<p><a href="https://www.fortinet.com/"><u>Fortinet</u></a> processes telemetry from 50% of the next-generation firewall market, giving <a href="https://www.linkedin.com/in/drchaos/"><u>Aamir Lakhani</u></a>, Global Director of Threat Intelligence &amp; Adversarial AI Research, and his team visibility into a looming shift: threat actors moving from exploiting a small subset of proven CVEs to weaponizing the entire vulnerability landscape through AI automation. While defenders currently concentrate resources on commonly exploited vulnerabilities, Aamir warns AI will soon enable attacks across everything &quot;just as efficiently and as fast,&quot; requiring security teams to rethink patch management strategies when they can no longer rely on focused defense. </p><p>Aamir also touches on how The World Economic Forum&#39;s Cybercrime Atlas program operates through weekly sessions with 20-40 researchers who deliberately build intelligence packages using only open-source methods. This avoids proprietary data so law enforcement can recreate findings and successfully prosecute cases. He shares how his leadership approach rejects the traditional climb: stay at the bottom of the ladder and push your team up, because their public accomplishments improve both team performance and your career trajectory more than personal competition ever could.</p><p><strong>Topics discussed:</strong></p><ul><li><p>A 50% next-generation firewall market share providing visibility into state-sponsored attacks and ransomware-as-a-service operations daily</p></li><li><p>AI-driven threat evolution from narrow CVE exploitation to automated attacks across vulnerability landscapes requiring new patch strategies</p></li><li><p>Threat actor professionalization, including recruitment events, training programs, and internal conferences for cybercrime operations</p></li><li><p>Adversarial AI capabilities using local LLM training with tools like Ollama to bypass jailbroken model dependencies like WormGPT</p></li><li><p>Network-centric threat hunting using metadata and netflow analysis over full packet capture due to bandwidth and analysis constraints</p></li><li><p>World Economic Forum Cybercrime Atlas program methodology using open-source intel to build prosecutable law enforcement intel packages</p></li><li><p>Prioritizing team advancement over personal climbing by publicizing subordinate accomplishments to improve retention and performance</p></li><li><p>AI alert fatigue emerging from comprehensive attack cycle tracking where 10% incorrect information invalidates 90% accurate findings</p></li></ul><p><strong>Key Takeaways: </strong></p><ul><li><p>Prepare for AI-enabled threat actors to exploit the entire CVE landscape simultaneously.</p></li><li><p>Prioritize metadata and netflow analysis over full packet capture for threat hunting due to better manageability and analysis efficiency.</p></li><li><p>Deploy open-source tools to baseline network behavior and marry telemetry data with threat intel platforms for pattern recognition.</p></li><li><p>Identify your organization&#39;s critical pain points that would force ransom payment rather than focusing solely on perimeter defense tech.</p></li><li><p>Join collaborative threat research initiatives like World Economic Forum&#39;s Cybercrime Atlas.</p></li><li><p>Build intelligence packages using open-source methods to ensure findings can be recreated and prosecuted.</p></li><li><p>Conduct CTF-based interviews focused on problem-solving approach and persistence rather than expecting candidates to know all answers.</p></li><li><p>Spotlight team by publicizing accomplishments and research contributions to improve retention, morale, and your own career advancement.</p></li><li><p>Mandate regular video check-ins to monitor team mental health and prevent burnout in high-stress roles.</p></li></ul><p><strong>Listen to more episodes: </strong></p><p><a href="https://podcasts.apple.com/us/podcast/future-of-threat-intelligence/id1631947902"><u>Apple</u></a> </p><p><a href="https://open.spotify.com/show/0671lFjPIgX6k2jYRrWrf4?si=c728ebaa3cb44095"><u>Spotify </u></a></p><p><a href="https://www.youtube.com/playlist?list=PL6DKwSSbBu7uAbek0EyOYNBiVXVbYIc7_"><u>YouTube</u></a></p><p><a href="https://www.team-cymru.com/podcast"><u>Website</u></a><br></p>

