Breaking Badness

In this episode of Breaking Badness, we explore two fascinating cybersecurity stories. First, we delve into the unusual case of an ex-Disney employee who hacked menu systems, creating chaos in the happiest place on Earth. Next, we discuss Sophos' five-year-long battle with a determined group of attackers targeting their firewalls. Tune in as we break down the insider threat at Disney, the lessons learned from Sophos' transparency, and what it all means for the future of cybersecurity. Plus, don't miss our signature Gold, Guidance, and Grievances segment for unique insights and takeaways.

In this episode of the Breaking Badness Cybersecurity Podcast, Jason Haddix dives into his unique journey from red teaming and pentesting to leading security teams as a CISO in high-profile organizations, including a top gaming company. Jason unpacks the distinct challenges of securing a gaming company, where risks come not only from state actors but also from clout-seeking young hackers. He shares valuable insights on building scalable security programs, secrets management, and the importance of radical transparency in corporate security cultures. Tune in to hear why, in Jason's words, "gaming saved me from a misspent youth," and learn about his latest ventures into offensive security training and AI-driven security solutions.

Discover the chilling implications of Locate X, a smartphone tracking tool used by U.S. law enforcement without warrants. Explore ethical concerns about digital privacy in an age of surveillance. Learn about APT29's sophisticated phishing tactics targeting AWS services and military entities in Ukraine. The podcast also emphasizes the urgent need for stronger privacy protections and increased public awareness on surveillance capitalism. Join the conversation for expert insights and engaging reflections on these pressing issues.

In a captivating conversation, cybersecurity veteran The Gibson shares insights from his 25+ years in InfoSec. He reflects on his early coding days and the evolution of hacker ethics, as well as the impact of iconic groups like Loft and Cult of the Dead Cow. The Gibson discusses the complexities of threat intelligence, diving into how legal actions often clash with moral considerations. He also highlights the significance of privacy-focused projects like Veilid and the revitalization of hacker culture through community collaboration and innovative initiatives.

In this episode of Breaking Badness, Kali, Tim, and Taylor discuss two major stories shaking up the cybersecurity world. First, a researcher has discovered how attackers are exploiting Whois data to grant themselves unprecedented superpowers in the digital space. Second, the Internet Archive suffers a breach possibly exposing 31 million accounts, raising questions about the security of trusted online platforms. Join the team as they break down these complex stories, share lessons learned, and explore how organizations can better protect themselves in similar situations.

In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming game changers in threat detection and prevention. Join us as Carl Froggett, CIO at Deep Instinct, and Melissa Bischoping, Senior Director of Security at Tanium, discuss the past, present, and future of EDR, the impact of AI on cybersecurity, and how SOC teams are evolving to stay ahead of bad actors. Learn about how generative AI is influencing attacks, the challenge of SOC burnout, and the innovations shaping the future of endpoint security.

In this episode of Breaking Badness, we dive deep into the critical world of API security and governance, uncovering key strategies to keep data safe in today’s threat landscape. Special guests Matthias Friedlingsdorf (iVerify), Tristan Kalos (ESCAPE), and Aqsa Taylor (Gutsy) join the conversation to share their experiences with detecting advanced threats like Pegasus, the importance of API governance, and the powerful role bug bounty programs play in identifying critical vulnerabilities. Whether you're an API developer, cybersecurity professional, or someone navigating the risks of mobile device exploits, this episode will arm you with the knowledge to better protect your digital assets.

In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO at NetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offensive and defensive cybersecurity strategies, and the growing threat of ransomware in today’s digital landscape. With insights from BlackHat and beyond, we discuss everything from the future of phishing defense to the challenges AI poses in securing sensitive data, as well as how ransomware continues to evolve. Tune in to gain actionable insights on staying ahead of cyber threats and protecting your digital domain.

In this insightful discussion, Pukar Hamal, CEO of SecurityPal, and Vinay Anand, Chief Product Officer at NetSPI, dive into vulnerability management and supply chain security. They illuminate the complexity of managing vulnerabilities and the essential metrics of mean time to detect and repair. The conversation highlights the evolving role of C-suite executives in fostering cyber resilience. Additionally, they stress the importance of continuous trust in vendor relationships and proactive measures for a robust cybersecurity framework.

In this special Black Hat edition of the Breaking Badness Cybersecurity Podcast, Part 1 of a 5 Part Series, we dive deep into how artificial intelligence is transforming the cybersecurity landscape. Our guests—Mark Wojtasiak (VP of Product at Vectra AI), Carl Froggett (CIO at Deep Instinct), Dan Fernandez (Staff Product Manager at Chainguard), and Marcus Ludwig (CEO of Ticura)—join us to explore the evolution of Endpoint Detection and Response (EDR), the growing threats posed by generative AI, and the complexities of securing AI in supply chains. With AI becoming a tool for both attackers and defenders, this episode uncovers the ongoing "AI arms race" and highlights the urgent need for a more preventative approach to cybersecurity.