Posted
The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!
As a seasoned marketer in the cybersecurity space, Dan Cole has heard all of the old product narratives before — from “attackers are outpacing security teams faster than ever” to “alert fatigue is overwhelming analysts.” In an industry where the work is both complex and, to some, a little dry, it can be tricky to come up with new, flashy ways to tell a brand story. That’s why Cole always starts with what matters most: helping analysts do work with real impact.
“We’re really trying to help these analysts prioritize work that actually helps them feel like they are making a difference,” Cole says. Sometimes that means explaining ways to use tools like ThreatConnect’s Risk Quantifier to attach real dollar figures to the results threat intelligence provides. And other times, it means finding new ways to share best practices — like, say, by comparing them to Star Wars.
Whatever he might be working on, Cole wants to make sure ThreatConnect’s products solve the biggest real-world problems facing clients. And as for when he’s outside of work? You’ll probably find him outside photographing and, sometimes, rescuing wild foxes.
The following conversation has been edited for clarity and length.
How did you get into threat intelligence, and what does your role look like day to day?
Dan Cole: I was a product manager for almost 15 years in a variety of industries, but then I was hired at ThreatConnect 10 years ago as part of their series B to lead and build out their product management team. I’ve kind of shifted roles since then, but it involves spending a lot of time with customers to understand their pain points, understand where they’re running into roadblocks, and make sure that our roadmap is prioritized to remove those roadblocks. Since then my role has shifted to help educate the market on some of the best ways to remove those roadblocks – ideally with our products!
Pretty much everything I learned about threat intelligence, I learned from our customers and the challenges that they are actively facing every single day.
What is the most challenging part of your job?
The most challenging part of my job is ensuring that what we are doing helps people feel like they matter. We all want to feel like the work we’re doing is making some kind of impact and moving some kind of needle. Like it’s not just busy work that’s going to end up in the trash.
Every vendor talks about alert fatigue and how overwhelming it can be. Studies clearly show the impact that those sorts of things have on the emotional well being of these analysts. But our goal isn’t just to help analysts feel less overwhelmed. We’re really trying to help these analysts prioritize work that actually helps them feel like they are making a difference.
I saw you’ve used Star Wars as an analogy for the threat gap in a webinar before. What gave you the idea to do that?
We want to stand out in the industry and make things a little fun. Considering the toll that this work takes on the mental health of these analysts, if we can give them a break with something a little entertaining, great. It’s better than another dry corporate webinar where someone is just pitching their product. It’s about evangelizing not just our products, but the different approaches to cyber defense that can make analysts more effective in their roles.
You’ve also written about how cybersecurity professionals can use AI as a teammate. How would you describe the potential and the risks associated with AI?
The way one customer put it to me was that AI is kind of the world’s smartest intern. I might trust an intern to do research, but I’m not going to let them push the big red button or handle something that might blow up our security stack.
One big risk is that AI can be a black box; you might not be able to really understand how it reached its conclusion. It’s very easy to add an LLM to an existing security product, but it can be hard to know if the underlying data that that LLM uses is any good. But at ThreatConnect, we have the DNA of being a data company. We have billions of records and 1.2 million different sources of data. So the LLMs that we put on top of our products have access to data that is vetted and high fidelity and reliable, and we can be transparent and provide receipts. So when you hire that “intern,” you can trust the data that they are running out to gather is solid.
That would make a huge difference. And how do you spend your time outside of ThreatConnect?
I am an amateur wildlife photographer. I also do wildlife rescue, including volunteering at a rescue focused on saving foxes from fur farms. I enjoy all things food — from gardening, to actually growing the food, to cooking, to actually making the food, to going out to restaurants to enjoy food without having to do dishes. I also love backpacking and being outdoors.
Which rescue organization do you work with, and what’s that like as a hobby?
It’s called the Wildlife Rescue League. I also work with Save a Fox out of Minnesota. And it’s not easy. When wild animals are injured or sick, they don’t want to be trapped. But we have an entire network of rescuers, transporters, vets, and rehabilitators.
Just this past Sunday, I picked up a raccoon that had pneumonia, put him in the back of my car, and drove him to a rehabilitator where he’s going to get some antibiotics, get some rest, and eventually be released back into the wild.
What other types of animals have you rescued?
Foxes are my favorite, but I’ve also gotten to release a one-eyed owl back into the wild. I’ve done turkey vultures, which are super cool. And one time, I had a red shouldered hawk, which spent the entire car ride screaming at the top of its lungs. It was still super fun.
Do you have some sort of enclosure in your backseat to transport these animals?
Sometimes it’s just a cardboard box, and sometimes a cage. Luckily, I’ve never had an escapee, but it has happened to others.
I’d wondered about that. Why are foxes your favorite?
Gosh, I’m trying to think of a way to loop them back to the theme of threat intelligence.
If you could do that, it would be great for this article!
I’ll start a sentence, and eventually I’ll find my way there. First of all, they’re beautiful. They are misunderstood. And just like I like to stand up for the intelligence analysts, I’m a fan of the underdog. I want to stand up for the little guy. But foxes are extremely clever. They’re this perfect mix of curiosity and bravery and caution, and they’re very adaptable.
When I think about threat intelligence and cybersecurity, I do think good analysts also have a healthy mix of curiosity, bravery and caution. You want to be bold, because the attackers certainly are, but you also want to be cautious and not make mistakes when you’re taking a blocking action or promoting a new strategy. And certainly, you have to be extremely clever and extremely adaptable. For example, as adversaries start leveraging AI more and more, we need to adapt the way we do cyber defense so that we can stay ahead of those threats.
Nicely done with that metaphor. And has wildlife rescue also made you better at wildlife photography?
Yeah, 100%. Foxes, especially, have such varied personalities. You can just tell they let the intrusive thoughts win. Now that I’ve gotten to know their personalities, it’s helped me not only work with them but also figure out what I want to bring out in my photos. If I’ve got a fox that is particularly spicy, I want to find an opportunity to showcase that.
