Ahead of the Threat

Season 2, Episode 5: Joe Levy

Federal Bureau of Investigation — Thu, 09 Apr 2026 13:58:55 -0400

Joining the show is a security practitioner who also happens to be a CEO. Joe Levy of Sophos and host Brett Leatherman, head of the FBI’s Cyber Division, discuss the application of Operation Winter SHIELD, with Levy calling it one of the most effective and approachable lists of cybersecurity tips available. Adopting just one of the plan’s 10 steps will make any company “infinitely better off,” Levy said.

Their conversation also highlights the “cybersecurity poverty line” that details the lack of CISOs in the workforce, the inherent risk and recommended research of third-party vendors, and a detailed examination of how a Sophos compromise was tracked to a device that displayed a greeting message on an office monitor.

To start the show, Brett is joined by Adam Maddock, the FBI’s section chief of the Cyber Technical Analysis and Operations Section. They discuss the highly technical Cyber Action Team and current news items that discuss software supply chain attacks, a “compromise” of Signal and Telegram, and the growing trend of hackers infiltrating everyday home devices.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Season 2, Episode 4: Sherrod DeGrippo

Federal Bureau of Investigation — Wed, 25 Mar 2026 13:21:00 -0400

Microsoft joins the conversation on all things Operation Winter SHIELD, the FBI’s list of the 10 most impactful cybersecurity actions for organizations big and small. Sherrod DeGrippo, general manager of Microsoft's Global Threat Intelligence, shares why she wrote a blog post about the Bureau’s effort with host Brett Leatherman, head of FBI Cyber. The two highlight the increasing role AI plays in initiating—and stopping—cyberattacks, how experts have observed that fundamental cybersecurity steps are enough to discourage a would-be hacker, and how security teams can be even more effective when they develop a partnership with software developers.

To start the show, Ahead of the Threat goes international! Brett discusses the critical role international cyber investigators play for the FBI with program manager Maeve Healy of the Global Partnership Program. They also explore recent news topics, including Operation Lightning, an alleged ransomware negotiator who secretly worked against his company, and industry’s growing calls to include AI in its cybersecurity toolbox.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Season 2, Episode 3: Amy Herzog

Federal Bureau of Investigation — Wed, 11 Mar 2026 13:38:09 -0400

Is a breach a security problem or a business problem? For guest Amy Herzog, CISO and vice president of Amazon Web Services, "security is what you bring to customers." Amy joins the show for a wide-ranging discussion with host Brett Leatherman on Operation Winter SHIELD. The two touch on how, in reality, AI makes bad hackers mediocre hackers; the importance of log retention (first mention this season!); that the most effective way to protect your business is by doing the basics (because most hackers succeed by exploiting the basics); and finally, learn how imagining yourself as a pilot puts you on the path for cybersecurity success.

In the show's opening, Brett is joined by the head of the FBI's Cyber Operations, Deputy Assistant Director Jason Bilnoski. They discuss the takedowns of LeakBase and Tycoon 2FAs while also wondering...if hackers use AI to infiltrate a system, should owners use AI to protect those systems?

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Season 2, Episode 2: John Hammond

Federal Bureau of Investigation — Wed, 25 Feb 2026 12:24:52 -0500

Search no further for an engaging, practical conversation from two cybersecurity experts! Diving into the FBI’s Operation Winter SHIELD initiative, John Hammond, the principal security researcher at Huntress, (who also has a YouTube channel with 2.1+ million subscribers) joins host Brett Leatherman for a wide-ranging discussion on hacking trends, how not every user in your organization needs full rights access, and that a basic inventory of IT equipment can be the most important cybersecurity step you take! Starting the show, Brett is joined by Michael Machtinger, the FBI’s deputy assistant director for the Cyber Intelligence Branch. After learning how the branch supports the Bureau’s cyber mission, the two discuss “slave” hackers from North Korea, CISA’s latest recommendation for end-of-life devices, and how hackers use remote proxy servers to attack within the U.S.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Season 2, Episode 1: John Hultquist

Federal Bureau of Investigation — Wed, 04 Feb 2026 15:59:37 -0500

In the first full episode for Season 2, host Brett Leatherman, assistant director of the FBI’s Cyber Division, welcomes the self-described cyberthreat hunter John Hultquist, the chief analyst of the Google Threat Intelligence Group.

