4 juni 2026
91 min
In this episode of Intelligence Tradecraft, host Freddy Murre sits down with Joe Slowik, a threat intelligence veteran whose career spans the US Navy, Los Alamos National Laboratory, MITRE, and the vendor world (Dragos, DomainTools, Gigamon, Huntress, and now DataMinr).
In the conversation, Joe makes the case that intelligence is fundamentally about decision support, not raw data feeds or research written for other analysts. He and Freddy dig into what separates good reporting from bad, why stakeholder alignment and rigor (ICD 203, clear separation of fact vs. assessment) matter, and when a "flash report" beats a polished deep-dive.
They also tackle the attribution debate — how-centric vs. who-centric attribution, the mess of overlapping naming schemas (APT10 vs. APT31, the Visma case), and why "trust us, we're Microsoft" isn't tradecraft. Joe explains the thinking behind his Applied Threat Intelligence training and the gap it was built to fill.
The back half turns to AI: where LLMs genuinely help (research, scripting), where they're dangerous (cognitive offloading, model decay, drying up the junior-to-senior pipeline), who's accountable for AI-generated output, and how threat actors are using these tools, from better phishing to voice cloning.
Joe's bottom line for newcomers: critical thinking, communication, and curiosity come before any prompt-engineering skill.
Resources
Joe Slowik's LinkedIn - https://www.linkedin.com/in/joe-slowik/
Joe Slowik's Blog and Courses - https://paralus.co/
Freddy' Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications
Los Alamos National Laboratory - https://www.lanl.gov/
NIST Cyber Threat Intelligence definition - https://csrc.nist.gov/glossary/term/cyber_threat_intelligence
CTI used in books (Google Search) - https://books.google.com
APT 1 Report - https://services.google.com/fh/files/misc/mandiant-apt1-report.pdf
Moonligh Maze on Wikipedia - https://en.wikipedia.org/wiki/Moonlight_Maze
SANS FOR578 CTI - https://www.sans.org/cyber-security-courses/cyber-threat-intelligence
ICD 203 - https://www.dni.gov/files/documents/ICD/ICD-203.pdf
MLitt in Terrorism and Political Violence - https://cstpv.wp.st-andrews.ac.uk/masters-in-terrorism-and-political-violence/
Routledge Handbook of Terrorism Research - https://www.routledge.com/The-Routledge-Handbook-of-Terrorism-Research/Schmid/p/book/9780415520997
APT Groups and Operations Rosetta Stone (not mine) - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit?pli=1&gid=1864660085#gid=1864660085
Structured Analytic Techniques (SAT) Training - https://inteltradecraft.com/sat-certifications
Tradecraft Primer: SATs - https://www.cia.gov/resources/csi/static/Tradecraft-Primer-apr09.pdf
An Illustrated Book of Bad Arguments - https://bookofbadarguments.com/
Weston's Rulebook for Arguments - https://hackettpublishing.com/philosophy/logic-mathematics/critical-thinking/a-rulebook-for-arguments-group
Joe's Critique of Practical Threat Intelligence - https://pylos.co/2026/05/03/a-brief-critique-of-practical-threat-intelligence/
Cognitive Offloading - https://sistemasi.ftik.unisi.ac.id/index.php/stmsi/article/view/6180
OpenAI Research - https://openai.com/research/index/
Chapters
00:00 Intro and Joe's career path
06:11 The Evolution of Cyber Threat Intelligence and intelligence
15:05 Rigor, reporting, & attribution
29:50 The Relevance of Intelligence in Incident Response and CTI
47:09 Building & measuring a CTI function
01:00:13 Training teams (and why it doesn't stick)
01:07:37 Integrating LLMs in Intelligence Work
01:19:50 Skills for the Future of CTI
Lyssna på fler avsnitt från
Intelligence Tradecraft - Sharpen your analytic edge
Visar 1–10 av 14 avsnitt
1 juli 2026
98 min
17 juni 2026
102 min
22 april 2026
111 min
8 april 2026
78 min
25 mars 2026
84 min
25 februari 2026
78 min
25 februari 2026
93 min
21 december 2025
92 min
3 december 2025
63 min
26 november 2025
55 min