Future of Threat Intelligence

Team Cymru

Fortinet's Aamir Lakhani on Mapping Business Pain Points Attackers Exploit

FEB 5, 202642 MIN
Future of Threat Intelligence

Fortinet's Aamir Lakhani on Mapping Business Pain Points Attackers Exploit

FEB 5, 202642 MIN

Description

<p><a href="https://www.fortinet.com/"><u>Fortinet</u></a> processes telemetry from 50% of the next-generation firewall market, giving <a href="https://www.linkedin.com/in/drchaos/"><u>Aamir Lakhani</u></a>, Global Director of Threat Intelligence &amp; Adversarial AI Research, and his team visibility into a looming shift: threat actors moving from exploiting a small subset of proven CVEs to weaponizing the entire vulnerability landscape through AI automation. While defenders currently concentrate resources on commonly exploited vulnerabilities, Aamir warns AI will soon enable attacks across everything &quot;just as efficiently and as fast,&quot; requiring security teams to rethink patch management strategies when they can no longer rely on focused defense. </p><p>Aamir also touches on how The World Economic Forum&#39;s Cybercrime Atlas program operates through weekly sessions with 20-40 researchers who deliberately build intelligence packages using only open-source methods. This avoids proprietary data so law enforcement can recreate findings and successfully prosecute cases. He shares how his leadership approach rejects the traditional climb: stay at the bottom of the ladder and push your team up, because their public accomplishments improve both team performance and your career trajectory more than personal competition ever could.</p><p><strong>Topics discussed:</strong></p><ul><li><p>A 50% next-generation firewall market share providing visibility into state-sponsored attacks and ransomware-as-a-service operations daily</p></li><li><p>AI-driven threat evolution from narrow CVE exploitation to automated attacks across vulnerability landscapes requiring new patch strategies</p></li><li><p>Threat actor professionalization, including recruitment events, training programs, and internal conferences for cybercrime operations</p></li><li><p>Adversarial AI capabilities using local LLM training with tools like Ollama to bypass jailbroken model dependencies like WormGPT</p></li><li><p>Network-centric threat hunting using metadata and netflow analysis over full packet capture due to bandwidth and analysis constraints</p></li><li><p>World Economic Forum Cybercrime Atlas program methodology using open-source intel to build prosecutable law enforcement intel packages</p></li><li><p>Prioritizing team advancement over personal climbing by publicizing subordinate accomplishments to improve retention and performance</p></li><li><p>AI alert fatigue emerging from comprehensive attack cycle tracking where 10% incorrect information invalidates 90% accurate findings</p></li></ul><p><strong>Key Takeaways: </strong></p><ul><li><p>Prepare for AI-enabled threat actors to exploit the entire CVE landscape simultaneously.</p></li><li><p>Prioritize metadata and netflow analysis over full packet capture for threat hunting due to better manageability and analysis efficiency.</p></li><li><p>Deploy open-source tools to baseline network behavior and marry telemetry data with threat intel platforms for pattern recognition.</p></li><li><p>Identify your organization&#39;s critical pain points that would force ransom payment rather than focusing solely on perimeter defense tech.</p></li><li><p>Join collaborative threat research initiatives like World Economic Forum&#39;s Cybercrime Atlas.</p></li><li><p>Build intelligence packages using open-source methods to ensure findings can be recreated and prosecuted.</p></li><li><p>Conduct CTF-based interviews focused on problem-solving approach and persistence rather than expecting candidates to know all answers.</p></li><li><p>Spotlight team by publicizing accomplishments and research contributions to improve retention, morale, and your own career advancement.</p></li><li><p>Mandate regular video check-ins to monitor team mental health and prevent burnout in high-stress roles.</p></li></ul><p><strong>Listen to more episodes: </strong></p><p><a href="https://podcasts.apple.com/us/podcast/future-of-threat-intelligence/id1631947902"><u>Apple</u></a> </p><p><a href="https://open.spotify.com/show/0671lFjPIgX6k2jYRrWrf4?si=c728ebaa3cb44095"><u>Spotify </u></a></p><p><a href="https://www.youtube.com/playlist?list=PL6DKwSSbBu7uAbek0EyOYNBiVXVbYIc7_"><u>YouTube</u></a></p><p><a href="https://www.team-cymru.com/podcast"><u>Website</u></a><br></p>