Pick up your badge, enjoy breakfast, and connect with fellow attendees before training sessions begin.

Join us as we kick off Predict 2025 with opening remarks and celebrate the outstanding contributions of our community. We’ll recognize individuals and teams who are driving innovation, collaboration, and impact with intelligence.

In this session, we’ll explore how to take a risk-centric approach to cyber threat hunting. You'll learn how to identify and understand organizational risk, and how to leverage the Recorded Future platform to assess and prioritize those risks in real time. From there, we’ll demonstrate how risk intelligence can serve as a powerful driver for proactive threat hunts—enabling you to focus on what matters most, reduce noise, and improve your overall security posture. 

Course Objectives:

After completing this hands-on training session, learners will be able to:

• • Understand how to find and leverage risk to drive your threat hunts
  • Better understanding and utilisation of the platform

This session utilizes Recorded Future’s Threat Intelligence, Vulnerability, Geopolitical, and Third-Party Intelligence Modules

Explore how cyber operations conducted by Russia, China, North Korea, and Iran are increasingly converging with their geopolitical ambitions. Participants will examine case studies that illustrate how these states leverage cyber attacks not just for espionage or disruption, but as strategic tools aligned with foreign policy, economic competition, and influence campaigns. We’ll discuss the distinct motivations and tactics of each actor, as well as the points where their approaches overlap—such as targeting critical infrastructure, shaping global narratives, and exploiting vulnerabilities in democratic institutions. By the end, attendees will gain a sharper understanding of how cyber and geopolitics are inseparably linked, and how this convergence reshapes the threat landscape.

Course Objectives:

After completing this hands-on training session, learners will be able to:

• • Understand the correlation between Cyber Operations and Geopolitical Objectives

  • Know how to conduct research using Recorded Future to elucidate the connection

  • Apply Advanced Queries and Recorded Future AI to surface supporting evidence

This session utilizes Recorded Future’s Threat Intelligence and Geopolitical Intelligence Modules.

This session equips intelligence analysts, managers, and strategic leaders with two essential disciplines: structured analysis and strategic foresight. Participants will learn how to anticipate and prepare for future threats, especially in complex geopolitical environments, through analytical tools and strategic foresight frameworks. By identifying risks early, organizations can move from a reactive to proactive security posture, minimizing potential harm and enhancing resilience. Recorded Future’s intelligence modules can be integrated into this process, enabling more effective and actionable mitigation strategies.

Course Objectives:

• • Apply structured analytical techniques to enhance intelligence assessment and decision-making.

  • Use strategic foresight to anticipate emerging risks and explore potential future scenarios. 

  • Translate forecasts into actionable risk mitigation strategies using the Recorded Future platform.

This session addresses challenges in malware detection and emphasizes proactive monitoring and risk reduction strategies. It highlights how Recorded Future's Malware Intelligence aids security teams with Malware Intelligence workflows for threat hunting, incident response, and detection. The session will also cover using Recorded Future AI and Auto YARA for analysis, reporting, and rule generation.

Course Objectives:

• • Hunt and investigate malware detections across millions of samples using our Triage and The Recorded Future Sandbox reports

  • Extract critical IOCs and signatures to accelerate your detection and response

  • Leverage Auto Yara to instantly generate detection rules 

  • Set up proactive alerts to monitor new malware submissions in real-time

This session utilizes Recorded Future’s Threat Intelligence Module and Recorded Future’s Sandbox.

Level up your Incident Response workflows with intelligence! Using the NIST 800-61 Computer Security Incident Handling Guide as a foundation, we’ll highlight multiple Recorded Future functionalities - Intelligence Cards, Custom Lists, Analyst Notes, Malware Intelligence, and more - that can help surface and organize the intelligence most relevant to you at each stage of the lifecycle. At each step we’ll also work through practical examples using the features so you can continue (or begin!) to work towards an intelligence-led Incident Response program in your organization. 

Course Objectives:

• • Understand how and why intelligence fits into the Incident Response Lifecycle

  • Incorporate Recorded Future platform features into their Incident Response process

This session utilizes Recorded Future’s Threat Intelligence, Vulnerability, Brand and SecOps Intelligence Modules.

Make your reporting a force multiplier for your team and organization. Whether you're an analyst looking to build more powerful reports or a leader aiming to get more value from your team’s output, this session is for you. We’ll cover the foundational frameworks of effective reporting and show you how to seamlessly integrate Recorded Future's AI into every step of your workflow, from framing intelligence requirements and finding evidence to generating the final report. Are you ready to transform your raw data into strategic intelligence?

Course Objectives:

• • Define and frame intelligence requirements by applying foundational reporting frameworks.

  • Leverage Recorded Future's AI to streamline research and evidence-gathering, enabling more efficient analysis.

  • Utilize AI capabilities to automate and enhance the drafting, summarization, and generation of reports.

  • Craft persuasive, data-driven deliverables that resonate with senior stakeholders and drive strategic action.

This session utilizes Recorded Future’s Threat Intelligence and Geopolitical Intelligence Modules.

Join us for a friendly Capture the Flag competition to wrap up the day! This is a Jeopardy-style game with questions of varying complexity whose answers can be found in the Recorded Future Platform using the skills you’ve learned throughout the day. There will be prizes for the top scores! A laptop is required for this.

Celebrate the start of Predict in The Loop — your hub for connection, discovery, and interactive experiences. After a full day of training, unwind with drinks and light bites alongside fellow attendees as the conference officially kicks off. 

Grab coffee, enjoy breakfast, and connect with fellow attendees as we kick off Day 1 of the main conference.

Join Recorded Future’s CEO, Colin Mahony, as he shares his vision for the evolution from intelligence gathering to decisive action. Chief Product Officer Jamie Zajac will then dive into how that vision comes to life, showing how leaders can leverage precision intelligence to make faster, smarter decisions and strengthen resilience in an ever-changing threat landscape.

Join Recorded Future’s co-founders, Dr. Christopher Ahlberg and Staffan Truvé, for an inspiring conversation on the evolving landscape of intelligence. Against the backdrop of rapidly advancing AI and increasingly sophisticated threats, they will share their vision for how precision intelligence is reshaping security and empowering defenders to act faster and smarter.

Cyber threat intelligence (CTI) programs often face intense budget scrutiny from executives who question their tangible value. This session shares proven strategies for building observable-based CTI programs that anchor intelligence efforts in documented activity within your environment rather than hypothetical threats. Attendees will learn practical approaches for showing value with Recorded Future in concrete use cases like monitoring brand impersonation, supply chain compromises, and other real-world threats, while ensuring seamless integration with existing security tools. You will also discover actionable methods for correlating intelligence with actual organizational events and communicating measurable ROI to leadership.

Don’t miss this special keynote session! An unforgettable session full of energy, insight, and moments that will have everyone talking.

Strategic Track 

Third-party risk has become a critical challenge for today’s organizations, with supply chains and vendor ecosystems introducing complex vulnerabilities. This session will examine how strategic use of precision intelligence empowers leaders to gain a comprehensive understanding of their third-party risk landscape.

Tactical Track

This presentation will be a case study on using Recorded Future cradle to grave to identify, analyze, and attribute adversary infrastructure and activity—from Playbook Alerting identification through Sandbox analysis of adversary operations to grouping TTPs with Visualizations. This comprehensive walkthrough will benefit every level of cybersecurity professional, providing analysts with platform mastery, managers with capability demonstrations, and power-users with advanced pivot techniques to increase adversary costs.

Tactical Track

Recorded Future’s Insikt Group presents an in-depth tactical analysis of the RedMike cyber espionage campaign, attributed to the Chinese state-sponsored group Salt Typhoon. This session will cover emerging exploitation techniques, attacker tactics, and practical guidance on detection and response.

Adversaries are now leveraging AI for more sophisticated, faster attacks. Relying on human-only intelligence is no longer feasible, but full AI automation introduces new strategic risks. The solution lies in a strategic partnership: human expertise as a critical control throughout the AI-augmented threat intelligence lifecycle. This session introduces a methodology for integrating human judgment and ethical oversight into every stage of the Intelligence Lifecycle. Attendees will learn how to move at the speed of AI while ensuring its output is critically assessed and risk is mitigated. The speaker will illustrate this methodology with strategic examples on vulnerability prioritization, third-party assessments, and measuring geopolitical risk.

Cyber threat actors don’t just exploit networks—they also exploit narratives. This talk explores how adversaries use branding and PR strategies to amplify the impact of their attacks. We’ll focus on specific examples where threat actors have directly engaged with the media, as well as where they have indirectly benefited from fear, uncertainty, and doubt generated by “crime spree” discourse. We’ll also look at how these narratives impact your company’s reputational and legal risks, focusing on the recent proliferation of class action lawsuits relating to data breaches. Finally, we’ll close with actionable steps you can take to get ahead of the narrative and proactively respond to cyber attacks

While most retailers get blindsided by cyber attacks, Total Wine sees them coming miles away using advanced threat intelligence to monitor dark web marketplaces, track brand abuse, and identify threats targeting their e-commerce empire, supply chains, and brand reputation. Join Daniel Erickson, Sr. Director of Information Security & Compliance, alongside Recorded Future’s Brand Intelligence product team as they share real attack scenarios Total Wine intercepted, the intelligence sources that made the difference, and practical strategies you can implement immediately in your own proactive defense program.

