top of page

Episode #


Experian's Brian Stack on How to Protect Customers Through Dark Web Intelligence

Show Notes

In this week's episode of the Future of Cyber Risk podcast, David speaks to Brian Stack, VP of Engineering & Dark Web Intelligence at Experian Consumer Services, which offers online credit reports, scores, and monitoring products. They discuss what Brian's dark web team does in order to protect customer identities, the hurdles they've had to overcome to be effective globally, and the biggest challenges to security today in general. They also talk about practical ways businesses can reduce their risk, why it's necessary to think beyond just technology, and how the future of cyber risk will focus on analytics, prevention, and education.

Topics discussed:

  • Brian's background, that started in computer science, then led him to working on the US missile shield and starting his own software company before finding his way to Experian to lead a dark web team.

  • What the dark web team does each day, including building relationships in dark web forums for leads, and how they go about protecting customer credentials and identity.

  • How the dark web team has overcome various challenges like language barriers and expanding their team to be located around the world.

  • What priorities small businesses and enterprises should have when it comes to cyber security, like training, encryption, investing in cloud security, and more.

  • The skills security practitioners should possess, including learning the fundamentals, mastering the tools, and studying psychology.

  • The biggest challenges to cybersecurity today, including geopolitical conflict and the ease at which you can purchase malware-as-a-service.

  • Why the future of cyber risk will center around analytics, prevention, and education, and why monitoring and alerting will be table stakes.

Quotes from Episode


"When you're a startup, small, even a medium-sized business, you don't have large budgets. You're not going to have a CISO. But the first thing is you can still have a culture of security. That's free. It starts there." (10:46)


"If you are a large company, a data breach is potentially going to have an impact on your stock. ... Be more aggressive with protecting your brand as it's being abused online to steal personal information from consumers is something you need to be aware of." (15:26)


"Learn computer and network fundamentals. Attack styles change over time, but a lot of the time, the underlying fundamentals of how they're doing it remains the same, and the types of security vulnerabilities remain the same." (25:22)


"You need to better understand the motives and techniques of potential attackers and how they can successfully exploit victims, which could be your employees, it could be your consumers." (26:09)


"Think beyond technology. ... It's thinking outside of, let's just buy the latest tool or get the latest training. What are nontechnical things we can do to either improve people's behavior or to mute potential attacks against us?" (44:46)

bottom of page