Open search
Accessibility

Podcast 🎧 & blog: Cyber threat intelligence as public defence, privately informed

Podcast

Cybersecurity is a shared responsibility that requires strong partnerships between governments and businesses. Governments, therefore, face the challenge of adapting to a world where – in the cyber domain – the state is not the sole provider of intelligence or security, and private sector emerges as a cyber intelligence actor. 

In this Podcast episode, eGA’s Head of Cybersecurity Merle Maigre speaks with Jack McCurley, a senior intelligence consultant at Recorded Future, about what it takes to build national resilience when the threats are global and decentralised. “Threat actors are networked. If defenders aren’t, we’re already behind,” he says. 

A first look, here, into the tools and public-private cooperation in cyber threat intelligence sharing reshaping cybersecurity from the inside out. All in anticipation of the e-Governance Conference 2025 session on public-private partnerships on the matter, where today’s speakers will be joined by Liga Raita Rozentale and Nerses Yeritsyan to discuss how shared responsibility can be turned into shared defence. 

Rising Stakes in Accessibility vs. Vulnerability 

As governments digitise and centralise service delivery, they streamline access for citizens, but they also create single points of failure. “We’re seeing government portals that do everything: from identity authentication to benefit distribution. That’s great for users, but also great for attackers,” McCurley notes.  

Drawing examples from Ukraine, the UK, and other digitally advanced governments, we see how centralised services can become high-value targets. These platforms often concentrate multiple essential functions – from ID authentication to healthcare access – in one place. That means that compromising a single system can have ripple effects across an entire government service landscape. “If you hit that one login page, you’re not just in the front door. You’ve basically walked into the whole building.” 

That kind of exposure changes the game. It’s about foresight requiring proactive intelligence, now, and not mere defence anymore. But many public sector defenders still rely primarily on open-source intelligence (OSINT), which has limits. “The issue with OSINT is that it’s what everyone sees. By the time a threat appears there, it’s often already old news in criminal circles.” 

What Commercial Intelligence Offers 

This is where private sector cyber threat intelligence actors like Recorded Future play a role. “We’re sometimes described as an OSINT company, but that’s only half the picture,” McCurley says. “We operate in closed-source environments, including forums, dark web marketplaces, invite-only malware exchanges. And we have human sources, too.” 

Because commercial threat intelligence isn’t just faster, but also broader. “Speed is the difference between a failed intrusion and a successful compromise. We provide governments with signals they won’t find in public feeds.” 

The partnerships aren’t always purely commercial. Recorded Future has provided extensive support to Ukraine since 2022, including sharing real-time threat data and detection rules. “It wasn’t a client relationship, but solidarity. Our analysts worked directly with their national CERT, and that made it genuinely peer-to-peer.” 

A logic that echoes also the spirit behind the Western Balkans Rapid Response 2.0 project, implemented by e-Governance Academy. That initiative supports cyber resilience through intelligence sharing and collaborative response mechanisms between public and private actors, going beyond sheer transactionality and bringing about true tactical readiness. 

Making Intelligence Actionable, from Data to Operations 

McCurley further points out that intelligence alone isn’t enough, because it needs to be usable. “The number one failure mode we see is information that never becomes action. That’s where context matters.” 

In his view, there are three ways in which governments can operationalise threat intelligence: 

  • Threat-based vulnerability management
    Rather than patching by severity score alone, organisations should ask: “Is this vulnerability being actively exploited? By whom? In which sector?” That’s where threat intel adds value. 
  • Supply chain risk monitoring
    Many attacks now enter through third-party vendors. “We use intelligence to track whether a supplier’s credentials are being sold, or if their cloud storage is misconfigured,” McCurley says. “It lets our clients engage vendors before an attacker does.” 
  • Purple teaming and simulations
    Using attacker profiles built from real data, blue teams can simulate attacks and test their defences. It’s not just about catching hackers. “It’s about training muscle memory.” 

Intelligence transforms posture. “You move from reacting to threats, to preparing for them. That shift saves time, budget, and sometimes whole systems,” McCurley highlights. 

AI, Cybercrime-as-a-service, and Automation 

Readiness matters, because structural shifts are taking place in the threat landscape. “Ransomware isn’t a hacker in a hoodie anymore. It’s a business model,” McCurley says. Services for hire, malware kits, and distributed DDoS-for-hire platforms have lowered the barrier to entry. “Now, a teenager can buy a sophisticated attack tool with just crypto and a Telegram account.” 

At the same time, defenders are automating too. Recorded Future uses AI and machine learning to detect patterns in malware behaviour and generate proactive detection rules. “And by doing this, rather than replacing analysts, we’re freeing them up. AI does the repetitive part. Analysts do the thinking.” 

“The arms race is real. But the public sector doesn’t have to lose it. With the right partnerships, you can close the gap,” McCurley warns, but with confidence. Intelligence, indeed, isn’t yet another silo – it’s an enabler. “It doesn’t replace firewalls or endpoint detection. But it does make all of them smarter.” 

“You can’t defend blind. Threat intelligence is how you turn on the lights.” 

Join Merle Maigre and Jack McCurley, on May 29 at the e-Governance Conference for the discussion ” Cybersecurity and public-private partnerships: strength in collaboration” 

Find out more >>> egovconference.ee 

Interested in more? Listen to all Digital Government Podcast episodes >>> https://ega.ee/digital-government-podcast/ 

e-Governance Academy Foundation

General contact
Client relations & partnerships 
Press inquiries
Address
Rotermanni 8, Tallinn, Estonia
eGA logo
logoegov
NCSI logo

2025 © All rights reserved.