From Policy to Cyber Interference

Aug 28, 2025

In a dynamic discussion, Thomas P. Bossert, President of Trinity Cyber and former Homeland Security Advisor, reveals the importance of proactive threat interference. He emphasizes how companies can engage directly with threat actors rather than passively defending against cyberattacks. The conversation dives into the disconnect between cybersecurity policy and real-world technology, the necessity for strategic frameworks, and the critical role of nonpartisan cooperation in fortifying defenses against evolving threats. Bossert's insights aim to reshape the cybersecurity landscape.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Rhetoric Vs. Technical Reality

Bossert warned of a disconnect between policymakers' rhetoric about 'offensive' cyber and the technical reality of what that means.
He argued offensive action must be carefully defined, targeted, and measured against real effects.

ADVICE

Prefer Reciprocal Interference Over Vengeance

Use reciprocal, measured interference that exploits attacker energy to disrupt operations rather than blind 'hack back' retaliation.
Focus interference on altering adversary operational outcomes, not emotional vengeance.

ANECDOTE

From Policy To Operational Cyber

Bossert described leaving policy roles to join Trinity because the team 'cracked the technological nut' enabling operational interference.
He emphasized his desire to return to operational work and stop the bad guys directly.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of Threat Vector, guest-host Michael Sikorski speaks with Thomas P. Bossert, President of Trinity Cyber and former Homeland Security Advisor. They explore the path from policy and national security strategy to building operational cyber defense that “interferes with attackers mid-operation.” Tom shares insights on how companies can shift from chasing ephemeral indicators to engaging with threat actors in encrypted traffic using active threat interference. We dive deep into the disconnect between policy rhetoric and real-world tech, why defensive action matters now, and how commercial cyber deterrence can work. Cyber leaders can expect a practical discussion on reshaping defense for today’s threat landscape.

Join the conversation on our social media channels:

Website:⁠⁠ ⁠⁠⁠⁠https://www.paloaltonetworks.com/⁠⁠
Threat Research:⁠⁠ ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠⁠⁠
Facebook:⁠⁠ ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠⁠⁠
LinkedIn:⁠⁠ ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠⁠⁠
YouTube:⁠⁠ ⁠⁠@paloaltonetworks
Twitter:⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠⁠⁠

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠ ⁠http://paloaltonetworks.com⁠⁠