In the final Fusion Fireside episode of 2025, we sit down with John Fokker, Vice President of Threat Intelligence Strategy at Trellix. John’s impact on cybersecurity is remarkable: few people share insights as frequently and as clearly as he does. His experience and easy-going manner make complex dynamics understandable—and (dare we say) entertaining.

From Marine Corps to Cybercrime Fighter

John’s career path is anything but ordinary. Starting in the Dutch Marine Corps, he transitioned to the Dutch National High-Tech Crime Unit, where he spearheaded major cybercrime investigations and co-founded the NoMoreRansom Project—a global initiative that has helped countless victims recover from ransomware attacks without paying criminals.

Leading Global Threat Intelligence

Today, John oversees a 50-strong team of analysts spread across multiple time zones, collectively processing hundreds of millions of malicious file detections every month. His leadership philosophy is clear: empower analysts to act decisively. By decentralising decision-making, John ensures critical threats are flagged quickly, while maintaining close collaboration with law enforcement when legal boundaries come into play.

Insights from the Fireside

During our conversation, John shared several standout perspectives:

• Lessons from Law Enforcement: Discipline and precision from his policing days underpin his approach to threat intelligence.
• Generative AI’s Impact: 2025 has seen AI reshape attack patterns, making detection and attribution more complex.
• Black Basta Case: A defining moment this year, highlighting the blurred lines between cybercrime and nation-state agendas.
• Looking Ahead: John warns of emerging threats in 2026 and urges CISOs to integrate threat intelligence deeply into fraud prevention workflows.

Fraud in 2026: A New Battleground

John emphasised that the threat landscape is increasingly converging with financial fraud. Sophisticated ransomware groups and nation-state proxies are exploiting stolen identity data and payment systems, creating hybrid attacks that blur traditional boundaries. For fraud prevention teams, this means threat intelligence is no longer optional—it’s a critical layer for detecting patterns that signal coordinated campaigns, not just isolated fraud attempts.

Why This Matters

As geopolitical tensions rise and cybercrime converges with nation-state interests, John’s experience offers a roadmap for security leaders navigating uncertainty. His advice? Stay agile, empower your teams with information, and anticipate the unexpected.

Explore previous episodes:
https://www.threatfabric.com/fusion-fireside