Data Security Decoded

Episode: Breaking the Intelligence-Defense Divide with Scott Schur

Date: August 13, 2025
Host: Caleb Tolan
Guest: Scott Schur (Cyber Threat Intelligence Expert)

Episode Overview

This episode features a conversation with Scott Schur, an experienced leader in Cyber Threat Intelligence (CTI). Scott shares insights from his unique path—from off-grid homesteading to leading threat intelligence teams in both government and private sector organizations. The discussion centers on bridging gaps between intelligence, defenders, and policy teams, fostering collaboration, making CTI actionable, and strengthening data security. Listeners will also hear Scott’s thoughts on effective communication across technical and executive audiences, and there’s even a light-hearted debate about the resilience of homesteaders versus cybercriminals.

Key Discussion Points & Insights

1. Scott’s Journey: From Homesteading to CTI

[01:38 – 04:12]

Scott’s non-traditional background included four years living "off the grid" in mountainous homesteads, driving into town for connectivity.
- “We were pretty much off grid for mostly all of it, right? We had some generators to like run some stuff, but... no Internet, no TV, no real cell phone service.” (Scott, 01:38)
The fragility of modern technology dependence inspired him to pursue cybersecurity.
- "As a society we aren't really prepared to live without modern technology. ... If we lost that technology... it would be kind of a bad day for most people." (Scott, 03:42)

2. Intelligence, Policy, and Defenders: Not “Versus,” but Formula

[04:12 – 08:45]

Scott urges teams not to see themselves as adversarial; instead, they should operate together as "a formula for doing good cybersecurity work."
- "Don't think of it as me versus them or them and us ... I would use a plus sign or a multiplication sign ... a formula for doing good cybersecurity work." (Scott, 04:52)
CTI serves as "the connective tissue" that understands strategy and translates it to actionable tasks for defenders.
- “Intel in understanding what it's supposed to be doing is... the gap, the connective tissue of those other teams and departments.” (Scott, 06:21)
Real integration means process integration, not just reporting to the same boss.
- “It's really integration of process ... the intel piece being a component of all of the defense functions is when it really works well.” (Scott, 07:22)
He cites MITRE’s Threat Informed Defense as a benchmark for this integration.

3. Enhancing Collaboration Between Intelligence and Defense

[08:53 – 13:26]

A recurring challenge: Defense teams often don’t know what to do with intelligence.
- "Teams across the organization don't always understand what intelligence is and how to use it. ... You have to have what to do with it kind of embedded in." (Scott, 09:24)
Traditional intelligence sometimes stops at giving options, but business settings often need recommendations.
- "In traditional intelligence ... you don't really make recommendations per se, ... but in the business world ... want the CTI team to at least recommend something to do." (Scott, 10:06)
The value CTI provides defenders is justification and prioritization—the “cover” for defensive actions and decisions.
- "CTI needs to be looked at as their cover ... that formula of what cover equals is justification and prioritization." (Scott, 12:16)
- "It allows the defenders to say we did or didn't do something based on the intelligence... And that is your justification." (Scott, 12:45)

4. Light-Hearted Debate: Homesteaders vs. Cybercriminals

[13:26 – 15:53]

Caleb asks, “Who’d win in a fight: 10 homesteaders or 10 ruthless cybercrime actors?”
- Scott votes for the homesteaders: “We’re looking at physical hard labor... I would say most likely the 10 homesteaders are probably going to win in a physical confrontation with... 10 cybercriminals or threat actors.” (Scott, 14:43)
Both note the “context” matters—are we talking physical confrontation or strategic battle?

5. Making CTI Strengthen Data Security

[15:53 – 18:35]

CTI’s critical role is in identifying what data is at risk and how attackers might target it.
- “Using CTI reporting and support for doing data security in an organization can help you understand what data you have that is likely to be favorable or targeted... and then how do we best secure that?” (Scott, 16:56)
The MITRE ATT&CK framework helps show real-world tactics, driving better decisions on encryption, storage, and resource prioritization.
CTI gives organizations “the threat actor’s perspective” to see what’s valuable and vulnerable.

6. Communicating Intelligence: Executives vs. Ops

[19:04 – 21:56]

Effective communication is crucial—format, language, and relevance must match the audience.
- “The main difference... is the format. ... The way you present things is going to be different for both of those audiences.” (Scott, 20:06)
Executives need succinct, business-oriented insights for decisions; defenders need actionable, technical details.
- “Leadership is making decisions, so they need information... Defenders... need the information that is going to allow them to... put in detections or identify threat actor activity.” (Scott, 20:51)
Intelligence must be translated, but stay truly informative.

