The Defender's Advantage Podcast

About

Learn about the latest threat and cybersecurity trends on The Defender’s Advantage Podcast! Hear from experts in the field as Host Luke McNamara, from Google Threat Intelligence Group, interviews analysts, researchers and other guests on the frontlines of the latest attacks. Episodes dive deep into various topics, including nation-state activity, cybercrime, malware and tradecraft, incident response, defensive guidance, and more. Don't forget to subscribe!

Episodes

• Google's Disruption Mission 2026-04-27

  Host Luke McNamara is joined by Charley Snyder, Head of Disruption Operations at Google Threat Intelligence Group, to delve into how Google is crafting a more coordinate approach to disrupting adversary cyber operations. Charley describes…

• Takeaways from the 2026 M-Trends Report 2026-04-15

  Host Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss the 2026 edition of Mandiant's M-Trends Report. Chris dives into the latest trends observed in breached throughout 2025 and into this year, noting som…

• Using GTI to Hunt Adversaries on the Dark Web 2026-03-23

  In this episode of the Defenders Advantage Podcast, host Luke McNamara sits down with Google Threat Intelligence experts Jose Nazario and Brandon Wood. They dive into the rollout of new dark web and underground monitoring capabilities, exp…

• How Android Combats Mobile Scams 2026-01-16

  Host Luke McNamara is joined by Eugene Liderman, Senior Director in Android's Security and Privacy Group, to discuss the evolving world of mobile-targeting scams. Eugene details some of the unique aspects to mobile scams, regional variatio…

• UNC5221 and the BRICKSTORM Campaign 2025-10-22

  Sarah Yoder (Manager, Mandiant Consulting) and Ashley Pearson (Senior Analyst, Advanced Practices on Google Threat Intelligence Group) join host Luke McNamara to discuss UNC5221 and their operations involving BRICKSTORM backdoor. This high…

• How vSphere Became a Target for Adversaries 2025-09-15

  Stuart Carrera (Senior Consultant, Mandiant Consulting) joins host Luke McNamara to discuss how threat actors are increasingly targeting the VMware vSphere estate, and leveraging in this environment to conduct extortion and data theft. Stu…

• AI Tools and Sentiment Within the Underground Cyber Crime Community 2025-08-18

  Michelle Cantos (Senior Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss some of the recent trends in underground marketplaces around the selling of illicit AI tools and services. Michelle discusses GTIG's res…

• Protecting the Core: Securing Protection Relays in Modern Substations 2025-07-28

  Host Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid. https://cloud.google.co…

• The Rise of ClickFix 2025-07-15

  Dima Lenz (Security Engineer, Google Threat Intelligence Group) joins host Luke McNamara to discuss how threat actors have been using ClickFix to socially engineer users. Dima recounts the growth of this technique in 2024, some of the camp…

• Vishing in the Wild 2025-06-04

  Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into h…

• Responding to a DPRK ITW Incident 2025-05-19

  JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR invest…

• UNC5221 and The Targeting of Ivanti Connect Secure VPNs 2025-05-05

  Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlie…

• Windows Remote Desktop Protocol: Remote to Rogue 2025-04-14

  Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were u…

• Cybersecurity Conversations with the C-Suite and Board 2025-03-10

  Imran Ahmad (Senior Partner, Canadian Head of Technology and Canadian Co-Head of Cybersecurity and Data Privacy at Norton Rose Fulbright) joins host Luke McNamara to discuss how executives are thinking about cyber risk in a changing and ev…

• What to Watch For in 2025 2025-02-28

  Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. htt…

• Signals of Trouble 2025-02-19

  Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's u…

• Agentic AI in Cybersecurity 2025-02-05

  Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the findi…

• The Art of Remediation in Incident Response 2024-12-02

  Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediati…

• How to Run an Effective Tabletop Exercise 2024-10-18

  Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercis…

• Using LLMs to Analyze Windows Binaries 2024-10-04

  Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this coul…

• How Threat Actors Bypass Multi-Factor Authentication 2024-09-26

  Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain a…

• TAG's Work Tracking Commercial Surveillance Vendors 2024-09-04

  Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV indus…

• What Iranian Threat Actors Have Been Up To This Year 2024-07-25

  Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-rela…

• Mandiant's Approach to Securely Using AI Solutions 2024-06-27

  Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementa…

• Lessons Learned from Responding to Cloud Compromises 2024-06-03

  Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the e…

• The ORB Networks 2024-05-22

  Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the an…

• Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances 2024-05-16

  Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler dis…

• M-Trends 2024 with Mandiant Consulting Vice President Jurgen Kutscher 2024-04-29

  Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this ye…

• Assessing the State of Multifaceted Extortion Operations 2024-04-11

  Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how…

• Hunting for "Living off the Land" Activity 2024-03-29

  Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional ma…

• Director of NSA's Cybersecurity Collaboration Center on Trends in 2024 2024-03-14

  Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitat…

• The North Korean IT Workers 2024-02-21

  Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant'…

• Prescriptions for a Healthy Cybersecurity Future with Google Cloud's OCISO 2024-02-07

  Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprise…

• Is The CTI Lifecycle Due For An Update? 2024-01-25

  Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic,…

• Threat Trends: Hacktivists' Continued Use of DDoS 2024-01-10

  For our first episode of 2024, host Luke McNamara is joined by Mandiant Senior Technical Director Jose Nazario and Principal Analysts Alden Wahlstrom and Josh Palatucci, to discuss the hacktivist DDoS activity they tracked over the last ye…

• Threat Trends: Tales from the 2023 Trenches 2023-12-12

  Doug Bienstock and Josh Madelay, Regional Leads for Mandiant Consulting, join host Luke McNamara to walk through some of the trends they have witnessed responding to breaches in 2023. Josh and Doug cover what is happening with business ema…

• Threat Trends: DHS Secretary Alejandro Mayorkas in Conversation with Kevin Mandia 2023-10-25

  Host Luke McNamara is joined for this special episode highlighting October as Cybersecurity Awareness Month by Kevin Mandia and DHS Secretary Alejandro Mayorkas. Secretary Mayorkas and Kevin discuss the threat landscape, collaboration betw…

• Threat Trends: Addressing Risk in the Cloud with Wiz 2023-10-19

  Host Luke McNamara is joined by Amitai Cohen, Attack Vector Intel Lead at Wiz to discuss trends in cloud security, managing risk, and more. For more on Wiz's research, please see: https://www.wiz.io/blog and https://www.wiz.io/crying-out-c…

• Threat Trends: Unraveling WyrmSpy and DragonEgg Mobile Malware with Lookout 2023-09-20

  Host Luke McNamara is joined by Kristina Balaam, Staff Threat Researcher at Lookout, to discuss her work attributing two new mobile malware families to APT41. For more on Lookout's report on WyrmSpy and DragonEgg: https://www.lookout.com/t…

• Threat Trends: The Implications of the MOVEit Compromise 2023-07-20

  Charles Carmakal, CTO for Mandiant Consulting, joins host Luke McNamara to discuss the long tail impact of FIN11's compromise of the MOVEit file transfer solution. Charles breaks down some of the differences with this compromise in compari…

• Threat Trends: A Requirements-Driven Approach to Cyber Threat Intelligence 2023-06-16

  Dr. Jamie Collier (Senior Threat Intelligence Advisor, Mandiant) joins host Luke McNamara to discuss the recent white paper from Mandiant about developing a requirements-driven approach to intelligence, challenges organizations face in thi…

• Frontline Stories: Crisis Communications During a Breach 2023-06-06

  Dan Wire from Mandiant joins host Kerry Matre to discuss the ins and outs of crisis communications during a breach as well as what you can do to prepare for a crisis.

• Threat Trends: UNC961 and How Managed Defense Approaches Threat Hunting 2023-05-26

  Ryan Tomcik, Dan Fenwick, and Tim Martin join host Luke McNamara to discuss how Managed Defense conducts proactive hunting, illustrated by several UNC961 intrusions. For more, please see: https://www.mandiant.com/resources/blog/unc961-mult…

• Frontline Stories: The Executive's Role in Cybersecurity 2023-05-17

  What role do executives and the board play in cybersecurity and breach management. Hear from Jesse Jordan and Howard Israel of Mandiant discuss their experiences helping executives get the right information from their security leaders and…

• Threat Trends: Bonus Episode - How Will AI Impact Threat Intelligence? 2023-05-09

  The endless battle of threat actors versus cybersecurity professionals may come down to who deploys AI better. In this interview from RSA, John Hultquist, Senior Manager, Mandiant Intelligence, surmises how the bad guys may use AI in the n…

• Threat Trends: M-Trends 2023 2023-04-24

  Mandiant's Kirstie Failey and Jake Nicastro join host Luke McNamara to break down the findings from the 2023 M-Trends report. Kirstie and Jake cover some of the notable trends gleaned from Mandiant breach investigations over the past year…

• Frontline Stories: Exposure Management Beyond Vulnerabilities 2023-04-11

  Jonathan Cran, Lead for Mandiant Attack Surface Management at Google Cloud, joins host Kerry Matre to discuss the evolution of vulnerability and exposure management and how important comprehensive approaches are to mitigating cyber risk. J…

• Threat Trends: How APT43 Targets Security Policy Experts Focused on North Korea 2023-03-28

  With the public release of Mandiant's latest named threat actor--APT43--guests Michael Barnhart and Jenny Town join host Luke McNamara to uncover how this espionage actor targets policy experts to support North Korea's nuclear ambitions. F…

• Threat Trends: A Retrospective on Zero-Days in 2022 with Project Zero and Mandiant 2023-03-20

  Jared Semrau (Mandiant) and Maddie Stone (Project Zero) join host Luke McNamara for a look back at the zero-day exploit trends of 2022. Maddie and Jared break down the differences in focus between their teams, and some of the interesting t…

• Threat Trends: Head of TAG on Commercial Spyware, Cyber Activity in Eastern Europe and More 2023-02-23

  Shane Huntley, Senior Director of Google's Threat Analysis Group (TAG) joins host Luke McNamara to discuss his team's work keeping Google users secure. Shane breaks down the research his team has done on the problem of commercial spyware v…