401 Access Denied

When it comes to incident response, “Your plan is worthless, but your planning is priceless.” These wise words from JC Vega, CISO at Devo, highlight the critical difference between having an incidence response plan and being incident response ready. In this episode of the 401 podcast, JC explains how unpredictable, ...

If the security industry is booming, what does this mean for the state of cybersecurity and for humanity at large? Information security leader and content creator, Quentyn Taylor, breaks down the flaws in heavily reactive security and “cybersecurity first” approaches that minimize the human-centered elements of risk management. From IoT-enabled ...

Cybersecurity is a growing, expansive industry that transcends the fields of technology and even security. How can organizations leverage the critical work of data scientists not only for machine learning automation, but also for diversifying threat detection strategies? In this episode of 401 Access Denied, Joseph Carson, Chief Security Scientist ...

Zero Trust security architecture models are becoming more popular as organizations seek to reduce risk. But what are both the business and cultural implications of deperimiterization? Enjoy this engaging conversation with Thycotic's Advisory CISO, and Chief Security Scientist, Joseph Carson, and his doppelgänger, Dave Lewis, the Global Security CISO at ...

You have passwords for nearly everything these days, but just how easy are they to crack? In this episode of 401 Access Denied, award-winning X-Force Red Hacker, Dustin Heywood, gives you several reasons to rethink your approach to password selection and management. As we kick off National Cybersecurity Awareness Month, ...

How do we accurately measure and minimize cybersecurity risks? How does cyber insurance fit into the risk management process? Joseph Carson, Chief Security Scientist at Thycotic, discusses these questions and more with members of the Resilience cyber insurance company, including Ann Irvine, Chief Data Scientist, and Kevin McGowan, VP of ...

If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but ...

How and why has critical infrastructure become so targeted by ransomware? What are the key differences between IT and OT? The 401 team asks these key questions and more in this conversation with Ben Miller, VP of Professional Services and R&D at Dragos. Learn more about best practices for cybersecurity ...

Need a refresher on all that has been happening recently in the cybersecurity industry? Want to educate your team on a summary of this year's data breaches and incidents? Joseph Carson, Chief Security Scientist at Thycotic, and Cybrary's Principal Infrastructure Engineer, Jonathan Meyers, discuss the meaning and value of Verizon's ...

In this episode, Joe Vest joins the 401 Access Denied team to discuss red teaming and pen testing operations and fundamentals. Joe is the author of the original SANS SEC 564 Red Teaming and Threat Emulation course, former technical lead for a DoD red team, and co-author of Red Team ...

Dave Kennedy, CEO of Binary Defense and TrustedSec and co-author of Metasploit: The Penetration Testers Guide, joins the 401 team to talk about penetration testing. We uncover invaluable lessons from a master in the industry.

Recent events confirm that the US’s critical infrastructure and supply chain are very vulnerable to ransomware attacks. What more can and should be done to keep them safe from ransomware? As NATO and the White House announce steps to crack down on bad actors, will it move the needle at ...

There are a lot of myths about what pen testing or red-teaming really are. DJ Fuller, COO of Pathfynder joins us today to share what companies should expect when they engage a third-party to help them with cyber security and how to establish a good incident response program. Get the ...

After the four zero-day vulnerabilities were discovered, the FBI also proactively removed backdoors on numerous private Exchange servers. Was that overreach or the right thing to do? On today's episode, we're joined by Josh Lospinoso, CEO and co-founder of Shift5 and former U.S. Army cyber officer, to discuss law enforcement ...

In this episode of 401 Access Denied, we are joined by Ondrej Krehel, CEO and Founder of LIFARS, to discuss Digital Forensics, Incident Response, Ransomware Mitigation, and Cyber Resiliency. Do you know your risks and how to respond if targeted by hackers? We discuss how to be resilient on both ...

It’s the special anniversary edition of the 401 Access Denied podcast! In honor of our 1-year anniversary and more than 16,000 listens, Joe and Mike want to take you behind the scenes and introduce you to everyone who works on the podcast and brings it to you biweekly. Listeners, thank ...

Mike and Joe dig into the topic of cyber insurance with the folks from Resilience Insurance – Kevin McGowan, VP of Cyber Underwriting and Michael Phillips, Head of Claims. As cyber laws are changing and cyber criminals are continually getting better and more creative in their approach, cybercrimes are becoming ...

Special guest Ted Harrington joins Joe and Mike today to discuss application security – how to be more secure, what AppSec myths to reconsider, and how to change mentalities at your organization. Ted is Executive Partner at Independent Security Evaluators and author of Hackable: How To Do Application Security Right.

In your cyber security journey, you’ve probably heard of a massive number of cyber security tools, many of them free. It can be tricky to figure out where to start and which tool is worth your time. In this podcast, Joe and Mike discuss the free cyber security tools in ...

Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take ...

Casey Ellis, Founder & CTO of Bug Crowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don’t create one at all. So we asked - what processes should companies ...

