certifications Analytic standards ICD203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf PHIA UK Analytic Standards - https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards LinkedIn Freddy M - https://www.linkedin.com/in/fmurre/ LLMs getting worse - https://royalsocietypublishing.org/rsos/article/12/4/241776/235656/Generalization-bias-in-large-language-model Chapters 00:00 Introduction to Intelligence and Personal Journey 07:15 Transitioning from Government to Private Sector 11:53 Understanding Intelligence Methodology and Standards 18:59 Defining Intelligence vs. Information 23:27 The Role of AI in Intelligence 31:02 Training and Methodologies in Intelligence 47:06 Challenges in Implementing Intelligence in the Private Sector 54:16 Measuring Success of Intelligence Programs 58:13 Challenges in Applying Intelligence in Organizations 01:02:06 Advice for Aspiring Intelligence Professionals 01:15:50 Influential People and Career Moments 01:17:28 Closing Remarks and Future Outlook This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 2nd, 2025 in London, UK. | |||
| From US Army Intelligence to Private Sector Intelligence Advisor - Interview with Jeremy Levin (S02E05) | 22 Apr 2026 | 01:50:39 | |
In this interview, Jeremy Levin shares his journey into US Army intelligence and subsequent move into private sector intelligence. Jeremy has extensive experience in intelligence analysis, training, and management, emphasizing the importance of adaptable skills, continuous learning, and effective team utilization in the field. Jeremy Levin accidentally entered military intelligence in the mid-90s by joining the U.S. Army intelligence. He served nearly 30 years in various government intelligence roles and as a contractor. After moving into the private sector he founded Questimation (“Better decisions discovered”) to teach thinking, analytic methods, and explore more objective calibration of qualitative probabilities. This in-depth interview explores the challenges and opportunities in intelligence analysis, focusing on metrics, training, AI integration, and the mindset needed for future success. Discover how to measure impact, foster analyst development, and adapt to technological advances. Resources and references mentioned Questimation - https://www.questimation.com/ Julia Galef - The Scout Mindset - https://www.amazon.com/Scout-Mindset-Perils-Defensive-Thinking/dp/0735217556 IARPA Reason Project for AI in Analysis - https://www.iarpa.gov/research-programs/reason US Intelligence Standards ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf UK Intelligence Standards - https://www.gov.uk/government/publications/phia-common-analytical-standards/phia-common-analytical-standards New Zealand Code of Ethics - https://nziip.org.nz/code-of-ethics/ Chapters 00:00 Meet Jeremy Levin 07:52 Contractor Life and 9/11 22:43 Going Independent and forming Questimation 30:30 What Counts as Intelligence 35:22 Analyst Tasks and Management 41:53 Value of Warning and Training 57:51 Metrics Drive Output 01:02:20 Measuring Intelligence Value 01:12:00 Defining Success Metrics 01:22:18 Analytic Standards Matter 01:25:48 AI and Tradecraft Future 01:48:10 Mentors and Closing This conversation is a compressed edit of an interview Freddy has conducted as part of his PhD research. The interview happened on July 2nd, 2025 in London, UK. #intelligenceagencies #intelligenceanalysis | |||
| Lessons from a Former US Navy Collector - Joe Slowik on intelligence tradecraft and AI in CTI (S02E06) | 04 Jun 2026 | 01:30:31 | |
In this episode of Intelligence Tradecraft, host Freddy Murre sits down with Joe Slowik, a threat intelligence veteran whose career spans the US Navy, Los Alamos National Laboratory, MITRE, and the vendor world (Dragos, DomainTools, Gigamon, Huntress, and now DataMinr). In the conversation, Joe makes the case that intelligence is fundamentally about decision support, not raw data feeds or research written for other analysts. He and Freddy dig into what separates good reporting from bad, why stakeholder alignment and rigor (ICD 203, clear separation of fact vs. assessment) matter, and when a "flash report" beats a polished deep-dive. They also tackle the attribution debate — how-centric vs. who-centric attribution, the mess of overlapping naming schemas (APT10 vs. APT31, the Visma case), and why "trust us, we're Microsoft" isn't tradecraft. Joe explains the thinking behind his Applied Threat Intelligence training and the gap it was built to fill. The back half turns to AI: where LLMs genuinely help (research, scripting), where they're dangerous (cognitive offloading, model decay, drying up the junior-to-senior pipeline), who's accountable for AI-generated output, and how threat actors are using these tools, from better phishing to voice cloning. Joe's bottom line for newcomers: critical thinking, communication, and curiosity come before any