In their conversation, John highlights that not being hacked is unrealistic. Creating resilience, especially in how fast you can get back online following an attack, is the best mitigation approach. AI is also discussed, with John citing how since hackers use it to infiltrate systems, organizations must use AI in any countermeasure.

Brett also announces Operation Winter SHIELD, the FBI’s first-of-its-kind campaign to highlight the 10 most common ways the FBI sees companies get victimized by cyberattacks. Learn more at fbi.gov/wintershield.

The news segment also returns in Season 2, with Brett joined by special guest Kristin Grimes, an FBI unit chief in the Cyber Law Unit, discussing the effects of CISA 2015’s (maybe) reauthorization, edge device exploitation, and the White House’s executive order on AI. Joint Advisories: https://www.cisa.gov/news-events/news/cisa-uk-ncsc-fbi-unveil-principles-combat-cyber-risks-ot

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Season Two, Episode Zero: Brett Leatherman

Federal Bureau of Investigation — Wed, 28 Jan 2026 11:36:44 -0500

Ahead of the Threat returns for its second season! Join our new host, Brett Leatherman, the assistant director of the FBI’s Cyber Division, as he discusses the current landscape of cyberthreats targeting businesses and critical infrastructure with the goal to inspire listeners to step back from the day-to-day to see the cyber threat more clearly, connect the dots and drive change.

With guests ranging from the private sector to government officials, Brett will highlight the administration’s cyber strategy and the FBI’s launch of Operation Winter SHIELD, a campaign to defend the homeland against cyber threats with real economic and national security implications.

If you’re on a cybersecurity team, a CISO, risk manager, CEO, on a board of directors, or just interested in stopping cyberattacks, join the FBI as we all get ahead of the threat.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Ten - Hugh Thompson

Federal Bureau of Investigation — Wed, 21 May 2025 18:02:05 -0400

The show is on the road! Filming on location at the annual RSAC Conference in San Francisco, hosts Bryan Vorndran and Jamil Farshchi welcome Dr. Hugh Thompson, the executive chairman of RSAC and the program coordinator of the RSAC Conference. The annual conference gathers thousands of cybersecurity officials from the private and public sector to discuss ways to thwart attacks and institute best practices. In this episode, Dr. Thompson highlights the importance of government participation, how to keep the relationships and knowledge-sharing going throughout the year, and the importance of being community-oriented to ensure effective cybersecurity postures against criminal adversaries.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Nine - Meredith Griffanti

Federal Bureau of Investigation — Wed, 30 Apr 2025 16:01:43 -0400

Are you an expert in communications? Do you need communications help? Are you ready for how to communicate to employees, the government, or your customers if a crisis happens? Many agencies believe they have it covered, but when a crisis does happen, the reality comes into focus that communications is a more nuanced and involved part of a response. Meredith Griffanti and her team do this “all day, every day.” As FTI’s senior managing director for cybersecurity and data privacy communications, Griffanti discusses her observations about the industry, common pitfalls and some changing attitudes about communications with hosts Bryan Vorndran, FBI assistant director of the Cyber Division, and Jamil Farshchi, an FBI strategic engagement advisor. Kicking off this episode’s Top Three segment with a look at current cybersecurity news, Bryan and Jamil assess the return of the LockBit ransomware group, a new tactic of “microransoms” targeting everyday users, and an FBI advisory warning people about fake FBI agents claiming to be from the Internet Crime Complaint Center (IC3). You can read the full public service announcement from IC3 at ic3.gov/PSA/2025/PSA250418.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Eight - Scott Aaronson

Federal Bureau of Investigation — Wed, 26 Mar 2025 12:20:08 -0400

Class is in session! Professor Scott Aaronson, a leading researcher in quantum computers, takes time away from his teaching at the University of Texas at Austin to give Ahead of the Threat a detailed overview of quantum theory and the applications of what a quantum computer could do—when one is invented. Though a real quantum computer remains unlikely for a few more years, its potential to unravel nearly all known encryption has led to the development of post-quantum encryption to protect sensitive data.