Joe and Mike talk to Jessica Barker, Co-CEO of Cygenta and author of Confident Cyber Security and the recently released Cybersecurity ABC’s. Jessica breaks down the psychology behind cyber criminals and why we frequently blame the employees on the front lines of attacks. Plus, why companies need to stop telling ...

The 401 Access Denied team discusses the latest findings from the recent Sunburst supply chain attack that targeted thousands of SolarWinds customers – quite possibly the largest supply chain attack in history. We cover what’s been learned from the investigation so far and how we can apply those lessons to ...

In 2014 Jessikka Aro was a journalist reporting on the start of the Russo-Ukrainian War when she became aware of a group of Russian citizens who were being paid to promote pro-Russia propaganda. Jessikka joins us today to discuss the influence trolls had on public opinion, as well as how ...

Joe Carson from Thycotic and Mike Gruen from Cybrary share how they stay up-to-date with security news through podcasts, blogs, and events. They plug their favorite experts who give honest and direct news, sometimes even with a touch of comedy.

Joining us today is the National Cyber Security Policy Director for the Estonian Government, Raul Rikk. Raul shares lessons in how Estonia excels in the digitalization of government services and cyber defense strategies. We’ll discuss the 2007 coordinated Russian cyber-attacks against Estonia - how Estonia not only recovered from an ...

Most parents are struggling with where to draw the line with their children when it comes to technology. It’s designed to be addictive, so how do you teach your kids to understand the risks, set boundaries, and enforce them? And how do you make sure they protect their passwords and ...

Today, Joe, Mike, and special guest Josh Lospinoso dig into buzzwords like Quantum Computing, Machine Learning and AI. Are they worth all the hype? Should humanity be concerned about the cyber security risks associated with them? Josh is the CEO and co-founder of Shift5, where experts protect OT platforms like ...

The 401 Access Denied crew from Cybrary and Thycotic are joined today by special guest Steve Jacobs, Systems Architect for a large-scale ecological science program. We discuss data integrity and information security - hot topics for a program that collects over 5 billion ecological sensor readings per day from 81 ...

We continue delving into the topic of OT Security with special guest Josh Lospinoso, CEO and co-founder of Shift5. Shift5 experts protect OT platforms like planes, trains and tanks against cyber-attack. As former US Army cyber officer, Lospinoso wrote dozens of infosec tools, and built and taught the C++ course ...

In this episode of the 401 Access Denied Podcast, Thycotic and Cybrary welcome special guest Chris Kubecka, the Founder and CEO of HypaSec, to talk about OT Security: what is it, why is it important, and what are the risks? Kubecka will share stories from her exploits in international cyber ...

Who better to discuss our favorite hacker movies with than David Scott Lewis, inspiration for the iconic film "War Games." Hollywood has a knack for influencing public opinion, and 37 years later, the movie is still credited for shaping society’s impression of hackers. We’ll get the background of the real ...

Special guest Dan Lohrmann from Security Mentor and former advisor to the White House and Homeland Security joins Thycotic and Cybrary to talk election security. We cover topics from voting registration, mail-in voting, to in-person voting and even the fake news Americans will be bombarded with from now until election ...

Joseph Carson & Mike Gruen cover all things password today. Are all passwords created equally? As you attempt to balance usability vs security, what should you focus on more? We’ll learn why your children are now a target for hackers and if we can really dream of a password-less society ...

Welcome to part 2 of our international cyber warfare episode with special guest Josh Lospinoso. We continue with the discussion of zero-day vulnerabilities - including when to keep, use, and responsibly disclose them. In this episode, we’ll get into the ethical and legal challenges that need to be considered in ...

Join Joseph Carson from Thycotic, Mike Gruen from Cybrary and special guest Josh Lospinoso, former Cyber Officer of the US Army for part 1 of our 2-part episode on international cyber war. What does it take to recognize cyber misconduct as an act of war? How do we even attribute ...

Joseph Carson from Thycotic is joined today by Emma Heffernan, one of the most recognized new cybersec professionals in the industry. She'll share her experience as a recent graduate turned Pentester and speaker as she navigates her way through various industry roles. Also, you'll hear ideas for learning new skills ...

Least Privilege has become a pervasive term in cyber security these days. But what does Least Privilege actually mean? How has Zero Trust transformed into building trust and adaptive security that helps employees do their jobs efficiently and securely? Join Joseph Carson, Chief Security Scientist from Thycotic and author of ...

Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they deep dive into Verizon’s 2020 Data Breach Investigations Report. We’ll share the good news of what the industry has been doing well this year and we’ll also share the not-so-good news. Ransomware, malware, credential stuffing, employee cyber education, ...

As many countries around the world are reopening and people are going back to work, countless new challenges arise for both the employer and employee. Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they discuss these problems, and more.

As many of us are job searching or looking for a break from our evening Netflix routines, it’s a good time to share our top 8 cyber security books that will help you learn new skills and techniques whether you are trying to break into the industry or prepare for ...

With World Password Day upon us, individuals of all backgrounds and varying levels of cybersecurity hygiene will be confronted with the same question - are my current personal (or corporate) security measures enough? Today's episode will take listeners through a journey of best practices, horror stories, debunked myths, visions of ...