Adventures of Alice & Bob

This week James sits down with Michael Daniel, former Cybersecurity Coordinator at the White House and current President and CEO of the Cyber Threat Alliance. With over 20 years of cybersecurity experience, Michael shares insider insights into some of the most significant cyber incidents in recent history, including the notorious OPM breach. From budgeting to policy-making, he offers a candid look at the challenges and triumphs of securing the nation's digital frontiers.

This week, James hosts the renowned ethical hacker Heath Adams, famously known as The Cyber Mentor™. Heath shares his unconventional journey, beginning as an accountant and transitioning into the world of cybersecurity. He delves into some jaw-dropping experiences, including the time his team penetrated a city's system, uncovering confidential informant lists and crime stopper reports. They also discuss the critical importance of accessibility and affordability in cybersecurity education, highlighting how Heath's mission is truly transforming lives. Don't miss this glimpse into the mind of a true cybersecurity crusader.

Join us in a special out-of-band episode of Adventures of Alice and Bob, where we explore the exciting expansion of BeyondTrust through its recent acquisition of Entitle, a pioneering privilege management solution. Discover how this strategic move enhances BeyondTrust's identity security solutions across the cloud. BeyondTrust CTO, Marc Maiffret, and Entitle co-founders, Ron Nissim and Avi Zetser, also cover what exactly just-in-time (JIT) access is, what modern identity security looks like across the cloud, and what this exciting new union means for the landscape of identity security and access management.

Today, James is joined by Vincent Scott, a former US Navy cryptologist and founder of Defense Cybersecurity Group. Vincent shares his raw and authentic experience while bridging intelligence gaps during the 9/11 crisis and navigating cyber warfare operations in the Gulf Wars. He also shares the culture challenges he experienced while transitioning from military to corporate cybersecurity, the broken windows approach to fixing small cyber cracks before they shatter, and the paradox of expensive tools failing to deliver without the right people. 

Today, Marc is speaking with Dr. Jessica Barker, a cybersecurity culture expert and co-founder of Cygenta. Join us for some incredibly true stories, including a behind-the-scenes look at her royal honor ceremony at the historic Windsor Castle. You'll hear all the details - from battling nerves while practicing that all-important curtsy, to the opulent pomp and circumstance of receiving her honor from Prince William himself.But Jessica's tales from the front lines don't stop there. She'll also pull back the curtain on the shockingly sleazy underworld of romance scams, where con artists follow meticulously crafted "playbooks" full of psychological manipulation tactics to drain unsuspecting victims of their entire life savings through emotional exploitation.And brace yourself as she reveals how AI deepfakes are making phishing attacks even more devious and hard to detect. You'll learn how cybercriminals are leveraging this cutting-edge technology to generate hyper-realistic lures - from emails to videos - that could easily fool even cautious individuals.

This week, James is joined by Michael Perklin, information security expert and Chairman of the Board at C4. Listen in as Michael pulls back the curtain on the current cryptocurrency landscape. This episode is a roller-coaster ride, spanning Michael's career journey from trying to debunk Bitcoin as a "scam" to realizing its brilliance and founding one of the first Bitcoin security consultancies. You'll be on the edge of your seat as he recounts high-stakes experiences like securing Ethereum's historic initial coin offering, hunting down insider threats at ShapeShift, and guiding the company's pioneering transition into a decentralized autonomous organization (DAO). Get ready for a whirlwind of stories that showcase the challenges, opportunities, and mind-bending possibilities of blockchain technology.

Today, Marc is joined by Hector Monsegur, the infamous hacker formerly known as Sabu. In this episode, Hector takes us on a journey through his past, from his early inspirations drawn from hacker films to his pivotal role in the LulzSec hacking collective. With raw honesty, he delves into the motivations and mindsets that fueled his involvement in hacktivism, shedding light on the complexities and ethical dilemmas surrounding digital activism. Hector's story is a testament to the transformative power of embracing one's passion, and his insights offer a rare glimpse into the psyche of a cyber outlaw-turned-cybersecurity professional.

Microsoft is one of the world's largest and most security-focused companies. Yet in late 2022, a sophisticated threat actor known as Midnight Blizzard breached their systems in Azure through a forgotten test account. Join James Maude and Marc Maiffret together as they dive into the technical details of the Blizzard attack, how machine identities and misconfigured OAuth apps provided the foothold, and the lessons learned about protecting corporate cloud environment. James & Marc also discuss actionable ways to reduce risk, the limitations of relying only on detection, and why unified visibility over all identities is key for a proactive defense.

Today James is joined by Terry Cutler, Founder of Cyology Labs. Terry Cutler is a modern magician, but you won’t find him on a Vegas stage. As a professional hacker and "Cyologist," Cutler uses social engineering and technical wizardry to pull off digital feats like taking down a corporate network by leaving USB drives in the bathroom. In this fascinating interview, he makes cyber threats disappear before your eyes as he recounts tales of infiltrating systems to improve security defenses.

Join The Grugq, an independent security researcher with over 20 years of expertise in cyber warfare, as he unpacks two significant hacks. He recounts the audacious phishing campaign against the Qatar News Agency, using fake academic credentials to infiltrate targets. In another twist, he discusses how the Coinbase hack faltered due to the attackers' overreliance on a flashy zero-day exploit despite simpler, effective methods. Expect insights on OPSEC, deviant security, and the evolving landscape of cyber operations!