Tag: Threat Intelligence

RVAsec 15 Speaker Feature: Andrew Skatoff

April 30, 2026
Speaker

From OSINT to Detection: Building an Agentic CTI Pipeline (<– add to your schedule)

Modern threat intelligence moves fast, but detection engineering lags. This talk presents an agentic workflow that transforms OSINT into actionable detections using structured extraction, LLM reasoning, and automated validation. Transparent, auditable pipelines accelerate the CTI lifecycle, from ingestion to Sigma rules, while preserving analyst control, reducing time-to-detection from days to hours.

Andrew Skatoff:
Andrew is a cybersecurity senior leader with over 20 years of experience protecting critical financial infrastructure within the national financial infrastructure. He leads large-scale programs spanning incident response, threat hunting, and detection engineering, and has served as Incident Commander for nationally significant cyber events.

He is the creator of Huntable CTI Studio, an open-source agentic workbench that transforms threat intelligence reports into actionable detections using transparent, auditable AI workflows. His work focuses on applying AI as a force multiplier for security teams—without sacrificing rigor, trust, or control.

Come see Andrew Skatoff at RVAsec 15!

RVAsec 15 Speaker Feature: Thomas Nance

April 29, 2026
Speaker

Beyond the Tip of the Iceberg: Undercover HUMINT Operations Inside the Ransomware Ecosystem (<– add to your schedule)

Ransomware attacks often begin with Initial Access Brokers selling network access through private channels invisible to traditional intelligence. This session explores how Darkweb IQ uses undercover personas to engage threat actors directly, uncovering attacker tools, techniques, and vulnerabilities before incidents occur. It also highlights how this intelligence supports law enforcement and contributed to a DOJ case involving an ALPHV affiliate.

Thomas Nance:
Thomas Nance is the Director of Intelligence Services at Darkweb IQ and a former CIA Operations Officer, where he conducted espionage and counterterrorism missions built on human source development and clandestine collection. He specializes in applying HUMINT tradecraft to cybercrime ecosystems, with a focus on infostealer-driven threats and initial access broker networks.

Prior to Darkweb IQ, Thomas led intelligence operations and solutions architecture at Flashpoint, delivering undercover, persona-led intelligence for Fortune 500 clients. He later helped scale a YC-backed AI threat intelligence company, closing enterprise contracts while shaping product direction through direct customer feedback.

At Darkweb IQ, he built and scaled the Intelligence Services function, delivering actionable intelligence to the FBI, cyber insurers, and enterprise security teams that is collected directly from 1:1 engagements with cyber criminals. His work centers on engaging directly with criminal networks to identify and disrupt access sales before the access is sold to ransomware gangs.

Come see Thomas Nance at RVAsec 15!