The Human Side of Threat Intelligence - Threat Vector by Palo Alto Networks

Summary6 min read

Threat Vector Podcast: The Human Side of Threat Intelligence
Date: May 14, 2026
Host: David Moulton (Palo Alto Networks)
Guest: Ingrid Parker, Director, Intel Response Unit, Palo Alto Networks (Unit 42)

Episode Overview

This episode explores the human dimension of threat intelligence in cybersecurity. David Moulton interviews Ingrid Parker about her atypical journey into the field, what it really takes to excel in threat intel work, the personal and organizational costs, and why context and leadership matter. The conversation also covers updates to her influential book, lessons in developing analysts, the role of AI, and advice for those starting in the field. The discussion is candid and rich with practical insights, highlighting both technical and personal aspects of a demanding profession.

Key Discussion Points & Insights

Ingrid Parker’s Path into Cybersecurity

Atypical Beginnings:
- Ingrid started as an art major before shifting to technology out of practical necessity ([02:15]).
- Military service was her entryway to tech, initially as a linguist, then moving into computer science.
- She describes the field in the 90s as nearly non-existent for women, especially in cybersecurity.
- First exposure to cyber threats came during deployment in Afghanistan post-9/11 via a message from the DoD CERT:
  
  “They didn’t teach cybersecurity at that point. You were taught to be a system administrator. ... That, for me, started opening up that question of, well, what is this organization?” ([03:10], Ingrid Parker)
Opportunity & Proactiveness:
- Ingrid’s drive and resourcefulness were evident during her job interview at Northrop Grumman, when she spent a sleepless night preparing to discuss NetFlow from a security perspective ([05:00]):
  
  “I spent the whole night on the Internet doing research so that I could walk into that interview the next day and actually say, you know, oh yeah, well, you would be looking at this…” ([05:20], Ingrid Parker)
- The early years taught her the need for constant learning:
  
  “At every stage it’s learn, learn, learn, learn, because you never know everything that’s actually happening.” ([05:46], Ingrid Parker)

Bridging Technical and Human Skills

Evolving Focus in Security:
- Ingrid co-authored “11 Strategies of a World-Class Cybersecurity Operations Center.” The update from 10 to 11 strategies wasn’t just for fun, but to address what's fundamentally missed—understanding what you’re protecting and why ([06:42]):
  
  “It doesn’t matter how cool what you’re doing is if it’s not actually changing what’s going on with the business…” ([07:10], Ingrid Parker)
- She identifies a common pitfall: New practitioners focus on tech at the expense of business context ([07:40]).
- Suggests that a half-chapter (11.5) on identity security is an urgently-needed addition, as threat actors exploit identity systems in new ways ([08:47]).

Nurturing People in Cyber Intelligence

Human Engagement:
- Ingrid values teams where people genuinely support each other, not just execute the mission ([10:32]):
  
  “It makes everything more fun. And I like my work to be fun. ... It doesn’t mean I don’t want to smile and laugh and hear about whatever happened over the weekend…”
- She stresses understanding individual circumstances to balance when to push team members and when to offer grace ([11:30]).
- Celebrates team milestones, like an intern’s excitement at presenting at a B-Sides conference ([12:30]).
Service Orientation:
- Parker is enthusiastic about Palo Alto Networks’ direct-to-customer cyber threat intel services, which offer tailored, ongoing partnerships rather than one-off advice ([13:30]):
  
  “There’s still a human element to this where they still need to be able to reach out and have a sustained conversation person to person.”
- Example: Helping an energy company contextualize increased scanning activity from Iran ([14:15]).

Making Intelligence Actionable

Organizational Maturity:
- Ingrid describes a three-stage lifecycle for organizations using threat intelligence ([17:10]):
  1. Overwhelm: New teams ingest too much undifferentiated data, get overwhelmed.
  2. Contextualization: Mid-level maturity adds automation and context but may still miss the big risk picture.
  3. Strategic Use: Mature orgs use automation and context, then engage in higher-order, human-level discussions.
- The key difference is between collecting intelligence as shelfware and making it actionable for decisions.

