Security Nation

Follow Security Nation
Share on
Copy link to clipboard

Security Nation is a podcast dedicated to celebrating the champions in the cybersecurity community who are advancing security in their own ways. We also cover the biggest events in security that you should know about.

Jen Ellis and Tod Beardsley


    • Dec 21, 2022 LATEST EPISODE
    • monthly NEW EPISODES
    • 37m AVG DURATION
    • 105 EPISODES


    Search for episodes from Security Nation with a specific topic:

    Latest episodes from Security Nation

    Tod and Jen and Jennifer on Season 5 of Security Nation

    Play Episode Listen Later Dec 21, 2022 25:00


    No Rapid Rundown this time! But you can get links to all the past episodes in Season 5, here:Never Mind the Ears, Here's Security Nation

    Jeremi Gosney on the Psychology of Password Hygiene

    Play Episode Listen Later Oct 26, 2022 48:37


    Interview linksJeremi on Password NihilismThe Rails bug Jeremi referencedRapid Rundown linksRisky Business Newsletter on fake PoCs: "GitHub aflood with fake and malicious PoCs"The cited paper: "How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub"Also relevant is Honeysploit by Curtis BrazzellLike the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    James Kettle of PortSwigger on Advancing Web-Attack Research

    Play Episode Listen Later Oct 12, 2022 36:00


    Interview LinksPrior Security Nation episode in which loads of PortSwigger references were dropped:https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/New research from James about browser-powered desync attacks:https://portswigger.net/research/browser-powered-desync-attacksRapid Rundown LinksSemi-secret Fortinet advisory: https://twitter.com/Gi7w0rm/status/1578398457227878407CVE Details as they come: https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/Existence of Fortinet CVE-2022-40684 PoC posted, but not the PoC itself:https://twitter.com/Horizon3Attack/status/1579285863108087810The Hidden Harms of Silent Patches: https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Taki Uchiyama of Panasonic on Product Security and Incident Response

    Play Episode Listen Later Sep 28, 2022 30:05


    Interview LinksCheck out Panasonic's delightful PSIRT page – especially if you have a vulnerability in one of Panasonic's many, many products to report.Rapid Rundown LinksCheck out Inti's research on "oops, we made a surveillance system" at notmyplate.com.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Chris Levendis and Lisa Olson on Cloud CVEs

    Play Episode Listen Later Sep 14, 2022 36:20


    Interview LinksCheck out the CVE blog post on handling cloud vulnerabilities.Read up on the rules for assigning CVEs.See an example cloud CVE affecting Microsoft Azure.Read the Microsoft Security Response Center's blog post on cloud vulnerabilities.Rapid Rundown LinksCheck out Dominic White's tweet on iOS remembered networks.Read the update on the recently released RFC 9293.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

    Play Episode Listen Later Aug 31, 2022 37:00


    Interview LinksCheck out Nmap if, for some reason, you haven't already.Learn about Npcap, the packet capture library tool that Gordon and his company also offer.Watch Gordon and HD Moore, the creator of Metasploit, chat about the evolution of network scanning on YouTube.Rapid Rundown LinksRead the Bleeping Computer story on hackers using DeFi bugs to steal cryptocurrency.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Jen and Tod on Hacker Summer Camp 2022

    Play Episode Listen Later Aug 18, 2022 33:56


    Learn more about some of our favorite presentations from the Vegas conferences, including: Susan Paskey on threat hunting in MFA logsJeremi Gosney on "passwords, but nihilism" (an apparently unscheduled, live threat modeling exercise on password risks)Patrick Wardle on Zoom LPE vulnerabilitiesGaurav Keerthi, Pete Cooper, and Lily Newman on global policy challengesJake Baines on Cisco ASA vulnerabilities and weaknesses (check out the blog post, too)Jonathan Leitschuh on fixing OSS vulnerabilities at scaleEugene Lim on so many iCal standards within standards Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Curt Barnard on Defaultinator (Black Hat Arsenal Preview)

