エピソード

  • Valence Security’s Yoni Shohet on the growing risk tied to SaaS applications

    Valence Security’s Yoni Shohet on the growing risk tied to SaaS applications
    2025/07/10
    Greg dives into the escalating landscape of SaaS security threats, highlighted by a recent CISA alert on cyber activity targeting Commvault’s SaaS cloud application, and a stark warning from JPMorgan Chase’s CISO on the rising risks of SaaS integration models. Joining us is Yoni Shohet, CEO of Valence Security—a leader in SaaS security—who will share insights into why SaaS security has become a critical topic in major forums, indicators that these attacks are on the rise, and which industries are most at risk.
    続きを読む 一部表示
    34 分
  • Intel471’s Will Dixon goes behind the scenes on the DanaBot takedown

    Intel471’s Will Dixon goes behind the scenes on the DanaBot takedown
    2025/07/03
    This week, Greg talks to Will Dixon, Senior Intelligence Collection Manager for Intel471, about the lifecycle and takedown of DanaBot — one of the most notorious malware-as-a-service (MaaS) platforms of the last decade. We'll explore how DanaBot transformed from a banking trojan into a full-featured MaaS tool, capable of serving both criminal enterprises and espionage operations. Will shares insights on its technical evolution, how it became a vital cog in the Initial Access Broker (IAB) ecosystem, and the anti-forensic tricks that kept detection teams on their toes. We'll also dig into the broader impact on the cybercrime underground: How did DanaBot’s productization and subscription model reshape the MaaS and IAB economies? Has its downfall changed how actors maintain operational security, or blurred the lines between crimeware and espionage tools? This episode is perfect for anyone interested in the inside story of a leading-edge cybercrime operation and global enforcement campaign.
    続きを読む 一部表示
    33 分
  • DARPA’s Andrew Carney on AIxCC’s quest for truly autonomous AI

    DARPA’s Andrew Carney on AIxCC’s quest for truly autonomous AI
    2025/06/26
    Greg Otto talks with Andrew Carney, project manager at DARPA, about the AIxCC competition. With the finals set to be held in August during DEF CON, they discuss how these autonomous systems fared in detecting and remediating vulnerabilities, as well as the key lessons learned from live exercises and the semifinals. The conversation highlights DARPA's vision to merge formal software engineering with large language models to dramatically reduce software vulnerabilities and explains the scientific and engineering advances still needed to achieve this goal at scale. We also examine the challenges of safeguarding critical infrastructure, particularly when so much depends on open-source projects maintained by volunteers, and consider the impact of AI on patch deployment, code verification, and sustainable defense. In the reporter chat, Greg talks with Matt Kapko about a story debunking the 16 billion password hack.
    続きを読む 一部表示
    52 分
  • RSA CEO Rohit Ghai on the promise and peril of passkeys

    RSA CEO Rohit Ghai on the promise and peril of passkeys
    2025/06/12
    Greg Otto talks with RSA CEO Rohit Ghai on the global shift toward passkeys and passwordless authentication. Together, they explore pressing issues including the differences between consumer and enterprise solutions, infrastructure vulnerabilities, regulatory challenges, and how emerging threats are evolving as passwordless adoption accelerates. The discussion also covers the complexities practitioners face as they navigate credential transitions in a rapidly changing security landscape. In the reporter chat, Greg talks with Matt Kapko about the attack on a top grocery distributor in the United States.
    続きを読む 一部表示
    41 分
  • MIND’s Eran Barak

    MIND’s Eran Barak
    2025/06/05
    Greg Otto talks with Eran Barak, CEO and co-founder of MIND, on the dramatic rise of insider threats in cybersecurity, exploring recent high-profile cases and the factors fueling this surge. He discusses which industries and data types are most at risk, how insider tactics have evolved, and practical strategies for organizations to detect and prevent internal threats. In our reporter chat, Greg talks with Derek Johnson on how vibe coding can be secure as it grows into a practice that software developers rely on for their work. LINK: https://cyberscoop.com/vibe-coding-ai-cybersecurity-llm/
    続きを読む 一部表示
    34 分
  • Bishop Fox’s Rob Ragan and Iron Man Suit for pen testers

    Bishop Fox’s Rob Ragan and Iron Man Suit for pen testers
    2025/05/29
    Greg Otto talks with Rob Ragan, Principal Technology Strategist at Bishop Fox, as he shares his vision of building an “Iron Man suit” for human security testers that is shaping how AI is used in offensive cybersecurity. Rob dives into lessons learned from developing adaptive AI tools, the unique challenges and risks facing modern AI systems, and effective strategies for safeguarding against adversarial attacks and data leakage. Discover how ethical frameworks, innovation, and industry collaboration can drive responsible offensive security, what organizations often get wrong about AI threats, and what’s needed to secure the future as AI transforms the cybersecurity landscape. In our reporter chat, Greg Otto talks with Matt Kapko about a new wave of zero-days impacting Ivanti products.
    続きを読む 一部表示
    30 分
  • Olivia Rose on why the CISO role may not be the pinnacle of security work

    Olivia Rose on why the CISO role may not be the pinnacle of security work
    2025/05/22
    In this episode, Greg sits down with Olivia Rose, Founder and CISO of the Rose CISO Group, to talk about her role in "CISO: The Worst Job I Ever Wanted," a groundbreaking cybersecurity docuseries that reveals the real experiences of Chief Information Security Officers. This podcast uncovers the pressures, sleepless nights, and personal sacrifices these leaders endure while making critical decisions and shouldering the responsibility of defending the digital world. Through honest and compelling stories, listeners gain a rare glimpse into the human side of one of the most challenging and misunderstood roles in technology. In our reporter chat, Greg Otto talks with Derek Johnson and Tim Starks about their deep dives into why Salt Typhoon may never be out of U.S. telecom systems.
    続きを読む 一部表示
    45 分
  • Semperis CEO Mickey Bresman on the power of tabletop exercises

    Semperis CEO Mickey Bresman on the power of tabletop exercises
    2025/05/15
    In this episode, Greg sits down with Semperis CEO Mickey Bresman to explore how organizations can proactively prepare for cyber crises before they strike. The conversation centers on the power of tabletop exercises—simulated attack scenarios that test response plans, reveal hidden vulnerabilities, and build muscle memory across teams. Together, Greg and Mickey discuss why preparation is far more than a technical checklist, how effective tabletop exercises bridge the gap between policy and real-world action, and what practical steps leaders can take to protect their organizations from the inside out. In our reporter chat, Greg Otto talks with Cynthia Brumfield about the future of the CVE program.
    続きを読む 一部表示
    35 分