Transcript:
Samara Lynn: Hello and welcome to Ready. Set.Midmarket! We're a podcast for the latest news and information for midmarket IT executives. I'm Samara Lynn, senior editor of MES Computing.com. My usual co-host, Adam Dennison, who is the vice president of Midsize Enterprise Services at The Channel Company, which is our parent company, is out on personal leave. We miss Adam, but we're happy to welcome our guest co-host, Wade Millward, who is a senior associate editor covering cloud computing and all these important topics at our sister site CRN, ... the most in-depth publication ... covering the channel. So, Wade, thank you so much for being here and joining with us and for pinch-hitting for Adam.
Wade Millward: Absolutely. You traded up Samara.
Samara Lynn: And so our topic for discussion today is we're talking about cyber threat Intel, which is kind of a new concept for me. And we have two great experts, on the topic. and I want to introduce them right now. we have, please welcome, Jawahar Sivasankaran, who is the president of cybersecurity firm, Cyware.
And with his permission, we're going to refer to him as ‘Jawa’ throughout the interview. Hi, Jawa, welcome. And then we have Christopher J. Walsh, who is the vice president and CISO for Security Mutual Life Insurance Company of New York. Christopher, welcome.
Christopher J. Walsh: Thank you. Thanks for having me.
Samara Lyn n: Thank you both. So I'm just going to ask you both and maybe we'll start with you, Jawa. Just tell us a little bit of bio background about yourselves and maybe Jawa, if you can tell us a little bit about Cyware and your experience in the industry.
Jawahar S: Thank you. Thank you for having me here. And Christopher, it's truly a pleasure to join you today doing this discussion. So I've been in the cybersecurity industry for 27 years now. I recently joined Cyware about six months back as the president of the company, leading all of the go-to-market functions, as well as product strategy and driving our vision into the marketplace.
As I mentioned, I've been in this industry for a while, but also very relevant subdomain experience from the past leadership experience with rare replay security operations, SOC, all of that that I've been exposed to in my past life. So, super excited to be here at Cyware driving cyber threat intelligence forward. That's what we do.
[At] its core we operationalize cyber threat intelligence. That's what we do. There are a few things that enable that vision, that help us drive that vision and make it a reality for customers and organizations that are leveraging our platform. I'm super excited to discuss some of those things with Christopher.
Samara Lynn: Great, thanks, Jawa and we'll get into a little bit more about, you know, the CTI and what Cytware's role is in that. Thank you. Christopher, can you just tell us a bit about your background, your bio, your experiences?
Christopher J. Walsh: Sure. So I've been with the Security and Mutual Life Insurance Company of New York since 2001. Prior to that, I was in some consulting roles with the government. And prior to that, I was United States Air Force, stationed at some stateside bases, overseas, as well as the Pentagon for a couple of years. After my military stint of seven and a half years, I moved into some consulting roles mainly surrounding security. So actually, I came into the IT industry roughly around the same time as you did, Jawa, about 27 years ago. And maybe a couple of years before that into some IT stuff, but not much. And security has been pretty much extensive throughout my information technology career anyway.
I've been a CISO at Security Mutual Life Insurance since about 2017, I believe, but I've been with the company for 24 years last month.
Samara Lynn: Okay, awesome. Sounds like we have the right people to talk about this subject.
Christopher J. Walsh: I have, and you mentioned his domain experience too. Yeah. I've been in a lot of different roles in information security. Even before I was in information security, when I worked at the Pentagon, I was in information security there. And as a consultant, I did everything from personnel security to, you know, uh, skips and things like that. Uh, just a lot of different, domain experience as well. But I do love the topic and I love, I love corresponding and collaborating with peers in the industry.
Samara Lynn: Well, let's just delve right into the subject, cyber threat intelligence. And I've been in the space for probably about as long as you and Christopher. It's kind of a new concept, a new term for me. And we have a very technologically savvy audience. And I'm sure they probably know better than I do. But can you just recap? What exactly is cyber threat intelligence and how does it differ from all of the cybersecurity information bells and whistles that organizations already get from all these tools and software solutions?