prompt-engineering skill. Resources Joe Slowik's LinkedIn - https://www.linkedin.com/in/joe-slowik/ Joe Slowik's Blog and Courses - https://paralus.co/ Freddy' Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications Los Alamos National Laboratory - https://www.lanl.gov/ NIST Cyber Threat Intelligence definition - https://csrc.nist.gov/glossary/term/cyber_threat_intelligence CTI used in books (Google Search) - https://books.google.com APT 1 Report - https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf Moonligh Maze on Wikipedia - https://en.wikipedia.org/wiki/Moonlight_Maze SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf MLitt in Terrorism and Political Violence - https://cstpv.wp.st-andrews.ac.uk/masters-in-terrorism-and-political-violence/ Routledge Handbook of Terrorism Research - https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997 APT Groups and Operations Rosetta Stone (not mine) - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?pli=1&gid=1864660085#gid=1864660085 Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications Tradecraft Primer: SATs - https://www.cia.gov/resources/csi/static/Tradecraft-Primer-apr09.pdf An Illustrated Book of Bad Arguments - https://bookofbadarguments.com/ Weston's Rulebook for Arguments - https://hackettpublishing.com/philosophy/logic-mathematics/critical-thinking/a-rulebook-for-arguments-group Joe's Critique of Practical Threat Intelligence - https://pylos.co/2026/05/03/a-brief-critique-of-practical-threat-intelligence/ Cognitive Offloading - https://sistemasi.ftik.unisi.ac.id/index.php/stmsi/article/view/6180 OpenAI Research - https://openai.com/research/index/ Chapters 00:00 Intro and Joe's career path 06:11 The Evolution of Cyber Threat Intelligence and intelligence 15:05 Rigor, reporting, & attribution 29:50 The Relevance of Intelligence in Incident Response and CTI 47:09 Building & measuring a CTI function 01:00:13 Training teams (and why it doesn't stick) 01:07:37 Integrating LLMs in Intelligence Work 01:19:50 Skills for the Future of CTI | |||
| The librarian who founded modern OSINT: Sources, tradecraft & AI - Interview with Arno Reuser (S2E8) | 01 Jul 2026 | 01:37:52 | |
If you've ever read a text or sat in a briefing and quietly wondered what actually separates this "intelligence" from someone's hot take on LinkedIn, a journalist with a deadline, an analyst with a search bar, or an AI, this episode is for you. The host, Freddy Murre, sits down with Arno Reuser, the man who founded the Dutch Defence Intelligence Service's open-source intelligence (OSINT) capability in the early 1990s, before most of Europe had a word for it. What follows is less an interview than a working argument about how OSINT should actually be done, and where the field has gone soft. Arno doesn't mince words. He'll tell you the "information explosion" everyone complains about is just proof you skipped your stakeholder and requirement analysis. That most of what gets sold as OSINT is the word "OSINT" stapled to “everything”, such as tools. That he has, by deliberate choice, never written an analytical judgment in his life, and why that line between collection and analysis matters more than people think. For anyone who's argued about what counts as OSINT versus PAI (Publicly Available Information), or where collection ends and all-source begins, this is the debate you want to engage with. Along the way: the librarian's discipline, he says, underpins all good intelligence work, the collection plan he calls "worth gold," the classroom trick thousands of students have failed, and a run of war stories from his teachings, such as a prison break by email to a deepfake that fooled cyber experts who personally know him. The back half takes on two problems every practitioner is living with right now. How do you put a value on intelligence when the same report is priceless to one decision-maker and useless to the next? And what is AI actually good for? Arno uses LLMs daily and is genuinely amazed by them, but only for things he can verify. He and Freddy get specific on hallucinations, sycophancy, model collapse, and the difference between a real summary and a machine that just shortens the text and deletes the one sentence that mattered. RESOURCES Maersk Website - https://investor.maersk.com/news-releases/news-release-details/cyber-attack-update Dutch Police Data Breach - https://www.politie.nl/nieuws/2024/oktober/2/update-over-datalek-politie.html When does something go from a Google answer to Intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/ LexisNexis Library - https://www.lexisnexis.com/en-us/products/digital-library.page Vague questions in OSINT - https://opensourceintelligence.biz/vague-osint-questions/ Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications Pherson Structured Analytic Techniques for Intelligence Analysis - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/ Routledge Handbook of Terrorism Research - https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997 AI Model Collapse - https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=AI+model+collapse&btnG= CHAPTERS 00:00 From literature searcher to founding military OSINT 04:00 Becoming a librarian: the Kampen archive moment 08:00 Where OSINT stops and intelligence begins 11:00 Why "cyber" keeps getting OSINT wrong 15:00 What actually makes something "intelligence"? 24:00 The information explosion myth 32:00 The classroom trick: think before you type 36:00 The collection plan that's "worth gold" 42:00 The human factor cyber keeps ignoring 45:00 War stories: validation and getting fooled 51:00 Learning the craft: sources, sources, sources 55:00 Customers ask for what they think you can do 01:08:00 Can you measure the value of intelligence? 01:11:00 AI and LLMs: amazed but skeptical 01:32:00 Deepfakes, the NATO photo & "how likely is it?" | |||
| From Dutch Military Intelligence to Private Sector Cyber Threat Intelligence (CTI) - Interview w/Martijn (S2E7) | 17 Jun 2026 | 01:42:14 | |
SUMMARY Former military intelligence analyst turned consultancy director Martijn Docters van Leeuwen joins Freddy Murre to unpack what cyber threat intelligence really is, and why so many teams "talk the talk" without "walking the walk", i.e. doing the work. Martijn Docters van Leeuwen has done the whole journey, infantry, military intelligence, stopping ATM skimming and gas attacks in the Netherlands, to building a bank's first CTI team, and now being a cybersecurity consultant. So when he talks about CTI being a tradecraft and not a report that magically lands in your inbox, he's not theorizing. He's been the only analyst in the room wearing all seven hats, the guy getting asked "why does this cost so much?", the one trying to prove value in the six quiet months when nothing's on fire. We get into the stuff analysts actually argue about: why most teams are great at talking the talk and bad at doing it, the trap of living in your own little football field while the business has no idea what you do, how people game their own metrics to manufacture a crisis, and where AI genuinely helps versus where it's just a confident liar with no fingers. Threat vs. risk, mirror imaging, incident-driven vs. intel-driven, and the brutal truth that training does nothing if you walk out the door and never apply it. If you do this work, or you're trying to convince someone it's worth doing, pour a coffee and settle in. RESOURCES Structured Analytic Techniques (SAT) Certification Training by Intel Tradecraft and Pherson - https://inteltradecraft.com/sat-certifications Intelligence Mind Map - https://github.com/Errum/IntelArchitectureMap When does something go from a Google answer to Intelligence - https://www.linkedin.com/posts/fmurre_in-your-opinion-when-does-something-go-from-activity-7181221399561203712-mV-m/ Mitre Att@ck - https://attack.mitre.org/resources/attack-data-and-tools/ Mark Arena - CTI: Comparing the incident-centric and actor-centric approaches - https://medium.com/@markarenaau/cyber-threat-intelligence-comparing-the-incident-centric-and-actor-centric-approaches-f20cfba2dea2 ASML The world's supplier to the semiconductor industry - https://www.asml.com/en SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence TIBER European Central Bank - https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html Freddy's resources on SANS - https://www.sans.org/profiles/freddy-murstad#resources The intelligence cycle - https://github.com/Errum/IntelArchitectureMap Basic cyber-hygiene guidance from CISA - https://www.cisa.gov/topics/cybersecurity-best-practices NSM ICT Security Principles - https://nsm.no/advice-and-guidance/publications/nsm-ict-security-principles SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence Obsidian (note-linking/mind-mapping for research) - https://obsidian.md/ CTI-CMM - https://cti-cmm.org/ CREST - https://www.crest-approved.org/ Google Notebook LM - https://notebooklm.google/ Intelligence minor, Leiden University - https://www.universiteitleiden.nl/en/education/minors/minor/fgga-minor-intelligence-studies Heuer & Pherson Structured Analytic Techniques for Intelligence Analysis - https://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/150636893X/ CHAPTERS 00:00 Introduction & from military intel to CTI 08:30 Building a bank's first CTI team 15:00 What is intelligence — and what is CTI? 26:00 Talking the talk vs. doing the work 35:00 Incident-driven vs. intelligence-driven CTI 46:00 Tradecraft, methodology & pricing CTI work 53:00 Collection, analysis & tailoring reports 01:04:00 Mirror imaging & understanding threat actors 01:08:00 Measuring the value of a CTI program 01:19:00 Threat vs. risk: capability, intent & opportunity 01:24:00 Training intel skills & making it stick 01:36:00 Can AI help us do intelligence better? | |||