Register: This is a Hybrid meeting. A dinner meal will be served (Meal menu TBD). REGISTER HERE for IN PERSON & ONLINE Zoom, Location Broadcom Office 12100 Sunset Hills, Suite 100, Reston, Virginia 20191 United States. Metro Station Accessible. Registration closes on Wednesday 04/15/2026.
Abstract: Cybercrime has evolved into a sophisticated, profit-driven industry. Today’s threat
actors operate with the efficiency of modern businesses, complete with specialized
roles, affiliate programs, and customer service operations. This session pulls back the
curtain on the economics driving ransomware and data extortion attacks, providing
defenders with the intelligence they need to anticipate and counter these threats.
We’ll begin by examining the Ransomware-as-a-Service (RaaS) model and how the
affiliate structure has democratized cybercrime, enabling fewer technical actors to
launch devastating attacks while operators focus on malware development and
infrastructure. Understanding this division of labor reveals critical vulnerabilities in the
threat actor supply chain that defenders can exploit.
The threat landscape is shifting. We have been witnessing for the last few years a
marked increase in data theft-only attacks, where threat actors bypass encryption
entirely in favor of pure extortion. This session traces the evolution from single extortion
through double and triple extortion tactics, explaining why attackers have and continue
to adapt their methods and what this means for organizational risk profiles.
How do threat actors choose their targets? We’ll decode the victim selection process,
examining the financial, operational, and strategic factors that make organizations
attractive to different threat groups. This analysis extends into practical applications of
threat intelligence, moving beyond indicators of compromise to understand attacker
motivations, capabilities, and patterns that inform proactive defense.
The session concludes with actionable strategies for turning attacker economics against
them. We’ll explore how organizations have successfully adapted their defenses based
on threat actor behavior and outline key proactive steps that security teams can
implement immediately. By understanding the business model driving these attacks,
defenders can make their organizations less profitable targets and more resilient when
incidents occur.
Key Takeaways: Attendees will leave with a comprehensive understanding of the RaaS affiliate model
and its implications for defense, insight into why data theft-only attacks are rising and
how to prepare, knowledge of threat actor targeting criteria and how to reduce
organizational exposure, practical frameworks for applying threat intelligence to
defensive strategy, and concrete actions to improve resilience against modern extortion
tactics.
About the Speaker: Marc Bleicher has a diverse work experience in the field of cybersecurity and technology. Marc currently serves as the Chief Technology Officer at Surefire Cyber Inc. since January 2022. Before that, he worked as a Managing Director at Arete Advisors from July 2019 to January 2022. Prior to that, Marc held the position of Senior Manager at Accenture from February 2018 to July 2019 focused on cyber investigation and forensics response. Marc also served as the IR Lead at Fidelis Cybersecurity from January 2015 to February 2018. Before Fidelis, Marc worked as a Team Lead at VMware Carbon Black from December 2012 to January 2015 and as a Senior Security Advisor at Secureworks from July 2012 to December 2012. Their earlier roles include being an Associate at Booz Allen Hamilton from July 2009 to July 2012, a Security Engineer at Superlative Technologies from July 2007 to July 2009, and a System Administrator at BRTRC Federal Solutions from December 2003 to June 2007.
Marc Bleicher holds a Master of Science (MS) degree in Computer Science from Boston University. Prior to that, he earned a Bachelor of Science (BS) degree from James Madison University. In addition to their formal education, Marc has obtained certifications such as Access Data Certified Examiner from AccessData, and he also hold certifications from CompTIA, EC-Council, and Guidance Software, including A+, CEH, CHFI, EnCE, and Security+.
Related Posts
May 14th, 2026 @5:30 PM – Microsoft’s Bob Peters and Michael Williams – From Standards to Strategy: Post‑Quantum Migration Playbook for Security Leaders- Agentic AI for Cybersecurity Professionals Workshop – April 27th and 29th – 6:00 pm to 9:30 pm ET
- Cybersecurity Maturity Model Certification (CMMC) Workshop – March 23rd and 25th, 2026 – 6:00 pm to 9:30 pm ET
- March 19th, 2026 @5:30 PM – Randy Soper on AgentOps Concepts and Shadow Agents
- Generative AI for Cyber Auditors Workshop – February 23rd and 25th, 2026 – 6:00 pm to 9:30 pm ET
- February 19th, 2026 @5:30 PM – Kevin Greene on Reshaping Adversary Behaviors