7. The Evolving Role of Security Leadership

[21:56 – 23:48]

Referencing previous guests, Scott notes how CISO roles are split in some organizations: tactical/technical vs. business-minded risk officers.
- “There’s not two CISOs, but... one CISO who needs to do both... sometimes maybe two is better. Just kind of depends.” (Scott, 23:48)
The blend of operational expertise and business communication is increasingly essential.

Memorable Quotes

"We need to be able to protect the technology that we have and... maintain people's access to it." (Scott, 04:03)
"CTI is an opportunity to give a scientific approach to how you can make this information usable." (Scott, 12:10)
"We're really more cyber counter threat intelligence. We are meant to be looking at things the way the threat actor looks at and presenting it that way to an internal audience." (Scott, 18:35)
"If it is completely foreign to the end user, then they're not going to understand it and they're not going to listen." (Scott, 21:56)

Timestamps for Key Segments

Intro & Scott’s Background: 00:00–04:12
Bridging Intelligence, Defense, and Policy: 04:12–08:45
Actionable CTI for Defenders: 08:53–13:26
Homesteaders vs. Cybercrime Actors: 13:26–15:53
Using CTI for Data Security: 15:53–18:35
Communicating with Executives vs. Defenders: 19:04–21:56
CISO Role Evolution and Closing Thoughts: 21:56–24:12

Summary Takeaway

Scott Schur emphasizes that true cyber resilience requires seamless collaboration among intelligence, defense, and policy teams, operating as parts of a formula—not in opposition. CTI must provide not just information but actionable recommendations and justification for defensive decisions. Effective communication—tailored by audience—is pivotal, as is understanding the attacker’s perspective. From boardrooms to security desks, a connected, context-aware approach is key to safeguarding critical data.

Data Security Decoded

Episode: Breaking the Intelligence-Defense Divide with Scott Schur

Date: August 13, 2025
Host: Caleb Tolan
Guest: Scott Schur (Cyber Threat Intelligence Expert)

Episode Overview

Key Discussion Points & Insights

1. Scott’s Journey: From Homesteading to CTI

[01:38 – 04:12]

Scott’s non-traditional background included four years living "off the grid" in mountainous homesteads, driving into town for connectivity.
- “We were pretty much off grid for mostly all of it, right? We had some generators to like run some stuff, but... no Internet, no TV, no real cell phone service.” (Scott, 01:38)
The fragility of modern technology dependence inspired him to pursue cybersecurity.
- "As a society we aren't really prepared to live without modern technology. ... If we lost that technology... it would be kind of a bad day for most people." (Scott, 03:42)

2. Intelligence, Policy, and Defenders: Not “Versus,” but Formula

[04:12 – 08:45]

Scott urges teams not to see themselves as adversarial; instead, they should operate together as "a formula for doing good cybersecurity work."
- "Don't think of it as me versus them or them and us ... I would use a plus sign or a multiplication sign ... a formula for doing good cybersecurity work." (Scott, 04:52)
CTI serves as "the connective tissue" that understands strategy and translates it to actionable tasks for defenders.
- “Intel in understanding what it's supposed to be doing is... the gap, the connective tissue of those other teams and departments.” (Scott, 06:21)
Real integration means process integration, not just reporting to the same boss.
- “It's really integration of process ... the intel piece being a component of all of the defense functions is when it really works well.” (Scott, 07:22)
He cites MITRE’s Threat Informed Defense as a benchmark for this integration.

3. Enhancing Collaboration Between Intelligence and Defense

[08:53 – 13:26]

A recurring challenge: Defense teams often don’t know what to do with intelligence.
- "Teams across the organization don't always understand what intelligence is and how to use it. ... You have to have what to do with it kind of embedded in." (Scott, 09:24)
Traditional intelligence sometimes stops at giving options, but business settings often need recommendations.
- "In traditional intelligence ... you don't really make recommendations per se, ... but in the business world ... want the CTI team to at least recommend something to do." (Scott, 10:06)
The value CTI provides defenders is justification and prioritization—the “cover” for defensive actions and decisions.
- "CTI needs to be looked at as their cover ... that formula of what cover equals is justification and prioritization." (Scott, 12:16)
- "It allows the defenders to say we did or didn't do something based on the intelligence... And that is your justification." (Scott, 12:45)

4. Light-Hearted Debate: Homesteaders vs. Cybercriminals

[13:26 – 15:53]

Caleb asks, “Who’d win in a fight: 10 homesteaders or 10 ruthless cybercrime actors?”
- Scott votes for the homesteaders: “We’re looking at physical hard labor... I would say most likely the 10 homesteaders are probably going to win in a physical confrontation with... 10 cybercriminals or threat actors.” (Scott, 14:43)
Both note the “context” matters—are we talking physical confrontation or strategic battle?

