DeepSec 2025 Training: eCrime Intelligence – Aaron Aubrey Ng & Scott Jarkoff
Understanding eCrime is no longer optional. It is a mission-critical capability for any organization serious about anticipating, preventing, and neutralizing today’s most pervasive cyber threats. This intensive training provides a comprehensive exploration of the eCrime ecosystem, unpacking the full spectrum of adversarial tactics, techniques, and procedures used by financially motivated threat actors to exploit organizations of all sizes and sectors.
Blending traditional intelligence tradecraft with cutting-edge cyber security methodology, this course empowers cyber threat intelligence professionals, SOC analysts, CISOs, and forward-thinking defenders to operationalize threat intelligence, proactively reduce risk, and harden their defensive posture. Whether you are new to the world of eCrime or looking to refine your existing expertise, this course will give you the insight, confidence, and real-world skill-set to outpace adversaries.
Through hands-on exercises, real case studies, and live tooling, participants will learn to track and attribute adversary infrastructure, analyze adversary tradecraft, uncover victimology, and confidently identify key players within organized eCrime operations. Attendees will explore the dark web, develop basic operational personas, collect intelligence from adversary-run forums and marketplaces, and learn how to infiltrate closed communities — all safely and effectively.
This is not theory. This is practical, tactical, and grounded in the reality of modern cyber threat operations. By the end of the training, attendees will walk away with the knowledge and tools needed to investigate, disrupt, and counter eCrime adversaries, all while supporting broader intelligence collection plans and strategic security initiatives within their organizations.
We asked Aaron Aubrey and Scott a few more questions about their talk.
Please tell us the top 5 facts about your training.
- Reveals the inner workings of cybercrime. You will understand how criminal networks function as a professional ecosystem, reflecting the same models found in legitimate technology environments.
- Teaches you how to think like an adversary. You will gain insight into how cybercriminals plan, collaborate, and execute attacks across sectors and geographies.
- Blends intelligence tradecraft with real-world cybercrime analysis. The content draws from decades of field experience across government and industry to give you operational clarity.
- Maps the cybercrime ecosystem. You will explore how threat actors rely on infrastructure-as-a-service, malware-as-a-service, access brokers, specialty vendors, and monetization layers to scale their operations.
- Accessible to everyone. No technical background is required. Whether you are new to cybercrime or already working in security, this training will transform how you see the threat landscape.
How did you come up with it? Was there something like an initial spark that set your mind on creating this workshop?
We spent decades working in traditional intelligence and cyber threat intelligence, and we consistently underestimated cybercrime, as we saw first-hand. While nation-state activity dominates headlines and ransomware grabs attention during high-profile events, the vast majority of threat activity today is driven by the broader cybercrime ecosystem. It operates in the shadows, funding access, enabling attacks, and scaling operations with industrial precision. Yet most vendors offer only limited visibility, and most defenders are never given the tools to understand how it really works. We created this workshop to close that gap and arm the community with the insight, skills, and operational edge required to fight back.
Why do you think this is an important topic?
Cybercrime accounts for over 80% of all cyberattacks globally, making it the dominant threat in today’s digital landscape. The US FBI received over 850,000 cybercrime complaints in 2024, with reported losses exceeding US$16 billion, representing a 33% increase from the previous year. In Europe, Europol reported its 2024 Operation First Light led to nearly 4,000 arrests and the seizure of more than US$250 million in criminal proceeds, underscoring how vast and deeply embedded the cybercrime ecosystem has become.
While nation-state campaigns dominate headlines and ransomware draws attention during high-impact incidents, the broader, industrialized cybercrime economy silently drives the majority of malicious activity worldwide. Defenders who do not understand how cybercrime is perpetrated, structured, monetized, and scaled are operating without vision. Understanding this threat is not optional. It is essential.
Is there something you want everybody to know – some good advice for our readers maybe?
Cybercrime is not a mystery. It is a business. It is a fully formed ecosystem, a microcosm of the same cloud-based tools and services we rely on every day. Learn to think like your adversary. The moment you stop reacting and start anticipating, everything changes. This is not just about knowledge. It is about mindset. The best defenders are not the ones with the most data. They are the ones who know what to do with it. This workshop is open to anyone who wants to learn about cybercrime. No technical background is required. Just bring an open and curious mind.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your training in particular?
The application of Large Language Models (LLMs) in the domain of intelligence has the potential to vastly improve intelligence consumption and production, which will have a material impact on investigating and analysing cybercriminal activity.
Aaron is a Senior Systems Engineer at Crowdstrike. He is based in Dubai and supports the Crowdstrike business across the Middle East, Turkey, and Africa (META) region. Aaron advocates for the adoption of Cyber Threat Intelligence (CTI) to organisations across the public and private sectors. Prior to joining industry, Aaron served 12 years of Active Duty in the Singapore Armed Forces as a Military Intelligence Officer. He served in multiple command appointments in classified Intelligence units, and was instrumental in developing the masterplan for the Digital and Intelligence Service (DIS), the digital service branch of the SAF. Outside of work, Aaron contributes to cybersecurity research and education. He collaborates with the Stanford Gordian Knot Center for National Security Innovation on research covering emerging technologies and cybersecurity. Aaron also serves as an Adjunct Faculty member at the Faculty of Computer Information Science at the Higher Colleges of Technology (HCT) in the UAE, and sits on the CFP Review Board for RootCon.
Scott Jarkoff is the Co-Founder and CEO of Praeryx, where he is shaping a new model for cyber threat intelligence built from the ground up to challenge legacy assumptions and disrupt institutional gatekeeping. Drawing on decades of global intelligence and cyber security leadership, he is building something deliberately different, quietly architecting the future of how CTI is created, consumed, and operationalized. Prior to Praeryx, he led CrowdStrike’s threat intelligence strategy across Asia Pacific and Japan (APJ) and the Middle East (META), serving as a trusted strategic voice to governments and enterprises confronting the world’s most complex and persistent adversaries. His career also spans the U.S. Department of Defense and McAfee, where he has continuously bridged tactical insight with executive strategy. Scott is the creative mastermind behind deviantART, the world’s largest online art community, helping pioneer the creator economy in its earliest form. Known for decoding chaos into clarity in the fog of cyber conflict, he brings a rare mix of credibility, conviction, and execution to an underserved domain.