A Synack Podcast Production

Episode 5: Nicole Perlroth on spyware, “mutually assured digital destruction” and educating boardrooms

In Nicole Perlroth’s blockbuster 2021 book, “This Is How They Tell Me the World Ends,” the former New York Times journalist conveys cybersecurity experts’ mounting anxiety about increasingly dangerous digital threats. From spyware to ransomware, the black market for cyber tools that skirt the law is lucrative and often poorly understood.

Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine’s critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure.

Also covered in the podcast:

• The importance of educating board members about cybersecurity
• What constitutes a cyber weapon
• Why Nicole is optimistic about the future of ransomware

Listen to the Podcast

Episode 4: Hudney Piquant on pentesting, staying ahead of adversaries and a cyber “sixth sense”

Hudney Piquant kicked off his cybersecurity career working for a startup out of a garage in Michigan. He has since uncovered critical vulnerabilities as a Synack Red Team member, joined Synack full time as a solutions architect and been honored with a Most Inspiring Up And Comer award by CyberScoop last fall.

Tune into the latest episode of WE’RE IN! to hear Hudney share his insights into getting started with the Synack Red Team, the importance of mentorship in the cybersecurity community and his “sixth sense” that helps him to find creative workarounds for tough security challenges.

More topics covered in the podcast:

• Why we haven’t seen the last of the blockbuster Log4j vulnerability
• The importance of applying an adversary’s perspective on your networks
• How to build trust among professionals skeptical of ethical hackers

Listen to the Podcast

Episode 3: Selena Larson on cyber intelligence, "evil" threat actors and TOAD attacks

In the latest episode of WE’RE IN!, Selena Larson shares insights into malicious hackers and scammers she’s tracking as senior threat intelligence analyst for Proofpoint. Business email compromise, ransomware, sextortion, multi-factor authentication bypass techniques – dealing with the onslaught of modern cyberthreats “is very much like playing whack-a-mole,” she said. By unpacking attackers’ motivations and psychological profiles, defenders can train themselves and their teams to avoid falling into common traps.

More reasons you should listen:

• Hear Selena discuss what makes threat intelligence actionable, versus extra noise for a SOC
• Find out about an alarming cyber espionage campaign that recently targeted journalists
• Learn why Selena despises evil TOADs – “telephone-oriented attack delivery” attacks

Listen to the Podcast

Episode 2: Craig Newmark on cyber philanthropy, internet pioneers and a “cyber civil defense”

Philanthropist Craig Newmark is most famous for founding the classifieds site Craigslist nearly 30 years ago. But he’s recently earned praise in the cybersecurity community for pledging $50 million in early 2022 to support a cyber civil defense initiative through his namesake philanthropy.

On the latest episode of WE’RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.

Tune in to hear more about:

• Challenges in fostering collaboration across the cybersecurity community, from the White House to organizations like the Aspen Institute’s Cybersecurity Group
• How a “cybersecurity nutrition label” could empower consumers
• Craig’s participation in the Whole Earth 'Lectronic Link, one of the oldest virtual communities

Listen to the Podcast

Episode 1: Andy Greenberg on “Tracers in the Dark,” Bitcoin What-ifs and IRS Heroes

Journalist Andy Greenberg is no stranger to the murky world of cryptocurrency. The senior writer for WIRED and longtime cybersecurity journalist was one of the last reporters to interact with pseudonymous Bitcoin founder Satoshi Nakamoto before they evidently ceased communications.

In his new book, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency,” Andy follows the gripping story of IRS special agent Tigran Gambaryan as he follows the money to zero in on some of the most mysterious and monstrous criminals in the cyber underground.

Don’t miss the inaugural episode of WE’RE IN! Season 2 to hear more from Andy on:

• How Tigran joined forces with expert investigators and cryptographers to jettison misconceptions about the anonymity of major cryptocurrencies, exposing alleged criminal masterminds in the process
• The genesis of successful crypto tracing and analysis firms like Chainalysis
• The twisted motivations of those who founded infamous dark web emporiums like AlphaBay and Silk Road

Listen to the Podcast

Episode 26: Tanya Janca on cyber mentorship, “shifting left” and punk rock

Application security maven Tanya Janca – AKA SheHacksPurple – is an accomplished author, pentester and onetime music festival organizer. But she’s perhaps best known as the founder of We Hack Purple, a community of security professionals dedicated to sharing useful cyber information including coding trainings and coursework. (Dynamic application security testing Bright Security acquired We Hack Purple earlier this year, bringing its own approach to the “shift left” dilemma of moving cybersecurity earlier in the software development cycle.)

Tanya has spent much of her career in cybersecurity and IT empowering others to strengthen their own skills. With We Hack Purple, she built a community from the ground up, and she’s organized plenty of security talks and capture-the-flag tournaments along the way. Computer science can be a nebulous, wide-ranging field – Tanya has further helped people zero in on what they should focus on learning in the wide world of cybersecurity.

Tune into the episode to hear more on:

• The story behind Tanya’s bestselling book, “Alice and Bob Learn Application Security”
• The qualities that make a good pentester: “You have to be very determined and detail oriented,” as Tanya put it
• #cybermentoringmonday and the value of professional mentorship

Listen to the Podcast

Episode 25: Melanie Teplinsky on the value of cybersecurity policy, a zero trust model for small businesses and her start at the NSA

Melanie Teplinsky fell in love with cryptography at an early age, which led her to landing her first job at the National Security Agency at 16. From there, she found her niche in cybersecurity at the intersection of technology and the law.

As a senior fellow at American University in the Law Tech, Law, and Security Program, Melanie helps craft cybersecurity policies that scale and attempt to solve big, societal problems. First, she has to understand how cybersecurity technology and models, such as zero trust, are implemented at companies and organizations of all sizes. Then, she applies those principles to existing laws and government mandates to understand the pitfalls and gaps.

Between her early start in cyber and national policy-making, Melanie has a unique perspective to share with the infosec community. Listen to the episode to hear more about:

• How cybersecurity policy can transform small- and medium-size businesses’ approach to zero trust
• Why protecting innovation efforts at universities and small companies is paramount for the cybersecurity industry
• The positive outcomes from collaboration between the public and private sectors

Listen to the Podcast

Episode 24: Zinet Kemal on starting over, infosec for kids and the importance of mentorship

Zinet Kemal is an infosec powerhouse. After emigrating from Ethiopia to Minnesota with her husband, she started her life over. She left behind her community and career as a lawyer and dived into the world of information security.

She has since become a children’s book author and works as a cloud security engineer for Best Buy, while raising her four kids and completing her master’s degree in cybersecurity from Georgia Tech University.

In the latest episode of WE’RE IN!, Zinet shares how she published two children’s books during the pandemic, “Proud in Her Hijab” and “Oh, No ... Hacked Again!: A Story About Online Safety,” and about her work with Black Girls in Cyber. Listen to the episode to hear more about:

• How you can teach kids (and grandparents) about cybersecurity
• Zinet’s journey from immigrant to best selling author
• The power of diversity in cybersecurity

Listen to the Podcast

Episode 23: Sean Zadig on the “Paranoids,” ethical hacking and crafting a security culture

Sean Zadig has plenty to be paranoid about. The internet is a frightening place, and Yahoo’s Paranoids–the name for the company’s infosec team–have their work cut out for them protecting Yahoo’s more than one billion global users.

As vice president, chief information security officer and “Chief Paranoid” for Yahoo, Sean is charged with keeping sensitive company data safe from an onslaught of cyberthreats, working collaboratively across all Yahoo’s media and technology brands.

In the latest WE’RE IN! episode, Sean speaks to the need for balance in security messaging and shares how he addresses risks like Log4j.

It takes patience and finesse to build a strong culture of security in any organization, let alone a global tech and media company with thousands of employees.

“It's important to not shame people, so you don't want to say, ‘how could you miss this?’ Or, ‘what happened? Why, why did you commit that code?’” Sean says. “Instead, we use it as a learning experience.”

Tune in to discover how Sean keeps Yahoo on the right track and hear more about:

• Yahoo’s approach to bug bounties and pentesting
• His unlikely path to security leadership– “It was never my career aspiration to become a CISO”
• Sean’s focus on examining what motivates the attackers targeting Yahoo every day

Listen to the Podcast

Episode 22: Jack Rhysider on podcasting, plot twists and infosec burnout

Four years ago, Jack Rhysider quit his job as a security engineer to move full time into the storytelling business. His podcast, Darknet Diaries, now boasts tens of millions of total downloads and has explored cybersecurity topics from Stuxnet to the collapse of cryptocurrency exchange Mt. Gox.

Building Darknet Diaries into a successful show was no cakewalk. In the latest episode of WE’RE IN!, Jack shares his experience putting on a great podcast, from ideation and guest selection all the way to monetization and fielding calls from Hollywood producers.

“Don’t think about how big of an audience you have,” he said. “You need to find the right person in your head, of who would love this show, and just deliver it to them in a great way.”

Even if you’re not a podcast creator, there are plenty of reasons to listen:

• Glean Jack’s insights into the creative process, including the importance of self-reflection and listening with “fresh ears”
• Hear how he navigates constant deadline pressure while avoiding burnout
• Learn the secrets behind the most suspenseful moments in any great story

Listen to the Podcast

Episode 21: Tracy Maleeff on diversifying the cyber workforce, OSINT skills and “librarian face”

Tracy Maleeff led a successful career transition into the tech and cybersecurity world nearly seven years ago. Now a security researcher with the Krebs Stamos Group, the former librarian still uses her hard-won open source intelligence skills to sort through a deluge of cybersecurity information for clients and for subscribers of her free InfoSecSherpa news roundups.

In the latest WE’RE IN! episode, she speaks to the importance of having diverse perspectives at the table when it comes to cybersecurity and warns of a disconnect between tech hiring managers and HR departments.

“Companies keep hunting for unicorns when they really just need to pay attention to the squirrels at the base of the tree,” Maleeff said.

A few more reasons to listen:

• Discover Tracy’s tips for breaking into the cybersecurity industry from other professions: She once helped a mechanic launch a career in pentesting
• Learn how she’s used Twitter to advance her own cybersecurity career
• Hear about out her favorite episode of Keeping up with the Kardashians – and yes, there is an infosec connection!

Listen to the Podcast

Episode 20: Beau Woods on Medical Device Security, Hacker Culture and Cyber Psychology

Beau Woods knows firsthand how every moment counts when it comes to medical cybersecurity. He launched his career in a hospital, where it wasn’t always possible for doctors to punch in complex passwords or spare a second thought for cybersecurity. Beau went on to found I Am the Cavalry, a group of cyber ambassadors dedicated to improving the security of devices ranging from pacemakers to connected door locks.

In his current role as senior advisor for the Cybersecurity and Infrastructure Security Agency, Beau helps fill gaps in U.S. cyber defenses by boosting organizations that may not have the resources or knowledge needed to secure critical connected equipment like insulin pumps.

“If you can get ahead of things and help them to build better procurement processes, help them to identify more securable technologies that have better business models, that will have greater longevity, then you can stop the flow of inbound, insecurable devices and – over the next decade or two – eventually that cyber hygiene tide line can rise,” he said in this episode of WE’RE IN!

A few more reasons to listen:

• Learn Beau’s tips for making cybersecurity issues more engaging, from gamification to building empathy
• Hear about his unconventional career path from psychology to security
• Build awareness on the state of healthcare cybersecurity and CISA’s role in government

Listen to the Podcast

Episode 19: Robert M. Lee on hacking industrial systems, pay transparency and oysters

Dragos CEO and founder Robert M. Lee has been talking about cybersecurity risks to critical infrastructure long before threats to utility operators and water plants were making headlines. In this episode of WE'RE IN!, he discusses the ongoing dangers to the grid from nation-state hackers and ransomware gangs, but also the progress the U.S. is making to better secure its most vulnerable assets. And there's also a great conversation about pay transparency that anyone working in infosec will want to hear. A few more reasons to listen:

• It's a candid and sobering interview with one of the world's leading experts on industrial cybersecurity.
• You might be surprised how Dragos approaches pay transparency, hiring and job interviews.
• Better understand how critical infrastructure operators should approach cybersecurity differently from enterprise technology.

Listen to the Podcast

Episode 18: Jim Manico on Secure Coding, OWASP and Being a Decent Human

Jim Manico is full of opinions. The founder of Manicode Security has advice on how to use the OWASP Top 10, on secure coding and especially on the OWASP Application Security Verification Standard (ASVS). He has advice for people starting out in security and on what it means to be a decent person. Jim is definitely one of those! He's also an educator, author, investor and entrepreneur. There are so many reasons to listen to this episode. Here are just a few:

• Hear from one of the leading educators focused on helping developers code securely.
• Learn more about all the important projects and initiatives happening at OWASP.
• Get Jim's perspective on how organizations can best implement DevSecOps.

Listen to the Podcast

Episode 17: Alex Holden on Russia's Cyber Arsenal, Conti Leaks and Infiltrating Ransomware Gangs

Alex Holden has a knack for tracking Russian cyber criminals. The Ukrainian-born cybersecurity expert understands what it takes to infiltrate ransomware outfits, learn their secrets and help organizations protect themselves against their tactics. Beyond that, the firm is responsible for detecting some of the biggest breaches in recent history. In this episode, Alex talks about his approach to tracking the world's most notorious criminal hackers, the current cyber threat in Eastern Europe and his own journey from Kyiv to the American midwest. Why you should listen:

• Get the inside story of how the Conti ransomware gang and other Eastern European cybercrime syndicates operate.
• Hear about how the current Ukrainian War could shift the cyber threat landscape.
• Discover how one of the leading threat intelligence researchers uncovered some of the biggest data breaches in history.

Listen to the Podcast

Episode 16: Hacking for Ukraine, supply chain risk and cyber moonshots

There's a flood of cybersecurity news as a result of the Ukraine War as well as Washington's recent efforts compelling organizations to report cyberattacks to federal officials. In this episode, Trey Herr and Emma Schroeder of the Atlantic Council’s Cyber Statecraft Initiative break it all down. They explore the consequences of an escalating digital battlefield in Europe, whether a hack could bring NATO into the war and strategies for creating more consensus within the tangled and complicated realm of cyber policy. Why you should listen:

• • • Understand what's at stake as cyber warriors do battle on both sides of the the Ukraine War.
    • Learn about some potential consequences of a destructive hack in Europe and whether that could even draw NATO into the war.
    • Hear what Washington is doing to obtain better insights and actionable intelligence that could improve cybersecurity defenses.

Listen to the Podcast

Episode 15: Gabriella Coleman on Anonymous, hacker history and the evolution of infosec

Gabriella Coleman, a Harvard University anthropology professor, describes how she immersed herself in hacker culture and eventually became embedded in the shadowy and mercurial world of Anonymous, the hacktivist collective she chronicled in her 2015 book, "Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous." This is such a fascinating episode that explores the often misunderstood history of hacking and how many in this community went from outside agitators to mainstream security researchers. Why you should listen:

• Get a better understanding of the history of Anonymous and the role it played in shaping online protests and whistleblowing.
• Hear about some of the earliest hacking communities such as the free software hackers and efforts to archive their early writings and magazines.
• Get an anthropological perspective on how hackers have evolved from the fringes of the tech world to among the most influential voices in cybersecurity.

Listen to the Podcast

Episode 14: Micah Hoffman breaks down OSINT, the dark web and beer apps

In this episode, Micah Hoffman talks about his career in Open Source Intelligence (OSINT) and the value it has for investigations, cybersecurity and understanding how information is weaponized. He also gets into strategies for safeguarding personal privacy in the face of increasing digital surveillance. This episode will have you thinking twice about what you post on social media! Why you should listen:

• Here from one of the leading Open Source Intelligence researchers working today.
• Learn about the value of OSINT for offensive and defensive cybersecurity.
• Get a better understanding of all the privacy risks from fitness trackers, apps, shopping online and social media.

Listen to the Podcast

Episode 13: Nicolas Chaillan takes on the Pentagon, China and TikTok

Nicolas Chaillan, former Air Force Chief Software Officer, resigned from the DoD over frustrations with what he called a lack of innovation, collaboration and agility. He gets into those issues and talks about how the U.S. can invest more in technology to compete with China in artificial intelligence and cybersecurity. Why you should listen:

• Nicolas offers a candid and controversial view of the military's approach to the growing technological threat from China.
• He outlines his view for a Pentagon that is more agile, collaborative and competitive.
• Hear from a former DoD insider about some of the institutional barriers that can hinder innovation and software advancements.

Listen to the Podcast