The Art of Security

Why do vulnerabilities like Heartbleed, PrintNightmare, and Log4Shell get memorable names while thousands of other CVEs go unnoticed? In this episode of The Art of Security, Josh Davies and Tyler Reguly debate whether named vulnerabilities help cybersecurity awareness or create dangerous hype cycles. From CVE identifiers and responsible disclosure to media sensationalism and "boy who cried wolf" fatigue, the conversation explores how branding vulnerabilities impacts SOC teams, executives, researchers, and the wider industry. A must-watch for SOC analysts, threat researchers, vulnerability management teams, CISOs, business leaders, and cybersecurity practitioners who want to understand how vulnerability naming and security hype shape real-world response, risk perception, incident prioritization, and executive decision-making.

We're told to patch fast, trust updates, and rely on the software ecosystems that power modern business. But what happens when that trust becomes the attack vector itself? In this episode of The Art of Security, Josh Davies and Tyler Reguly dive into the growing world of software supply chain compromise — from malicious open source packages and compromised dependencies to sleeper-agent style attacks that quietly infiltrate trusted projects for years before striking at scale. Josh and Tyler unpack how attackers are weaponizing trust, automation, and AI-assisted development to spread compromise at scale, while exploring practical defenses and why today's "patch immediately" mindset may no longer be enough. When trust is the delivery mechanism, every dependency becomes part of your attack surface. Make sure to subscribe to the podcast!

When one organization gets breached, attackers don't just win — they get better. In this episode of The Art of Security, we explore a powerful idea: Cybersecurity isn't a solo fight but a shared one. And when defenders collaborate, everyone gets stronger. Josh Davies and Tyler Reguly are joined by Jennifer Quaid and Bob Gordon from the Canadian Cyber Threat Exchange (CCTX) to break down what effective collaboration really looks like in practice. From real-world intelligence sharing to cross-industry cooperation, they unpack how organizations can turn threat data into actionable defense and why keeping insights siloed only benefits attackers. You'll learn: Why "when one wins, we all win" is more than just a slogan How intelligence sharing improves detection, response, and resilience The role of trust, community, and diverse perspectives in cybersecurity If you think cybersecurity is just about tools and technology, this conversation will challenge that assumption. Because in today's threat landscape, defense is a team sport. Subscribe for more real-world insights on cybersecurity, threat intelligence, and the decisions that shape effective defense.

In this episode of The Art of Security, Josh Davies and Tyler Reguly take a hard look at vulnerability management (VM) — one of the oldest and most widely adopted practices in cybersecurity — and ask a simple question: are we doing it wrong? Joined by special guest Robert "RSnake" Hansen, we unpack the critical differences between vulnerability management and patch management, and explore why treating them as the same thing may be holding organizations back. From the overwhelming volume of CVEs to the limitations of scoring systems like CVSS, this conversation challenges conventional thinking. Why do so few vulnerabilities actually lead to real-world breaches or business loss? And if that's the case, why are security teams still trying to patch everything? This episode is all about cutting through the noise and focusing on what truly reduces risk. If you've ever felt overwhelmed by vulnerability backlogs or questioned whether your VM program is actually making an impact, this conversation will challenge your assumptions — and give you a new lens to think about security.

It's April 1st which means nothing can be taken at face value. In this special April Fools' episode of The Art of Security, Josh Davies and Tyler Reguly dive into the long history of pranks in tech and cybersecurity — from spaghetti trees and RFC jokes to Google's legendary gags. But this isn't just a nostalgia trip as Tyler and Josh discuss humor, history, and have a serious conversation about trust, authority, and responsibility in cybersecurity today. This episode blends humor, history, and a serious conversation about trust, authority, and responsibility in cybersecurity today. Whether you're in security, tech, or just love a good prank, this episode will make you think twice before clicking anything on April 1st. Like, subscribe, and share if you enjoy the show!

Business email compromise is getting smarter, and Scripted Sparrow is proving it. Discover how the Scripted Sparrow threat group is running one of the most prolific BEC campaigns targeting organizations worldwide. In this episode of The Art of Security, we're joined by Fortra cybersecurity researcher John Wilson who breaks down how Scripted Sparrow executes highly targeted social engineering attacks that trick organizations into paying fraudulent invoices. Instead of traditional phishing, this group uses spoofed email conversations, fake executive coaching invoices, and carefully crafted tactics to bypass security controls and manipulate employees. Understanding how attackers think is the first step to stopping them. Make sure to subscribe to The Art of Security for more insights on cyber threats, adversary tactics, and real-world security strategies.

In this episode, Tyler Reguly and Josh Davies dig into a tough but necessary question: Who's keeping an eye on the people who keep us secure? They break it down across three fronts — security vendors, internal security teams, and third-party providers — exploring what happens when the protectors themselves become the risk. From vendor breaches that ripple across customers to insider threat cases involving security pros with too much unchecked access, the conversation highlights the real-world tension between trust and oversight. Josh and Tyler also discuss what truly makes a security partner trustworthy, along with the growing role of AI in security operations. The takeaway? In cybersecurity, it always comes back to one principle: Trust but verify. 🔔 Don't forget to subscribe!

In our first episode, Josh Davies and Tyler Reguly dive into the foundational concept of cyber hygiene. What are the true "basics of the basics?" Is it vulnerability management and hardened configurations? Is it integrity monitoring as your digital smoke alarm? Or does modern resilience demand identity controls and layered monitoring from day one? Through sharp debate, real-world analogies (from Lego foundations to kitchen fires), and practical insight, they explore what organizations must get right before building anything else. If you're launching a security program or rethinking your foundations, this episode challenges you to ask: Are your basics strong enough to withstand today's adversaries? Don't forget to subscribe!

After 10 years of asking, Tyler Reguly is finally stepping behind the mic for The Art of Security. Join Tyler and his cohost Josh Davies as they talk cybersecurity, creativity, and why protecting the digital world is as much an art as it is a science, plus a few laughs along the way. 🔔Don't forget to subscribe!

Mert Josh Davies, one half of The Art of Security. Join Josh and his co-host Tyler Reguly for fresh perspectives, healthy debate, and practical ideas you can actually apply to your cybersecurity strategy. 🔔Don't forget to subscribe! 

In this pre-launch episode, hosts Josh Davies and Tyler Reguly pull back the curtain on their journeys into cybersecurity, sharing the experiences, pivots, and passion that shaped their careers and perspectives. Together, Josh and Tyler lay the groundwork for the podcast, establishing not just their credentials, but the real-world experiences that inform their perspectives. This episode sets the foundation for future conversations, giving listeners a clear sense of the expertise, authority, and practical insight they bring to the evolving world of cybersecurity. Don't forget to subscribe!

Is cybersecurity a science or an art? In this pre-episode of The Art of Security, hosts Josh Davies and Tyler Reguly dive straight into the debate that inspired the podcast's name and quickly realize it's not as black and white as it seems. What starts as a playful argument evolves into a thoughtful discussion about the balance between structured, methodical science and creative, experience-driven intuition. From networking models and RFCs to gut instinct, threat analysis, and real-world incident response, they explore how cybersecurity lives at the intersection of both worlds. Whether you're new to cybersecurity or years into your career, this episode sets the stage for what's to come: practical insights, thoughtful debates, and a fresh perspective on the human side of security. Because in the end, cybersecurity isn't an exact science. It's where art and science meet, informed by experience, tested in battle and reimagined to tackle evolving adversaries.