Adventures of Alice & Bob

Ep. 101 – Cyber Security and the Art of Story Telling // Jeffrey Wheatman

Fri, 08 May 2026 12:00:00 -0000

In this episode, James Maude sits down with Jeffrey Wheatman, SVP and Cyber Risk Strategist at Black Kite and former 16-year Gartner VP, whose career started not in a SOC, but behind the counter of a hardware store in New York City. A stack of 2,600 magazines and a Novell NetWare training course later, he found himself in IT but quickly realized there was more than technology involved in security, there was a story to be told.

In his career Jeffrey has coached nearly 500 CISOs on how to walk into a boardroom and actually be heard. Jeffrey explains why Hans Christian Andersen fairy tales make better security training tools than most vendor decks, why your choice of words might be quietly killing your credibility. He also discusses why AI isn't just a threat, it's an imperfect storm that is already tearing through your supply chain whether you're watching it or not.

Ep. 100 - 100th Episode Celebration!

Fri, 17 Apr 2026 11:00:00 -0000

In this special milestone episode of Adventures of Alice & Bob, hosts James Maude and Marc Maiffret take a rare step back from interviews and headlines to celebrate reaching 100 episodes! From the accidental move that launched the podcast before Marc had even agreed to do it, to the guests whose stories stopped them cold - this episode is a love letter to the human side of cybersecurity and all of the great guests who have come on to share their stories.

Marc and James are also joined for the first time on camera by the man who has silently made every episode possible: super producer Jesse Shirley. Expect honest reflections, genuine laughs, podcast highlights, and what's next for Adventures of Alice & Bob.

Ep. 99 – Breaches, Births and Battling BS // Rob Black

Mon, 13 Apr 2026 20:54:00 -0000

In this episode, James Maude sits down with Rob Black, founder and CEO of Fractional CISO, who started his career at RSA Security and had a front-row seat to one of the most consequential breaches in cybersecurity history, all while his wife was going into labor with their first child.

From inventing patents at RSA to starting a one-man LinkedIn crusade against "SOC 2 in two weeks" scams, Rob's stories are equal parts entertaining and infuriating. He explains why compliance theater is actively making companies less secure, why your CEO needs to hear things with a dollar value, and why you should think about cybersecurity less like an asteroid and more like a roulette wheel. Plus, why the "Lexus of Fractional CISOs" doesn't own a single IoT device.

Ep. 98 – From Special Ops to Mob Boss // Dahvid Schloss

Fri, 20 Mar 2026 16:15:00 -0000

In this episode, James Maude sits down with Dahvid Schloss, CEO of Emulated Criminals who started his career in special operations comms and pivoted into “not defense” cyber operations for the U.S. military. From painting rocks green for the military to accidentally becoming "APT Big Daddy" in industry when his red team tools were detected triggered a security alert Dahvid’s stories are both entertaining and educational.

He explains why cybersecurity is "the wedding industry of IT ", why red teams are failing their clients by not actually emulating real threats, and how that inspired him to become an (emulated) mob boss. Hear how shoveling snow can provide elevated access privileges, why you should write your own malware and reasons to rethink what’s in an ICMP packet.

Ep. 97 - The Quantum State of Security / Pete Herzog

Fri, 20 Mar 2026 15:58:00 -0000

In this episode, James sits down with Pete Herzog, co-founder of ISACOM and creator of the OSSTMM — a comprehensive security control testing framework. He shares stories from his early days: hacking cigarettes vending machines to trade for access to computers, building a fake ID operation out of a college gerontology department, and social engineering his way onto the internet before most people knew it existed. But Pete isn't just telling war stories. He reveals how he helps unmask cybercriminals for law firms using metadata and fake account networks, explains why platforms and domain registrars are financially incentivized to protect scammers, and explains why people need help because the FBI won't touch a fraud case under $20 million anymore. From romance scam victims left with no recourse to rethinking where you place resources to secure systems, Pete shares why he thinks security isn't something we build — it's something written into the fabric of the universe, waiting to be discovered.

Ep. 96 - Hacking a Bank Through the Front Door (Literally) // Brandyn Murtagh

Wed, 25 Feb 2026 23:30:00 -0000

In this episode, James sits down with Brandyn Murtagh, founder of MurtaSec and top-ranked bug bounty hunter. He shares stories from his early days: learning exploitation from World of Warcraft at age 9, dropping out of college after three days, and how landing an apprenticeship at 16 led him from blue team analyst to elite penetration tester who's discovered critical flaws in banks, healthcare providers, and AI platforms.

But Brandyn isn't playing it safe. He reveals how he chained public Wi-Fi access into complete bank control through IBM mainframes older than him, explains why a seven-character password limit enabled total financial system takeover, and demonstrates the reality of locking himself in server racks and wading through snow at 3 AM during physical security assessments. From 48-hour incident response marathons to fabricating funds at will, Brandyn shows why with enough time, anything can get popped eventually.

Ep. 95 - Phishing 2.0, Deepfakes, and the Death of 'Trust But Verify' // Tim Chase

Wed, 25 Feb 2026 22:35:00 -0000

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.
But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

Ep. 94 – Mistakes, Malware and Missile Industry Day // Silas Cutler

Sat, 27 Dec 2025 18:26:00 -0000

In this episode, James sits down with Silas Cutler, Principal Security Researcher at Census and founding member of Oni Scans, to explore his unconventional journey through threat intelligence and malware analysis. What happens when your first day as a SOC analyst takes down a Fortune 500 company—and Anonymous gets the credit?

From accidentally causing international headlines to going undercover in ransomware gangs, Silas has built a career on creative problem-solving and community building. He's become Facebook friends with hackers he investigates, created Malshare (a community malware repository), and founded B-Sides Pyongyang—a security conference celebrating "Missile Industry Day" that started as a joke but attracted 490 attendees.

Ep. 93 - From Pwn2Own to Pwning AI // Aaron Portnoy

Wed, 10 Dec 2025 12:00:00 -0000

In this episode, James and Marc sit down with Aaron Portnoy, Head of Research at MindGuard and founder of Pwn2Own.He shares stories from his early days: learning exploitation from anonymous IRC hackers, getting visits from both the IRS and FBI, a chance meeting with HD Moore at a party, and how his ability to reverse engineer fast led him to become the youngest manager at Zero Day Initiative where he helped create the Pwn2Own competition.

But Aaron isn't living in the past. He reveals how he found a persistent RCE in Google's brand-new Anitgravity IDE within its first 24 hours, explains why AI security is fundamentally broken, and demonstrates how AI agents become insider threats that enterprises can't control or understand. From six-hour firewall exploits to decimal IP bypasses, Aaron shows why the attack surface has become "literally endless."

Ep. 92 – Births, Badges, and Breaches // Chris Neuwirth

Fri, 21 Nov 2025 12:00:00 -0000

In this episode, James Maude sits down with Chris Neuwirth, VP of Cyber Risk at Networks Group, whose path into cybersecurity might be the most unconventional you'll ever hear—from delivering babies as a teenage EMT to penetration testing critical infrastructure today.

Chris's journey includes serving as an LAPD officer at Venice Beach, responding to 9/11 at the Pentagon, managing IT during Hurricane Sandy, and running operations as assistant commissioner at New Jersey's Department of Health during COVID-19. Along the way, he's been hacking everything he could get his hands on—from war driving through Manhattan in the early 2000s to conducting sophisticated penetration tests at hospitals and airports today.

Chris discusses the importance of organizations being prepared and shares the uncomfortable truth: sometimes the easiest way past your defenses is just showing up and plugging in.

Ep. 91 - Inside the Target Breach War Room // Charles Herring

Fri, 07 Nov 2025 12:00:00 -0000

In this episode, James talks to Charles Herring about what happens when an IT wizard runs away to join the Navy, works on fighter jets, and then gets thrown into cybersecurity right after 9/11? He shares his unconventional journey from the Wild West days of network defense—complete with fighting worms with worms—to being CISO during the Target breach. Plus: why trauma creates silos, why your SOC is like throwing receipts in garbage bags, and what it takes to build a "good neighborhood" in cybersecurity.