Jawahar S: Happy to start there. If you look at how cybersecurity has evolved in the last, let's say, 30-ish years since the internet came about in the mid-90s, let's say. Netscape as a browser came about, which was a pivotal moment in the early, mid-90s. What was initially the focus on cybersecurity technologies was what was traditionally perimeter security: firewalls, intrusion detection, prevention systems, all of that. They did their job relatively well, VPNs and things like that. They did their job relatively well. Then fast forward 10-plus years, clearly there was a need to analyze data because there are events happening. There are alerts that security professionals have to look at, prioritize for them to respond.
So then came about technologies like log management, event management, then all of that kind of got consolidated into traditional SIEM tools, security information event management tools. But clearly as what we've seen in the last, let's say, decade or so, that idea of managing security operations SOC with some of those tools, which is looking at all data coming in, and then you're processing that data, kind of what you are looking for [is] a needle in the haystack, right? And that haystack keeps growing. So where things have shifted, pivoted in the last, I would say five, six, seven years, or probably in the last decade is, I want to take a more threat-centric approach to this model, rather than going after all the data that's coming in. Let me look at high-fidelity threat events that are actually happening.
Where am I exposed? Who are the adversaries that are coming at me? Do I see my peers in my same sector or my industry facing the same challenge? What opportunities exist for me to collaborate with that threat intelligence? And then how do I take action based on that threat intelligence that I'm seeing? So that's, I wouldn't say it's new, it's still emerging in some ways.
But it has hit a maturity point right now in 2025, that not just the largest enterprises, kind of that's where it started 10 years ago, leveraging cyber threat intelligence, but we are seeing the lower end of the enterprise segment and midmarket as well, clearly seeing, my legacy tools are not working, my threats are growing, adversaries are getting lot more difficult for me to manage, I’ve got to take action and automate some of the responses. And I’ve got to do it based on the threats that I'm seeing. So clearly what we've seen in the last three, four years is that, this is not just a Fortune 500 problem to tackle. This is clearly for everybody to see. What was new and emerging a few years ago now, it has definitely hit a maturity point where the value of CTI, Cyberware Threat Intelligence, is a program, not just the tools, but tools, technology, people, processes all coming together is very, very much relevant and important for organizations of all sizes.
Christopher J. Walsh: You hit the nail on the head there. I mean, if you think about the way it's evolved the last 20 years, especially, actually, the last 10 even, and we get information about a new ransomware actor or we get another threat, and you buy tools. That's what we did. We bought tools to put out those fires or to protect you against those threats, but as you said, they keep evolving.
I've personally seen and just noticed just through the course of the last buying the tools, you can't keep up with it. That's just whack-a-mole. Initially, we were getting a lot of pressure. was saying a lot of companies were getting pressure to standardize with one major platform like a Microsoft or a Cisco or a main technology that has all these tools built in. As we found through looking at those technologies, they were good at some things and they were bad at others.
We adopted it like other companies did, best-of-breed-type of solutions. This one did this one well, this one did that one well, but then that became what? It became burdensome in cost and managing all those tools. So now we're seeing kind of a pivot or recommendations from a lot of vendors to centralize and go back to those major platforms again.
The CTI is basically information that helps us understand who's going after our vertical and what types of threats are coming at us. How are they evolving? Is there AI involved? Is there different techniques and targets and stuff? So we're kind of finding out from them, from these variety of tools of threatened information, what's out there, what's coming at us and what types of verticals are they hitting? Financial, are they hitting? The healthcare industry, et cetera, right? And then that helps us actually better prepare for in budget cycles, right? Cause I don't do long-term contracts with security companies just because they come and go, right? And they've proven their effectiveness over time and uneffectiveness as well, unfortunately. So it helps you prepare to be more, I guess, to be more reactive or, I'm sorry, more strategically led than reactive, you know, reacting to this latest thing, go put another tool in place to help protect against that. So I definitely agree on the evolution of how cybersecurity and these threats, you know, it's changed the pace of how we're defending, right?
