DeepSec 2025 Talk: Hunting Shadows: Using Threat Intelligence to Outpace Adversaries – Sanjay Kumar
Cybersecurity isn’t just about firewalls and patches — it’s about understanding your adversary. Threat intelligence provides the insights we need to decode tactics, anticipate attacks, and strengthen our defenses.
In my talk, I’ll share how intelligence can:
– Reveal who your adversary is and what drives them
– Turn small indicators into early warnings of larger campaigns
– ️Shape stronger, proactive defensive strategies
– Bridge the gap between technical action and business risk
Because in today’s threat landscape, the strongest defense begins with intelligence.
We asked Sanjay a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- The talk demonstrates how understanding adversaries, their motives, methods, and mindset — is central to modern defense.
- It introduces a structured framework for identifying, profiling, and scoring threat actors targeting your industry.
- Real-world examples show how small, overlooked indicators can evolve into early warnings of large-scale campaigns.
- It highlights the practical use of MITRE ATT&CK, threat scoring, and adversary emulation to validate defenses.
- t concludes with measurable ways to demonstrate the value of threat intelligence through meaningful KPIs.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The idea grew out of multiple investigations where so-called “low-severity” alerts later turned out to be early signs of sophisticated intrusions. Those moments made me realize that we weren’t missing data — we were missing context. Turning scattered signals into meaningful insights became the focus of my work and ultimately inspired this talk.
Why do you think this is an important topic?
Defense without understanding the adversary is just reaction. Threat intelligence gives security teams foresight, helping them expect tactics before attackers execute them. It transforms cybersecurity from constant firefighting into strategic defense, connecting technical detection with business impact.
Is there something you want everybody to know – some good advice for our readers maybe?
Treat intelligence as a continuous cycle, not a report or feed. Keep enriching what you already know, share insights with your peers, and measure progress with real metrics. Even a small fragment of intelligence can reveal a much bigger story when analyzed in the right context.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Attackers are rapidly advancing, using AI and automation to scale their operations. Defenders must do the same.
Sanjay Kumar is a Threat Intelligence Manager at Landis+Gyr and a PhD researcher in Cybersecurity and Networking at the University of Jyväskylä, specializing in hybrid machine learning–based threat detection. He has over a decade of global experience in threat intelligence, detection engineering, and adversary tracking, having worked at several international organizations, and he currently serves as Chair of IEEE Finland Young Professionals. Sanjay is an active speaker at international cybersecurity conferences and has earned numerous awards recognizing his contributions to the field.