Ep. 90 - The History of L0pht : The Winnebago Incident and Testifying Before Congress // Chris Wysopal

Fri, 24 Oct 2025 11:00:00 -0000

In this episode, we sit down with Chris Wysopal (aka Weld Pond), co-founder of the legendary L0pht Heavy Industries and CTO/co-founder of Veracode. Chris takes us on a journey from programming BASIC on cassette tapes in the 1970s, through the golden age of BBS culture and phreaking, to testifying before the U.S. Senate as one of the first hackers to bring security concerns to Capitol Hill.

You'll hear the untold story of an early penetration test gone spectacularly right—involving command injection, a manhole fire, voicemail hacking, and one very confused executive wondering why hackers wanted a Winnebago. Chris shares what it was like building the first hacker space in America, the challenges of turning hacking from hobby to business, and why creating a new security category took over a decade.

Ep.89 - The Hollywood Hacker: Album Leaks and NSA Whistleblowers // Ralph Echemendia

Fri, 10 Oct 2025 11:00:00 -0000

In this episode, James Maude talks with Ralph Echemendia “the ethical hacker” whose journey from Miami phone phreak to Hollywood’s top cybersecurity consultant is stranger than fiction. Ralph shares how hacking printers and hospital records jump-started his career, why tracking down an Eminem album leak turned into an international manhunt, and what Oliver Stone learned about the NSA at DEF CON. From securing the Snowden film against nation-state attacks to uncovering that studios store entire movies in Dropbox, Ralph exposes Hollywood’s biggest security blind spots and the rise of AI-powered deepfake heists worth hundreds of millions.

Ep. 88 - Microsoft Tried to Get Me Fired Weekly // HD Moore

Fri, 26 Sep 2025 18:27:00 -0000

James sits down with cybersecurity pioneer HD Moore, the legendary founder of the Metasploit framework, whose journey from dumpster-diving teenager to cybersecurity pioneer was anything but easy.

HD recounts how Microsoft called his employer weekly trying to get him fired for releasing exploits — harassment that ultimately motivated him to "drop zero days continuously, forever, until it got normal." He shares tales of accidentally controlling satellite systems after following network hops too far, backdooring 7,000 systems through tainted warez, and spending $80,000 on his personal credit card to build the Rapid7 team when traditional corporate processes moved too slowly.

From crawling through school windows at 5 AM to access Apple computers as a poor kid, to discovering that Palo Alto devices were leaking 5,000 customers' domain admin passwords to internet scanners, HD's stories illuminate the wild early days when vulnerability research was considered criminal activity rather than corporate necessity. Discover how he accidently destroyed his first self-built computer, why his ex-wife held a pile of cash as bail money ready during years of FBI visits, and how the Phrack IRC channel became an unlikely recruitment ground for his first cybersecurity job.

Ep. 87 - Code Crashes and Vinyl Scratches // Kevin Greene

Mon, 22 Sep 2025 19:19:00 -0000

In this episode, James Maude sits down with Kevin E. Green, Chief Security Strategist at BeyondTrust, whose 25+ year career stretches from configuring Nokia firewalls in basements to shaping federal research initiatives.

Kevin recalls how crashing systems during penetration tests at Ernst & Young was once considered a win - a “capture the flag” moment - and how he crossed paths with future industry leaders like Stuart McClure and George Kurtz, who went on to found Cylance. He shares his pivotal work in mapping NIST 800-53 controls to the MITRE ATT&CK framework, transforming static security catalogs into threat-informed heat maps that show which defenses light up against real-world attacks.

Blending technical depth with cultural insight, Kevin also draws unexpected parallels between cybersecurity and hip-hop — from how attacker techniques echo rapper “signatures” to why his alter ego "Kevtorious" and his "Secure Coding by Nature" brand reflect the creativity and pattern recognition needed in both fields.

Ep. 86 - When Your VPC Partner Gets Pwned // Brian Wagner

Fri, 29 Aug 2025 11:00:00 -0000

In this episode, James Maude sits down with Brian Wagner, CTO at Revenir, whose cybersecurity story started at just 15, building Microsoft Access databases for a medical hospice. From teenage entrepreneur to AWS security specialist, Brian’s path has been anything but ordinary. He pulls back the curtain on his time with the elite Zipline incident response team where he confronted a catastrophic VPC peering breach that spiraled into data theft and blackmail. Together, James and Brian dissect how vendor network compromises can silently open doors into your cloud and why Brian insists that true security isn’t something you bolt on later - it’s a culture you build from day one.

Ep.85 - Subterfuge and Social Engineering // Matthew Toussain

Fri, 15 Aug 2025 11:00:00 -0000

Join host James Maude for a candid conversation with Matthew Toussaint - founder of Open Security and mastermind behind the legendary Subterfuge framework that once forced Starbucks to overhaul its Wi-Fi security. From his unexpected path as an aspiring Air Force lawyer to becoming a renowned cybersecurity educator, Matthew shares a lifetime of stories: a physical pen test that went spectacularly wrong at a franchise location, a medical clinic investigation that exposed an insider threat with international stakes, and how old-school phone-based social engineering works in the age of identity threats. They dive into why AI is about to make help desk social engineering terrifyingly scalable, how a nervous 21-year-old’s DefCon talk reshaped network security, and why, despite decades of warnings, the industry is still failing at the basics while attackers rapidly scale with artificial intelligence.

Ep. 84 - Catching the Csaba Richter Hacker // Miguel Clarke

Fri, 01 Aug 2025 12:00:00 -0000

Former FBI Supervisory Special Agent Miguel Clarke joins hosts James Maude and Marc Maiffret to reflect on 25 years at the front lines of cybersecurity. From coding in BASIC on his Commodore 64 to helping uncover the digital trail behind 9/11, Miguel shares raw, behind-the-scenes stories of how real cyber investigations unfold.

In this episode, you'll hear how a casual beer in Nebraska sparked a career in federal law enforcement, why psychology plays a critical role in executing search warrants, and how early cyber sleuths tracked international hackers with nothing but screen scrapes and UUencoded files. Miguel also takes us deep inside the Swedish secret police operation that caught the infamous Csaba Richter hacker, explores the rise of Eastern Europe’s cybercrime economy, and breaks down the forensic breakthroughs that helped investigators piece together one of the most pivotal events in modern history.

00:00 - Introduction and Welcome

01:32 - Early Technology Interest with Commodore Computers

03:24 - System Shock and the $2,100 Computer Upgrade Nightmare

05:22 - Gaming Influence on Career Path and FBI Power Dynamics

06:42 - The Beer That Started an FBI Career

10:03 - FBI Training and Imposter Syndrome at Quantico

14:11 - Sales Skills Meet FBI Investigation Work

18:04 - Search Warrant Psychology and Family Dynamics

24:08 - The Chaba Richter International Cyber Case

27:38 - Eastern European Cybercrime Economy Theory

31:51 - Evolution from Website Defacements to Nation-State Attacks

36:24 - Digital Aspects of 9/11 Investigation

42:25 - 9/11 Digital Forensics and HTML Tag Discovery

47:56 - Transition from FBI to Private Sector

51:32 - Leadership Philosophy and Closing Thoughts

Ep. 83 - The Bug Bounty That Bought a Mini Donkey // Tommy DeVoss (dawgyg)

Fri, 18 Jul 2025 11:00:00 -0000

Tommy DeVoss—aka "dawgyg"—is back for round two, and it’s even wilder. A former black hat who faced prison four times, Tommy turned his life around and became a legend in the bug bounty world. From max-sec prison cells to flexing a championship belt on stage at HackerOne Live, his story is pure hacker folklore. In this episode, he shares how bug bounties bought him mini donkeys, why he still hunts old-school (no tools, no scripts), and how federal judges, rogue AIs, and childhood IRC wars shaped his chaotic path. Expect redemption arcs, sketchy bets, and a surprise detour into Icelandic youth basketball.

Ep. 82 – Security Tools Are Failing: Lessons from the 2025 Microsoft Vulnerability Report

Fri, 04 Jul 2025 12:00:00 -0000

BeyondTrust's 2025 Microsoft Vulnerability Report dropped—and it’s a wake-up call. With 1,360 new vulnerabilities and elevation of privilege attacks dominating the landscape, even insurance companies are backing away from covering privileged service accounts. In this special episode, cybersecurity veterans James Maude, Paula Januszkiewicz, Sami Laiho, Kip Boyle, and Charles Henderson dig into what the data from the 2025 report really means. Forget the fearmongering—this is about clear-headed, field-tested advice.

You’ll hear why flashy security tools often sit unused, how simple controls could prevent 60% of attacks, and why "secure by default" still hasn’t delivered. From AI-driven vulnerability discovery to cloud missteps that could sink your stack, this isn’t your usual “patch faster” sermon—it’s a blueprint for getting real results. If you’re overwhelmed by alerts, underwhelmed by your security stack, or just tired of doing more with less, this episode is your lifeline.

Ep. 81 - From DVWA to Nerf Wars: Tales of DigiNinja // Robin Wood

Fri, 20 Jun 2025 20:33:00 -0000

In today’s episode, James Maude chats with Robin Wood—better known as “DigiNinja”—the creator of DVWA and co-founder of SteelCon. Robin shares wild stories from his hacking career, including an infamous SQL injection that accidentally overwrote every customer’s credit card info on a gambling site, how he took down entire client networks with just two packets, and the origins of the UK’s most eccentric security conference, SteelCon—featuring 450 stuffed whippets and full-on Nerf gun warfare.

Ep. 80 - Vampire Satellites, Stolen Wine, and Why Your Boat is a Giant IoT Nightmare // Chris Kubecka

Fri, 06 Jun 2025 12:00:00 -0000

In today's episode, James Maude dives into the world of cyber warfare, espionage, and hacked satellites with the legendary Chris Kubecka—aka the "Chief Hacktress." From grounding overconfident pilots as one of the first female C-5 loadmasters, to investigating mysterious “vampire satellites” that silently disable spacecraft, Chris has lived a life straight out of a cyber-thriller.

She recounts her front-line role in the aftermath of the Shamoon cyberattack, one of the most destructive digital assaults in history, which wiped 35,000 systems at Saudi Aramco and sent shockwaves across global security circles. Plus: embassy cyber drama, Turkish spies posing as English students, Yemeni drones with a grudge, and how AI is now a tool in her mission to expose and disrupt digital authoritarianism.

And yes, we also talk about why your boat is a terrifying floating IoT vulnerability.

Ep. 79 - Hacking Rifles and Protecting Reporters // Runa Sandvik

Fri, 23 May 2025 11:00:00 -0000

In this episode, host James Maude sits down with Runa Sandvik, a cybersecurity pioneer protecting journalists and vulnerable populations worldwide. From hacking wi-fi enabled rifles to creating secure tip systems for The New York Times, Runa shares the fascinating journey that led her from Norway's tight-knit tech scene to the frontlines of digital security.

Ep.78 - Champagne at 2AM: The International Zotob Takedown // Kymberlee Price

Mon, 12 May 2025 19:18:00 -0000

In this episode, cybersecurity veteran, Kymberlee Price joins James and Marc for a riveting conversation that traces her unconventional path from public health to becoming a pioneering force at Microsoft Security. Kymberlee opens up about her classified work tracking down the creators of the infamous Zotob worm, and how that experience helped reshape how companies collaborate with security researchers. With clarity and candor, she tackles the pitfalls of the vulnerability “whack-a-mole” approach, the art of communicating real risk, and why the best cybersecurity minds don’t always come from traditional backgrounds. It’s a must-listen for anyone curious about the human side of threat hunting—and the hidden strengths in forging your own path.

Ep. 77 - Bugs in the System: When Moths Hack Power Plants // Lesley Carhart

Fri, 25 Apr 2025 18:31:00 -0000

In this episode, James Maude chats with industrial cybersecurity expert Lesley Carhart (aka "Hacks for Pancakes"), whose journey from programming on her family farm to protecting critical infrastructure was shaped by curiosity and determination. Lesley reveals how moths accidentally activating a power plant touchscreen led to a late-night "Chinese hackers" investigation, explains why she carries a "marriage counseling" sign when mediating between feuding IT and OT teams, and delivers a passionate wake-up call about the industry's mentorship crisis and the brutal reality facing cybersecurity newcomers today.

Ep. 76 - Phishing, Predictions, and Starship Troopers // Brian Kime

Fri, 11 Apr 2025 12:00:00 -0000

In this episode, James Maude chats with cyber threat intel pro Brian Kime, whose journey from the Army’s infamous “chemical guy” to security expert was partly inspired by Starship Troopers. Brian dishes on his legendary Dell SecureWorks phishing op that hit a wild 50% click rate—by predicting an IPO years ahead of time. He also unpacks why vulnerability management can stall business and how design thinking can reshape threat intel.

Ep. 75 - DOS Viruses & Catching Chinese APT Hackers // Roger Grimes

Fri, 28 Mar 2025 17:59:00 -0000

James Maude chats with Roger Grimes, a 36-year cyber veteran and KnowBe4’s Defense Evangelist. From hacking DOS viruses for John McAfee to catching Chinese APT hackers red-handed, Roger’s war stories are unforgettable. But he’s not just here for the drama—he lays out a bold plan to fix Internet security and reveals why social engineering remains our biggest blind spot. Don't miss this episode—it's a masterclass in cyber warfare, deception, and the battle for a safer digital future!

Ep. 74 - The Accidental Worm that Shutdown a University // Sounil Yu

Fri, 14 Mar 2025 11:00:00 -0000

In this episode, James sits down with Sounil Yu, the mind behind the Cyber Defense Matrix and DIE Triad frameworks that have transformed how organizations approach security. From his early days getting stuffed in lockers as a self-described computer geek to becoming a disruptive force at Bank of America and co-founding Gnostic, Sounil shares the mental models that have guided his three-decade journey in cybersecurity. They discuss how an accidental college worm shutdown taught valuable lessons in OpSec, and why Sounil starts with the icebreaker question: "What's the most IT damage you've caused without getting fired?"

Ep. 73 - How a Magazine Article Led to a Cybersecurity Empire // Richard Stiennon

Fri, 28 Feb 2025 12:00:00 -0000

In this episode, James chats with Richard Stiennon—cybersecurity analyst, author, and former aerospace engineer—whose 20+ year journey spans from designing car seats to hacking corporate systems for giants like Dell. Hear how a 1992 magazine article led him to launch his own ISP and rise to prominence at Gartner. Richard shares his personal stories from the frontlines of cybersecurity, his crusade against risk management jargon, and bold predictions on AI’s impact on security. Plus, private jet mishaps and the unconventional wisdom behind IT Harvest.

Ep. 72 - Recreating the Hackers Movie // Keren Elazari

Fri, 14 Feb 2025 23:33:00 -0000

Step into the fascinating mind of Keren Elazari—the first Israeli woman to give a TED Talk and a trailblazing force in cybersecurity. Once rejected by her school’s D&D group, she defied expectations to become a globally recognized security analyst, reshaping the narrative around hackers.

In this episode, we dive into Keren’s remarkable journey—from a curious young girl armed with an encyclopedia and inspired by the movie Hackers to a leading voice in digital security. She shares personal stories from her early hacking days, her groundbreaking work in building inclusive tech communities, and her bold vision for the future of cybersecurity.

And as a special treat, get exclusive insights into a never-before-seen fan remake of Hackers featuring legendary industry figures.

Here is a link to the Hackers remake - https://vimeo.com/178240969

Ep. 71 - From Prison to Millions: The Hacker Who Struck Yahoo Bug Bounty Gold // Tommy DeVoss

Fri, 31 Jan 2025 13:00:00 -0000

In this episode, James sits down with Tommy DeVoss (aka Doggy G), who went from a teenage hacker dodging federal prison to becoming one of the most successful ethical hackers in the world. Tommy spills raw, unfiltered stories about his wild days in IRC channels, running with the infamous World of Hell hacking group, and somehow managing to turn his life around to rake in over $4 million in bug bounties. You'll hear how a 10-year computer ban gave him enough pent-up tech energy to power a small country and how his boredom waiting for a friend led to a $180,000 Yahoo bug discovery. Yeah, some people text while waiting—Tommy casually breaks the internet.

Ep. 70 - Hotmail Honeypot: Catching Cheaters through Fake E-Greeting Cards // Mishaal Khan

Fri, 17 Jan 2025 13:00:00 -0000

Join James as he sits down with Mishaal Khan, a seasoned cybersecurity expert with over 20 years of experience in outsmarting attackers. From his early days hacking PC games to his current mission of safeguarding high-profile individuals, Mishaal offers fascinating insights into the world of open-source intelligence (OSINT) and social engineering. Discover how he’s intentionally erased his digital footprint, including keeping his own photos offline, hear the intriguing story of how he exposed cheaters using fake e-greeting cards, and learn why you should proactively "stalk yourself" to secure your personal data before someone else does.

