Cybersecurity Sessions Podcast: My Favorite Moments from the First Ten Episodes
Alex McConnell, Cybersecurity Content Specialist
7 minutes read
Almost a year ago, I took on a new challenge: Start a podcast about cybersecurity – The Cybersecurity Sessions, hosted by Netacea co-founder and CPO Andy Still.
To be honest it’s not always easy finding the time to record the podcast between Andy’s more business-critical duties, but it’s a task he’s looked forward to greatly each month since last November.
That’s because, like me, Andy is always seeking out new perspectives and information. That’s how a CPO stays ahead of the curve. What better way to do that than to meet and interview new people, spanning different businesses, industries and backgrounds, about security-related topics they care deeply about?
Netacea co-founder Andy Still hosted the first ten episodes of the Cybersecurity Sessions
With ten episodes under his belt, Andy is now passing the podcast hosting torch to our very capable Principal Security Researcher Cyril Noel-Tagoe. What better time to look back over the first ten installments, pick out some highlights, and look ahead to what’s next for the Cybersecurity Sessions?
Before we go any further, I want to sincerely thank Andy (plus episode 5 host Yasmin Duggal), as well as guests Deri Jones, Frank Morris, Ozric Vondervelden, Stewart Boutcher, Uma Rajagopal, Aileen Ryan, Paulina Cakalli, Jonathan Echavarria, Elaine Lee, Roger Grimes, Charlie Osborne, and Gabrielle Botbol for being such fantastic contributors to the podcast.
With that said, here are a few of my favorite episodes, guests and quotes.
My top episodes, guests and quotes
Episode 3: Online Casino Abuse
Who better to ask about adversarial tactics than a former ‘bad-guy-turned-good’? Ozric Vondervelden spent his youth finding ways to take advantage of welcome bonuses and free gifts en masse, but now helps online casinos prevent this kind of abuse. This episode is highly recommended, if only to find out what on earth the ‘Ed, Edd & Eddy’ technique is.
Ozric Vondervelden shed light on how online casinos are exploited in episode three
“There’s a lot of pride in the [online casino] industry, and everybody thinks they have a competitive edge, which limits data sharing. And I think it’s important that operators come together… to understand what’s happening to other operators and collaborate on coming towards the solution.”
Ozric Vondervelden – Director, Greco
What we learned
Attackers don’t need strong technical skills to exploit business logic vulnerabilities and make a lot of money doing so.
Episode 5: The Women Changing Cybersecurity
Shout-out to my colleague Yasmin Duggal for her stellar work on episode five. Yas brought together three exceptional guests to commemorate International Women’s Day, and the discussion shared by Siemen’s Aileen Ryan, Amazon’s Uma Rajagopal, and Netacea’s own Paulina Cakalli was certainly worthy of the occasion.
Aileen Ryan joined our International Women’s Day panel
“What I find works incredibly well is the power of people underestimating you as a woman… you may be the only woman in the room, and you may not be particularly vocal in the meeting, but by listening and absorbing, sometimes you’re able to come in and either close down an argument or bring a point to a conclusion, or just suddenly move things out of conversation into decision making. And I find that being a slightly different voice in the room actually can be used to your advantage.”
Aileen Ryan – Senior Director of Portfolio Strategy, Siemens EDA
What we learned
Representation is imperative to encourage girls and women from different backgrounds to give STEM careers like cybersecurity a try.
Episode 6: Offensive Security
Offensive security, or ‘red teaming’, pits a dedicated squad of ‘hired guns’ against your systems to find holes in your security. This was Jonathan Echavarria’s job at Facebook, and he did anything he could think of to exploit any conceivable opening. Get a clear but insightful run-down of the advantages of this approach in episode six – which is our most popular episode to date.
We learned about red teams from Jonathan Echavarria in episode six
“In the financial world, they talk a lot about due diligence. If your organization was to acquire another organization, there’d be a process of looking at them from an adversarial standpoint; you’re going to dig through their financial health, you’re going to dig through their source code, and you’re going to do everything you can to ensure that you’re making a sound financial decision. Why not apply that to everything that your business does?”
Jonathan Echavarria – Enterprise Architect, ReliaQuest
What we learned
The earlier you can apply an adversarial mindset to anything you do in your business, the easier and cheaper it will be to fix the problem and protect against potential attacks.
Episode 8: MFA is Better Than Passwords... Right?
Somewhat of a controversial topic for some, the idea that ‘any MFA is better than no MFA’ is strongly challenged by Roger Grimes in this episode. Roger counters claims made by leaders within some of the biggest businesses in the world and gives his recommendations on which types of multi-factor authentication should be trusted – or otherwise.
Episode eight centered around MFA, with insights from Roger Grimes
“The US government has said since 2017… don’t use these easily phishable forms of MFA, anything SMS based, anything tied to your telephone number, push-based MFA, anything that asks you for a one-time code. I mean, that literally describes 90, 95% of MFA used by people… And let me say, does anyone think that any government organization is on the cutting edge of cybersecurity policy? You know, they’re not!”
Roger Grimes – Data-Driven Defense Evangelist, KnowBe4
What we learned
The best way to ensure your MFA implementation is not phishable or vulnerable to man-in-the-middle attacks is to use a type that is FIDO2 compliant.
Episode 10: Mentoring in Cybersecurity
It’s not every day you have the 2022 Woman Hacker of the Year on your podcast! Gabrielle Botbol is a tremendous asset to the cybersecurity industry, inspiring other women to follow in her footsteps through mentoring and sharing many valuable learning resources. Hear her story and advice to others looking to help usher more people into the industry in this podcast episode.
“For a few years I’ve been involved in several communities to mentor different people, including Women in Cyber. I wanted to share my experience with them, but mainly help them avoid wasting time on specific questions I had during my process… For me, mentoring is also a way to show that it is possible to succeed in cybersecurity, even if you don’t have a technical background or cannot afford university fees, because that was my case. And, well, look where I am today.”
The six steps to becoming a pentester, which Gabrielle developed as a guide for others to follow her path into the cybersecurity industry.
Introducing our new host – Cyril Noel-Tagoe
I’m excited to welcome a new face to the Cybersecurity Sessions starting with episode 11. As Netacea’s Principal Security Researcher, Cyril Noel-Tagoe is constantly investigating, documenting and speaking about the latest cybersecurity developments, from attack groups and vulnerabilities through to defenses and protective tactics.
Principal Security Researcher Cyril Noel-Tagoe debuts as host in episode 11
In his first episode as host, Cyril connects with Daily Swig journalist Jessica Howarth about ethical hacking and bug bounties. Cyril brings his own background as a security consultant to the discussion, whilst getting insights about the explosive growth of ethical hacking Jessica gathers continually by reporting on the latest bug bounty programs and platforms.
What’s next for the Cybersecurity Sessions?
I’d love to hear your feedback on the podcast to date and find out which topics you want to hear about next. Maybe there’s a guest you’re wanting to hear interviewed, or a burning issue in cybersecurity you want investigated. Maybe you yourself have something to share with the cybersecurity community and just need a platform.