The Adversarial Podcast

How might the Trump administration loosen enforcement of SEC cyber incident reporting for public companies? What will happen to CISA under its new director? All that and more on a brand new Adversarial Podcast, featuring Sounil Yu, Mario Duarte, and Jerry Perullo. Get it on YouTube, via favorite podcast app, or at adversarial.com/podcast. YouTube: https://lnkd.in/ePyDcYcG Some referenced articles: SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms: https://lnkd.in/eygm6uHD CISA Faces Uncertain Future Under Trump: https://lnkd.in/ezRFDi5k Post-mortem of Radiant Capital incident: https://lnkd.in/ek2F6UcN #infosec #ciso #cybersecurity #sec #cisa #finance #dao #china #trump #podcast

New Episode Alert! In this episode of The Adversarial Podcast, Jerry, Mario, and Sounil bring their adversarial insights to a packed discussion of the latest topics in enterprise cybersecurity. - East Coast vs. West Coast CISOs: The trio explores the divide between East Coast and West Coast CISOs. Is the East too focused on risk? Does the West overfit to AppSec and "shift-left" practices? - 2024 CISO Budget Report: Where are CISOs spending their increasing budgets in 2024? Reviewing Andy Ellis' recent article, the hosts chat about the increasing expenses in identity management and generative AI security. - AI and Crypto Regulation: A discussion of AI and crypto regulation, emphasizing the need for clarity in regulatory goals while raising questions about their broader implications. - The GitHub Security Gap: The hosts discuss securing GitHub environments in increasingly BYOD environments. - Pegasus Malware: The group examines modern attack vectors, from sophisticated supply chain threats to Pegasus malware's unexpected victims. - Deep Fakes and Vishing: Staying on the topic of mobile attacks, the hosts debate how to best hinder deep fake-powered vishing attacks. - South Korean CEO arrested for adding DDoS feature to satellite receivers: A discussion of a recent story involving supply chain injection of DDoS features in Korea.

Episode 12 is live! Tune in at adversarial.com/podcast and your favorite platform! 💰 The RSA Conference's $5M SAFE deal: Bold innovation support or a risky precedent for startups? We unpack the debate. 🤔 Phishing training: Unique insights from our Ph.D. producer Tillson Galloway on phish training research. Does it make employees smarter or just savvier at clicking "ignore"? 🔬 Session token theft!!! Why can a post-auth 0365 or Google Workspace session token get lifted out of your local cookie and used to bypass MFA and raid your account from Uzbekistan??? 📊 CrowdStrike's big comeback: What its valuation surge says about the evolving cybersecurity market. #adversarial #podcast #cyber #venture #RSAC #vciso #CISO #cybersecurity #lifeafterciso #phishing #

🚨 Episode 11 of The Adversarial Podcast is live🚨 Listen on your favorite platforms and adversarial.com/podcast! 🌐 Incoming Trump Administration and Geopolitics How China's evolving partnerships with North Korea and Russia could reshape global cyber threats and the impacts of policy changes on venture capital and crypto. 🔍 Why Your Travel Security Policy for China Might Be Kabuki Theater Are device restrictions really solving the problem, or is the bigger threat internal? 💸 Crypto and Tech Stock Surges Post-Election Is the market’s tech tilt real, and why did crypto spike? 💻 InfoStealers Are the New Frontier in SaaS Security What you need to know about attackers pivoting from browser creds to SaaS APIs. 🚩 The Return to On-Prem? Are companies reversing their cloud-first strategies because of AI costs and security concerns? ⚖️ The EU’s Groundbreaking Product Liability Directive Individual developers held liable for software flaws—what does this mean for the future of open-source and software innovation? ✈️ Behind the Scenes of CrowdStrike vs. Delta Airlines Risk registers, discoverable chats, and the legal minefield of cybersecurity litigation. 🤖 Large Language Models and Cybercrime How AI is revolutionizing the use of stolen data for profit and espionage. 🏢 The SaaS vs. Security Debate Why SaaS platforms like ServiceNow and Snowflake face increased scrutiny, and what companies can learn. #Cybersecurity #Infosec #Podcasts #China #CloudSecurity #OnPrem #SoftwareLiability #Infostealers #SaaSSecurity #ChinaPolicy #Geopolitics #AI #TechTrends #ProductLiability #CloudComputing #CyberThreats #CyberLitigation #TheAdversarialPodcast #adversarial

Episode 10 - where we talk about the CISO job market (spoiler - it isn't looking great), Jerry craps on cyber risk quantification again, we try to pretend to get excited about quantum and... all the usual hijinks. Jump in and enjoy! adversarial.com/podcast Shout out to our intrepid producer and PhD cybersecurity researcher at Georgia Tech Tillson Galloway! #ciso #vciso #adversarial #CRQ #risk #cyber #quantum #VDP #begbounties

Episode 9 is live! We've dug into those "new" NIST password guidelines, used the recent CUPS Linux vulnerability to remind everyone of thematic, permanent fixes in lieu of patching, and even debated the definitions of "breach" versus "hack". Jump in and take a listen on your podcast feed, YouTube, or adversarial.com/podcast

Episode 8 is live! Tune in to hear Jerry, Mario, and Sounil riff on: Exploding pagers: are psychological attacks worse than breaches? Are credit card breaches still a thing in 2024? Infostealer delivered through GitHub Issues: how are trustworthy services being abused? Founder mode: when is it time to switch from "founder mode" to "custodian mode?" Is open-source more secure than closed-source? https://lnkd.in/gCaGUuDG #podcast #adversarial #cybersecurity #ciso #cyber #infostealer #pagers #riskmanagement #github #opensource

Episode 7 of The Adversarial Podcast is live! Sounil Yu, Mario Duarte and I had some lively debates on a wide range of topics ranging from the validity of CISSP and similar certifications through whether it is reasonable for public school to block dev mode in Chrome and a great nerd-out session on whether the "separate admin account" paradigm is dead in the age of cloud-provisioned resources and ubiquitous IDPs. Enjoy! adversarial.com/podcast Some referenced articles: LinkedIn Post on ISC2 exams - https://lnkd.in/gMnfQzeT “Is the vulnerability disclosure process glitched? How CISOs are being left in the dark” - https://lnkd.in/e6utTthr LinkedIn Post on Chrome DevTools blocked in schools - https://lnkd.in/gddDG_P5

Are vulnerabilities overrated in light of simple configuration errors? Is it too easy to manage passkeys poorly? And can we shut down all our PII controls that are focused on SSNs now? All that and more on this week's Adversarial Podcast at adversarial.com/podcast #cyber #cybersecurity #nationalpublicdata #passkeys #CISO #adversarial #vulnerabilitymanagement #CVE #infosec

Different format, equally Adversarial : ) Host Jerry Perullo spoke at the Evanta CISO Summit in Atlanta about why CISOs are being passed over for Board roles. Tune in for some candid talk about what Joe Sullivan and Tim Brown got right, and what we can learn from it to improve our daily efficacy. adversarial.com/podcast #boards #cybersecurity #lifeafterciso #adversarial #podcast