Article
Oct 17, 2025

A cyberthreat analyst who’s ‘taking on the bad guys’

Cybercriminals are more sophisticated than ever. But Cisco Talos’ Sara McBroom is helping detect, analyze, and thwart their worst efforts.
A cyberthreat analyst who’s ‘taking on the bad guys’

Sara McBroom once dreamed of putting bad guys away as a prosecutor for the International Criminal Court. But a passion for cybersecurity led her towards threat research instead.

She still gets to ruin a bad guy’s day.

Working first with the U.S. government and today as a security research engineer and manager for the Cisco Talos Intelligence Group, she uncovers some of the biggest security threats facing the planet — particularly from nation-state actors — and helps spread warnings and countermeasures far and wide.

In a far-ranging interview, we spoke with Sara about Cisco Talos, cyberthreats in the AI age, her efforts to encourage young women to enter cybersecurity, and much more.

 

Thank you, Sara! Let’s start with a bit of background. Cybersecurity was not in the plan when you first began mapping your future.

Thanks, Kevin! I went to college with a profound calling to serve my country and the world, and I really wanted to be a lawyer on the International Criminal Court. But I ended up taking a few different undergrad classes that led me in a different direction, towards cybersecurity. Then I heard about a program called Scholarship for Service, where you could get your grad school paid if you worked for two years in the federal government. That turned into a great way to accomplish what I wanted to do: taking on the bad guys.

Working as a threat analyst U.S. government, you certainly got to do that.

Exactly, I wanted to put bad guys away and make their day not great, and this has always been a great way to do that.

And at Cisco Talos, you’re really giving those bad guys a hard time. Tell us about your role.

So, I'm lucky enough to lead four wonderful gentlemen, where we focus primarily on nation-state threat actors — China and Russia being the two biggest focuses of our work. And we get to do lots of deep dives into tippers and partnerships that we have with other organizations, governments, etc. Then we take this intelligence, process it through all of our systems, and share it back with them. We engage in ongoing conversations about the threat trends that are high priority for our customers, for our partners, and for Cisco as an organization.

What are some potential targets that you are trying to protect?

It’s all encompassing. We have this concept of defense industrial base that nation states target. It could be government, military, private-sector organizations, or critical resources like water plants, etc. So, it requires a lot of partnership and crossover between the public and private sectors to make sure that they have a bad day and that they don't get to do what they want to do.

Given how relentless and sophisticated cyber threats are getting, what scares you most?

I don’t want to sound too critical, but many organizations are still bad at the basics. We call it eating your cyber vegetables. So, I'm talking about changing your passwords regularly. I'm talking about using MFA, updating your devices, replacing end-of-life devices so that you can continue to get security updates. Bad actors are targeting devices with end-of-life vulnerabilities from 2018. A lot of organizations think, “Hey, if it if it's not broken, don't fix it.” In reality, the devices are broken and do need to be fixed.

What are some nation-state actors targeting older devices?

Two of these groups are Arcane Door and Static Tundra. I authored blogs warning about these with my colleague Brandon White. At Talos, we’ll keep pushing out threat intelligence to ensure that people are aware of these and other threats.

At the same time, AI is enabling more sophisticated phishing and social engineering attacks.

Yes. We've seen people using AI to write fake phishing emails, and if you throw in deep fakes it gets even more complicated. But people need to understand that we are in a trust-but-verify world. The internet is unfortunately a place where more bad than good happens. And that’s something to be very mindful of whether you're opening your Facebook account and clicking a link that somebody sent you in your messenger or whether you're checking email on your corporate system. There’s a level of suspicion that we unfortunately have to carry through with us at all times.

We could talk a lot about Cisco’s security technology. But given your vantage point at Talos, what is unique about Cisco’s threat intelligence?

I think the big thing that we have going for us is the people. I don't want this to sound like a cliché, but I look at my colleagues, and they are second to none. They are all wildly intelligent, scary smart, great at their jobs, and eager to help.  A lot of places are very, very siloed. But the beauty of this organization is that you can ask anyone for help.

So, despite AI automating so much, the human element is critically important.

It is. We still need that human touch. For example, when it comes to analytic assessments of attribution of different threat actors and what government organization they’re tied to, these are very nuanced. And we need, like, people with PhDs in Russian history. That's not a level of knowledge that an AI is going to be able to understand. 

Cybersecurity has not always been super friendly for women. Do you feel you can be a mentor and inspiration?

Yes, I love the opportunity to get involved with women in STEM events. There's a wonderful woman I work with at Talos named Samantha Siemen. And she runs a lot of community outreach events focused on women and young girls. Sammi has done an awesome job of finding opportunities where we chat with these girls about how cool and awesome it is to be a woman in cyber.

Just about every study ever has reinforced the strengths of diverse teams.

Yes, and I think on both an emotional and professional level, women think a little bit differently than men. And one of our hugest strengths is decreasing a lot of the toxicity that unfortunately has been present in cyber security. It can be hyper competitive, and people struggle with things like imposter syndrome. And so, we’re making sure to bring emotional empathy and emotional intelligence to the field.

There are plenty of challenges in the threat landscape. What excites you about the future and what you and your teams can accomplish?

I'm super excited to see how we can use AI to augment the really, really smart people who are here. By utilizing AI to do things that are mundane and routine, it’s going to free up our brains to focus on the big tasks. Also, I'm really excited to be in a place where we have a healthy and mindful approach to AI adoption. Cisco and specifically Talos are doing a really good job of thinking about when and where to responsibly add AI to our processes — to speed things up and make things better for the analysts.  

And what’s good for threat analysts is good for the world.

Yes! The quicker we can stop the bad guys from being able to use that malware or that piece of software to do bad things on the internet, that helps everybody.

 

 

 

Related Content

Cisco AI Research: The Most AI-ready Companies Outpace Peers in the Race to Value
Cisco AI Research: The Most AI-ready Companies Outpace Peers in the Race to Value
The ‘Pacesetters’ are 4x more likely to move AI pilots into production, and 50% more likely to report measurable value from AI.
Artificial Intelligence
Oct 14, 2025
Agentic AI and the future workplace
Agentic AI and the future workplace
Cisco’s Anurag Dhingra, on how Cisco can empower organizations to meet the challenges and capture the value of the AI revolution.
Artificial Intelligence
Oct 01, 2025
The Sovereign Critical Infrastructure portfolio for Europe’s AI future
The Sovereign Critical Infrastructure portfolio for Europe’s AI future
A new hardware and software portfolio for European customers that enables more control, more autonomy and more resilience.
Networking
Sep 24, 2025
Back to Top