Beyond the Tip of the Iceberg: Undercover HUMINT Operations Inside the Ransomware Ecosystem (<– add to your schedule)
Ransomware attacks often begin with Initial Access Brokers selling network access through private channels invisible to traditional intelligence. This session explores how Darkweb IQ uses undercover personas to engage threat actors directly, uncovering attacker tools, techniques, and vulnerabilities before incidents occur. It also highlights how this intelligence supports law enforcement and contributed to a DOJ case involving an ALPHV affiliate.
Thomas Nance:
Thomas Nance is the Director of Intelligence Services at Darkweb IQ and a former CIA Operations Officer, where he conducted espionage and counterterrorism missions built on human source development and clandestine collection. He specializes in applying HUMINT tradecraft to cybercrime ecosystems, with a focus on infostealer-driven threats and initial access broker networks.
Prior to Darkweb IQ, Thomas led intelligence operations and solutions architecture at Flashpoint, delivering undercover, persona-led intelligence for Fortune 500 clients. He later helped scale a YC-backed AI threat intelligence company, closing enterprise contracts while shaping product direction through direct customer feedback.
At Darkweb IQ, he built and scaled the Intelligence Services function, delivering actionable intelligence to the FBI, cyber insurers, and enterprise security teams that is collected directly from 1:1 engagements with cyber criminals. His work centers on engaging directly with criminal networks to identify and disrupt access sales before the access is sold to ransomware gangs.
