# The Adversary Manifesto: A Q&A with CrowdStrike’s VP of Threat Intelligence

Adam Meyers runs CrowdStrike’s Global Threat Intelligence team and is responsible for creating actionable intelligence that enables customers to understand the who, what, and why of a targeted attack. We visited with Meyers to learn more about his approach to cyber security.

Who or what are adversaries?
Adversaries are the humans behind the attacks. We spent years in security focusing on malware and exploits and techniques, but not on who is perpetrating them. There are humans behind the attacks, so we watch for patterns, use intel to zero in on the human element. We ask who they are, what their motivation is and what types of things they are likely to do in the future. By learning what is happening, we can develop scenarios for what might happen in the future.

What types of adversaries are there?
We place most of our adversaries in three main categories and then will further delineate by commonalities.

There are three main types of actors in the adversary space:

1. Targeted Intrusion – typically espionage tied to a nation state (national security, industrial espionage, dissident control)
2. Criminal – criminalization of the Internet – who are they and what are they doing and help customers create unique ways to protect themselves; motivated to make  with different tactics
3. Hacktivists and nationalists – these actors are focused on bringing visibility to their cause

Currently, we are tracking more 70 different adversary groups, which can be as small as one person or include thousands. For each adversary, there is a constant stream of fresh intelligence about activities. That’s why we say, ‘You don’t have a malware problem, you have an adversary problem.’

What can adversary intelligence tell us about the state of security?