Adventures of Alice & Bob

In this episode, James Maude chats with industrial cybersecurity expert Lesley Carhart (aka "Hacks for Pancakes"), whose journey from programming on her family farm to protecting critical infrastructure was shaped by curiosity and determination. Lesley reveals how moths accidentally activating a power plant touchscreen led to a late-night "Chinese hackers" investigation, explains why she carries a "marriage counseling" sign when mediating between feuding IT and OT teams, and delivers a passionate wake-up call about the industry's mentorship crisis and the brutal reality facing cybersecurity newcomers today.

In this episode, James Maude chats with cyber threat intel pro Brian Kime, whose journey from the Army's infamous “chemical guy” to security expert was partly inspired by Starship Troopers. Brian dishes on his legendary Dell SecureWorks phishing op that hit a wild 50% click rate—by predicting an IPO years ahead of time. He also unpacks why vulnerability management can stall business and how design thinking can reshape threat intel.

James Maude chats with Roger Grimes, a 36-year cyber veteran and KnowBe4's Defense Evangelist. From hacking DOS viruses for John McAfee to catching Chinese APT hackers red-handed, Roger's war stories are unforgettable. But he's not just here for the drama—he lays out a bold plan to fix Internet security and reveals why social engineering remains our biggest blind spot. Don't miss this episode—it's a masterclass in cyber warfare, deception, and the battle for a safer digital future!

In this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"

In this episode, James chats with Richard Stiennon—cybersecurity analyst, author, and former aerospace engineer—whose 20+ year journey spans from designing car seats to hacking corporate systems for giants like Dell. Hear how a 1992 magazine article led him to launch his own ISP and rise to prominence at Gartner. Richard shares his personal stories from the frontlines of cybersecurity, his crusade against risk management jargon, and bold predictions on AI's impact on security. Plus, private jet mishaps and the unconventional wisdom behind IT Harvest. 

Step into the fascinating mind of Keren Elazari—the first Israeli woman to give a TED Talk and a trailblazing force in cybersecurity. Once rejected by her school's D&D group, she defied expectations to become a globally recognized security analyst, reshaping the narrative around hackers. In this episode, we dive into Keren's remarkable journey—from a curious young girl armed with an encyclopedia and inspired by the movie Hackers to a leading voice in digital security. She shares personal stories from her early hacking days, her groundbreaking work in building inclusive tech communities, and her bold vision for the future of cybersecurity. And as a special treat, get exclusive insights into a never-before-seen fan remake of Hackers featuring legendary industry figures. Here is a link to the Hackers remake - https://vimeo.com/178240969

In this episode, James sits down with Tommy DeVoss (aka Doggy G), who went from a teenage hacker dodging federal prison to becoming one of the most successful ethical hackers in the world. Tommy spills raw, unfiltered stories about his wild days in IRC channels, running with the infamous World of Hell hacking group, and somehow managing to turn his life around to rake in over $4 million in bug bounties. You'll hear how a 10-year computer ban gave him enough pent-up tech energy to power a small country and how his boredom waiting for a friend led to a $180,000 Yahoo bug discovery. Yeah, some people text while waiting—Tommy casually breaks the internet.

Join James as he sits down with Mishaal Khan, a seasoned cybersecurity expert with over 20 years of experience in outsmarting attackers. From his early days hacking PC games to his current mission of safeguarding high-profile individuals, Mishaal offers fascinating insights into the world of open-source intelligence (OSINT) and social engineering. Discover how he's intentionally erased his digital footprint, including keeping his own photos offline, hear the intriguing story of how he exposed cheaters using fake e-greeting cards, and learn why you should proactively "stalk yourself" to secure your personal data before someone else does.

Today, James Maude sits down with Dustin Haywood, better known as Evil Mog, Executive Managing Hacker at IBM's X-Force. Together, they talk about Evil Mog's fascinating journey from telemarketing to becoming a globally recognized expert in password security. He shares stories, including how he managed a high-stakes data center crisis, creatively navigated IBM's corporate culture through social engineering, and transformed the landscape of password cracking. The conversation also delves into the cutting-edge world of authentication security, the ever-evolving nature of cyber threats, and why a password manager could be your ultimate ally.