And I think that the more, you know, more intelligence that we get through these tools, the better, because especially – I think one of the things you wanted to talk about was like, you know, why .., midmarkets? Why is that an area that we should be concerned about ingesting this threat information? I feel like if you can get all this information into a platform and make it actionable, that's great. That's where automation comes in. Speaking of tools too, as well, you've also noticed this big change where a lot of these tools that are helping companies now are building in their automation through SOAR[ security, orchestration, automation and response]-type of implementation, like your CrowdStrikes and your Rapid 7s. And I find that extremely valuable as well. And those subscriptions are also, you know, including a lot of the CTI that we're speaking of today.
Jawahar S: Great points, right? In terms of vendor sprawl, tool sprawls, Christopher, gone through perimeter security, firewalls, ideas, IPS. Then other things, EDR, vulnerability management tools, data security tools. Obviously, the last five, six years, cloud security tools, From CSPM, CNAP, CWPP, you've got enough tools in the marketplace, but what I think, you know, as an industry we've missed is focusing on that high-fidelity, high-priority items. And this comes down to the threats that you're facing and the response that you should be taking. And this is true, very similar to what we see in our day-to-day lives, if you will, right? You want to take action on the right things.
Samara Lynn: And Wade, did you have any follow up?
Wade Millward: Yeah, for sure. Well, like you said, Samara, I'm coming over from CRN. So I'm always interested in the distribution side of this. And I'm curious. I guess I'll kind of get us into the AI question that was inevitable. So, Christopher ... your version of it I'm interested in is, you know, do you work with a lot of partners, you know, a lot of humans? Are you interested in where AI is taking sort of that automation equation? And then we can flip it to Jawa in terms of how you as a vendor is working with both humans and AI. I'll start with you, Christopher.
Christopher J. Walsh: But doing a lot of studies on the subject, the biggest question that I get is, do you think that we're being attacked with software or manipulations of using AI as part of their tactic? And that's a hard one to really prove. I can tell you that the volume has definitely increased and the can and cannot do with AI or actually just knowing what you can do, [we’d] be shocked if that wasn't happening. The defenses of the defenses, you just have to make sure that you have layers of defense and security awareness is a huge one. That's a weapon that’s just rinse and repeat, educate, educate, educate, because they do get through occasionally. We're talking about phishing emails, the number one vector for a data breach.
As far as AI goes, I mean, there's no definitive proof that I've seen, but the volume has increased significantly and the sophistication of these attacks have lead me to believe that that's, that's gotta be part of it.
Wade Millward: Yeah, for sure. And Jawa how about as a vendor, right? What would you like Christopher to know about how you're using the AI era? How important are humans still going to be in that information distribution?
Jawahar S: Yeah, yeah, a few things that we are seeing, right? We're already seeing adversaries leveraging AI to go deeper and broader with some of the attack strategies that they've used in the past. So clearly the TTPs have evolved. There's an AI component that they're using. That's number one. Number two, with the adoption of AI tools by enterprises, by midmarket organizations, the threat vectors are changing and now there's an AI element to it. It could be attacks on the LLMs itself. It could be attacks on applications that are leveraging AI. It could be any of that. So new threat vectors that are emerging, which we are starting to see.
And then the third one is leveraging AI for better security outcomes. So there are multiple angles to this. One is the security for AI ... The other one is AI for security and then how the adversaries are starting to use AI itself for their own purposes. So the last bit that I mentioned, leveraging AI for security, are better means of security, especially as it relates to cyber threat intelligence. We are in the forefront of that journey. What we are doing at Cyware is taking a focused approach. What we don't want to do is go after the easy button, which in some ways, we could have gone out and built a couple of LLM wrappers to solve specific SecOps problems, like Sockbots. That's kind of what I call it. There's still value in it, make no mistake about it. But the true value that somebody like us, that we can bring to our customers and organizations using us, is leveraging AI in a way where it is connected to the cyber threat intelligence framework so that when you're leveraging AI for CTI functionalities, looking at high-priority threats that you have to go after, prioritizing them or automating the action that you want to take based on AI or leveraging AI as a tool. So that's what we are doing. Again, focus on who we are, focus on our strengths.