5. Making CTI Strengthen Data Security

[15:53 – 18:35]

CTI’s critical role is in identifying what data is at risk and how attackers might target it.
- “Using CTI reporting and support for doing data security in an organization can help you understand what data you have that is likely to be favorable or targeted... and then how do we best secure that?” (Scott, 16:56)
The MITRE ATT&CK framework helps show real-world tactics, driving better decisions on encryption, storage, and resource prioritization.
CTI gives organizations “the threat actor’s perspective” to see what’s valuable and vulnerable.

6. Communicating Intelligence: Executives vs. Ops

[19:04 – 21:56]

Effective communication is crucial—format, language, and relevance must match the audience.
- “The main difference... is the format. ... The way you present things is going to be different for both of those audiences.” (Scott, 20:06)
Executives need succinct, business-oriented insights for decisions; defenders need actionable, technical details.
- “Leadership is making decisions, so they need information... Defenders... need the information that is going to allow them to... put in detections or identify threat actor activity.” (Scott, 20:51)
Intelligence must be translated, but stay truly informative.

7. The Evolving Role of Security Leadership

[21:56 – 23:48]

Referencing previous guests, Scott notes how CISO roles are split in some organizations: tactical/technical vs. business-minded risk officers.
- “There’s not two CISOs, but... one CISO who needs to do both... sometimes maybe two is better. Just kind of depends.” (Scott, 23:48)
The blend of operational expertise and business communication is increasingly essential.

Memorable Quotes

"We need to be able to protect the technology that we have and... maintain people's access to it." (Scott, 04:03)
"CTI is an opportunity to give a scientific approach to how you can make this information usable." (Scott, 12:10)
"We're really more cyber counter threat intelligence. We are meant to be looking at things the way the threat actor looks at and presenting it that way to an internal audience." (Scott, 18:35)
"If it is completely foreign to the end user, then they're not going to understand it and they're not going to listen." (Scott, 21:56)

Timestamps for Key Segments

Intro & Scott’s Background: 00:00–04:12
Bridging Intelligence, Defense, and Policy: 04:12–08:45
Actionable CTI for Defenders: 08:53–13:26
Homesteaders vs. Cybercrime Actors: 13:26–15:53
Using CTI for Data Security: 15:53–18:35
Communicating with Executives vs. Defenders: 19:04–21:56
CISO Role Evolution and Closing Thoughts: 21:56–24:12

wavePod

Breaking the Intelligence-Defense Divide with Scott Scher

Powered by Wave AI

Summary

Data Security Decoded

Episode: Breaking the Intelligence-Defense Divide with Scott Schur

Episode Overview

Key Discussion Points & Insights

1. Scott’s Journey: From Homesteading to CTI

2. Intelligence, Policy, and Defenders: Not “Versus,” but Formula

3. Enhancing Collaboration Between Intelligence and Defense

4. Light-Hearted Debate: Homesteaders vs. Cybercriminals

5. Making CTI Strengthen Data Security

6. Communicating Intelligence: Executives vs. Ops

7. The Evolving Role of Security Leadership

Memorable Quotes

Timestamps for Key Segments

Summary Takeaway

Summary

Data Security Decoded

Episode: Breaking the Intelligence-Defense Divide with Scott Schur

Episode Overview

Key Discussion Points & Insights

1. Scott’s Journey: From Homesteading to CTI

2. Intelligence, Policy, and Defenders: Not “Versus,” but Formula

3. Enhancing Collaboration Between Intelligence and Defense

4. Light-Hearted Debate: Homesteaders vs. Cybercriminals

5. Making CTI Strengthen Data Security

6. Communicating Intelligence: Executives vs. Ops

7. The Evolving Role of Security Leadership

Memorable Quotes

Timestamps for Key Segments

Summary Takeaway