    Play Episode Listen Later Aug 3, 2022 32:24


    Interview linksLearn all about Defaultinator.Read up on the Raspberry Pi default password vulnerability.Check out the GitHub repositories for Defaultinator.Rapid Rundown linksRead Derek Abdine's disclosures on Arris and Arris-like routers.Check out the Security Boulevard article on keeping PoCs secret.Peruse Matt Blaze's tweet thread on teaching physical security secrets despite complaints from locksmiths.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Jacques Chester of Shopify Talks CVSS Scores

    Play Episode Listen Later Jul 20, 2022 39:36


    Interview LinksA Closer Look at CVSS ScoresRapid Rundown LinksBleeping Computer story: PyPI mandates 2FA for critical projects, developer pushes backTwitter thread on deleting atomicwrites, and undeleting itPyPi issues mentionedhttps://github.com/pypi/warehouse/issues/11625https://github.com/pypi/warehouse/issues/11805https://github.com/pypi/warehouse/issues/11798Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Pete Cooper and Irene Pontisso on the Results of the UK Government's Security Culture Challenge

    Play Episode Listen Later Jul 6, 2022 36:02


    Interview LinksRevisit our first episode with Peter and Irene from Season 4.Read the paper on the UK government's cybersecurity strategy through 2030.Rapid Rundown LinksCheck out the article on so-called pig-butchering scams.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Steve Micallef of SpiderFoot on Open-Source Intelligence

    Play Episode Listen Later Jun 22, 2022 30:02


    Interview LinksFollow Steve on Twitter, and give the SpiderFoot official account a follow while you're at it.Check out the SpiderFoot website and GitHub page, and learn more about the SaaS version, SpiderFoot HX.Learn about the latest SpiderFoot 4.0 release with YAML correlation rules. Read Steve's blog, especially his posts on the 10 years developing SpiderFoot and the misuse of OSINT to claim election fraud.Rapid Rundown LinksRead the full paper, “A Closer Look at CVSS Scores.”Follow the author, Jacques Chester, on Twitter.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Phillip Maddux on HoneyDB, the Open-Source Honeypot Data Project

    Play Episode Listen Later Jun 8, 2022 20:48


    Interview LinksCheck out the latest on HoneyDB.Interested in participating in the project? Head to the HoneyDB Agent Docs.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Omer Akgul and Richard Roberts on YouTube VPN Ads

    Play Episode Listen Later May 25, 2022 38:46


    Interview LinksCheck out Omer and Richard's paper.Learn more about Omer's work and Richard's work.Rapid Rundown LinksRead the news about the change in DOJ policy toward ethical hackers.Visit the Rapid7 blog on the same topic.Dive into Harley's great Twitter thread on the topic.Read up on the HiQ and Missouri cases mentioned.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Jim O'Gorman and g0tmi1k on Kali Linux

    Play Episode Listen Later May 11, 2022 33:15


    Interview LinksLearn more about Kali Linux.Check out what they're up to over at Offensive Security.Follow g0tmi1k on Twitter, and check out his blog.Rapid Rundown LinksRead the Krebs on Security article on the upcoming password changes.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Whitney Merrill on the Crypto & Privacy Village (and the Latest in Data Privacy)

    Play Episode Listen Later Apr 27, 2022 38:50


    Interview LinksFollow Whitney on Twitter, and check out her website.Submit a CFP for this year's Crypto & Privacy Village at DEF CON.Rapid Rundown LinksRead Neil Madden's blog post on psychic signatures.Follow Neil Madden on Twitter.Check out Project Wycheproof on GitHub.Learn about Mount Wycheproof (the actual mountain).Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Kate Stewart on Open-Source Projects at the Linux Foundation

    Play Episode Listen Later Apr 13, 2022 38:29


    Interview LinksRead Project Zephyr's blog post on Amnesia33.Get Linux's perspective on SBOM.Listen to our previous episode on SBOM with Josh Corman and Audra Hatch.Check out Zephyr's Renode dashboard.Learn about the Software Package Data Exchange (SPDX) specification from ISO.Rapid Rundown LinksRead the story on the npm protestware.Peruse the issue logged against the project on Github.See Dark Reading's homage to Mike Murray.Watch Mike Murray talk about hiring hackers.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    David Rogers on IoT Security Legislation

