Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss: - Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days - David's experience helping customers create their custom version of the DBIR ***Resources from this week’s podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ 2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759 VSec Community: https://vsec.dk/about/ Checkout the “Roll your own DBIR” Templates on GitHub here: https://github.com/cvpl-fdca/rollyourown-DBIR