Risky Bulletin: "Between Two Nerds: Cyber Myopia"

Podcast: Risky Bulletin
Date: August 18, 2025
Hosts: Tom Yuen (B), The Gruk (A)

Episode Overview

In this episode, Tom Yuen and The Gruk explore the concept of "cyber myopia": the insular focus on technical aspects of cybersecurity to the detriment of context and broader intelligence analysis. Prompted by a recent speech from Australia's ASIO Director General Mike Burgess, the hosts dissect why cyber espionage and traditional (human) espionage operations remain largely separate in reporting and practice, and the impacts of this divide—both in intelligence agencies and the commercial threat intelligence industry.

Key Discussion Points & Insights

1. Reflections on Recent Intelligence Speech and “Combinations” of Espionage

• Prompt: ASIO Director General's speech on increasing cyber espionage incidents and claims of ‘combined’ humint/cyber operations.
• Observation:
  • Tom: "There doesn't seem to be... any examples where they're combined" (03:01).
  • Hosts agree most examples given are strictly either cyber or classic human intelligence.
• Speculation:
  • The lack of cited blended operations is likely due to their technical complexity or sensitive nature, making them unsuitable for public discussion (04:13).
  • Theoretical example: Using cyber tools to grant a planted insider the ability to extract large databases undetected (04:46–05:30).

2. Separation of Intelligence Domains: Why the Siloes?

• Functional Necessity:
  • The technical demands of cyber, SIGINT, or HUMINT necessitate specialization. "If you spend five years learning how to do satellite imagery analysis, you can't just switch over..." — The Gruk (07:35).
• Organizational Design:
  • While agencies like the CIA strive for integration ("we steal secrets, however"), the expertise needed often enforces separation (06:25–07:31).
  • CIA's unique model: Half operations, half analysis—a rarity among intelligence agencies (17:16).

3. The Specialness and Limitations of Cyber

• Cyber as “Special”:
  • It's a new and highly technical discipline with potential for impact and manipulation of information and even perception in unique ways (09:39–09:52).
• Industry Silos:
  • Commercial CTI (Cyber Threat Intelligence) firms operate in technical silos due to:
    • Lack of access to broader intelligence (13:14).
    • Customer demands are strictly technical (“What should we patch next?” — Tom, 22:16).
    • High reputational risk if they speculate beyond their core competence (12:25).

4. The Context Gap: What’s Missing in Threat Intelligence?

• Reporting Stops at Data:
  • Threat intelligence often details “how” (malware, exploits) but rarely “why” or strategic impact ("...and then it stops. And that's useful information if you're worried about that malware. But that's not relevant to what was actually happening.” — Gruk, 10:48).
• Reasoning:
  • Tom: “If you get any of that [wider context] wrong... it’s going to blow up your entire report.” (12:25).
• Limits on Insight:
  • Even in think tank reports, lacking government-level visibility ensures only “shadow-puppet” understandings of foreign intentions (13:20).

5. Customer-Driven Myopia

• Nature of Intelligence as a Service:
  • Intelligence is always produced for a customer, who typically wants technical defense, not geopolitical analysis (21:30–22:19).
• Tactical vs. Strategic Mindsets:
  • The trench-level view of cyber operators is compared to soldiers in war: focusing on “more cyber,” or “more violence,” rather than broader strategy (23:15–24:21).
  • Structural organizations (within companies and agencies) naturally incentivize tactical over strategic thinking.

6. Analysis and Broader Perspective: Who Provides It?

• Need for Analysts:
  • CIA’s emphasis on analysis (the Directorate of Intelligence) uniquely positions it to provide context—few others do this at scale (17:16–18:10).
  • Document-focused agencies like the former KGB/FSD/SVR lack cultural mechanisms for this interpretative analysis (18:10–21:09).
• Major Point:
  • “The outside the intelligence community cybersecurity industry is just a slice of what goes on in the intelligence world.” — Tom (21:09).
• Consequences:
  • The gap between technical cyber insights and broader interpretive analysis persists in the commercial world.

Notable Quotes & Memorable Moments

• On disciplinary specialization:

  • “These are highly technical things that you need specific training for... it doesn't necessarily transfer to like recruiting people or sweet talking potential agents.” — The Gruk (07:09, 07:31)

• On the context gap in CTI:

  • “The problem is that you're not combining cyber with traditional intelligence... CTI doesn't have a human branch that they're just deliberately not including.” — The Gruk (13:34–14:07)

• On reputation risk in CTI analysis:

  • “If you get any of that wrong... it's going to blow up your entire report.” — The Gruk (12:25)

• On productizing cyber intelligence:

  • “Intelligence is always produced for a customer... good customers for [CTI companies] are not going to be asking the penetrating questions about what is China's five year goal in our sector...” — The Gruk (21:30–22:16)

• On myopic focus in cyber operations:

  • “Part of the problem we have maybe in cyber, is everyone’s in the trenches, right? So there’s always this, you know, what we’re missing is more cyber. If there was more cyber, this would be more better.” — The Gruk (23:15)

• On the division of labor in intelligence:

  • “Half of the agency is analysts... I don’t think there’s any other agency that sort of has that breakdown.” — The Gruk (17:16)

• On the narrowness of CTI content:

  • “That's what it's for. That's its purpose. That's literally obsessed over technical details that no one else cares about.” — Tom and Gruk (25:13–25:20)

• On personal enrichment:

  • “A bit of geopolitical context as a treat... it will make you feel good and sleep better at night.” — The Gruk (25:43)

Timestamps for Key Segments

• [00:12–03:37] — Discussion of ASIO speech, “combination” operations, and lack of public examples
• [04:13–07:31] — The challenge and validity of separating cyber and HUMINT; specialty and technical barriers
• [09:29–11:13] — The “specialness” of cyber and where CTI stops short
• [12:25–15:18] — Why CTI firms avoid broad analysis (“all risk, no return”); customer incentives for narrow focus
• [17:16–18:10] — CIA's analysis culture compared to other intelligence agencies
• [21:09–25:20] — Intelligence as customer-driven; myopia parallels in military and business; the natural tactical focus of CTI
• [25:43–26:13] — Quick wrap, value of contextual knowledge, and lighthearted sign-off

Tone & Style

The episode is characterized by dry wit and deep familiarity, leavened with self-deprecating humor about the “specialness” of cyber types and the insularity of the cybersecurity community. There’s a critical but fair assessment of industry blindspots, seasoned with analogies to both espionage history and organizational behavior.

Conclusion

Tom and The Gruk ultimately argue that the tactical, technical focus of commercial threat intelligence (“cyber myopia”) is a feature, not a bug—driven by organizational structure, customer needs, and the inherent challenges of combining disciplines. However, both suggest a personal and professional benefit from actively seeking out contextual, broader analysis to avoid losing the forest for the trees.

For listeners, this episode is a candid, nuanced exploration of why cybersecurity narratives so often lack strategic context—and whether, or how, that should change.