Join hosts James Maude and Marc Maiffret as they dive into a captivating conversation with industry legend Morey Haber. With over two decades of experience—going back before CVEs were even a thing—Morey delivers a bold look at the security threats of 2025 and beyond. Is AI on the verge of bursting its hype bubble? Are hidden paths to privilege the next battleground? The group discusses how today's identity-based attacks are reshaping cybersecurity and how Morey deep-faked himself to expose the alarming reality of AI impersonation. From the roots of early vulnerability research to the cutting edge of emerging attack vectors, this is a must-listen episode to understand how old threats are wearing new masks—and what defenders must do to keep up (and a great episode to wrap-up 2024)!

Join host James Maude as he talks all things cryptography with Sophie Schmieg, a Staff Information Security Engineer at Google. In this episode, Sophie shares her journey from pure mathematics to applied cryptography, revealing how her background in algebraic geometry provides a distinctive approach to modern security challenges. From discovering major vulnerabilities in AWS to creating solutions that will last until the year 909,000, Sophie breaks down complex cryptographic concepts with clarity and humor. She offers invaluable insights into post-quantum cryptography, the real-world implications of quantum computing, and why you probably don't need that quantum random number generator.

Today, Marc and James welcome Brooke Denney, a rising star in cybersecurity who brings a dynamic, cloud-first perspective to the ever-evolving industry. Brooke shares her inspiring journey from aspiring veterinarian to accomplished security engineer, offering insights into the fascinating world of AI-powered phishing, modern security challenges, and safeguarding critical infrastructure. As a senior information security engineer and a dedicated member of the Ohio Cyber Reserve, Brooke provides a unique and expert view on the evolution of attack chains, the importance of supply chain security, and the transformative future of cybersecurity education.

In this episode, Marc and James plunge into the world of identity security with DJ Morimanno. From his early days pf dumpster diving for computer parts to becoming a powerhouse Director of Identity and Access Management Technologies, DJ's cybersecurity journey is what legends are made of. They dig deep into the evolution of identity security, the pivotal role of human behavior in staying cyber-safe, and how quantum computing could revolutionize the future of identity protection.

In today's episode, host James welcomes Anna Aslanishvili, the visionary founder and CEO of Pine Risk Management. Anna takes us behind the scenes of high-stakes security assessments, from testing executive protection during a CEO's morning jog to uncovering faulty panic buttons—and even dealing with the threat of mailed anthrax. With captivating stories and expert insights, Anna reveals how pushing the limits in real-world scenarios leads to safer environments for everyone.

Today, Marc and James have the pleasure of sitting down with Omar Aviles, a seasoned expert in DFIR, threat hunting, and malware analysis. Omar takes us on a journey through his early days of dismantling computers out of sheer curiosity to the high-stakes world of battling ransomware in real-time. He delves into the growing dangers of corporate espionage, nation-state attacks, and the ever-evolving landscape of cybersecurity. Throughout the conversation, Omar's passion for protecting the digital world shines brightly, as he shares his favorite hacking techniques, insights on hunting and neutralizing threats, and invaluable advice for those looking to break into the cybersecurity field.

This episode follows the fascinating journey of Gary Bowser, a tech industry veteran whose life has been shaped by his passion for hacking and modding. From his early days tinkering with Texas Instruments computers to becoming a key figure in the controversial world of game console hacking, Gary's story is one of innovation, legal battles, and personal redemption. Host James Maude explores Gary's evolution from a curious teenager to a prominent figure in the modding community, culminating in a high-profile legal case brought by Nintendo. Gary candidly shares his experiences, including his arrest in the Dominican Republic, his challenging time in the US prison system during the COVID-19 pandemic, and the eventual resolution of his case.

In this episode, Greg Pickett takes Marc on a thrilling journey from his early days of war dialing and hacking a bank (complete with hiding under a desk to avoid detection!) to exposing credential misuse on bulletin boards and uncovering a massive security breach tied to the Chinese military—all while tackling the challenges of corporate security and internal politics.

