Security Conversations covers the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. Thoughtful conversations with security practitioners on threat intelligence, zero trust, securing cloud deployments, penetration testing, bug bounties, advancements in offensive research and targeted malware espionage activity. Connect with Ryan on Twitter (Open DMs).
…
continue reading
The editors of Decipher talk with a rotating cast of security practitioners, researchers, and executives about a variety of topics in the security and privacy fields.
…
continue reading
1
The Challenges of Reporting on Complex Intrusions With Ryan Naraine
26:13
26:13
Afspil senere
Afspil senere
Lister
Like
Liked
26:13
Veteran security journalist and podcaster Ryan Naraine joins the Decipher podcast to discuss the challenges of separating fact from fiction when reporting on complex incidents such as the Snowflake breach.Af Decipher
…
continue reading
Michael Mann's 1995 thriller Heat is considered by many people to be the best crime movie ever made. And hidden inside the intricate plot is a story of a lone hacker with a background at DARPA who uses his skills to set up scores for the crews in LA's underworld. Meg Gardiner, the co-author of Heat 2, and Casey Ellis, cofounder of Bugcrowd, join De…
…
continue reading
Amy Bogac, a longtime security executive with a deep background in systems administration and networking, joins Dennis Fisher to talk about how she came to security, how her background in communications informed her career choices, and the difficult conversations that need to occur before someone has to push the button during an incident.…
…
continue reading
A few days after Microsoft announced the new AI-enabled Recall feature--generating tremendous concerns and pushback from the security and privacy communities--the company had decided to disable it by default, but many concerns still remain. A month after the company's CEO proclaimed that it would be "prioritizing security above all else", how did t…
…
continue reading
Garrett Yamada, associate director of identity security at Texas A&M University, talks about his experiences navigating identity challenges, building an identity-centric strategy and moving away from “home-grown, home-managed systems” that were historically used for authentication.Af Decipher
…
continue reading
Sarah Powazek, the Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, joins Dennis Fisher to talk about her work in setting up Cybersecurity Clinics at high education institutions around the country to help bring knowledge and skills to underserved organizations.…
…
continue reading
1
Caitlin Condon on the Attack Intelligence Report
29:22
29:22
Afspil senere
Afspil senere
Lister
Like
Liked
29:22
Caitlin Condon of Rapid7 joins Dennis Fisher to dive into the juicy tidbits from the Rapid7 Attack iNtelligence Report, including the rise in attacks on zero days, ransomware proliferation, and why network edge devices remain a major problem. Read the report here: https://www.rapid7.com/c/fr-2024-attack-intelligence-report-TY/1/…
…
continue reading
Chris Langford, Director of Network, Infrastructure, and Cyber Security at the Lewisville Independent School District, talks about how having experience in the classroom has helped him from a cybersecurity perspective, and how we can best educate the next generation of students on cybersecurity best practices.…
…
continue reading
At RSA Conference 2024, Kelly Shortridge, senior director of portfolio product management at Fastly, talks about the first steps organizations can take toward adopting a Secure by Design mindset and how businesses can approach the challenge of sustaining resilience in complex systems.Af Decipher
…
continue reading
1
RSA 2024 Preview: What are These Sessions Even About?