Ep. 69 - When the Data Center is Literally on Fire // Evil Mog

Fri, 03 Jan 2025 12:00:00 -0000

Today, James Maude sits down with Dustin Haywood, better known as Evil Mog, Executive Managing Hacker at IBM's X-Force. Together, they talk about Evil Mog's fascinating journey from telemarketing to becoming a globally recognized expert in password security. He shares stories, including how he managed a high-stakes data center crisis, creatively navigated IBM's corporate culture through social engineering, and transformed the landscape of password cracking. The conversation also delves into the cutting-edge world of authentication security, the ever-evolving nature of cyber threats, and why a password manager could be your ultimate ally.

Ep. 68 - Deep Fakes, AI Impersonation, & Predicting Security in 2025 // Morey Haber

Fri, 20 Dec 2024 12:00:00 -0000

Join hosts James Maude and Marc Maiffret as they dive into a captivating conversation with industry legend Morey Haber. With over two decades of experience—going back before CVEs were even a thing—Morey delivers a bold look at the security threats of 2025 and beyond. Is AI on the verge of bursting its hype bubble? Are hidden paths to privilege the next battleground? The group discusses how today’s identity-based attacks are reshaping cybersecurity and how Morey deep-faked himself to expose the alarming reality of AI impersonation. From the roots of early vulnerability research to the cutting edge of emerging attack vectors, this is a must-listen episode to understand how old threats are wearing new masks—and what defenders must do to keep up (and a great episode to wrap-up 2024)!

Ep. 67 - When Alice Goes Rogue: Cryptographic Mischief // Sophie Schmieg

Fri, 06 Dec 2024 11:00:00 -0000

Join host James Maude as he talks all things cryptography with Sophie Schmieg, a Staff Information Security Engineer at Google. In this episode, Sophie shares her journey from pure mathematics to applied cryptography, revealing how her background in algebraic geometry provides a distinctive approach to modern security challenges. From discovering major vulnerabilities in AWS to creating solutions that will last until the year 909,000, Sophie breaks down complex cryptographic concepts with clarity and humor. She offers invaluable insights into post-quantum cryptography, the real-world implications of quantum computing, and why you probably don't need that quantum random number generator.

Ep. 66 - Hook, Line, and AI: The New Age of Phishing Attacks // Brooke Denney

Fri, 22 Nov 2024 17:53:00 -0000

Today, Marc and James welcome Brooke Denney, a rising star in cybersecurity who brings a dynamic, cloud-first perspective to the ever-evolving industry. Brooke shares her inspiring journey from aspiring veterinarian to accomplished security engineer, offering insights into the fascinating world of AI-powered phishing, modern security challenges, and safeguarding critical infrastructure. As a senior information security engineer and a dedicated member of the Ohio Cyber Reserve, Brooke provides a unique and expert view on the evolution of attack chains, the importance of supply chain security, and the transformative future of cybersecurity education.

Ep. 65 - Mo' Privileges, Mo' Problems // DJ Morimanno

Fri, 08 Nov 2024 21:49:00 -0000

In this episode, Marc and James plunge into the world of identity security with DJ Morimanno. From his early days pf dumpster diving for computer parts to becoming a powerhouse Director of Identity and Access Management Technologies, DJ’s cybersecurity journey is what legends are made of. They dig deep into the evolution of identity security, the pivotal role of human behavior in staying cyber-safe, and how quantum computing could revolutionize the future of identity protection.

Ep. 64 - Kidnapping Executives and Testing Panic Buttons // Ana Aslanishvili

Fri, 18 Oct 2024 10:00:00 -0000

In today's episode, host James welcomes Anna Aslanishvili, the visionary founder and CEO of Pine Risk Management. Anna takes us behind the scenes of high-stakes security assessments, from testing executive protection during a CEO's morning jog to uncovering faulty panic buttons—and even dealing with the threat of mailed anthrax. With captivating stories and expert insights, Anna reveals how pushing the limits in real-world scenarios leads to safer environments for everyone.

Ep. 63 - The Cyber Tug-of-War: A Real-Time Battle with Ransomware // Omar Avilez

Fri, 04 Oct 2024 11:00:00 -0000

Today, Marc and James have the pleasure of sitting down with Omar Aviles, a seasoned expert in DFIR, threat hunting, and malware analysis. Omar takes us on a journey through his early days of dismantling computers out of sheer curiosity to the high-stakes world of battling ransomware in real-time. He delves into the growing dangers of corporate espionage, nation-state attacks, and the ever-evolving landscape of cybersecurity. Throughout the conversation, Omar’s passion for protecting the digital world shines brightly, as he shares his favorite hacking techniques, insights on hunting and neutralizing threats, and invaluable advice for those looking to break into the cybersecurity field.

Ep. 62 - Modding, Nintendo, and 40 Months in Jail // Gary Bowser

Fri, 20 Sep 2024 11:00:00 -0000

This episode follows the fascinating journey of Gary Bowser, a tech industry veteran whose life has been shaped by his passion for hacking and modding. From his early days tinkering with Texas Instruments computers to becoming a key figure in the controversial world of game console hacking, Gary's story is one of innovation, legal battles, and personal redemption.

Host James Maude explores Gary's evolution from a curious teenager to a prominent figure in the modding community, culminating in a high-profile legal case brought by Nintendo. Gary candidly shares his experiences, including his arrest in the Dominican Republic, his challenging time in the US prison system during the COVID-19 pandemic, and the eventual resolution of his case.

Ep. 61 - Hacking Banks & Uncovering Chinese Military Infiltration // Greg Pickett

Fri, 06 Sep 2024 11:00:00 -0000

In this episode, Greg Pickett takes Marc on a thrilling journey from his early days of war dialing and hacking a bank (complete with hiding under a desk to avoid detection!) to exposing credential misuse on bulletin boards and uncovering a massive security breach tied to the Chinese military—all while tackling the challenges of corporate security and internal politics.

Ep. 60 - Upsetting the Cartel and the Pentagon // Robert RSnake Hansen

Fri, 23 Aug 2024 11:00:00 -0000

In this episode, Marc engages in an eye-opening conversation with Robert RSnake Hansen, a true legend in the cybersecurity realm. RSnake takes us on a journey through his transformation from a mischievous hacker to a revered security expert, revealing the high-stakes moments that defined his career. He dives deep into his experience with the groundbreaking Hack the Pentagon program, where his relentless pursuit of vulnerabilities nearly landed him in prison. But the tension doesn’t stop there—RSnake also recounts a terrifying encounter with a cartel that wrongly believed he was the mastermind behind the infamous dark web site, Silk Road. With unfiltered honesty, RSnake shares his thoughts on the ever-evolving world of cybersecurity, the rise of bug bounties, and the delicate balance between safeguarding security and preserving privacy in our increasingly digital society.

Ep. 59 - Cyber Siege in Flannel: The Town of Truckee's Ransomware Battle // Chris Hardy & Logan McDonald

Fri, 09 Aug 2024 11:00:00 -0000

In today's episode, James and Marc explore the devastating ransomware attack that crippled the Town of Truckee, shutting down phones, internet, and critical data access behind the town's firewall. With special guests Chris Hardy and Logan McDonald, you'll gain an insider's perspective on the relentless challenges they faced, the innovative strategies they used for recovery, and a surprising twist—the unique dress code of the Town of Truckee. Don't miss this captivating discussion on cybersecurity, resilience, and community spirit.

Ep. 58 - Microsoft Vulnerabilities, Elevation of Privileges, and Identity as an Attack Surface // Cybersecurity Expert Panel

Mon, 22 Jul 2024 11:00:00 -0000

Over its 11 years in publication, the BeyondTrust Microsoft Vulnerabilities Report has been downloaded over 16,000 times, aiding thousands in enhancing their cyber defenses with detailed data analysis and expert insights. This year's report not only examines 2023 Microsoft vulnerabilities but also evaluates their use in identity-based attacks, highlights significant CVEs (9.0+ CVSS scores), and discusses mitigation strategies.

In this special Alice & Bob episode, James is joined by top cybersecurity experts and report commentators Paula Januszkiewicz, Terry Cutler, Eliza-May Austin, and Sami Laiho. They discuss the report's findings, share their experiences with vulnerabilities, and explore the future of Microsoft security and AI.

Ep. 57 - Getting Lost in the Moonlight Maze Breach // Mark Weatherford

Fri, 28 Jun 2024 11:00:00 -0000

This week, Marc Maiffret sits down with Mark Weatherford to discuss his role in responding to the Moonlight Maze incident, one of the first major cyber espionage operations targeting U.S. government systems in the late 1990s. Mark talks about how Moonlight Maze highlighted significant vulnerabilities and reshaped cybersecurity strategies within the government and beyond. Mark also discusses broader topics in cybersecurity, the evolution of cyber threats, and the impact and security challenges AI is bringing to the table.

Ep. 56 - The OPM Breach: When Hackers Dusted Off COBOL Textbooks // Michael Daniel

Fri, 07 Jun 2024 13:00:00 -0000

This week James sits down with Michael Daniel, former Cybersecurity Coordinator at the White House and current President and CEO of the Cyber Threat Alliance. With over 20 years of cybersecurity experience, Michael shares insider insights into some of the most significant cyber incidents in recent history, including the notorious OPM breach. From budgeting to policy-making, he offers a candid look at the challenges and triumphs of securing the nation's digital frontiers.

Ep. 55 - Uncovering Informant Lists & Crime Stopper Reports through a City's Vulnerabilities // Heath Adams (The Cyber Mentor™)

Fri, 24 May 2024 13:00:00 -0000

This week, James hosts the renowned ethical hacker Heath Adams, famously known as The Cyber Mentor™. Heath shares his unconventional journey, beginning as an accountant and transitioning into the world of cybersecurity. He delves into some jaw-dropping experiences, including the time his team penetrated a city's system, uncovering confidential informant lists and crime stopper reports. They also discuss the critical importance of accessibility and affordability in cybersecurity education, highlighting how Heath's mission is truly transforming lives. Don't miss this glimpse into the mind of a true cybersecurity crusader.

Ep. 54 - New Frontiers in Privilege Management with BeyondTrust and Entitle // Ron Nissim and Avi Zetser

Fri, 10 May 2024 12:40:00 -0000

Join us in a special out-of-band episode of Adventures of Alice and Bob, where we explore the exciting expansion of BeyondTrust through its recent acquisition of Entitle, a pioneering privilege management solution. Discover how this strategic move enhances BeyondTrust's identity security solutions across the cloud. BeyondTrust CTO, Marc Maiffret, and Entitle co-founders, Ron Nissim and Avi Zetser, also cover what exactly just-in-time (JIT) access is, what modern identity security looks like across the cloud, and what this exciting new union means for the landscape of identity security and access management.

Ep. 53 - Former Naval Cryptologist Reflects on Cyber Warfare & 9/11 Crisis Response // Vincent Scott

Fri, 26 Apr 2024 13:08:00 -0000

Today, James is joined by Vincent Scott, a former US Navy cryptologist and founder of Defense Cybersecurity Group. Vincent shares his raw and authentic experience while bridging intelligence gaps during the 9/11 crisis and navigating cyber warfare operations in the Gulf Wars. He also shares the culture challenges he experienced while transitioning from military to corporate cybersecurity, the broken windows approach to fixing small cyber cracks before they shatter, and the paradox of expensive tools failing to deliver without the right people.

Ep. 52 - The Sleazy Underworld of Romance Scams, AI Deepfakes...oh and Being Honored by Prince William // Dr. Jessica Barker

Fri, 12 Apr 2024 15:57:00 -0000

Today, Marc is speaking with Dr. Jessica Barker, a cybersecurity culture expert and co-founder of Cygenta. Join us for some incredibly true stories, including a behind-the-scenes look at her royal honor ceremony at the historic Windsor Castle. You'll hear all the details - from battling nerves while practicing that all-important curtsy, to the opulent pomp and circumstance of receiving her honor from Prince William himself.

But Jessica's tales from the front lines don't stop there. She'll also pull back the curtain on the shockingly sleazy underworld of romance scams, where con artists follow meticulously crafted "playbooks" full of psychological manipulation tactics to drain unsuspecting victims of their entire life savings through emotional exploitation.

And brace yourself as she reveals how AI deepfakes are making phishing attacks even more devious and hard to detect. You'll learn how cybercriminals are leveraging this cutting-edge technology to generate hyper-realistic lures - from emails to videos - that could easily fool even cautious individuals.

Ep. 51 - Bitcoin Skeptic Becomes Blockchain Believer // Michael Perklin

Fri, 22 Mar 2024 19:42:00 -0000

This week, James is joined by Michael Perklin, information security expert and Chairman of the Board at C4. Listen in as Michael pulls back the curtain on the current cryptocurrency landscape. This episode is a roller-coaster ride, spanning Michael's career journey from trying to debunk Bitcoin as a "scam" to realizing its brilliance and founding one of the first Bitcoin security consultancies. You'll be on the edge of your seat as he recounts high-stakes experiences like securing Ethereum's historic initial coin offering, hunting down insider threats at ShapeShift, and guiding the company's pioneering transition into a decentralized autonomous organization (DAO). Get ready for a whirlwind of stories that showcase the challenges, opportunities, and mind-bending possibilities of blockchain technology.

Ep. 50 - The Rise and Reflections of Sabu // Hector Monsegur

Fri, 08 Mar 2024 14:00:00 -0000

Today, Marc is joined by Hector Monsegur, the infamous hacker formerly known as Sabu. In this episode, Hector takes us on a journey through his past, from his early inspirations drawn from hacker films to his pivotal role in the LulzSec hacking collective. With raw honesty, he delves into the motivations and mindsets that fueled his involvement in hacktivism, shedding light on the complexities and ethical dilemmas surrounding digital activism. Hector's story is a testament to the transformative power of embracing one's passion, and his insights offer a rare glimpse into the psyche of a cyber outlaw-turned-cybersecurity professional.

Ep. 49 - The Midnight Blizzard Breach on Microsoft and Other Identity Attacks // Marc Maiffret

Thu, 22 Feb 2024 14:00:00 -0000

Microsoft is one of the world's largest and most security-focused companies. Yet in late 2022, a sophisticated threat actor known as Midnight Blizzard breached their systems in Azure through a forgotten test account. Join James Maude and Marc Maiffret together as they dive into the technical details of the Blizzard attack, how machine identities and misconfigured OAuth apps provided the foothold, and the lessons learned about protecting corporate cloud environment. James & Marc also discuss actionable ways to reduce risk, the limitations of relying only on detection, and why unified visibility over all identities is key for a proactive defense.

Ep. 48 - Magic, Mayhem, and Malware in the Men’s Room // Terry Cutler

Fri, 09 Feb 2024 14:38:00 -0000

Today James is joined by Terry Cutler, Founder of Cyology Labs. Terry Cutler is a modern magician, but you won’t find him on a Vegas stage. As a professional hacker and "Cyologist," Cutler uses social engineering and technical wizardry to pull off digital feats like taking down a corporate network by leaving USB drives in the bathroom. In this fascinating interview, he makes cyber threats disappear before your eyes as he recounts tales of infiltrating systems to improve security defenses.

Ep. 47 - The Coinbase Caper and Qatar News Agency Hack // The Grugq

Fri, 26 Jan 2024 14:00:00 -0000

Get the explosive inside scoop on two brazen hacks from the hacking guru and cyber warfare expert simply known as “The Grugq.” He joins James to dissect an elaborate phishing campaign that compromised Qatar's national news agency. You'll learn how hackers fabricated academic awards as a ploy to infiltrate key targets. The Grugq also unravels the Coinbase hack that could have been an unparalleled crypto heist. He reveals how the culprits were obsessed with deploying a flashy new zero-day exploit, when lower-tech tricks already had executives firmly ensnared. This is a rare chance to analyze major cyber attacks play-by-play alongside one of the world's top hacking experts. Buckle up for a wild ride!

Ep. 46 - The Psychiatrist's Guide to Cybersecurity // Dr. Ryan Louie

Fri, 12 Jan 2024 15:07:00 -0000

Today James is joined by Dr. Ryan Louie who shares captivating stories from the frontlines of psychiatry and insights on protecting mental health in our tech-driven world. Join us as they explore the psychological parallels between social engineering attacks and persuasive techniques used in medicine. Dr. Louie also shares his account of a pivotal moment early in his career that shaped his approach to patient care. Don't miss his enlightening perspective on how breaches of health data violate the deepest levels of patient privacy.

Ep. 45 - The Secure Shell Exploit and Kids Hacking ISPs // Ymir Vigfusson

Fri, 29 Dec 2023 15:52:00 -0000

Get inside the mind of hacker Ymir Vigfusson as he sits down with James to recount his early days of finding exploits in SSH and owning an Icelandic ISP at age 14. Learn how he navigated the ethical lines of hacking and later used his talents for good by teaching others. Also, we'll hear the method behind his current zero trust startup after a life spent understanding how things break.

Ep. 44 - Defending Digital Privacy, Debating Dr. Phil, and "The Usual Suspects" // Michelle Dennedy

Fri, 15 Dec 2023 14:00:00 -0000

From finding body parts in a warehouse to shaping data privacy legislation in Congress, Michelle Dennedy has never backed down from the unexpected plot twists along her remarkable journey. The chief privacy trailblazer joins Marc today to discuss the real-life stories behind her role in “The Usual Suspects”, her national human microchipping debate on Dr. Phil, the high school pact that led to a career defending consumer data rights, and so much more. Michelle brings her signature wit and wisdom to every tall tale. Get ready for a wild ride with this privacy rebel.

Ep. 43 - Robbing Banks, Stealing Helicopters, and Building Teepees // Freakyclown

Fri, 01 Dec 2023 14:00:00 -0000

What's it like to rob banks and government facilities for a living? Find out today when James sits down with professional ethical hacker and social engineer FC (aka Freakyclown) to discuss the wild stories from his 30+ year career circumventing security systems. From stealing helicopters and gold bullion, to building secret offices and making friends with targets, hear tales of exploits that sound stranger than fiction in today's episode. FC also shares hard lessons learned and practical advice for improving security.

Ep. 42 - Outpacing the Nimda Virus and Code Red // Dr. Cathy Ullman

Fri, 17 Nov 2023 14:00:00 -0000

Today, James finds himself engaged in a captivating conversation with Dr. Cathy Ullman, Principal Technology Architect, Security at University at Buffalo. In their discussion, Dr. Ullman regales James with gripping accounts of her experiences combating the notorious Nimda Virus, a pernicious file-infecting computer worm. She also delves into her firsthand encounters with the tumultuous era of Code Red and other early internet worms, sharing invaluable insights gained from navigating these cybersecurity crises. She also talks about working with law enforcement on cyber investigations and touches on her unconventional career journey through philosophy, forensics and beyond.

Ep. 41 - The TeamViewer Attack, Roly-Polies, and Purple Teaming // Eliza-May Austin

Fri, 03 Nov 2023 13:00:00 -0000

Today James is speaking with Eliza-May Austin, CEO & Co-Founder of th4ts3cur1ty.company. Drawing on her experience with a TeamViewer supply chain attack early in her career, Eliza explains how she built her company's SIEM solution to help businesses of all sizes defend against threats coming through trusted third parties. She also discusses the benefits of purple teaming and shares some amusing moments from working night shifts in cybersecurity, including testing if she can still do roly-polies and giving herself a concussion!

Ep. 40 - Breached! BeyondTrust Discovers Breach of Okta Support Unit // Marc Maiffret

Mon, 23 Oct 2023 00:43:03 -0000

Okta provides identity and access management to some of the world's biggest brands. But what happens when Okta itself comes under attack? In this episode, James sits down with BeyondTrust CTO Marc Maiffret to discuss how BeyondTrust discovered a breach of Okta’s Support Unit, escalated concerns, and gathered the necessary evidence to spur Okta into action. Join us for a rare inside look at how a major provider was compromised, and what we can learn to better defend our own systems.

Ep. 39 - The Wonder Women of Cybersecurity // Lynn Dohm

Fri, 20 Oct 2023 13:00:00 -0000

In this episode James hosts Lynn Dohm, Executive Director of WiCyS (Women in Cybersecurity). Lynn shares the origin story of WiCyS, from humble beginnings as an NSF-funded conference to today's thriving global community empowering women at all stages of their cybersecurity careers. Join us as they discuss systemic issues like the “leaky pipeline,” how to create inclusive spaces in security, and overcoming barriers that cause women to leave the field. Lynn talks data, gives advice for cybersecurity leaders looking to recruit, retain and advance women, and much more! Tune-in to be inspired by the superheroes at WiCyS who are making a global impact for women in cybersecurity.

Ep. 38 - Superhost Karl Hangs Up the Headphones // Karl Lankford

Fri, 06 Oct 2023 13:00:00 -0000

On this bittersweet episode, host James Maude is joined by our outgoing podcast host Karl Lankford for an in-depth look back at his incredible tenure on The Adventures of Alice and Bob. As Karl hangs up the headphones, we get the inside scoop on the wit and wisdom that made him a fan favorite during his time on the mic. From hair-raising plane rides to secret server room speakeasies, James and Karl reminisce about the wild adventures, guest interviews, and laughs shared over the past year and a half. Karl reflects on lessons learned through hosting duties, his passion for helping others, and excitement for the next chapter. We'll miss you, Superhost Karl!

Ep. 37 - Solving the ILOVEYOU Virus Outbreak Like a Rubik's Cube // Troy Fisher

Fri, 22 Sep 2023 13:00:00 -0000

Today James is speaking with Troy Fisher, an ethical hacker at IBM Security who educates using Rubik's cubes and draws from early experience battling major malware like the ILOVEYOU virus outbreak. Join us as Troy discusses facing major malware incidents early in his career and puzzling his way into a role in ethical hacking. We'll also hear how Troy uses Rubik's cubes to demonstrate hacking concepts, how his background in music and performance aids compelling security education, and more stories from his eclectic career path on this episode of The Adventures of Alice and Bob podcast.

Ep. 36 - Hacking Printers and Thermostats with the Pulsar Security Crew // Duane Laflotte and Patrick Hynds

Fri, 08 Sep 2023 13:00:00 -0000

Today's episode is hosted by James Maude. He is joined by Patrick Hynds and Duane Laflotte, CEO and CTO, respectively, of Pulsar Security. Tune-in as Patrick and Duane discuss their journey from the early days of hacking to leading offensive security teams and advising enterprises on defense strategies. They take us through an inside look at unconventional hacking techniques including compromising networks by exploiting default credentials on printers and manipulating thermostats to damage infrastructure. Patrick and Duane also detail social engineering tactics like sending spoofed emails from compromised printers to hack their way into networks. They share perspectives on the evolution of cyber threats over 20+ years, the importance of patch management, and mentoring the next generation of ethical hackers.

Ep. 35 - Hunting Down the REvil Ransomware Gang // John Fokker

Fri, 25 Aug 2023 13:00:00 -0000

Today's episode is hosted by James Maude. He is joined by John Fokker, Head of Threat Intelligence at Trellix. John is an internationally recognized cybercrime expert with leadership experience across law enforcement, military, and industry. Tune-in as John discusses his journey from the Dutch Marines to leading cybercrime investigations for the Dutch Police. John provides an inside look at high-profile cybercrime takedowns, including hunting down the notorious REvil ransomware group. He also shares perspectives on the evolution of cyber threats, the ransomware economy, and building global public-private partnerships to combat cybercrime.

Ep. 34 - Hacking Cows with "Dr. Dark Web" // Chris Roberts

Fri, 11 Aug 2023 14:31:00 -0000

Today's episode is hosted by Karl Lankford. He is joined by Chris Roberts A.K.A "Dr. Dark Web", and CISO at Boom Supersonic. Chris has been described as a hacker, cyber researcher, and even a Scottish cybersecurity warlock! Today Chris discusses his memorable experiences at conferences, ethical challenges in cybersecurity, and his personal moonshot for improving security. He also shares stories about hacking cows and camels and reflects on building security into the first commercial supersonic jet.

Ep. 33 - After Hours with Alice and Bob // Live Episode!

Fri, 28 Jul 2023 13:00:00 -0000

Today’s compilation episode is a very special edition of "After Hours with Alice & Bob." Our three hosts, James, Karl, and Marc, recorded live from the annual Go Beyond customer conference in Miami, Florida. They had lively discussions with a variety of guests over adult beverages...and nothing was off-limits when it came to our guest's stories around cybersecurity!

Ep. 32 - The Lapsus$ Breach and Hidden Parts of the Dark Web // Jason Haddix

Fri, 14 Jul 2023 13:00:00 -0000

Today, James is speaking with Jason Haddix, the renowned cybersecurity expert and CISO of BuddoBot. Get ready for an engaging conversation about the world of secrets management, the aftermath of the Lapsus$ breach at Ubisoft, and the dark web's impact on modern adversaries. Jason also shares captivating stories, including his experience accidentally setting off emergency alerts in LA and his eye-opening journey into the hidden corners of the dark web.

Ep. 31 - Bug Bounties, Disclosures, and the Clubhouse Hack // Katie Moussouris

Fri, 30 Jun 2023 13:00:00 -0000

Today, James and Marc are thrilled to welcome Katie Moussouris, the founder and CEO of Luta Security. Prepare yourself for an extraordinary conversation on bug bounty programs, the intricacies of vulnerability disclosures, and the influence of regulations and governance within cybersecurity. Katie also shares some amazing stories including her swift response to a teardrop attack during her tenure at the Human Genome Project and her ingenious two cell phone hack of the well-known social audio app, "Clubhouse."

Ep. 30 - Space Rogue and the L0pht Legacy // Cris Thomas

Fri, 16 Jun 2023 13:00:00 -0000

In today's episode James is joined by Cris Thomas, a true cybersecurity maverick that is more famously known as "Space Rogue." Join us as Cris delves into the fascinating origins of L0pht, a pioneering hacker collective that left an indelible mark on the industry. Cris also shares invaluable insights on securing networks, debunks hacking culture myths, sheds light on unconventional cybersecurity risks that often go unnoticed, and discusses his new book, Space Rogue: How the Hackers Known As L0pht Changed the World.

Ep. 29 - Live from Go Beyond 2023 // Bianca Lewis and Sam Elliot

Fri, 02 Jun 2023 13:00:00 -0000

This very special episode is brought to you from the Adventures of Alice and Bob podcast booth at the Go Beyond Conference in sunny Miami, FL. Karl and Marc are reunited with the remarkable 16-year-old hacker, Bianca Lewis, who also delivered an amazing keynote speech at the event. They also got the chance to hang out with the visionary Sam Elliot, Head of Product Management at BeyondTrust.

Ep. 28 - Cyber Security’s Anthropologist // Lianne Potter

Fri, 19 May 2023 13:00:00 -0000

In today’s episode, James is speaking with Cyber-Anthropologist Lianne Potter, known as "The Anthrosecurist," who serves as the Head of SecOps at ASDA. Lianne shares valuable insights about building trust in cybersecurity teams, breaking free from functional fixedness to find solutions, and “improving” cybersecurity practices with her improv comedy skills.

Ep. 27 - Keeping Netflix Safe: Threat Modeling Uncovered // Scott Behrens

Fri, 05 May 2023 13:00:00 -0000

Today’s episode is hosted by Karl Lankford. He is joined by Scott Behrens, Principal Security Engineer of Information Security at Netflix. Scott discusses the challenges of building a security program at Netflix, how threat modeling helps to identify vulnerabilities before they are exploited, and how he was able to bring down Netflix with a $2 Denial of Service (DoS) attack.

Ep. 26 - The Dark Web’s Most Wanted // Brett Johnson

Fri, 21 Apr 2023 13:00:00 -0000

Today's episode is hosted by James. He is joined by former USA Most Wanted Cybercriminal, Brett Johnson, who was dubbed "The Original Internet Godfather" by the Secret Service. Brett shares his experience of creating the notorious cybercrime forum, ShadowCrew, and his eventual capture by the police at Disney World. He also discusses his remarkable journey of transforming from a hacker to a reformed cybersecurity advocate.

Ep. 25 – Discovering ChaosDB and OMIGOD Exploits // Shir Tamari

Fri, 07 Apr 2023 13:00:00 -0000

Today’s episode is hosted by Karl. He is joined by Shir Tamari, Head of Research at Wiz. Shir tells us how he conquered over 700 Counter-Strike 1.6 servers when he was just a kid in Israel and how his team at Wiz discovered major cloud vulnerabilities like the ChaosDB and the OMIGOD exploits.

Ep. 24 - People Hacking & Detecting Deception // Jenny Radcliffe

Fri, 24 Mar 2023 13:00:00 -0000

Today’s episode is hosted by Karl. He is joined by “The People Hacker” Jenny Radcliffe, world-renowned social engineer and CEO of Human Factor Security. Jenny shares her stories of accessing buildings, bypassing security, and even coming face-to-face with a lion after hours (yes, she broke into a zoo as a kid)! Hear how Jenny uses her signature blend of psychology, con-artistry, and crafty manipulation to hack people and identify deception indicators!

Ep. 23 – The Cold Waters of Cybersecurity // Jason Youzwak

Fri, 10 Mar 2023 14:00:00 -0000

Today’s episode is hosted by James. He is joined by Jason Youzwak, Security Researcher at Peraton Labs. Join us as Jason discusses how an overly-successful pen test earned him the affectionate nickname “tick mark”. Jason also tells us about one of his favorite hobbies: plunging into the frigid waters of Coney Island. Don’t get cold feet now, let’s dive in!

Ep. 22 – We Don’t Scan the Pie Factory // Ryan Kovar

Fri, 24 Feb 2023 14:00:00 -0000

Today’s episode is hosted by James. He is joined by Ryan Kovar, Distinguished Security Strategist at Splunk. Join us as Ryan discusses how he accidentally disabled internet for an entire fleet during his time in the military and how a simple pen test burned over $600,000 of pies. Crust us, you knead to hear this episode.

Ep. 21 – Ethereum Mission: Improbable, Not Impossible // Ted Harrington

Fri, 10 Feb 2023 14:00:00 -0000

Today’s episode is hosted by Karl. He is joined by Ted Harrington, Executive Partner at ISE (Independent Security Evaluators). Your mission, should you choose to accept: Listen as Ted discusses how to think like a hacker and how his team of ethical hackers overcame statistical improbability to predict the keys to over 700 Ethereum wallets.

Ep. 20 – Girls Just Wanna Have Functioning Elections // Bianca Lewis

Fri, 27 Jan 2023 14:00:00 -0000

Today’s episode is hosted by James. He is joined by Bianca Lewis, the 16-year-old Founder and CEO of Girls Who Hack. Bianca shares her first experience speaking at a cybersecurity convention, how she hacked a voting machine at DEFCON 26, and how it led her to start Girls Who Hack, an organization focused on teaching girls the skills of hacking. Move over Barbie, we’re not kidding around.

Produced by ProSeries Media

Ep. 19 – Ocean’s Eleven in Real Life // Bill Graydon

Fri, 13 Jan 2023 14:00:00 -0000

Today’s episode is hosted by Karl. He is joined by Bill Graydon, Principal Researcher at GGR Security. Bill unlocks his secrets on physical pen testing, how he sizes up a building’s security prior to a break-in, and shares his story about getting caught red-handed and using social engineering to defeat security guards! Does the house always win? Find out on this episode of Adventures of Alice & Bob.

Produced by ProSeries Media

Ep. 18 - The Traitor Among Us // Paula Januszkiewicz

Fri, 30 Dec 2022 14:00:00 -0000

Today’s episode is hosted by James. He is joined by Paula Januszkiewicz, CEO and Founder of CQURE. Today, Paula talks about why she started CQURE, why sharing information between cybersecurity professionals is so important, and how her team helped bring down an administrator who was sabotaging their own company from the inside.

Produced by ProSeries Media

Ep. 17 - When Malicious Insiders Have All the Access // Fabio Viggiani

Fri, 16 Dec 2022 17:25:00 -0000

Today’s episode is hosted by Karl. He is joined by Fabio Viggiani, CTO at Truesec Group and self-described as "that hacker guy." Today Fabio kicks off the episode by sharing how he got his start in technology, strategies he has utilized to identify (and even predict) some very sophisticated cyberattacks and why a security investigation was made harder by a group of malicious insiders.

