Episode 178: Appropriate Defense to Iranian Threat Activity

 

 

In episode 178 of Cybersecurity Where You Are, Sean Atkinson sits down with Theodore "TJ" Sayers, Senior Director of Threat Intelligence at the Center for Internet Security^® (CIS^®). Together, they discuss how to mount an appropriate defense to Iranian threat activity observed in February and March 2026.

Here are some highlights from our episode:

• 00:58. Iran's historical tit-for-tat style of cyber operations
• 02:50. Regional targets: A primary focus of Iran's state-sponsored threat actors
• 04:05. What the CIS Cyber Threat Intelligence (CTI) team is watching for
• 05:19. Contextualizing a drop in precursor-related threat activity from Iran
• 06:59. Sectors directly and indirectly affected by observed Iranian threat activity
• 09:12. Password spraying, data wipers, and more: Common TTPs of Iranian threat groups
• 11:50. The importance of cybersecurity awareness training in countering TTPs that still work
• 16:07. Advice to SOC managers: How to detect what CIS CTI is expecting the most
• 21:25. NASCIO's Top 10 Priorities as a guide for framing strategic risk of Iran's threat activity
• 26:39. What an effective threat intel team does and does not do
• 29:29. Community defense for U.S. State, Local, Tribal, and Territorial (SLTT) organizations

Resources

• Multi-State Information Sharing and Analysis Center^®
• Snap Call: Public Sector Threat Update Amid Conflict in Iran
• How to Defend Against Iran's Cyber Retaliation Playbook
• Cloudflare | Traffic in Iran
• Episode 143: Iran's Growing Multidimensional Threat Activity
• Episode 142: SLTTs and Their Nuanced Cybersecurity Needs
• MS-ISAC Guide to DDoS Attacks
• Exploited Protocols: Remote Desktop Protocol (RDP)
• Commonly Exploited Protocols: Server Message Block (SMB)
• State CIO Top Ten Policy and Technology Priorities for 2026

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].