Episode Overview

Podcast: CyberWire Daily
Episode: Pass the intel, please. [Only Malware in the Building]
Date: November 28, 2025
Host: Selena, with co-hosts Dave and Keith

Main Theme:
This special Thanksgiving encore dives into the practicalities and value of information sharing in cybersecurity—how organizations, from private industry to public sector, work together to combat emerging threats, enhance resilience, and foster a safer digital space. The episode explores the successes, challenges, and ways forward for public-private partnerships and actionable intelligence, drawing on real-world examples and the hosts’ own experiences.

Key Discussion Points & Insights

1. The Realities of Information Sharing

• Public-Private Partnerships Are Essential:
  The hosts explore why collaboration between sectors is crucial for collective defense. They share stories of ad-hoc encounters at conferences and reflect on how these chance meetings can spark critical projects (06:32).

  Quote:
  "It's one of these lovely little kismet moments that are happening all the time at conferences." – Selena (06:42)

• Barriers to Sharing:
  Fear of liability, loss of customer trust, or leaking sensitive data often keeps organizations from fully participating. Both cultural and legal barriers persist, despite progress (10:46).

  Quote:
  "Most companies are thinking, well, I can't disclose my customer information or PII or talk about an intrusion... and be on the front page of the New York Times." – Keith (10:49)

2. Trust and Building the Right Frameworks

• The Need for Neutral Ground:
  Keith discusses the establishment of the National Cyber Forensic and Training Alliance (NCFTA) as a third-party hub to foster trusted sharing between government, industry, and academia (09:11).

  Quote:
  "He was able to set up a nonprofit, which became the NCFTA… so it wasn't owned by the government... and you could come together and share cyber threat intelligence." – Keith (09:58)

• Start Small, Build Trust:
  Organizations are encouraged to share only what they're comfortable with at first, trusting relationships can lead to deeper collaboration over time (17:13).

  Quote:
  "Share whatever makes you comfortable and then let's build that relationship, that trust and then share more whenever you feel more comfortable." – Keith (17:20)

3. Success Stories and Impactful Operations

• Collective Wins:
  Operation Endgame and the Coreflood takedown exemplify the tangible results from robust collaboration between private and public actors (14:28).

  Quote:
  "Operation Endgame… would not have happened without everyone coming together and sharing their information." – Selena (13:44)

  Memorable Moment:
  "The Attorney General... said, 'Just remember, guys, if you break it, you bought it.'" – Keith (15:24)

4. Making the Case for Information Sharing Internally

• Demonstrating Business Value:
  The group discusses how to convince boards and legal teams that sharing information not only serves the greater good but protects the company and can boost its reputation (16:26).

  Quote:
  "You may get your name on the takedown press release… your company is part of the greater good of policing the Internet." – Keith (16:55)

5. The Role of Industry Groups and Back Channels

• ISACs, Alliances, and Backchannels:
  Information sharing isn’t always formal. Trusted backchannels, ISACs, and consortia are vital to day-to-day defense (23:47). The informal "high school reunion" vibe at conferences helps foster these networks.

  Quote:
  "It goes on all the time and it's all built on trust...it was like a high school reunion." – Keith (23:47)

• Constant Dialogue:
  Sharing intelligence—openly in blogs, reports or privately—often triggers new insights and partnerships (30:09).

  Quote:
  "Publishing information begets more information. It's fantastic." – Selena (30:09)

6. Legal Protections and Government Responsibility

• The Need for Liability Coverage:
  Expiration of legislative protections (e.g., CISA 2025) leaves organizations hesitant to share. Legal clarity is a prerequisite for widespread, good-faith collaboration (26:37).

  Quote:
  "Those protections in place are just vital because without them, probably 90% of legal counsel is going to say no." – Keith (27:00)

7. Tactical and Strategic Benefits

• From Tactical to Operational:
  Tools like MITRE ATT&CK help distill intelligence into actionable steps, facilitating sector-wide resilience. Sharing isn't just altruism; it's directly beneficial in both detection and response (19:53).

