Click Here
413 episodes - English - Latest episode: 6 days ago - ★★★★★ - 92 ratingsThe podcast that tells true stories about the people making and breaking our digital world. We take listeners into the world of cyber and intelligence without all the techie jargon.
Every Tuesday and Friday, former NPR investigations correspondent Dina Temple-Raston and the team draw back the curtain on ransomware attacks, mysterious hackers, and the people who are trying to stop them.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
212 Thwarting Upstream Code Flaws From Reaching the Supply Chain
June 07, 2021 16:00 - 21 minutesThis week we welcome back to the show Lindsay Kaye, director of operational outcomes with Recorded Future’s Insikt Group. We’ll discuss their recently published report, titled “Bad Code: Upstream Code Flaws Have Far-Reaching Consequences.” The report highlights some of the often-overlooked ways in which code can be compromised. Lindsay takes us through specific examples from the report, and provides her expertise on how to best protect your organization’s supply chain from them.
211 The DOD's SWAT Team of Nerds
May 31, 2021 16:00 - 25 minutesJoining us this week is Jack Cable. He’s a security researcher and student at Stanford University, currently a researcher with the Stanford Internet Observatory and the Stanford Empirical Security Research Group. Jack built a reputation for himself in hacker circles as a talented and prolific bug bounty hunter, and is ranked within the top 100 hackers all-time on HackerOne. He started his cyber security pursuits as a teenager, and joined the Defense Digital Service out of high school, where h...
210 The Challenges and Solutions of Cybersecurity Policy Decisions Today
May 24, 2021 16:00 - 21 minutesOur guest this week is Niloo Razi Howe. She is a Senior Operating Partner at Energy Impact Partners, and an investor, entrepreneur, and cybersecurity expert. Our conversation centers on some of the cybersecurity policy decisions coming out of the Biden Administration, the challenges of ransomware and attribution, dealing with adversary nation states willing to turn a blind eye on cybercrime, as well as her outlook for possible solutions to these challenges.
209 Unpacking the Emotet Takedown
May 17, 2021 16:00 - 20 minutesThe Emotet malware and cybercrime campaign recently made headlines, not for infecting victims with Trickbot or Qbot malware or spinning up a new botnet, but instead for being taken down by law enforcement. In January of this year, an international effort led by Europol took control of Emotet infrastructure, effectively taking it down, as well as making arrests of alleged perpetrators in Ukraine. To help us understand the impact of the takedown on the global malware ecosystem, I’m joined this...
208 Bringing Tools of National Power to Fight Ransomware
May 10, 2021 16:00 - 24 minutesThe Institute for Security and Technology recently published a report titled, “Combating Ransomware: A Comprehensive Framework for Action, Key Recommendations from the Ransomware Task Force.” In their words, the report, “details a comprehensive strategic framework for tackling the dramatically increasing and evolving threat of ransomware, a widespread form of cybercrime that in just a few years has become a serious national security threat and a public health and safety concern.” Joining us t...
207 Navigating the Travel Industry with Threat Intelligence
May 03, 2021 16:00 - 21 minutesOur guest this week is Collin Barry, Director of Cyber Threat Intelligence at Expedia Group. He shares his career path, including globetrotting stops at the CIA and with Booz Allen Hamilton, and what his day-to-day looks like at Expedia Group, leading their threat intelligence efforts, protecting their online travel and marketplace endeavours. He shares his experience starting a threat intelligence operation from scratch, how he established buy-in from stakeholders, as well as why he believes...
206 Malware Party Tricks and Cybersecurity Trends
April 26, 2021 16:00 - 23 minutesThis week we welcome back to our program security pioneer Graham Cluley. After starting his career writing the original version of Dr. Solomon’s Antivirus Toolkit for Windows, Graham moved on to senior position at Sophos and McAfee. In 2011 he was inducted into the Infosecurity Europe Hall of Fame. These days, he’s an independent blogger, podcaster and media pundit. Our conversation takes a sometimes nostalgic look back at the origins of computer malware, what it was like fighting the good fi...
205 Protecting Journalists Online
April 19, 2021 16:00 - 24 minutesOur guest this week is Anjuli Shere. She’s an analyst, writer, and researcher, currently pursuing a doctorate in Cyber Security at the University of Oxford. Anjuli’s research centres on emerging threats to journalists from new internet-connected technologies. She is creating a framework for news organizations and journalists in democratic countries to improve the protection of their staff and sources against threats from the Internet of Things.
204 The Inner Workings of Financially Motivated Cybercrime
April 12, 2021 16:00 - 24 minutesRecorded Future’s Insikt Group recently published a research report titled, The Business of Fraud: An Overview of How Cybercrime Gets Monetized. The report describes the types of fraud methods and services currently used by threat actors to facilitate their campaigns. It provides an overview of some notable recent developments, lists some of the top vendors of these services on the criminal underground, and provides suggested mitigations for defenders to implement. Joining us this week to di...
203 Streamlining Third Party Risk Management
April 05, 2021 16:00 - 24 minutesJoining us this week is Madiha Fatima, a director and head of third-party risk management at Angelo Gordon. Our conversation centers on creating and maintaining an effective third-party risk management program. We discuss creating an effective due diligence process, integrating automation and process efficiencies, as well as some of the emerging risks she and her team are tracking. We address the human side of risk management, and Madiha shares her advice for keeping your risk management pro...
202 Ransomware and Extortion Evolve More Brazen Tactics
March 29, 2021 16:00 - 21 minutesFor this week’s show we welcome back Allan Liska, a member of Recorded Future’s CSIRT security team. Allan updates us on the latest trends he and his colleagues are tracking on the ransomware and online extortion fronts. We discuss the growing sophistication of the tools and tactics attackers are using, and the remarkable brazenness with which they do their business.
Bonus — CyberWire CSO Perspectives with Rick Howard
March 24, 2021 16:00 - 24 minutesWe're sharing a special bonus episode in your feed this week, from the CyberWire's CSO Perspectives podcast hosted by Rick Howard. This episode, Cybersecurity First Principles: Intrusion Kill Chains, Rick talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with n...
201 An Internet Born In a Threat-Free Environment
March 22, 2021 16:00 - 22 minutesOur guest this week is a true internet pioneer. Paul Vixie describes himself as a “long time defender of the internet.” He’s an author or co-author of several RFC documents and open source software systems including BIND and Cron, a serial entrepreneur now CEO and co-founder of his fifth startup company, Farsight Security, and an inductee into the Internet Hall of Fame. He joins us with insights on how we are suffering the ramifications of early internet design choices, what that means for...
200 The Journey Ahead is the Challenge in ICS
March 15, 2021 16:00 - 24 minutesOn the occasion of this, our 200th episode of the Recorded Future podcast, we welcome back our very first guest, Robert M. Lee, CEO of industrial control systems security company Dragos. They recently published their 2020 ICS security year in review report, and Rob joins us to share some of the insights he and his team have gained over the past year, as well as the long term security trends they’re tracking.
199 A Call to Arms In Favor of Rationality
March 08, 2021 17:00 - 25 minutesOur guest this week is Sir David Omand. He is former director of GCHQ, one of the UK’s primary intelligence agencies, and is currently Visiting Professor in War Studies, King’s College London. We’ll be discussing his career in intelligence and public service, the changes he’s seen along the way, and we’ll discuss his most recent book How Spies Think: 10 Lessons from Intelligence.
198 Leaders Make Good News Out of Bad
March 01, 2021 17:00 - 26 minutesOn today’s program, a conversation with a pair of CEOs from leading companies in the cyber security industry. Joining us are Marten Mickos, CEO of bug bounty platform provider HackerOne, and Christopher Ahlberg, CEO at Recorded Future. They share their insights on what it takes to be a successful CEO in a rapidly changing cybersecurity field, the importance (or not) of having deep technical skills, differentiating yourself in a crowded marketplace, and the ongoing challenges of the unknown ...
197 Deepfakes as a Service
February 22, 2021 17:00 - 20 minutesDeepfakes continue to be a growing security concern. As the technology to alter video footage and replace one person's face with another’s has advanced in ease, sophistication and availability, the use of deepfakes has become more broadly prevalent, extending beyond novelty use to become another tool in the adversary’s playbook. Our guest today is Andrei Barysevich, cofounder and CEO of fraud intelligence firm Gemini Advisory. He shares his insights on the growing criminal market for deepfa...
196 A Secure Environment Where People Can Be Their Whole Selves
February 15, 2021 17:00 - 20 minutesOur guest this week is Simon Hodgkinson. He’s a security professional with over 35 years of experience in the space, most recently as CISO for BP. In our conversation, Simon shares his thoughts on the evolution of the cyber security space that he’s witnessed over the course of his career, and how we might address the industry skills gap that’s leaving millions of jobs unfilled. We’ll get his take on threat intelligence, as well as his advice for folks who are looking to pursue a career in cyb...
Unraveling Disinformation in Social Media
February 08, 2021 17:00 - 22 minutesThe last few years, and the most recent election cycle in particular, have brought unprecedented levels of misinformation and disinformation to the fore. This era of online disinformation bots, fake news, and interference from foreign adversaries has sown the seeds of division in our culture, much of it distributed and amplified on social media platforms. Jane Lytvynenko is a senior reporter at Buzzfeed News, and the past several years she’s been focused on disinformation — where it comes ...
194 White House Experience Informs Venture Capital
February 01, 2021 17:00 - 22 minutesOur guest is Nick Sinai, Senior Advisor at Insight Partners, a global venture capital and private equity firm investing in high-growth software companies. Before joining Insight in 2014, Nick served in the White House, where he was U.S. Deputy Chief Technology Officer. At the White House, Nick led President Obama’s Open Data Initiatives and helped start and grow the Presidential Innovation Fellows program, which brings entrepreneurs, innovators, and technologists into government. Nick is a...
193 Correlating the COVID-19 Opportunist Money Trail
January 25, 2021 17:00 - 17 minutesThe COVID-19 global pandemic has, predictably, attracted bad actors intent on using fear and uncertainty as a framework for a variety of actions, from run of the mill money scams to targeting phishing, business email compromise and even espionage. Recorded Future’s INSIKT research group has been following these money trails and correlating them with a spectrum of bad actors around the globe. They recently published their findings in a blog post titled, “Follow the Money: Qualifying Opportuni...
192 Technology and Human Stories Intersect at the International Spy Museum
January 18, 2021 17:00 - 19 minutesThe International Spy Museum in Washington, D.C. is a private non-profit museum dedicated to the tradecraft, history, and contemporary role of espionage. It boasts the largest collection of international espionage artifacts currently on public display, and says “The Museum's mission is to educate the public about espionage and intelligence in an engaging way. It provides a context for understanding the important role intelligence has played in history and continues to play today.” Our ...
191 Solarwinds Orion Breach Investigations Continue
January 11, 2021 17:00 - 23 minutesStories about the recently uncovered breach of the SolarWinds Orion software have been dominating the news lately, and the situation is still continuing to evolve. In this episode, we speak with Jonathan Condra, senior manager for strategic and persistent threats with Recorded Future’s Insikt Group, to get his perspective of what this breach is all about, where we stand in terms of attribution, what it means for the security community writ large, and whether or not a breach like this rises to...
190 AI Enables Predictability and Better Business
January 04, 2021 17:00 - 21 minutesJoining us this week is Aarti Borkar, vice president of product for IBM Security. She shares the story of her professional journey, starting out as a self-described data-geek through the path that led her to the leadership position she holds today. She shares her views on artificial intelligence, and how she believes it can be an enabler for security and the business itself. And we’ll get her thoughts on welcoming new and diverse talent to the field.
189 Threat Hunting Offsets the Technology Gaps
December 21, 2020 17:00 - 21 minutesOur guest this week is John Ayers, Executive Vice President, Chief Strategy Product Officer and head of Security Operations at Nuspire, a managed security services company. Our conversation centers on John’s assertion that threat hunting has become an indispensable element of security strategy for many organizations. He explains the evolution of threats that led him to that conclusion, and we’ll discuss how organizations can best approach implementing threat hunting into their own defensive ...
188 Visionaries, Builders, and Operators
December 14, 2020 17:00 - 18 minutesOur guest this week is Jeff Fagnan, founder and managing director at Accomplice, a venture capital firm focused on seed-stage technology companies. He’s worked with well-known companies such as Carbon Black, FreshBooks, Patreon, Veracode, and yes, Recorded Future. Jeff shares his perspective on what he looks for in a hopeful entrepreneur, the hard problems he wants to see them tackling and the importance of their ability to communicate their vision and their passion. We’ll hear his optimisti...
187 An Ability to Execute and a Fantastic Amount of Luck
December 07, 2020 17:00 - 26 minutesOur guest this week is Andy Ellis, chief security officer of Akamai Technologies. He shares the professional journey that led him to Akamia, along with his recollections of the early days of online data sharing when bandwidth was expensive and pipes were small, and the uncertainty of being part of an ambitious internet startup. We’ll learn about his management style, the importance of a company culture built on trust and communication, and, of course, we’ll get Andy’s take on threat intellige...
186 Countering 5G Conspiracy Theories
November 30, 2020 17:00 - 25 minutesThe global transition to 5G mobile technology is well underway, with ongoing network build-out and increased availability of 5G enabled devices able to take advantage of the increased speed and capacity of the next generation network. The transition has attracted an odd type of controversy, primarily from conspiracy theorists who claim that 5G is responsible for everything from brain cancer to COVID-19, or that it’s some sort of high tech mind-control system put in place by some secret glob...
185 Cyber is as Much Psychology as it is Technology
November 23, 2020 17:00 - 21 minutesJoining us this week is Pierre Noel, managing director for Europe at Astari, a company providing global cyber resilience services for businesses. Pierre Noel has enjoyed a remarkably broad professional career, with time spent at IBM, KPMG, Microsoft and Huawei, in both deeply technical and business roles. He shares his insights on the ways culture impacts security, the importance of threat intelligence (if your organization is ready for it), and why he believes things are likely to get a lo...
184 Inside the World of Cyber Venture Capital
November 16, 2020 17:00 - 26 minutesOur guest this week is Mark Goodman, managing director at MassMutual Ventures. Mark shares the story of his circuitous path to the VC world, with stops along the way at a family furniture business and a PhD in philosophy. We’ll find out what it takes for a hopeful startup to catch his eye, whether or not he thinks cyber continues to be a hot area for investment, as well as his thoughts on what it takes to be a successful venture capital investor.
183 Trickbot is Down But Not Out
November 09, 2020 17:00 - 23 minutesOn today’s podcast episode we welcome back Recorded Future senior intelligence analyst Greg Lesnewich. He shares his insights on what goes on behind the scenes with the Recorded Future Insikt threat research team, and why he finds the work challenging and rewarding. Then, we discuss the latest on the Trickbot global botnet, how they operate, who they target, and the efforts by the intelligence community and private industry to take them down, or at the very least hinder their efforts.
182 Give Analysts Exactly What They Want
November 02, 2020 17:00 - 23 minutesOur guest today is Paul Battista. He is CEO of Polarity, a firm which brings what they refer to as a memory augmentation platform to incident responders and other security professionals. Paul Battista’s career includes a broad spectrum of experience, from protecting Wall Street financial organizations to briefing top White House officials as an intelligence officer in the CIA. We’ll learn how being stuck inside during a blizzard led to his creating a popular app, and how that experience ope...
181 Too Sleepy to be Secure?
October 26, 2020 16:00 - 26 minutesHow many of us can say that we get enough sleep, consistently? And not just the number of hours asleep, but the quality of sleep as well? In this busy world with work, family and community obligations, good sleep often takes a backseat, and we find ourselves drinking that extra cup of coffee to get us going in the morning. Not to mention there’s a global pandemic, which makes everything a little harder. Our guest this week is Lincoln Kaffenberger. He’s the threat intelligence service lead at...