    Play Episode Listen Later Mar 30, 2022 32:40


    Interview LinksListen to David's previous Security Nation episodeGive him a follow on Twitter.Read up on the PTSI bill.Learn who the heck Mystic Meg is.Check out ETSI (not the home crafts marketplace).Rapid Rundown LinksDownload Rapid7's Vulnerability Intelligence Report.Check out AttackerKB.Listen to Caitlin Condon, lead author of the report, on Duo's Decipher podcast.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Bob Lord on Securing the DNC

    Play Episode Listen Later Mar 16, 2022 36:42


    Interview LinksFollow Bob on Twitter.Check out the DNC Security Checklist.Rapid Rundown LinksRead the paper on VPN influencer ads on YouTube.Give the lead author, Omer, a follow on Twitter.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Matthew Kienow on Open-Source Security and the Recog Framework

    Play Episode Listen Later Mar 3, 2022 29:51


    Interview LinksLearn more about Metasploit, AttackerKB, and Recog.Read Matthew's blog post on open-source security.Remind yourself about Log4Shell (if you dare).Read up on Linus's Law.Rapid Rundown LinksRead the Bleeping Computer article about DDoS amplification.Check out the original USENIX paper.

    Amit Serper on Finding Leaks in Autodiscover

    Play Episode Listen Later Feb 16, 2022 37:08


    Interview LinksFollow Amit on Twitter at @0xAmit.Read Amit's blog post on the Autodiscover leak.Rapid Rundown LinksRead up on the vulnerability disclosure metrics from Google's Project Zero.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    John Rouffas on Building a Security Function

    Play Episode Listen Later Feb 2, 2022 29:35


    Interview LinksTake up John on the offer to spam him on LinkedIn.Learn more about what intelliflo is up to.Rapid Rundown LinksCheck out CISA's KEV list.Read up on the 8 vulnerabilities recently added to KEV.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Mike Hanley of GitHub on the Log4j Vulnerability

    Play Episode Listen Later Jan 19, 2022 45:10


    Interview LinksRead GitHub's blog on the Log4j vulnerability, and the follow-up.Check out GitHub's Dependabot.Find out Why Johnny Can't Encrypt.Learn about GitHub's Sponsor Program.Read about the work going on at OpenSSF.Delve into Mike's blog post on GitHub's exploit code policy.Rapid Rundown LinksGet the info on Microsoft's emergency fixes for Windows Server and VPN bugs.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Chris John Riley on Minimum Viable Secure Product (MVSP)

    Play Episode Listen Later Nov 24, 2021 48:48


    Interview LinksListen to Chris's podcast, First Impressions.Check out the other, Jane Austen-themed First Impressions podcast.Learn more about MVSP at the official site and in this blog post from Google.Read up on the ETSI standard Jen mentioned.Revisit our previous episode on Disclose.io with Casey Ellis.Rapid Rundown LinksRead about the Sky router vulnerability.If you just can't wait till January to hear from us again, revisit Season 4.

    Michael Powell on Being a Cyber Envoy

    Play Episode Listen Later Nov 10, 2021 36:49


    Interview linksLearn more about the UK's Department for International Trade.Rapid Rundown linksCheck out inTheWild, and follow them on Twitter.Grab our 2022 planning resource. (Note! This is a direct PPTX link — don't be alarmed by the sudden download.)Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Pete Cooper and Irene Pontisso of the UK Cabinet Office on Their Cybersecurity Culture Competition

    Play Episode Listen Later Nov 4, 2021 21:36


    Apply to phase one of the UK Cabinet Office's Small Business Research Initiative (SBRI): Reducing Public Sector Risk through Culture Change. Want to tell a friend? Feel free to use this friendlier, human-readable and -speakable link:https://r-7.co/cabinet-office-culture-competitionNote the deadline is fast approaching: Monday, November 8, 2021, 17:00 London UK time, and the research initiative is open to all small businesses with strong ties to the United Kingdom.

