Adventures of Alice & Bob

BeyondTrust's 2025 Microsoft Vulnerability Report dropped—and it’s a wake-up call. With 1,360 new vulnerabilities and elevation of privilege attacks dominating the landscape, even insurance companies are backing away from covering privileged service accounts. In this special episode, cybersecurity veterans James Maude, Paula Januszkiewicz, Sami Laiho, Kip Boyle, and Charles Henderson dig into what the data from the 2025 report really means. Forget the fearmongering—this is about clear-headed, field-tested advice. You’ll hear why flashy security tools often sit unused, how simple controls could prevent 60% of attacks, and why "secure by default" still hasn’t delivered. From AI-driven vulnerability discovery to cloud missteps that could sink your stack, this isn’t your usual “patch faster” sermon—it’s a blueprint for getting real results. If you’re overwhelmed by alerts, underwhelmed by your security stack, or just tired of doing more with less, this episode is your lifeline.

In today’s episode, James Maude chats with Robin Wood—better known as “DigiNinja”—the creator of DVWA and co-founder of SteelCon. Robin shares wild stories from his hacking career, including an infamous SQL injection that accidentally overwrote every customer’s credit card info on a gambling site, how he took down entire client networks with just two packets, and the origins of the UK’s most eccentric security conference, SteelCon—featuring 450 stuffed whippets and full-on Nerf gun warfare.

In today's episode, James Maude dives into the world of cyber warfare, espionage, and hacked satellites with the legendary Chris Kubecka—aka the "Chief Hacktress." From grounding overconfident pilots as one of the first female C-5 loadmasters, to investigating mysterious “vampire satellites” that silently disable spacecraft, Chris has lived a life straight out of a cyber-thriller. She recounts her front-line role in the aftermath of the Shamoon cyberattack, one of the most destructive digital assaults in history, which wiped 35,000 systems at Saudi Aramco and sent shockwaves across global security circles. Plus: embassy cyber drama, Turkish spies posing as English students, Yemeni drones with a grudge, and how AI is now a tool in her mission to expose and disrupt digital authoritarianism. And yes, we also talk about why your boat is a terrifying floating IoT vulnerability.

In this episode, host James Maude sits down with Runa Sandvik, a cybersecurity pioneer protecting journalists and vulnerable populations worldwide. From hacking wi-fi enabled rifles to creating secure tip systems for The New York Times, Runa shares the fascinating journey that led her from Norway's tight-knit tech scene to the frontlines of digital security. 

In this episode, cybersecurity veteran, Kymberlee Price joins James and Marc for a riveting conversation that traces her unconventional path from public health to becoming a pioneering force at Microsoft Security. Kymberlee opens up about her classified work tracking down the creators of the infamous Zotob worm, and how that experience helped reshape how companies collaborate with security researchers. With clarity and candor, she tackles the pitfalls of the vulnerability “whack-a-mole” approach, the art of communicating real risk, and why the best cybersecurity minds don’t always come from traditional backgrounds. It’s a must-listen for anyone curious about the human side of threat hunting—and the hidden strengths in forging your own path.

In this episode, James Maude chats with industrial cybersecurity expert Lesley Carhart (aka "Hacks for Pancakes"), whose journey from programming on her family farm to protecting critical infrastructure was shaped by curiosity and determination. Lesley reveals how moths accidentally activating a power plant touchscreen led to a late-night "Chinese hackers" investigation, explains why she carries a "marriage counseling" sign when mediating between feuding IT and OT teams, and delivers a passionate wake-up call about the industry's mentorship crisis and the brutal reality facing cybersecurity newcomers today.

In this episode, James Maude chats with cyber threat intel pro Brian Kime, whose journey from the Army’s infamous “chemical guy” to security expert was partly inspired by Starship Troopers. Brian dishes on his legendary Dell SecureWorks phishing op that hit a wild 50% click rate—by predicting an IPO years ahead of time. He also unpacks why vulnerability management can stall business and how design thinking can reshape threat intel.

James Maude chats with Roger Grimes, a 36-year cyber veteran and KnowBe4’s Defense Evangelist. From hacking DOS viruses for John McAfee to catching Chinese APT hackers red-handed, Roger’s war stories are unforgettable. But he’s not just here for the drama—he lays out a bold plan to fix Internet security and reveals why social engineering remains our biggest blind spot. Don't miss this episode—it's a masterclass in cyber warfare, deception, and the battle for a safer digital future!

In this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"

In this episode, James chats with Richard Stiennon—cybersecurity analyst, author, and former aerospace engineer—whose 20+ year journey spans from designing car seats to hacking corporate systems for giants like Dell. Hear how a 1992 magazine article led him to launch his own ISP and rise to prominence at Gartner. Richard shares his personal stories from the frontlines of cybersecurity, his crusade against risk management jargon, and bold predictions on AI’s impact on security. Plus, private jet mishaps and the unconventional wisdom behind IT Harvest.