Secure & Simple — Podcast for Consultants and vCISOs on Cybersecurity Governance and Compliance

Exploring Cyber Warfare: Risks, Strategies, and Solutions | Interview with Steve Winterfeld

Nov 18, 2025

In this conversation, Steve Winterfeld, a seasoned security consultant and author, dives into the complexities of cyber warfare. He discusses the evolving landscape of cyber threats that affect businesses of all sizes, from espionage to sabotage. Steve emphasizes the need for risk assessments and strategic frameworks like MITRE ATT&CK to enhance cybersecurity. He outlines the roles of various actors and the importance of active defense over mere attribution. His insights into balancing innovation with security are especially relevant for today’s digital landscape.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Blurred Lines Between State And Criminal Actors

Cyber warfare blends state and non-state actors, creating blurred attribution and hybrid threats.
Commercial entities face collateral damage from espionage, sabotage, and hacktivists.

ANECDOTE

High-Profile Sabotage Examples

Steve cites real-world attacks like the Aramco wiper and Sony Pictures to show political motives.
These incidents illustrate how cyber operations cause large commercial and reputational harm.

ADVICE

Map Adversaries And Build Playbooks

Start threat modeling by mapping who would target you and why, then rank those risks on your register.
Build crisis playbooks for high-profile escalation scenarios even if risk seems low.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

In this episode of the Secure and Simple Podcast, host Dejan Kosutic, CEO of Advisera, welcomes Steve Winterfeld, a seasoned security consultant, fractional CISO, and author of the book 'Cyber Warfare Techniques, Tactics, and Tools for Security Practitioners.' The discussion revolves around the relevance of cyber warfare for companies, the different types of cyber threats, and strategic ways to address them. Steve shares insights on cyber warfare's impact on various sectors, from espionage and sabotage to operational tactics. He emphasizes the importance of risk assessment, the utility of frameworks like the MITRE ATT&CK framework, and approaches to security hygiene. The conversation provides a comprehensive look at how businesses can enhance their cybersecurity measures to safeguard against advanced threats.

Links from the episode:
- Conformio software to streamline and scale ISO 27001 implementation and maintenance for your clients: https://advisera.co/Conformio-software
- White label documentation toolkits for NIS2, DORA, ISO 27001, and other ISO standards to create all the required documents for your clients: https://advisera.co/page-all-toolkits
- Accredited Lead Auditor and Lead Implementer courses for various standards and frameworks to show your expertise to potential clients: https://advisera.co/Consultant-Courses
- Company Training Academy with numerous videos for NIS2, DORA, ISO 27001, and other frameworks to organize training and awareness programs for your client’s workforce: https://advisera.co/page-Company-Training-Account
- Beginner's Course for ISO, Cybersecurity, and AI Consultants: https://www.youtube.com/playlist?list=PLHwD3nQun7caKFq80LxNNYKIabATlyA7t
- How to Grow Your Cybersecurity, ISO, or AI Consultancy: Advanced Course:https://advisera.co/GrowYourConsultancyTraining

(00:00) - Interview with Steve Winterfeld
(01:10) - Understanding Cyber Warfare
(05:41) - Impact on Commercial Sector
(13:01) - Strategic, Operational, and Tactical Perspectives
(17:27) - Risk Management and Mitigation
(25:48) - Securing Supply Chains and Crisis Management
(30:36) - Validation Exercises and Technical Debt
(34:47) - Cybersecurity for Smaller Companies
(36:49) - Consulting Opportunities in Cybersecurity
(51:41) - Resources for Consultants