    Jack Cable on Ransomwhere

    Play Episode Listen Later Oct 27, 2021 38:45


    Interview LinksCheck out the Ransomwhere site.Listen to our previous episode with Jack on election security.Rapid Rundown LinksRead the CISA notification on the critical RCE vulnerability in Discourse.See Discourse's announcement of the vulnerability on GitHub.Peruse Discourse's technical blog post about it.Check out Discourse's security program and policies.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Michael Daniel on the Cyber Threat Alliance

    Play Episode Listen Later Oct 13, 2021 48:06


    Interview linksFollow Michael on Twitter @CyAlliancePrezLearn more about the Cyber Threat AllianceCheck out the Ransomware Task Force, which Michael co-chairsRead Jen's position piece on hack backRapid Rundown linksRead the full text of the Cyber Incident Reporting ActRefresh your memory on the SolarWinds data breachSee who's on the House Homeland Security Committee 

    Rob Graham on Mike Lindell's Cyber Symposium

    Play Episode Listen Later Sep 29, 2021 51:29


    Interview NotesRob's live Tweet threadRob's archive of the provided RTFs (hex decoded)Rob's BLX Container ExtractorAll about Dennis Montgomery. Warning: this is a WIki rabbit hole.A Torrent of several gigs of data from the Cyber-Symposium is available at:magnet:?xt=urn:btih:39a9590de21e77687fdf7eacee4dd743f2683d72&dn=cyber-symposium&tr=udp://9.rarbg.me:2780/announceRapid Rundown NotesThe original Bleeping Computer story on Microsoft shutting off Basic AuthThe related story about Amit's Autodiscover bug finding that may have prompted the aboveA somewhat early reference to some WPAD bugsThe earliest reference Tod could find about WPAD exploits... which happened to be written by the very same Tod back in 2009.

    Craig Williams of Cisco Talos on Proxyware

    Play Episode Listen Later Sep 15, 2021 42:51


    Interview LinksCraig is on Twitter, but his OpSec is pretty tight so good luck getting that follow back.You can read up on Cisco Talos, and check their most recent on proxyware here.Rapid Rundown LinksCheck out the Bleeping Computer story on the ATM robbers.Back in 2016, Rapid7's Weston Hecker demonstrated some EMV attacks.But that doesn't matter because about half of all U.S. gas stations still don't operate with EMV payment.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    Jill Fraser and Deborah Blyth on Securing Colorado

    Play Episode Listen Later Sep 1, 2021 36:31


    Interview LinksNational Cyber Security CenterColorado Cyber Resource CenterCybersecurity HSAC SubcommitteeRapid Rundown LinksFirefox follows Chrome and prepares to block insecure downloads by Catalin Cimpanuhxxp://smart4alarm.com/ is the website Tod ran into that plops an APK right in your Downloads with no clicks. Is this okay?

    Daniel Crowley on running a cybersecurity internship

    Play Episode Listen Later Aug 18, 2021 38:53


    Interview Links:The original Watchfire paper on HTTP Request Smuggling from 2005HTTP request smuggling reborn by James KettleHTTP/2 Request Smuggling from DEF CON 2021Free TCP/IP bugsFree ICS bugsSnyk's Zip Slip researchRapid Rundown Links:All the DEF CON videosTempest Radio Station Presentation by Paz HameiriTempest Radio Station paperHow to get started in cybersecurity AMA on RedditRob Graham's Live Tweeting of the Cyber Symposium 

    Richard Kaufmann on Cybersecurity in Home Healthcare

    Play Episode Listen Later Aug 4, 2021 35:16


    From the discussion with Richard:Amedisys, Richard's home healthcare employerS02E06: Our first time around with RichardS02E10: The mentioned episode with Oliver DayFrom the Rapid Rundown:The Record on the PyPI bugThe original research from RyotaKJen's Python  joke 

    Philipp Amann on No More Ransomware

    Play Episode Listen Later Jul 28, 2021 43:33


     Philipp Amann is the Head of Strategy at European Cybercrime CenterNo More Ransom, an incredibly useful self-serve library of ransomware crackers, from Alpha to ZiggyNeed some specific guidance on what to do if you suffer a ransomware attack? Check out NMR's publication!Also mentioned was Europol's annual Internet Organised Crime Threat Assessment report, which is a great readInterested in partnering with NMR? Send in a request here!The Rapid Rundown is mostly about the PetitPotam proof of concept NTLM attack, as discovered by @topotam77Microsoft's helpful mitigation KB for the sameThe SANS Diary writeup of this novel NTLM attack quite capably demonstrates the risks of this attack

