Security Cocktail Hour

In this episode, Ché Bolden joins us to talk about drone security, uncrewed systems, satellite security, GPS, autonomy, counter-drone defense, and the growing cyber risks around space-based infrastructure. We get into how drones were originally secured, why unencrypted links were such a problem, how command-and-control attacks can work, and why space is now part of the security conversation.This conversation sits at the intersection of cyber security, drone warfare, satellite security, space security, and the future of connected systems. If you care about drones, satellites, GPS, cyber risk, or the security of critical infrastructure, this episode is worth a listen.GuestChé BoldenLearn more:bolden.groupinterastra.institute

Joe South joins the Security Cocktail Hour to discuss the state of communication satellite security and the doctoral research he is doing to change it. Joe is Director of Cloud & AI Security at Abira Security and hosts the Security Unfiltered podcast, one of the larger independent cybersecurity podcasts. The conversation covers what satellite defense actually looks like today: why most of the security is at the ground station rather than on the satellite itself, what happens when CubeSats stay in orbit for 10 to 12 years without meaningful patching, and how a zero trust framework could be made to work on hardware that operates on less than three watts of power. Joe walks through his proposed approach, which combines TPM-based component authentication with a distributed trust ring across satellite orbits.We also get into cyber warfare and the attribution problem, the strategic implications of a compromised satellite fleet, and Joe's personal story about building self-sufficiency. If you work in cloud, infrastructure, or national security and have never had space in your threat model, this is a good place to start. Guest: Joe South, Director of Cloud & AI Security at Abira Security, host of Security Unfiltered (securityunfiltered.com), doctoral candidate at Capital Technology University.Subscribe to the Security Cocktail Hour newsletter at securitycocktailhour.com for a biweekly read on cybersecurity news and upcoming episodes.

Matt Sloane has spent 13 years in the drone industry, working with over 1,000 public safety agencies to build and operate drone programs. As Co-Founder and Chief Strategy Officer of SkyfireAI, he's at the intersection of drone operations, AI-enabled autonomy, and national security policy.In this conversation, Matt covers how drone first response (DFR) programs are changing 911 operations, why the FAA's upcoming Part 108 framework will prioritize autonomy over human pilots, how counter-UAS mitigation actually works (with memorable stories from the Super Bowl and World Cup preparations), and what he told the White House about the Chinese drone ban's impact on American public safety agencies.Supply chain risk from Chinese-made drones mirrors the Hikvision and Huawei debates. Counter-UAS involves signal jamming and RF detection. Autonomous drone systems are expanding the attack surface in ways most security programs haven't accounted for yet.

Amanda King was a Senior Director of Breakthrough Technology at an aerospace and defense company when she learned she was on a list of 77 people specifically targeted by Iran's Charming Kitten APT group. In this episode, she tells the full story: how the Associated Press tried to reach her three times, what the attackers accessed, how a US government agency got involved, and what she changed in her personal and professional life afterward.The conversation covers the real-world experience of being targeted by a nation-state actor, the gap between corporate and personal security, what it's like when a three-letter agency asks for access to your life, and how the experience shaped Amanda's approach as she moved into executive roles. Amanda also shares her perspective on resilience, including her cancer journey, and a practical framework for processing difficult experiences.Hosts: Joe Patti and Adam Roth. Recorded March 14, 2026.

Luke Canfield has been building, flying, and hacking drones for years. In this episode, he walks us through the real intersection of drones and cybersecurity — war-flying attacks on financial institutions, cartel drone operations at the US-Mexico border, DIY drone building with no attribution, and why "security exists in three dimensions."Topics covered:War-flying: aerial man-in-the-middle attacks with drone-mounted Wi-Fi Pineapples3 real cases of drone-based cyberattacks against financial institutionsMexican cartels: 330+ drone incursions/day at the US borderUkraine: how the conflict advanced drone tech by 15 yearsDrone detection: RF tracking, acoustic sensors, radar, AIFAA regulations and fines up to $100KDisaster response: mesh networks and radio repeaters via dronesThe coming Part 108 era and why a fake Amazon drone is the next attack vectorGuest: Luke Canfield — cybersecurity professional and drone security researcherLearn more: https://www.lsechub.comConnect: securitycocktailhour.com | Newsletter: securitycocktailhour.com/newsletter

Sharon Isaaci and David Warshavski spent careers on the offensive side of cybersecurity — breaking into organizations, finding zero-days, and cleaning up after the breaches that followed at Sygnia, Israel's premier incident response firm. After hundreds of engagements, they kept finding the same thing on both sides of the wire: breaches happen not because vulnerabilities go undetected, but because they go unmanaged.Vulnerability management has been stuck for 30 years. More tools, more alerts, more dashboards — and vulnerability exploitation as a breach cause nearly tripled in 2024 alone. When ChatGPT arrived in late 2022, Sharon and David saw the missing piece: the organizational context that could fix the problem had always existed, scattered across Slack, email, wikis, and internal tools. GenAI finally made it possible to pull that together at scale.In this conversation, we get into how two practitioners who've spent careers attacking organizations are now applying that attacker's lens — automated with AI — to break open a field that's resisted change for decades. We cover why visibility was never the real problem, what context-driven prioritization actually looks like, and what it takes to mobilize the people who do the patching.This one is for practitioners who've lived the frustration. And for anyone watching AI get applied to a real, stubborn problem — not as a marketing claim, but as the thing that finally moves the needle.Follow us for more conversations with practitioners who've been in the trenches.00:00 Intro & Guest Introductions05:35 Vulnerability Management: Still a Problem09:45 AI as a Security Solution, Not a Problem15:47 Visibility is Easy; Context is Hard29:46 Leveraging the Hacker Mindset35:29 We Need Less Findings, Not More42:39 We're in Exciting TimesWebsite: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

What happens when your security perimeter extends to Mars—and MFA isn't an option?In this episode of the Security Cocktail Hour, we sit down with Renee Wynn, former CIO of NASA, to explore what cybersecurity looks like when traditional frameworks simply don't apply.Renee Wynn managed IT for some of humanity's most critical infrastructure: Mars rovers, the James Webb Space Telescope, the International Space Station. We cover the unique challenges of cybersecurity in the aerospace, defense and space fields—and what those constraints teach us about security thinking more broadly.Early in the discussion, Renee emphasizes: "We always have to make sure we don't have a failure of imagination when we're looking at these risk-based decisions." This is the kind of mindset shift that shapes great security leaders. We also explore how she navigated government oversight, built trust with federal auditors, and led through constraints that forced her to rethink everything.Whether you work in government, private sector, or dream of expanding your security career into new industries—this conversation will broaden how you think about what's possible.00:00 Introduction & The Coolest Resume in Cybersecurity00:51 No Multi-Factor Authentication on Mars: Securing Assets Beyond Earth02:54 Navigating Oversight: How to Build Trust With Government Auditors15:00 Failure of Imagination: Rethinking Risk Assessment in Extreme Environments35:00 Leadership Lessons: Thinking Bigger in SecurityWebsite: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

In part 2 of our discussion, John Strand tells us how the cybersecurity industry has turned stagnant, with a lack of innovation and an investment model that isn't going to turn that around any time soon. We explore why venture capital funding hasn't led to the breakthrough products the industry needs, and what's holding back real innovation. John also highlights the leaders in the security industry who are actively giving back to the community, and he and Adam try to one-up each other over who's stayed in the most disgusting hotel room.00:00 Intro00:12 Security is Ripe for Disruption06:19 Better Investors = Better Security Products10:22 Security is Awesome12:43 Scaling Conference Talks15:54 John's Advice on Guests17:30 A Great Set of People23:18 Bad Hotels, Good People29:10 Wrapup29:54 OutroThis is Part 2 of our conversation with John Strand. Website: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Subscribe and share with colleagues who'll enjoy honest discussions among security professionals.

John Strand isn't interested in fixing the broken security education system—he's tearing it down and rebuilding it. In Part 1 of this two-part conversation, the founder of Black Hills Information Security explains why scholarships don't solve the real problem, how American universities are losing ground to European programs, and the unexpected places where he's finding the next generation of security talent.What We Cover:Why scholarships preserve a broken system instead of fixing itThe barriers that actually matters: Not what you expectAmerican universities vs. European programs: who's winning and whyCareer changers bringing new perspectives to the industry.AI's "fallow period" in hiring and what comes nextThe standardization of mediocrity: how AI is making everything "blah"00:00 Introduction00:50 Rethinking Cyber Education07:01 Diversity Brings Amazing People into Security09:53 Changing Lives11:42 Giving Back to the Community14:33 The Strand Family of Companies17:02 Security's AI MistakePart 2 coming soonWebsite: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Subscribe and share with colleagues who need to hear this perspective on the future of security education.

Keeping your Flipper Zero's firmware updated is critical for security and performance—but the update process isn't always smooth. In this episode, we'll walk you through every step of updating your Flipper Zero firmware, including how to work through a snag you might encounter.Whether you're a security professional, pentester, or hardware enthusiast, regular firmware maintenance is essential for keeping your tools secure and functional. This guide shows you what it takes for the popular Flipper Zero.00:00 Introduction to Flipper Zero02:30 Laptop connection and app06:20 Begin Update07:23 This doesn't look right09:40 Definitely not right10:27 Success12:57 Next stepsCatch up with the previous episode in this series when we unboxed the Flipper Zero:https://open.spotify.com/episode/1rU2o8B5cd9MYZ4uQSB3VG?si=cce55d68cdc048b6And our episode on the ethics of 'hacking' devices:https://open.spotify.com/episode/0olsN2LKLn09wOLpnxqeIH?si=adf4b00394714209📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox.👉 https://securitycocktailhour.com/newsletter/🔗 Connect With Us:Website: https://securitycocktailhour.comLinkedIn: https://www.linkedin.com/company/security-cocktail-hour/Twitter: @SecCocktailHour

Curious about the Flipper Zero, one of the most talked-about `gadgets` out there? We give you a quick look as we unbox a new one.This is a companion to one of our earliest episodes, where we talked about the ethics and proper use of hacking tools. https://youtu.be/BVca3X8wE_c📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox.👉 https://securitycocktailhour.com/newsletter/🔗 Connect With Us:Website: https://securitycocktailhour.comLinkedIn: https://www.linkedin.com/company/security-cocktail-hour/Twitter: @SecCocktailHour

Job scams are getting scary good. We're talking AI deepfakes, fake recruiters, and cryptocurrency traps that are fooling even tech-savvy professionals. In this Security Cocktail Hour holiday special, Joe and Adam break down four of the most dangerous job scams hitting people right now—because nothing says "Happy Holidays" quite like protecting yourself from scammers, right?If you're job hunting (or know someone who is), grab a drink and settle in. We're covering everything from deepfake video interviews to the bizarre world of "lucky order" scams that'll drain your crypto wallet faster than you can say "I got the job!"What You'll Learn:✅ How scammers use real-time deepfake technology to impersonate legitimate recruiters✅ The malware delivery tactics hidden in "competency tests" and coding exercises✅ How to spot fake job postings before sharing personal information✅ The "lucky order" scam that tricks workers into depleting their own accounts00:00 Intro: Job Scams for the Holidays01:08 AI Enhanced Interview Fraud11:26 Packaging and Processing Scams17:23 Mystery Shopper Scam24:30 Gamify/Task Scams28:48 Help Spread Awareness29:40 Wrapup and Happy Holidays30:58 Bonus Bloopers!Key Takeaways:🚩 Red Flag #1: Any job asking for money upfront (deposits, equipment fees, background check fees)🚩 Red Flag #2: Payment exclusively in cryptocurrency for employment🚩 Red Flag #3: Requests for excessive personal information before an interview🚩 Red Flag #4: Downloading special software for interviews or tests🚩 Red Flag #5: "Too good to be true" easy money for simple tasksProtect Yourself:✓ Always verify recruiters through official company websites (not LinkedIn alone)✓ Never give MFA/2FA codes to anyone—even for "deposits"✓ Be wary of video interviews that seem glitchy (could be deepfakes)✓ Research the company independently before sharing personal data✓ Use multi-factor authentication on all financial accounts📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox every week.👉 https://securitycocktailhour.com/newsletter/🔗 Connect With Us:Website: securitycocktailhour.comLinkedIn: https://www.linkedin.com/company/security-cocktail-hour/Twitter: @SecCocktailHourShare This Episode: Know someone job hunting? Share this video to help protect them from these evolving scams.

Scammers stay busy during the holidays. From recognizing fake gift card requests to safe phone payments for teens, we're bringing back the best cyber security tips from last year's holiday episode, as a warmup for a new episode focusing on the latest job scams coming next week.00:00 Introduction to the Holiday Episode00:31 Phone malware and app privacy06:41 EZPass Alerts and Package Delivery08:56 Sexploitation12:07 The Importance of Zero Trust14:07 Gift Cards20:54 Tap to Pay24:52 The Debate: Debit vs. Credit Cards29:56 Subscriptions and Hidden Costs31:41 WrapupWhether you’re buying gifts, traveling, or just enjoying the holidays with family, these practical tips will help you protect yourself and your loved ones.👉 Help us fight back against the scammers: Share this episode with friends and family to keep them safe too! Leave a comment with your experiences or questions about scams.Stay safe, stay smart, and have a happy holiday season! 🎁

In this episode of the Security Cocktail Hour, guest Jatin Mannepalli introduces co-hosts Joe Patti and Adam Roth the high-speed, high stakes world of high frequency trading (HFT) and its many security challenges. The conversation delves into the intricacies of high frequency trading, the stress of incident response, and the importance of redundancy in connectivity. They discuss the evolution of data transmission methods, the challenges of security in trading environments, and the role of custom hardware. The episode also touches on the current job market in cyber security and the necessity of collaboration among firms to enhance security measures.Have you worked in cyber security for trading environments, or HFT's? Tell us about your experience in the comments.The views and opinions expressed in this podcast are solely those of the speaker, Jatin Mannepalli, and do not necessarily reflect the views, positions, or policies of IMC Trading or its affiliates.

Join Security Cocktail Hour hosts Joe Patti and Adam Roth for an in-depth conversation with Myke Lyons, Chief Information Security Officer at Cribl, about AI in cybersecurity operations. Discover how modern CISOs are actually using LLMs and AI tools in their daily work, handling the data explosion (28% CAGR growth in logs), and transforming security operations with smarter telemetry management. Myke shares practical AI adoption strategies, prompt engineering techniques, and his unique perspective on threat hunting with modern data architectures. From his non-traditional background (Culinary Institute of America graduate) to leading security at companies like Snyk, Collibra, and ServiceNow, Myke offers real-world insights on the future of AI in security.

Everyone's using AI, including ransomware gangs. Podcast guest Karin Lagziel, Director Cybersecurity at consulting firm Sygnia, gives us the news and her cyber defense strategies for fighting back: With more AI, as well as a focus on fundamentals.In this episode:🔹 The first AI-powered ransomware "Prompt Lock" discovered in the wild 🔹 How Chinese hackers created "Villager" - the AI version of Cobalt Strike 🔹 Why traditional cybersecurity is failing against AI attacks 🔹 How attackers weaponize your own AI against you 🔹 The dark web's "AI as a Service" marketplace 🔹 Real-time deep fakes so realistic they fool security experts 🔹 AI governance frameworks 🔹 Why every organization needs agentic AI for defense 🔹 The future of cybersecurity careers (spoiler: humans aren't going away)Guest info: Karin LagzielLinkedIn: https://www.linkedin.com/in/karinlags/ Sygnia: https://sygnia.coHow are you preparing for AI-enabled cyber attacks? Tell us in the comments. 👇

Forbes 30 Under 30 cybersecurity expert Yevheniia Broshevan discusses crypto security challenges, bug bounty programs, and the reality that 95% of Bitcoin has been mined while 11-18% is lost forever.🔥 What You'll Learn:The concerning trend in crypto losses hitting $3 billion this year aloneHow bug bounties in Web3 can reach up to $10 million for critical vulnerabilitiesHow operational security failures cause more crypto thefts than code vulnerabilitiesWhy diversification is critical when storing digital assetsThe reality behind crypto kidnappingsReal-world asset tokenization and the future of digital assetsKey management best practices🎯 Guest Spotlight:Yevheniia Broshevan – Co-Founder and CEO of Hacken, Forbes 30 Under 30 honoree, and Web3 security pioneer who has been active in crypto since 2014. Hacken, an end-to-end security and compliance partner for digital assets, has conducted security assessments for over 2,000 clients and operates a community of 50,000+ ethical hackers who have identified vulnerabilities worth millions.💡 Key Takeaways:Access control issues and private key leakage cause majority of crypto hacksBug bounties in crypto can reach 5-10% of potential losses (millions in payouts)Hardware wallets, diversification, and proper key management are essentialThe industry lost $2.5 billion last year, $3 billion this year - trend is acceleratingPhishing and social engineering remain the weakest links in crypto security🚨 Critical Security Insights:From penetration testing blockchain protocols to smart contract audits, Yev reveals the hidden vulnerabilities that put billions at risk. Whether you're a crypto investor, security professional, or curious about Web3 technology, this conversation delivers actionable intelligence you can't afford to miss.💬 Comment: What's your biggest crypto security concern?Follow the Security Cocktail Hour podcast:Website: https://securitycocktailhour.comLinkedIn: https://www.linkedin.com/company/security-cocktail-hour/Twitter/X: @SecCocktailHourInstagram: https://www.instagram.com/seccocktailhour/Guest Links:Yevheniia Broshevan LinkedIn: https://www.linkedin.com/in/broshevan/Hacken: https://hacken.io#CryptoSecurity #Web3Security #Blockchain #Cybersecurity #DigitalAssets #SmartContracts #CryptoHacking #BugBounty #Web3 #SecurityPodcast #Forbes30Under30 #EthicalHacking #PenetrationTesting #CryptoWallet #KeyManagement #SecurityAudit #DeFi #Cryptocurrency

Ever wondered what that mysterious "WiFi Pineapple" device from hacker movies actually does? Today we're unboxing the Hak5 WiFi Pineapple Mark 7 - the real penetration testing tool that's been featured in countless TV shows and movies!🔥 What We Cover:Complete unboxing of the WiFi Pineapple Mark 7How hackers use this for man-in-the-middle attackWhy you should be worried about fake WiFi hotspotsReal-world scenarios where this could be deployedEthical penetration testing applications⚠️ STAY SAFE: This video is for educational and ethical penetration testing purposes only. Always use these tools responsibly and only on networks you own or have explicit permission to test.For a discussion on these tools and the ethics of using them, listen to Episode 6: https://creators.spotify.com/pod/profile/security-cocktail-hour-po/episodes/Ep--6-Flipper-Zero-and-Other-Totally-Legit-Hacking-Tools-e2bsa4iFor more unboxing videos of hacking and cybersecurity devices, check out this episode:https://creators.spotify.com/pod/profile/security-cocktail-hour-po/episodes/Ep--58-Travel-Router-Unboxing-Dont-Get-Hacked-on-Vacation-e36dgrf#WiFiPineapple #Hak5 #CyberSecurity #PenetrationTesting #Unboxing #InfoSec #EthicalHacking #SecurityCocktailHour

Back in Episode 54 we talked about vacation cybersecurity, including the dangers of hotel WiFi and public networks. Today we're unboxing the travel router that could save your digital life while traveling (or at least save you a lot of grief).🚨 Why You NEED This:Hotel WiFi is a hacker's playground. From man-in-the-middle attacks to data theft, public networks are incredibly dangerous. This tiny device creates your own secure network bubble wherever you go!🏨 Real Vacation Scenarios:Hotel room internet securityAirport lounge protectionCoffee shop safetyAirbnb and rental property networksInternational travel considerations

It takes an advanced degree to understand the psychology behind why users hate security controls, so we got someone with two: Dr. Nikki Robinson, DSc Cybersecurity, PhD Human Factors. Nikki joins us to break down the real reasons security implementations fail—and how to fix them.What You'll Learn:🔹Why vulnerability scoring goes wrong (hint: it's not the tech)🔹How to get 99% patching rates through automation🔹The psychology behind user resistance to security controls🔹Why developers say "I can't implement secure code" (and what to do about it)🔹Human factors engineering for cybersecurity practitionersReal-World Insights:♦️From 60% to 99% vulnerability remediation in 6 months♦️Why 600-page security policies guarantee failure♦️The empathy approach to security policy enforcement♦️API sprawl and agentic AI risks keeping security pros awakeDr. Robinson combines IT operations experience with advanced degrees in cybersecurity and human factors psychology. Her research reveals why traditional security approaches create resistance—and practical frameworks that actually work.She also schools us in how to make a tequila sunrise (technique matters!)

Why would a hacker at the top of his game who found dozens of zero-days switch to defense? The answer is a lot more complicated than you think. In this fascinating episode, we sit down with Cody Pierce, co-founder and CEO of Neon Cyber and former Zero Day Initiative researcher. Cody gives us an insider view into the exploit marketplace, and tells us why he went from offense to defense.🎯 WHAT YOU'LL DISCOVER:✅ The REAL difference between vulnerabilities and exploits (most people get this wrong)✅ Why attackers "bank" zero-days instead of using them immediately✅ The shocking economics behind exploit marketplaces ($50K to nearly worthless in seconds)✅ How nation-state attacks actually work (it's not what you think)✅ What happened with Cody's own USB hacking tool✅ What motivated Cody to change his approach to ecruityPerfect for: Cybersecurity professionals, ethical hackers, IT managers, security researchers, students, and anyone curious about the real world of cyber warfare#Cybersecurity #Podcast #ZeroDay #EthicalHacking #InfoSec #InformationSecurity #CyberWarfare #SecurityResearch #Vulnerabilities #Exploits #CyberDefense #ZeroDayInitiative #CyberEthics

Join us for a special episode of the Security Cocktail Hour as co-hosts Joe Patti and Adam Roth sit down with cybersecurity legend Paul Asadoorian—founder of Security Weekly and Principal Security Evangelist at Eclypsium. With more than two decades of experience, Paul brings his unique mix of deep technical knowledge and podcasting charisma to discuss firmware vulnerabilities, supply chain risks, and the overlooked attack surfaces hiding in your hardware. And he literally--and we do mean literally--brings fire to the show.🎙️ In This Episode:• Paul’s journey to becoming a leading voice in cybersecurity—and how he found a career he truly loves• Why firmware and supply chain security are the hidden battlegrounds of modern cyber defense• This might finally be the Year of the Linux Desktop.Paul's podcasts:Paul's Security Weekly: https://www.scworld.com/podcast-show/pauls-security-weeklyBelow the Surface Podcast: https://eclypsium.com/podcasts/

Got big travel plans this summer? Remember to pack some protection against cyber threats. In this episode of the Security Cocktail Hour podcast, hosts Joe Patti and Adam Roth break down the real cybersecurity threats you face when using hotel Wi-Fi, airport chargers, and public networks—and what you can do to stay safe.Learn about:• Why public Wi-Fi is more dangerous than you think• The truth about VPNs—and what they don’t protect• USB “condoms,” OMG cables, and travel routersWhether you’re a casual traveler or a frequent flyer, join us to learn how to keep your long-awaited vacation free from cyber headaches. 💬 Comment and follow us for the latest on cybersecurity from industry experts. 📌 Got a question or topic idea? Drop it in the comments—we just might feature it in an upcoming episode.#Podcast #Cybersecurity #InformationSecurity #Infosec #TravelTips #VPN #WiFiSecurity #USBCondom #DigitalSafety #PublicWiFi

In this episode of Security Cocktail Hour, we go deep into the high-stakes world of modern cyber incident response (IR) with Lisa Landau and Tim Shipp of ThreatLight—two top-tier experts redefining how breaches are handled today.Discover how IR has evolved—and why the old playbook no longer works.What you’ll learn:• Why speed is everything in breach response• Why incident response isn’t about flying on-site anymore• How top teams manage the intense stress of IR• Why cybercriminals operate like businesses—and how to outsmart them• Why tools alone aren’t enough—and what your team really needsWhether you’re defending a Fortune 500 company or just want to understand how real cyber incidents unfold, you’ll hear directly from the professionals who lead real-world breach responses under pressure.📎 Learn more about ThreatLight: https://www.threatlight.com

Selling six-figure security solutions isn’t about flashy demos or steak dinners—it’s about trust, relationships, and delivering real value. In this episode of the Security Cocktail Hour, we go inside the world of cybersecurity sales with Trevor Marcotte, founder of TnK Tech and a longtime industry insider.Trevor reveals how deals actually get done in the high-stakes world of cybersecurity—from building trust with IT buyers and CISOs to navigating complex vendor relationships and solving real problems for clients. Alongside co-hosts Joe Patti and Adam Roth, Trevor shares why people matter more than products, and how trust beats tools every time.Visit TnK Tech at https://tnkgoattech.com💬 Tell us in the comments about the good and bad relationships you've had with sales people.#Cybersecurity #InfoSec #InformationSecurity #Podcast #TechSales

Agentic AI is changing the game—but is it a security nightmare in the making? In this episode of the Security Cocktail Hour, co-hosts Joe Patti and Adam Roth sit down with Kevin O’Connor to dive into one of the hottest (and most misunderstood) topics in cybersecurity: Agentic AI Security.Join us to learn:✔️ What agentic AI actually is—and why it’s exploding in popularity✔️ The real security risks that come with AI agents running wild in business environments✔️ How cybercriminals can hijack AI agents for fraud, misinformation, and even weaponizing data✔️ Why agentic AI could be the new Shadow IT, operating outside security teams’ control✔️ How companies can secure AI-powered automations before they become the next major attack vectorAs businesses rush to adopt AI-driven assistants, chatbots, and automation tools, are they unknowingly opening the floodgates to massive security risks? And can we actually defend against it?Watch now to get ahead of the next AI security challenge!Kevin joins us from ZenityLearn more about Securing Agentic AI from Zenity Labs - No Sales, No Marketing, Just the Researchhttps://labs.zenity.io/Get in on the conversation - The Industry’s First Agentic AI Security Summithttps://www.zenity.io/resources/events/ai-agent-security-summit-2025/Do you think AI agents will turn everyone into a software developer? Tell us in the comments.