Ep. 16 - Like Shooting Vish in a Barrel // Alethe Denis

Mon, 28 Nov 2022 16:18:00 -0000

Today’s episode is hosted by Karl and James. They talk to Alethe Denis, Senior Security Consultant at Bishop Fox, about how children learn how to utilize social engineering at a young age, some common misconceptions about making a career out of social engineering, and why HR departments are a force to be reckoned with.

Produced by ProSeries Media

Ep. 15 - Using Jedi Mind Tricks on a Call Center // Chris Silvers

Fri, 18 Nov 2022 14:00:00 -0000

Today’s episode is hosted by James. He is joined by Chris Silvers, Owner of CG Silvers Consulting, to talk about how someone with a hacker mindset can turn a prank into a powerful attack vector. Chris and James do some roleplay and reenact a couple of real-life calls from a social engineering attack Chris had executed in the past!

Here is a link to the full presentation Chris Silvers gave at at DEF CON that includes the original call recordings : https://youtu.be/vgKAxd_4s0A

Produced by ProSeries Media

Ep. 14 - The Creation of Frankenstein's Machine // John Hawes

Fri, 04 Nov 2022 13:00:00 -0000

Welcome to the Adventures of Alice & Bob podcast. Today’s episode is hosted by Karl Lankford. He is joined by John Hawes, the COO of AMTSO, to talk about building a world class virus replicator with spare computer parts, the importance of independent testing labs, and how more collaboration can help improve the cybersecurity industry.

Produced by ProSeries Media

Ep. 13 - Halloween Special

Fri, 28 Oct 2022 15:06:00 -0000

Ghostly Greetings! In today's frightfully fantastic episode, all three of our hosts get together to swap their nightmarish cybersecurity tales of bloodsucking phishing schemes, lurking critical vulnerabilities, and festering overprivileged access. If those stories don't chase you away, stay until the end where there's a sweet treat for our listeners. Don't miss this scream-worthy episode on Adventures of Alice & Bob!

Produced by ProSeries Media

Ep. 12 – Everything is Secure in a Spreadsheet, right? // Javvad Malik

Fri, 23 Sep 2022 13:00:00 -0000

In today’s episode, James talks to Javvad Malik, a Security Awareness Advocate at KnowBe4 and Co-Founder of Security B-Sides London, to talk about his most memorable cybersecurity tales inside some of the largest financial & energy companies, how a single spreadsheet (with a giant security flaw) defiled an entire organization, and the inspiration behind Javvad’s ridiculously hilarious cybersecurity YouTube parody “Accepted the Risk”. All this and more on this week’s episode of Adventures of Alice & Bob!

Produced by ProSeries Media

Ep. 11 - The Art of Negotiating with Ransomware Attackers // Brian Honan

Fri, 09 Sep 2022 13:00:00 -0000

Today’s episode is hosted by Karl. He is joined by Brian Honan, Founder and CEO of IRISS and BH Consulting. Brian talks about how he created Ireland's first CERT, why Ransomware victims should never give in to their attackers, and why technology will never solve all of our cybersecurity problems.

Produced by ProSeries Media

Ep.10 - Breaking Down the Department of the Interior // John Strand

Fri, 26 Aug 2022 13:00:00 -0000

Today’s episode is hosted by Marc. He talks to John Strand, Owner of Black Hills Information Security, about how John's first job in cybersecurity landed him in the middle of one of the largest lawsuits in United States history, how the gates that keep people from getting into cybersecurity have changed over the years, and how malicious hackers will always have a step-up on pen testing.

Check out Black Hills Infosec here : https://www.blackhillsinfosec.com/

Produced by ProSeries Media

Ep. 09 – Social Engineering, Phishing, and Psychic Powers (well, sort of) // Chris Kirsch

Fri, 12 Aug 2022 13:00:00 -0000

Today’s episode is hosted by James and Karl. They talk to Chris Kirsch, Co-Founder and CEO of runZero about the ethics and philosophy behind social engineering (and how he got into teaching pickpocketing to red teamers), the amount of research that actually goes into the DEF CON Capture the Flag Competition (Chris won the coveted Black Badge at DEF CON 2017), how to protect yourself from Open Source Intelligence manipulation, and why he may (or may not) have psychic powers. Follow Chris’ social engineering escapade on today’s episode of Adventures of Alice & Bob!

Produced by ProSeries Media

Ep. 08 – The Fight to Destroy Stalkerware // Eva Galperin

Fri, 29 Jul 2022 13:00:00 -0000

Today’s episode is hosted by James and Karl. They talk to Eva Galperin, the Director of Cybersecurity at EFF, about her efforts fighting against nation-state cyber attacks, why she switched her focus from APTs to stalkerware, and how she worked with a Maryland senator to pass a bill that will require law enforcement agencies to learn, as part of their standard training, how-to recognize cyberstalking, and understand the criminal laws concerning electronic surveillance and tracking.

See what you can do to fight against stalkerware by going to https://www.eff.org/

Produced by ProSeries Media

Ep. 07 - The Talktalk Data Breach // Geoff White

Fri, 15 Jul 2022 13:00:00 -0000

Today’s episode is hosted by James. He talks to Geoff White an investigative journalist, author, and host of The Lazarus Heist podcast. They talk about hope to get people to care about their personal data, trying to explain complex tech in short news stories, and the Talktalk data breach.

You can find Geoff at https://twitter.com/geoffwhite247 and you can read his book "The Lazarus Heist" here at https://www.amazon.co.uk/Lazarus-Heist-Hollywood-Finance-Inside/dp/024155425X

Produced by ProSeries Media

Ep. 06 - Surviving The Log4j Exploit // Leah McLean

Mon, 04 Jul 2022 13:00:00 -0000

In today's episode, James and Karl talk to Leah McLean, Vice President - Cybersecurity Specialist at Mastercard, about her experience handling the log4j attack, how-to maneuver cybersecurity attacks when you have very limited resources, and why she claims cybersecurity does not have a talent shortage (hint: stop looking for the unicorn).

You can listen to Leah's podcast at https://the-ciso-diaries.captivate.fm/.

Produced by ProSeries Media

Ep. 05 - After Hours with Alice & Bob // Live Episode!

Fri, 17 Jun 2022 13:00:00 -0000

Today we are introducing After Hours with Alice & Bob, a special live episode recorded at BeyondTrust’s GoBeyond event in Miami Florida. Our hosts James and Marc have a ton of fun talking to guests at the conference about embarrassing cybersecurity mistakes, AI, superheros, organized cyber crime, and more.

Produced by ProSeries Media

Ep. 04 - She Hacks Purple // Tanya Janca

Fri, 03 Jun 2022 13:00:00 -0000

In today's episode Marc and Karl are joined by Tanya Janca, best-selling author of Alice and Bob Learn Application Security, to talk about what it is like being a woman in cybersecurity, the origin story of We Hack Purple, and how important it is to be integrated and invested in the cybersecurity community.

You can check out We Hack Purple here : https://wehackpurple.com/ and you can find her book Alice and Bob Learn Application Security here : https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357

Produced by ProSeries Media

Ep. 03 - Fighting the Vastaamo Ransomware Attack // Sami Laiho

Thu, 19 May 2022 15:53:00 -0000

Welcome to Adventures with Alice & Bob! Today our hosts Karl and James are joined by Sami Laiho to talk about how he became one of the leading public speakers in the world of Microsoft topics, how choosing your words wisely can convince people to take security seriously, and how he dealt with the Vastaamo attack, the largest crime ever committed in Finland.

You can find Sami Laiho's services at https://samilaiho.com/, and buy his JÄRJESTELMÄNVALVOJA merch at https://www.zazzle.com/store/adminize.

Produced by ProSeries Media

Ep. 02 - Basic Adorable Destruction // Jayson E. Street

Wed, 18 May 2022 17:25:00 -0000

Today’s episode is hosted by Marc and Karl. They are joined by Jayson E. Street to talk about his unique take on pentesting, how his biggest success story is about him failing, and how everyone is born a hacker.

Produced by ProSeries Media

Ep. 01 - Uncovering the Code Red Worm // Marc Maiffret

Tue, 17 May 2022 20:48:00 -0000

Welcome to the Adventures of Alice & Bob podcast! For our first episode, our hosts Karl and James are joined by our very own Marc Maiffret to talk about the evolution of hacking and cyber security, the infamous Code Red worm, and how cybersecurity will be different in the near future.

Produced by ProSeries Media