Adventures of Alice & Bob

Ep. 43 - Robbing Banks, Stealing Helicopters, and Building Teepees // Freakyclown

What's it like to rob banks and government facilities for a living? Find out today when James sits down with professional ethical hacker and social engineer FC (aka Freakyclown) to discuss the wild stories from his 30+ year career circumventing security systems. From stealing helicopters and gold bullion, to building secret offices and making friends with targets, hear tales of exploits that sound stranger than fiction in today's episode. FC also shares hard lessons learned and practical advice for improving security.

Ep. 42 - Outpacing the Nimda Virus and Code Red // Dr. Cathy Ullman

Today, James finds himself engaged in a captivating conversation with Dr. Cathy Ullman, Principal Technology Architect, Security at University at Buffalo. In their discussion, Dr. Ullman regales James with gripping accounts of her experiences combating the notorious Nimda Virus, a pernicious file-infecting computer worm. She also delves into her firsthand encounters with the tumultuous era of Code Red and other early internet worms, sharing invaluable insights gained from navigating these cybersecurity crises. She also talks about working with law enforcement on cyber investigations and touches on her unconventional career journey through philosophy, forensics and beyond.

Ep. 41 - The TeamViewer Attack, Roly-Polies, and Purple Teaming // Eliza-May Austin

Today James is speaking with Eliza-May Austin, CEO & Co-Founder of th4ts3cur1ty.company. Drawing on her experience with a TeamViewer supply chain attack early in her career, Eliza explains how she built her company's SIEM solution to help businesses of all sizes defend against threats coming through trusted third parties. She also discusses the benefits of purple teaming and shares some amusing moments from working night shifts in cybersecurity, including testing if she can still do roly-polies and giving herself a concussion!

Ep. 40 - Breached! BeyondTrust Discovers Breach of Okta Support Unit // Marc Maiffret

Okta provides identity and access management to some of the world's biggest brands. But what happens when Okta itself comes under attack? In this episode, James sits down with BeyondTrust CTO Marc Maiffret to discuss how BeyondTrust discovered a breach of Okta’s Support Unit, escalated concerns, and gathered the necessary evidence to spur Okta into action. Join us for a rare inside look at how a major provider was compromised, and what we can learn to better defend our own systems.

Ep. 39 - The Wonder Women of Cybersecurity // Lynn Dohm

In this episode James hosts Lynn Dohm, Executive Director of WiCyS (Women in Cybersecurity). Lynn shares the origin story of WiCyS, from humble beginnings as an NSF-funded conference to today's thriving global community empowering women at all stages of their cybersecurity careers. Join us as they discuss systemic issues like the “leaky pipeline,” how to create inclusive spaces in security, and overcoming barriers that cause women to leave the field. Lynn talks data, gives advice for cybersecurity leaders looking to recruit, retain and advance women, and much more! Tune-in to be inspired by the superheroes at WiCyS who are making a global impact for women in cybersecurity.

Ep. 38 - Superhost Karl Hangs Up the Headphones // Karl Lankford

On this bittersweet episode, host James Maude is joined by our outgoing podcast host Karl Lankford for an in-depth look back at his incredible tenure on The Adventures of Alice and Bob. As Karl hangs up the headphones, we get the inside scoop on the wit and wisdom that made him a fan favorite during his time on the mic. From hair-raising plane rides to secret server room speakeasies, James and Karl reminisce about the wild adventures, guest interviews, and laughs shared over the past year and a half. Karl reflects on lessons learned through hosting duties, his passion for helping others, and excitement for the next chapter. We'll miss you, Superhost Karl!

Ep. 37 - Solving the ILOVEYOU Virus Outbreak Like a Rubik's Cube // Troy Fisher

Today James is speaking with Troy Fisher, an ethical hacker at IBM Security who educates using Rubik's cubes and draws from early experience battling major malware like the ILOVEYOU virus outbreak. Join us as Troy discusses facing major malware incidents early in his career and puzzling his way into a role in ethical hacking. We'll also hear how Troy uses Rubik's cubes to demonstrate hacking concepts, how his background in music and performance aids compelling security education, and more stories from his eclectic career path on this episode of The Adventures of Alice and Bob podcast.

