Summary5 min read

Data Security Decoded

Episode: Breaking the Intelligence-Defense Divide with Scott Schur

Date: August 13, 2025
Host: Caleb Tolan
Guest: Scott Schur (Cyber Threat Intelligence Expert)

Episode Overview

This episode features a conversation with Scott Schur, an experienced leader in Cyber Threat Intelligence (CTI). Scott shares insights from his unique path—from off-grid homesteading to leading threat intelligence teams in both government and private sector organizations. The discussion centers on bridging gaps between intelligence, defenders, and policy teams, fostering collaboration, making CTI actionable, and strengthening data security. Listeners will also hear Scott’s thoughts on effective communication across technical and executive audiences, and there’s even a light-hearted debate about the resilience of homesteaders versus cybercriminals.

Key Discussion Points & Insights

1. Scott’s Journey: From Homesteading to CTI

[01:38 – 04:12]

Scott’s non-traditional background included four years living "off the grid" in mountainous homesteads, driving into town for connectivity.
- “We were pretty much off grid for mostly all of it, right? We had some generators to like run some stuff, but... no Internet, no TV, no real cell phone service.” (Scott, 01:38)
The fragility of modern technology dependence inspired him to pursue cybersecurity.
- "As a society we aren't really prepared to live without modern technology. ... If we lost that technology... it would be kind of a bad day for most people." (Scott, 03:42)

2. Intelligence, Policy, and Defenders: Not “Versus,” but Formula

[04:12 – 08:45]

Scott urges teams not to see themselves as adversarial; instead, they should operate together as "a formula for doing good cybersecurity work."
- "Don't think of it as me versus them or them and us ... I would use a plus sign or a multiplication sign ... a formula for doing good cybersecurity work." (Scott, 04:52)
CTI serves as "the connective tissue" that understands strategy and translates it to actionable tasks for defenders.
- “Intel in understanding what it's supposed to be doing is... the gap, the connective tissue of those other teams and departments.” (Scott, 06:21)
Real integration means process integration, not just reporting to the same boss.
- “It's really integration of process ... the intel piece being a component of all of the defense functions is when it really works well.” (Scott, 07:22)
He cites MITRE’s Threat Informed Defense as a benchmark for this integration.

3. Enhancing Collaboration Between Intelligence and Defense

[08:53 – 13:26]

A recurring challenge: Defense teams often don’t know what to do with intelligence.
- "Teams across the organization don't always understand what intelligence is and how to use it. ... You have to have what to do with it kind of embedded in." (Scott, 09:24)
Traditional intelligence sometimes stops at giving options, but business settings often need recommendations.
- "In traditional intelligence ... you don't really make recommendations per se, ... but in the business world ... want the CTI team to at least recommend something to do." (Scott, 10:06)
The value CTI provides defenders is justification and prioritization—the “cover” for defensive actions and decisions.
- "CTI needs to be looked at as their cover ... that formula of what cover equals is justification and prioritization." (Scott, 12:16)
- "It allows the defenders to say we did or didn't do something based on the intelligence... And that is your justification." (Scott, 12:45)

4. Light-Hearted Debate: Homesteaders vs. Cybercriminals

[13:26 – 15:53]

Caleb asks, “Who’d win in a fight: 10 homesteaders or 10 ruthless cybercrime actors?”
- Scott votes for the homesteaders: “We’re looking at physical hard labor... I would say most likely the 10 homesteaders are probably going to win in a physical confrontation with... 10 cybercriminals or threat actors.” (Scott, 14:43)
Both note the “context” matters—are we talking physical confrontation or strategic battle?

5. Making CTI Strengthen Data Security

[15:53 – 18:35]

CTI’s critical role is in identifying what data is at risk and how attackers might target it.
- “Using CTI reporting and support for doing data security in an organization can help you understand what data you have that is likely to be favorable or targeted... and then how do we best secure that?” (Scott, 16:56)
The MITRE ATT&CK framework helps show real-world tactics, driving better decisions on encryption, storage, and resource prioritization.
CTI gives organizations “the threat actor’s perspective” to see what’s valuable and vulnerable.

