In an era of escalating cyber threats and operational complexity, threat intelligence teams are facing unprecedented challenges. From ransomware targeting critical national infrastructure to alert fatigue overwhelming analysts, security leaders are seeking new approaches to make sense of the threat landscape and protect their organizations.
EclecticIQ Head of Marketing Andrew Milne recently sat down with Jeremy Nichols, a cybersecurity veteran with nearly two decades of experience in threat intelligence operations, to get his perspective on the current state of the industry and the solutions that are making a real difference for cyber defenders.
The current threat landscape
Andrew: Jeremy, thanks for joining us today. With your two decades of experience, what's keeping security teams up at night right now?
Jeremy: Ransomware is one of the biggest threats that organizations are facing. Ransomware operators are largely indiscriminate of their target, and we're seeing it hit various sectors all around the world. We continually see victims in the manufacturing, construction, retail and finance space - and what I've observed over the years is that these attacks are becoming increasingly sophisticated.
We are seeing zero days as an attack method of getting in, so patch management is always key. That's one of the key areas that even 10 years ago we were saying companies are still behind on this, and we're still seeing that today. In my experience, this persistent gap between threat evolution and defensive capabilities is what's really challenging organizations.
Andrew: How does effective threat intelligence help organizations prepare for and respond to these attacks?
Jeremy: This is where contextualizing intelligence becomes critical. It's not enough to know that ransomware threats exist - teams need to understand which specific ransomware families target their industry, what attack vectors are being used against similar organizations, and how to prioritize defensive measures. In my experience across different sectors, the organizations that fare best are those that can quickly connect threat intelligence to their specific asset inventory and business priorities.
Operational challenges & root causes
Andrew: Beyond external threats, what operational challenges are teams struggling with internally?
Jeremy: One of the biggest challenges that teams are facing these days is there's too many tools, there's too much intelligence, and there's too many things to do. Most organizations have teams that are wearing multiple hats or they're really struggling to keep up. They have alert fatigue or they're simply overwhelmed.
Based on my experience, defenders really don't lack tools. They lack that time, the clarity and the context to actually respond. The hardest part isn't identifying what threats are out there - it's knowing which ones matter to your organization. This is something I've seen across every type of organization I've worked with.
Andrew: How does that context challenge play out in practice?
Jeremy: It's not just about understanding what threats are out there - it's very easy to pull in feeds and consume intelligence. What's really important is contextualizing that information so that it's actually valuable to you. It's ensuring that the information you're consuming is applicable to your business and your assets. I've learned over the years that this is where most organizations struggle the most.
Solution approaches
Andrew: So if context is the key challenge, how do organizations solve for that while maintaining speed and efficiency?
Jeremy: One of the most important things for teams these days is the ability to automate as well as the ability to operationalize intelligence very quickly. Companies like EclecticIQ enable that through automated enrichment - once an analyst is beginning to look at intelligence, it's already been enriched, classified, and tagged. That speeds up the ability for that analyst to make decisions on that intelligence.
The ability to leverage discovery queues to align with your priority intelligence requirements and bring in intelligence that matches what you care about - that aligns with your business goals - is absolutely key to streamline operations. What I've found over my career is that this prioritization capability separates effective programs from those that struggle.
Andrew: From a practical standpoint, what does that look like operationally for an analyst day-to-day?
Jeremy: Having it as a single pane of glass where the platform itself is bringing in the feeds and doing the enrichment enables analysts to focus on the individual areas they need to work on, so we're not swivel chairing between different tools or running manual tools to enrich that further. That's all done upfront.
EclecticIQ, for example, aligns very closely with industry standards such as STIX and MITRE ATT&CK. Those are key when you're framing your threat intelligence, and in my experience working with various platforms, this standards alignment makes a significant difference in long-term scalability.
Partnership approach
Andrew: You've worked with EclecticIQ - what made that experience different from a typical vendor relationship?
Jeremy: What made working with EclecticIQ different was that it wasn't just purchasing a tool from a vendor - it really was a partnership. The ability to establish our business goals and how we needed to tackle that within the platform, and getting the necessary support from the team to ensure we're aligned with the same goals and delivering on the same things, was key.
That helped us implement use cases very quickly, helped us respond when we needed changes, and helped us really deliver on the varying needs of stakeholders. EclecticIQ's customization, automation, and correlation are absolutely key to team efficiency, as well as ensuring that the intelligence coming in is automatically enriched up front.
Looking ahead
Andrew: Looking ahead, based on your experience, what do you see as the key trends that will shape threat intelligence operations?
Jeremy: The threat landscape is only going to get more complex. We're seeing attackers become more sophisticated, using techniques like zero-days that we discussed, and the volume of intelligence continues to grow exponentially. Teams are going to need platforms that can not only handle this scale but actually make sense of it.
In my experience, the organizations that succeed will be those that invest in automation and contextual analysis now, rather than trying to solve tomorrow's problems with yesterday's manual processes. What I'm particularly excited about is the potential for AI and machine learning to help with that contextualization challenge we talked about - helping analysts understand not just what's happening, but what matters to their specific environment.
Andrew: Any final advice for security leaders evaluating their current threat intelligence capabilities?
Jeremy: Don't wait for the perfect solution - start with understanding your current pain points and workflows. The biggest mistake I see is organizations trying to boil the ocean instead of solving specific, measurable problems first. Focus on where you're spending the most manual effort today, and look for partnerships with vendors who understand that this is an ongoing journey, not a one-time implementation project. After two decades in this field, I've learned that the most successful programs are those that evolve continuously with strong vendor partnerships supporting that evolution.
Andrew: Jeremy, thanks for sharing these insights - really valuable perspective on both the current challenges and preparing for what's ahead in threat intelligence.
Jeremy Nichols is an independent cybersecurity expert with nearly 20 years of experience in threat intelligence and security operations.