Thinking Like an Adversary

Curiosity and Unconventional Backgrounds:
- Ingrid values curiosity and creativity, often found in people with unconventional paths ([19:55]):
  
  “I may have a bias towards people with untraditional backgrounds ... it’s people that are curious about the world in general, not just cybersecurity.”
- She agrees with the approach of anticipating where threat actors are heading (credit to Madeleine Sedgwick), combining both “beginning with intent” and “projecting the end” ([20:28]).
Why is Central:
- Understanding adversary "why" helps differentiate between actors—for example, distinguishing between espionage and financially motivated actions ([21:40]).

Burnout and Leadership

Signs and Prevention:
- In cyber threat intel, some never switch off:
  
  “It’s that person who can’t ever disconnect. My last team meeting ... I was like, so what are your summer vacation plans?... vacation means I’m only checking my email 4 hours a day instead of 12.” ([22:30])
- Leadership should model healthy boundaries and encourage time off:
  
  “Sometimes that’s as important as making somebody feel like, yeah, you’ve got a doctor’s appointment this afternoon. That is the most important thing you need to be doing.” ([23:30])

The Impact and Limits of AI

Current Value:
- AI is a powerful assistant, aiding even experienced analysts with surprising insights—but must be checked ([25:54]):
  
  “It can be this really powerful tool to really think about things differently … but ... sometimes because it wants to be helpful, it makes things up.” ([27:26])
- AI democratizes prototyping for analysts with less coding background ([27:31]).
- Human review and responsibility are still critical.

Advice for New Intelligence Professionals

Growth and Flexibility:
- Careers in intel are non-linear; be ready to embrace change ([28:43]):
  
  “Wherever you start is not where you’re going to end up and that’s okay. That is the journey, that is the fun of the field.”
- Early career pros should move around (inside or outside their org) to find what excites them.
- The field is dynamic and will be unrecognizable in the next 10–30 years—embrace uncertainty.

Notable Quotes & Moments

On Career Growth:

“If I could say one thing to people who are starting their careers, it’s, you’re not going to have the same energy, passion, goals throughout your entire career. It’s going to change. And that’s okay to have those seasons.” ([11:55], Ingrid Parker)
On Business Context:

“It doesn’t matter how cool what you’re doing is if it’s not actually changing what’s going on with the business, or if you’re not talking about the risk, or you’re not talking about the impact.” ([07:10], Ingrid Parker)
On Burnout:

“It’s a weird spot to find yourself in, to feel that the thing that you are incredibly good at is the thing that’s killing you.” ([24:17], David Moulton)
On AI’s Place:

“You still have to go back and double check it. You still gotta ask the question. You’re responsible for the report in the end.” ([27:30], Ingrid Parker)
On Changing Careers:

“Say yes, go in and take an opportunity.” ([28:55], Ingrid Parker)

Timestamps for Important Segments

Ingrid’s Background and Military Experience: [02:15] – [06:18]
Motivation Behind Book Update: [06:18] – [08:28]
The Missing ‘Identity’ Chapter: [08:42] – [09:53]
Building & Leading Human Teams: [10:32] – [13:09]
Direct to Customer Threat Intel Services: [13:30] – [15:30]
Making Threat Intel Actionable: [16:42] – [17:54]
Developing Analyst Mindset & Thinking like Adversaries: [18:44] – [22:01]
Spotting Burnout and Leadership Advice: [22:10] – [24:17]
AI in Threat Intel: [25:20] – [27:31]
Career Advice for Newcomers: [28:18] – [30:04]

Conclusion

This episode stands out for its open discussion of the emotional and personal side of threat intelligence careers, the balance of technology and humanity, and leadership wisdom. Ingrid Parker emphasizes the importance of why—both for defenders and adversaries—and encourages practitioners at all stages to embrace adaptability, thoughtful rest, and ongoing curiosity for a resilient and rewarding journey in the dynamic world of cyber threat intelligence.

