Threat Talks - Your Gateway to Cybersecurity Insights

Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what's already happening and what needs to happen next.They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” Key topics:✅ How to adopt your security and governance to the use of AI

It's time to get practical. After identifying protect surfaces and mapping flows, the third step in Zero Trust is about designing the actual architecture.In this episode of Threat Talks, Lieuwe Jan and Rob Maas talk about segmentation, control selection, and why this is the most operational step in your Zero Trust journey.They cover:✅ Why segmentation is one of the most important Zero Trust measures

From sovereign clouds to Zero Trust, and from cross-border investments to threat intelligence sharing, cooperation between the US and Europe is crucial, but still complex. With differing policies, fragmented markets, and varying strategies, the cyber world remains anything but unified.In this special episode of Threat Talks, Davis Hake (Senior Director for Cybersecurity at Venable) leads a discussion with Lisa Hill (Director of Investor Relations at Shield Capital), Chris Painter (the US's first cyber ambassador and founder partner of the Cyber Policy Group), Lieuwe Jan Koning (CTO and co-founder of ON2IT cybersecurity) and Peter Brown (former EU official and diplomat). Together, they explore where collaboration is gaining ground and where major obstacles still stand.

AI vs. Human Pentesting: Who Wins?What happens when you try to automate something that's part science, part art? In an industry rushing to adopt AI for everything from detection to response, the real question is: can a machine truly replace the craft of a human pentester?In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Melanie Rieback, co-founder and CEO of Radically Open Security, and Luca Cipriano, a red teamer and threat intel specialist. Together, they dig into what makes great pentesting work.Melanie explains why her company donates 90% of profits to open source and operates with a not-for-profit model, and how that connects with their mission to support NGOs and civil society groups. Together, she and Luca share their hands-on experience with pentesting and why creativity, gut instinct, and lateral thinking are still crucial in ethical hacking.They discuss:

PLCs with default passwords. Devices searchable online. Siloed asset inventories. These OT challenges are common, but they're also fixable. In this episode of Threat Talks, host Lieuwe Jan Koning sits down with Venable's Caitlin Clarke and Schneider Electric's Patrick Ford to discuss why the OT side of your business deserves the same focus and attention as IT. From default passwords to exposed PLCs, they show how these ‘tech risks' span beyond just OT and IT. They discuss:✅ How to replace "default" thinking on OT security

Once you have defined a few protect surfaces (see: ⁠Step 1 of Zero Trust-video link below⁠), the next step is to start mapping the transaction flows: how these protect surfaces communicate with one another. Understanding how data travels to, from and around protect surfaces is your next logical movie. Why? Because if you don't know how your systems talk to each other, you can't secure them. In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas discuss how to identify communication paths between protect surfaces and why this visibility is critical for both risk containment and policy validation. They explore:✅ How to identify communication paths⛕The difference between inbound and outbound traffic (and why this matters)

Now that we know what a PLC, HMI and SCADA are (check out last week's episode for a refresher if you need one!), we're ready for part two of our OT deep dive: how does an OT attack work? In this Deep Dive, Rob Maas and Luca Cipriano break down just how complex an OT attack really is. From needing to stay hidden, to requiring access to very specific system settings and blueprints; setting up a successful OT attack (thankfully) is no easy task. But does that mean it's easier to defend against them?Key topics:⚙️ How IT and OT attacks differ☠️ What the ICS cyber kill chain is

From heating systems in Ukraine to petrochemical plant safety controls, Operational Technology (OT) systems are the hidden workhorses behind critical infrastructure: and they're wide open to cyber threats. In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it's different from IT, where the two overlap and how we can start securing both before it's too late.  Key topics:⚙️ What OT is (and isn't)

From ships and cities to hospitals and airports, Operational Technology (OT) keeps the world running. The problem? It was never designed with cybersecurity in mind. In this episode of Threat Talks, host Karin Muller is joined by TC Hoot (VP of Contracts at TAC) and Luca Cipriano (Threat Intel Specialist at ON2IT) to explore how airports, hospitals, ports, and even water systems can be compromised.  Key topics they tackle:

Zero Trust is about more than just IP addresses and firewalls: it's about understanding what truly matters to your business. In step one of Zero Trust: define your protect surface, we focus on how to prioritize what you want to protect, how to avoid common pitfalls, and how to kick off your Zero Trust journey from a solid, business-aligned foundation.In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas get down to the basics of step one of Zero Trust: defining the protect surface. They explore:✅ Methods for defining protect surfaces ⛨ Establishing the relevance of each protect surface

Zero Trust is everywhere – but what does this actually mean? Is it a cybersecurity strategy, a set of tactics, a product you can buy, or just clever marketing? In this kickoff episode of this Zero Trust series, Lieuwe Jan Koning and Rob Maas explore what Zero Trust actually is, how to think about it strategically, and why it's not just about identity or buying new tools.They discuss: ✅ Why Zero Trust isn't a product, and what it actually is

What happens when a cyber threat actor doesn't want to make headlines? Volt Typhoon, a state-sponsored group tied to the People's Republic of China, has been quietly infiltrating Western critical infrastructure, staying under the radar by avoiding malware, using native tools, and taking things slow.  In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be. 

Dark Markets are making cybercrime more accessible than ever. Malware, remote access tools, phishing kits, credit cards information: all of it is readily available, and oftentimes available as a service, if you just know where to look. Subscribing to these illicit services is now as easy as signing up for Disney+.  In this Deep Dive, host Rob Maas and special guest, cybersecurity researcher Michele Campobasso, discuss dark markets, and the rise of cybercrime-as-a-service. Key questions answered in this Deep Dive:

The Dark Web Economy: Hacks for $10?Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving. 

⏳ What happens when time goeswrong? Time synchronizationis an overlooked but essential part of cybersecurity. A few microseconds ofdrift can lead to failed transactions, inaccurate forensic logs, or evensecurity breaches. In this episode of ThreatTalks, host Rob Maas (Field CTO, ON2IT) and guest Jan van Boesschoten(Innovation Manager, AMS-IX) discuss: ·      How does time impact cybersecurity, and whathappens when it drifts?·      Why is NTP no longer sufficient for high-speeddigital transactions?·      How does Precision Time Protocol (PTP) providemicrosecond accuracy (and why does that matter)?·      Could time manipulation be an attack vector,and how do organizations mitigate this risk? From financialtransactions to forensic log analysis, knowing exactly when an eventoccurs can make or break an organization's security posture.

Many organizations hesitate to implement SSL decryption due to concerns over complexity, privacy, and performance. However, the reality is that failing to decrypt means failing to see threats.In this Deep Dive, host Lieuwe Jan Koning and Rob Maas (Field CTO at ON2IT) explore why decrypting SSL traffic is critical for cybersecurity. Why is SSL decryption necessary, and what are the risks of ignoring encrypted traffic?How do modern malware and attacks leverage encryption to bypass traditional security measures?What are the top three things organizations must do to implement SSL decryption effectively?Why do only 3.5% of organizations have an active SSL decryption policy, and how can this change?Rob Maas explains how decrypting SSL traffic allows security teams to detect and stop threats at an early stage, preventing malware downloads, phishing attempts, and web-based attacks before they reach endpoints.

Cybersecurity shouldn't always be about playing defense – it can also be about disrupting attackers before they succeed. In this Deep Dive, host Lieuwe Jan Koning and cybersecurity expert Rick Howard break down the Intrusion Kill Chain and the strategic shift it introduced in the world of cybersecurity.  How does the Intrusion Kill Chain flip the script on cyberattacks?The 250 active adversary campaigns that security teams must trackHow MITRE ATT&CK and the Diamond Model strengthen modern defense strategiesWhy global governments and intelligence agencies aren't doing more to share cyber threat intelligence Despite decades of talk about intelligence sharing, most information is still exchanged manually, often via spreadsheets. As Howard points out, a true global threat-sharing framework could give defenders the upper hand. Don't miss this deep dive into adversary strategies and what they mean for the future of cybersecurity.

