Security by Default

In this special edition recorded live at RSA Conference, Joseph Carson is joined by Gerasimos Marketos (gmar), Chief Product Officer at Hack The Box.They explore how AI is reshaping cybersecurity skills, why traditional education is struggling to keep up, and how hands-on platforms are redefining how defenders and ethical hackers are trained. From real-world fraud detection to AI-powered CTF competitions, this episode dives into the evolving relationship between humans and machines in cybersecurity.🔑 Key Themes & TopicsAI vs Humans in cybersecurity competitionsWhy AI is an accelerator, not a replacementThe evolution from traditional training → hands-on gamified learningClosing the cybersecurity skills gapRed, Blue, and Purple team upskillingAI governance, risk, and agentic threatsThe future of cybersecurity careers and hiring⏱️ Chapters00:00 – Introduction & RSA Conference insights02:00 – GMar’s journey: Data → Fraud → Cybersecurity06:30 – Who and What is Hack The Box?10:30 – AI vs Humans: CTF research findings13:00 – AI as a productivity multiplier15:30 – Real-world example: AI winning competitions16:00 – RSAC trends: AI everywhere17:00 – AI governance & emerging risks18:00 – AI for security vs security for AI19:00 – Staying relevant in cybersecurity🚀 Hack The Box ExplainedHack The Box is a cybersecurity upskilling platform offering:🎓 Academy – Structured learning paths🧩 Challenges & Labs – Hands-on environments🏁 CTFs (Capture The Flag) – Competitive exercises🏢 Pro Labs – Enterprise-scale simulations🔎 Talent Search – Connecting skilled professionals with employersIt supports:Red Teams (Offense)Blue Teams (Defense)Purple Teams (Collaboration)Resources:https://www.hackthebox.com/https://www.linkedin.com/in/gmarketos/https://www.hackthebox.com/ai-augmented-cyber-workforce-report

In this episode, Fernando Montenegro shares his journey into the cybersecurity industry, insights on industry analysis, and the evolving trends shaping cybersecurity today. Discover how analysts bridge the gap between vendors, buyers, investors, and academia, and learn practical tips for engaging effectively with industry experts.key TakeawaysRole of industry analysts in cybersecurityEmerging trends in cybersecurity including AI and attack surface expansionEffective engagement with analysts for decision supportStrategic cybersecurity budgeting and investmentInfluence of economics and incentives on security decisionssound bites"Understanding what's going on in the world""Good enough security can be effective""Workload AI versus workforce AI"Chapters00:00 Introduction to Security by Default Podcast00:53 Fernando Montenegro's Origin Story05:16 The Role of an Industry Analyst08:55 Maximizing Value from Analyst Interactions13:16 Understanding AI in Conversations15:44 Choosing the Right Solutions16:40 Decision-Making in Technology and Business17:13 Trends in Cybersecurity and AI18:26 Understanding Workload vs. Workforce AI19:40 The Evolving Role of Security Professionals21:43 The Strategic Importance of Cybersecurity23:58 Incentives and Decision-Making in Security25:53 The Shift Left Approach in Development27:16 Budgeting for Cybersecurity Investments30:47 Navigating Cybersecurity Budgets32:26 Engaging with Analysts and Staying Informed34:33 Curating Information in a Data-Driven World36:55 Balancing Operational and Strategic Insights37:51 Connecting with Analysts and Final ThoughtsResourcesLinkedIn Profile of Fernando Montenegro - https://www.linkedin.com/in/fsmontenegro/ Futurum Group - https://futurumgroup.com/Obsidian Knowledge Management System - https://obsidian.md/Book: Why Most Security Budgets Go to Waste by Ross Young - https://a.co/d/02BZPwdO

Join cybersecurity expert Joseph Carson and guest Gary as they explore innovative ways to make cybersecurity engaging, fun, and accessible. Discover how humor, storytelling, and community involvement can transform the industry and attract new talent.Chapters00:00 Welcome to the Cybersecurity Chaos02:32 From Fear to Fun in Cybersecurity05:27 The Journey of a Cyber Advocate08:09 The Importance of Community and Collaboration10:45 Bringing Laughter Back to Cybersecurity13:13 Rebranding Cybersecurity for New Talent16:00 The Power of Words in Cybersecurity18:43 Innovative Approaches to Cyber Awareness21:29 Lessons from Kids: Simplifying Cybersecurity24:39 The Inner Child and Cognitive Dissonance26:40 Gamification and Learning Innovations28:19 Storytelling in Cybersecurity29:15 Cybersecurity Starts at Home30:36 Community Engagement and Employee Connection32:14 The Importance of Acknowledgment34:13 Finding Joy in Everyday Life35:11 Humor as a Coping Mechanism40:04 The Power of Positive Thinking45:02 Mission Accomplished: Fun and SafetyResourcesCyber Heroes Comics - https://cyberheroescomics.com/Gary's LinkedIn Profile - https://www.linkedin.com/in/gary-berman/

Join Joseph Carson in this insightful episode as he interviews cybersecurity expert Chris Kubecka. They discuss critical infrastructure security, cyber warfare, geopolitical risks, and the evolving landscape of digital threats, providing valuable lessons for cybersecurity professionals and policymakers.Key TopicsCybersecurity in critical infrastructureGeopolitical cyber threats and hybrid warfareEvolving landscape of digital threats and resilience Sound bites"GPS jamming has been a massive challenge.""Digital Empires: China, Europe, and the US.""Radio communications are a vital fallback."Chapters00:00 Introduction and Background of Chris Kubecka01:37 Cybersecurity Challenges in Critical Infrastructure03:37 Evolving Nature of Cyber Threats05:45 The Role of Drones in Modern Warfare07:25 Hybrid Warfare and Global Diplomacy10:10 The Shift in Global Cybersecurity Dynamics12:18 The Importance of International Cooperation14:33 Privacy and Ethics in Cybersecurity16:50 Historical Context and Regional Cooperation18:55 Cyber Attacks on Civilian Infrastructure22:04 Personal Experiences in Estonia24:10 Geopolitical Tensions and Cybersecurity25:52 Challenges in Maritime Connectivity28:16 Critical Infrastructure Vulnerabilities30:22 The Role of Radio in Authoritarian Regimes33:43 International Maritime Law and Cybersecurity37:46 Recent Projects and Activism in Cybersecurity39:51 Staying Informed in a Rapidly Changing LandscapeResourcesChris Kubecka's LinkedIn - https://www.linkedin.com/in/chriskubecka/Field Tested: How to Hack a Modern Dictatorship with AI - https://www.amazon.com/dp/B0C7F4XYZ