In this episode, Marc engages in an eye-opening conversation with Robert RSnake Hansen, a true legend in the cybersecurity realm. RSnake takes us on a journey through his transformation from a mischievous hacker to a revered security expert, revealing the high-stakes moments that defined his career. He dives deep into his experience with the groundbreaking Hack the Pentagon program, where his relentless pursuit of vulnerabilities nearly landed him in prison. But the tension doesn't stop there—RSnake also recounts a terrifying encounter with a cartel that wrongly believed he was the mastermind behind the infamous dark web site, Silk Road. With unfiltered honesty, RSnake shares his thoughts on the ever-evolving world of cybersecurity, the rise of bug bounties, and the delicate balance between safeguarding security and preserving privacy in our increasingly digital society.

In today's episode, James and Marc explore the devastating ransomware attack that crippled the Town of Truckee, shutting down phones, internet, and critical data access behind the town's firewall. With special guests Chris Hardy and Logan McDonald, you'll gain an insider's perspective on the relentless challenges they faced, the innovative strategies they used for recovery, and a surprising twist—the unique dress code of the Town of Truckee. Don't miss this captivating discussion on cybersecurity, resilience, and community spirit.

Over its 11 years in publication, the BeyondTrust Microsoft Vulnerabilities Report has been downloaded over 16,000 times, aiding thousands in enhancing their cyber defenses with detailed data analysis and expert insights. This year's report not only examines 2023 Microsoft vulnerabilities but also evaluates their use in identity-based attacks, highlights significant CVEs (9.0+ CVSS scores), and discusses mitigation strategies. In this special Alice & Bob episode, James is joined by top cybersecurity experts and report commentators Paula Januszkiewicz, Terry Cutler, Eliza-May Austin, and Sami Laiho. They discuss the report's findings, share their experiences with vulnerabilities, and explore the future of Microsoft security and AI.

This week, Marc Maiffret sits down with Mark Weatherford to discuss his role in responding to the Moonlight Maze incident, one of the first major cyber espionage operations targeting U.S. government systems in the late 1990s. Mark talks about how Moonlight Maze highlighted significant vulnerabilities and reshaped cybersecurity strategies within the government and beyond. Mark also discusses broader topics in cybersecurity, the evolution of cyber threats, and the impact and security challenges AI is bringing to the table. 

This week James sits down with Michael Daniel, former Cybersecurity Coordinator at the White House and current President and CEO of the Cyber Threat Alliance. With over 20 years of cybersecurity experience, Michael shares insider insights into some of the most significant cyber incidents in recent history, including the notorious OPM breach. From budgeting to policy-making, he offers a candid look at the challenges and triumphs of securing the nation's digital frontiers.

This week, James hosts the renowned ethical hacker Heath Adams, famously known as The Cyber Mentor™. Heath shares his unconventional journey, beginning as an accountant and transitioning into the world of cybersecurity. He delves into some jaw-dropping experiences, including the time his team penetrated a city's system, uncovering confidential informant lists and crime stopper reports. They also discuss the critical importance of accessibility and affordability in cybersecurity education, highlighting how Heath's mission is truly transforming lives. Don't miss this glimpse into the mind of a true cybersecurity crusader.

Join us in a special out-of-band episode of Adventures of Alice and Bob, where we explore the exciting expansion of BeyondTrust through its recent acquisition of Entitle, a pioneering privilege management solution. Discover how this strategic move enhances BeyondTrust's identity security solutions across the cloud. BeyondTrust CTO, Marc Maiffret, and Entitle co-founders, Ron Nissim and Avi Zetser, also cover what exactly just-in-time (JIT) access is, what modern identity security looks like across the cloud, and what this exciting new union means for the landscape of identity security and access management.

Today, James is joined by Vincent Scott, a former US Navy cryptologist and founder of Defense Cybersecurity Group. Vincent shares his raw and authentic experience while bridging intelligence gaps during the 9/11 crisis and navigating cyber warfare operations in the Gulf Wars. He also shares the culture challenges he experienced while transitioning from military to corporate cybersecurity, the broken windows approach to fixing small cyber cracks before they shatter, and the paradox of expensive tools failing to deliver without the right people. 

Today, Marc is speaking with Dr. Jessica Barker, a cybersecurity culture expert and co-founder of Cygenta. Join us for some incredibly true stories, including a behind-the-scenes look at her royal honor ceremony at the historic Windsor Castle. You'll hear all the details - from battling nerves while practicing that all-important curtsy, to the opulent pomp and circumstance of receiving her honor from Prince William himself. But Jessica's tales from the front lines don't stop there. She'll also pull back the curtain on the shockingly sleazy underworld of romance scams, where con artists follow meticulously crafted "playbooks" full of psychological manipulation tactics to drain unsuspecting victims of their entire life savings through emotional exploitation. And brace yourself as she reveals how AI deepfakes are making phishing attacks even more devious and hard to detect. You'll learn how cybercriminals are leveraging this cutting-edge technology to generate hyper-realistic lures - from emails to videos - that could easily fool even cautious individuals.

This week, James is joined by Michael Perklin, information security expert and Chairman of the Board at C4. Listen in as Michael pulls back the curtain on the current cryptocurrency landscape. This episode is a roller-coaster ride, spanning Michael's career journey from trying to debunk Bitcoin as a "scam" to realizing its brilliance and founding one of the first Bitcoin security consultancies. You'll be on the edge of your seat as he recounts high-stakes experiences like securing Ethereum's historic initial coin offering, hunting down insider threats at ShapeShift, and guiding the company's pioneering transition into a decentralized autonomous organization (DAO). Get ready for a whirlwind of stories that showcase the challenges, opportunities, and mind-bending possibilities of blockchain technology.

Today, Marc is joined by Hector Monsegur, the infamous hacker formerly known as Sabu. In this episode, Hector takes us on a journey through his past, from his early inspirations drawn from hacker films to his pivotal role in the LulzSec hacking collective. With raw honesty, he delves into the motivations and mindsets that fueled his involvement in hacktivism, shedding light on the complexities and ethical dilemmas surrounding digital activism. Hector's story is a testament to the transformative power of embracing one's passion, and his insights offer a rare glimpse into the psyche of a cyber outlaw-turned-cybersecurity professional.

Microsoft is one of the world's largest and most security-focused companies. Yet in late 2022, a sophisticated threat actor known as Midnight Blizzard breached their systems in Azure through a forgotten test account. Join James Maude and Marc Maiffret together as they dive into the technical details of the Blizzard attack, how machine identities and misconfigured OAuth apps provided the foothold, and the lessons learned about protecting corporate cloud environment. James & Marc also discuss actionable ways to reduce risk, the limitations of relying only on detection, and why unified visibility over all identities is key for a proactive defense.

Today James is joined by Terry Cutler, Founder of Cyology Labs. Terry Cutler is a modern magician, but you won't find him on a Vegas stage. As a professional hacker and "Cyologist," Cutler uses social engineering and technical wizardry to pull off digital feats like taking down a corporate network by leaving USB drives in the bathroom. In this fascinating interview, he makes cyber threats disappear before your eyes as he recounts tales of infiltrating systems to improve security defenses.

Get the explosive inside scoop on two brazen hacks from the hacking guru and cyber warfare expert simply known as “The Grugq.” He joins James to dissect an elaborate phishing campaign that compromised Qatar's national news agency. You'll learn how hackers fabricated academic awards as a ploy to infiltrate key targets. The Grugq also unravels the Coinbase hack that could have been an unparalleled crypto heist. He reveals how the culprits were obsessed with deploying a flashy new zero-day exploit, when lower-tech tricks already had executives firmly ensnared. This is a rare chance to analyze major cyber attacks play-by-play alongside one of the world's top hacking experts. Buckle up for a wild ride!

Today James is joined by Dr. Ryan Louie who shares captivating stories from the frontlines of psychiatry and insights on protecting mental health in our tech-driven world. Join us as they explore the psychological parallels between social engineering attacks and persuasive techniques used in medicine. Dr. Louie also shares his account of a pivotal moment early in his career that shaped his approach to patient care. Don't miss his enlightening perspective on how breaches of health data violate the deepest levels of patient privacy.

Get inside the mind of hacker Ymir Vigfusson as he sits down with James to recount his early days of finding exploits in SSH and owning an Icelandic ISP at age 14. Learn how he navigated the ethical lines of hacking and later used his talents for good by teaching others. Also, we'll hear the method behind his current zero trust startup after a life spent understanding how things break.