    Brian Honan on creating Ireland's first CERT

    Play Episode Listen Later Jul 21, 2021 54:00


    Want to know more? Check out these links!The very best place to have a few beers while at Infosec Europe in person is, naturally, the Prince of TeckFollow up to the HSE attack in Ireland, from ZDNet's Danny PalmerIreland's first CERT, co-founded by Brian Honan; they announced their intention for IRISSCON 2021 in November on TwitterRob Wright, of SearchSecurity, interviewed Jeremiah Grossman about SentinelOne's cyber warranty programReal quick correction for the Rapid Rundown: In the original recording, Tod once accidentally referred to "14.4" as the current version of iOS, when he should have said 14.6. He edited that correction directly in the audio and tried to make it sound normal. But, with that said, 14.7 was released right before we published this episode, but we still don't know if the DoS was fixed there.Now for the links mentioned in the Rapid Rundown:WifiDemon is described in detail over at ZecOps Apple Developer Support , which notes what's current out in the iOS worldThe mentioned job Rapid7 hiring for is right hereAnd here's where you can learn about the DEF CON IoT Village

    Jonathan Cran on growing a cybersecurity startup

    Play Episode Listen Later Jul 7, 2021 43:41


    Intrigue.IOThe Monpass breachAvast's findings on MonpassApple trusted root certificatesMozilla trusted root certificatesMicrosoft trusted root certificates

    Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

    Play Episode Listen Later Jun 23, 2021 45:20


    https://go.chainalysis.com/2021-Crypto-Crime-Report.htmlTod is not Satoshi. Nor is he HD Moore, nor is he Dustin Trammel. It's wild how many people Tod isn't.Cyberscoop's Tim Stark covers the Hydra dark net marketplace, mentioned by Kim.The Vice story on 2G-era crypto breakage and the research paper it covers.Detroit News on election audits in Cheboygan County, which Tod is… worried about. If you live in Michigan, tell us what you think.

    Jeff Man goes to bat for PCI DSS

    Play Episode Listen Later Jun 9, 2021 48:28


    If you're interested in learning more about the Payment Card Industry Data Security Standard (PCI DSS), head on over to https://www.pcisecuritystandards.org/. You should also check out Jeff's regular podcast, Security & Compliance Weekly.If you're wondering how GitHub actually landed on their new acceptable use policy (AUP), check the diff, or read Mike Hanley's explainer blog on the same. To cap it off, see the DoJ's press release about seizing 63.7 Bitcoin, which, at this moment, is worth about USD$2 million.

    Robert Black discusses misdirecting and gaslighting attackers in your network

    Play Episode Listen Later May 26, 2021 55:22


    Follow the Deception Lab on Twitter, and get up to speed on how to leverage the "digital, physical, and psychological" elements of the cyber battle space.As for the news, you can check out the original release from Google (now edited to include the four in-the-wild bugs), as well as read the referenced Ransomware Task Force Report.