In this episode of the Security by Default podcast, host Joe Carson speaks with Ian Austin, co-founder of Pwned Labs, about his journey in cybersecurity, the evolution of learning in the field, and the challenges of Cloud and AI security. Ian shares insights on transitioning into cybersecurity roles, the importance of community engagement, and the need for continuous learning in an ever-evolving industry. They discuss the significance of gamification in training and the current trends in cloud security, emphasizing the importance of hands-on experience and collaboration. Key TakeawaysIan Austin is a co-founder of Pwned Labs, specializing in cloud and AI security training.His journey in cybersecurity began with help desk roles and evolved into penetration testing.Creating content is a great way to learn and contribute to the community.Cloud security presents unique challenges that require ongoing education and adaptation.Gamification in training enhances engagement but should not overshadow practical learning.Community involvement is crucial for personal and professional growth in cybersecurity.Transitioning into security roles can be done from various backgrounds, including sysadmin and help desk.Continuous learning is essential in the fast-paced cybersecurity landscape.Mentorship can significantly impact career development and confidence.Cloud security is a growing field with increasing demand for skilled professionals. sound bites"Learning is a great way to learn.""Community is a powerful thing.""Cloud is hard to secure."Chapters00:00 Introduction to the Podcast and Guest00:40 Ian Austin's Journey in Cybersecurity06:40 Transitioning into Security Roles10:54 Evolution of Learning in Cybersecurity16:19 The Importance of Community in Learning22:58 Challenges in Cloud Security28:46 Staying Updated in the Cybersecurity FieldResources:https://pwnedlabs.io/https://www.linkedin.com/in/ian-austin/

In this episode of the Security by Default podcast, host Joe Carson welcomes Evil Mog, an expert in password cracking and cybersecurity. They discuss the importance of Hacker Jeopardy in making cybersecurity fun, the ongoing challenges with passwords, and the evolving role of AI in password cracking. The conversation also touches on incident response, the significance of documentation, and the future trends in cybersecurity, including the shift towards passwordless authentication and the impact of AI on both attackers and defenders.TakeawaysHacker Jeopardy is a fun way to engage with cybersecurity.Teaching others helps reinforce your own knowledge.Passwords will remain a necessary evil in security.AI is enhancing password cracking methodologies.Documentation is crucial in incident response.The cost of hacking is increasing due to advanced techniques.Collaboration between red and blue teams is essential.Insider threats are on the rise in cybersecurity.Password management is fundamentally an asset management issue.Future trends indicate a shift towards passwordless authentication. Sound bites"Teaching helps you learn better.""Security is about enabling the business.""The cost of hacking is rising."Chapters00:00 Introduction to Evil Mog and Hacker Jeopardy02:37 The Importance of Community and Teaching in Cybersecurity05:22 Password Security: The Louvre Incident07:59 The Evolution of Authentication Methods10:35 Challenges in Asset Management and Password Management13:15 Operational Technology (OT) Security Challenges15:53 The Role of Documentation in Cybersecurity18:42 AI in Cybersecurity: Automation and Password Recovery21:52 AI in Password Cracking24:56 Enhancing Human Capabilities with AI27:18 The Evolution of Cybercrime30:02 Trends and Predictions for Cybersecurity34:41 Collaboration in Cybersecurity37:24 The Future of Cybercrime and AI40:59 Connecting with Evil Mog

In this episode of the Security by Default podcast, host Joe Carson speaks with Charles Chase about his journey into the cybersecurity field, focusing on identity security and privilege access management. They discuss the evolving trends in identity security, the importance of maintaining identity hygiene, and the impact of regulations like NIST 2 and DORA on organizational practices. The conversation also covers the shift towards passwordless security, the role of AI in identity management, and resources for those looking to enter the field. The episode concludes with reflections on the importance of identities in business and society.TakeawaysCharles Chase fell into cybersecurity from a military background.The importance of understanding what you don't know in identity security.Organizations often have dormant accounts that pose security risks.Regulatory bodies are pushing organizations to improve their identity security practices.The shift towards passwordless security is gaining momentum.AI is becoming a valuable tool in identity management.Identity hygiene is crucial for reducing risks in organizations.The commoditization of identity solutions allows smaller businesses to implement security measures.Engaging with customers is key to understanding their unique identity security needs.The future of identity management is focused on user experience and automation.Sound bites"What do I not know?""It's a learning tool.""It's a fun industry."Chapters00:00 Introduction to the Podcast and Guest00:47 Charles Chase's Journey into Cybersecurity02:22 Trends in Identity Security and Best Practices05:54 Understanding Dormant Accounts and Their Risks09:54 The Shift Towards Passwordless Security12:45 The Role of AI in Identity Management18:35 The Importance of Digital Identity in Society26:45 Resources for Entering the Identity Space30:49 Conclusion and Final ThoughtsKeywordscybersecurity, identity security, privilege access management, trends, best practices, passwordless security, AI in identity management, regulatory impact, identity hygiene, resources for cybersecurity

In this episode of the Security by Default podcast, host Joseph Carson engages with the Grugq, a cybersecurity expert and PhD student, discussing his journey into the field, the evolution of cybersecurity practices, and the complexities of information warfare. The Grugq shares insights on anti-forensics, the importance of understanding human behavior in cybersecurity, and the current landscape of cyber warfare, particularly in the context of the ongoing conflict in Ukraine. The conversation highlights the challenges and changes in the cybersecurity field, emphasizing the need for clarity and understanding in a chaotic information environment.TakeawaysThe Grugq's journey into cybersecurity began with a Unix book.He transitioned from internships to freelancing in cybersecurity.Moving to Thailand helped reduce living costs while consulting.Understanding anti-forensics is crucial for effective cybersecurity.The rules of cyber warfare differ significantly from peacetime operations.Information warfare involves changing how people interpret information.The Grugq emphasizes the importance of human behavior in cybersecurity.Staying updated in cybersecurity requires monitoring current events and engaging with experts.The evolution of cybersecurity tools has made it easier for new actors to operate.The Grugq's PhD research focuses on the realities of cyber warfare.Additional Resources:https://x.com/thegrugqhttps://github.com/grugq