Ever wondered what it's like to lead cybersecurity on the front lines? In this episode of Security Cocktail Hour, we sit down with Keren de Via, a former IDF officer and trailblazing Chief Information Security Officer (CISO), who shares her extraordinary journey from military leadership to navigating the complex world of corporate cybersecurity.Join hosts Joe Patti and Adam Roth as they dive deep into Keren's experiences leading cybersecurity for front line units, where security decisions carry the highest stakes. From adapting military strategies to the boardroom to redefining leadership in the cybersecurity landscape, Keren's insights are a masterclass in resilience, agility, and innovation.Tell us about some of the toughest decisions you've made in the comments!#Cybersecurity #Leadership #CISO #InformationSecurity #RiskManagement #Podcast #CyberLeadership #Innovation #HighStakesDecisions #CyberResilience

If you thought the tech industry only wanted your money, think again -- they're coming after your mind. Guest Winn Schwartau describes how in his new book "The Art and Science of Metawar: How to Coexist With AI-Driven Reality Distortion, Disinformation, & Addiction". Join us to learn what Metawar is, how we can protect ourselves with cognitive defenses and why immediate action is crucial, because it's already begun.To get right into the discussion of Winn's book, jump to 6:03Buy the book at Amazon https://a.co/d/5JEA9LuVisit Winn at his website and follow him on social mediaWeb: https://www.winnschwartau.com/LinkedIn: https://www.linkedin.com/in/winnschwartau/Instagram: https://www.instagram.com/winnschwartau/X: https://x.com/winnschwartauTikTok: https://www.tiktok.com/@officialwinnschwartauAnd follow us too!LinkedIn: https://www.linkedin.com/company/security-cocktail-hourInstagram: https://www.instagram.com/seccocktailhour/Web: https://securitycocktailhour.comDrop us a comment and tell us if you want to see more authors talking about their books!#informationsecurity #infosec #podcast #cybersecurity #metawar #books

Previous guest Jennifer Gold returns for another episode, and this time she's brought friends: cyber and intelligence veterans Patrick Arvidson and Roger Hockenberry. Together, they delve into the evolving world of cybersecurity, sharing insider perspectives from the CIA, NSA, and the private sector. Hear about:🕶 Why Fridays and holidays are prime time for ransomware attacks💡 The commoditization of intelligence🎯 Practical strategies to prevent, detect, and respond to cyber threatsLearn how attackers exploit weekends, discover the real cost of third-party risks, and uncover why “intelligence” might not always mean what you think. Plus, hear about the creative side of coding, retro hacking nostalgia, and the challenges of managing risk in a hyperconnected world.If you’re ready for a blend of expert advice, engaging banter, colorful drinks and Hawaiian shirts, be sure to join us. And don’t forget to drop us a comment and follow the podcast.#informationsecurity #infosec #cybersecurity #podcast #ransomware #threatintelligence #hacking

You need experience to get even an entry level job, but how to do you get a job if you don't have experience? For years this classic dilemma didn't apply to cybersecurity, but times have changed. Newly minted security consultant Jerry Sinayuk of NukuDo tells us how he got trained and is lining up his first consulting engagements -- all while getting paid. Join us to learn about this new approach to breaking into a high-tech industry that's actually centuries old.And if that isn't enough to hit a lot of keyword searches, Jerry also shares his passion for blockchain technology and gives his unvarnished opinion on NFT's.Put your questions on cyber security hiring in the comments, and Joe and Adam will respond with the wisdom of their many years in the field. And don't forget to share and tell your friends.Check out NukuDo, Jerry's company, and their program at https://nukudo.com.Show your support for the podcast with official Security Cocktail Hour merch: Shirts, mugs and more at https://securitycocktailhour.com/store#informationsecurity #infosecurity #cybersecurity #podcast #cyberjobs #securityjobs #blockchain #nft #bitcoin #cybercurrency #training

Artificial intelligence is revolutionizing industries, and cybersecurity experts are navigating uncharted territory to keep pace. In this episode of the Security Cocktail Hour podcast, Alec Crawford, Founder and CEO of AI Risk, Inc., joins co-hosts Joe Patti and Adam Roth for a dive into the practical, technical, and ethical challenges of AI - including some surprises nobody saw coming, as well as what an adversary can do with a drone. From early work with neural networks to cutting edge large language models, Alec shares the challenges he's taking on to secure today’s generative AI models.Highlights include:🔒 Vulnerabilities AI introduces to corporate environments🔒 Creative and unexpected ways hackers are manipulating AI systems🔒 Why regulating AI is so challenging—and what might work betterFor more insights from Alec, tune into his podcast, AI Risk-Reward or visit AI Risk, Inc..#InformationSecurity #Infosec #Cybersecurity #Podcast #ArtificialIntelligence #AI #GenAI #GenerativeAI #Hacking #TechInnovation #Regulation #TechRegulation #Drone

This holiday season, don’t let scams ruin the festive spirit! In this special holiday episode of the Security Cocktail Hour, co-hosts Joe Patti and Adam Roth break down the most common holiday scams, from the classics to the sneaky new ones you’ve never heard of. From fake gift card requests to sophisticated AI-driven scams, we’ll teach you how to stay one step ahead of the scammers.🎄 What you’ll learn: How scammers exploit holiday stress and generosity The latest tricks using AI and malware Real-life examples of scams and how to avoid themWhether you’re buying gifts, traveling, or just enjoying the holidays with family, these practical tips will help you protect yourself and your loved ones.And to really up your security game, check out our new store for Security Cocktail Hour clothing and gear at https://securitycocktailhour.com/store.Leave a comment with your experiences or questions about scams!Stay safe, stay smart, and have a happy holiday season! 🎁#informationsecurity #infosec #cybersecurity #podcast #ai #artificialintelligence #giftcardscam #HolidayScams #StaySafe

Are your organization's security gaps leaving the door wide open for attackers? In this episode of the Security Cocktail Hour podcast, co-hosts Joe Patti and Adam Roth sit down with seasoned penetration tester and identity security expert Jason Luttrell.Jason shares fascinating stories from his days of hacking banks, infiltrating data centers, and even dumpster diving, all legitimate work for his customers, to expose the vulnerabilities they never knew existed. Discover why physical security is just as critical as digital defenses and how attackers exploit overlooked entry points.Later, the discussion shifts to the evolving landscape of identity management and why protecting access credentials is the cornerstone of modern cybersecurity. Learn about the latest best practices for managing passwords, including the use of password managers, multi-factor authentication (MFA), and techniques to avoid common pitfalls you may be using. Plus, hear Jason's take on emerging alternatives like passkeys and why they might still be a long way from replacing passwords entirely.Topics Covered: Real-life hacking stories from the frontlines of cybersecurity. The terrifying ease of bypassing weak physical security. Why "passwords must die" and what might replace them. How identity security can make or break your defenses. Practical tips for protecting your organization today.💡 Ready to level up your cybersecurity game? Follow us, and join the conversation in the comments. What’s your take on Jason’s bold claim about the future of identity security? Let us know!

In this episode, leadership trainer, EMT, and former NYPD officer Mike Chanat joins us for a dive into the unique cybersecurity challenges facing EMTs and other first responders. Mike flips the script on hosts Adam Roth and Joe Patti, asking them to share realistic cybersecurity tips that protect both medical responders and their patients. And Mike shows us how the focus on communication, mindset and empathy he brings to his students will also make a difference in cybersecurity.Whether you’re in emergency services or want to see us demystify another corner of cybersecurity, tune in to see how security pros adapt solutions to real-world challenges.👉 What do you think is the biggest cyber risk for first responders? Drop your thoughts in the comments!👉 Follow us for more insights into cybersecurity across diverse fields.#informationsecurity #infosec #cybersecurity #podcast #emt #emtsecurity #healthcarecybersecurity #patientdataprotection

Organized retail crime is more complex than you might think—it's not small-time shoplifting, it's big business run by bad people. In this episode, Doug Horsting, a loss prevention expert from a major retail chain, and Dean Takacs, CEO of Detective Analytics, join hosts Joe and Adam to reveal how they're using technology to enhance traditional investigation techniques to keep up with increasingly bold and sophisticated criminals. Discover how AI, data, and most importantly, trust and collaboration with law enforcement are transforming retail loss prevention, and what cybersecurity experts in the digital world can learn from their success.🔗 NYPD Neighborhood Policing: https://www.nyc.gov/site/nypd/bureaus/patrol/neighborhood-coordination-officers.page🔗 NYC Retail Theft Task Force: https://www.nyc.gov/assets/home/downloads/pdf/office-of-the-mayor/2023/combating-retail-theft-report-may-17-2023.pdf🔗 Data Analytics: https://www.detectiveanalytics.com/👉 Follow us for more expert insights from the front lines of cybersecurity.#informationsecurity #infosec #cybersecurity #podcast #ai #artificialintelligence #retailcrime #organizedretailcrime #lossprevention #lawenforcement #crimeanalytics #retailsecurity #crimetech #datasecurity #communitysafety

Cybersecurity breaches happen for many reasons, but one factor stands out: human error. In this episode, we gather top experts from across the security field to share their personal stories of mistakes made, how they recovered, and the hard-earned lessons that followed. Tune in for practical advice and insights from seasoned professionals who know that no one is immune to making a mistake — no matter how experienced.Quotes:"Half the lies they tell about me aren't true" -- Yogi Berra"Never Put Off Till Tomorrow What You Can Do The Day After Tomorrow Just As Well" -- Mark Twain (or maybe not)"To err is human, but to really foul things up you need a computer" -- Paul R. Ehrlich#informationsecurity #infosec #cybersecurity #podcast #humanerror #lessonslearned #databreach

Can government and private industry really work together? They can, and nobody knows this better than Jennifer Gold, president of New York Metro InfraGard and Chief Information Security Officer of Risk Aperture. In this episode, Jennifer helps us understand how cybercriminals are innovating, the new challenges AI and deep fakes present, and how leaders like her are bringing together public and private security experts to counter those threats. Closer to home, Jennifer shares her insights on how you can protect your family from cyber risks.🔗 NY Metro Infraguard: https://www.nym-infragard.us/🔗 Marine Corps Cyber Auxiliary: https://www.hqmc.marines.mil/Agencies/Deputy-Commandant-for-Information/Information-Maneuver-Division/Marine-Corps-Cyber-Auxiliary/👉 Follow us for more expert insights from the front lines of cybersecurity.#informationsecurity #infosec #cybersecurity #podcast #ThreatIntelligence #DeepFakes #AI #artificialintelligence #InfraGard

In this episode, industry veteran Gurinder Bhatti tells us how seizing an opportunity propelled him from an internship to a thriving career in cybersecurity. From navigating unexpected outages to landing a spot on NBC News, Gurinder recounts the lessons learned and takeaways from his experiences in his varied career. He discusses the importance of learning through experience, constantly adapting, and the bold moves that accelerated his career forward.📌 Topics Covered: How to seize opportunities and build a successful cybersecurity career Learning through real-world challenges Adapting to new technologies and evolving threats Transitioning from technical roles to sales and leadership🔑 If you're looking for insights into the world of cybersecurity and advice on how to break into it, this episode is a must-watch!