    Megan Stifel and Ciaran Martin discuss the sticky issue of ransomware payments

    Play Episode Listen Later May 12, 2021 56:10


    After the deep dive on ransomware payments and how to beat back this latest crime wave, we spend several minutes in the Rapid Rundown NOT talking about the Colonial Pipeline ransomware event. Instead, we jump into Google's renewed push for automatic enrollment in 2FA, I mean, 2SV. Hooray MFA!Links:Read the Ransomware Task Force Report (mentioned throughout the episode)See Bleeping Computer's coverage of Google's default 2SVBiographical notes:Megan Stifel is Executive Director, Americas, at the Global Cyber Alliance. She previously served as Cybersecurity Policy Director at Public Knowledge. Prior to her work with nonprofits Megan served as a Director for International Cyber Policy at the National Security Council and in the U.S. Department of Justice, including as Director for Cyber Policy in the National Security Division and as counsel in the Criminal Division’s Computer Crime and Intellectual Property Section.Ms. Stifel was previously in private practice, where she advised clients on sanctions and FCPA compliance. Before law school, Ms. Stifel worked for the U.S. House of Representatives Permanent Select Committee on Intelligence. She received a Juris Doctorate from the Maurer School of Law at Indiana University, and a Bachelor of Arts, magna cum laude, from the University of Notre Dame. She is a partner with Social Venture Partners Charleston.Professor Ciaran Martin, CB, is Professor of Practice at the Blavatnik School of Government at the University of Oxford. He is also an adviser to Paladin Capital in the United States, and Garrison Technology Ltd in the United Kingdom.For six and a half years ending in the middle of 2020, Ciaran led the UK Government’s work on cybersecurity. This included establishing the National Cyber Security Centre in 2016. The UK NCSC is now recognized as one of the leading public authorities in the world for cybersecurity, and Ciaran has been running it for its first four years. During Ciaran’s tenure, the UK rose from eighth to first in the International Telecommunications Union’s Global Cybersecurity Index. The NCSC’s approach to intervening to make technology safer–and easier to use safely–as well as managing national level incidents proactively has been lauded around the world. Ciaran has been honored within the UK, Europe, the United States, and beyond for his groundbreaking efforts to combat cyber threats.Prior to running the NCSC, Ciaran held a series of senior roles in the UK Cabinet Office. As Director of Constitution, he oversaw the agreement for arrangements for the Scottish Independence Referendum in 2014. He also served as Director of Security and Intelligence as well as head of the Cabinet Secretary’s office. Additionally, he has worked in the UK Treasury and National Audit Office. Originally from Northern Ireland, he holds a first-class degree in history from the University of Oxford.

    Marina Ciavatta and int80 Put the Fun into Hacking With Hacking Esports and Dual Core Music

    Play Episode Listen Later Apr 28, 2021 43:50


    Marina and int80 talk about how they came up with the idea for the Twitch livestream, what they’ve learned along the way, and future plans for the games. We also speak with int80 about his “hacker rapper” gig, Dual Core Music.This episode's Rapid Rundown comes with a rare content warning: We're discussing the life, impact, and passing of Dan Kaminsky. It gets pretty emotional, as you might expect. As Matt Blaze said, may his memory be a blessing.Enjoy the links below for more!Hacking Esports on Twitter and TwitchMore about Dual Core (also on Twitter)Duo's cartoon about the Kaminsky BugDan Kaminsky's New York Times obituaryDan's 2016 r00tz talk, "How the Internet Actually Works" is on YouTube, thanks to  the r00tz  channel.

    How Philip Reiner Created the Ransomware Task Force

    Play Episode Listen Later Apr 14, 2021 45:19


    In our latest episode of Security Nation, we talk to Philip Reiner about his work with the Ransomware Task Force. Stick around for our Rapid Rundown, where Tod talks about a recently released bulletin from CISA about APT exploiting both new and old SAP vulnerabilities.

    Beau Woods and Fotios Chantzis Discuss Their New Book, "Practical IoT Hacking"

    Play Episode Listen Later Mar 31, 2021 53:36


    In our latest episode of Security Nation, we speak with Beau Woods and Fotios Chantzis about their newly released book, "Practical IoT Hacking." Stick around for our Rapid Rundown, where Tod encourages listeners to patch their Apple iOS devices against the recently announced WebKit bug, and to not panic about PHP's compromised Git server.

    Nontraditional Paths into Cybersecurity, Part 3: Starburst Data's Katie Ledoux

    Play Episode Listen Later Mar 17, 2021 44:35


    In our latest episode of Security Nation, we talk with Katie Ledoux about her unconventional journey into the cybersecurity industry—from her marketing agency days to her time at Rapid7, to her current role as Head of Information Security at Starburst Data. Katie talks about imposter syndrome, what it was like to "start over" in her career,  the importance of contributions from non-technical roles—and, of course, what she would want to see out of a "Hackers" sequel. Stick around for our Rapid Rundown, where it's "All Exchange, all the time," in the wake of Microsoft's four critical bugs. Tod and Jen also discuss the recent Github controversy surrounding the ban of exploit code. 