In the episode’s Top Three segment that highlights current cybersecurity news, hosts Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi, FBI strategic engagement advisor, discuss Google’s acquisition of the cloud computing company Wiz for $32 billion; the European Union's Artificial Intelligence Act, and a new ransomware attack at Jaguar Land Rover.

You can read an FBI Joint Cybersecurity Advisory on Medusa Ransomware at cisa.gov/news-events/cybersecurity-advisories/aa25-071a. You can also read NIST’s Post-Quantum Cryptography Standardization Overview at csrc.nist.gov/projects/post-quantum-cryptography.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Seven - Paul Proctor

Federal Bureau of Investigation — Wed, 12 Feb 2025 13:13:31 -0500

Paul Proctor, a Gartner analyst for 20 years, joins the show to discuss practical approaches businesses can apply to make cybersecurity more effective. Through thousands of hours of outreach, Proctor sees a broken system that can improve with better communication and partnership between executives and chief information security officers to create strategies based on “outcome-driven metrics.” One example is identifying the cost to return systems online in a specific time frame following a breach, while understanding that cutting funds to that effort jeopardizes the timeline.

Hosts Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi, FBI strategic engagement advisor, discuss the importance of cybersecurity 'fundamentals' and how measured approaches can lead to more success in a field more complicated than many think. Commenting on current events in the 'Top Three' segment, Vorndran and Farshchi highlight DeepSeek AI, the new updates to United HealthGroup’s breach, and new reporting requirements for critical infrastructure cyber incidents (Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA).

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Ahead of the Threat Podcast: Episode Six - Charles Carmakal

Federal Bureau of Investigation — Wed, 15 Jan 2025 09:37:46 -0500

For our first episode of 2025, Charles Carmakal joins the show to discuss all things Scattered Spider. As the chief technology officer at Mandiant, Charles details a disturbing trend of compromises through seemingly unsophisticated, yet highly effective approaches, including hackers who trick organization help desks into granting them system access. Hosts Bryan Vorndran, the assistant director of the FBI's Cyber Division, and Jamil Farshchi, an FBI strategic engagement advisor, discuss mitigation techniques that companies, such as Mandiant, recommend to clients. In the episode’s Top Three segment, Bryan and Jamil discuss the breaches of BeyondTrust and Data School and give an update on Salt Typhoon.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Five: Rachel Lavender

Federal Bureau of Investigation — Wed, 18 Dec 2024 14:43:58 -0500

For our last episode until 2025, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Rachel Lavender, managing director of the cyber practice at Marsh McLennan. As a seasoned cyber-insurance broker, Rachel discusses the partnership between a company and a cyber-insurance service, working together to build and implement effective cybersecurity measures over time. She also highlights act-of-war clauses and the growing information the insurance industry has obtained in a short time by servicing victim clients, resulting in better coverage and recommendations. For the episode’s Top Three segment recounting recent events, Bryan and Jamil discuss the unsealing of charges against members of Scattered Spider, the U.S. Securities and Exchange Commission’s cybersecurity reporting rules, and reasonably managed encryption.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Four - Wendi Whitmore