In this episode of the Security by Default podcast, host Joseph Carson interviews Joe Sullivan, a prominent figure in cybersecurity. They discuss Joe's journey from a federal prosecutor to the Chief Security Officer at Facebook, exploring the challenges and expectations in transitioning from government to private sector roles. The conversation delves into the evolving landscape of cybersecurity, the impact of ransomware, and the importance of crisis management and preparedness. Joe shares valuable lessons for aspiring security executives and highlights the significance of understanding technology in leadership roles. The episode concludes with Joe's current projects, including his nonprofit initiative, Ukraine Friends, which provides laptops to children affected by the war in Ukraine.TakeawaysSecurity is possible for everyone.Joe Sullivan's journey reflects a unique path into cybersecurity.Transitioning from government to private sector presents challenges.Understanding corporate culture is crucial for success.Measuring success in cybersecurity requires clear metrics.Ransomware has fundamentally changed the cybersecurity landscape.Security leaders are increasingly reporting to CEOs.Crisis management is essential for organizational resilience.Aspiring security executives should focus on business understanding.Giving back to the community is a vital part of the cybersecurity profession.Sound bites"Security is possible for everyone.""I got an MBA through osmosis.""The expectations were so high."Chapters00:00 Introduction to Security by Default Podcast01:02 Joe Sullivan's Journey into Cybersecurity05:10 Transition from Government to Private Sector11:06 Navigating the Corporate Landscape15:48 Measuring Success in Security20:04 The Impact of Ransomware on Cybersecurity28:01 The Evolving Role of Security Leaders30:57 Understanding Business Strategy in Security32:59 Risk Management and Business Partnership33:52 Navigating Technology Risks35:54 The Race for AI Innovation38:03 Crisis Management and Preparedness39:59 Building Resilience in Security Teams42:16 The Importance of Response Training44:10 Lessons from Emergency Services47:41 Community Impact through TechnologyAdditional Resources:https://www.joesullivansecurity.com/abouthttps://ukrainefriends.org/https://www.linkedin.com/in/joesu11ivan/https://en.wikipedia.org/wiki/Joe_Sullivan_(cybersecurity)

In this episode of the Security by Default podcast, host Joseph Carson welcomes Ian Murphy, a cybersecurity expert and stand-up comedian. They discuss Ian's unconventional journey into cybersecurity, his experiences at the MOD and Symantec, and his transition to self-employment and comedy. Ian shares insights on the importance of storytelling in both cybersecurity awareness and comedy, as well as navigating online criticism and audience interactions. The conversation highlights the need for humor in serious industries and the value of real human connections.TakeawaysIan's journey into cybersecurity was unplanned and unconventional.The importance of storytelling in both cybersecurity and comedy.Self-employment offers freedom but comes with challenges.Humor can be a powerful tool in serious industries.Navigating online criticism requires thick skin and perspective.Comedy is subjective, and not everyone will appreciate it.Real human interactions are essential in today's digital age.Learning from experiences is crucial for growth in any field.Networking and peer relationships are vital for success.Life is better when you find joy and laughter in everyday situations.TitlesFrom Cybersecurity to Comedy: Ian Murphy's JourneyThe Power of Storytelling in Cybersecurity and ComedySound bites"I wanted to be a footballer.""Comedy is subjective.""You need to grow the fuck up."Chapters00:00 Introduction to the Podcast and Guest00:56 Ian's Origin Story and Journey into Cybersecurity06:29 Experiences at MOD and Symantec10:44 Transitioning to Self-Employment and Freedom14:27 The Switch to Stand-Up Comedy22:05 The Impact of Humor in Cybersecurity Awareness30:06 Audience Feedback and Social Media Interaction31:54 The Power of Audience Engagement34:49 Navigating Controversy in Comedy37:43 The Art of Timing and Response40:47 Comedy as a Reflection of Life43:44 The Evolution of Comedy and Storytelling49:53 Learning and Growth Through Comedy53:50 Connecting with the Audience

In this episode of the Security by Default podcast, host Joe Carson engages with cybersecurity expert Alissa Knight, who shares her unique journey into the world of hacking and cybersecurity. They discuss the evolution of hacking, the challenges of API security, and the transformative impact of AI on the industry. Alissa emphasizes the importance of continuous learning and adapting to new technologies, while also reflecting on her career shifts and the significance of storytelling in cybersecurity marketing. The conversation highlights the need for organizations to invest in their employees' education and the future of cybersecurity innovation.TakeawaysAlissa started hacking at the age of 13, driven by curiosity.The early days of hacking were like the wild west, with fewer resources.A significant turning point in Alissa's life was her arrest at 17.Cybersecurity offers lucrative career opportunities for skilled individuals.API security is a growing concern as more services rely on APIs.AI is reshaping the cybersecurity landscape, creating new challenges and opportunities.Continuous learning is essential in the fast-evolving field of cybersecurity.Organizations must invest in training their developers in secure coding practices.Storytelling can be a powerful tool in cybersecurity marketing. The future of cybersecurity will heavily involve AI and automation.Sound bites"It was the wild, wild west.""I was arrested on my school campus.""This industry pays very well."Chapters00:00 Introduction to the Podcast and Guest00:57 Alissa Knight's Unique Origin Story05:30 The Evolution of Hacking and Cybersecurity10:54 Turning Points and Career Shifts16:10 The Impact of DDoS Attacks on Career Paths20:57 The Importance of API Security24:06 Hacking APIs and Security Vulnerabilities27:52 The Evolution of AI in Coding31:30 From Cybersecurity to Hollywood36:32 Introducing ARIES: AI for Cybersecurity39:03 The Importance of Continuous Learning in CybersecurityResourceshttps://www.linkedin.com/in/alissaknight/https://www.knightgroup.co/https://microreels.com/ https://www.youtube.com/@AlissaKnightArchives

In this episode of the Security by Default podcast, Joseph Carson engages with David Muniz to explore the evolving landscape of cybersecurity. They discuss the importance of diversity in the field, the distinction between customer success and support, and the critical role of trust in business relationships. The conversation also delves into the Zero Trust paradigm, emphasizing the need for a human-centric approach in cybersecurity. David shares insights on staying updated in a rapidly changing industry and the significance of happiness in the workplace, concluding with thoughts on the human element in cybersecurity.Keywordscybersecurity, customer success, zero trust, trust in business, diversity in tech, human relationships, customer support, industry insights, happiness in work, staying updatedTakeaways·       Customer success focuses on long-term relationships, not just immediate problem-solving.·       Trust is a key component in building successful customer relationships.·       Zero Trust is about managing trust dynamically, not eliminating it.·       Customer success involves understanding what success means to the customer.·       Building trust requires consistent and reliable service.·       Human interactions are crucial in customer success, even in a digital world.·       Customer success can lead to increased revenue through renewals and up-selling.·       Trust in cybersecurity involves both technical and human elements.·       Effective customer success strategies can differentiate a company in the market.·       Balancing security with user experience is essential for customer satisfaction.Sound bites·       "Customer success is about long-term relationships." ·       "Trust is not just assumed; it must be earned." ·       "Zero Trust is about managing trust, not eliminating it." ·       "Success is defined by the customer's perspective." ·       "Human interactions are crucial in a digital world." ·       "Trust leads to increased revenue and loyalty." ·       "Cybersecurity involves both technical and human elements." ·       "Balancing security with user experience is key." ·       "Customer success can differentiate a company." ·       "Trust is a business differentiator."Chapters00:00 Introduction to Cybersecurity and Guest Background04:10 The Importance of Diversity in Cybersecurity08:41 Understanding Customer Success vs. Customer Support12:52 Building Trust in Customer Relationships17:15 The Role of Zero Trust in Cybersecurity22:07 Understanding Zero Trust and Its Implications27:33 The Dynamic Nature of Trust in Cybersecurity32:01 The Human Element in Building TrustAdditional ResourcesThe Trust Paradox: A Cybersecurity Mindset for Human Relationshipshttps://www.linkedin.com/pulse/trust-paradox-cybersecurity-mindset-human-david-muniz-f9fzf The Hidden ROI of Trust in Business and Cybersecurity https://www.linkedin.com/pulse/hidden-roi-trust-business-cybersecurity-david-muniz-7r3jc https://segura.security/ https://segura.security/bloghttps://en.wikipedia.org/wiki/The_Power_of_Now

In this episode of Security by Default, host Joe Carson sits down with Michael Waite from Dune Security to explore how AI is reshaping cybersecurity and why it’s time to rethink traditional awareness training.As cyber threats become more sophisticated, personalized, and AI-powered, organizations can no longer rely on outdated, one-size-fits-all learning models. Joe and Michael break down what modern cybersecurity training should look like, how to engage employees more effectively, and why empowering people both inside and outside the office is essential to strong defense.What You’ll LearnHow AI is transforming both cyber attacks and defensive strategiesWhy the volume and quality of phishing attempts continue to riseThe limitations of traditional annual awareness trainingThe shift toward personalized, role-based learningHow real-time intervention improves security habitsWhy cybersecurity awareness must extend beyond the workplacePractical ways to engage employees and build a security-first cultureThe importance of collaboration and communication across teamsHow threat intelligence informs more effective training programsKey TakeawaysAI is rewriting the threat landscape.Attackers are faster, more convincing, and more scalable than ever.Generic awareness training is no longer enough.Personalization is essential to reducing real-world risk.Engagement drives stronger security culture and better outcomes.Cybersecurity begins at home, not just at work.Bite-sized, real-time lessons are more effective than long annual videos.Employees are part of the detection engine—and must be empowered accordingly.Memorable Quotes“Cybersecurity doesn’t start in the office.”“The one size fits all approach is dead.”“We need to democratize security.”“Let’s give individuals the tools they need.”“We need to make cybersecurity more fun.”“This is my favorite thing to talk about.”Episode Chapters00:00 – Introduction to the Chaos of Cybersecurity03:05 – The Impact of AI on Cybersecurity09:40 – Best Practices for Cybersecurity Awareness18:51 – Personalizing Cybersecurity Training27:00 – Engaging Employees in Cybersecurity29:20 – Resources for Further LearningAdditional Resources:https://www.linkedin.com/in/mr-michael-waite/https://www.dune.security/https://www.dune.security/threat-intelligence-report

In this episode of the Security by Default podcast, Joseph Carson and guest Satu Korhonen a passionate practitioner, researcher and founder of Helheim Labs delve into the intersection of AI and cybersecurity. They discuss the challenges and opportunities in creating trustworthy AI systems, the importance of collaboration between AI and cybersecurity professionals, and the role of regulation in ensuring AI safety. Satu shares her journey from education to AI, highlighting key moments and insights from her career. The conversation also touches on the EU AI Act, the importance of understanding AI's limitations, and the need for a balanced approach to AI development.Key TakeawaysAI systems are fundamentally probability-based, not perfect.Collaboration between AI and cybersecurity is crucial for safety.The EU AI Act focuses on human rights and risk management.Understanding AI's limitations is key to using it effectively.AI can enhance productivity but requires careful implementation.Training AI with both good and bad data improves its robustness.AI should serve humans, not the other way around.Hacking AI can reveal vulnerabilities and improve security.Community events like hacker camps foster innovation and learning.AI's role in society should be carefully considered and discussed.Chapters00:00:00 Introduction to AI and Cybersecurity00:03:00 Satu's Journey into AI00:09:00 Trustworthy AI and the EU AI Act00:15:00 Challenges in AI and Cybersecurity Collaboration00:21:00 The Role of Community and Events in AIResources:https://hackai.quest/https://helheimlabs.ai/https://helheimlabs.ai/about-satu-korhonen/https://www.linkedin.com/in/satu-m-korhonen/https://why2025.org/https://www.ccc.de/en/homehttps://events.ccc.de/en/https://disobey.fi/2026/

In this episode of the Security by Default podcast, host Joe Carson welcomes back Filipi Pires, Head of Identity Threat Labs & Global Product Advocate at Segura® to discuss the latest trends in identity threats and cybersecurity. They explore the evolution of attacks, particularly focusing on social engineering and the role of AI in both offensive and defensive strategies. Filipi shares insights from recent events, including the significance of BSides conferences in fostering community and knowledge sharing. The conversation emphasizes the importance of a zero trust approach and the need for continuous education in cybersecurity.Key TakeawaysThe BSides community is essential for cybersecurity education.Attackers are increasingly using social engineering techniques.AI is being leveraged by both attackers and defenders.Zero trust is a critical framework for modern security.Organizations must implement multiple layers of protection.Credential theft is a major concern in identity threats.B-Sides events provide networking opportunities for newcomers.Cybersecurity Awareness Month is a time for reflection and improvement.The rise of AI in social engineering poses new challenges.Community-driven events like B-Sides foster collaboration and learning.Chapters00:00 Introduction to Security by Default Podcast01:59 Understanding BSides Events05:57 Current Trends in Identity Threats11:50 The Evolution of Authentication Methods14:57 The Rise of InfoStealer Malware18:52 AI's Role in Cybersecurity Threats21:13 AI in Cybersecurity: Defensive and Offensive Perspectives24:36 The Role of APIs and Observers in Cybersecurity26:06 Best Practices for Securing AI in Organizations31:04 BSides Porto: Community and Event Insights39:06 Future BSides: Expanding to Porto AlegreResources:https://www.linkedin.com/in/filipipires/https://segura.security/https://www.instagram.com/filipipires.sec/https://segura.security/events/filipi-pireshttps://www.linkedin.com/showcase/identity-threat-labs/about/https://labs.segura.blog/About Segura®Segura® is an Identity Security Platform built to help organizations secure privileged access, detect identity threats, and respond rapidly to attacks targeting human and machine identities.Designed for hybrid and high-risk environments, Segura delivers identity threat detection and response (ITDR), secure remote access, and privileged session protection — ensuring that only verified users, devices, and applications can access critical systems.From infrastructure and servers to cloud platforms and the supply chain, Segura provides unified visibility and control across every identity interaction. By combining advanced analytics, behavioural detection, and Zero Trust access principles, Segura empowers companies to prevent credential misuse, lateral movement, and privilege escalation before damage occurs.

In this episode of the Security by Default podcast, host Joe Carson engages with Pamela Victor Ibitamuno, a lawyer with a unique background in penetration testing. They discuss the critical intersection of cyber law and cybersecurity, exploring the challenges faced in prosecuting cyber crimes, the importance of understanding intent, and the need for adaptive legal frameworks in the face of rapid technological advancements. The conversation also delves into the role of AI in the legal field and how professionals can stay updated in this ever-evolving landscape.TakeawaysPamela's journey from penetration testing to cyber law highlights the importance of understanding both fields.Legal professionals often struggle to grasp the technicalities of cybersecurity.Regulations may not effectively address the problems they aim to solve.Cyber crime often transcends borders, complicating prosecution efforts.Partnerships between tech companies and governments can enhance cyber crime prevention. Misconceptions about hacking can hinder legal processes.Intent is a crucial factor in determining the legality of cyber actions.The law is lagging behind technological innovations, necessitating updates. AI can streamline legal processes but cannot replace human empathy.Staying informed through conferences and subscriptions is vital for legal professionals. Chapters00:00 Introduction to Cyber Law and Its Importance02:57 Pamela's Journey: From Penetration Testing to Cyber Law06:08 The Intersection of Law and Cybersecurity08:50 Challenges in Cyber Crime Prosecution12:04 The Role of Intent in Cyber Crime14:58 The Need for Adaptive Legal Frameworks17:50 AI's Impact on Cyber Law20:53 Staying Updated in Cyber Law23:59 Conclusion and Future Outlook

In this episode of the Security by Default podcast, host Joe Carson engages with game designer Peadar, Gamification Lecturer at Tallinn University to explore the intersection of game design and cybersecurity training. Peadar shares his journey from teaching to game design, emphasizing the importance of using games to facilitate learning in complex subjects like cybersecurity. The conversation delves into the fundamental elements of games, the challenges of creating effective training games, and the need for conceptual transfer games that bridge the gap between technical and non-technical audiences. Peadar also discusses the future of cybersecurity training, the significance of soft skills, and the different player types in game design. The episode concludes with recommended resources for those interested in game design and cybersecurity.Peadar Callaghan, Gamification Lecturer at Tallinn University, Digital Learning Games Lab, Digital Technologies Institute, Tallinn University. Lecturer in Gamification, Learning Game Design, and Fundamentals of Game Design in the Digital Learning Games Master's program.Key TakeawaysGames can help people understand complex subjects.Cybersecurity is a business problem, not just an IT problem.Effective training requires engaging and simple game mechanics.Checkbox training is ineffective for real learning.Conceptual transfer games are essential for non-technical audiences.The average age of gamers is increasing, indicating a shift in demographics.Soft skills are crucial for effective communication in cybersecurity.Games can create a safe space for learning from failure.Understanding player types can enhance game design for training.The future of cybersecurity training lies in small-scale, experiential games.Chapters00:00 Introduction to Cybersecurity and Game Design02:45 The Role of Games in Learning and Cybersecurity05:52 Fundamental Elements of Game Design09:00 Applying Game Mechanics to Cybersecurity Training11:46 Challenges in Cybersecurity Training Games14:38 Conceptual Transfer Games for Non-Technical Audiences17:44 The Future of Cybersecurity Training20:52 Understanding Player Types in Game Design23:47 The Importance of Soft Skills in Cybersecurity26:28 Recommended Resources for Game Design and Cybersecurity29:24 Conclusion and Future DirectionsResources:https://www.linkedin.com/in/peadar-callaghan-a218721a/https://www.linkedin.com/school/tallinn-university/https://www.tlu.ee/Book - Reality Is Broken: Why Games Make Us Better and How They Can Change the World - https://a.co/d/hzvwYtf Book - Game Design Workshop: A Playcentric Approach to Creating Innovative Games by Tracey Fullerton- https://a.co/d/5jnbDg6

In this episode of the Security by Default podcast, host Joe Carson interviews Christian Herrmann, also known as Iceman, who shares his journey into the world of RFID hacking. The conversation covers Christian's origin story, his passion for technology, and the challenges he faced while learning and developing his skills. They discuss the importance of community engagement, open-source contributions, and the evolution of hacking tools like Proxmark. The episode also touches on risk management in cybersecurity, the ethical implications of hacking tools, and the significance of finding balance in personal and professional life. Christian emphasizes the value of asking for help and surrounding oneself with supportive individuals in the tech community.TakeawaysChristian Herrmann, known as Iceman, shares his journey into RFID hacking.He emphasizes the importance of community engagement and open-source contributions.The evolution of Proxmark has significantly impacted the RFID hacking community.Tools used in hacking can have ethical implications that need to be considered.Risk management is a crucial aspect of cybersecurity and hacking.Finding balance between personal life and professional commitments is essential.Asking for help and engaging with the community can accelerate learning.Surrounding oneself with supportive individuals enhances personal growth.The importance of continuous learning and adapting in the tech field.Gamification can be an effective way to improve hacking skills.Chapters00:00 Introduction and Guest Background01:23 The Journey into Hacking and RFID09:23 The Thrill of Hacking and Career Development20:03 Open Source Contributions and Community Engagement30:54 Navigating Tools and Legal Considerations in Hacking36:03 Conference Experiences and Community Engagement42:00 Tools and Their Misinterpretations44:25 Risk Management in Technology46:06 Current Projects and Future Plans49:40 The Importance of Hobbies and Balance55:33 Learning from Failures and Community Support01:02:22 The Value of Networking and Collaboration

In this episode, Joe Carson speaks with George Kamide about the evolving landscape of cybersecurity, emphasizing the importance of community building, branding, and effective communication. They discuss how cybersecurity is no longer just an IT issue but a societal one, and how understanding user experience is crucial for success. The conversation also highlights the role of podcasts in educating the cybersecurity community and the challenges of building meaningful connections in a digital world.TakeawaysCybersecurity is a societal problem, not just an IT issue.Branding is essential for standing out in a crowded market.Understanding user experience is critical for product success.Podcasts can provide valuable education and insights in cybersecurity.Building communities takes time and effort without immediate ROI.Effective communication is key to conveying value propositions.Listening to customers is more important than broadcasting solutions.Time is the most valuable resource we have.Engagement on social media should be curated and positive.Building relationships requires giving before asking. Chapters00:00 Introduction to Cybersecurity and Community Building02:25 The Importance of Branding in Cybersecurity08:54 User Experience and Customer Understanding19:36 The Role of Podcasts in Cybersecurity Education22:42 Building Communities and Navigating Social Media

The Power of OSINT, Data, and Differentiation in Cybersecurity with Zaira PirzadaLearning, Listening, and Leading in CybersecurityIn this episode of the Security by Default podcast, host Joe Carson speaks with Zaira Pirzada, managing partner of Infinitus Management Consulting. They discuss Zaira's journey into cybersecurity, the importance of open source intelligence, and the lessons learned from her time at Gartner. Together, they delve into the intricate world of cybersecurity marketing, exploring the unique challenges faced by CMOs in this dynamic industry. From the perception of marketing as a cost center to the complexities of standing out in a crowded market, Zaira shares her insights on navigating these hurdles. Tune in to discover how effective storytelling, data-driven strategies, and a deep understanding of market dynamics can transform cybersecurity marketing efforts. The conversation also covers the significance of unique value propositions, and the evolving landscape of cybersecurity vendors. Zaira emphasizes the role of data in decision-making and the need for continuous learning in a rapidly changing field.#Cybersecurity #MarketingChallenges #PodcastTakeawaysZaira Pirzada's journey into cybersecurity was unintentional but evolved into a passion.Open source intelligence (OSINT) played a crucial role in Zaira's early career.Listening and learning from others is vital in the cybersecurity industry.The transition from analyst to CMO involves understanding market dynamics and customer needs.Unique value propositions are essential for startups to stand out in a crowded market.Data is a key asset in cybersecurity, influencing decision-making and strategy.Building trust and reliability is crucial in cybersecurity communications.Negotiation in cybersecurity is evolving with the introduction of AI and data valuation.Education and knowledge sharing are fundamental to success in the cybersecurity community.Continuous learning is necessary to keep up with the fast-paced changes in the industry.Chapters00:00 Introduction to Cybersecurity Journeys02:58 The Path to Cybersecurity: Education and Early Experiences06:04 The Role of Open Source Intelligence in Cybersecurity09:09 The Evolution of Cybersecurity Careers11:59 Lessons from Gartner: Listening and Learning14:44 The Transition to CMO: Marketing in Cybersecurity17:48 The Importance of Unique Value Propositions20:51 Navigating the Cybersecurity Vendor Landscape23:59 The Role of Data in Cybersecurity26:50 Staying Updated in a Rapidly Changing Field29:41 Conclusion and Future Directions

In this episode of the Security by Default podcast, host Joe Carson speaks with Secretary Harry Coker Jr. about his journey into cybersecurity, the importance of mentorship, and the challenges faced in leadership roles. They discuss the evolving role of AI in government and cybersecurity, the significance of resilience in the face of failures, and personal interests that help them unplug from their busy lives. The conversation emphasizes the need for clarity in chaos and the importance of learning from every experience.TakeawaysBringing clarity to chaos is essential for success.Mentorship plays a crucial role in career development.Every day in leadership presents new challenges and opportunities.Learning from both successes and failures is vital.Trust but verify is a key principle in leadership.AI is transforming government operations and cybersecurity.Cyber resilience is becoming more important than ever.Personal interests help leaders to unplug and recharge.Success is often shared, while failure is solitary.The human element must remain in AI decision-making.Chapters00:00 Introduction to Cybersecurity and Personal Journeys06:05 The Importance of Mentorship and Teamwork11:48 A Day in the Life of a Cybersecurity Leader17:51 Lessons Learned from Challenges and Failures21:53 The Impact of AI on Cybersecurity and Governance29:42 Personal Interests and Unplugging from WorkResourcesThe following books and resources were mentioned:"Character" by retired U.S. Army General Stan McChrystal - Harry Coker mentioned he started reading this book and found it insightful, particularly about self-awareness and challenging oneself."The Power of Now" - Joseph Carson mentioned this book as one he was recommended to read and was working towards.