    The CyberPeace Institute's Adrien Ogee Talks Launching a Nonprofit Amid COVID-19 and the Importance of Healthcare Security

    Play Episode Listen Later Mar 10, 2021 25:14


    In this week's episode of Security Nation, we interview Adrien Ogee, COO of the CyberPeace Institute.  He discusses what it was like to launch and staff a brand-new nonprofit during the COVID-19 pandemic, and how his team worked to get the cybersecurity industry to trust them and get involved. Adrien also talks about the CyberPeace Institute's recently released "Playing With Lives: Cyberattacks on Healthcare Are Cyberattacks on People" report.Stick around for our Rapid Rundown, where Tod discusses the National Cybersecurity Center's recently released Cyber Action Plan, a short questionnaire that generates actionable recommendations for shoring up your security. He also talks through Portswigger's recently published list of the top 10 web hacking techniques of 2020. 

    Datto’s Ryan Weeks Discusses a CISO’s Unique Role in Crafting a Pandemic Response

    Play Episode Listen Later Feb 26, 2021 44:46


    In our latest episode of Security Nation, Ryan Weeks joined the podcast to discuss deploying thousands of assets into a hostile environment: the home offices of workers everywhere as they were forced remote amidst the pandemic. He’ll discuss how he balances privacy expectations with necessary regulations of workers’ computers and phones as they go remote. We’ll also talk about managing an attack surface you don’t understand as well as how lack of transparency can lead to security organizations earning bad reputations. Plus why Jen thinks the work-from-home culture is here to stay, and what organizations can do to prepare.

    Nontraditional Paths Into Security, Part 2: How Steve Ragan Innovates at the Intersection of Journalism and Tech

    Play Episode Listen Later Feb 4, 2021 38:03


    In our latest episode of Security Nation, Steve Ragan joined the podcast to discuss his unlikely journey from reluctant security expert to journalist. For Steve, having the tech knowledge is important, but so is crafting a good story.    We take deep dives on topics like where the industry was in the ‘90s plus the unique way he approaches Akamai’s “The State of the Internet” report (and their own podcast). We’ll hear why writing with empathy is a foundation of Steve’s process when tackling deeper technical subjects. Also, the joys of shameless self-promotion...  Stick around for our Rapid Rundown, where we get quite the rapid rundown of three big events in security: North Korea’s campaign targeting security researchers, the takedown of the Emotet botnet, and (most importantly) the long-awaited cracking of Tod’s seven-year-old Dogecoin CTF.     

    How Santander’s Mark Carney and Daniel Cuthbert Are Working to Demystify Quantum Cryptography

    Play Episode Listen Later Jan 21, 2021 51:24


    https://community.signalusers.org/t/signal-should-warn-users-who-are-likely-using-insecure-ime-apps/10272

    Nontraditional Paths Into Cybersecurity, Part 1: Akamai’s Kathryn Kun

    Play Episode Listen Later Jan 21, 2021 39:53


    Cub Llewellyn-Davies Discusses the U.K.'s Cyber Aware Campaign and Quick Tips to Shore Up Security

    Play Episode Listen Later Dec 17, 2020 52:26


    How Rick Holland's Diverse Experience Helps Him Find Security Talent in Unique Places

    Play Episode Listen Later Nov 18, 2020 46:15


    In our latest episode of Security Nation, Rick Holland joined the podcast to discuss how his past informs his present, particularly when it comes to sourcing and hiring the best talent. Rick elaborates on how a lack of direct reports—for several years across multiple companies—led to a bit of imposter syndrome when he became CISO at Digital Shadows and suddenly was tasked with staffing and managing a team. Sometimes smaller talent pools can lead to inspired hiring choices. Stick around for our Rapid Rundown, where Tod delves into Samy Kamkar's NAT slipstreaming mechanism in which an attacker can trick a router into opening straight-shot ports to any listening service on a machine.  

    How to Combat the Spread of Misinformation and Disinformation Ahead of the Election

    Play Episode Listen Later Oct 29, 2020 48:31


    In our most recent episode of Security Nation, we spoke with Maria Barsallo Lynch, Executive Director of the Defending Digital Democracy Project (D3P) at the Belfer Center for Science and International Affairs at the Harvard Kennedy School, about her work informing election officials of the rise of misinformation and disinformation campaigns centered around elections. Stick around for the Rapid Rundown, where Tod cautions against panicking if (completely normal) disruptions occur on Election Day. 

    Claim Security Nation

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel