Two Guys and an Opinion
27 episodes - English - Latest episode: over 2 years ago -An irreverent take on the world. May include interesting views on cybersecurity, data privacy and GRC stuff. But mainly two middle-aged men chewing the fat.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
'I Can't Wait for Passwords to Die!'
October 11, 2021 08:00 - 32 minutes - 22.5 MBThis week's episode is (nearly) all about those pesky passwords that won't go away and how one industry giant told Richard how he can't wait for them to 'Die'! We explore the concept of the 'password-less' future, how Coinbase got hacked by some rascals bypassing MFA and why you should listen to Michael McIntyre on the subject too. See below! Show Links: Michael McIntyre - You should probably change your password!
🎵 REvil's back... back again! 🎵
September 10, 2021 11:00 - 34 minutes - 23.8 MBBack by zero demand, as if they never went away, REvil's back and up to their old tricks. Was it as simple as a nice summer break or something more sinister? Also - is it time we rewrite the rules of business continuity and incidence recovery processes? Should be be placing more focus on the ability to deflect, rather the ability to recover, from a cyber incident? Listen to find out!
WhatsUp ChaosDB!?
September 03, 2021 08:00 - 43 minutes - 30.2 MBIn this week's roundup of our industry's SNAFU's, we delve into the 'Worst Vulnerability Ever Found' in a cloud provider, the largest fine ever dealt out by the Irish Data Protection Commission, and LockBit strikes again! Notes: The WhatsApp story. The ChaosDB story. The Lockbit story.
SEASON 2 baby! Ransomware RANts, lazy CISOs, soggy budgets etc....
August 19, 2021 12:00 - 34 minutes - 23.7 MBSEASON 2! We're back and we're bold! And bald.... Vlad and Richard pick from where they left off at the end of Season 1. But now with added edginess! Unlike the rest of the world, the bad guys don't seem to have taken a summer break; the most noteworthy event being the Accenture hack by a LockBit affiliate last week. Also, Vlad relives his time at Black Hat Las Vegas... well, he didn't actually get to Las Vegas, but his interviewer, Dany Appelgate, Co-Founder of rThreat was there!!...
REcurring REvil!
July 19, 2021 12:00 - 40 minutes - 27.7 MBIn this final episode of the season, we cover two of the most notable cyber incidents in recent weeks; PrintNightmare and the Kaseya breach. As a result, we lament the problem of the 'soggy middle' taking the 'tickbox' approach to cybersecurity. Also Vlad and Richard go through several 'triggered' moments trying once again to get security leaders and marketeers to drop the cheese, engage the business, and get the cybersecurity agenda on the board table before you become the next headli...
VENDOR SPOTLIGHT: KnowBe4
July 01, 2021 17:00 - 41 minutes - 28.7 MBVENDOR SPOTLIGHT:KnowBe4 In another of our sub-series where we focus on a particular vendor in our portfolio, we welcome Javvad Malik, a Security Awareness Advocate from KnowBe4. It's a given that the majority of successful cybersecurity breaches start with a social engineering attack; the majority of them being a Phishing email. So, how do we help people avoid being caught out? Training, testing, training, testing, training, repeat.... But: not all users are alike and not all user-awar...
A.I. - Actual Ignorance?
June 25, 2021 13:00 - 35 minutes - 24.4 MBThis week we talk about the concept of 'SOC Burnout' and the need for companies to recognise the condition and support the analysts. Tenuously related to SOC burnout, we examine (destroy!), the 'Artificial Intelligence' myth that Cybersecurity vendors peddle on a daily basis. It's machine-learning, people! Open invitation: Any Cybersecurity vendor that would like to come on the show and explain how their product is 'intelligent' - we would love to have you on! Notes: The article co...
What the Fastly!?
June 11, 2021 14:00 - 35 minutes - 24.7 MBThis week's episode is dominated by the snafu at Fastly that brought the Internet to its knees. And following the news this week that the FBI was able to 'recover' a significant portion of the ransom paid to the DarkSide gang after the incident at Colonial Pipeline, we ask the rather fundamental question, 'is anything safe anymore?!' Vlad dons his foil hat and ends up down several rabbit holes whilst contemplating the answer!
