Cyber Threat Intelligence Podcast
Welcome to the Cyber Threat Intelligence Podcast—your go-to source for staying ahead in the ever-evolving world of cybersecurity by harnessing the full potential of CTI.
In each episode, we dive into the latest cyber threats, emerging trends, best practices, and real-world experiences—all centered around how CTI can help us defend against cybercrime.
Whether you’re a seasoned CTI analyst, a CTI leader, or simply curious about the digital battlefield, our expert guests and host break down complex topics into actionable insights. From ransomware attacks and insider threats to geopolitical cyber risks and AI-driven security solutions, we cover all things CTI.
Join us biweekly for in-depth interviews with industry leaders and experienced professionals in the Cyber Threat Intelligence space. If, like me, you’re always in learning mode—seeking to understand today’s threats, anticipate tomorrow’s, and stay ahead of adversaries—this podcast is your essential companion.
Stay informed. Stay vigilant. Tune in to the Cyber Threat Intelligence Podcast.
Cyber Threat Intelligence Podcast
Season 1 - Episode 21 (Pedro Kertzman & Charlotte Guiney)
What if your best career move starts where you least expect it? Charlotte joins us to share how a love for global history and policy, a bout of academic burnout, and a train-to-hire detour into agile software set the stage for a thriving path in cyber threat intelligence. Her story shows how curiosity, timing, and a willingness to say yes can turn scattered experiences into a focused CTI career.
We dig into the practical differences between enterprise and vendor CTI: why enterprise teams learn fast by wearing many hats, how vendor roles sharpen deep specialties, and where each path provides leverage. Charlotte breaks down what she learned reporting into a red team—turning intel into action through adversary emulation, purple teaming, and proactive threat hunting that leads directly to better detections. The theme that ties it together is collaboration: fusion teams that share goals move faster and reduce risk in measurable ways.
Charlotte also opens up about management and maturity. Translating technical wins into business language builds trust with leadership and secures long-term investment. We talk through a simple framework for proof: define the problem, show the intervention, quantify the outcome. On the personal side, we cover sustainable learning—curated news feeds, role-aligned priorities, and thoughtful use of LLMs—to stay sharp without burning out. And the mindset that makes it all work? Embrace the gray, follow the side quests, and keep building toward the bigger picture.
If this conversation sparks an idea, share it with a teammate, subscribe for more, and leave a quick review to help others find the show.
Thanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!
The more you jump in, the more you also learn about yourself.
Rachael Tyrell:Over to you, Pedro.
Charlotte Guiney:Yeah, thank you.
Pedro Kertzman:Usually start asking the guests about their journey into CTI. Would you mind walking us through that, please?
Charlotte Guiney:Okay, well, before I jump into things, um, I just want to put a disclaimer out there that everything you know I say here is my own personal opinion and does not reflect my employer at all. Uh, this is all my personal opinions and experiences. All right, uh, so jumping into it, um I actually started, I like to say, in intelligence adjacent, uh, way back, you know, in high school when I got really into World War II and you know, studies and wars and everything that was happening on a global scale outside of American historical involvement in things, uh, was something I was really interested in. And it really pushed me to choose international relations as a major in undergraduate. Uh, and in my collegiate studies, I was really focused on, you know, certain areas in the world. I I as you usually have to choose uh, you know, a thesis, as one does. Um and I really fell in love with it. And it was something that I wanted to pursue further, and that took me to a graduate level, which was overseas. Um, I was fortunate enough to be able to do that. I totally burned out though. You know, I had been studying international relations with a focus on specific countries for four years, an undergraduate, and then went to one of those countries for graduate school and was continuing the same studies, but I burned out really hard. Uh surprisingly, half the books were the same. So I was writing reports and doing presentations uh a lot of the time on topics in books I had already done. Um, so it was really tough to have to keep going. Um, and part of that burnout was me realizing that as much as I love it and the analytical part of you know international relations and international politics and economics, uh, those things change really, really slowly. Really, really slowly. Um but I came back to the US not really knowing what I wanted to do since you know, since all throughout undergrad in that graduate school experience, I wanted to work in intelligence in some regard. Um so I ended up doing some odd jobs. I was teaching swimming, I was, you know, working at a at a fashion store as a sales associate, I was working as a biotech uh startup executive assistant, all these you know random jobs just to get a paycheck because I had student loans. And I ended up in a train to hire kind of contracting situation, uh, which I am grateful that I took the opportunity. Uh so it was actually a train to hire situation for software development where I was being trained as an agile business associate. So that really introduced me to the tech world of everything through a software development, very agile lens, to be fair. Um, that is how I got my first real corporate job. It was first as a contractor supporting a cybersecurity team as a business analyst, uh, primarily with their software development tool uh development lifecycles. Um, I did get the opportunity to join their team full-time uh with in cyber threat intelligence. Uh, an interesting part of that journey, though, was when it came time for them to consider me as a full-time employee. They took a look at my education history and thought I'd be very good in threat intelligence. And so I was like, you know what, I did love it. It's exactly what I loved before. Let's take a chance and dig into it. And I got really lucky. I had a really great team, you know, as an entry-level CTI analyst. And interestingly, I was primarily a red team support function. I was I reported to the red team manager, and that gave me a really unique perspective into CTI, you know, first supporting red team initiatives, uh, and then being able to have the opportunity to be exposed to those red team initiatives as well as certain trainings, uh, and then being able to take that knowledge and do proactive threat hunting, which I later learned that's what I was doing, and then also supporting you know, blue team functions, which I think is what most people think of threat intelligence. Um, that's really how I got started in CTI, and I've really taken any opportunity I can to grow and expand in that since.
Pedro Kertzman:Oh, I love it. That's awesome. It's really good when we can connect our you know best background or formal education into something we really love, and then CTI has so many uh moving parts that we need to understand, right? So it's good when we kind of go full circle with it. And uh you you had the chance to work on both like uh an enterprise side and also vendor side. Any particular differences between these two uh different scenarios?
Charlotte Guiney:Definitely. And I will say I I have worked on the vendor side, but I actually worked in the internal security team for that vendor, so I wasn't necessarily customer-facing, but I was exposed to kind of what is expected of a vendor, even though we weren't as CTI supporting any customers. A big difference I've noticed, and this is again based on my own enterprise experiences, as well as you know being friends with people who are also in the industry working on vendor sides, is as an enterprise CTI team, our first priority is the enterprise, right? That is we are protecting the enterprise, we are both proactive and reactive. That's always going to be a part of it, but that is our primary goal. We have priorities. And throughout all of my career, pretty much, we've had very small teams supporting very large organizations. So that prioritization was really key and it really drove a lot of how we went about you know maturing our capability. And that went along hand in hand with you know purple teaming and expanding threat hunting. Um, whereas I think on the vendor side, you are oftentimes siloed into a specialty, which to be fair, that's why you're hired at that vendor side, you know. Um, and so you get, I think, more opportunities to wear more hats in an enterprise role versus in a vendor role, you're oftentimes siloed and it's difficult to move around. But they're valuable experiences because at a vendor you do get uh more resources, I'd say, to do research.
Pedro Kertzman:That's a good point. Interesting. And in between purple and red teams, I think you had experience with deception teams as well. Any uh thoughts around how those different teams kind of uh work?
Charlotte Guiney:Yeah, and I think this is something the industry in general is moving towards. I see a lot of push towards fusion teams. And that's where really I think not just cyber threat intelligence, but all cybersecurity flourishes is when we all are able to communicate. Um, and that's internally and externally as much as we can, you know, legally non-abiding. Um but internally, you know, we all have the same mission, more or less. It's to protect the business or you know, the government, whatever you're working for. Um and if you're doing it in your spare time, it's you know, to protect what you care about, right? Uh I look at it that way. Um, so we're all working towards a common goal, and we all need to be able to work together towards that common goal to best achieve that goal. And you know, purple teaming is a good way to get started, I think, in that kind of fusion mindset because it's a more structured opportunity for the more offensive teams to work together with the defensive teams and then some, right? Uh, for a common goal. And that can be as broad as you know, a threat actor emulation plan uh with the blue team on board, and it can be as specific as just replicating, you know, one specific behavior.
Pedro Kertzman:Got it. And that's oh, sorry, go ahead.
Charlotte Guiney:But that's really just I think is a great foundation. And from there, you'll see a lot more opportunities to work together, different teams, you know, even reaching outside of the cybersecurity operations.
Pedro Kertzman:That's awesome. And and um from you know, those experiences, uh, any favorite part within CTI, any kind of role you prefer working? You know, you name it, no right or wrong, whatever you prefer to.
Charlotte Guiney:I honestly I feel like my answer would be different depending when in time you would have asked me that. I am currently in my first role as a people manager, and it has been challenging in such a wonderful way. Um, I knew I was ready for that step. Um, and it is exactly what I was hoping it would be. Um, so I'm really loving it at the moment, you know, being able to take ownership of a CTI function and really mature the function and see it actually happening. It's a slow process, but to see it happen has been amazing. Um but you know, five years ago I would have said I love really digging into, you know, here's a situation or something we got an alert and really digging into it and seeing the patterns and being able to reach certain conclusions. Uh, that was something that gave me such a thrill.
Pedro Kertzman:Yeah. It still does sometimes, to be fair. That's interesting. Would you mind expanding on that, please?
Charlotte Guiney:It's okay. It does relate to uh something that stood out to me uh in the in my journey was I it was probably the second time I had gone to like a conference, like a training conference in the industry. And I was speaking with someone who was at least at least you know five to seven years further in their career than I had was at the time. Um, and she made a point to ask me how you know, if I played video games, how I liked to play video games, you know, considering this is like an open world RPG type of game. And I was like, I was thinking about it and I was like, oh, I don't play video games that much, but when I do play, like I always do the little side quests, and I like to build, you know, build towards a bigger picture, and then you know, once I've completed more of the world, go back to the main story, right? And and I'll never forget she was like, You're either really good in CTI or you maybe want to consider uh digging into forensics, you know, because it's part of that whole puzzle-solving bigger picture, and I'll never forget that. And I was like, Oh, I guess I really am on the right path.
Pedro Kertzman:That's also I never thought of the analogy before. It's pretty much the the way I play Diablo with my my my son as well. He likes to rush to the you know, conquer whatever, accomplish whatever mission we have. No, wait up. We might find like good stuff around items and all that. So that's uh that's really interesting. Never associated that to anything work uh related. That that's cool. And and uh you mentioned on the um, you know, managing a function, a CTI function currently. Any challenges or best practices to share uh when it comes to something I hear a lot, uh selling the value of CTI upstream?
Charlotte Guiney:I mean, I will be honest, I'm very fortunate where I currently am that I came into this position with buy-in already. Um that made it easy. I have had uh to fight for more opportunities for CTI um before. And a lot of it is unfortunately doing the work first and proving why it's valuable and then presenting it in kind of a business context. And that's actually where I pull upon that business analysis, you know, type of skills that I did learn through that agile software development training, was I approach it okay, here's a technical problem. How am I going to present it to a business person? So even if you know I'm talking to a CISO who comes from a technical background, I approach it as a business problem. And I say, here's X, Y, you know, here's the problem X, here's what we can do about it, and we've done it, right? We've already done it and Y. And this is the solution Z that we reached, and this is the material difference, you know, the risk calculated at a business value that we you know shrunk potentially, a threat that we helped catch, you know, something that we we can show in a in a business way, in a monetary way, if we're able to, uh, the actual reduction in in overall risk or threats to your organization, I have found to be very valuable.
Pedro Kertzman:I love it. You know, throughout your career, any like uh preferred way to learn about CTI or you name it, from conferences to blogs to person to people to follow. Any anything around that?