I think, therefore I am, is René Descartes'first principle. But how does that relate to cybersecurity?  In this episode of Threat Talks, hostLieuwe Jan Koning is joined by Rick Howard – former Commander of the US Army'sComputer Emergency Response Team and former CSO of Palo Alto Networks – todiscuss the first principle of cybersecurity.  ❓What's the difference between cybersecurity strategy and tactics?❓How come some random geezers are better at cybersecurity forecastingthan industry pros?❓Is resilience the ultimate cybersecurity strategy?❓Why does Rick Howard think Zero Trust is a passive strategy?   And for the book lovers amongst us – over500 cybersecurity books are published each year. Wanna know which are worthyour time?  Rick Howard's Cybersecurity Canon has gotyou covered: https://icdt.osu.edu/about-cybersecurity-canon

Quantum computing promises unprecedented computational power, but it also threatens the encryption standards we trust today.In this episode of Threat Talks, Jeroen Scheerder from ON2IT delves into post-quantum cryptography and answers key questions:What is Quantum Computing?Why does it challenge RSA and other encryption standards?What is Q-Day, and when will it happen?How can companies prepare for the post-quantum era?

Ever wondered what it's like to see cybersecurity through a hacker's eyes? In this episode of Threat Talks, Lieuwe Jan Koning talks with Tom van der Wiele, ethical hacker and founder of Hacker Minded, about how cybercriminals operate and how businesses can defend themselves.

Salt Typhoon: Inside the Coordinated Breach of Nine Telecom Providers A sweeping cyberattack, known as Salt Typhoon, has exposed the vulnerabilities of nine major telcos, leaving sensitive communications and surveillance data in the hands of attackers. How did this happen, and what lessons can we learn? In this Threat Talks Deep Dive, host Lieuwe Jan Koning teams up with ON2IT's Rob Maas (Field CTO) and Jeroen Scheerder (Security Researcher) to dissect every aspect of this high-profile breach.

ONCD: The Cyber Catalyst with Davis Hake How can governments lead the charge in global cybersecurity efforts? In this compelling episode of Threat Talks, host Lieuwe Jan Koning sits down with returning guest Davis Hake, cybersecurity expert and advisor, to explore the critical role governments play in the cyber landscape.

The State of Cybersecurity in the European Union Cyber threats know no borders, and in the European Union, harmonizing cybersecurity efforts across 27 member states is no small feat. In this episode of Threat Talks, host Lieuwe Jan Koning speaks with Hans de Vries, Chief Cybersecurity and Operational Officer at ENISA, about the critical work being done to secure Europe's digital future.

2025: The Year of AI and Cybersecurity Evolution Kick off 2025 with the latest insights from Threat Talks! In this episode, host Lieuwe Jan Koning sits down with Peter van Burgel, CEO of AMS-IX, to discuss how AI and cybersecurity are reshaping the landscape this year.

Imagine the names, job functions, email addresses and phone numbers of police officers, DAs, and even critical key witnesses being hacked and leaked to the public. This isn't the opening to some spy novel – it's what actually happened when the Dutch Law Enforcement suffered a serious data breach in September of this year. Initially reported as a breach ‘only' involving personal data of 65.000 law enforcement employees, it later became clear that much more data was leaked - and not just data from law enforcement personnel. In this Deep Dive, host Lieuwe Jan Koning, Security Expert Jeroen Scheerder and Field CTO Rob Maas take an in-depth look at how this breach unfolded, the poor security track record of the software that was used and what the Dutch Law Enforcement could've done better when it comes to handling the publicity of a data breach.

"Hello! I'm a Printer! Please Let Me In!" “Hello! I'm a printer! Please let me enter, thank you!” – It may sound absurd, but this is how attackers can trick your Linux systems through the cups-browsed service..   In this latest Threat Talk, Lieuwe-Jan Koning reveals, with ON2IT's Rob Maas and Luca Cipriano how a seemingly harmless printer can turn into a hacker's gateway to your network.   With open ports and weak default configurations, your Linux environment could be more exposed than you think.  

