Adversary Universe Podcast Interview with a Threat Hunter: Brody Nisbet, Sr. Director of CrowdStrike OverWatch
7 snips
Feb 12, 2026 Brody Nisbet, Senior Director of CrowdStrike OverWatch who leads threat hunting operations, shares frontline stories. He describes the OverWatch mission, massive telemetry scale, and behavior-based hunting. Hear accounts of tracking FAMOUS CHOLLIMA and OPERATOR PANDA, a cold case around Floppy Cannoli, and how teams extend visibility across network, cloud, and identity.
AI Snips
Chapters
Transcript
Episode notes
Out-Competing The Adversary
- OverWatch's mission is to out-compete adversaries by detecting them before they complete objectives.
- Rapid, actionable intelligence gives blue teams competitive advantage to disrupt attacks.
Behavior Over Signatures
- OverWatch triages massive telemetry (5.7 trillion events/day) to find hands-on-keyboard behavior, not just malware signatures.
- They focus on behavior like PowerShell, WMIC and scripting to identify active intrusions.
Analyst Specialization Scales Coverage
- OverWatch assigns analysts as SMEs for specific adversaries to track them across CrowdStrike's customer base.
- This model scales coverage for ~150 named actors and many clusters by focusing expertise.