Loading summary

Transcript45 lines

[00:02]
A
You're listening to the Cyberwire Network, powered by N2K. If you're a cyber threat intelligence professional, know your why. You know, why are you doing that for the organization that you're supporting? Because that's going to guide all the decisions you make. Everything you know, how you spend your time, what you prioritize, how you defend that organization.
[00:42]
B
I'm David Moulton, and this is Threat Vector. Today I'm with Ingrid Parker, director of the Intel Response Unit at Palo Alto Networks at Unit 42, about what it means to do threat intel work at the highest levels and what that work demands from the humans doing it. Ingrid, I'm glad that you're here today. I know that you've been running around RSA and it's been busy, but you cut out some time to come into our studio, as it were, and have a conversation with me, and I really appreciate that.
[01:21]
A
Thanks, David. Really happy to be here. Appreciate that you've got some time for me to come in and have a conversation.
[01:26]
B
Well, today we're going to talk about threat intelligence. Not just what it is technically, but what it's like to actually do the work. When you and I started talking about the show, I think you were excited about talking about the human side and what it takes to be good at the work and maybe a little bit about what it costs to do this type of service in this industry. So you started your career in the US Army. Let's see, a systems administrator, and then a network and engineer into the 90s. And I think that's a bit different than the work that you're doing in leading here in Threat Intel. What does that arc look like for you? You went from the military service to a podcast today. Talk me through that.
[02:16]
A
So it's been an interesting journey. Way back when, I was actually an art major in college. And one of the things you learned is that that is not always a career choice that leads to gainful employment. And so I was an unemployed artist living in New York City, hoping to take care of my nephew, and decided that I wanted to go get my master's degree and do it in something that was going to be a field that was more relevant to where we were at that point in the world, and ended up going into the military. Started actually as a linguist. Discovered that I wasn't so great with human languages. Ended up going to the computer science school there. And that, for me, just really unlocks something, because when I was growing up, I had played around with computers as a kid, but honestly, for women in the 90s, that was cybersecurity. Wasn't. Wasn't even a career path, let alone kind of, you know, computer programming or something like that. And so I hadn't really gone that route. And now all of a sudden, I was in the military, getting this opportunity to start to understand, you know, what was happening with technology and computers. But what really got me into cybersecurity was while I was in the military, I was deployed to Afghanistan after 9, 11, okay? And we got. We had set things up. I mean, I was literally there, you know, one of the first units. I worked for, a special forces team at that point. We had set up our tents, we had our communications, and thought we were doing pretty. And we got this message from this organization called the DOD Cert. We're in a defense computer emergency response team. And I'm going, who the heck is this? And why are they saying, I've got a problem with my firewall? And I looked at, and all of us are just like, they didn't teach cybersecurity at that point. You were taught to be a system administrator. You were taught to be a network engineer. You were taught to make things work, but not about the adversaries. And so we all kind of looked at this, and we're like, no, our connections are fine. But that, for me, started opening up that question of, well, what is this organization? Why do they think there's a problem? We started doing research, and I mentioned wanting to get my master's in the military. I was doing that at the time, ended up doing it in cybersecurity. Worked with one of my colleagues to actually. We did an evaluation of the city that we were based out of in cybersecurity. I was like, this is so cool, because now you're not only thinking about how to make something work, but how people break it as well. And so that, to me, because I take that art background of that creativity, and how do things work differently? And I bring that in with kind of the systems and the processes and the other pieces. And that hits both my right and left brain. And so from there, I got this message from the DOD Cert. I got out of the military. I started working for a small company, needed to move. One of the places that I got to interview with was with Northrop Grumman working for the DoD cert. And I was like, this was awesome. And I was like, I have to get this job. And so it was really amazing. The program manager for that role did the first interview with me, and he said, oh, by the way I'm going to have my technical person on tomorrow, I see you understand netflow, which is a particular, you know, technology for a way of showing how particular transmissions are happening across a network. And he's like, he's going to just ask you a couple questions about that. I'm like, okay, I did netflow from a, again, that perspective of how do we do the transmissions. But I hadn't done from a security perspective. I spent the whole night on the Internet doing research so that I could walk into that interview the next day and actually say, you know, oh yeah, well, you would be looking at this and you'd be looking at this port in protocol. And if you saw these things, you know, that could be an anomaly and everything else. Apparently I sounded great because I got the job, but it was like a 24 hour study session.
