TL;DR: This week's episode is a special one. I (Rafal) revisit episode 100 with the one and only Dan Geer. Some shows are "in the moment", some are timeless. This show is timeless. Dan's wisdom and insights are as applicable today as they were 12 years ago. Crazy, right? Fun story - I ran into Dan at Black Hat conference a few years ago and asked him what he would say is 'different' since we recorded that episode... his response? "My beard is longer". Solid GOLD. Listen in. Take notes. H...

TL;DR: On today's pod, Rob Allen of ThreatLocker makes his triumphant return to derail us straight into a conversation about legacy systems and why he's still supporting WindowsXP. Right, you read that right. A great conversation ensued, and I'm glad we were able to record this one. Enjoy. From us to you, thank you for following along this year, and we wish you a happy new year, and all the best in 2026! YouTube video: https://youtube.com/live/dFO1NTo1MGc Have something to say? Let's hea...

TL;DR: In part 1 of 2, Gadi Evron joins the show and chats with Jim and Rafal on the topic of the "AI Cataclysm". What does that even mean? Listen in - but it's part to do with how AI is changing the attacker model (level of effort, expertise required, timeline) and what defenders should start to think about. Part 2 is coming soon, standby. YouTube Video: https://youtube.com/live/izX0jOUpKJM Have something to say? Let's hear it. Support the show >>> Please consider clicking the ...

TL;DR: This week's show features Aaron Costello, and is all about an analog from real-world attacks on humans, applied to AI "agents". I know what you're thinking - computers are supposed to be more difficult to trick, right? Right... no. Attacks such as this where computers try to be "helpful" (just like humans) are probably more common than we'd like to think. Give this a listen, it's a hoot. YouTube video: https://youtube.com/live/fM88jSkamDQ Have something to say? Let's hear it. Su...

TL;DR: On this episode, it's just Jim and Rafal talking about how sometimes you just need to take a big step back from your day job and touch some grass. Our chosen profession is, demanding, to say the least. So let's take a minute to acknowledge what we're really thinking. Unfiltered, raw, and straight from our heads to your ears, enjoy. YouTube video: https://youtube.com/live/ULTq1pzckFg Have something to say? Let's hear it. Support the show >>> Please consider clicking the li...

TL;DR: This week's pod features a conversation with the Jay Jacobs, whom had previously been on the show talking about this very topic (vulnerability ranking/scoring) many, many years ago. If you missed Episode 297 check it out, it's crazy how far (or not) we've come since that conversation. YouTube Video: https://youtube.com/live/cpL9ZYbwkes Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-...

TL;DR: John Rafal & Jim as we welcome Dustin Lehr to talk about the state of AppSec and how we got here. We discuss vulnerabilities, accountability, culture, and a host of other things. It's a caffein-fueled episode, so buckle in! Youtube video: https://youtube.com/live/yoBIQ_sIawI Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= YouTube ...

TL;DR: We heard RSnake's take on CVSS and CVEs and such, now let's hear Brian "Jericho" Martin's take. The gloves are off, and the opinions go native when we take this episode live. Brian doesn't pull any punches, and apparently I'm the only one without a pocket full of $2 bills? Sorry for the explicit rating, that's Brian's fault. YouTube Video: https://youtube.com/live/2-3Jzks5myc?feature=share Have something to say? Let's hear it. Support the show >>> Please consider clicking...

TL;DR: Patching. Your least favorite thing. Well, it turns out that most of the work we have been doing in the last 20+ years has been for nothing. Robert "RSnake" Hansen's theory, backed by a lot of data, seems to point to a much bigger problem in cyber, and it's time we talk about it. Rob's Closing Keynote that started this conversation: https://youtu.be/80ZtAsuC4v4?si=-liUcLX4adz092yP YouTube Video: https://youtube.com/live/k4kvKWZVh78 Have something to say? Let's hear it. Support the...

TL;DR: This week's pod features your favorite hosts reflecting on how security has lost its way. When everything is a catastrophe, nothing is. When every breach is world-ending, none of them matter. Have we completely lost the plot? Prepare to have a good think. YouTube Video: <coming soon> Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

TL;DR: On this week's pod - Sean Scranton and Shawn Tuma make a return appearance to talk about Cyber (Security) Insurance. Some see it as the answer to cyber's problems, while others see it as just another question. Which is it? Is it just a matter of perspective? Listen in and find out! YouTube Video: https://youtube.com/live/GiuheFiFO78 Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-...

TL;DR: This week's pod is all about healthcare-related data that is bought and sold the world over - and how you this data can be utilized while still preserving privacy. In this mind-blowing segment, John Kuhn of Integral joins Jim and I to talk about the vast quantities of data that's bought, sold, and aggregated for healthcare research - and how it can be used for good, while still preserving people's privacy (or what's left of it - debate ensues). YouTube Video: https://youtube.com/l...

TL;DR: If you've ever wondered what goes through the mind of a top-tier CISO, wonder no longer. This week's episode features Trey Ford talking a little nostalgia, and a little of what's on his mind as a CISO. Fantastic episode, shout out to BugCrowd for the episode. Youtube video: https://youtube.com/live/uFl45Tb93gY?feature=share Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=...

TL;DR: Let's talk, err, lament, Third Party Risk programs. Who has time for these, and is there any real value in identifying 3rd party risks? Or is it just all theater for the lawyers? Paul Farley joins Jim, James and Rafal to chop it up. Dive in with us, and see what you think. YouTube Video: https://youtube.com/live/Le23nkaybfE Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-...

TL;DR: This week's episode is what happens when I go on vacation and have a little time to think. So here we go - let's talk about this Jaguar Land Rover was compromised and ransomware spread. The damage has been 'extensive' to the point where they stopped everything... are there any lessons here? Links https://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-cybersecurity-jlrhttps://www.theguardian.com/business/2025/sep/20/jaguar-land-rover-hack-factories-...

TL;DR: This podcast features our friend Bo Birdwell who sits down with us to explain the ins and outs of the new DFARS CMMS update. Jim and Bo cover a lot of ground, and James and I are along for the ride asking questions. Great episode if you're in the space, worrying about what this latest update means to you. YouTube Video: https://youtube.com/live/0cl1S4f3g8E Have something to say? Let's hear it. Support the show >>> Please consider clicking the link above to support the show! -=...

Send the hosts a message - try it now! TL;DR: This week's returning guest is Doug Cavit, but this time he's here to talk about the Internet apocalypse. Partly driven by AI, but mostly we discuss automated content generation, bots, and consumption as we reach the conclusion that it's all coming crashing down... sooner than we'd like. YouTube Video: https://youtube.com/live/tUJgdrh3ws8 Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=...

Send the hosts a message - try it now! TL;DR: Michael Reichstein joins the pod this week to talk about "rock star CISOs" and those who trade equity for their souls. It's an interesting discussion but this one comes with a warning label: If you're easily offended, do not listen to this. Michael's post that started this conversation: https://www.linkedin.com/posts/mreichstein_cybersecurity-leadership-businessethics-activity-7361753110983135233-YSct YouTube video: https://youtube.com/live/N1mD...

Send the hosts a message - try it now! TL;DR: This week's pod features our favorite former analyst Anton Chuvakin, and an AppSec OG Jeff Williams as we tackle the subject of AppSec's favorite new acronym - ADR. What is it? Why is it? Should it be? We answer all these questions and more, and laugh along the way a bit too. YouTube Video: https://youtube.com/live/69xeGDoDYbU Links Contrast's latest threat report (referenced in the show)An in-depth ADR Explainer (helpful!)Run-Time Security Explai...

Send the hosts a message - try it now! TL;DR: This week's returning guest is the man, the myth, the Alpaca farmer, Philippe Humeau of CrowdSec. Life comes at you fast, threats come at you faster. The good news is - defenses can keep up. Listen in, then go check out CrowdSec! YouTube video: https://youtube.com/live/7Xc99bXCfwQ Support the show >>> Please consider clicking the link above to support the show! -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ...