401 Access Denied

Ethical hackers are motivated to make society safer, but how can they ensure that they are following the law? This episode of the 401 Access Denied Podcast explores all the gray areas of vulnerability disclosure policies, copyright laws, and end-user license agreements. Learn essential hacker safety tips from our hosts, ...

The art of hacking is often synonymous with high-profile cybercrime. But how can the cybersecurity and penetration testing community help more crafty hackers go from breaking bad to breaking good? Phil Wylie, author of “The Pentester Blueprint,” joins Joe Carson and Chloé Messdaghi to discuss innovative ways of fostering a ...

When threat actors target enterprise security environments, they often seek to compromise the accounts with the most privileged access. How can organizations minimize security risks in a world where remote account access is growing? George Eapen, Group Chief Information Officer at Petrofac, discusses important strategies for reducing risk and increasing ...

Feeling fatigued from all the fear and uncertainty surrounding cybersecurity news? Take a breather in this engaging podcast conversation with Ian Murphy, founder of CyberOff and affectionately known as the Monty Python of Cyber! Join in the fun as Ian breaks down the complexities of cybersecurity to focus on the ...

With the state of cybersecurity in constant flux, how can security teams better prepare both their organizations and society for the challenges ahead? Rik Ferguson, VP of Security Intelligence at Fourscout Technologies, shares best practices for tackling issues of trust, authenticity, communication, and problem-solving in the security world.

With ransomware, supply-chain attacks, and other organized cybercrime incidents on the rise, what can we do to better protect society? Philipp Amann, Head of Strategy at the European Cybercrime Centre (EC3), invites us to his world of cyber law enforcement and analysis. Learn more about the evolution of cyberattacks and ...

At the onset of the 2022 war in Ukraine, how did the wiper malware attacks deployed by Russia impact civilians? To what extent does cyberwarfare coincide with information warfare in the context of the Russo-Ukrainian War? In part 2 of our conversation with Chris Kubecka, CEO of HypaSec, we discuss ...

A distressing escape from a nation at the outbreak of war. A race to the border filled with sharp turns, sleepless nights, and evasion from mercenary groups. This is the true story of cyberwarfare expert Chris Kubecka's exodus from Ukraine in early 2022. Follow Chris down the winding Ukrainian backroads ...

With thousands of new vulnerabilities discovered each year, how can security teams prioritize which ones to mitigate? John Hammond, acclaimed content creator and Senior Security Researcher at Huntress, explains key factors determining a vulnerability's potential impact. Join John behind the scenes at the RSA conference as he discusses threat actor ...

What is your ideal password management experience? Pamela Dingle, Director of Identity Standards at Microsoft, chats with us during the 2022 RSA conference about forward-thinking identity management strategies from the perspectives of consumers, businesses, and government entities. Hear Pamela's take on how authentication, standardization, and decentralization efforts are changing the ...

As our threat landscape evolves and remote work opportunities continue to grow in popularity, it's important that security leaders enhance their future-proofing strategies. How can organizations cultivate human-centered approaches to prioritizing risks and developing proactive incident response plans? Robert Burns, Chief Security Officer of the Thales Cloud Protection and Licensing ...

Living in the Information Age means that we have a wide world of knowledge and networks at our fingertips, but where do we find that balance between enlightenment and exhaustion? If you're weary from doomscrolling and tired of putting bandaids on burnout, you'll want to hear what Chloé Messdaghi has ...

Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can ...

Where can organizations find specialized candidates for millions of unfilled security jobs? How can the right approach to training help increase employee retention and close the notorious cybersecurity skills gap? Kevin Hanes, CEO of Cybrary, shares why investing in people is a vital part of reducing risk. Learn how you ...

How does the hacker of all trades, Fredrik Alexandersson (aka STÖK), take the time to learn new things, design sustainable fashion, and connect with a growing social media community? Hear how you can satisfy your curiosity with the ultimate work-life balance. Follow STÖK down the bug bounty career path that ...

Just in time for World Password Day, this podcast episode is all about password cracking and the solutions to securing your secrets. Four-time DEF CON Black Badge winner and Chief Architect of IBM X-Force, Dustin Heywood, shares essential tips for easy password management. And if you're into ethical hacking, listen ...

In a world where cybersecurity is no longer just an IT issue, it is more important than ever to assess the human, technical, and physical security aspects of any organization. Bringing responsible awareness to this triad, FC (aka Freaky Clown) and his team at Cygenta are reimagining the role of ...

With privilege escalation vulnerabilities like Dirty Pipe posing potentially critical impacts, it is more important than ever to learn how adversaries are exploiting key flaws to gain root access, launch attacks, and more. Security researcher Carlos Polop joins us on this episode of 401 Access Denied to discuss his valuable ...

As cybersecurity teams seek to enhance their defenses in the wake of worldwide ransomware attacks and the spread of wiper malware in Ukraine, what predictions can we make about the evolution of global information wars? Acclaimed security leader and Field CISO at Presidio, Dan Lohrmann, discusses emerging trends in cyber ...

In just the first half of 2021, the financial industry saw a 1,318% increase in ransomware attacks. How can knowledge of ransomware gangs' encryption strategies help employees at every level of an organization to develop stronger incident response plans? Paula Januszkiewicz, acclaimed security leader, pen tester, and CQURE CEO, offers ...

Whether you’re new to cybersecurity or a longtime security professional, one of your best opportunities to network is at conferences. In this fun-filled episode of 401 Access Denied, seasoned conference-goers, Joe Carson and HillBilly Hit Squad’s vCISO (aka “Chief Geek”), Chris Roberts, share their insights on how to make the ...

Whether you’re new to cybersecurity or a longtime security professional, one of your best opportunities to network is at conferences. In this fun-filled episode of 401 Access Denied, seasoned conference-goers, Joe Carson and HillBilly Hit Squad’s vCISO (aka “Chief Geek”), Chris Roberts, share their insights on how to make the ...

Everyone is talking about malware these days, but what new developments and trends are we seeing in malware attacks? This week’s featured guest is Shyam Sundar Ramaswami—Senior Research Scientist at Cisco by day, and the Batman of Hacking by night. So how does cybersecurity’s Bruce Wayne propose that we strengthen ...

The 2007 cyberattacks on Estonia culminated into a watershed moment in global cybersecurity awareness. Jaak Tarien, Director of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, discusses the geopolitical implications of cybercrime. Ransomware attacks can have a significant economic impact, but how are cybercrime operations also ...

2021 has been quite a year for all of us, but what have we accomplished and learned in the cybersecurity field? We have certainly had to adjust to a global remote work culture and step up our security strategies to take on new challenges involving more specialized cybercrime. Art Gilliland, ...

Could online gaming be the key to bridging the cybersecurity skills gap? Is enumeration more than a scanner's sport? Ian Austin, Head of Content Innovation at Hack The Box, tackles these questions as he explains why cybersecurity training should be less about checking the boxes and more about thinking outside ...

When it comes to incident response, “Your plan is worthless, but your planning is priceless.” These wise words from JC Vega, CISO at Devo, highlight the critical difference between having an incidence response plan and being incident response ready. In this episode of the 401 podcast, JC explains how unpredictable, ...

If the security industry is booming, what does this mean for the state of cybersecurity and for humanity at large? Information security leader and content creator, Quentyn Taylor, breaks down the flaws in heavily reactive security and “cybersecurity first” approaches that minimize the human-centered elements of risk management. From IoT-enabled ...

Cybersecurity is a growing, expansive industry that transcends the fields of technology and even security. How can organizations leverage the critical work of data scientists not only for machine learning automation, but also for diversifying threat detection strategies? In this episode of 401 Access Denied, Joseph Carson, Chief Security Scientist ...

Zero Trust security architecture models are becoming more popular as organizations seek to reduce risk. But what are both the business and cultural implications of deperimiterization? Enjoy this engaging conversation with Delinea's Advisory CISO, and Chief Security Scientist, Joseph Carson, and his doppelgänger, Dave Lewis, the Global Security CISO at ...

You have passwords for nearly everything these days, but just how easy are they to crack? In this episode of 401 Access Denied, award-winning X-Force Red Hacker, Dustin Heywood, gives you several reasons to rethink your approach to password selection and management. As we kick off National Cybersecurity Awareness Month, ...

How do we accurately measure and minimize cybersecurity risks? How does cyber insurance fit into the risk management process? Joseph Carson, Chief Security Scientist at Delinea, discusses these questions and more with members of the Resilience cyber insurance company, including Ann Irvine, Chief Data Scientist, and Kevin McGowan, VP of ...