180 The FBI Builds Enduring Partnerships in Cyber
October 19, 2020 16:00 - 22 minutesThe US Federal Bureau of Investigation, the FBI, has taken an increasingly prominent role in the day to day cyber defense of organizations and institutions here in the U.S., and globally as well. Through the establishment of the IC3, the Internet Crime Complaint Center, the FBI provides an invaluable public resource for prevention, response, and mitigation of cyber threats to businesses and public organizations of all sizes. Joining us this week is FBI cyber division section chief Herb Stapl...
179 The Fascinating Paradox of Cryptocurrency
October 12, 2020 16:00 - 25 minutesOur guest this week is Kim Grauer, head of research at Chainalysis, a blockchain intelligence platform provider. She shares the story of her rather whimsical initial interest in blockchain technology, and how it quickly shifted to a serious academic and professional pursuit. We’ll hear her views on cryptocurrency and the impact it’s having on monetary policy around the world, it’s use by criminals, and how initial enthusiasm from investors for anything and everything blockchain related led to...
178 Examining Russian Threats to the 2020 Election
October 05, 2020 16:00 - 24 minutesWe are joined this week by Roman Sannikov, director of cybercrime and underground intelligence at Recorded Future. The focus of our conversation is a report recently published by Recorded Future’s Insikt research team, titled Russian-Related Threats to the 2020 US Presidential Election. In reviewing the report’s findings, we’ll explore the methods Russian actors have employed in their effort to disrupt and influence the 2020 U.S. presidential election, the context within which these efforts...
177 Delivering Maximum Impact in the Public Sector
September 28, 2020 16:00 - 24 minutesOur guest is Michael Anderson, chief information security officer for Dallas County — the eighth largest county in the United States. He oversees the IT security program for over 6,800 county employees and the electronic records for over 2.6 million residents. Michael shares his career journey, including 10 years served in the Army in the Intelligence Corp, and over 20 years of strategic and tactical expertise across a wide-range of IT disciplines. We’ll find out how he and his team use mod...
176 Curating Your Personal Security Intelligence Feed
September 21, 2020 16:00 - 25 minutesOur guest is Sal Aurigema, associate professor of computer information systems at the University of Tulsa. He shares his experience in nuclear engineering and serving aboard submarines in the U.S. Navy, his shift to the intelligence community, and his pivot to teaching in higher education. We’ll learn about Sal’s approach to inspiring his students and why he emphasizes the importance of curating their own personal security intelligence feed. He also explains why he believes there’s a place ...
175 Passion, Curiosity, and a Dash of Mischief
September 14, 2020 16:00 - 23 minutesKevin Magee is Chief Security Officer for Microsoft Canada. He joins us with his story of early entrepreneurship, persistent curiosity, and a lifelong passion for learning. He shares the career path that earned him his leadership position with Microsoft, as well as insights on his management style and recruiting methods. We’ll get his take on threat intelligence, and thoughts on where he thinks the cybersecurity industry may be headed.
174 The Highest Security Intelligence in the Shortest Time
September 07, 2020 16:00 - 22 minutesCraig Adams is the chief product and engineering officer at Recorded Future. He joins us with insights from his decades of experience in the industry, including valuable lessons learned while developing security and business strategies at Akamai. He shares his thoughts on organizations choosing the best mix of security services to meet their needs, the importance of modularity and extensibility, and how to best optimize their investments through security intelligence.
173 The Diversity of Security Challenges in Higher Education
August 31, 2020 16:00 - 23 minutesSecurity professionals at institutions of higher education face a broad spectrum of challenges, from protecting the internal networks of their organizations, to securing intellectual property of research groups, to protecting the personal information of thousands of students and staff every year. Our guest is Bob Turner, chief information security officer and director of the office of cybersecurity at the University of Wisconsin, Madison. He shares insights from his experience leading a team...
172 Launching the Cyber Intelligence News Site The Record by Recorded Future
August 24, 2020 16:00 - 15 minutesRecorded Future recently announced the launch of a new cyber intelligence news site called The Record by Recorded Future. The publication aims to fill the gap between fast-breaking headlines and long-lead research with expertly sourced reporting and analysis. Our guest this week is the Editorial Director of The Record by Recorded Future, Adam Janofsky. He shares his background in cybersecurity, privacy, and technology journalism, including prestigious publications like The Wall Street Journ...
171 The Transformation of Managed Security Services
August 17, 2020 16:00 - 19 minutesOur guest today is Jim Aull. He’s a solutions architect specializing in security at Verizon. We’ll hear about Jim’s career path, and then we’ll learn about his role in guiding customers through the technical and organization challenges of selecting and configuring managed security services. He shares insights of common misperceptions he finds companies may have when starting out on their security journey, his suggestions for managing the broad array of available services on offer, as well a...
170 Defending MacOS Against Sophisticated Attacks
August 10, 2020 16:00 - 23 minutesOur guest today is Phil Stokes. He’s a security researcher at SentinelOne, where he specializes in the analysis of attacks against MacOS. In our conversation, Phil shares his professional journey, how he came to focus on the Mac platform, as well as insights on the state of security on Apple’s desktop operating system. He tracks the growing sophistication of those seeking to attack MacOS, and provides tips for security professionals looking to bolster their defenses.
169 Making Security Real in the Context of Business
August 03, 2020 16:00 - 24 minutesOur guest today is Shamla Naidoo, a managing partner at IBM Security. With a career spanning over three decades, including 20 years as a CISO, Shamla has excelled in a variety of positions, from engineer to executive. Shamla joins us with perspectives on why security teams need to effectively communicate with their organization’s board of directors, the best ways to make security indispensable to a business, and why those communication skills are critical to the success and security of an o...
168 Ransomware Negotiations and Original Hacker Culture
July 27, 2020 16:00 - 20 minutesOur guest today is Sherri Davidoff. She’s the founder and CEO of LMG Security, a cybersecurity and digital forensics firm with clients across the globe. She shares the story of her professional journey, including her time deep in the hacker culture at MIT, where she adopted the hacker nickname Alien. She also discusses her insights on the evolution of ransomware, and how she and her team help negotiate with the ransomers on behalf of her clients. We’ll learn more about her leadership style,...
167 The Emerging Role of SASE and the Cloud
July 20, 2020 16:00 - 22 minutesAs many organizations accelerate their move to the cloud — thanks in no small part to the global pandemic and the shift to working from home — the adoption of SASE protocols is proving attractive. SASE stands for Secure Access Service Edge, but as with most of these technologies, there’s more to it than that. Joining us this week to help our understanding of SASE is John Peterson, chief product officer at Ericom Software. We discuss the motivations for the industry’s move toward SASE, the po...
166 Inside the Adversary Exploit Process
July 13, 2020 16:00 - 19 minutesWith thousands of vulnerabilities reported and classified each year, it can be challenging to keep track of which exploits are actually being used by threat actors. Researchers with Recorded Future’s Insikt Group have been exploring this issue, and one of their key findings is that less sophisticated threat actors often resort to using older vulnerabilities with easily accessible resources and tutorials. Greg Lesnewich is a threat intelligence researcher at Recorded Future, and he joins us...
165 Empowering Cyber Startups in the UK
July 06, 2020 16:00 - 20 minutesLondon has, for centuries, enjoyed its status as one of the cornerstones of the global economy. So it makes sense that it would also be a beacon of innovation and investment in cybersecurity. Our guest today is Jonathan Luff. He’s the co-founder of Epsilon Advisory Partners and CyLon, an incubator for early-stage cybersecurity companies based in the United Kingdom. He discusses his story of his early career in public service, sharing his talents and expertise around the world, his transition...
164 A Grab Bag of Pulse Reports
June 22, 2020 16:00 - 18 minutesRecorded Future’s Allan Liska is our guest once again this week. This time, he brings a collection of interesting trends and anomalies that he and his team have been tracking. They publish these on the Recorded Future website under the title of “pulse reports.” We’ll take a closer look at ransomware in international financial institutions, credential leaks in the biotech and pharmaceutical industries, as well as the rise of retail phishing campaigns in the midst of the global pandemic.