And then we want to operationalize cyber threat intelligence. And now AI is an added layer that goes on top of that. And it's also getting integrated in so that it's not a bolt-on all the time. It's a built-in as well in many of the areas that we are working. But at the end of the day, we want to make sure that we're staying true to our roots, which is operationalizing cyber threat intelligence.
Christopher J. Walsh: I think that as these tools develop, like, your big companies, your small companies, that they build in those AI components to help us defend because anomalous behavior and anomalous detections, especially, being able to look at large amounts of data and make some noise out of it and have a high fidelity in those detections as well.
And that's especially important for smaller firms .... in mid-level markets because you don't have a large SOC necessarily. That has a whole bunch of analysts that are looking at every little alert that comes through. Having tools and having a CTI that is being ingested into these tools or provided as a service is huge. Whether it be threat-hunting services from an organization that you can contract with or through tools, like you mentioned, that's very valuable to an organization in defending against modern threats because it starts with anomalous type of activities ... stuff that you might not see on the surface. And then it picks up and having tools that are aware of that and can alert with high fidelity to reduce noise and, you know, analyst fatigue, if you will. That's huge.
Samara Lynn: One thing I want to ask, and Jawa if I'm a CIO, Cyware, Is that something I can just get direct from your company or are you mostly working with MSSP's?
Jawahar S: We do both from a commercial point of view. We do directly work with customers, but what we do prefer is working through a partner ecosystem. That's our preferred way. And it could be MSSPs, it could be large strategic partners that we work with,
So absolutely the preferred route is to go through a partner ecosystem of some shape or form. And we have a long list of partners that we very closely work with.
Samara Lynn: Christopher, you know, being a CISO, there's so many solutions, security solutions on the market now. Is there a danger of over-saturation of tools? What is the priority for a midmarket IT leader?
Christopher J. Walsh: I think what a priority would be, each organization should do an internal IT risk assessment to find out exactly where they line up against different threats, and calculate the risk when you come out of that, and then focus on those areas where you can make a good investment and get some quick wins. Obviously, your endpoint, the perimeter, is not the firewall anymore, as he alluded to earlier. So, you know, penetration testing assessments of your environment. They can show a lot of things and give you a lot of areas to focus on. But you have to, obviously you have to [not] forget about your perimeter. It's still important. Don't forget about your cloud. A lot of companies actually just assume that because they put workloads out in AWS and Azure, it is good. It's not, it's just another data center. You still have to protect that. So you have to do, like, an overall corporate risk assessment of your environment and kind of prioritize where the findings are. Take a penetration test, for example ... cast a wide net, find some things, make them into projects and then focus on gradual improvement over time. Turn all your findings into projects based on risk, prioritize your investments. That's like the high-level answer. I think you have to give, that's what boards want to hear. They want to make sure that you're doing the right thing. You're not just buying a tool for each little problem.
You eventually will have a bunch of tools and no one to manage them or not enough people to manage them or burnout. So yeah, just some thoughts there.
Samara Lynn: Wade, did you ... anything you wanted to add?
Wade Millward: Well, yeah, I'll ask you, Christopher, too, since you've got Jawa here. But I'm curious if you did have a message to all the intelligence providers out there. Is there something you would like to see that would improve how you receive this information or how you guys are able to implement the information? I mean, it doesn't have to involve AI, certainly. But I'm curious if there are actually things you see that can be improved.
Christopher J. Walsh: One that comes right to mind. You guys have all heard of the ISACs [Information Sharing and Analysis Centers] that are out there, right? There's one for almost every vertical, right? What would be nice with something, and maybe this is out there and I just gave up on it and maybe, I'm not sure, I can only keep up with so much, right? But you get so much information from these ISACs and that's one of the ones that we count on the most. There is to a degree you can sign up for what you want to consume, right? But it would be nice to be able to further refine that. They had a project a few years ago called Soltra. I don't know where that went, but it really wasn't their prime time. But I guess where I'm getting at is I believe that the information that comes out of these iSACs is priceless. It's good, really good information, right? It's being able to refine the stuff that comes in, tweak out the stuff that was noise, and then take the rest and make it actionable by ingesting it into your SIM.
I know that you can do these things with RPA and some power automate and some things like that. So it is possible and we'll get there. We're just like every other company trying to maximize the time and a day, right. But it'd be nice if since you asked if, you know, that is an example. And ISAC, they should provide a mechanism of further tuning and automating and making actionable these, the CTI that you ingest as a company.
Jawahar S: That's great feedback Christopher and as you know, as you all know, at Cyware we work closely with all of the major ISACs that are out there. And part of it is ISACs collaborating and doing the bi-directional threat sharing with the member community at the end of the day. That's what it is, right? We wanna move the industry with threat intelligence sharing.
Christopher, to your point about, especially midmarket organizations getting the benefit of that information coming from the ISACs and turning that into action or prioritizing the right things that they want to focus on. So there are a few things at Cyware that we are working with the ISACs, through the ISACs, but also directly with the broader enterprise midmarket base. And one of the things is the concept around unified threat intelligence management for what we colloquially call a CTI-in-a-box. So again, part of this is, we want to democratize cyber threat intelligence. It's not just for the Fortune 100 enterprises. There's clear value that you see as we go down.
And so, because of that, what we are pushing is integrating more and more functionalities into the CTI program itself or the unified threat intelligence platform that we have. That includes threat feeds, which typically these organizations have to go purchase them separately. That includes things like exposure management. Literally two weeks back, we launched compromised credential management that's integrated into CTI. So these are different islands of their own and [what] we're doing is, we're bringing them all together so that especially if you are an organization in that tier where you might not have 200 infosec team members right there. We're probably having five, six, 10 security team members. And how do we help them get started with the CTI program? So there is a big focus for us there. Great feedback.
Samara Lynn: Thank you. I want to be mindful of everyone's time, you know, I want to thank you all for joining us. And I just want to know if anyone had any last thoughts they'd like to add on the subject ....
Christopher J. Walsh: I mentioned threat hunting ... there are some organizations out there that will perform proactive threat hunting services for you. And they're, and they could be fairly, you know, obviously the cost range and all these different solutions, but, there are some where, that's threat intelligence that they have far, far beyond the capabilities and knowledge of things that are going on with all the threat actors and their techniques and who they're targeting and they can put searches in place in your platforms that you have to help, make things run on a schedule and detect things based on intelligence that they consume and are providing to you as a service.
So there are, your organization is one, I'm sure that probably does that. And there's a lot of others. It's not just about subscribing to a feed or a service like the ISACs. There are companies that are helping smaller companies like us and medium-sized and large companies develop threat hunting types of services or counterintelligence services, CTI type of engagements or services automation. And I think that that's valuable. It's huge for small firms because they don't necessarily have the staff that can actually create those detections or consume and then make things actionable without automation and help from these, as I mentioned. So that would be something that I would recommend.
Jawahar S: Great point. And then that's part of what we are driving with the partner ecosystem. Clearly, we know that as we go below the Fortune, let's say, 500s, there is a need for the partner ecosystem to come in and help our customers with threat hunting services or threat response services, automation services. So we do work with MSSPs. We do also work with other strategic partners that do offer this more of a hub and spoke type of model at CTI. So great point there. And Samara, if I can finish it off, and clearly my point again is threat intelligence has evolved so much in the last five years. And it is actually a critical element of the overall cybersecurity strategy for organizations of all sizes.
And part of what we are driving is helping customers get started with that journey or maybe they already have some tools in the CTI world, but it's just not connected. So either we can get them started or we can mature them to the right level where they are seeing value from the investments that they already made. But super excited to have this conversation.
Samara Lynn: Well, thank you gentlemen. And there you have it. This is a discussion about cyber threat intelligence and especially at the midmarket level. And I want to thank Jawa, president CEO of Cyware and Christopher Walsh, CISO, midmarket IT executive. And of course, thank you, Wade, for stepping in as co-host. Last minute, appreciate it. And thank you. This was a great conversation.
Wade Millward: Anytime, anytime.
Samara Lynn: Much appreciated.
Christopher J. Walsh: Thank you. Thanks for having me.
Samara Lynn: Thank you, everybody.
Jawahar S: Thank you.