Adventures of Alice & Bob

In this episode, James Maude sits down with Brian Wagner, CTO at Revenir, whose cybersecurity story started at just 15, building Microsoft Access databases for a medical hospice. From teenage entrepreneur to AWS security specialist, Brian’s path has been anything but ordinary. He pulls back the curtain on his time with the elite Zipline incident response team where he confronted a catastrophic VPC peering breach that spiraled into data theft and blackmail. Together, James and Brian dissect how vendor network compromises can silently open doors into your cloud and why Brian insists that true security isn’t something you bolt on later - it’s a culture you build from day one.

Join host James Maude for a candid conversation with Matthew Toussaint - founder of Open Security and mastermind behind the legendary Subterfuge framework that once forced Starbucks to overhaul its Wi-Fi security. From his unexpected path as an aspiring Air Force lawyer to becoming a renowned cybersecurity educator, Matthew shares a lifetime of stories: a physical pen test that went spectacularly wrong at a franchise location, a medical clinic investigation that exposed an insider threat with international stakes, and how old-school phone-based social engineering works in the age of identity threats. They dive into why AI is about to make help desk social engineering terrifyingly scalable, how a nervous 21-year-old’s DefCon talk reshaped network security, and why, despite decades of warnings, the industry is still failing at the basics while attackers rapidly scale with artificial intelligence.

Former FBI Supervisory Special Agent Miguel Clarke joins hosts James Maude and Marc Maiffret to reflect on 25 years at the front lines of cybersecurity. From coding in BASIC on his Commodore 64 to helping uncover the digital trail behind 9/11, Miguel shares raw, behind-the-scenes stories of how real cyber investigations unfold. In this episode, you'll hear how a casual beer in Nebraska sparked a career in federal law enforcement, why psychology plays a critical role in executing search warrants, and how early cyber sleuths tracked international hackers with nothing but screen scrapes and UUencoded files. Miguel also takes us deep inside the Swedish secret police operation that caught the infamous Csaba Richter hacker, explores the rise of Eastern Europe’s cybercrime economy, and breaks down the forensic breakthroughs that helped investigators piece together one of the most pivotal events in modern history. 00:00 - Introduction and Welcome 01:32 - Early Technology Interest with Commodore Computers 03:24 - System Shock and the $2,100 Computer Upgrade Nightmare 05:22 - Gaming Influence on Career Path and FBI Power Dynamics 06:42 - The Beer That Started an FBI Career 10:03 - FBI Training and Imposter Syndrome at Quantico 14:11 - Sales Skills Meet FBI Investigation Work 18:04 - Search Warrant Psychology and Family Dynamics 24:08 - The Chaba Richter International Cyber Case 27:38 - Eastern European Cybercrime Economy Theory 31:51 - Evolution from Website Defacements to Nation-State Attacks 36:24 - Digital Aspects of 9/11 Investigation 42:25 - 9/11 Digital Forensics and HTML Tag Discovery 47:56 - Transition from FBI to Private Sector 51:32 - Leadership Philosophy and Closing Thoughts

Tommy DeVoss—aka "dawgyg"—is back for round two, and it’s even wilder. A former black hat who faced prison four times, Tommy turned his life around and became a legend in the bug bounty world. From max-sec prison cells to flexing a championship belt on stage at HackerOne Live, his story is pure hacker folklore. In this episode, he shares how bug bounties bought him mini donkeys, why he still hunts old-school (no tools, no scripts), and how federal judges, rogue AIs, and childhood IRC wars shaped his chaotic path. Expect redemption arcs, sketchy bets, and a surprise detour into Icelandic youth basketball.

BeyondTrust's 2025 Microsoft Vulnerability Report dropped—and it’s a wake-up call. With 1,360 new vulnerabilities and elevation of privilege attacks dominating the landscape, even insurance companies are backing away from covering privileged service accounts. In this special episode, cybersecurity veterans James Maude, Paula Januszkiewicz, Sami Laiho, Kip Boyle, and Charles Henderson dig into what the data from the 2025 report really means. Forget the fearmongering—this is about clear-headed, field-tested advice. You’ll hear why flashy security tools often sit unused, how simple controls could prevent 60% of attacks, and why "secure by default" still hasn’t delivered. From AI-driven vulnerability discovery to cloud missteps that could sink your stack, this isn’t your usual “patch faster” sermon—it’s a blueprint for getting real results. If you’re overwhelmed by alerts, underwhelmed by your security stack, or just tired of doing more with less, this episode is your lifeline.

In today’s episode, James Maude chats with Robin Wood—better known as “DigiNinja”—the creator of DVWA and co-founder of SteelCon. Robin shares wild stories from his hacking career, including an infamous SQL injection that accidentally overwrote every customer’s credit card info on a gambling site, how he took down entire client networks with just two packets, and the origins of the UK’s most eccentric security conference, SteelCon—featuring 450 stuffed whippets and full-on Nerf gun warfare.

In today's episode, James Maude dives into the world of cyber warfare, espionage, and hacked satellites with the legendary Chris Kubecka—aka the "Chief Hacktress." From grounding overconfident pilots as one of the first female C-5 loadmasters, to investigating mysterious “vampire satellites” that silently disable spacecraft, Chris has lived a life straight out of a cyber-thriller. She recounts her front-line role in the aftermath of the Shamoon cyberattack, one of the most destructive digital assaults in history, which wiped 35,000 systems at Saudi Aramco and sent shockwaves across global security circles. Plus: embassy cyber drama, Turkish spies posing as English students, Yemeni drones with a grudge, and how AI is now a tool in her mission to expose and disrupt digital authoritarianism. And yes, we also talk about why your boat is a terrifying floating IoT vulnerability.

In this episode, host James Maude sits down with Runa Sandvik, a cybersecurity pioneer protecting journalists and vulnerable populations worldwide. From hacking wi-fi enabled rifles to creating secure tip systems for The New York Times, Runa shares the fascinating journey that led her from Norway's tight-knit tech scene to the frontlines of digital security. 

In this episode, cybersecurity veteran, Kymberlee Price joins James and Marc for a riveting conversation that traces her unconventional path from public health to becoming a pioneering force at Microsoft Security. Kymberlee opens up about her classified work tracking down the creators of the infamous Zotob worm, and how that experience helped reshape how companies collaborate with security researchers. With clarity and candor, she tackles the pitfalls of the vulnerability “whack-a-mole” approach, the art of communicating real risk, and why the best cybersecurity minds don’t always come from traditional backgrounds. It’s a must-listen for anyone curious about the human side of threat hunting—and the hidden strengths in forging your own path.

In this episode, James Maude chats with industrial cybersecurity expert Lesley Carhart (aka "Hacks for Pancakes"), whose journey from programming on her family farm to protecting critical infrastructure was shaped by curiosity and determination. Lesley reveals how moths accidentally activating a power plant touchscreen led to a late-night "Chinese hackers" investigation, explains why she carries a "marriage counseling" sign when mediating between feuding IT and OT teams, and delivers a passionate wake-up call about the industry's mentorship crisis and the brutal reality facing cybersecurity newcomers today.