Ep. 36 - Hacking Printers and Thermostats with the Pulsar Security Crew // Duane Laflotte and Patrick Hynds

Today's episode is hosted by James Maude. He is joined by Patrick Hynds and Duane Laflotte, CEO and CTO, respectively, of Pulsar Security. Tune-in as Patrick and Duane discuss their journey from the early days of hacking to leading offensive security teams and advising enterprises on defense strategies. They take us through an inside look at unconventional hacking techniques including compromising networks by exploiting default credentials on printers and manipulating thermostats to damage infrastructure. Patrick and Duane also detail social engineering tactics like sending spoofed emails from compromised printers to hack their way into networks. They share perspectives on the evolution of cyber threats over 20+ years, the importance of patch management, and mentoring the next generation of ethical hackers.

Ep. 35 - Hunting Down the REvil Ransomware Gang // John Fokker

Today's episode is hosted by James Maude. He is joined by John Fokker, Head of Threat Intelligence at Trellix. John is an internationally recognized cybercrime expert with leadership experience across law enforcement, military, and industry. Tune-in as John discusses his journey from the Dutch Marines to leading cybercrime investigations for the Dutch Police. John provides an inside look at high-profile cybercrime takedowns, including hunting down the notorious REvil ransomware group. He also shares perspectives on the evolution of cyber threats, the ransomware economy, and building global public-private partnerships to combat cybercrime.

Ep. 34 - Hacking Cows with "Dr Dark Web" // Chris Roberts

Today's episode is hosted by Karl Lankford. He is joined by Chris Roberts A.K.A "Dr. Dark Web", and CISO at Boom Supersonic. Chris has been described as a hacker, cyber researcher, and even a Scottish cybersecurity warlock! Today Chris discusses his memorable experiences at conferences, ethical challenges in cybersecurity, and his personal moonshot for improving security. He also shares stories about hacking cows and camels and reflects on building security into the first commercial supersonic jet.

Ep. 33 - After Hours with Alice and Bob // Live Episode!

Today’s compilation episode is a very special edition of "After Hours with Alice & Bob." Our 3 hosts James, Karl, and Marc record live from the annual Go Beyond customer conference in Miami, Florida. They had lively discussions with a variety of guests over adult beverages...and nothing was off-limits when it came to our guest's stories around cybersecurity!

Ep. 32 – The Lapsus$ Breach and Hidden Parts of the Dark Web // Jason Haddix

Today, James is speaking with Jason Haddix, the renowned cybersecurity expert and CISO of BuddoBot. Get ready for an engaging conversation about the world of secrets management, the aftermath of the Lapsus$ breach at Ubisoft, and the dark web's impact on modern adversaries. Jason also shares captivating stories, including his experience accidentally setting off emergency alerts in LA and his eye-opening journey into the hidden corners of the dark web.

Ep. 31 - Bug Bounties, Disclosures, and the Clubhouse Hack // Katie Moussouris

Today, James and Marc are thrilled to welcome Katie Moussouris, the founder and CEO of Lura Security. Prepare yourself for an extraordinary conversation on bug bounty programs, the intricacies of vulnerability disclosures, and the influence of regulations and governance within cybersecurity. Katie also shares some amazing stories including her swift response to a teardrop attack during her tenure at the Human Genome Project and her ingenious two cell phone hack of the well-known social audio app, "Clubhouse."

Ep. 30 - Space Rogue and the L0pht Legacy // Cris Thomas

In today's episode James is joined by Cris Thomas, a true cybersecurity maverick that is more famously known as "Space Rogue." Join us as Cris delves into the fascinating origins of L0pht, a pioneering hacker collective that left an indelible mark on the industry. Cris also shares invaluable insights on securing networks, debunks hacking culture myths, sheds light on unconventional cybersecurity risks that often go unnoticed, and discusses his new book, Space Rogue: How the Hackers Known As L0pht Changed the World.

