Ahead of the Threat

On Ahead of the Threat, Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi—a strategic engagement advisor for the FBI who also works as Equifax’s executive vice president and chief information security officer—discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals.

Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence? Listen to new episodes biweekly and stay Ahead of the Threat.

Listen to Ahead of the Threat episodes, read the transcripts, and find related material at fbi.gov/aheadofthethreat.

Subscribe to Ahead of the Threat wherever you get your podcasts:
And follow us on social media:

What is Ahead of the Threat?

On Ahead of the Threat, Bryan Vorndran, assistant director of the FBI’s Cyber Division, and Jamil Farshchi—a strategic engagement advisor for the FBI who also works as Equifax’s executive vice president and chief information security officer—discuss emerging cyber threats and the enduring importance of cybersecurity fundamentals.

Featuring distinguished guests from the business world and government, Ahead of the Threat will confront some of the biggest questions in cyber: How will emerging technology impact corporate America? How can corporate boards be structured for cyber resilience? What does the FBI think about generative artificial intelligence?

[Music: Futuristic, airy tone.]

Bryan Vorndran: Well, we're here introducing Ahead of the Threat. The FBI’s new podcast on all things cyber, emerging tech, whether that's artificial intelligence, machine learning, language models, quantum and maybe someday post quantum.

I'm Bryan Vorndran, the assistant director of the FBI’s Cyber Division. I’ll allow Jamil to introduce himself in here in just a minute. I have operational responsibility for the FBI Cyber program, both domestically and operationally. And in my vast amount of free time, I teach at Johns Hopkins in the Alperovitch Institute. This will be coming up on my third year, which is just a great way to hopefully give back a little bit to those people trying to master the cyber space.

Jamil Farshchi: It's really cool that you do that. I remember the one that–remember? I went there for one of your sessions during class. Great class. So, I'm Jamil Farshchi, I am the CTO and CISO at Equifax. I've spent my entire career in this space, and there's a reason for that. I think I self-selected into this area just because I love it. Like it's always changing. New threats. New technologies. And it's really been throughout my career, it's been like a rocket ship in terms of the criticality and importance of it.

And so what I'm looking forward to here is, first off, being able to hang out with a friend, which I think it's cool. But beyond that, it's being able to share our collective expertise all of these years that we have between us on two completely different sides of the spectrum. I think it's going to be really powerful.

Vorndran: You and I have been talking about doing this for almost a year now. Getting this off the ground. And we've been working together for, geez, over three years now. One of our goals, as you know, Jamil, is to try to give back, try to leverage my network, try to leverage your network, try to leverage my perspective and your perspective and bring really focused takeaways for organizational leaders out there trying to navigate an incredibly difficult landscape. Not just today, but it's going to become more complex in the future.

And one of the things that I know I've mentioned to you is I'm really looking forward to hearing from our guests so that I can learn, as well, as part of this process. I obviously live in an ecosystem, no different than all of us, and breaking that apart a little bit I think is going to be really healthy for me. But I do hope that in the process of this, that I can really offer some value as well.

Farshchi: I mean, you unquestionably will offer a lot of value, I think. As will our fantastic guests that we have involved. But I think even in addition to that, the thing I'm excited about is being able to provide perspective on all of the stuff, the current events and the threats and the new technologies and the regulations coming down the pipeline, best practices around. Look, how do we navigate some of the some of the things around that, around like the SEC guidance and things like that? Cyber insurance? You just go down the list. Even things I think that are pretty critical to almost every company nowadays, which is: How do you pick a CISO? What are the attributes and skills you're looking for? Where’s a good placement for them within the organization? And then if you're a board member or director, how do you measure them? Because a lot of board members just aren't technical. So I think there's a lot of interesting dynamics at play here.

And I think with the collective expertise that you and I bring to the table, coupled with our guests, it should be really informative to the community at large.

Vorndran: I think you're–building off what you're saying–this is why we're going to structure every episode in a very specific way. We’ll spend the first three to five minutes talking about events of the week or events of the past two weeks, whether that's a new vulnerability, or a new patch, or a significant attack by the Iranians or the Chinese or by the Russians. But then we're going to get into a bulky, meaty conversation with a true industry expert every episode. Again, what's really important to me is that we give focus takeaways for our audience, right? I think that's going to be a key focus for me.

But I think the content is going to be great. We're going to talk about the FTC and the SEC. We're going to talk about really significant, mature, incident responders and the lessons learned and how we apply those to avoid those scenarios in the future. Just out of curiosity, Jamil, what's the one or two episodes you're looking forward to the most?

Farshchi: It's tough. It's tough to choose given the lineup that we have. Kevin Mandia, that's a big one. I've been a big supporter and fan of his, and he's seen basically every major incident. Although, you've probably seen quite a few in your days.

Vorndran: Seen my share in the last couple of years.

Farshchi: So he's going to be a great one. Also just a fantastic person. But I think the one I'm most excited about right now is Aron Ain coming on board, who's the chairman of the board at UKG. The board that I'm on. And he's going to be able to help illuminate the breach that they went through. And when they went through it, he was the CEO at the time. I think for a lot of the audience to be able to have that that real world first person expertise and perspective on what a breach looks like, how it impacted the business, what the steps were that he took to be able to help resolve the situation and the amount of time and effort that it took, I think will be really enlightening and help provide quite a bit of visibility for others to, hopefully, put in place some of the guidance and insights that we'll have, and our guests will have to be able to avoid a similar fate for themselves.

Vorndran: I have one specific episode I'm looking forward to the most, but I'm also looking forward to having really hearty discussions about organizational alignment for the future, whether that's within the heart of the organization or at the board level.

How are organizations actually preparing themselves for the future? What are those best practices? What hasn't worked? What is working? How do we give the right people a voice in the future? I think that's super important.

Farshchi: And it's huge, though if we look at the data, the number of breaches and incidents and stuff, they just keep going up. So there's something, there are things that we've got to do better. And whether it's on the organizational side, the talent side, the technical one, for governance oversight– there's a whole litany of things. But I think that the facts are the facts and that we as a community need to do better. And hopefully we'll be able to provide some guidance and help folks out so that we can all do better together.

Vorndran: We’re looking forward to informing the audience on Scattered Spider, right? It's been the talk of the town for the last year. The episode I'm looking forward to the most so is hearing from the FBI case agent responsible for the LockBit disruption. In the cyber underground world, he is known as LockBit or FBISupp. His adversary is known as LockBitSupp. And just getting some inner workings of that case, some nitty gritty details, I think is just going to be a fascinating conversation.

Farshchi: I'll just love to hear where the origin of that name came from. Bryan Vorndran: Yeah, we’ll share that. But listen, we're looking forward to a great a great set of engagements here and hopefully deliver focused takeaways for our audience. Sometimes Jamil and I will be together and other times we’ll be virtual. We have busy schedules and looking forward to having some exciting backdrops for our virtual engagements.

For now, I'm Bryan.

Farshchi: I’m Jamil.

Vorndran: Let's get ahead of the threat together.

[Music: Futuristic, airy tone.]