401 Access Denied

The 2021 award-winning 401 Access Denied Podcast brings together cybersecurity leaders from Cybrary and Thycotic, along with special guests, to discuss cyber security and IT topics in order to make them more accessible and entertaining for laymen and experts alike. Joseph Carson, Chief Security Scientist at Thycotic, joins guests to share insights on various security topics such as hiring in cyber, thinking like a hacker, mitigating insider threats, helping secure your kids online, and IoT and OT security.

Our 401 Access Denied podcast with Thycotic won the 2021 award for Best Cybersecurity Podcast in North America.

Subscribe or listen now on your favorite podcast app:

cybersecurity award 2021 Winner Gold
December 1st, 2021
401 Access Denied Ep. 42 | Adopting Simulation-Based Gamified Cybersecurity Training with JC Vega

When it comes to incident response, “Your plan is worthless, but your planning is priceless.” These wise words from JC Vega, CISO at Devo, highlight the critical difference between having an incidence response plan and being incident response ready. In this episode of the 401 podcast, JC explains how unpredictable, ...

Read More
November 17th, 2021
401 Access Denied Ep. 41 | Unlocking the State of Cybersecurity with Quentyn Taylor

If the security industry is booming, what does this mean for the state of cybersecurity and for humanity at large? Information security leader and content creator, Quentyn Taylor, breaks down the flaws in heavily reactive security and “cybersecurity first” approaches that minimize the human-centered elements of risk management. From IoT-enabled ...

Read More
November 3rd, 2021
401 Access Denied Podcast Ep. 40 | Leveraging Data Science in Security with Kevin Hanes and Jon Ramsey

Cybersecurity is a growing, expansive industry that transcends the fields of technology and even security. How can organizations leverage the critical work of data scientists not only for machine learning automation, but also for diversifying threat detection strategies? In this episode of 401 Access Denied, Joseph Carson, Chief Security Scientist ...

Read More
October 20th, 2021
401 Access Denied Ep. 39 | Breaking Down Zero Trust Security with Dave Lewis

Zero Trust security architecture models are becoming more popular as organizations seek to reduce risk. But what are both the business and cultural implications of deperimiterization? Enjoy this engaging conversation with Thycotic's Advisory CISO, and Chief Security Scientist, Joseph Carson, and his doppelgänger, Dave Lewis, the Global Security CISO at ...

Read More
October 6th, 2021
401 Access Denied Ep. 38 | Password Cracking with Ethical Hacker Dustin Heywood (aka EvilMog)

You have passwords for nearly everything these days, but just how easy are they to crack? In this episode of 401 Access Denied, award-winning X-Force Red Hacker, Dustin Heywood, gives you several reasons to rethink your approach to password selection and management. As we kick off National Cybersecurity Awareness Month, ...

Read More
September 22nd, 2021
401 Access Denied Ep. 37 | Assessing Cyber Insurance Needs with Resilience

How do we accurately measure and minimize cybersecurity risks? How does cyber insurance fit into the risk management process? Joseph Carson, Chief Security Scientist at Thycotic, discusses these questions and more with members of the Resilience cyber insurance company, including Ann Irvine, Chief Data Scientist, and Kevin McGowan, VP of ...

Read More
September 8th, 2021
401 Access Denied Podcast Ep. 36 | Prepping for Operational Technology Risks with Jon Ramsey and Juan Espinosa

If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but ...

Read More
August 25th, 2021
401 Access Denied Podcast Ep. 35 | Safeguarding Critical Infrastructure with Ben Miller

How and why has critical infrastructure become so targeted by ransomware? What are the key differences between IT and OT? The 401 team asks these key questions and more in this conversation with Ben Miller, VP of Professional Services and R&D at Dragos. Learn more about best practices for cybersecurity ...

Read More
August 11th, 2021
401 Access Denied Podcast Ep. 34 | Analyzing Verizon's Data Breach Investigations Report

Need a refresher on all that has been happening recently in the cybersecurity industry? Want to educate your team on a summary of this year's data breaches and incidents? Joseph Carson, Chief Security Scientist at Thycotic, and Cybrary's Principal Infrastructure Engineer, Jonathan Meyers, discuss the meaning and value of Verizon's ...

Read More
July 28th, 2021
401 Access Denied Podcast Ep. 33 | Red Team 101: Offensive Security with Joe Vest

In this episode, Joe Vest joins the 401 Access Denied team to discuss red teaming and pen testing operations and fundamentals. Joe is the author of the original SANS SEC 564 Red Teaming and Threat Emulation course, former technical lead for a DoD red team, and co-author of Red Team ...

Read More
July 14th, 2021
401 Access Denied Ep. 32 | Best Practices on Penetration Testing with Dave Kennedy

Dave Kennedy, CEO of Binary Defense and TrustedSec and co-author of Metasploit: The Penetration Testers Guide, joins the 401 team to talk about penetration testing. We uncover invaluable lessons from a master in the industry.

Read More
June 30th, 2021
401 Access Denied Episode 31 | Ransomware & Critical Infrastructure Q&A with Dan Lohrmann

Recent events confirm that the US’s critical infrastructure and supply chain are very vulnerable to ransomware attacks. What more can and should be done to keep them safe from ransomware? As NATO and the White House announce steps to crack down on bad actors, will it move the needle at ...

