Podcast
The Defender's Advantage Podcast
Hosted by FireEye Inc, · EN
Learn about the latest threat and cybersecurity trends on The Defender’s Advantage Podcast! Hear from experts in the field as Host Luke McNamara, from Google Threat Intelligence Group, interviews analysts, researchers and other guests on the frontlines of the latest attacks. Episodes dive deep into various topics, including nation-state activity, cybercrime, malware and tradecraft, incident response, defensive guidance, and more. Don't forget to subscribe!
23episodes
Episodes
Newest firstAll episodes
Google's Disruption Mission
3w ago00:29:08Tap to summarizeHost Luke McNamara is joined by Charley Snyder, Head of Disruption Operations at Google Threat Intelligence Group, to delve into how Google is crafting a more coordinate approach to disrupting adversary cyber operations. Charley describes how this disruption focus is not hacking back, how it builds on existing work across Google security teams, and some of the recent wins such as the IPIDEA and GRIDTIDE takedowns.
Transcribe →Takeaways from the 2026 M-Trends Report
Apr 1500:27:55Tap to summarizeHost Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss the 2026 edition of Mandiant's M-Trends Report. Chris dives into the latest trends observed in breached throughout 2025 and into this year, noting some of the key aspects organizations should focus on in applying these insights into today's threat landscape. https://cloud.google.com/security/resources/m-trends
Transcribe →Using GTI to Hunt Adversaries on the Dark Web
Mar 2300:30:01Tap to summarizeIn this episode of the Defenders Advantage Podcast, host Luke McNamara sits down with Google Threat Intelligence experts Jose Nazario and Brandon Wood. They dive into the rollout of new dark web and underground monitoring capabilities, explaining how AI is fundamentally changing the way defenders track adversaries.https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intelligence-into-the-ai-era\
Transcribe →How Android Combats Mobile Scams
Jan 1600:31:48Tap to summarizeHost Luke McNamara is joined by Eugene Liderman, Senior Director in Android's Security and Privacy Group, to discuss the evolving world of mobile-targeting scams. Eugene details some of the unique aspects to mobile scams, regional variations in tactics by scammers, and the steps Android has taken to combat this problem.
Transcribe →UNC5221 and the BRICKSTORM Campaign
Oct 2200:26:11Tap to summarizeSarah Yoder (Manager, Mandiant Consulting) and Ashley Pearson (Senior Analyst, Advanced Practices on Google Threat Intelligence Group) join host Luke McNamara to discuss UNC5221 and their operations involving BRICKSTORM backdoor. This highly sophisticated, suspected China-nexus cyber-espionage threat group is known for aggressively targeting internet-facing network appliances (like VPNs and firewalls) to establish long-term, stealthy access for espionage.Read our blog post for more: https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign
Transcribe →How vSphere Became a Target for Adversaries
Sep 1500:39:01Tap to summarizeStuart Carrera (Senior Consultant, Mandiant Consulting) joins host Luke McNamara to discuss how threat actors are increasingly targeting the VMware vSphere estate, and leveraging in this environment to conduct extortion and data theft. Stuart details why this has become an attractive target, and ways organizations can better engineer detections to respond to this activity. https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944https://cloud.google.com/blog/topics/threat-intelligence/vsphere-active-directory-integration-risks
Transcribe →AI Tools and Sentiment Within the Underground Cyber Crime Community
Aug 1800:25:44Tap to summarizeMichelle Cantos (Senior Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss some of the recent trends in underground marketplaces around the selling of illicit AI tools and services. Michelle discusses GTIG's research into this space, how threat actors are seeking to leverage these models, use cases being discussed, and more.
Transcribe →Protecting the Core: Securing Protection Relays in Modern Substations
Jul 2800:43:05Tap to summarizeHost Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid.https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations
Transcribe →The Rise of ClickFix
Jul 1500:23:33Tap to summarizeDima Lenz (Security Engineer, Google Threat Intelligence Group) joins host Luke McNamara to discuss how threat actors have been using ClickFix to socially engineer users. Dima recounts the growth of this technique in 2024, some of the campaigns and actors that have leveraged it, and where it may be headed next.
Transcribe →Vishing in the Wild
Jun 400:37:48Tap to summarizeNick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements. https://cloud.google.com/blog/topics/threat-intelligence/technical-analysis-vishing-threats?e=48754805https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks?e=48754805.
Transcribe →