Risky Business

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s show is brought to you by Trail of Bits, the security engineering firm. Dan Guido joins us this week week to talk about zkdocs, a bunch of documentation Trail of Bits put together to provide guidance on how to implement some of these newfangled concepts – like zero knowledge proofs – that are popular in blockchain and cryptoland. Links to everything that we discussed are below and you...

On this week’s show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week’s security news, including: This week’s sponsor interview is with HD Moore, the founder of Rumble. We’re talking through what how he and his team helped customers respond to the log4j drama. They quickly added the capability to scan customer’s environments for log4shell-affected tech. When asset discovery meets rapid vuln response! Links to everything that we discussed are below and you can follow...

In this edition of the soap box we’re chatting with Steve Miller, a senior researcher at Stairwell. Steve has a long history doing this sort of stuff. He worked inside various bits of the US government doing cyber things, and also spent a decent chunk of his career at Mandiant. His new employer, Stairwell, makes a platform that collects information about all files present in your environment and let’s you do some fancy stuff with that information. You’ll hear a little bit more about what...

On this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including: This week’s show is brought to you by Okta. Marc Rogers is the executive director of cybersecurity there and he’s joining us this week to talk about the log4j bug and some adjacent issues. He’s working on a paper with IST about the bug and what it all means, and he’s joining us this week to talk about why the log4j drama was different. Links to everything that we discussed are below...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s show is brought to you by Airlock Digital. They make allowlisting software that has mostly been used in Windows environments, but as you’re about to hear they’ve now got a very, very nice solution for the bigger Linux distros, and their Mac agent is going to be launched in a few weeks. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if...

This isn’t the normal weekly news episode of the show, if you’re looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thinkst Canary. For those who don’t know, Thinkst makes hardware and virtual honeypots you can put on your network or into your cloud environments – they’ll start chirping if an attacker interacts with them. They’re a low cost and extremely...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s sponsor interview is with Andrew Morris of Greynoise. Greynoise has a bunch of sensors out there on the Internets, so they can tell you when and IP that’s hitting you is also hitting everyone else. If you work in a SOC, you know this is very useful. Greynoise has just signed a $30m deal with the US Department of Defense. As Andrew will explain in just a moment, this means if you work...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s sponsor interview is with Ryan Kalember of Proofpoint. He’s the EVP of Cybersecurity Strategy there and he’s joining me this week to talk about how investment activity in cybersecurity is basically leaving everyone who isn’t a mega enterprise behind. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s show is sponsored by VMRay. We’ll be chatting with one of VMRay’s customers in this week’s sponsor interview. Jim Byrge works on the CSIRT team at Valvoline, and he’ll be along to talk about how they replaced their ageing, in-house developed SOAR platform with commercial tools. It was still harder than it should be in 2021, but they got there in the end. Links to everything that we...

In this edition of the Risky Biz Soap Box podcast we chat with Sean Leach, the Chief Product Architect at Fastly, about the history and current status of the DDoS ecosystem. Despite never really making money for criminals, DDoS attacks are still a problem. CDNs have soaked up a lot of the problem, so DDoS crews are getting creative. Do you know where you’re vulnerable? Show notes Bouncy castle boss James Balcombe ordered arson hits on rivals

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s sponsor interview is with HD Moore. He’s the founder of Rumble, the network asset discovery scanner, and he’s joining us to talk about some new tricks he’s added to the product, like integrations with cloud service APIs and external discovery products like Censys. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show...

In this edition of the Soap Box podcast we’re chatting with Jake King. Jake is a co-founder of Cmd Security, a Linux Security startup that was recently acquired by Elastic. Cmd’s technology basically started out as a control and visibility tool for Linux systems that could restrict user actions. But over time, the product evolved to be more detection and response oriented. In this interview we talk to Jake about why Cmd wound up where it is, product wise, and what customers can expect now...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: We’ll hear from Corelight’s CISO Bernard Brantley in this week’s sponsor interview. We’re talking about how attackers think in graphs and defenders think in lists.. Microsoft’s John Lambert wrote a post about that back in 2015, and Bernard joins the show this week to talk about why it’s just as relevant as ever. Stick around for that one. Links to everything that we discussed are below and you...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: We’ll be hearing from Senetas CEO Andrew Wilson in this week’s sponsor interview. He’s joining us to talk about how the global semiconductor shortage is making him a very, very sad panda. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Iran says sweeping cyberattack took down gas stations across country Cyber...

This feature podcast was made possible by the Hewlett Foundation’s Cyber Initiative. The foundation has given us grant funding to produce this podcast series, which is designed to educate policymakers in cybersecurity so they can make better decisions. In this edition you’ll hear an interview I recorded with Mark Dowd. Mark is a world-renowned security researcher who, some years ago, co-founded a company called Azimuth Security. As you’ll hear, the original plan was to provide security...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Jonathan Reiber is this week’s sponsor guest. He’s senior director of cybersecurity at AttackIQ and he’s joining us to talk through the US Government’s executive order on Zero Trust. Jonathan says it is actually born of a realisation the US Government needs to do something differently, that the old approaches aren’t working. Links to everything that we discussed are below and you can follow...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Nucleus co-founder Scott Kuffer is this week’s sponsor guest and the topic is actually a bit hilarious. They’ve found a killer use case that customers are clamouring for: Being able to map vulnerabilities to org groups within your enterprise so you can see who’s slacking off when it comes to patching. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if...

In this edition of the Snake Oilers we’ll hear pitches from three vendors: Links to everything we talked about are in the show notes. [CORRECTION: Mike Wiacek was originally described as the co-founder of VirusTotal in this podcast. He is in fact a co-founder of Chronicle Security, which absorbed VirusTotal after launching.] Show notes Home - StairwellYour Cybersecurity Ally - Red CanaryDatadog - Security and Analytics Monitoring Platform

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: This week’s show is brought to you by Material Security. Material’s co-founder Ryan Noon will be along in this week’s sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider’s API – whether you’re on Google Workspace or O365 – to do things like archive and redact email, and they’re finding their customers are...

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Brett Winterford is this week’s sponsor guest. These days Brett is a senior director of cybersecurity strategy at Okta, but the reason you might recognise his name is because he took a year off working for vendors to be our newsletter author – he was the founding editor of the Seriously Risky Business newsletter. He’ll be along to talk about legacy auth and why vendors should have deprecation...