Ep. 29 - Live from Go Beyond 2023 // Bianca Lewis and Sam Elliot

This very special episode is brought to you from the Adventures of Alice and Bob podcast booth at the Go Beyond Conference in sunny Miami, FL. Karl and Marc are reunited with the remarkable 16-year-old hacker, Bianca Lewis, who also delivered an amazing keynote speech at the event. They also got the chance to hang out with the visionary Sam Elliot, Head of Product Management at BeyondTrust.

Ep. 28 - Cyber Security’s Anthropologist // Lianne Potter

In today’s episode, James is speaking with Cyber-Anthropologist Lianne Potter, known as "The Anthrosecurist," who serves as the Head of SecOps at ASDA. Lianne shares valuable insights about building trust in cybersecurity teams, breaking free from functional fixedness to find solutions, and “improving” cybersecurity practices with her improv comedy skills.

Ep. 27 - Keeping Netflix Safe: Threat Modeling Uncovered // Scott Behrens

Today’s episode is hosted by Karl Lankford. He is joined by Scott Behrens, Principal Security Engineer of Information Security at Netflix. Scott discusses the challenges of building a security program at Netflix, how threat modeling helps to identify vulnerabilities before they are exploited, and how he was able to bring down Netflix with a $2 Denial of Service (DoS) attack.

Ep. 26 - The Dark Web’s Most Wanted // Brett Johnson

Today's episode is hosted by James. He is joined by former USA Most Wanted Cybercriminal, Brett Johnson, who was dubbed "The Original Internet Godfather" by the Secret Service. Brett shares his experience of creating the notorious cybercrime forum, ShadowCrew, and his eventual capture by the police at Disney World. He also discusses his remarkable journey of transforming from a hacker to a reformed cybersecurity advocate.

Ep. 25 - Discovering ChaosDB and OMIGOD Exploits // Shir Tamari

Today’s episode is hosted by Karl. He is joined by Shir Tamari, Head of Research at Wiz. Shir tells us how he conquered over 700 Counter-Strike 1.6 servers when he was just a kid in Israel and how his team at Wiz discovered major cloud vulnerabilities like the ChaosDB and the OMIGOD exploits.

Ep. 24 - People Hacking & Detecting Deception // Jenny Radcliffe

Today’s episode is hosted by Karl. He is joined by “The People Hacker” Jenny Radcliffe, world-renowned social engineer and CEO of Human Factor Security. Jenny shares her stories of accessing buildings, bypassing security, and even coming face-to-face with a lion after hours (yes, she broke into a zoo as a kid)! Hear how Jenny uses her signature blend of psychology, con-artistry, and crafty manipulation to hack people and identify deception indicators!

Ep. 23 - The Cold Waters of Cybersecurity // Jason Youzwak

Today’s episode is hosted by James. He is joined by Jason Youzwak, Security Researcher at Peraton Labs. Join us as Jason discusses how an overly-successful pen test earned him the affectionate nickname “tick mark”. Jason also tells us about one of his favorite hobbies: plunging into the frigid waters of Coney Island. Don’t get cold feet now, let’s dive in!

Ep. 22 - We Don’t Scan the Pie Factory // Ryan Kovar

Today’s episode is hosted by James. He is joined by Ryan Kovar, Distinguished Security Strategist at Splunk. Join us as Ryan discusses how he accidentally disabled internet for an entire fleet during his time in the military and how a simple pen test burned over $600,000 of pies. Crust us, you knead to hear this episode.

Ep. 21 - Ethereum Mission: Improbable, Not Impossible // Ted Harrington

Today’s episode is hosted by Karl. He is joined by Ted Harrington, Executive Partner at ISE (Independent Security Evaluators). Your mission, should you choose to accept: Listen as Ted discusses how to think like a hacker and how his team of ethical hackers overcame statistical improbability to predict the keys to over 700 Ethereum wallets.

Ep. 20 - Girls Just Wanna Have Functioning Elections // Bianca Lewis

Today’s episode is hosted by James. He is joined by Bianca Lewis, the 16-year-old Founder and CEO of Girls Who Hack. Bianca shares her first experience speaking at a cybersecurity convention, how she hacked a voting machine at DEFCON 26, and how it led her to start Girls Who Hack, an organization focused on teaching girls the skills of hacking. Move over Barbie, we’re not kidding around.

