Thanks to the ShadowDragon team for having OODA CEO Matt Devost on their podcast.


Risk management strategies that work are hard to find in such a noisy infosec buzzword filled industry. Our guest Matt Devost, offers perspective on subjects which will be helpful for beginners, advisors or CISO’s.

We cover some of the following items:

  • AI & Turing Integrity Assessments
  • Risk Management strategies that work.
  • Historical reference points to the beginnings of the threat intelligence industry.
  • Similarities between an evolving TI landscape, and red teaming over the last 20 years.
  • Where bad threat intelligence can take you.
  • Insider threats are always constant.
  • Context and discussion on disinformation.

“Here are the threat actors that likely to target you, here are the goals that they are trying to achieve, here are the attack surfaces that presented themselves, here is the outcome we could achieve, here is the mitigation strategy. Metrics and measurement matter, but strategic outcomes must be pursued. Risk management should always focus on time to detection.”…. (Paraphrased from Matt Devost)

Matt Devost was one of the first white hat hackers to bridge the gap between the top-secret / national security circles and the hacker world. He was one of the few to have a masters degree in political science with a focus on national security, while also having the skills to attack and defend. He has been renowned as one of the few that had a world of “first’s” within the industry. Matt was one of the first pulled into the United States Presidential commission on critical infrastructure protection in the 90s. The Presidential commission had a significant focus on cyber risks associated with the United States’ critical infrastructure. Something that affects most of our careers in one way or another today.