Top Cybersecurity Podcasts of 2022: BeyondTrust Edition

Q: Listen wherever you stream your podcasts.

Ep. 01 - Uncovering the Code Red Worm // Marc Maiffret Ep. 09 – Social Engineering, Phishing, and Psychic Powers (well, sort of) // Chris Kirsch Ep. 12 – Everything is Secure in a Spreadsheet, right? // Javvad Malik Ep. 02 - Basic Adorable Destruction // Jayson E. Street Ep. 04 – She Hacks Purple // Tanya Janca

Introducing Alice & Bob

In case you missed it, earlier this year we launched our cybersecurity podcast with a difference, Adventures of Alice & Bob. The initial reaction from Marc Maiffret, our CTO (and now co-host), when we mentioned launching a podcast was “I am not sure the industry needs another vendor podcast”. He was right of course, but just doing another vendor podcast was never the plan.

Anyone who has worked in or around infosec knows there are some amazing people doing brilliant things, often largely behind the scenes. It was these people and their stories that we wanted to shine a light on. Adventures of Alice & Bob is a podcast that gives voice to, honors, and celebrates the stories of those who work hard in this industry to make cyber safer for everyone. As for Marc, he loved the concept and enjoyed being a guest on our first episode so much that he eventually offered to co-host!

On a more personal note, launching this podcast has been an incredibly humbling journey for me (kudos to all you podcasters out there!). I was flabbergasted at how much goes into podcasting; from concept development to creative, to guest booking, to release schedules…the world and demands of podcasting is a wild ride - and I’ve loved every minute of it. Major props to our remarkable podcast producers, Proseries Media: we most certainly couldn’t have done any of this without your smarts, patience, and passion.

What makes me excited to head into 2023 is knowing that podcasting is not slowing down. The number of podcast listeners is predicted to reach 464.7 million by the end of 2023 and 504.9 million by 2024! There is so much we can continue to do to highlight some of the most interesting people in infosec and develop Adventures of Alice & Bob even further. The beast of cybersecurity never sleeps, and we are grateful to all our guests who have shared their personal stories of cybersecurity disasters, hacker takedowns, breaches, career flops & pivots, successes, mistakes, and laughs.

A few of the most interesting people in infosec - the guests of the Adventures of Alice & Bob

With that said, there have been some exceptionally standout episodes that I wanted to highlight in this post. If Adventures of Alice & Bob is just now hitting your radar, please bookmark these top episodes as a great starting point. The list is sorted by top performing episode based on number of unique listeners in 2022.

Here are my top 5 episodes you should stream now:

Ep. 01 - Uncovering the Code Red Worm // Marc Maiffret

In our very first episode, our two hosts, James and Karl, are joined by our very own Marc Maiffret to talk about Marc's experience being raided by the FBI as a teenager, the infamous Code Red worm he co-discovered, and how cybersecurity will be different in the future. A great episode to kick off the series with!

Marc: I think I was 17 at the time, so I was at my mom's house. I basically told her, "Hey, I think I might get raided [by the FBI]." She didn't quite comprehend what that meant. She knew I was into computers, but she didn't get everything that was going on (hacking). So the morning I was raided by the FBI… I felt something by my head and went to brush it away, and I thought it was my mom patting my head “goodbye - I’m off to work” or whatever. No, it was an FBI agent with a gun to my head telling me, "Don't move."

Chris Kirsch joins Adventures of Alice & Bob to talk about the ethics and philosophy behind social engineering (and how he got into teaching pickpocketing to red teamers), the amount of research that actually goes into the DEF CON Capture the Flag Competition (Chris won the coveted Black Badge at DEF CON 2017), how to protect yourself from Open Source Intelligence manipulation, and why he may (or may not) have psychic powers. Chris’ stories & social engineering escapades had us on the edge of our seats!

Chris: The craziest OSINT report I ever saw was from a [social engineering] contestant a few years back...and she found somebody who posted on Instagram. They were actually not working for the company directly as an employee, but they were a contractor. And they were posting on Instagram all of these pictures. And she had 12 pages on this guy. And it started out with a picture like, "Oh, new job. And here's my desk." And it showed his computer and the window and the parking lot behind it. And the blind that was rolled half down, which had a picture of the full networking diagram on it. Then a few snaps of his screens that revealed some applications he was using. Email client is very helpful, because if you're trying to get through spam filters, some phishing protections and so on, the testing with that same mail client helps. And then he was hugging a firewall, a new firewall he'd gotten on one of the pictures, with a model number and everything! It just went on. Even his car with a license plate, where he was stationed in the navy. He even had credit cards that he'd just gotten that he was really proud of. He blurred out the numbers. So he was somewhat security aware, but there was a ton more information that you could glean from that. So yeah, it was mind boggling.

Ep. 12 – Everything is Secure in a Spreadsheet, right? // Javvad Malik

Javvad Malik, a Security Awareness Advocate at KnowBe4 and Co-Founder of Security B-Sides London, talks about his most memorable cybersecurity tales inside some of the largest financial & energy companies, how a single spreadsheet (with a giant security flaw) defiled an entire organization, and the inspiration behind Javvad’s ridiculously hilarious cybersecurity YouTube parody “Accepted the Risk”.

Javvad: I went in [as a consultant] and one of the areas I was looking at was end user developed applications. And I found a huge monstrosity of a spreadsheet that the traders were using to base a lot of their trading decisions on. It was one of those spreadsheets that had started off with one trader developing it and thought, "Okay, this is good." And then another one added to it, and added to it. They had a few developers in for contract purposes to expand it even more... so it was doing Monte Carlo algorithms, it was pulling in real-time data, it was giving them a number at the end and they were using that to base their trades on. And I said, "Look, this just fails every control. You're using an Excel spreadsheet. There's no segregation. There's no authentication. There's no audit tracking. There's no protection. There's nothing here." So I took it to the head of the trading... I thought I had an airtight case. You sometimes walk in thinking you're Harvey Specter from Suits, and can just walk in there and convince them. I laid it all out. I said, "This is really bad." And he goes, "Yeah, we know, but we've accepted the risk as a business." Within a year of that conversation, that bank had an incident where one of the traders accidentally overwrote one of the formulas with a hard coded value. So whatever the formula was calculating from, somehow they accidentally went in and overwrote it. So for the whole day, everyone was making trades on bad data. And that was so big. It actually manipulated the markets and they had to reverse several trades that they had done that day. And they were fined huge by the FCA, they even had to get an extension on their trading window. It was a massive, massive loss.

Ep. 02 - Basic Adorable Destruction // Jayson E. Street

Once described as a "paunchy hacker" by Rolling Stone Magazine, Jayson E Street, joins Marc and Karl in our second episode to talk about his unique take on pen testing, how his biggest success story is about him failing, and how everyone is born a hacker. This 62-minute episode flies by as Jayson takes listeners through a very entertaining, and sometimes terrifying, world of hacking.

Jayson: The biggest gatekeeper that we will face in this world is ourselves. So we need to remember that we’re hackers. So, screw the gate, jump the fence. One of the biggest things that I keep hearing people say is, “Well, you need to know programming to be in Information Security.” I don’t know how to program. I’m here, I’m valid, and I should be here. It’s like, sometimes I don’t think I should be, but I’m here, so get used to it. Stop trying to let gatekeepers dictate what you’re supposed to be or what you’re supposed to know or what you’re supposed to look like. You were born a hacker. Everybody was born a hacker.

Ep. 04 – She Hacks Purple // Tanya Janca

Best-selling author of Alice and Bob Learn Application Security (yes, we swoon at the name, too), Tanya Janca, joins Marc and Karl to talk about what it’s like being a woman in cybersecurity, the origin story of We Hack Purple, and how important it is to be integrated in the cybersecurity community. Tanya had a lot to share in this 60-minute episode and left us eager to book another installment with her!

Tanya: I remember during my testing I had figured out all these hacks so I could get the system to crash and then I automated it. I was the only person on the QA team that could write code. I was like, "I did this, and I did this, and I did this." And I'm like, "So I have to tell you something boss," and he's like, "Tell me." "So I kind of set it on fire," and he responded, "Oh, you crashed it a bunch of times." I'm like, "I crashed it so many times they overwhelmed the fans. The fans shut down and there's smoke in our laboratory – I think we need to evacuate." And he's like, "Oh my gosh, fire!" We had to add more fans to our product - I learned quite a bit.

Where to find the Adventures of Alice & Bob

As I wrap up this post, I wanted to say one final thank you to all those on the frontlines of cybersecurity and infosec, we are truly grateful for the things you do daily to keep us and our families safe online.

Listen to all of these plus more amazing stories on The Adventures of Alice and Bob. Listen wherever you stream your podcasts.

Interested in Being a Guest?

If you are an infosec hero (of course you are) and have a personal anecdote from the front lines of a cyberattack that you’d like to share on the podcast, please contact the BeyondTrust podcast production team at [email protected].