In this special edition episode of the Security by Default podcast, Mikko discusses his extensive career in cybersecurity, his transition to a new role in drone defense, and the innovative Museum of Malware that showcases the intersection of art and cybersecurity. He reflects on his journey, memorable experiences, and the importance of storytelling in engaging audiencesTakeawaysMikko's alternative career choice was journalism.He started in programming and transitioned to cybersecurity.Keynote speaking at Black Hat involves storytelling.Experience reduces anxiety in public speaking.The Omega virus was Mikko's first memorable malware.The Museum of Malware archives the history of cyber threats.The museum features art inspired by malware and cyberattacks.Mikko is transitioning to a drone defense company.He sees parallels between cybersecurity and drone defense.Mikko expresses gratitude for his 34 years in the cybersecurity industry.Resources:https://www.withsecure.com/en/experiences/museum-of-malware-art

In this episode of the Security by Default podcast, Joseph Carson and Evandro Goncalves discuss the critical topic of machine identities also known as non-human identities (NHI), exploring their definitions, challenges, and best practices for management. They delve into the complexities of managing non-human identities in cybersecurity, emphasizing the importance of visibility, risk management, and the principle of least privilege. The conversation also highlights experiences from the NATO Lock Shield event, showcasing the real-world implications of identity security. Evandro shares insights on staying updated in the cybersecurity field and the importance of hands-on learning.TakeawaysThe podcast aims to make security accessible to everyone.Machine identities are non-interactive identities used in IT environments.Organizations may have up to 80 machine identities for every human identity.Visibility and management of machine identities are significant challenges.Over-privileged accounts are a common issue in organizations.Applying the principle of least privilege is crucial for security.Communication and coordination are vital during cybersecurity events.Hands-on experience and laboratories are effective for learning new technologies.Staying updated with threat reports is essential for cybersecurity professionals.Networking through platforms like LinkedIn is beneficial for knowledge sharing.Keywordsmachine identities, cybersecurity, identity security,non-human identities, security management, best practices, NATO Lock Shield,visibility, risk management, zero trust

In this episode of the Security by Default podcast, host Joe Carson interviews Hieu Minh Ngo, a former cyber-criminal turned cybersecurity advocate. Hieu shares his journey from a curious teenager in Vietnam to a successful hacker, his time in prison, and his eventual redemption as he now works to help others avoid the pitfalls he faced. He discusses the importance of honesty, mentorship, and using one's skills for good, emphasizing the need for awareness in cybersecurity and the potential for change in the lives of young hackers.TakeawaysHieu Minh Ngo transitioned from a cyber-criminal to a cybersecurity advocate.His journey began with curiosity about computers and the internet.He faced severe consequences for his hacking activities, including imprisonment.Prison became a time for self-reflection and personal growth for Hieu.He emphasizes the importance of being honest with oneself.After prison, he was recruited by the Vietnamese government for cybersecurity work.Hieu now mentor’s young hackers to use their skills for good.He believes in the power of community and positive influences.Hieu encourages young hackers to participate in bug bounty programs.He stresses that good things will happen when you do the right thing.Chapters00:00 Introduction to Cybercrime and Transformation11:56 The Journey from Hacking to Cybersecurity23:48 The Dark Web and Identity Theft29:46 Finding Purpose in Prison31:41 The Journey to Redemption35:59 Consequences and Redemption37:27 Life After Prison: A New Beginning42:31 Using Skills for Good49:23 Awards and Recognition51:22 Future Aspirations and Mentorship

In this episode of the Security by Default podcast, host Joe Carson speaks with Filipi Pires, a cybersecurity expert with a diverse background in both technical and sales roles. They discuss Filipi's journey into cybersecurity, the importance of identity in security, and the challenges organizations face with misconfiguration. The conversation also covers tools and techniques used in cybersecurity research, the significance of observability, and the need for continuous learning in the field. Filipi shares insights on community engagement and the importance of respecting the journey in one's cybersecurity career.TakeawaysIdentity is a central theme in cybersecurity.Misconfiguration is a leading cause of security issues.Continuous learning is essential in the cybersecurity field.Tools should be used to understand techniques, not just for their own sake.Community engagement is vital for knowledge sharing.Phishing remains a simple yet effective attack method. Legacy software poses significant risks to organizations.Observability is crucial for effective security management.Respecting the journey in cybersecurity is important for growth.Chapters00:00 Introduction to Cybersecurity Journey02:49 Exploring Cybersecurity Research and Trends05:32 Tools and Techniques in Cybersecurity Research08:34 Learning Through Capture The Flag Events11:28 Identity Threats and Misconfigurations14:16 Legacy Systems and Their Impact on Security25:40 Understanding Use Cases in Security Permissions27:36 The Principle of Least Privilege29:31 The Complexity of Identity Management30:28 Challenges in Observability and Access Control32:16 Navigating Multi-Cloud Permissions34:07 Tools for Enhancing Security Visibility 36:14 Continuous Learning in Cybersecurity 41:53 Community Engagement and Knowledge Sharing45:32 Respecting the Journey in Cybersecurity

In this episode of the Security by Default podcast, host Joe Carson welcomes back cybersecurity expert Carlos Polop. They discuss Carlos's journey into the cybersecurity field, the creation and impact of HackTricks, and the role of AI in cybersecurity. Carlos shares insights on using large language models for hacking, the future of AI, and upcoming training courses.The conversation emphasizes the importance of ethical hacking and the need for continuous learning in the rapidly evolving tech landscape.Key TakeawaysHackTricks was created as a personal resource for learning and sharing knowledge.The community has greatly benefited from HackTricks in their learning journeys.AI is revolutionizing the field of cybersecurity and coding.Large language models can assist in finding vulnerabilities and automating tasks.It's important to ask the right questions when using AI tools.Carlos is developing new training courses focused on cloud security and privilege escalation.Hacktricks AI is designed to help users with specific cybersecurity queries.The future of AI in cybersecurity is promising but requires ethical considerations.Continuous learning and adaptation are crucial in the cybersecurity field.Chapters:00:00 Introduction to Cybersecurity and Hacktricks02:54 The Journey into Hacking and OSCP05:54 The Impact of Hacktricks on the Community08:58 Recent Projects and Innovations in Cybersecurity12:00 The Role of AI in Cybersecurity14:57 Automating Code Creation with AI18:01 Future of Hacktricks and Upcoming Courses20:53 Final Thoughts on AI and CybersecurityResources:https://book.hacktricks.wiki/en/index.htmlhttps://training.hacktricks.xyz/https://www.hacktricks.ai/https://github.com/peass-ng/PEASS-ng

In this conversation, Joseph Carson and Martin Sandren delve into the evolving landscape of Identity Governance and Access Management (IGA). They discuss the significance of IGA in modern organizations, the challenges faced, and the impact of cloud solutions and AI on identity management. The conversation highlights the need for contextual and adaptive policies, the importance of interoperability, and the role of community engagement through conferences to stay updated in this rapidly changing field.Key TakeawaysIGA is essential for managing access and compliance in organizations.The shift to cloud-based IGA solutions has transformed the landscape.Contextual and adaptive policies are becoming the norm in identity management.AI is playing a crucial role in enhancing identity governance.Interoperability between systems is a significant challenge.Phishing attacks are increasingly sophisticated due to AI advancements.Zero trust principles emphasize reducing friction in access management.Shadow IT and shadow AI pose risks to organizational security.The signal-to-noise ratio in ITDR systems is a major concern.Engagement in conferences and communities is vital for professional growth in IGA.Chapters00:00 Introduction to Identity Governance and Administration01:43 Understanding IGA vs. IAM04:02 Challenges and Shortcomings of IGA10:05 The Role of IGA in Modern Organizations17:20 Modernizing IGA: Cloud Solutions and Innovations19:07 The Acceleration of Cloud Adoption21:01 Evolving Identity Management Landscape22:53 AI's Role in Identity Governance24:41 Managing Non-Human Identities26:05 The Rise of Shadow IT and AI28:37 Future of AI in Identity Management30:35 Staying Updated in a Rapidly Changing FieldResources:Join an IdentiBeer meetup near youhttps://identi.beer/

In this episode, Joe Carson interviews Joe Grand, a renowned hardware hacker and educator. They discuss Joe Grand's journey into hacking, the importance of community and collaboration in the field, and the evolution of technology and security challenges over the years. Joe shares his early experiences with computers, his transition from engineering to hardware hacking, and the pivotal role of the Loft in shaping his career. The conversation also touches on the founding of @Stake (ATstake, Inc.) and the challenges of balancing passion with corporate expectations in the cybersecurity industry. In this conversation, Joe Grand discusses his journey in the hacking community, including his experiences designing badges for Defcon, the importance of artistic engineering, and the impact of live hacking events. He shares insights on parenting in the digital age, the significance of legacy software security, and the challenges of vendor communication. Joe also highlights his current projects, the learning process through failure, and resources for aspiring hackers, culminating in a discussion about his involvement in a film related to cryptocurrency.TakeawaysCommunity and collaboration are vital in the hacking world.Hacking is a continuous learning process; you never know everything.Early experiences with computers often start with games and curiosity.The Loft provided a transformative experience for Joe Grand.Transitioning from engineering to hacking can be a natural progression.AtStake was a significant step in Joe's career, merging hacking with business.Finding purpose in teaching others about hardware hacking is fulfilling.The importance of viewing security from an adversarial perspective.Hacking and engineering can complement each other in unique ways. Joe Grand returned to design the Defcon badge after years away.He emphasizes the blend of art and engineering in hacking.Live events showcase the real-time problem-solving process in hacking.Parenting involves guiding children through the digital landscape.Not all hacks need to be groundbreaking to be significant.Legacy software security remains a critical issue.Effective communication between vendors and hackers is essential.Current projects focus on refining fault injection techniques.Learning through failure is a vital part of the hacking process.Documentation is crucial for replicating and building on work.Chapters00:00 Introduction to the Podcast and Guest01:43 The Journey of a Hardware Hacker05:16 The Importance of Community in Hacking09:50 Early Experiences and Hacker Origins14:41 Transitioning from Engineering to Hardware Hacking18:16 The Loft: A Transformational Experience23:51 From Passion to Career: The AtStake Journey30:56 Finding Purpose in Teaching and Hacking33:21 Reviving the Defcon Badge Design34:47 Exploring Artistic Engineering in Hacking35:44 The Impact of Live Hacking Events37:33 Parenting in the Digital Age39:28 Lessons from Hacking Time42:48 The Importance of Legacy Software Security46:37 Vendor Communication and Security48:58 Current Projects and Future Directions51:51 Learning Through Failure54:54 Resources for Aspiring Hackers58:56 The Intersection of Hacking and FilmAdditional Resources:https://grandideastudio.com/https://www.youtube.com/watch?v=o5IySpAkThg https://www.imdb.com/title/tt27307826/

In this episode of the Security by Default podcast, host Joseph Carson speaks with cybersecurity expert Terence Jackson about the evolving landscape of cybersecurity, the challenges faced by CISOs, and the importance of data security and governance. They discuss the impact of AI on security practices, the role of the CISO as a risk manager, and the need for organizations to prioritize foundational security measures in a rapidly changing technological environment. In this conversation, Terence Jackson and Joseph discuss the evolving landscape of cybersecurity, emphasizing the importance of asset management, the role of AI in business intelligence, and the need for a balance between security and user experience. They explore the future of CISOs in a world increasingly governed by digital intelligence and the necessity of continuous learning and community engagement in the cybersecurity field.Key TakeawaysThe cybersecurity landscape is constantly evolving, with new challenges emerging.AI is transforming both the attack and defense sides of cybersecurity.Data security remains a critical concern for organizations.CISOs are increasingly seen as risk managers rather than just security officers.Governance and compliance are essential for effective data management.Organizations must prioritize identity and access management.The role of the CISO has become more strategic and board-level.Understanding data exposure risks is crucial for compliance.Foundational security practices are necessary for effective defense.Continuous learning and adaptation are vital in the fast-paced tech world. AI will play a crucial role in enhancing business intelligence.Effective asset management is foundational for organizational security.Zero trust must be balanced with zero friction for user experience.Creating a positive security culture is essential for engagement.CISOs will increasingly focus on data governance and business risks.The proliferation of AI agents presents new security challenges.Security should be integrated seamlessly into user workflows.Continuous learning is vital in the rapidly changing cybersecurity landscape.Community engagement fosters knowledge sharing and support.Focusing on the basics is key to effective cybersecurity.Chapters00:00 Introduction to Cybersecurity Journeys02:17 Challenges in Cybersecurity Today06:43 The Evolving Role of the CISO11:06 Governance, Compliance, and Data Security14:56 Prioritizing Security in a Fast-Paced World19:39 The Role of AI in Business Intelligence20:02 Importance of Asset Management21:52 Zero Trust and Zero Friction Security23:38 Creating a Positive Security Culture24:27 The Future of CISOs and Digital Intelligence29:32 Continuous Learning and Community EngagementAdditional Resources:Connect with Terence: https://www.linkedin.com/in/terencejackson/https://www.terencedjackson.com/