Threat Vector by Palo Alto Networks

What happens when you're face-to-face with a ransomware gang demanding millions—and every decision could determine whether your company survives?

Jeremy D. Brown, Consulting Director at Palo Alto Networks Unit 42 with nearly seven years negotiating with cyber criminals, reveals the hidden world of ransomware negotiations. With hundreds of negotiations under his belt, Jeremy knows which groups honor their promises, which ones to never pay, and exactly what mistakes can cost you everything.

You'll learn:

- Why contacting a threat actor doesn't mean you have to pay (the #1 misconception that paralyzes victims)

- How to extract critical forensic intelligence from attackers during initial contact

- The fatal mistakes organizations make that destroy their negotiation leverage

- Which ransomware groups are sanctioned entities that will land you in legal trouble if you pay

- Why being polite to criminals actually gets you better outcomes than hostility

Jeremy has negotiated with everyone from aggressive groups who email your executives to methodical operators following strict playbooks. He's seen organizations with backups walk away and others pay millions for decryption keys. Managing over 100 incidents, Jeremy has tracked how double extortion evolved from rare to standard practice, and now watches single extortion (data theft without encryption) surge again.

This episode is essential for CISOs who need a negotiation plan before the crisis hits, incident responders building their skillset, and executives who must understand that ransomware response is about far more than just paying or not paying. #IncidentResponse #Ransomware

Related Episodes:

- Mastering the Basics: Cyber Hygiene and Risk Management

- Crisis in the Kitchen

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

What if the choices we make about AI security today determine who holds power tomorrow?

Erica L. Shoemate brings over a decade of experience from the FBI and U.S. Intelligence Community, followed by senior leadership roles at Twitter, Amazon, and Meta shaping AI policy, cyber strategy, and regulatory readiness. As founder of The EN Strategy Group, she operates at the intersection where national security, emerging technology, and human-centered design collide.

In this episode, David Moulton and Erica explore how AI is fundamentally reshaping the security landscape, from compressed decision-making timelines and asymmetric threat capabilities to the erosion of trust that creates strategic vulnerabilities.

You'll learn:

- Why AI governance can't be an afterthought—and how building policy alongside innovation creates competitive advantage, not friction

- How the "new security order" is lowering disruption costs while amplifying ambiguity, enabling smaller actors to generate outsized impact

- Why human-centered design isn't about empathy as a value—it's about operational clarity that prevents cognitive overload from becoming a security risk

- The framework for balancing innovation and restraint: treating policy as guardrails, not brakes, while red-teaming AI systems before deployment

- How trust functions as a national security asset—and why overconfidence is the fastest way to lose it

Erica brings rare perspective from both classified intelligence operations and private sector AI deployment at scale. She challenges the assumption that speed and security are trade-offs, arguing instead that ethical AI systems are more durable, more resilient, and ultimately more profitable than those built without accountability.

With AI compressing the timeline from detection to decision to response, the margin for error has never been smaller. This conversation reveals why the choices security leaders make right now—about governance, diversity, transparency, and human oversight—will define who is protected, who is exposed, and who maintains strategic advantage in an AI-driven future.

This episode is essential listening if you're:

- A CISO or security leader deploying AI-enabled systems who needs to balance innovation velocity with governance rigor

- A policy professional struggling to keep pace with AI deployment timelines and seeking frameworks that enable rather than block

- Anyone responsible for building trust in AI systems—whether with users, regulators, or boards—who recognizes transparency as competitive advantage

Related Episodes:

- Securing AI in the Enterprise with Tanya Shastri - Deep dive into AI governance frameworks and platformization strategies

- How to Scale Responsible AI in the Enterprise with Noelle Russell - Building AI systems with fairness, accuracy, and security as foundational design choices

- From Policy to Cyber Interference with Tom Bossert - Bridging national security policy and operational cybersecurity

#AISecurity #CyberGovernance

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

In this episode of Threat Vector, host David Moulton speaks with LeeAnne Pelzer, Senior Consulting Director, and Brandon Hogle, Consulting Director, both with Palo Alto Networks Unit 42. Together, they explore how organizations can move from Zero Trust theory to practice.Zero Trust is the foundation of modern cybersecurity, but turning principles into measurable outcomes remains a challenge for many enterprises. Pelzer and Hogle share how Unit 42’s Zero Trust Advisory helps organizations assess their cybersecurity maturity, identify visibility gaps, and create tailored roadmaps that connect security architecture with business outcomes.The conversation dives into the common pitfalls that derail Zero Trust, including visibility gaps, operational complexity, and misalignment, and explores how to overcome them with clarity, collaboration, and continuous verification. For security leaders driving transformation, this episode offers a pragmatic look at how to cut through complexity and make Zero Trust achievable.

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it?

In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders.

You'll learn:

- What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified

- Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious

- What dispersed operators and proxy groups mean for organizations far outside the Middle East

- Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented

- How to handle hacktivist claims that may be exaggerated or false

Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team.

Read the threat brief from Unit 42: 

- Escalation of Cyber Risk Related to Iran (March 2026)

- Escalation of Cyber Risk Related to Iran (June 2025)

This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board.

Related Episodes:

- Inside the Mind of State-Sponsored Cyberattackers

- Frenemies With Benefits

- From Policy to Cyber Interference

#Cybersecurity #ThreatIntelligence

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠

North Korea has turned your hiring pipeline into a revenue machine. And most organizations have no idea.

Evan Gordenker, Director of AI Security and DPRK Operations at Unit 42, has led more than 160 investigations into sophisticated threat actors, including the North Korean IT worker networks quietly embedded inside global companies. He joins David Moulton to unpack how this operation actually works, why common assumptions about remote work leave organizations exposed, and what security and HR teams can do to detect and disrupt it.

You'll learn:

- How DPRK operatives use deepfakes, fabricated identities, and real accomplice networks to pass interviews and land jobs at global companies

- Why "we don't hire remote" is a dangerous assumption that no longer holds

- What signals HR and SOC teams should look for, before and after someone is hired

- How the threat has evolved from quiet wage theft to active extortion of former employers

- What government collaboration and cross-border intelligence sharing can realistically accomplish

Evan contributed to the UN Sanctions Monitoring Team report on North Korean operations and brings a rare combination of technical depth and geopolitical fluency to this problem. Having lived and worked across the US, EU, and Japan, he brings cultural context that matters when investigating a threat with global reach. His investigations have produced some of the most detailed profiles of DPRK operators in the security community.

This episode is essential listening if you're: a security leader building out your insider threat program, an HR or talent acquisition leader who hasn't yet connected with your security team, or a threat intelligence analyst tracking how nation-state programs fund themselves.

Related Episodes:

- From Code to Compromise — Covers North Korean threat actors using fake job interviews to target developers via malicious IDE extensions. A strong companion to this episode's look at the broader IT worker scheme.

-Inside the Mind of State-Sponsored Cyberattackers — A deeper look at how nation-state operations are structured and why they're so hard to disrupt.

#NationStateThreat #InsiderRisk

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