Why are data breaches escalating, even in companies with massive security budgets? In this episode, we reveal the hidden factors fueling the rise of breaches that expose the data of hundreds of millions of people at a time. Has this become the new normal, or will things get better? Tune in to learn what’s really going on behind the scenes in cybersecurity, and how companies keep failing to protect your personal information.#informationsecurity #infosec #cybersecurity #podcast #databreach #cyberthreats #dataprotection

Our panel of cyber security all-stars dishes on how the industry is thinking about and handling artificial intelligence (AI). Get ready for surprising insights on hot topics like deepfakes, privacy and the real dangers and promise of AI. What they believe everyone should worry about most will surprise you.Thanks to guests Francie Dudrey, Mike Pedrick and Chris Roberts.This is our first panel discussion - tell us in the comments if you like it and want to see more!

The information security job market sure ain't what it used to be. Recruiter Alexandra Nickoli shares her advice for landing a job in today's competitive landscape. She also gives us her insights on how today compares to the dark days of 2009, when she thinks we'll pull out of this tailspin and whether AI will prove a benefit or a challenge for job seekers in the future.Follow the Security Cocktail Hour podcast for more insider info from the world of information security.

Information security demands both brains and mental toughness. Watch how podcast co-host Adam Roth sharpens his mind with an intense boxing workout with trainer Phil Russo.In this special Afterparty episode, discover how boxing boosts not only physical health but also sharpens mental resilience - essential skills for tackling cybersecurity challenges. You'll learn how the discipline and community built through fitness parallel the perseverance needed to succeed in information security.Check out our earlier Afterparty episode where Adam steps into the ring to take on gym owner Sal Toner of FC Chaos Boxing and Fitness.https://podcasters.spotify.com/pod/show/security-cocktail-hour-po/episodes/Afterparty-Security-Boxing-Challenge--Cyber-Expert-Steps-into-the-Ring-e2cm6gfDrop us a comment to show your support for Adam putting himself out there.#cybersecurity #infosecurity #infosec #informationsecurity #Fitness #Boxing #MentalHealth #TechTraining

People often take a non-traditional path into the field of information security, and Nathali Cano’s journey is one of the most unique we’ve ever encountered. How she became “a social worker that happens to be a cybersecurity engineer” is a fascinating story of a single mom making opportunities for herself out of nothing but hard work and determination, and how she continues to give back to the community. Join us for an episode you’ll want to hear until the end.What we’re drinking: Margaritas & Chocolate MilkWe don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurityMore info on Nathali and her advocacy:Founder: GIA - giacommunity.orgGIA is a nonprofit offering a wide array of services. In cybersecurity, GIA provides free Splunk training and various educational and technical workshops for schools, libraries, conferences, and local organizations.Locally, GIA supports families with basic needs, runs Narcan and Fentanyl tests kits campaigns, and organizes back-to school supplies,  Christmas toys and clothing giveaways.Website: giacommunity.org  X Handle: @giacyber  LinkedIn: nathalicg

When you lead an information security organization, you get asked one question constantly: Are we secure? Veteran Chief Information Security Officer (CISO) DouglasMarzano joins us to discuss how to answer this seemingly simple question, which cuts to the core of the security leader’s job of managing perceptions and expectations. Whether you’re a ‘civilian’ looking to understand the real art of security or a security technologist who wonders what the boss does all day, tune in for an episode that might change the way you look at the field.What we’re drinking: Moscow MuleWe don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurity #ciso #risk #riskmanagement

Your digital identity is more than just your username and password. In fact, as AI continues to evolve, how we define identity online is changing, and so is how we prove who we are. In this episode, we delve into the future of digital identity with Venkat Raghavan, the CEO of Stack Identity and a seasoned expert in the field. Venkat breaks down the latest challenges and their real-world implications for all of us, from how we sign in to how hackers breach systems.We don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationssecurity #identitymanagement #ai #artificialintelligence

We usually talk about information technology, but the real world runs on power, water and factories – and protecting them from attack is a whole different ballgame. Robert Lee, CEO of Dragos, gives us a fascinating introduction to Operational Technology (OT) cyber security. Listen in to learn about how Robert and colleagues secure the infrastructure that keeps civilization running. Spoiler Alert: It’s not what you expect, even if you’re an IT security expert.What we’re drinking: Gin & TonicWe don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurity#operationaltechnology #optech #otsecurity #cisa

The Chief Information Security Officer (CISO) is a fairly new position in the business world, and changing as rapidly as any other facet of information security. We talk with former CISO Sivan Tehila about the challenges of the role, and how they inspired her to found security startup Onyxia where she serves as CEO. What we’re drinking: TequilaOnyxia: https://onyxia.ioWe don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurity #ciso

Let’s be honest: Not everyone’s cut out to be the boss, and those who are often don’t want the job. That’s especially true in security, where many people consider the role of Chief Information Security Officer (CISO) more of a sentence than a promotion. Executive, author, podcaster and recovering CISO May Brooks-Kempler gives us her take on whether sitting in the big chair is all it’s cracked up to be, as well as her unorthodox take on privacy that’ll get you thinking.What we’re drinking: Martini with a twist We don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurity

We jump back into the world of generative AI with CEO and entrepreneur Michael Silva. Michael gives us his take on how a large language model (LLM) can steer you wrong and how to stay on a path to reality.We don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X.#cybersecurity #infosecurity #infosec #informationsecurity #AI #artificialintelligence

What is threat intelligence, and what makes it so...threat-y? Ryan Westman of eSentire explains it to us, and also shows us a neat Mac trick that'll make you feel better about overpaying for a laptop.What we’re drinking: Buffalo Trace bourbonWe don’t just talk about security. If you have a security problem you need to solve, we can help. Reach us at [email protected] or @SecCocktailHour on X. #cybersecurity #infosecurity #infosec #informationsecurity #threatintelligence