Ep. 19 - Ocean’s Eleven in Real Life // Bill Graydon

Today’s episode is hosted by Karl. He is joined by Bill Graydon, Principal Researcher at GGR Security. Bill unlocks his secrets on physical pen testing, how he sizes up a building’s security prior to a break-in, and shares his story about getting caught red-handed and using social engineering to defeat security guards! Does the house always win? Find out on this episode of Adventures of Alice & Bob.

Ep. 18 - There Was a Traitor Among Us // Paula Januszkiewicz

Today’s episode is hosted by James. He is joined by Paula Januszkiewicz, CEO and Founder of CQURE. Today, Paula talks about why she started CQURE, why sharing information between cybersecurity professionals is so important, and how her team helped bring down an administrator who was sabotaging their own company from the inside.

Ep. 17 - When Malicious Insiders Have All the Access // Fabio Viggiani

Today’s episode is hosted by Karl. He is joined by Fabio Viggiani, CTO at Truesec Group and self-described as 'that hacker guy.' Today Fabio kicks off the episode by sharing how he got his start in technology, strategies he has utilized to identify (and even predict) some very sophisticated cyberattacks and why a security investigation was made harder by a group of malicious insiders.

Ep. 16 - Like Shooting Vish in a Barrel // Alethe Denis

Today’s episode is hosted by Karl and James. They talk to Alethe Denis, Senior Security Consultant at Bishop Fox, about how children learn how to utilize social engineering at a young age, some common misconceptions about making a career out of social engineering, and why HR departments are a force to be reckoned with.

Ep. 15 - Using Jedi Mind Tricks on a Call Center // Chris Silvers

Today’s episode is hosted by James. He is joined by Chris Silvers, Owner of CG Silvers Consulting, to talk about how someone with a hacker mindset can turn a prank into a powerful attack vector. Chris and James do some roleplay and reenact a couple of real-life calls from a social engineering attack Chris had executed in the past!

Ep. 14 - The Creation of Frankenstein's Machine // John Hawes

Today's episode is hosted by Karl Lankford. He is joined by John Hawes, the COO of AMTSO, to talk about building a world-class virus replicator with spare computer parts, the importance of independent testing labs, and how more collaboration can help improve the cybersecurity industry. Follow the human side of cybersecurity with the Adventures of Alice & Bob Podcast.

Ep. 13 - Halloween Special

Ghostly Greetings! In today's frightfully fantastic episode, all three of our hosts get together to swap their nightmarish cybersecurity tales of bloodsucking phishing schemes, lurking critical vulnerabilities, and festering overprivileged access. If those stories don't chase you away, stay until the end where there's a sweet treat for our listeners. Don't miss this scream-worthy episode on Adventures of Alice & Bob!

Ep. 12 – Everything is Secure in a Spreadsheet, right? // Javvad Malik

In today’s episode, James talks to Javvad Malik, a Security Awareness Advocate at KnowBe4 and Co-Founder of Security B-Sides London, to talk about his most memorable cybersecurity tales inside some of the largest financial & energy companies, how a single spreadsheet (with a giant security flaw) defiled an entire organization, and the inspiration behind Javvad’s ridiculously hilarious cybersecurity YouTube parody “Accepted the Risk”. All this and more on this week’s episode of Adventures of Alice & Bob!

Ep. 11 - The Art of Negotiating with Ransomware Attackers // Brian Honan

Today’s episode is hosted by Karl. He is joined by Brian Honan, Founder and CEO of IRISS and BH Consulting. Brian talks about how he created Ireland's first CERT, why Ransomware victims should never give in to their attackers, and why technology will never solve all of our cybersecurity problems.

Ep. 10 - Breaking Down the Department of the Interior // John Strand

Today’s episode is hosted by Marc. He talks to John Strand, Owner of Black Hills Information Security, about how John's first job in cybersecurity landed him in the middle of one of the largest lawsuits in United States history, how the gates that keep people from getting into cybersecurity have changed over the years, and how malicious hackers will always have a step-up on pen testing.

Ep. 09 – Social Engineering, Phishing, and Psychic Powers (well, sort of) // Chris Kirsch

Today’s episode is hosted by James and Karl. They talk to Chris Kirsch, Co-Founder and CEO of runZero about the ethics and philosophy behind social engineering (and how he got into teaching pickpocketing to red teamers), the amount of research that actually goes into the DEF CON Capture the Flag Competition (Chris won the coveted Black Badge at DEF CON 2017), how to protect yourself from Open Source Intelligence manipulation, and why he may (or may not) have psychic powers. Follow Chris’ social engineering escapade on today’s episode of Adventures of Alice & Bob!

Ep. 08 – The Fight to Destroy Stalkerware // Eva Galperin

Today’s episode is hosted by James and Karl. They talk to Eva Galperin, the Director of Cybersecurity at EFF, about her efforts fighting against nation-state cyber attacks, why she switched her focus from APTs to stalkerware, and how she worked with a Maryland senator to pass a bill that will require law enforcement agencies to learn, as part of their standard training, how-to recognize cyberstalking, and understand the criminal laws concerning electronic surveillance and tracking.

Ep. 07 - The Talktalk Data Breach // Geoff White

Today’s episode is hosted by James. He talks to Geoff White an investigative journalist, author, and host of The Lazarus Heist podcast. They talk about how to get people to care more about their personal data, the challenges Geoff encountered as a reporter when explaining complex tech in short news stories, and the incredible story of how he unfolded the Talktalk data breach (and actually talked directly to the hackers over the phone)!

Ep. 06 - Surviving the Log4j Exploit // Leah McLean

In today's episode, James and Karl talk to Leah McLean, Vice President - Cybersecurity Specialist at Mastercard, about her experience handling the log4j attack, how-to maneuver cybersecurity attacks when you have very limited resources, and why she claims cybersecurity does not have a talent shortage (hint: stop looking for the unicorn).

Ep. 05 - After Hours with Alice & Bob // Live Episode!

Today we are introducing After Hours with Alice & Bob, a special live episode recorded at BeyondTrust’s GoBeyond event in Miami Florida. Our hosts James and Marc have a ton of fun talking to guests at the conference about embarrassing cybersecurity mistakes, AI, superheros, organized cyber crime, and more.

Ep. 04 - She Hacks Purple // Tanya Janca

In today's episode Marc and Karl are joined by Tanya Janca, best-selling author of Alice and Bob Learn Application Security, to talk about what it is like being a woman in cybersecurity, the origin story of We Hack Purple, and how important it is to be integrated and invested in the cybersecurity community.

Ep. 03 - Fighting the Vastaamo Ransomware Attack // Sami Laiho

Today our hosts Karl and James are joined by Sami Laiho to talk about how he became one of the leading public speakers in the world of Microsoft topics, how choosing your words wisely can convince people to take security seriously, and how he dealt with the Vastaamo ransomware attack, the largest crime ever committed in Finland. Follow the human side of cybersecurity on today's Adventures of Alice & Bob episode.

Ep. 02 - Basic Adorable Destruction // Jayson E Street

Today’s episode is hosted by Marc and Karl as they are joined by Jayson E Street to talk about his unique take on pen testing, how his biggest success story is about him failing, and how everyone is born a hacker. Follow the human side of cybersecurity on today's Adventures of Alice & Bob episode.

Ep. 01 - Uncovering the Code Red Worm // Marc Maiffret

Today our hosts Karl and James are joined by our very own Marc Maiffret to talk about the evolution of hacking and cyber security, Marc's experience being raided by the FBI as a teenager, the infamous Code Red worm he co-discovered, and how cybersecurity will be different in the near future. Follow the human side of cybersecurity on today's Adventures of Alice & Bob episode.

Ep. 00 - The Adventures of Alice & Bob Trailer // Welcome to the Podcast!

Welcome to the Adventures of Alice & Bob Podcast, where we talk shop with pen testers, hackers, and the unsung heroes of the cybersecurity world about the human element of being on the front lines of cyber attacks.