Third-party cybersecurity threats are affecting companies on an unprecedented scale, posing significant risk to data integrity and operations. At JPMorgan Chase, we have established a dedicated team focused on third-party threat intelligence and incident response. We will delve into our strategies for detecting, preventing, and responding to third-party cyber incidents, and provide a unique perspective for organizations seeking to enhance their supply chain cybersecurity in an increasingly connected world.

Tactical Track

Your adversaries don't work 9-to-5, so why should your threat hunting? This session presents a blueprint for building hunting programs that operate continuously, combining human expertise with autonomous capabilities to achieve 24/7 threat discovery. 

The place to be after the day’s sessions. Live music, craft cocktails, and a crowd that knows how to keep the energy going. Connect, unwind, and make the night count.

Start the day with coffee, breakfast, and conversation as you check in and get settled. Pick up your badge and connect with peers before the main stage program kicks off.

Join Colin Ahern, Chief Cyber Officer of New York, for a conversation on how intelligence drives action in the city that never sleeps. This session will explore the role of real-time intelligence in keeping critical infrastructure and communities secure, highlighting how insights inform decisions and shape responses in a complex, fast-moving environment.

Michelle will share how accurate, real-time intelligence delivered in the right context can be the difference between disruption and disaster. She will explore how unified intelligence feeds support crisis response, executive protection, and cyber incident response, from thwarting targeted attacks on offices or events to safeguarding people on the ground. Attendees will gain insight into the value of a threat intelligence platform that integrates multiple sources to help teams act decisively and protect what matters most.

Strategic Track

Threat intelligence is only as powerful as the influence it holds at the top. This session explores how to translate complex intelligence into clear, compelling narratives that resonate with executives. Attendees will learn to connect cyber risk to business impact, cut through the noise, and inspire decisive leadership action.

Tactical Track 

This session will detail how Mastercard uses threat intelligence to build realistic, high-fidelity attack simulations informed by real-time intelligence on adversary tactics, techniques, and procedures (TTPs). Attendees will learn how to use the Recorded Future platform in conjunction with the MITRE ATT&CK framework to focus on testing their defenses against the attack paths and behaviors of prominent threat actors.

Strategic Track

While traditional vulnerability management focuses on what's broken, modern exposure management demands we understand what matters most before adversaries do. This session explores how leading security organizations are leveraging threat intelligence to transform exposure management from a reactive patching exercise into a predictive, risk-based discipline.

This session unveils our upcoming game-changing capabilities for the agentic security era. Our new MCP (Model Context Protocol) integration enables seamless connection between our Intelligence platform and your existing AI tools—SOC automation, security copilots, ChatGPT, or internal agents—creating a unified defense network. Learn how you can position your organization at the forefront of the agentic security revolution.

Most SOCs dismiss low-severity alerts like blocked phishing emails as routine noise, but these are often early warning signs of coordinated attacks. This session demonstrates how feeding internally generated IoCs back into Recorded Future transforms overlooked alerts into threat campaign insights. We'll demonstrate how a single blocked email can expose coordinated attacks targeting multiple executives, shifting defenders from reactive triage to proactive campaign detection.

Strategic Track

What if the most valuable threat intelligence isn't found in feeds, forums, or the dark web? This session pulls back the curtain on Recorded Future's proprietary collection methods that capture thousands of unique indicators daily – intelligence that exists nowhere else in the threat landscape.

Security leaders today must do more than collect threat intelligence—they must transform it into coordinated action that delivers measurable business value. This panel brings together experienced security leaders who have successfully bridged the gap between security insights and organizational impact.

Our panelists will share their proven strategies for translating threat intelligence into decisive action, reducing business risk, optimizing team operations, and demonstrating clear ROI from intelligence investments. Discover how leading security teams leverage intelligence to drive meaningful outcomes that align with their organization's strategic priorities and deliver tangible business value.

Join us for a fireside chat with author Chris Miller, moderated by Adam Janofsky, Editorial Director at The Record. They will explore the global forces shaping technology, geopolitics, and security today, offering insights into emerging trends and strategic decision-making.