If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but ...

How and why has critical infrastructure become so targeted by ransomware? What are the key differences between IT and OT? The 401 team asks these key questions and more in this conversation with Ben Miller, VP of Professional Services and R&D at Dragos. Learn more about best practices for cybersecurity ...

Need a refresher on all that has been happening recently in the cybersecurity industry? Want to educate your team on a summary of this year's data breaches and incidents? Joseph Carson, Chief Security Scientist at Delinea, and Cybrary's Principal Infrastructure Engineer, Jonathan Meyers, discuss the meaning and value of Verizon's ...

In this episode, Joe Vest joins the 401 Access Denied team to discuss red teaming and pen testing operations and fundamentals. Joe is the author of the original SANS SEC 564 Red Teaming and Threat Emulation course, former technical lead for a DoD red team, and co-author of Red Team ...

Dave Kennedy, CEO of Binary Defense and TrustedSec and co-author of Metasploit: The Penetration Testers Guide, joins the 401 team to talk about penetration testing. We uncover invaluable lessons from a master in the industry.

Recent events confirm that the US’s critical infrastructure and supply chain are very vulnerable to ransomware attacks. What more can and should be done to keep them safe from ransomware? As NATO and the White House announce steps to crack down on bad actors, will it move the needle at ...

There are a lot of myths about what pen testing or red-teaming really are. DJ Fuller, COO of Pathfynder joins us today to share what companies should expect when they engage a third-party to help them with cyber security and how to establish a good incident response program. Get the ...

After the four zero-day vulnerabilities were discovered, the FBI also proactively removed backdoors on numerous private Exchange servers. Was that overreach or the right thing to do? On today's episode, we're joined by Josh Lospinoso, CEO and co-founder of Shift5 and former U.S. Army cyber officer, to discuss law enforcement ...

In this episode of 401 Access Denied, we are joined by Ondrej Krehel, CEO and Founder of LIFARS, to discuss Digital Forensics, Incident Response, Ransomware Mitigation, and Cyber Resiliency. Do you know your risks and how to respond if targeted by hackers? We discuss how to be resilient on both ...

It’s the special anniversary edition of the 401 Access Denied podcast! In honor of our 1-year anniversary and more than 16,000 listens, Joe and Mike want to take you behind the scenes and introduce you to everyone who works on the podcast and brings it to you biweekly. Listeners, thank ...

Mike and Joe dig into the topic of cyber insurance with the folks from Resilience Insurance – Kevin McGowan, VP of Cyber Underwriting and Michael Phillips, Head of Claims. As cyber laws are changing and cyber criminals are continually getting better and more creative in their approach, cybercrimes are becoming ...

Special guest Ted Harrington joins Joe and Mike today to discuss application security – how to be more secure, what AppSec myths to reconsider, and how to change mentalities at your organization. Ted is Executive Partner at Independent Security Evaluators and author of Hackable: How To Do Application Security Right.

In your cyber security journey, you’ve probably heard of a massive number of cyber security tools, many of them free. It can be tricky to figure out where to start and which tool is worth your time. In this podcast, Joe and Mike discuss the free cyber security tools in ...

Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take ...

Casey Ellis, Founder & CTO of Bug Crowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don’t create one at all. So we asked - what processes should companies ...

Joe and Mike talk to Jessica Barker, Co-CEO of Cygenta and author of Confident Cyber Security and the recently released Cybersecurity ABC’s. Jessica breaks down the psychology behind cyber criminals and why we frequently blame the employees on the front lines of attacks. Plus, why companies need to stop telling ...

The 401 Access Denied team discusses the latest findings from the recent Sunburst supply chain attack that targeted thousands of SolarWinds customers – quite possibly the largest supply chain attack in history. We cover what’s been learned from the investigation so far and how we can apply those lessons to ...

In 2014 Jessikka Aro was a journalist reporting on the start of the Russo-Ukrainian War when she became aware of a group of Russian citizens who were being paid to promote pro-Russia propaganda. Jessikka joins us today to discuss the influence trolls had on public opinion, as well as how ...

Joe Carson from Delinea and Mike Gruen from Cybrary share how they stay up-to-date with security news through podcasts, blogs, and events. They plug their favorite experts who give honest and direct news, sometimes even with a touch of comedy.

Joining us today is the National Cyber Security Policy Director for the Estonian Government, Raul Rikk. Raul shares lessons in how Estonia excels in the digitalization of government services and cyber defense strategies. We’ll discuss the 2007 coordinated Russian cyber-attacks against Estonia - how Estonia not only recovered from an ...

Most parents are struggling with where to draw the line with their children when it comes to technology. It’s designed to be addictive, so how do you teach your kids to understand the risks, set boundaries, and enforce them? And how do you make sure they protect their passwords and ...

Today, Joe, Mike, and special guest Josh Lospinoso dig into buzzwords like Quantum Computing, Machine Learning and AI. Are they worth all the hype? Should humanity be concerned about the cyber security risks associated with them? Josh is the CEO and co-founder of Shift5, where experts protect OT platforms like ...

The 401 Access Denied crew from Cybrary and Delinea are joined today by special guest Steve Jacobs, Systems Architect for a large-scale ecological science program. We discuss data integrity and information security - hot topics for a program that collects over 5 billion ecological sensor readings per day from 81 ...

We continue delving into the topic of OT Security with special guest Josh Lospinoso, CEO and co-founder of Shift5. Shift5 experts protect OT platforms like planes, trains and tanks against cyber-attack. As former US Army cyber officer, Lospinoso wrote dozens of infosec tools, and built and taught the C++ course ...

In this episode of the 401 Access Denied Podcast, Delinea and Cybrary welcome special guest Chris Kubecka, the Founder and CEO of HypaSec, to talk about OT Security: what is it, why is it important, and what are the risks? Kubecka will share stories from her exploits in international cyber ...

Who better to discuss our favorite hacker movies with than David Scott Lewis, inspiration for the iconic film "War Games." Hollywood has a knack for influencing public opinion, and 37 years later, the movie is still credited for shaping society’s impression of hackers. We’ll get the background of the real ...

Special guest Dan Lohrmann from Security Mentor and former advisor to the White House and Homeland Security joins Delinea and Cybrary to talk election security. We cover topics from voting registration, mail-in voting, to in-person voting and even the fake news Americans will be bombarded with from now until election ...

Joseph Carson & Mike Gruen cover all things password today. Are all passwords created equally? As you attempt to balance usability vs security, what should you focus on more? We’ll learn why your children are now a target for hackers and if we can really dream of a password-less society ...

Welcome to part 2 of our international cyber warfare episode with special guest Josh Lospinoso. We continue with the discussion of zero-day vulnerabilities - including when to keep, use, and responsibly disclose them. In this episode, we’ll get into the ethical and legal challenges that need to be considered in ...

Join Joseph Carson from Delinea, Mike Gruen from Cybrary and special guest Josh Lospinoso, former Cyber Officer of the US Army for part 1 of our 2-part episode on international cyber war. What does it take to recognize cyber misconduct as an act of war? How do we even attribute ...

Joseph Carson from Delinea is joined today by Emma Heffernan, one of the most recognized new cybersec professionals in the industry. She'll share her experience as a recent graduate turned Pentester and speaker as she navigates her way through various industry roles. Also, you'll hear ideas for learning new skills ...

Least Privilege has become a pervasive term in cyber security these days. But what does Least Privilege actually mean? How has Zero Trust transformed into building trust and adaptive security that helps employees do their jobs efficiently and securely? Join Joseph Carson, Chief Security Scientist from Delinea and author of ...

Join Joseph Carson from Delinea and Mike Gruen from Cybrary as they deep dive into Verizon’s 2020 Data Breach Investigations Report. We’ll share the good news of what the industry has been doing well this year and we’ll also share the not-so-good news. Ransomware, malware, credential stuffing, employee cyber education, ...

As many countries around the world are reopening and people are going back to work, countless new challenges arise for both the employer and employee. Join Joseph Carson from Delinea and Mike Gruen from Cybrary as they discuss these problems, and more.

As many of us are job searching or looking for a break from our evening Netflix routines, it’s a good time to share our top 8 cyber security books that will help you learn new skills and techniques whether you are trying to break into the industry or prepare for ...

With World Password Day upon us, individuals of all backgrounds and varying levels of cybersecurity hygiene will be confronted with the same question - are my current personal (or corporate) security measures enough? Today's episode will take listeners through a journey of best practices, horror stories, debunked myths, visions of ...