6. Communicating Intelligence: Executives vs. Ops

[19:04 – 21:56]

Effective communication is crucial—format, language, and relevance must match the audience.
- “The main difference... is the format. ... The way you present things is going to be different for both of those audiences.” (Scott, 20:06)
Executives need succinct, business-oriented insights for decisions; defenders need actionable, technical details.
- “Leadership is making decisions, so they need information... Defenders... need the information that is going to allow them to... put in detections or identify threat actor activity.” (Scott, 20:51)
Intelligence must be translated, but stay truly informative.

7. The Evolving Role of Security Leadership

[21:56 – 23:48]

Referencing previous guests, Scott notes how CISO roles are split in some organizations: tactical/technical vs. business-minded risk officers.
- “There’s not two CISOs, but... one CISO who needs to do both... sometimes maybe two is better. Just kind of depends.” (Scott, 23:48)
The blend of operational expertise and business communication is increasingly essential.

Memorable Quotes

"We need to be able to protect the technology that we have and... maintain people's access to it." (Scott, 04:03)
"CTI is an opportunity to give a scientific approach to how you can make this information usable." (Scott, 12:10)
"We're really more cyber counter threat intelligence. We are meant to be looking at things the way the threat actor looks at and presenting it that way to an internal audience." (Scott, 18:35)
"If it is completely foreign to the end user, then they're not going to understand it and they're not going to listen." (Scott, 21:56)

Timestamps for Key Segments

Intro & Scott’s Background: 00:00–04:12
Bridging Intelligence, Defense, and Policy: 04:12–08:45
Actionable CTI for Defenders: 08:53–13:26
Homesteaders vs. Cybercrime Actors: 13:26–15:53
Using CTI for Data Security: 15:53–18:35
Communicating with Executives vs. Defenders: 19:04–21:56
CISO Role Evolution and Closing Thoughts: 21:56–24:12

Summary Takeaway

Scott Schur emphasizes that true cyber resilience requires seamless collaboration among intelligence, defense, and policy teams, operating as parts of a formula—not in opposition. CTI must provide not just information but actionable recommendations and justification for defensive decisions. Effective communication—tailored by audience—is pivotal, as is understanding the attacker’s perspective. From boardrooms to security desks, a connected, context-aware approach is key to safeguarding critical data.

