๐Ÿ› ๏ธHands-On

Building Your Own Cyber Threat Brief for a Stronger Security Culture

Marcus Cylar · 61:49 · 2025 · Track 1

threat-intelsecurity-awarenessleadership

Marcus Cylar on building your own cyber threat brief for a stronger security culture. A Track 1 session from Simply CyberCon 2025.

Open this segment on YouTube โ†— ยท jumps to 5:12:50 in the Track 1 livestream

The Threat Brief Is the Awareness Program

Marcus Cylar, an associate incident response case manager at FRSecure finishing year three in cyber security, makes a simple argument with surprising depth: every business should be running a weekly internal cyber threat brief, and the person doing it should probably be you. The talk weaves three threads together โ€” career rebuild, security culture, and personal brand โ€” and argues that one disciplined habit covers all three.

Why Tools Aren't the Answer

The headlines pile up โ€” physical attacks on secure enclaves, LinkedIn phishing of finance execs, ransomware exploiting CISA-flagged Linux flaws, ten million people breached at a single contractor. The intuitive response is to throw more tooling at the problem. Marcus pushes back hard. Citing a CISO Series segment where two CISOs would rather control their team than their tool stack, he argues that culture beats configuration. Cyber awareness, treated as a culture-building exercise rather than a compliance checkbox, takes you places tooling can't.

The Mechanics of a Weekly Brief

FRSecure runs a 30-minute news segment inside its weekly all-hands. Marcus rotates the duty with one other person and covers eight or nine stories per week. Each story gets four or five bullets โ€” who/what/where/when, the why and how, context and impact, takeaways and action steps, and an optional fifth bullet linking to a referenced report. Build it for your audience: technical pieces for the blue team, leadership pieces for the C-suite, business-impact pieces for sales and finance. Stay product-agnostic if your company is โ€” sponsored content with a vendor pitch at the bottom slips bias into your culture without anyone noticing.

Trauma, Talking, and Why Briefs Matter

The most powerful moment in the talk lands in a clip from the Cyber Security Mentors podcast. A new CISO walks into an organization still numb from a recent breach โ€” nobody is talking about it. He calls breaches organizational trauma and insists trauma heals through conversation, not silence. Marcus connects this back to the brief: getting people talking is the point. Once people are talking, growth happens. The news brief is the lightweight, repeatable mechanism that creates the conversation.

Lead From the Middle

Marcus closes with a career argument. Pitching a threat brief to your leadership demonstrates initiative, innovation, and investment in the company. Doing one publicly โ€” LinkedIn, Substack, podcast, YouTube โ€” builds your personal brand. He credits his own podcast (about church communications, not cyber) with landing him his FRSecure job: the hiring manager listened to episodes and said the vetting was largely already done. Three years in cyber, three Simply Cyber talks, and the through-line is the same โ€” put yourself out there.

Who Should Watch

Anyone in cyber security in their first five years who wants a concrete career move they can pitch on Monday. Anyone in security awareness or GRC looking for a culture lever beyond annual training. Anyone who has been told they need to build a personal brand but can't figure out the format.