Podacst on CERT

Behind the Mic: Diving into Threat Intelligence with Harutyun Harutyunyan

Last week, my friends Cosmin, Erik, and I (Saïdali) had the pleasure of hosting Harutyun Harutyunyan—an expert in threat intelligence at the CERT team of a major Belgian banking group—on our latest podcast episode. Over the course of 20 minutes, we unpacked everything from the basics of CERT operations to the human side of cybersecurity, and even peered into the crystal ball of future cyber-threat trends.

What Is CERT & Threat Intelligence?

We kicked things off by asking Harutyun to explain what a CERT (Computer Emergency Response Team) actually does, and how it differs from other security functions like SOCs. Harutyun painted a clear picture: while a SOC monitors and responds to incidents in real time, CERT teams focus on both reactive incident handling and proactive threat hunting using open-source feeds, internal telemetry, and close collaboration with other national and international CERTs. His point? Effective defense blends automated detection tools with the strategic insight of seasoned analysts.

Real-World Use Cases

Next, we dug into Harutyun’s war stories. He walked us through a typical threat-intelligence lifecycle—from spotting anomalous network traffic and correlating it with known malware indicators, to writing up a rapid-response report that triggers containment actions across the bank’s infrastructure. We learned how suspicious patterns emerge (often via automated alerts), how intelligence reports flow through incident-response teams, and why clear communication across legal, IT, and executive stakeholders is absolutely critical when a major threat emerges.

Tools, Skills & Collaboration

Cosmin and I probed Harutyun on the must-have tools and skills for budding threat-intel professionals. He highlighted platforms like MISP for sharing indicators of compromise, SIEM systems for log aggregation, and Python for scripting quick data-mining routines. Beyond technical chops, Harutyun stressed the importance of communication—writing succinct intelligence briefs—and international cooperation: sharing threat data between CERTs can mean the difference between a contained breach and a cross-border incident.

The Human Side & Future Outlook

In our final segment, Cosmin explored what keeps Harutyun passionate about cybersecurity. He confessed that the thrill of outsmarting adaptive adversaries is unparalleled, though newcomers often underestimate the patience and attention to detail required. Looking ahead, Harutyun foresees AI-driven attacks growing more sophisticated—and urges aspiring defenders to master both automation and the fundamentals of critical thinking.

Key Takeaways

• A CERT’s mission straddles proactive hunting and reactive incident response.
• Threat intelligence isn’t just data—it’s a storytelling exercise that informs rapid, cross-team decision-making.
• Technical tools matter, but so do communication skills and international collaboration.
• The cyber-landscape is evolving: automation and AI will shape both future threats and defenses.

Huge thanks to Harutyun for sharing his insights—and to Cosmin and Erik for co-hosting. If you’re curious about the pulse of real-world cyber-defense, give this episode a listen!