Managing threat intelligence for 20,000 companies reveals patterns invisible to most security leaders. Alex Bovicelli, Senior Director of Threat Intelligence at Tokio Marine HCC, sees hundreds of ransomware events monthly, giving him a perspective that challenges industry assumptions about modern threats. The sophisticated attacks making headlines aren't what's devastating smaller organizations. It's groups like Akira Ransomware perfecting SSL VPN brute forcing over years, targeting predictable gaps in authentication controls. Alex and Ben discuss how cyber insurance shifted from paper applications to technical risk assessment as ransomware as a service exploded, why Alex’s team focuses on native tools and simple configurations rather than threat feeds with obsolete IoCs, and what happens when you alert thousands of companies simultaneously about the same vulnerability. Alex shares his framework for extracting expertise from team members as you lose technical depth in leadership, and emphasizes that emotional intelligence matters more than maintaining hands-on skills. Stories We’re Telling Today:  How cyber insurance evolved from paper risk assessments to technical threat intelligence teams as ransomware-as-a-service changed the threat landscape Why most ransomware events targeting smaller companies involve brute forcing rather than sophisticated techniques that make headlines The strategic evolution of groups like Akira Ransomware spending years optimizing specific attack vectors against particular appliances Building security programs around native tools and simple configurations that smaller teams can implement without enterprise budgets or dedicated security staff Why threat intelligence teams must understand operational constraints before recommending configurations or expecting system rebuilds Creating team cultures where ego is removed from the equation and diverse skillsets contribute to program success Leveraging free resources and community editions of commercial tools for organizations with limited resources Why transparency about program direction helps individual contributors participate strategically rather than just executing tasks The transition from individual contributor to manager, requiring emotional intelligence over technical skill maintenance Building mentorship programs around understanding why people want to work in security rather than just teaching technical capabilities Screening for the hunter's mindset and trustworthiness during hiring rather than specific tool expertise or certification counts   Too busy; didn’t listen:  Visibility across 20,000+ companies reveals most breaches come from SSL VPN brute forcing and weak authentication, not sophisticated attacks that make headlines. Effective security leadership means removing ego and extracting team expertise as you lose technical depth, not pretending to be the smartest person in the room. Alex's team uses simple configurations with native tools and free resources, partnering with startups that support smaller budgets instead of enterprise-only solutions. The transition from technical contributor to manager requires emotional intelligence and understanding individual motivations more than maintaining hands-on technical skills. Purpose-driven programs where teams believe they're protecting organizations at scale outperform programs driven by ROI metrics or ego. Skip to the Highlight of the episode:  [32:39-33:15] I think it is critical for leadership to be very clear in the overall path of the program and the company so that those individual contributors can actually feel like they're participating in a strategic manner. I think the other thing that I find to be an issue that I've noticed is that as an industry we are expecting these kids to get out of school and just have 17 certifications, a master's in whatever, you know, and, we've actually lost touch with the fact that maybe, like, older generations, we understood it was a craf