53:55
53:55
Afspil senere
Afspil senere
Lister
Like
Liked
53:55
In this special episode, Dennis Fisher and Lindsey O'Donnell-Welch are joined by Brian Donohue of Red Canary to preview the RSA conference talks they're excited about and to try to make sense of some of the session titles that are maybe a little indecipherable.Af Decipher
…
continue reading
Lindsey O'Donnell-Welch turns the tables on Decipher editor-in-chief Dennis Fisher in this episode of Memory Safe to find out how his background covering crime prepared him for the cybersecurity beat, why Ferris Bueller's Day Off is his favorite hacker movie, and how much the security world has changed in the last 20 years.…
…
continue reading
In this week's Source Code podcast, we go over findings from a newly released Ransomware Task Force report and give an update on the types of data accessed in the Change Healthcare ransomware attack.Af Decipher
…
continue reading
The Salvation Army’s Lachlan McGill, general manager of cyber risk and compliance, and Euan Moore, security operations manager, talk about their experiences building a strong cybersecurity foundation, navigating the organization’s unique challenges and fostering a culture around security awareness.Af Decipher
…
continue reading
In this week’s Source Code podcast, we discuss new reporting from Change Healthcare parent UnitedHealth Group that the massive ransomware attack has cost the company $872 million so far. We also talk about recent research about Sandworm, which has been designated by Mandiant as APT44.Af Decipher
…
continue reading
Cody Stokes, a security leader at Procellis Technology, joins Dennis Fisher to talk about his time in the Marine Corps, the challenges of breaking into the cybersecurity field, and the fulfillment he gets from helping to protect users.Af Decipher
…
continue reading
1
Cris Neckar on the early days of securing Chrome, chasing browser exploits
54:36
54:36
Afspil senere
Afspil senere
Lister
Like
Liked
54:36
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at…
…
continue reading
In this week’s Memory Safe episode, Sherrod DeGrippo of Microsoft talks about her first experiences with hacker culture, why a Stanley Kubrik movie shows a glimpse of what AI is, and how she makes sure that “threat intelligence hits the right note.”Af Decipher
…
continue reading
1
Costin Raiu joins the XZ Utils backdoor investigation
51:33
51:33
Afspil senere
Afspil senere
Lister
Like
Liked
51:33
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Malware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, a…
…
continue reading
Dan Lorenc, co-founder and CEO of Chainguard, joins Dennis Fisher to dig into the recent XZ Utils backdoor incident, the implications for the open source ecosystem, and what can be done to avoid similar incidents in the future. Then they discuss the problems facing NIST's National Vulnerability Database and the CVE ecosystem.…
…
continue reading
Rick Gordon of Tidal Cyber joins Dennis Fisher to discuss his path from the US Naval Academy to submarine officer to Wall Street and finally to the cybersecurity industry, where he's worked for the last 25 years. Dennis and Rick also talk about the importance of the community aspect of cybersecurity and why it's vital to the collective defense.…
…
continue reading
In this week's Source Code news wrap podcast, we talk about a report by the U.S. Treasury Department looking at AI-specific cybersecurity risks in the financial sector, CISA's newly released Notice of Proposed Rulemaking document for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), and recently discovered activity linked to AP…
…
continue reading
Jack Cable, senior technical advisor at the Cybersecurity and Infrastructure Security Agency (CISA), talks about his past experiences with bug bounty programs, CISA’s Secure By Design initiative and its efforts to help secure the open-source software ecosystem.Af Decipher
…
continue reading
Brian Donohue of Red Canary joins Dennis Fisher to talk about some of the surprising findings from the company's new 2024 Threat Detection Report, including why identity based attacks continue to work so well and how attackers are approaching the shift to the cloud.Af Decipher
…
continue reading
In this week's Source Code podcast, we talk about Patch Tuesday updates and the HHS investigation into the ransomware attack on Change Healthcare.Af Decipher
…
continue reading
Decipher editors Dennis Fisher and Lindsey O'Donnell-Welch talk about the BlackCat ransomware attack on Change Healthcare that has crippled the company and affected the ability of thousands of health care providers, pharmacies, and hospitals to get paid and submit claims.Af Decipher
…
continue reading
Daniel Cuthbert, global head of cybersecurity research at Banco Santander, joins Dennis Fisher to talk about getting his first computer, a ZX Spectrum that he still owns (!), finding his way into hacking through IRC, his passion for photography, and his surprising alternate career path.Af Decipher
…
continue reading
In this week's Source Code podcast we talk about how threat actors are using malware that allows them to maintain a better foothold on compromised Ivanti appliances, and we discuss advisories from the U.S. government about APT28, APT29 and the BlackCat ransomware group.Af Decipher
…
continue reading
Alex Delamotte, threat researcher at SentinelLabs, talks about the importance of actionable threat intelligence, how threat actors are leveraging cloud services, and the upcoming Net Gala, a hacker and tech-themed art exhibition.Af Decipher
…
continue reading
In this week's Source Code podcast, we discuss the LockBit ransomware takedown operation and a critical, actively exploited ScreenConnect flaw.Af Decipher