Loading summary

Transcript72 lines

[00:00]
Scott Schur
What I would really like the Defenders to understand about CTI is that CTI needs to be looked at from a kind of as their cover. That formula of what cover equals is justification and prioritization. And what that really means is it allows the Defenders to say we did or didn't do something based on the intelligence that we got from the CTI team.
[00:35]
Caleb Tolan
Hello, and welcome to another episode of Data Security Decoded. I'm your host, Caleb Tolan, and if this is your first time joining us, thanks for tuning in. Make sure you hit that subscribe button so you're notified when new episodes drop. And if you're already a subscriber, thanks for coming back. Give us a rating. Drop a comment below. Let us know what you think about the show. Now, in this episode, I sat down with Scott Schur, who has an extensive background in threat intel, working with government agencies and leading teams at organizations like DTCC and Intel 471. I learned what DTCC does and basically they run all the background work of trading on the stock market. Crazy stuff, right? Well, Scott and I had a great conversation about how threat intel can bolster data security, how defenders and intelligence teams can better collaborate, and we even had a side tangent about living off the grid. Now, without further ado, let's get into it. Scott, thank you so much for joining us. But I wanted to say before we dive in to the topic at hand, I wanted to kind of understand a little bit more about your background. So can you tell me how you got into Cyber Threat Intelligence, or C. CTI as we'll often refer to it in the in this episode, I hear you had a pretty interesting lead up to getting into this world.
[01:38]
Scott Schur
Caleb, thanks so much for having me out on the show. I really appreciate the invite and the opportunity to come here and talk about, you know, CTI and, you know, all the stuff that I've been doing. So to give you kind of the short version of, you know, how I got there, it's really more about what drove me to want to do cti, not so much how I went into cti. Is kind of that interesting bit that, that you kind of touched on is unlike many of my peers in the industry, I kind of knew I wanted to go into CTI once I had decided that, you know, cyber was a thing that I wanted to do. And kind of after life of, hey, going to undergrad and then university, which I had taken some time off. What that time off was is kind of what you alluded to is I spent about almost a full Four years kind of living and self sufficient homestead out kind of in the mountains where I was, you know, kind of growing my own food. We were pretty much off grid for mostly all of it, right? We had some generators to like run some stuff, but we mostly, you know, had no Internet, no tv, no real cell phone service out there.
[02:40]
Sam
Right there. It worked.
[02:41]
Scott Schur
But it was more like drive the hour into town so you could check your voicemails and you know, talk to people and do things like that because you're kind of really out in the middle of nowhere. And that's what drove me. Once I realized a, did I want to be doing this type of lifestyle for the rest of my life? The answer was maybe it's not very stable and it is hard, right? And it's something you want to do forever, hard to do, you know, as you get older and things like that. So what made me realize, hey, while doing that was, you know, every time I would talk to family at home and you know, go back home to visit every once in a while, it was, well, what do you mean? You're out there in like the woods and you don't have technology and like, how do you get food and how do you do this? And it's like, well, you know, you grow the food and you get the animals and you know, the same way you get it. And they're like, what do you mean we go to the grocery store, it's like, yeah, well, you have to, someone's got to get it so that it can go to the grocery store. And that always kind of left the impression in me of the idea that as a society we aren't really prepared to live without modern technology. For the most part.
[03:42]
Sam
Right.
[03:42]
Scott Schur
Well, we would mostly figure it out, but in the, the, the immediate term, if we lost that technology or the ability to use some of that technology, it would be kind of a bad day for most people. In the beginning, that's what really drove me to cyber is, you know, also like living in New York City like all my life is, you know, you would lose power for a couple of days and the place would turn into a riot zone.
[04:02]
Sam
Right.
[04:03]
Scott Schur
So that's really what drove me towards the idea of, hey, we need to be able to protect the technology that we have and be able to as best we can, maintain people's access to it.
[04:12]
Caleb Tolan
Right, right. That's really cool. You know, as we were preparing for this, you told me that story about the homesteading and it's something I've always thought is so fascinating. So glad you got that experience and makes a ton of sense how you would get from there to getting into cybersecurity. Yeah, we're so, so reliant on technology these days. I'll touch on that a little bit later too. I'll come back to that topic for sure. But something I wanted to talk to you a little bit about is intelligence versus policy versus defenders. I hate to put verses between each of those groups because they often are. Are groups of people who all have to work together. Sometimes not so well. But you do happen to have experience bridging these gaps. So what needs to happen from each of these groups to make the magic happen to effectively combat cyber threats?
[04:52]
Scott Schur
Yeah. So just to kind of pick on you a little bit, since you mentioned it before. Right. With the versus is the first thing is don't think of it as a versus. Right. So don't think of it as me versus them or them and us kind of situation, but in kind of leading into that is instead of verses, I would use and I don't know if it's a plus sign and a multiplication sign, some type of mathematical, you know, symbol to talk about them being together and then being a formula for doing good cybersecurity work.
[05:24]
Sam
Right.
[05:24]
Scott Schur
Because now we've kind of moved out of just intelligence to the broader picture there. And the way I kind of see that and what needs to really happen there is one for all of those teams to understand what their function and role is and how that fits together with the other teams. And with that is right when we. Or when I think of the policy piece of that, I'm really thinking for, you know, people who aren't, you know, in government and things like that, for, you know, the listeners of. I'm thinking strategy, goals, objectives of the team, the organization, whatever level you're kind of putting that on. And then the defenders, obviously, they're your frontline defense teams. They're the ones, you know, preventing, mitigating, responding to. And then you have the intel piece, which is the support of all of those things. And which is why I kind of like to look at them as together in some kind of formula is intel in understanding what it's supposed to be doing is we are supposed to be the gap where the connective tissue of those other teams and departments.
[06:21]
Sam
Right.
[06:21]
Scott Schur
Is our job as the intel team to understand the policy objectives, strategies, goals, and be able to translate that and push that in informed action for the teams, the defenders to take so that they understand what the goals and objectives are. And then it is our Job as the intel team to be explaining the actions taken and how this all fits to, in the tactical piece of what these defenders are doing to the policy people to then drive either new strategy or to reinforce, hey, the strategy is working, or, you know, we're working towards the thing that we're trying to achieve.
[06:58]
Caleb Tolan
Right, right, definitely. And you're totally right about, about the verses. I was, you know, even debating if I should. How I should formulate that question.
[07:05]
Scott Schur
Yeah, of course. No, I just wanted to give you a hard time with that one.
[07:08]
Caleb Tolan
I know, I know. But saying it as a formula is definitely a more accurate way of looking at things. And so looking more specifically at the relationship between intelligence teams and defenders, where have you seen the best collaboration happen between those groups? Do you have any stories that you can kind of pull from?
[07:23]
Scott Schur
Yeah, so what I would say in terms of kind of like seeing it, I would re. I kind of want to talk about it from more of where they work well together kind of space. Right. The idea of. And kind of how they do that. And it's really around being integrated and what I mean. And that could mean all being in a same kind of threat management function where they all report to the same kind of team leads and things like that, where they're integrated by like role and organizational department. But what it really means is even in that sense, there's a lot of times where things aren't integrated just because they're all together. It's really integration of process. It's integration of, you know, the intel piece being a component of all of the defense functions is when it really works well. And that's from both sides.
[08:10]
Sam
Right.
[08:10]
Scott Schur
Intel needs to have them integrated into our process as well. And really some of the best work and like the idea of what this is and what I try to implement places as I've learned, this is Threat Informed Defense.
[08:22]
Sam
Right.
[08:22]
Scott Schur
Mitre's Threat Informed Defense center, they kind of push out all the really kind of groundbreaking work towards this idea of this being a strategy for doing defense and security rather than just having separate functions who all kind of maybe work together and share things. It's really that piece of. And it works well when it's integrated and it's understood who's doing what and how to use what you're getting from. Interesting, right?
[08:45]
Sam
Right.
[08:45]
Caleb Tolan
Totally, totally. There goes that formula again. Just, you know, pulling the right levers and trying to get that best cyber resilience outcome.
[08:52]
Scott Schur
Yeah, absolutely.
[08:54]
Caleb Tolan
So looking at these groups too, again looking more so at the intelligence teams and the defenders, what do you think is one thing that you wish defenders better understood about cti? And what is one thing you think that CTI analysts could better understand about Defenders?
[09:09]
Scott Schur
Yeah, actually, I think this is a really good question and a question that if we aren't talking about it as much as we should be, we should be talking about it more kind of thing as an industry is. And I will start with what it is that I think intel teams need to need to understand about defenders.
[09:25]
Sam
Right.
[09:25]
Scott Schur
I think this is really important for us to kind of keep it in the back of our, you know, forefront of our minds is that defense teams, and not just defense teams, but many teams across the organization don't always understand what intelligence is and how to use it. And I think that second piece, how to use it, is really kind of key. There is if we understand that they don't always know what to do with the intelligence we give them. And it is imperative that while either building that relationship in, you know, meetings or whatever it might be, or the products themselves, the outputs themselves, that you kind of give to those teams, you have what to do with it kind of embedded in. And I know this is, you know, depending on how you look at it.
[10:06]
Sam
Right.
[10:06]
Scott Schur
Like, I've talked about this before of, you know, being kind of an intelligence professional first before a cybersecurity person and kind of doing intel and then cyber is a lot of times in traditional intelligence. As an intel analyst, you don't really make recommendations per se. You don't really tell people like, what actions to take. It's really more about laying out here are the pieces of information that you need and here's the analysis and the context there of like decision options. But then it is a decision maker who kind of decides which ones they want to do. And we don't really tell them, go do this one because this is the best option. Kind of say, here's all your options, here's the plus and minuses, the, you know, the positive, the negatives, outcomes, all these things about those options, and then you go off and do it. In particularly in the business world, it's a lot different of, hey, kind of need and want the CTI team to at least recommend something to do to say, hey, we think you based on all this intelligence we've given you, and that output could be anything from a written report to, you know, attack flow navigators and, you know, whatever it might be. And then this is what you should go and do with this information. So I think that's really important for us to understand is that we need to be providing that so what piece of hey, not only so what of what this means for us, but so what should I do with it? And now in terms of what I would really like, you know, the defenders to understand about, you know, CTI and there, there's a whole bunch of things, but I think if in terms of finding one piece that is the most, that would have the most benefit for everyone involved is that CTI needs to be looked at from you know, a kind of as their cover. And what I mean by their cover, I don't just mean like hey, when something bad happens, please like it's not our fault, it's someone else's fault. It's more that justification and prioritization piece, which is what I kind of. That again I'll kind of talk more formula because I think CTI is an opportunity to give like a scientific like approach to how you can like make this information usable. Is that formula of what cover equals is justification and prioritization. And what that really means is it allows the defenders to say we did or didn't do something based on the intelligence that we got from the CTI team. And that is your justification. And for taking an action, not taking an action. And what that instead of looking at it, which is what I think happens a lot, is as someone either telling us what we need and should be doing, which is, oh well, if you say this is bad, that means we have to go do something about it. And that's not necessarily true. We may recommend you take some steps, but it's really more of an opportunity for you to then take our intelligence, put that in your decision making process and say based on the information we got from a CTI team, we are deciding to do X or we're deciding not to do something else, like patch a vulnerability or not. It's hey, this is a priority one or it's not because it's not being exploited by threat actors that are relevant to the organization or something like that. And then if someone comes and asks, well why didn't you patch this thing? We could then say where those teams can come and say, hey look, we didn't patch it because of this output from cti. Now go talk to CTI and cti. If we're doing our job right, it's we're doing the hard work of being able to show the accountability of why we made that, why we said this wasn't a high threat or this wasn't a priority. And if we can show that, then there's There, there's that cover, that justification, right?
[13:26]
Caleb Tolan
Totally. It's all about context and informed decision making. I mean, you know, if you don't have that bit of intelligence that has those recommendations, particularly in cyber, oftentimes I know defenders can be like, okay, this is a lot of information. What do I do with that? And then it becomes kind of inactionable. So having that piece of context or those recommendations, I know, is so important for the teams to be able to make informed decisions. So totally, totally resonate with that. Cool. And then I, like I said, I promised I wanted to come back to something you mentioned at, at the top of the conversation, which was about the homesteading. So you mentioned before you really got into your career in cyber intelligence, that you were a homesteader and you were living pretty much off the grid for, you said, I think, four years. So my question for you, who would win in a fight? 10 homesteaders or 10 of the most ruthless cybercrime actors?
[14:13]
Scott Schur
Oh, okay. I mean, I feel like this is a super easy thing to answer, but then I'm like, am I giving not enough? Am I underestimating, you know, one of these two groups in my head? But I mean, I think the easy answer is the 10 homesteaders, right? Like, we're looking at physical hard labor out and, you know, digging holes, taking care of livestock, doing stuff that requires, like, some physical strength and activity. And then most of our, like, ruthless cyber threat actors, depending on which ones.
[14:43]
Sam
We'Re looking at, are.
[14:44]
Scott Schur
I mean, we sit. And now, like, my job too, right? Like, I sit behind a desk and I type on a keyboard. So maybe I'm being overly generalized in, like, the stereotype of what I think of both of these two groups. But I would say most likely the 10 homesteaders are probably going to win in a physical confrontation with, you know, 10 cybercriminals or threat actors.
[15:05]
Caleb Tolan
Right, right. I was, you know, leaning in that direction too, as I was thinking about that question, but then I was kind of turning my opinion around a little bit later where I thought, you know, cybercrime actors can come up with really strategic, interesting approaches to all sorts of different security. That's true aspects of a business. So don't underestimate the group. I do think probably, probably the homesteaders would still overtake the cybercrime actors, I think.
[15:29]
Scott Schur
So I guess it depends on how this confrontation, you know, unfolded.
[15:33]
Sam
Right.
[15:33]
Scott Schur
Was it a long, drawn out thing that these. That these threat actors might have had an ability to, like, kind of plan their. Their approach and, like, because to your point, Right. We have threat actors that are pretty creative. Or is it, hey, they just happen to both be in a bar at the same time and they get into a fight, probably betting on, on the homesteaders.
[15:53]
Caleb Tolan
Right, right again, there you go. You go back to context. That's the context of, of the dispute, if you will. So I guess for those listening in, if you have a strong opinion, whether it's the homesteaders or the cyber crime actors, you can sound off in the comments. But back to kind of the topic at hand in talking about threat intelligence. Again, it typically acts as a support function for many other parts of the business like we've talked about already. So how can CTI better help us achieve stronger data security specifically?
[16:23]
Scott Schur
Yeah, so in the general sense, and I'll try to give not an exact example, but like a little bit more tangible of a thing here, but to your point, yes, CTI can, is a support function for all of the business function across.
[16:36]
Sam
Right.
[16:37]
Scott Schur
You know, teams from your defenders to your privacy to your risk teams to, you know, mergers and acquisitions, all of that kind of stuff. I've kind of seen CTI play that support role for, in terms of data security, the thing that, that I think CTI can help with is in the sense of one understanding, you know, what data is at risk.
[16:56]
Sam
Right?
[16:56]
Scott Schur
So like, I think that's the first piece is, hey, using CTI reporting and support for doing data security in an organization can help you understand what data you have that is likely to be favorable or targeted by threat actors of interest, right? Who that might be. So it's what type of data and then how do we best secure that? But then it's also from a little bit more technical that might help with policies or, you know, like the way in which you keep that data and what you do with it is, you know, how will they target that?
[17:26]
Sam
Right?
[17:27]
Scott Schur
And you know, when we start talking through mitre, you know, framework and things like that, like giving those tactics, techniques and procedures of the way the threat actor goes after this stuff will help you understand, do we have the right technology and encrypting the data, Are we storing it in the right place? You know, is the place we keep this data stored, isolated from the other places that the data exists so you can't jump from spot to spot. So like, we can really help with like where you can invest that prioritization and that, you know, policy, whether it's policy, whether it's technology, whether it's people and resources, that's really where, where I think CTI can play a Pretty critical role across any business function, but particularly for data security, right?
[18:09]
Caleb Tolan
Absolutely. I mean, at Rubrik, something we always say is you need to understand what data you have is sensitive, be able to classify that, understand who has access to it, what they're doing with it, and really be able to understand the whole structure of your security data security posture in order to kind of take any next steps from there.
[18:27]
Scott Schur
Exactly. And CTI again can help with, once you understand all that stuff, applying. Well now here's the threat actors view. Here's a threat actors perspective.
[18:35]
Sam
Right.
[18:36]
Scott Schur
Because I think that is if I can circle back to one of our other questions, right. Of what I would like people to understand about CTI is one of the things, and maybe we've done ourselves a disservice in calling ourselves cyber threat intelligence. We're really more cyber counter threat intelligence. It's really we are meant to be looking at things the way the threat actor looks at and presenting it that way to an internal audience. So it's really being able to give that. Well, what is the threat actor care about that we have here? Right, right.
[19:05]
Caleb Tolan
Yeah. And that's absolutely a great transition into kind of our next topic at hand. So one of the common themes that we've heard from many of our guests is that a key skill technologist and threat analysts need to develop to advance their careers is effective communication with non technical peers and their leaders within their organizations. And you've talked about tailoring intelligence to both executives and operational teams. What is the biggest difference in how you present that intelligence to those two audiences in a way that resonates with them? And are there any examples that you can share?
[19:33]
Scott Schur
Yeah, so yeah, I think I would. You know, we have to kind of agree with everyone that has said that in the past because it is definitely true. Communication and the ability to do that well is key to pretty much all functions.
[19:45]
Sam
Right.
[19:46]
Scott Schur
Whatever it might be. So in terms of how doing that and you know, and talking through it is right. I think the main difference or one of the first difference between you know, presenting things to a more technical or you know, defense oriented team and function to a leadership function is simple. The format.
[20:07]
Sam
Right.
[20:07]
Scott Schur
So like the way whether it's a briefing, you know, getting on a call and talking like this, whether it's, you know, a written report, whether it's, you know, technical diagrams, whatever it might be, that is useful for one set of that audience and then the other.
[20:22]
Sam
Right.
[20:23]
Scott Schur
Is more useful for the other.
[20:25]
Sam
Right.
[20:25]
Scott Schur
Like so the leadership people.
[20:27]
Sam
Right.
[20:27]
Scott Schur
Like giving them a briefing, giving them Something that is, you know, succinct, short understood in business terms, which is, I think, is the second key piece of that is what you say and how you say it is going to be different for both of those audiences. And I think it's really just comes down to being able to understand who your stakeholder is and what they really need. And that is around the idea of, well, what is their main function and what are they doing?
[20:51]
Sam
Right.
[20:52]
Scott Schur
Leadership is making decisions, so they need information and context that will allow them to make the correct decision or the best decision. Defenders, their main job is to defend. So they need the information that is going to allow them to, you know, put in detections or identify threat actor activity in the environment, things like that. And the way to do that will be different, right. The more technical, machine to machine that you can start, you know, sending your information to them, probably the better. Whereas if you tried to send machine stuff to, you know, a leadership, they're going to look at you like they have no idea what any of this stuff is. So it's really translating into the words and the terms that they use while still keeping true. Because I do think there is, as we're talking about communication, I do think that there is a kind of a loosely defined set of how intelligence should be written, spoken about, conveyed, like certain terms and things like that that need to still be in there, but it's still. If it is completely foreign to the end user, then they're not going to understand it and they're not going to listen.
[21:56]
Caleb Tolan
Right, right. You know, we had an episode with Amy, BoJack. Gosh, this was probably about a year ago now, or at least maybe a little over a year ago, where she said that, you know, hopefully all CISOs or someone in a senior security leadership position should have some expertise within operations. So hopefully they are able to at least speak some of the language. But then in another episode that we had with Maureen Allison, I think a little bit before that, she mentioned about how the CISO's role has evolved so much to talk more about the business function and being able to communicate risk to the business in terms of what's happening with information security. So that's definitely a skill that everybody could kind of benefit from on the technology side.
[22:35]
Scott Schur
For sure. For sure. And I mean, honestly, that like talking sort of the CISO role, right? Like, as someone who's obviously not a ciso, but that role, and it depends, right. Organizations. I've seen organizations do this, right, where there is not necessarily two CISOs, but there is, you know, first line defense, which is the more tactical operations function that has all the security apparatus and you have what? Right, like second line defense, which is, hey, we have oversight, we have risk, we have all that stuff. And there's not two CISOs, but there's two people who kind of have each side of the CISO function rather than it being one role. It'd be, here's your tactical technical operator CISO who's running all of the teams. And then you have your risk business based security officer who is, you know, going to then take all of that and translate that to, hey, here's the risks that we have as an organization, here's how much it's going to cost, all that kind of stuff. So I've seen it done that way. I've also seen, right, hey, one CISO who needs to do both in a place as well. So which is better is unclear. It's kind of, I think what works best for an organization is also sometimes hard to find one person who has both of those skill sets. So sometimes maybe two is better. Just kind of depends.
[23:49]
Sam
Right, right.
[23:50]
Caleb Tolan
Definitely different from organization to organization. But it's a great note to end on. So thank you again for your time today, Scott. This was really an incredible conversation. Great getting to hear more about your experience in homesteading and cyber threat intelligence of course too. So I really appreciate the conversation and look forward to next time.
[24:06]
Scott Schur
Awesome. Caleb, thank you so much for having me. I hope everybody enjoys listening. Thanks.
[24:13]
Sam
Sam.