From finding body parts in a warehouse to shaping data privacy legislation in Congress, Michelle Dennedy has never backed down from the unexpected plot twists along her remarkable journey. The chief privacy trailblazer joins Marc today to discuss the real-life stories behind her role in “The Usual Suspects”, her national human microchipping debate on Dr. Phil, the high school pact that led to a career defending consumer data rights, and so much more. Michelle brings her signature wit and wisdom to every tall tale. Get ready for a wild ride with this privacy rebel.

What's it like to rob banks and government facilities for a living? Find out today when James sits down with professional ethical hacker and social engineer FC (aka Freakyclown) to discuss the wild stories from his 30+ year career circumventing security systems. From stealing helicopters and gold bullion, to building secret offices and making friends with targets, hear tales of exploits that sound stranger than fiction in today's episode. FC also shares hard lessons learned and practical advice for improving security.

Today, James finds himself engaged in a captivating conversation with Dr. Cathy Ullman, Principal Technology Architect, Security at University at Buffalo. In their discussion, Dr. Ullman regales James with gripping accounts of her experiences combating the notorious Nimda Virus, a pernicious file-infecting computer worm. She also delves into her firsthand encounters with the tumultuous era of Code Red and other early internet worms, sharing invaluable insights gained from navigating these cybersecurity crises. She also talks about working with law enforcement on cyber investigations and touches on her unconventional career journey through philosophy, forensics and beyond. 

Today James is speaking with Eliza-May Austin, CEO & Co-Founder of th4ts3cur1ty.company. Drawing on her experience with a TeamViewer supply chain attack early in her career, Eliza explains how she built her company's SIEM solution to help businesses of all sizes defend against threats coming through trusted third parties. She also discusses the benefits of purple teaming and shares some amusing moments from working night shifts in cybersecurity, including testing if she can still do roly-polies and giving herself a concussion!

Okta provides identity and access management to some of the world's biggest brands. But what happens when Okta itself comes under attack? In this episode, James sits down with BeyondTrust CTO Marc Maiffret to discuss how BeyondTrust discovered a breach of Okta's Support Unit, escalated concerns, and gathered the necessary evidence to spur Okta into action. Join us for a rare inside look at how a major provider was compromised, and what we can learn to better defend our own systems.

In this episode James hosts Lynn Dohm, Executive Director of WiCyS (Women in Cybersecurity). Lynn shares the origin story of WiCyS, from humble beginnings as an NSF-funded conference to today's thriving global community empowering women at all stages of their cybersecurity careers. Join us as they discuss systemic issues like the “leaky pipeline,” how to create inclusive spaces in security, and overcoming barriers that cause women to leave the field. Lynn talks data, gives advice for cybersecurity leaders looking to recruit, retain and advance women, and much more! Tune-in to be inspired by the superheroes at WiCyS who are making a global impact for women in cybersecurity.

On this bittersweet episode, host James Maude is joined by our outgoing podcast host Karl Lankford for an in-depth look back at his incredible tenure on The Adventures of Alice and Bob. As Karl hangs up the headphones, we get the inside scoop on the wit and wisdom that made him a fan favorite during his time on the mic. From hair-raising plane rides to secret server room speakeasies, James and Karl reminisce about the wild adventures, guest interviews, and laughs shared over the past year and a half. Karl reflects on lessons learned through hosting duties, his passion for helping others, and excitement for the next chapter. We'll miss you, Superhost Karl!

Today James is speaking with Troy Fisher, an ethical hacker at IBM Security who educates using Rubik's cubes and draws from early experience battling major malware like the ILOVEYOU virus outbreak. Join us as Troy discusses facing major malware incidents early in his career and puzzling his way into a role in ethical hacking. We'll also hear how Troy uses Rubik's cubes to demonstrate hacking concepts, how his background in music and performance aids compelling security education, and more stories from his eclectic career path on this episode of The Adventures of Alice and Bob podcast.

Today's episode is hosted by James Maude. He is joined by Patrick Hynds and Duane Laflotte, CEO and CTO, respectively, of Pulsar Security. Tune-in as Patrick and Duane discuss their journey from the early days of hacking to leading offensive security teams and advising enterprises on defense strategies. They take us through an inside look at unconventional hacking techniques including compromising networks by exploiting default credentials on printers and manipulating thermostats to damage infrastructure. Patrick and Duane also detail social engineering tactics like sending spoofed emails from compromised printers to hack their way into networks. They share perspectives on the evolution of cyber threats over 20+ years, the importance of patch management, and mentoring the next generation of ethical hackers.

Today's episode is hosted by James Maude. He is joined by John Fokker, Head of Threat Intelligence at Trellix. John is an internationally recognized cybercrime expert with leadership experience across law enforcement, military, and industry. Tune-in as John discusses his journey from the Dutch Marines to leading cybercrime investigations for the Dutch Police. John provides an inside look at high-profile cybercrime takedowns, including hunting down the notorious REvil ransomware group. He also shares perspectives on the evolution of cyber threats, the ransomware economy, and building global public-private partnerships to combat cybercrime. 

Today's episode is hosted by Karl Lankford. He is joined by Chris Roberts A.K.A "Dr. Dark Web", and CISO at Boom Supersonic. Chris is a cyber researcher, plane hacker, and Scottish cybersecurity warlock who gained global attention in 2015 for being banned from flying with United Airlines after demonstrating how hackers can manipulate onboard flight control systems. Today Chris discusses his memorable experiences at conferences, ethical challenges in cybersecurity, and his personal moonshot for improving security. He also shares stories about hacking cows and camels and reflects on building security into the first commercial supersonic jet.

Today's compilation episode is a very special edition of "After Hours with Alice & Bob." Our three hosts, James, Karl, and Marc, recorded live from the annual Go Beyond customer conference in Miami, Florida. They had lively discussions with a variety of guests over adult beverages...and nothing was off-limits when it came to our guest's stories around cybersecurity! 

Today, James is speaking with Jason Haddix, the renowned cybersecurity expert and CISO of BuddoBot. Get ready for an engaging conversation about the world of secrets management, the aftermath of the Lapsus$ breach at Ubisoft, and the dark web's impact on modern adversaries. Jason also shares captivating stories, including his experience accidentally setting off emergency alerts in LA and his eye-opening journey into the hidden corners of the dark web. 

Today, James and Marc are thrilled to welcome Katie Moussouris, the founder and CEO of Luta Security. Prepare yourself for an extraordinary conversation on bug bounty programs, the intricacies of vulnerability disclosures, and the influence of regulations and governance within cybersecurity. Katie also shares some amazing stories including her swift response to a teardrop attack during her tenure at the Human Genome Project and her ingenious two cell phone hack of the well-known social audio app, "Clubhouse."

In today's episode James is joined by Cris Thomas, a true cybersecurity maverick that is more famously known as "Space Rogue." Join us as Cris delves into the fascinating origins of L0pht, a pioneering hacker collective that left an indelible mark on the industry. Cris also shares invaluable insights on securing networks, debunks hacking culture myths, sheds light on unconventional cybersecurity risks that often go unnoticed, and discusses his new book, Space Rogue: How the Hackers Known As L0pht Changed the World. 

This very special episode is brought to you from the Adventures of Alice and Bob podcast booth at the Go Beyond Conference in sunny Miami, FL. Karl and Marc are reunited with the remarkable 16-year-old hacker, Bianca Lewis, who also delivered an amazing keynote speech at the event. They also got the chance to hang out with the visionary Sam Elliot, Head of Product Management at BeyondTrust. 

In today's episode, James is speaking with Cyber-Anthropologist Lianne Potter, known as "The Anthrosecurist," who serves as the Head of SecOps at ASDA. Lianne shares valuable insights about building trust in cybersecurity teams, breaking free from functional fixedness to find solutions, and “improving” cybersecurity practices with her improv comedy skills. 

Today's episode is hosted by Karl Lankford. He is joined by Scott Behrens, Principal Security Engineer of Information Security at Netflix. Scott discusses the challenges of building a security program at Netflix, how threat modeling helps to identify vulnerabilities before they are exploited, and how he was able to bring down Netflix with a $2 Denial of Service (DoS) attack.