…
continue reading
Jennifer Leggio, a longtime security industry executive who has served in many different roles, joins Dennis Fisher to talk about the shift in thinking among those in the security community, technical gatekeeping in security, her new consulting venture Moveable Feast, and finding your niche.Af Decipher
…
continue reading
Dennis Fisher and Lindsey O'Donnell-Welch discuss the disruption of the LockBit ransomware operation by the FBI, Europol, and UK authorities, what it means for victims, and how it fits into the government's larger strategy to target cybercrime groups.Af Decipher
…
continue reading
In this week's Source Code podcast we discuss the return of the Bumblebee malware and the DoJ's announcement of a Russian botnet disruption.Af Decipher
…
continue reading
Mick Baccio, global security advisor at SURGe with Splunk, talks about how his perspectives on cybersecurity have changed over time - from first reading Neuromancer at age nine, to acting as the White House threat intelligence branch chief across multiple administrations.Af Decipher
…
continue reading
Software security and AI security expert Gary McGraw joins Dennis Fisher to discuss the findings of a new AI architectural risk analysis research paper that his Berryville Institute of Machine Learning did on LLMs, the risks of black box models, and what kind of regulation would be most effective at reducing those risks.…
…
continue reading
In this week's Source Code podcast, we discuss a U.S. congressional hearing about the Chinese state-sponsored cyber threats, how CISOs' understanding of operational technology threats is evolving, and the ongoing situation with actively exploited Ivanti vulnerabilities.Af Decipher
…
continue reading
Kevin Tian and Rahhul Madduluri, co-founders of Doppel, join Dennis Fisher to discuss the emerging threats of AI-enabled phishing and brand impersonation and how AI can also be used to detect and stop these attacks.Af Decipher
…
continue reading
1
Katie Moussouris on building a different cybersecurity businesses
29:50
29:50
Afspil senere
Afspil senere
Lister
Like
Liked
29:50
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Katie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple…
…
continue reading
In this week's Source Code podcast, we discuss actively exploited Citrix flaws, a VMware patch and new activity from a Russian threat group - and what it all means for security defenders.Af Decipher
…
continue reading
In the latest Decipher Memory Safe episode, Casey Ellis, founder and CTO of Bugcrowd, talks about everything from imposter syndrome to the security concept of “building it like it’s broken.”Af Decipher
…
continue reading
1
Costin Raiu: The GReAT exit interview
1:32:13
1:32:13
Afspil senere
Afspil senere
Lister
Like
Liked
1:32:13
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Costin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus. In this exit interview, Costin digs into w…
…
continue reading
In this week's Source Code podcast, we discuss a cloud-targeting hacking tool, two Ivanti zero days and a decryptor that was released for the Babuk Tortilla ransomware.Af Decipher
…
continue reading
James Doggett, CISO of Semperis and a longtime executive in the financial and insurance industries, joins Dennis Fisher to discuss his career arc and the challenges of being a CISO in today's highly scrutinized and pressure-filled environment.Af Decipher
…
continue reading
1
Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers
34:07
34:07
Afspil senere
Afspil senere
Lister
Like
Liked
34:07
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Danny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet pac…
…
continue reading
1
Allison Miller talks about CISO life, protecting identities at scale
38:12
38:12
Afspil senere
Afspil senere
Lister
Like
Liked
38:12
Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) FwHunt (https://fwhunt.run) Allison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International. I…
…
continue reading
Feross Aboukhadijeh, founder and CEO of Socket, joins Dennis Fisher to talk about the challenges of securing open-source projects, supply chain security, and the fragility of the open-source software ecosystem.Af Decipher
…
continue reading
In Decipher’s latest Memory Safe episode, Phil Venables, CISO at Google Cloud, talks about how he came to work in the cybersecurity space, how CISOs can help prop up potential future CISOs, and “striving for secure products, not security products.”Af Decipher
…
continue reading
In this week's Source Code podcast we discuss flaws found in Sierra Wireless routers, sanctions announced by the US and UK, and a Microsoft Exchange flaw under attack by the Fancy Bear threat group.Af Decipher
…
continue reading
1
Rob Ragan on the excitement of AI solving security problems
51:16
51:16
Afspil senere
Afspil senere
Lister
Like
Liked
51:16
Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Rob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of pro…
…
continue reading
Nathan Hamiel, senior director of research at Kudelski Security and member of the Black Hat review board, where he serves as the track lead for AI, ML, and data science, talks about the intersection between AI and cybersecurity, differentiating between AI hype and reality and more.Af Decipher
…
continue reading
Shamla Naidoo, a veteran CISO and lawyer, joins Dennis Fisher to talk about her introduction to computing as a teen in South Africa, what she learned after discovering an attacker on her company network as an admin, and how she has structured her career to only work on projects she enjoys.Af Decipher
…
continue reading