VENDOR SPOTLIGHT: Agari
June 04, 2021 09:00 - 41 minutes - 28.7 MBIn this second episode of our sub-series of 'VENDOR SPOTLIGHT's, we introduce Agari - a leading vendor delivering enterprise email security by leveraging unique AI technology to protect your organisation and your inbox. We're joined by Chris Spencer - one of Agari's Email Security Practitioners to discuss the product suite and it's capabilities. We demystify DMARC and the holy grail of 'p=reject'. And we couldn't go through an entire episode without talking about ransomware! Agari Brand...
Prohibition!
May 27, 2021 11:00 - 36 minutes - 24.9 MBIn this episode we cover the cybersecurity news from the past two weeks which is again dominated by more ransomware attacks wreaking havoc across the private and public sector alike... However, in a break from the norm Vlad and I go toe-to-toe over a thorny issue that divided the camp at The RANt Group office. We'd love to hear your opinion: [email protected]. The most considered argument will get you a mention in the next episode.
VENDOR SPOTLIGHT: rThreat
May 14, 2021 13:00 - 35 minutes - 24.1 MBIn a break from the norm, this week we're focussing purely on a single vendor that recently joined our portfolio: rThreat. We're delighted to be joined by Dany Applegate, their Co-Founder and Head of Marketing. rThreat specialises in Breach and Attack Emulation (BAE - see episode 12), allowing companies to safely detonate REAL known and unknown malware into your endpoints and networks. The capability couldn't be a more perfect fit for our continuing mission to enable companies to achieve ...
Ransomware Task Force
May 07, 2021 16:00 - 30 minutes - 20.8 MBIn this episode we discuss one heck of an 'own-goal' that leads to a rather embarrassing situation for an unlucky student. And could we actually see the beginning of the end for Ransomware? We cover the newly formed Ransomware Task Force and how effective we think their approach may be. Episode Notes: The NCSC early warning service: https://www.earlywarning.service.ncsc.gov.uk/ The NCSC mitigating malware paper: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
NKOTB-Chain
April 30, 2021 09:00 - 34 minutes - 23.8 MBIn this episode we discuss this week's New Kids on the Block-chain; QLocker and their rather well-executed and profitable Ransomware debut. Also covered is the no. 1 attack vector for these increasingly well-organised gangs and what your organisation should be doing to thwart their efforts. As always - get in touch to understand how you can reach a Permanent State of Readiness! [email protected]
Facebook-palm!
April 23, 2021 14:00 - 35 minutes - 24.6 MBBreaking news this week: A Pulse Secure VPN zero-day vulnerability found with NO FIX! We unpack what that means for the thousands of customers out there and what measures could be put in place to be in a Permanent State of Readiness should you get breached by a vulnerability such at this. And of course we couldn't let the Facebook incident go without an honorable mention along with their take on how to handle the PR of such a huge leak... Get in touch for an inside scoop on how you can ...
Groundhog-day!
April 16, 2021 11:00 - 32 minutes - 22.5 MBNow you may be forgiven for thinking that this episode is a montage of 3 or 4 of our previous podcasts... but alas, no... We do however visit some old friends like SolarWinds, Travelex and HAFNIUM as they all become topical again following the US/UK sanctions imposed on Russia this week. Of course Russia, 'does not conduct offensive operations in the cyber domain', but we unpick what is being reported anyway, and again arrive at two indubitable facts of cyber-readiness.....
B.A.E.
April 09, 2021 09:00 - 32 minutes - 22.5 MBBAE. No, not the aerospace company, your kid's bestie or the Danish for 'poop', but in fact an exciting and emerging capability in the war on cybercrime. Breach and Attack Emulation. This is the real deal. It may sound crazy, but we're saying we're going to deploy REAL malware into your network (safely of course!), to see what happens. What better way to validate your cyber-defence budget than emulating a real attack!? We'd love to hear from you if you think this is a good idea or wou...
RANt-somware!