[05:46]
B
It crammed.
[05:47]
A
It crammed because, you know, and that's the whole fake it till you make it sort of thing. But it was, I, I was just so excited to be able to kind of bring that questioning that I'd had for a couple years into getting that next role. And then that really set me off because starting there, you know, going in and looking at basically traffic across the Department of Defense worldwide and getting that huge perspective, and then from there I've been able to, to take that and just transfer into all of these different roles. And at every stage it's learn, learn, learn, learn, because you never know everything that's actually happening.
[06:18]
B
Yeah. But you also have this other side of yourself that you author, you rewrite, you put things together. You were the co author on 11 Strategies, a world class cybersecurity operations center. What made you want to go back and update the book? And even with that update, what do you think practitioners are still getting wrong out there?
[06:42]
A
We didn't just go from 10 to 11 to play on the spinal tap. Go to 11, although that's funny. But we really wanted to talk about what are the key elements that were missing from the first book. And one of those was something I was very passionate about, which was in the beginning, know what you're protecting and why. And I think that was something that was missing in the first book. The first book really talked about the technical. It really talked about the, the ways to go thinking about cybersecurity and running a SOC center, SOC operations team. But it missed some of that business perspective. And that was one of the things that I started to learn over my time was it doesn't matter how cool what you're doing is if it's not actually changing what's going on with the business, or if you're not talking about the risk, or you're not talking about the impact. So if you go back and you look at the first versus second edition, you're going to see a lot of those early chapters are really setting the stage for why do you even have a security operations team? What is their role? How do you focus? And I think that's something you asked in your second part. What are people still getting wrong? I think you're seeing more and more of the leaders. They really understand this business piece. But the intel practitioners themselves, especially earlier in their careers, they're very focused on becoming technologists. They're very focused on understanding what they're being asked to do in their job. But it's very important that you stand up and you look outside and say, hey, I'm working for a financial services company. What is their business? And that's going to drive who the threat actors are that are going against them. Or I work for a manufacturing company, or I work for retail, or I work for government. And really understanding that business is going to help you be such a better analyst. So we want to make sure that that was a key component of what was in that book.
[08:29]
B
If you had to add a chapter or half a chapter 11.5 strategies, I think that would catch some folks. They'd be like, I got to go, I got to figure out what that half is. What would you add?
[08:42]
A
So this is where it was really hard because we got to the end of the book and we already wanted to add another chapter.
[08:46]
B
Okay.
[08:47]
A
And it was identity, because at the time we were writing this, so this was again, 2020, 2021, identity was really starting to emerge. So it's interesting because we'd been through the cloud phase and we'd done the updates to make sure that that was all in there. And as we got to the end of this, we're like, identity's sprinkled in. But it isn't as prevalent as it needed to be because that really is so transformational to how we think about security at this point. And we certainly see the threat actors taking advantage of that old school phishing still works, but all the things they're doing with credential harvesting, with calling help desks and pretending to be other people, there's so many things that we should be covering in this space and that's the piece that's missing in there. So I will say that Carson and Katherine and I every so often have A conversation of, should we really go back and just write that chapter separately? Should we do another update to the book? Where should we go? But we did make the decision at that point to just get the book out the door because it had been two years and it needed to move on. But I think we all kind of regret that we couldn't slide in. I like your idea though. Of the half. We'd done a half chapter, maybe we could have made it fit.
[09:53]
B