Charlotte Guiney:Yeah, I would say when I first got started in the industry, I dove in head first. You know, I was swimming in the deep end, I was going to as many conferences as I could go to. To be fair, as many trainings as I go to, whether free or you know, uh that I had to pay for or got a company to pay for. Um, I was doing as much as I could. And that did include constantly being you know online or getting alerted to the news that's going on, uh, which I think is very valuable because you really learn how to read cyber news, which is a specific skill. Um, that was something that was unsustainable for me, um, damaged my mental health. Uh living in the cyber world all the time for me. Um, but it's still something that I do preach because I did that for so long. Um, I'm able to be like, okay, I can turn it on and off when I need to. I can pick and choose which conferences I go to because I went to so many and I had that experience. I know what I want to get out of certain things. So I tell people, uh, I hate to break it to you, you gotta you just gotta jump in. But the more you jump in, the more you also learn about yourself and and how you want to navigate cybersecurity in general, because there are so many different career paths. And I encourage everyone to explore as much of it as they can because eventually they'll find something that really speaks to them.
Pedro Kertzman:That's amazing. I think uh you bring up a really good, important uh point. Theoretically, on the CTI role or most of CTI roles, there are just so many types of different knowledges that would be beneficial for most CTI roles to understand. And you mentioned the you know the burnout, it's just impossible to keep track of every single type of knowledge as much as we would like. It's just the pace of things are like so fast nowadays. We cannot keep up with the latest on 20 or more different topics, right? That's just that's just unrealistic, I guess.
Charlotte Guiney:No, it is, and there are tools that help, you know. Um I compartmentalize, I guess, in a sense. And when I'm on the clock for sure, and you know, Monday morning, first thing I do, maybe sometimes Sunday evening if I'm getting ready for for the week. Um, you know, I okay, I'll look on the news, but I've you know, I've set up my feeds, and this changes based on where I work. You know, I change my priorities in what I'm reading, um, which doesn't necessarily give me all the pictures, but I make sure that I touch upon, you know, things that maybe I wouldn't normally look at at work, um, just to help keep me in the loop of things. Um, but then part of that is, you know, I I've been in the industry for 10 years now, and I've built up a good network of people and friends, and that also helps.
Pedro Kertzman:That's a great point. Uh I I I heard the other day a friend of mine, he's kind of a fine-tuning uh what he's called, like he was calling the best possible prompt for whatever favorite LLM to kind of give give him the the news for like the uh Monday morning or something like that, based on certain technical criteria, like you know, I'm a developer or I'm a CTI analyst folks focused on you know purple teaming or whatever the case might be. And then I should, you know, they were trying to train the LLM to bring those type of topics uh uh every week or even day, which I confess I found interesting. I'm still tweaking a little bit my prompt, see how it goes on the down the line. And uh any final thoughts for the listeners?
Charlotte Guiney:I mean, it's always a journey, and I started my journey not anticipating ending up in any sort of technical field. And it honestly came as a surprise opportunity, but an opportunity I did fully embrace when I was offered my first role in like permanent role in cybersecurity. And and I tell everyone this, you know, people I mentor, even friends, not in the industry, is that you really have to be open to every possibility. I like to say that specifically in cyber threat intelligence, we kind of live in a gray world. A lot of people live in a black and white world, and my world is completely gray. Uh, there is no black and white, and that's something you have to be okay with, but also it's exciting. Uh, so if you're able to live in that type of world, um, then there's nothing stopping you from doing anything in cybersecurity.
Pedro Kertzman:That's amazing. I appreciate it. Charlotte, thank you so much again for all the insights. Thanks for coming to the show, and I hope I'll see you around.
Charlotte Guiney:Thank you.
Rachael Tyrell:And that's a wrap. Thanks for tuning in. If you found this episode valuable, don't forget to subscribe, share, and leave a video if you have to ask for questions. And after that, uh link and questions podcasting.