April 06, 2021 12:00 - 36 minutes - 25.2 MBIn a shocking turn of events, Richard gets triggered regarding the seemingly inexorable rise and rise of Ransomware attacks on organisations big and small. Vlad stays uncharacteristically calm! We discuss the facts and figures of cyber breaches during 2020 and also attempt to fix the whole sorry problem with a few off-piste thought experiments...
e-Pranks
March 26, 2021 12:00 - 47 minutes - 32.9 MBIn this episode we're joined by James Linton, AKA Sinon_reborn, AKA the Email Prankster. James shot to fame in 2017 following a series of audacious and outrageous email scams that targeted international banking institutions, high-profile politicians and even the Trump administration! We quiz James on his motivations, methods and how his email scamming spree led to him landing a dream job at Agari's Cyber Intelligence Division (ACID). James now uses his social engineering powers and acqu...
PSR?
March 19, 2021 08:00 - 38 minutes - 26.6 MBYes, yes... you DO need another acronym! Or more specifically, an initialism! In this episode we introduce the concept of P.S.R. A 'Permanent State of Readiness'. Achieving PSR from an information and / or cybersecurity point of view should be seen as the holy grail of your cyber combat status. It won't be easy getting there and every day you need to ensure your PSR is maintained, but nonetheless, once achieved, you stand the greatest chance of minimising the negative impact of a cybers...
HAFNIUM!
March 12, 2021 16:00 - 22 minutes - 15.4 MBBREAKING NEWS! This week's brief podcast is recorded live from the front line of a potentially breached customer. Following on from last week's announced 'HAFNIUM' attacks on vulnerable Microsoft Exchange on-premise servers, we perform in-depth analysis on a potentially breached system. Also - Vlad gets triggered... again...
'Solarwinds123'?
March 05, 2021 09:00 - 37 minutes - 26.1 MBWith the fallout of the Solarwinds breach continuing to grab the headlines, we discuss the concept of 'supply-chain compromise' and why it's such a favoured attack vector. Also covered is the highly sophisticated zero-day exploit chaining attack perpetrated by a Chinese state-sponsored group called HAFNIUM against on-premise MS Exchange servers. Oh, and Richard craves a beer-garden..... Show notes: As mentioned in this episode, the critical MS Exchange CVEs are: CVE-2021-26855 is a serv...
Deniiiiied!
February 26, 2021 09:00 - 40 minutes - 28 MBAn action packed week in the world of cyber incidents leads us to explore what a DDOS attack is and what happens when you're not prepared! Vlad gets uncomfortable with 5000 firemen and in the end it was Agatha all Along! Notes: Agatha All Along!
War!
February 18, 2021 18:00 - 39 minutes - 26.9 MBThis week we feature our first guest speaker, Michael Stout. Michael is an internationally focused information security consultant, lecturer, and mentor. With a background in ethical hacking and senior management, he specialises in helping companies and directors understand, define, and implement their cybersecurity strategy. He has taught and consulted at the NATO Joint Warfare Centre, the Dutch Police Academy, the police force of the Republic of Ireland along with 'other' government org...
Patch!
February 11, 2021 18:00 - 35 minutes - 24.2 MBThis week's episode provides an antidote to last week's main story; well we get about half way anyway! We're imparting our hard won experience and war stories concerning vulnerability management programs and how to hopefully get it right first time! Again, Richard rambled and we ran out of time, but part two of this story shall complete the picture. We also reveal some VERY exciting news about next week's episode, so be sure to stay listening until the end.. Or just skip to good bit, ...
Travel-ex!
February 05, 2021 08:00 - 43 minutes - 29.6 MBIn this episode we study in detail, (apologies, Richard rambled!), the shocking story of the demise of Travelex due in no small part to a highly successful ransomware attack. We cover just how avoidable these incidents are by dealing with those pesky vulnerabilities! And the drinking word this week sounds like you're already half-cut when you say it.... Show Notes: Apple - iOS and iPadOS 14.4. - iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and the 7th generation iPod ...
GDP-ARGGHHH!
January 30, 2021 11:00 - 23 minutes - 16.3 MBJust when you thought you'd heard enough about GDPR - it's back! And there's now two of them! Who knew? Also in this episode we introduce you to a new drinking game and a shocking development in the war against ransomware.
Inauguration
January 22, 2021 15:00 - 29 minutes - 20.1 MBIt's our first podcast! Woot! This episode's ramblings cover our opinions on the last day of Trump, company culture regarding cybersecurity, the Solarwinds incident, ransomware, risk, phishing and other matters!