⏰ How much time would you spend on executing the perfect hack? ⏰   The user going by the name of ‘JIAT75' spent almost three years infiltrating and contributing to a GitHub repo for one singular reason – access to release manager rights for the next XZ Utils update. In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Thomas Manolis, Information Security Officer at AMS-IX, and Jeroen Scheerder, Security Specialist at ON2IT, to discuss this meticulously executed breach in the open-source community.   Using clever social engineering tactics, Jia Tan (JIAT75) built a credible reputation within said community, gaining trust and access to introduce malicious code undetected. The breach was only discovered by chance when Andres Freund, an engineer at Microsoft, traced unusual system latency back to XZ Utils and uncovered the backdoor.   What exactly happened? How lucky did we get with Freund discovering the backdoor? And how do we know that something like this hasn't happened before?

☠️ CrowdStrike: 8.5 million blue screens of death ☠️ Did you know that last July's CrowdStrike outage led to closed airports, inaccessible bank accounts and hospitals that were only delivering emergency care that did not require any computers?   In this Threat Talk, Lieuwe Jan Koning is joined by Rob Maas and Jeroen Scheerder as they discuss the CrowdStrike outage and, more importantly, what could have been done to prevent such an impactful event from happening in the first place.   What exactly are the inherent risks of automatic updates? And can they be set up in such a way that what happened with CrowdStrike won't happen again?

Imagine creating millions in cryptocurrency…without spending a cent.

AIS (Advanced Identification System) is a key tool in maritime navigation. It helps ships transmit their location and data to other vessels and satellites, preventing collisions and supporting rescue operations.

Compliance doesn't always mean security. In this episode of Threat Talks, we dive deep into the critical operational gap between being compliant and being secure. Host Lieuwe Jan Koning, along with ON2IT's CISO Tim Timmermans and Pieter de Lange, CISO at Transdev, discuss how organizations can bridge this gap to not just tick boxes but to truly protect themselves from cyber threats. Learn the essential strategies that go beyond compliance and ensure robust security measures. Don't miss this insightful discussion that could redefine your approach to cybersecurity! #compliancemanagement #cybersecurityexperts #threattalks ===

Ethan Hunt is known for doing the impossible.

How do James Bond's spy skills compare to modern cyber espionage? The Nexus Barracuda Hack was performed by highly skilled, Chinese cyber attackers, who exploited a zero-day vulnerability in Barracuda's Email Security Gateway (ESG).

Explore the hidden world of cyber warfare and advanced persistent threats (APTs) in this episode of Threat Talks. Join cybersecurity experts Lieuwe Jan Koning, Luca Cipriano and special guest Martijn Peijer as they discuss real-life cyber espionage cases and the latest cybersecurity strategies. Show notes Summary of I-S00N leaks | Github Anxun and Chinese APT Activity | VX-underground Github summary | VX-underground Find all episodes and request your own Threat Talks T-shirt on https://threat-talks.com.

Explore the rising threat of DDoS attacks on European elections in this special episode of Threat Talks. Join Lieuwe Jan Koning and cybersecurity experts Octavia de Weerdt and Frank Dupker as they discuss the motivations behind these attacks, the role of the Anti-DDoS Coalition, and strategies to safeguard our digital democracy. Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/.

Join Lieuwe Jan Koning on this special Threat Talks as he explores the evolving landscape of DDoS attacks with Junior Corazza and Miguel Regalado Querol. Discover if these cyber threats are truly diminishing or if we're just getting better at defending against them. Tune in to understand the current state of DDoS mitigations and the importance of cybersecurity collaboration. Find all our episodes and request your own Threat Talks T-shirt on https://threat-talks.com/

Have you ever wondered how a simple game app could lead to your bank account being emptied? In this deep dive of Threat Talks, Lieuwe Jan Koning dives into the sinister world of Vultur Android malware. Joined by experts Rob Maas and Luca Cipriano, they unravel the mechanics of this malicious threat and discuss practical steps to safeguard your devices. Tune in to learn how to protect yourself from these covert cyber threats and stay one step ahead of hackers.