Federal Bureau of Investigation — Wed, 04 Dec 2024 16:57:24 -0500

This week on Ahead of the Threat, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Wendi Whitmore, senior vice president of Palo Alto Networks’ Unit 42. Drawing on her experience with cyber threat intelligence and incident response, Wendi talks about the growing sophistication of the cybercriminal business model and the need to have visibility across all company networks and infrastructure. She also highlights a growing trend in which companies have a “pre-built” environment that they would potentially move towards in case of a cyberattack. At the start of the episode, Bryan and Jamil discuss trending topics like the North Korean information technology worker threat, the Blue Yonder compromise, and the latest social engineering scheme from the cybercriminal group Black Basta.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Three - Chris Cwalina

Federal Bureau of Investigation — Wed, 20 Nov 2024 12:39:53 -0500

On this episode of Ahead of the Threat, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Chris Cwalina, global head of cybersecurity and privacy at Norton Rose Fulbright. Chris and his team of lawyers advise clients on how to minimize damage from sophisticated data breaches and cybersecurity incidents.

Chris reveals why many companies have a false sense of readiness and security before a breach. He also talks about fostering a security culture and the importance of having clear lines of decision-making when it comes to risk management.

At the start of the episode, Bryan and Jamil discuss trending topics like the Fortinet VPN zero-day, the extradition of the Phobos ransomware administrator, and the sentencing of U.S.-based co-conspirators behind the Bitfenix cryptocurrency exchange theft.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Two - Kevin Mandia

Federal Bureau of Investigation — Wed, 06 Nov 2024 16:32:31 -0500

On this episode of Ahead of the Threat, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Kevin Mandia, founder and CEO of Mandiant, one of the world’s leading cyberthreat intelligence and incident-response firms.

Drawing on his vast industry experience, Kevin talks about game-changing breaches and the history of cybersecurity, the increasing prevalence of voice cloning and other artificial intelligence tools in social engineering schemes, and the changing role of the chief information security officer (CISO). Kevin also shares the top four questions every CEO or corporate board should ask their CISO to assess cyber readiness.

At the start of the episode, Bryan and Jamil discuss trending topics like Sophos’ acquisition of Secureworks, the cyberattack on American Water, and the new CISO hire at UnitedHealth Group.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode One: Aron Ain

Federal Bureau of Investigation — Wed, 23 Oct 2024 17:41:53 -0400

In December 2021, UKG Kronos was hit with a ransomware attack that impacted thousands of business customers. On this episode of Ahead of the Threat, FBI Assistant Director Bryan Vorndran and FBI Strategic Engagement Advisor Jamil Farshchi speak to Aron Ain, former CEO and current executive chair at UKG, who gives a firsthand account of what it’s like to lead a multinational technology company during a major cyber incident. Learn how Aron handled the extreme pressure of the situation, prioritized transparency to rebuild customer trust, and made enduring structural reforms to supply-chain security and cybersecurity at the board level.

At the start of the episode, Bryan and Jamil discuss trending topics like Iran’s brazen effort to interfere in the 2024 U.S. presidential election, the Salt Typhoon hack of U.S. telecoms, and recent supply chain compromises.

Watch FBI Director Christopher Wray’s announcement on the Iranian election interference indictment at fbi.gov/video-repository/director-wray-on-indictment-of-iranian-cyber-actors-092724.mp4/view. You can read the indictment itself at justice.gov/opa/pr/three-irgc-cyber-actors-indicted-hack-and-leak-operation-designed-influence-2024-us.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media:

Episode Zero

Federal Bureau of Investigation — Wed, 16 Oct 2024 12:25:13 -0400

On Ahead of the Threat, Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi—a strategic engagement advisor for the FBI who also works as Equifax’s executive vice president and chief information security officer—discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals.

Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence? Listen to new episodes biweekly and stay Ahead of the Threat.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:

Apple Podcasts: podcasts.apple.com/us/podcast/ahead-of-the-threat-the-fbi-cyber-podcast/id1774312272
Spotify: open.spotify.com/show/7nV7uYsEK4nH87ADpooAyA
More ways to follow us: ahead-of-the-threat.transistor.fm/subscribe

And follow us on social media: