Murray leads Threat Intelligence at ctrl:cyber, applying sharp technical instincts and calm, confident leadership. 

His journey into the role has been shaped by curiosity, hands-on experience, and a focus on constant improvement. See what he has to say about stepping into the role, what drives him, and why threat intelligence keeps him thinking. Read the full Q&A below. 

 

Q. You’ve recently transition from Senior Security Engineer to Threat Intelligence Lead, tell me more about what this change looks like?  

A. This change involves a focus on delivering quality Cyber Threat Intelligence across Ctrl’s client environments. It also means refining detection engineering to reduce noise and surface valuable alerts. Another key focus is collating information from multiple sources to prepare for any type of attack chain. It is not only about proactive defence, but leading Incident Response engagements when clients are impacted, ensuring swift containment and support. 

 

Q. What has your history looked like at Ctrl? 

A. I started as a SOC Analyst, moving into a Security Engineer role, then into Senior Security Engineer after engaging in further professional experience and study. Part of this role included leading the technical side of Incident Response for a range of incidents including Ransomware, Business Email Compromises, Malware Vishing and 3rd Party Supply Chain compromises which has now led to becoming Threat Intelligence Lead. 

 

Q. And what does success look like to you in this new role? 

A. Seeing the trust in our team when attacks are identified or contained and proactively stopped through attack surface hardening and best practices recommendations. 

 

Q. Can you tell me what your day-to-day looks like? 

A. No day is ever the same, however the last 24 hours was spent reviewing key events across client environments, identifying patterns, and strengthening their security posture through analysis and collaboration. I have also been collaborating with the Red team and providing guidance to the wider Blue team to help teach and improve capabilities. 

 

Q. What excites you most about where Ctrl is heading next? 

A. Providing Digital Forensics and Incident Response to organisations affected by compromises and assisting them to mitigate further damage and restore business operations.  

 

Q. What is it about threat intelligence that keeps you engaged? 

A. The everchanging tactics, techniques and procedures that are used by adversaries during campaigns whether they be novel, or advanced. Identifying and seeing attacks in real time allows to me to always be thinking, learning, growing; allowing me to continuously improve organisations security postures. 

 

Q. How do you define good threat intelligence in a business context? 

A. Providing quality over quantity. 

 

Q. What’s one emerging threat that CISOs might be underestimating right now? 

A. Credential / token theft and buying / stealing credentials. While this is not a new tactic, adversaries have made a large shift in focus on compromising an organisations cloud through identities. Without expensive licensing or logging capabilities, an organisation’s ability to detect and proactively implement security controls become limited and relies on assigned budget. 

 

Q. Who’s one person, inside or outside the industry, who inspires how you work? 

A. Florian Roth. He’s the mind behind tools like THOR and Sigma, shaping how defenders detect threats. His open-source work has set the standard for threat intel worldwide. 

 

Q. What can we catch you doing outside of work? 

A. Parenting a year and a half old golden retriever, gym, golfing & studying. 

 

Q. What does Cyber Together mean to you? 

A. The sharing of cyber threat intelligence (CTI), knowledge, best practices and professional advice in the wider cyber community to both educate and prevent. 

From refining threat alerts to leading incident response, Murray plays a key role in strengthening how organisations prepare and respond. His focus on clarity, collaboration, and practical threat intelligence is helping Ctrl lift the standard across every engagement. Want to strengthen your threat intelligence capabilities? Explore ways to stay ahead with expert support.