Ten Year Anniversary

Celebrating a Decade of Analyst-Driven Intelligence

10 years of building tools and tradecraft for defenders

Limited Series Podcast

TLDR: Key Takeaways

Show Notes

In our latest episode of Signals & Stories, Kali Fencl sat down with Jennifer Kolde (thesilence) and special guest, cybersecurity expert, Kamil Bojarski. Drawing on nearly a decade in the industry, Kamil shared how the field has shifted from reactive investigations to proactive efforts aimed at understanding adversaries, anticipating behavior, and uncovering the larger ecosystems that support cyber operations.

A More Complex Threat Landscape

One of the biggest changes in modern threat intelligence is the growing recognition that threat actors rarely operate as isolated groups.

Today’s cyber operations often involve malware developers, infrastructure providers, contractors, access brokers, and operational teams working together in different capacities. As a result, attribution has become significantly more nuanced than simply identifying a piece of malware or an IP address.

Analysts must increasingly evaluate relationships between organizations, individuals, and supporting entities to understand the full picture behind an operation.

Why Regional Expertise Matters

Technical analysis can reveal what happened, but understanding why it happened often requires additional context.

Kamil emphasized that language barriers remain one of the greatest challenges in cyber threat intelligence. Critical information frequently exists in local languages, regional forums, government records, and public databases that are inaccessible without cultural and linguistic expertise.

While translation tools can help analysts understand basic concepts, they often miss the nuances, colloquialisms, and contextual details that can dramatically influence an investigation.

The Importance of Collaboration

As cyber investigations become more complex, no single discipline can provide all the answers.

Technical cyber threat intelligence (CTI) analysts, OSINT researchers, and regional experts each bring unique perspectives to an investigation. When these groups work together, organizations can build richer and more accurate intelligence assessments.

Without collaboration, analysts risk filling knowledge gaps with assumptions rather than evidence, potentially leading to flawed conclusions and incomplete reporting.

Building Better Analyst Training

The conversation also explored the challenges of developing intelligence workshops and training programs, especially as Kamil recently returned from CyCon as a co-creator of the workshop: Threat Actors Can Do Public-Private Partnership Too: How to Cluster, Track, and Attribute Threat Actors in the Age of Public-Private Offensive Ecosystems.

While participants may only see a 90-minute workshop, months of planning often happen behind the scenes. Designing realistic scenarios, building datasets, and ensuring content is accessible to analysts of varying experience levels requires significant effort.

For both Jennifer and Kamil, the most rewarding part of the process is seeing participants make connections for themselves; the moment when a complex concept suddenly clicks into place.

Connecting Technical and Organizational Intelligence

Kamil's recent workshop at CyCon focused on helping analysts move beyond technical indicators and explore the broader relationships that support cyber operations.

Using Synapse, participants followed investigative paths from malware and infrastructure to companies, individuals, and organizational relationships. This approach demonstrated how modern investigations increasingly require analysts to connect technical findings with business, political, and operational context.

Looking Ahead

As cyber operations continue to evolve, attribution will remain one of the field's most challenging problems.

While better tooling and more data will continue to improve analysts' capabilities, both Jennifer and Kamil emphasized that expertise, collaboration, and analytical rigor remain the most important factors in producing meaningful intelligence.

The future of threat intelligence will belong to organizations that can successfully combine technical analysis with regional expertise, open-source research, and structured analytical thinking to understand increasingly complex threat ecosystems.