I'm borrowing that from a fellow marketing podcaster who says that works really well right now as to say like 11 and a half strategies. And people will go like, well, I gotta see what this means. Ingrid, you've described yourself as passionate about growing and guiding individuals. The teams that you lead, the organizations that you're in. And I think that's a really human framing for someone working in this field, this really technical field. Your reputation is, how good are you at a technical capability? And you're talking about, how do I grow you as a person? And those are in some ways very different things. Where did that come from?
[10:32]
A
I don't know that there's a specific moment when I knew that cybersecurity was the area I wanted to move towards, but it probably stands out in my time in the military as well, because in the military especially, especially when we were deployed over in Afghanistan, mission is number one. And it can overcome a lot of personality challenges. And there were some personality challenges amongst our team, which you get almost everywhere, but it really, you get into these high pressure situations and as long as you've got that mission, you can focus on it. But I've also been with teams where it's so much better when you also just enjoy being around the people that you're with. Because then when you've got the stress, then when something's going wrong, you know, you've taken the time to get to know that person. Even if they're not somebody that you would choose to have in your, like, day to day life, you still can respect them as a person. And you still know, like, hey, this is what's going on with their family at the moment. Or this is, you know, they're, you know, in the middle of. One of my colleagues is authoring a course for Sans right now. Like, I know the stress that they're going through and it's being able to take that and then apply it to, okay, so now what's going on at work? How do I give that person the grace that they need? How do I know when I can, you know, As a manager and a leader, how can I understand when somebody's at the point where it's like, oh, I can actually push them because they're in a great mental headspace. There's so much more that they want to do. They want to grow. This is their time. Because your career is not linear. I mean, if I could say one thing to people who are starting their careers, it's, you're not going to have the same energy, passion, goals throughout your entire career. It's going to change. And that's okay to have those seasons. And so for me, it's always been, you know, just starting to learn that, people learning where they're at and then it just, it makes everything more fun. And I like my work to be fun. Like, I'm a serious person. Like, you know, but it doesn't mean I don't want to smile and laugh and, you know, hear about whatever happened over the weekend and hear about your successes with, like, you know, one of my interns, the first time she got debrief at what we call a B sides conference, you know, which is a local cybersecurity conference that they have in different places in the world. Like, just getting to see her excitement about that, it's like, great. That's. That's what I want to bring into the team is like supporting each other and doing those pieces so that when at 4 o' clock on a Friday afternoon, you find out that, yes, there's another cybersecurity event in the world that you have to spend time on. Yeah, you're in a good place with your team. So that's really what it's about, is trying to balance the stress of what happens with creating a set of people who are going to be able to support you and where you're at when that stress is happening.
[13:09]
B
Yeah, I had a manager who used to call that putting savings into the relationship bank, so that when you needed to make a withdrawal, there was something to withdraw. This direct to customer Cyber Threat Intelligence Services, I think, is what it is. Talk to me a little bit more about that. You seem excited. You seem proud. I'm curious. I'm just genuinely curious about it.
[13:31]
A
Yeah. So, you know, we get to talk to a lot of customers and offer them perspectives on intel, but that engagement often ends with, hey, we had a conversation with you or a couple, but up until now we haven't been able to figure out how do we sustain that partnership with them. And I think this will go into some, probably some topics we're continuing to talk about which is, you know, how do you make intelligence actionable so that you can make risk decisions? And what I'm finding is that there are different places that customers are at where they need support. But in general, it's even with AI and all these other cool things that I have so many questions I hope you ask me, but there's still a human element to this where they still need to be able to reach out and have a sustained conversation person to person. Or they come in and say, even with all the other groups that they might be a part of, they're saying, I'm seeing something, but I don't know if this is normal. Can you help me out and go hunt through your telemetry or go pivot and see if there's something there? We are working with a partner right now that had an energy company that had asked, hey, I'm seeing some increased scanning from Iran. Is that something that we should be concerned about? And we were able to help them contextualize that and understand what the risk was to them. So that, for me, is the really great part, is when we can provide information to help them make that decision. And that's. That's really what these services are about, is going in and helping them to make those risk decisions.
