How to Think and Defend Like a Hacker Webinar
External Speakers
Melissa Goldsmith
Key Strategic Takeaways
The core attack types haven’t changed, ransomware, phishing, malware, and supply chain attacks are still dominant, but execution is now far more targeted and efficient. Attackers focus only on what works against a specific organisation, rather than wasting time on broad, noisy activity. Defenders must adopt the same precision, prioritising threats based on their actual exposure instead of trying to cover everything equally.
The assumption that “we’re not a target” is one of the most dangerous misconceptions in security. Attackers will exploit any environment for financial gain, reputation-building, or as a stepping stone for further attacks, even if the organisation holds little obvious sensitive data. Every system has value, whether as infrastructure, access, or leverage, so security strategies must assume relevance regardless of perceived importance.
Traditional detection waits for alerts, threat hunting actively searches for signs of attacker presence before damage is done. By operating under an “assume compromise” mindset, teams can identify intrusions earlier in the attack lifecycle, when containment is simpler and impact is lower. This proactive approach reduces reliance on late-stage detection, where attackers are already deeply embedded.
Threat intelligence becomes valuable only when it directly informs action, identifying which attackers, techniques, and vulnerabilities are relevant to your organisation. Frameworks like MITRE ATT&CK help translate this intelligence into structured detection and hunting strategies. When combined with exposure management, this allows teams to focus on exploitable weaknesses rather than theoretical risks.
Most breaches succeed not because controls don’t exist, but because organisations lack full visibility, consistent logging, or 24/7 response capability. Attackers exploit these gaps, using legitimate tools and low-noise techniques that blend into normal activity. Closing these gaps requires better logging, continuous monitoring, automation, and simplified environments so defenders can detect and contain threats at the speed attackers operate.
- 00:00 Introduction to thinking like a hacker and defending with precision
- 01:45 Today’s threat landscape: ransomware, phishing, malware, and supply chain attacks
- 03:29 Why leaked data can fuel future attacks beyond the initial breach
- 04:54 Social engineering now extends beyond email into modern comms platforms
- 06:52 Why every environment is a target, even without obviously valuable data
- 09:58 The real challenge: understanding complex environments and relevant threats
- 13:03 Threat hunting and the “assume compromise” mindset
- 15:19 Threat hunting maturity: from ad hoc hunts to intelligence-led programs
- 18:53 Using MITRE ATT&CK to focus hunts on real attacker behaviour
- 22:48 Exposure management: asset visibility, tooling synergy, and threat modelling
- 26:13 Monitoring gaps, logging blind spots, and why attackers exploit them
- 32:53 Practical defence advice: simplify, layer controls, automate, and prioritize
Seasonal Cybersecurity Risks for Transport Webinar
Ready to scale your security and compliance operations?
We protect your on-premise/cloud/OT environments - 24x7x365