Ahead of the Threat Podcast: Season 2, Episode 5 — Joe Levy

The latest episode of “Ahead of the Threat” spotlights the stark "cyber security poverty line" – fewer than one in 10,000 global businesses have a dedicated CISO‑equivalent, leaving most to buy products without strategy, metrics, or risk management. Brett Leatherman of the FBI Cyber Division explains the agency’s Cyber Action Team, a rapid‑deployment unit of special agents, computer scientists and analysts that rushes to compromised sites, gathers forensic evidence, and supports both victim remediation and criminal prosecution. Key insights include the FBI’s rigorous selection and training for CAT members, the alarming supply‑chain compromises of widely used open‑source tools such as Trivy and the Axios JavaScript library, and the growing complexity of CI/CD pipelines that many organizations fail to secure. Adam Maddock emphasizes that developers often rely on automated build tools they don’t fully understand, creating blind spots for credential theft and malicious package injection. Levy’s “cyber security poverty line” concept is illustrated by concrete examples: Team PCP’s injection of credential‑stealing code into 76 of 77 Trivy versions, and UNC 1069’s brief but damaging backdoor releases for Axios. The episode also details nation‑state campaigns—Russian phishing against Signal users and Iran’s Telegram‑based command‑and‑control malware—showing attackers bypass encryption by targeting human operators. The implications are clear: businesses must elevate security leadership, embed robust incident‑response capabilities, harden CI/CD workflows, and adopt continuous intelligence on third‑party components. Without these measures, organizations risk becoming the weak links that adversaries exploit to infiltrate critical infrastructure and supply chains.