Adventures of Alice & Bob

In this episode, James sits down with Brandyn Murtagh, founder of MurtaSec and top-ranked bug bounty hunter. He shares stories from his early days: learning exploitation from World of Warcraft at age 9, dropping out of college after three days, and how landing an apprenticeship at 16 led him from blue team analyst to elite penetration tester who's discovered critical flaws in banks, healthcare providers, and AI platforms. But Brandyn isn't playing it safe. He reveals how he chained public Wi-Fi access into complete bank control through IBM mainframes older than him, explains why a seven-character password limit enabled total financial system takeover, and demonstrates the reality of locking himself in server racks and wading through snow at 3 AM during physical security assessments. From 48-hour incident response marathons to fabricating funds at will, Brandyn shows why with enough time, anything can get popped eventually.

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

In this episode, James sits down with Silas Cutler, Principal Security Researcher at Census and founding member of Oni Scans, to explore his unconventional journey through threat intelligence and malware analysis. What happens when your first day as a SOC analyst takes down a Fortune 500 company—and Anonymous gets the credit? From accidentally causing international headlines to going undercover in ransomware gangs, Silas has built a career on creative problem-solving and community building. He's become Facebook friends with hackers he investigates, created Malshare (a community malware repository), and founded B-Sides Pyongyang—a security conference celebrating "Missile Industry Day" that started as a joke but attracted 490 attendees.

In this episode, James and Marc sit down with Aaron Portnoy, Head of Research at MindGuard and founder of Pwn2Own.He shares stories from his early days: learning exploitation from anonymous IRC hackers, getting visits from both the IRS and FBI, a chance meeting with HD Moore at a party, and how his ability to reverse engineer fast led him to become the youngest manager at Zero Day Initiative where he helped create the Pwn2Own competition. But Aaron isn't living in the past. He reveals how he found a persistent RCE in Google's brand-new Anitgravity IDE within its first 24 hours, explains why AI security is fundamentally broken, and demonstrates how AI agents become insider threats that enterprises can't control or understand. From six-hour firewall exploits to decimal IP bypasses, Aaron shows why the attack surface has become "literally endless."

In this episode, James Maude sits down with Chris Neuwirth, VP of Cyber Risk at Networks Group, whose path into cybersecurity might be the most unconventional you'll ever hear—from delivering babies as a teenage EMT to penetration testing critical infrastructure today. Chris's journey includes serving as an LAPD officer at Venice Beach, responding to 9/11 at the Pentagon, managing IT during Hurricane Sandy, and running operations as assistant commissioner at New Jersey's Department of Health during COVID-19. Along the way, he's been hacking everything he could get his hands on—from war driving through Manhattan in the early 2000s to conducting sophisticated penetration tests at hospitals and airports today. Chris discusses the importance of organizations being prepared and shares the uncomfortable truth: sometimes the easiest way past your defenses is just showing up and plugging in.

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense—complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

In this episode, we sit down with Chris Wysopal (aka Weld Pond), co-founder of the legendary L0pht Heavy Industries and CTO/co-founder of Veracode. Chris takes us on a journey from programming BASIC on cassette tapes in the 1970s, through the golden age of BBS culture and phreaking, to testifying before the U.S. Senate as one of the first hackers to bring security concerns to Capitol Hill. You'll hear the untold story of an early penetration test gone spectacularly right—involving command injection, a manhole fire, voicemail hacking, and one very confused executive wondering why hackers wanted a Winnebago. Chris shares what it was like building the first hacker space in America, the challenges of turning hacking from hobby to business, and why creating a new security category took over a decade.

In this episode, James Maude talks with Ralph Echemendia “the ethical hacker” whose journey from Miami phone phreak to Hollywood’s top cybersecurity consultant is stranger than fiction. Ralph shares how hacking printers and hospital records jump-started his career, why tracking down an Eminem album leak turned into an international manhunt, and what Oliver Stone learned about the NSA at DEF CON. From securing the Snowden film against nation-state attacks to uncovering that studios store entire movies in Dropbox, Ralph exposes Hollywood’s biggest security blind spots and the rise of AI-powered deepfake heists worth hundreds of millions.

James sits down with cybersecurity pioneer HD Moore, the legendary founder of the Metasploit framework, whose journey from dumpster-diving teenager to cybersecurity pioneer was anything but easy.   HD recounts how Microsoft called his employer weekly trying to get him fired for releasing exploits — harassment that ultimately motivated him to "drop zero days continuously, forever, until it got normal." He shares tales of accidentally controlling satellite systems after following network hops too far, backdooring 7,000 systems through tainted warez, and spending $80,000 on his personal credit card to build the Rapid7 team when traditional corporate processes moved too slowly. From crawling through school windows at 5 AM to access Apple computers as a poor kid, to discovering that Palo Alto devices were leaking 5,000 customers' domain admin passwords to internet scanners, HD's stories illuminate the wild early days when vulnerability research was considered criminal activity rather than corporate necessity. Discover how he accidently destroyed his first self-built computer, why his ex-wife held a pile of cash as bail money ready during years of FBI visits, and how the Phrack IRC channel became an unlikely recruitment ground for his first cybersecurity job.

In this episode, James Maude sits down with Kevin E. Green, Chief Security Strategist at BeyondTrust, whose 25+ year career stretches from configuring Nokia firewalls in basements to shaping federal research initiatives. Kevin recalls how crashing systems during penetration tests at Ernst & Young was once considered a win - a “capture the flag” moment - and how he crossed paths with future industry leaders like Stuart McClure and George Kurtz, who went on to found Cylance. He shares his pivotal work in mapping NIST 800-53 controls to the MITRE ATT&CK framework, transforming static security catalogs into threat-informed heat maps that show which defenses light up against real-world attacks. Blending technical depth with cultural insight, Kevin also draws unexpected parallels between cybersecurity and hip-hop — from how attacker techniques echo rapper “signatures” to why his alter ego "Kevtorious" and his "Secure Coding by Nature" brand reflect the creativity and pattern recognition needed in both fields.