What Really Is the Threat in Cybersecurity?A Closer Look

Scheduled for: July 6th, 2023, 10:00 am PT / Category: Interviews

Who is behind the security breaches we read about, what are the motives, and what does this look like? Why do breaches keep happening and what can companies do about it?

Summary of the video

Bryson Bort, CEO of Scythe, shared insights into cybersecurity threats and solutions. He explained that the cybersecurity landscape has evolved significantly in the past decade and emphasized the importance of understanding the three phases of an attack: reconnaissance, initial access, and post-access actions.

Reconnaissance: This is the phase where attackers study their target, much like a thief scouting a neighborhood. They gather information about potential weaknesses, patterns of activity, and points of entry. Hackers use this information to plan their attack strategy.

Initial Access: In this phase, attackers breach the target’s defenses. Despite the investment in security, businesses cannot fully prevent hackers from getting in. The primary method used by hackers is often phishing or social engineering, taking advantage of human vulnerabilities. Even sophisticated attackers often exploit the weakest link.

Post-Access Actions: Once inside the network, hackers aim to blend in and mimic legitimate activity. They might use stolen credentials or access points to move laterally through the network. This is where most of the innovation lies in the hacking world, and attackers have a consistent set of behaviors they use to navigate within the network.

Bryson introduced a concept called the “BAM Model,” which simplifies the attack lifecycle into these three phases and highlighted the importance of focusing on the third phase, post-access actions, as this is where businesses can effectively mitigate threats.

He discussed how Scythe is working to address cybersecurity challenges by providing a platform that automates and integrates threat intelligence. The platform enables businesses to replicate the behaviors of attackers in a controlled environment, thus helping organizations understand and mitigate threats more effectively. The goal is to turn threat intelligence into actionable insights that can be used to improve cybersecurity strategies.

He emphasized that while technology plays a role in cybersecurity, the real focus should be on people. Businesses need to prioritize cybersecurity education and training to empower employees to recognize and respond to threats effectively. Additionally, Bryson stressed the importance of collaboration and empathy within the cybersecurity community to support each other in addressing the complex challenges posed by cyber threats.

Overall, Bryson’s insights shed light on the evolving nature of cybersecurity threats and the need for a comprehensive and people-focused approach to cybersecurity defense.


Bryson is the Founder of SCYTHE, a start-up building a next generation threat emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security.

He is a Senior Fellow at the National Security Institute and an Adjunct Senior Technical Advisor for Institute of Security and Technology. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain and later served as an Advisor to the Army Cyber Institute. He was recognized as one of the Top 50 in Cyber by Business Insider, Security Executive Finalist of the Year by SC Media, and a Tech Titan in Washington DC.