  Quote:
  "Mitre ATT&CK… all of the community can access… it's a one-stop shop for... next steps and actions." – Selena (19:53)

• Operational Transparency and Outcomes Matter:
  Future success depends on sharing not only intelligence, but the outcomes and efficacy—moving from "buzzword" to real-world value (36:00).

  Quote:
  "Sharing the outcomes... how you took action on it and how it protected your organization can actually provide a lot more benefit." – Selena (36:06)

8. The Human Element

• Personal Motivation for Collaboration:
  Most researchers and practitioners are driven by a sense of duty to the greater good—a shared mission to make the cyber realm safer for all (31:51).

  Quote:
  "Most of us are in this industry because we care and because we want to do good... we want to protect each other." – Selena (31:56)

• Humor and Relatability:
  Running dip jokes and playful banter throughout enhance camaraderie and make the technical discussion relatable.

Notable Quotes & Memorable Moments

| Timestamp | Speaker | Quote / Moment | |-----------|---------|----------------| | 07:45 | Dave | "My take is that public private partnerships are kind of like karaoke. Everybody's enthusiastic until it's their turn." | | 15:24 | Keith | "'Just remember, guys, if you break it, you bought it.' And that was the last thing that he signed off on a warrant to be able to do it." | | 17:20 | Keith | "Share whatever makes you comfortable and then let's build that relationship, that trust and then share more whenever you feel more comfortable." | | 23:47 | Keith | "It goes on all the time and it's all built on trust...it's such a small community. Even though you think of all the security researchers out there, there's thousands of them, but everybody knows everybody." | | 30:09 | Selena | "Publishing information begets more information. It's fantastic." | | 36:06 | Selena | "Not just sharing information, but sharing what happens and how you have used it and how you took action on it and how it protected your organization can actually provide a lot more benefit." | | 37:43 | Selena | "Absolutely, yes. You don't want to just have intelligence that you can hang in your office or on your mantelpiece." |

Timestamps for Key Segments

• [06:32] – Anecdotes about real-life meetings at conferences and their impact
• [09:11] – Background of the NCFTA and the impetus for establishing third-party sharing centers
• [12:27] – Concerns from both independent researchers and companies about sharing intelligence
• [13:44] – Positive example: Operation Endgame’s collaborative achievements
• [15:24] – “If you break it, you bought it” - Attorney General warning and its lesson
• [16:26] – How to build the business case for information sharing to leadership
• [17:41] – Non-profit, ISAC, and researcher-led methods of sharing and the benefits
• [23:47] – The role of backchannels, informal trust networks, and conferences
• [26:37] – Legal liability, government responsibility, and the chill from expired protections
• [30:09] – The effect of publishing research on industry-wide response and collaboration
• [34:11] – Discussion of over-sharing and moderation in intelligence communities
• [34:17] – Thoughts on the future: normalizing info sharing as “just how business is done”
• [36:06] – Emphasis on communicating outcomes, not just sharing data

Closing Thoughts

The Future of Information Sharing

• Normalization Over Novelty:
  With more than two decades in the space, the co-hosts hope information sharing becomes so integrated into cyber operations that it's simply “how we do business,” rather than a buzzword or special effort (34:17).
• From Sharing “Stuff” to Sharing “Outcomes”:
  A key future goal: ensuring that organizations not only share indicators, but document and communicate how sharing led to positive action and improved defense (36:06).
• Collective Defense, Collective Trust:
  The conversation circles repeatedly back to trust, relationships, and the mission of shared security. Being open, communicative, and community-oriented is the heart of effective information sharing.

Tone & Style

• Warm, humorous, conversational, and occasionally irreverent—particularly about dips and karaoke analogies.
• Strong emphasis on real-world experiences, mutual trust, and practical advice; avoids jargon, focuses on storytelling and shared lessons.

Final Words

"The greater good."
The refrain echoes throughout, underlining the ethos of the cybersecurity community—sharing information, sharing outcomes, and building trust isn’t just a tactical need, but a foundational value that keeps everyone safer.

"Deck the halls with threat intelligence," quips Selena, underscoring that while the work is serious, the camaraderie and shared sense of purpose make all the difference.