About Me
Hello! My name is Ivan Righi, and I'm a cybersecurity researcher with expertise in cyber threat intelligence, dark web research, and building cool stuff (like this site). I began my journey at Digital Shadows and now serve as a Senior Cyber Threat Intelligence Analyst at ReliaQuest, following ReliaQuest's acquisition of Digital Shadows in 2022.
I have over six years of experience in cyber threat intelligence, primarily in senior roles. I hold a Master's degree in Cybersecurity and certifications including GIAC Reverse Engineering Malware (GREM) and Security+.
One of my hobbies is creating apps and tools for cybersecurity research. I've built hundreds of tools to automate research, streamline repetitive tasks, and make the work more fun. My approach is simple: if it can be automated, I'll do it-because the process is fun and the results are sweet.
Outside of cyber, I enjoy spending time with my lovely fiancée in the beautiful state of Oregon. I've also dabbled in filmmaking and graphic design, so I have a creative side too. If visiting my site made your day a little brighter, that makes mine. If you want to reach out, feel free to do so!
Awards
Awards received by Ivan Righi.
- Best Cyber Threat Intelligence Analyst (2023)
(Wealth & Finance)
Voted the "Best Cyber Threat Intelligence Analyst in Tampa, Florida" by a board of judges. - Excellence Award (August 2023 and February 2025)
Award at ReliaQuest by management to recognize excellence by an employee in a quarter. - Joan Clarke Award (20 Oct 2021)
Award at Digital Shadows by management to recognize substantial employee contributions. - Joan Clarke Award (08 Jun 2021)
Award at Digital Shadows by management to recognize substantial employee contributions. - Richards Heurer Award (06 Aug 2020)
Award at Digital Shadows nominated by other CTI analysts to acknowledge contributions. - Joan Clarke Award (11 Jun 2020)
Award at Digital Shadows by management to recognize substantial employee contributions.
Immersive Labs
Cybersecurity labs learning platform.
- Labs Completed: 590
- Points: 83,550
- Company Rank: 1
- Global Rank: 1 (2023)
- Rank 1 out of over 38,000+ users in 2023
Immersive Labs completed by Ivan report: Download File
Media Mentions
Professional commentary by Ivan Righi picked up by news agencies. Below is a small sample. Ivan has been quoted over 5,000 times by media agencies. (Search citations)
- Krebs on Security - Blog feature, relating to Q3 2021 ransomware
- CNN - Commentary on RaidForums seizure
- Forbes - Blog feature, relating to Q2 2022 ransomware
- Fox News - Commentary on Wisconsin voter data exposed
- Fox News - Blog feature, relating to SMS-phishing scams
- Wired - Commentary on Killnet hacktivist group
- Voice of America (VOA) - Video interview over Killnet attacks on US
- The Guardian - Commentary on update on Facebook breach
- The Guardian - Commentary on Facebook data breach
- 300+ ABC, CBS, NBC, Fox channels - Commentary on RaidForums seizure (ABC)
- 300+ ABC, CBS, NBC, Fox channels - Commentary on Facebook data breach (CBS)
- 300+ ABC, CBS, NBC, Fox channels - Commentary on Facebook data breach (NBC)
- 300+ ABC, CBS, NBC, Fox channels - Commentary on Facebook data breach (ABC)
- 300+ ABC, CBS, NBC, Fox channels - Commentary on Facebook data breach (FOX)
- Agence France-Presse (AFP) - Commentary on ShinyHunters group
- Liberation Newspaper (French Nationwide Newspaper) - Commentary on ShinyHunters group
- Rzeczpospolita (Polish Nationwide Newspaper) - Commentary on Killnet hacktivist group
- Dagens Nyheter (Swedish Nationwide Newspaper) - Commentary on Killnet hacktivist group
- European Union Agency for Cybersecurity (Enisa) - Reference to my research on the Killnet hacktivist group
- Singapore Computer Emergency Response Team (SingCERT) - Reference to my research on the Killnet hacktivist group
- The Register - Commentary on Ransomware vs. Extortion
- The Register - Commentary on STORMOUS ransomware
- The Register - Commentary on PDF file threats
- Washington Examiner - Blog feature, relating to Killnet hacktivist group
- The Record - Commentary on Lapsus$
- The Record - Commentary on Karakurt Hacking Team
- CyberWire - Comment on HolyGhost ransomware group
- CyberWire - Blog feature, relating to Q3 2021 ransomware
- CyberWire - Blog feature, relating to ShinyHunters group
- CyberWire - Commentary on Facebook data breach
- The Sun - Commentary on voter data for sale
- Dark Reading - Commentary on Killnet attacks on US airports
- Dark Reading - Commentary on Brute Ratel exploitation
- Dark Reading - Blog feature, relating to Q3 2021 ransomware
- Dark Reading - Commentary on REvil's reappearance
- Dark Reading - Commentary on Accellion supply-chain attack by Clop
- TheStreet - Commentary on wiping data on devices
- KnowBe4 - Blog feature, relating to Q3 2021 ransomware
- ThreatPost - Commentary on LockBit 2.0 ransomware
- ThreatPost - Commentary on Ziggy ransomware group refunds
- ThreatPost - Commentary on default credentials vulnerabilities
- ThreatPost - Commentary on COMB data breach 3.2B accounts
- ThreatPost - Commentary on NetWalker ransomware seizure
- ThreatPost - Commentary on ZeroLogon vulnerability
- ZDNet - Blog feature, Q1 2022 ransomware trends
- ZDNet - Commentary on decryptors for ransomware
- ZDNet - Commentary on Marketo's attack on Fujitsu Update
- ZDNet - Commentary on Marketo's attack on Fujitsu
- Security Magazine - Commentary on master key being released for Kaseya attack
- Security Magazine - Commentary on Acer ransom attack by REvil
- Security Magazine - Commentary on Zerologon vulnerability
- Security Magazine - Commentary on Wisconsin voter data
- Gov Info Security - Blog feature, relating to Q3 2021 ransomware
- Gov Info Security - Commentary on Babuk attack on DC Metro Police
- Gov Info Security - Commentary on Egregor ransomware & Qbot
- Channel Futures - Commentary on Facebook data breach
- Channel Futures - Commentary on Acer ransom attack by REvil
- SC Media/Magazine - Commentary on Killnet attacks on US airports
- SC Media/Magazine - Commentary on Acer ransom attack by REvil
- SC Media/Magazine - Commentary on DriveSure data breach
- SC Media/Magazine - Commentary on Hezbollah APT breaching servers
- SC Media/Magazine - Commentary on DDoS ransom attacks
- SC Media/Magazine - Commentary on fourth SolarWinds malware
- SC Media/Magazine - Commentary on Sunburst malware
- Security Boulevard - Commentary on Killnet attacks on US airports
- Security Boulevard - Commentary on Initial Access Brokers
- Security Weekly - Commentary on Netwalker data leak site seizure
- SiliconAngle - Commentary on Killnet attacks on US airports
- SiliconAngle - Commentary on SolarWinds malware
- Decipher - Blog feature, Q2 ransomware analysis
- Data Breach Today - Commentary on Babuk and DC Metro Police
- Kim Komando - Blog feature, relating to SMS-phishing scams