[15:31]
B
I don't know if I'm gonna give the right analogy, but it sounds like they're going down the road and they suddenly heard something weird in the engine and maybe it's a bad thing and you're able to go, you should probably pay attention to that. Or, no, that's pretty normal. It's fine and move on. But it's not always the exact same. So it's not like a broad bit of publication. It's tailored just to that specific customer or their industry. Back to your Understand your why. Why is that risk? Not a big deal for these folks, but it is for this group over here.
[16:00]
A
Yeah. And for us, it's more than just those technical questions. We're also finding that people are very interested in how they mature their programs. And so that's one of the things is they can respond to us and ask those questions as well and say, hey, I just wrote this guidebook for my intel team. Could you take a look at it? And I think that's something that we're doing that's a little bit unique, and that's based on the people that we have on our program who really want to bring our expertise into those organizations. But it's a nice balance because we can meet people where they at where they're at from their maturity perspective and really help them, whether it's the question of the day or that kind of looking forward so they can better use the intel that they're going to get in the future too.
[16:43]
B
Yeah. How do they get to the next step right now? There's a lot of conversation in our industry about the gap between threat intelligence as a product and threat intelligence as something that actually changes behavior. In your experience, what separates organizations that use intelligence well from those who maybe collect it and put it on a shelf for a drive and never look at it again?
[17:10]
A
What I've seen is that organizations tend to go through a life cycle. So there's really kind of three different steps that I look at. So first is those organizations that are very new, maybe threat intel is something additional duty assigned that one of their security operations people does. They often try and bring together everything and they get so overwhelmed that it just becomes, give me a threat fee, give me a bunch of data, I'm just going to pump it into a security system. But they haven't put that context or around it to know what's important. So they still get overwhelmed with the alerts. In the middle. You start to get those organizations that are like, oh, I actually, I need to do that automation. Yes, I've got a fee. But it needs to have the context behind it. But they then are very focused on what is the kind of of the moment alert that's coming through, but maybe haven't taken that full risk picture. And then finally you've got those much more mature organizations where they're finally settling in and saying, okay, yep, we've got the automation, we have the pieces that they need. But that's where they're often coming back to that human side and saying, well, now I need to have the discussion because I need to think about this from a much bigger perspective. So their systems are saying, okay, do I have the right technology in place? Am I protected against the threats that are much more forward looking versus in the moment? So I've seen a lot of different places where you still see a little bit of a struggle. But, you know,
[18:44]
B
so threat intelligence work requires you to think like an adversary. And as we were talking about this earlier, I think a lot of us don't. Right. Like it's not our, maybe our default position, you know, understanding intent or the ability to model behavior. I was talking to Madeleine Sedgwick about this on the podcast almost two years ago and she talked about this idea of thinking about where are they going to end up. So I'm not going to try to chase them. I'm going to try to figure out where they're going to end up and see if I can catch them because I know I'm behind, you know, anticipating where they're going to go, like what type of adversary am I up against? And I think that that requires a particular kind of judgment and thinking. In Madeline's case, she was actually also an art student. So maybe there's a pattern here. Ingrid, how do you go about developing that kind of thinking, that kind of skill in people and, or how do you identify it from the get go if it's not necessarily something that you're going to build, you're going to see it and attract it to your team.
[19:56]
A
So one, I may have a bias towards people with untraditional backgrounds looking for because it's people that are curious about the world in general, not just cybersecurity. Because you have to remember that behind every cybersecurity act, when you go to the very beginning, there is a person that did that, whether they were the ones that coded whatever is moving forward, whether it's actually an actor on keyboard, whether it's a nation state government organization. And so you have to have that curiosity as to we're going to keep saying why during this discussion.
[20:28]
B
I think it's going to be the
[20:29]
A
name of the show is why is this happening the way that it's happening? And being able to step back and say, I love that idea of going to the end. For me, I'm talking about starting at the beginning. I think if you can bring those two together where you're saying, well, what was that person trying to do? So are they after intellectual property? Are they after just gaining access so they've got it during a geopolitical conflict? Are they somebody who is going after short term financial gain? Are they somebody who's going after long term financial transitioning with influencing stock markets and those sorts of things and business acquisitions. So if you can start with that from the beginning of understanding, and we don't always know this, but that's the reason we create these threat actor profiles. And think about the difference between maybe nation state and cyber criminal groups because their why starts differently, which means where they end is going to be different. And so you can, you know, that's where I think we get into this whole discussion about attribution and do you need to name groups or not? But it's really, you need to understand what the probable intent is in order to be able to follow forward to figure out where they might be going. We of course are seeing a lot more overlap between the tools being used by maybe nation state actors and cyber criminal actors. That's been a theme over the past decade where you see more and more overlap, but you still can often separate those out to understand, am I headed towards something that is ransomware or am I headed towards something that is likely to be long term access and actual property theft.
[22:02]
B
Yep. So espionage on the threat actor side looks a lot different as a why than get rich quick schemes.
[22:11]
A
Yeah.
[22:12]
B
Okay, so on the other side of this, you develop that talent, you find somebody that is a non traditional background, they're very curious, they get into this work. What are the signs that it's burning them out that you're going to lose them?
[22:30]
A
I mentioned that many of us, we wake up and read about this stuff. We might talk about it over dinner. It's that person who can't ever disconnect. My last team meeting with my team, I was like, so what are your summer vacation plans? Do you have them on the calendar yet? Are you really going to take time off? So many of us in this industry are bad of, well, I'm on vacation, but vacation means I'm only checking my email 4 hours a day instead of 12 hours a day. I think that comes from leadership down is making sure that people are truly disconnecting. They're getting the time off. They're not missing those important things with family, with friends, with their life, with their vacation. They're having those experiences because you truly come back so much more refreshed. And then you can bring that back to the team of, okay, I've got energy now, I've got the energy to sustain you until your next time off. And sometimes that's as important as making somebody feel like, yeah, you've got a doctor's appointment this afternoon. That is the most important thing you need to be doing. And it's okay. That report that you're working on can wait till you come back. And sometimes it truly is maybe. Yeah. So when are you going to take that full week off or two weeks and you know, go hike the Himalayas or whatever's on your.
[23:41]
B
Yeah, yeah. On your list.
[23:43]
A
So I think it's finding, finding that balance. We have so many people that are hard chargers. Like, you get excited, you get passionate, you want to do things. It's also just finding those hobbies. As much as you might enjoy this field, find something else. And I think that's one of the things I've enjoyed as A creative person is. I have. There's other creative hobbies that sometimes just reset my brain to move forward. So it's really trying to balance and make sure your team feels supported in taking the time to do other things so that they can come back and be really strong while they're here working on the problems at hand.
[24:17]
B
I think that's a great leadership lesson. I don't think that is specific or only for cyber. Maybe it's effective in cyber, but I think any career, any space that you're in that you can't turn it off, walk away, prioritize the doctor appointment, your family, your personal health, those sorts of things. It risks putting you into a spot where you become disgruntled or angry at the thing that you were passionate about. And that's a weird spot to find yourself in, to feel that the thing that you are incredibly good at is the thing that's killing you. So, no, I like the idea of modeling it too. Sean, your team, you gotta go. I'm gonna go. I'm gonna work on some art or go gardening or go biking, whatever it is. Plus, it's interesting to go out in the world and not see everything that are in the feeds because sometimes those can be a bit of a downer.
[25:19]
A
Gotta get your energy back.
[25:20]
B
Yeah, Go listen to the birds. So I don't think it would be a Threat Vector 2026 podcast if I didn't ask you about AI. And maybe we keep it brief since we've had a lot of talk about humans and our why and some of those things that aren't on the tech side, but it's everywhere right now, Ingrid. Right. And I'm sure you're running into it as well. AI and threat intelligence. What are you actually seeing in practice? What's it actually changing and what won't it change?
[25:55]
A
It's a really interesting inflection time right now. Anybody who's a practitioner in this space has seen, Even the past 12 months, the change in the models and how. How good they're getting. I actually start with a scoring. So this morning I was talking to one of my colleagues and we joke about the use of AI and some of the challenges it has, but he needed to put together a briefing on potential Iran threats to a Nordic country. And he was like, I'm not going to get anything, but let me just throw this into one of our models. And we've got some internal things that we use that can reference our own intelligence, past history. And he got a report back and it actually told him quite a bit. And he's like, I don't believe this. I think it's hallucinating. He's like. And so he told the model, give me your sources, tell me where you got this from. And he's like, oh, I would not have put this together. And so it took an assumption that he had and it challenged it, but then he challenged the model back to say, well, tell me why you actually got to this. And then it's like he learned something and he saw reports that he might not have gotten otherwise. So it can be this really powerful tool to really think about things differently. But at the same time, we are seeing, we use automated pipelines to take open source reporting. I mentioned that you've got a fusion team. We take open source reporting, we run it through our models, it automatically extracts things, it helps create connections to other types of data. And sometimes because it wants to be helpful, it makes things up.
[27:26]
B
Yep.
[27:27]
A
So you still have to go back and double check it. You still gotta ask the question you're
[27:30]
B
responsible for the report in the end.
[27:32]
A
Yes, very, very much so. Where we're seeing great strides is really in the term vibe coding, if we want to include that here, but in helping people prototype who maybe were not coders before. And I think that for cyber threat intelligence professionals, this is really great because some did not come up with that cybersecurity background necessarily. They're new in there. And that ability to go in and say, I have an idea, I have a system that can help me try this out without having to go find an engineer or teach yourself Python or something, that's powerful and that's an amazing place. Again, you have to check the code, you have to make sure it's doing what it's supposed to. But we're encouraging everybody to try and
[28:16]
B
test and be curious.
[28:17]
A
Yeah, exactly.
[28:19]
B
Let's wrap it up. If you could talk to somebody who's really early in their intelligence career, maybe they're out of the military or they were finishing a grad program like you, what's one thing that you want them to know about the work and what it asks of you?
[28:44]
A
I think about how different it was when I started than it is now. And I think having that mindset of wherever you start is not where you're going to end up and that, that's okay. That is the journey, that is the fun of the field. So we've talked about these things before. Say yes, go in and take an opportunity. There's a lot of question in the industry about how often you should move around and do you get a bad reputation if you move every couple years? I think as an early career person, you either need to figure out how to move in your company or you need to figure out how to switch between companies because you have to try things out. You should be spending time to figure out what makes you want to wake up in the morning and answer that question. I think cyber threat intelligence is an amazing field. Even I think with AI, we're still going to need the humans that are helping to guide and shape and provide the context. I would still encourage people to consider this as a field, but do it from recognizing that what this looks like right now, 10 years, 20 years, 30 years down the road, that's a long time. I don't think any of it. I'm not a futurist. I don't think many of us are. It's going to be different. But as long as you're going in with that perspective of trying to embrace that things are going to change, you're going to have a great time. So please do it.
[30:04]
B
Yeah. Well, Ingrid, thanks for coming on. This is such a thoughtful conversation and I appreciate you sharing some of those little glimpses into the art student, into the military, what you learned, what you carried forward, how you encourage people to grow and not to burn out and just really sharing the human side of this experience that maybe a lot of us on the outside would look at and go, well, that's a really technical career and we touch on it here and there, but it seems like it's a really human experience and called it a storytelling job. So, you know, I'm amongst my people. I love it. So that's it for today. If you like what you've heard, please subscribe. Wherever you listen, leave us a review on Apple Podcasts or Spotify. Those reviews and your feedback really do help me understand what you want to hear about. You can reach out to me@threatvectorpaltonetworks.com I read every email and we'll incorporate that into the show today. Ingrid mentioned some books. We'll go ahead and have those linked up in our show notes so that you can find them easily. I want to thank our executive producer, Michael Heller, our content and production teams, which include Kenny Miller, Joe Benecourt and Virginia Tran. Original mix and music by Elliot Heltzman. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now,
[32:04]
A
Sam.