Read More
June 16th, 2021
401 Access Denied Episode 30 | Pen Testing & Incident Response with Pathfynder

There are a lot of myths about what pen testing or red-teaming really are. DJ Fuller, COO of Pathfynder joins us today to share what companies should expect when they engage a third-party to help them with cyber security and how to establish a good incident response program. Get the ...

Read More
June 2th, 2021
401 Access Denied Ep. 29 | Helpful or Harmful? The Microsoft Exchange Server Hack & FBI Cleanup with Josh Lospinoso

After the four zero-day vulnerabilities were discovered, the FBI also proactively removed backdoors on numerous private Exchange servers. Was that overreach or the right thing to do? On today's episode, we're joined by Josh Lospinoso, CEO and co-founder of Shift5 and former U.S. Army cyber officer, to discuss law enforcement ...

Read More
May 19, 2021
401 Access Denied Ep. 28 | Digital Forensics & Incident Response with Ondrej Krehel of LIFARS

In this episode of 401 Access Denied, we are joined by Ondrej Krehel, CEO and Founder of LIFARS, to discuss Digital Forensics, Incident Response, Ransomware Mitigation, and Cyber Resiliency. Do you know your risks and how to respond if targeted by hackers? We discuss how to be resilient on both ...

Read More
May 5, 2021
401 Access Denied Ep. 27 | 1 Year Anniversary Special: The Making of 401 Access Denied

It’s the special anniversary edition of the 401 Access Denied podcast! In honor of our 1-year anniversary and more than 16,000 listens, Joe and Mike want to take you behind the scenes and introduce you to everyone who works on the podcast and brings it to you biweekly. Listeners, thank ...

Read More
April 21, 2021
401 Access Denied Ep. 26 | Cyber Insurance with the Experts: Michael Phillips and Kevin McGowan

Mike and Joe dig into the topic of cyber insurance with the folks from Resilience Insurance – Kevin McGowan, VP of Cyber Underwriting and Michael Phillips, Head of Claims. As cyber laws are changing and cyber criminals are continually getting better and more creative in their approach, cybercrimes are becoming ...

Read More
April 7, 2021
401 Access Denied Ep. 25 | Inside Application Security with Ted Harrington

Special guest Ted Harrington joins Joe and Mike today to discuss application security – how to be more secure, what AppSec myths to reconsider, and how to change mentalities at your organization. Ted is Executive Partner at Independent Security Evaluators and author of Hackable: How To Do Application Security Right.

Read More
March 24, 2021
401 Access Denied Ep. 24 | Joe & Mike's Top 5 Free Cybersecurity Tools

In your cyber security journey, you’ve probably heard of a massive number of cyber security tools, many of them free. It can be tricky to figure out where to start and which tool is worth your time. In this podcast, Joe and Mike discuss the free cyber security tools in ...

Read More
March 10, 2021
401 Access Denied Ep. 23 | Ransomware Rundown with Dan Lohrmann

Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take ...

Read More
February 24, 2021
401 Access Denied Ep. 22 | Responsible Disclosure Programs with Katie Moussouris & Casey Ellis

Casey Ellis, Founder & CTO of Bug Crowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don’t create one at all. So we asked - what processes should companies ...

Read More
February 10, 2021
401 Access Denied Ep. 21 | How Cyber Criminals Exploit Human Behavior

Joe and Mike talk to Jessica Barker, Co-CEO of Cygenta and author of Confident Cyber Security and the recently released Cybersecurity ABC’s. Jessica breaks down the psychology behind cyber criminals and why we frequently blame the employees on the front lines of attacks. Plus, why companies need to stop telling ...

Read More
January 27, 2021
401 Access Denied Ep. 20 | The Latest from the SolarWinds Sunburst Breach

The 401 Access Denied team discusses the latest findings from the recent Sunburst supply chain attack that targeted thousands of SolarWinds customers – quite possibly the largest supply chain attack in history. We cover what’s been learned from the investigation so far and how we can apply those lessons to ...

Read More
January 13, 2021
401 Access Denied Ep. 19 | Inside a Russian Troll Farm with Jessikka Aro

In 2014 Jessikka Aro was a journalist reporting on the start of the Russo-Ukrainian War when she became aware of a group of Russian citizens who were being paid to promote pro-Russia propaganda. Jessikka joins us today to discuss the influence trolls had on public opinion, as well as how ...

Read More
December 30, 2020
401 Access Denied Ep. 18 | Cybersecurity News

Joe Carson from Thycotic and Mike Gruen from Cybrary share how they stay up-to-date with security news through podcasts, blogs, and events. They plug their favorite experts who give honest and direct news, sometimes even with a touch of comedy.

Read More
December 16, 2020
401 Access Denied Ep. 17 | Digital Identities & Government Innovations

Joining us today is the National Cyber Security Policy Director for the Estonian Government, Raul Rikk. Raul shares lessons in how Estonia excels in the digitalization of government services and cyber defense strategies. We’ll discuss the 2007 coordinated Russian cyber-attacks against Estonia - how Estonia not only recovered from an ...

Read More
December 2, 2020
401 Access Denied Ep. 16 | Best Practices: Teaching Your Kids to Use Technology Safely

Most parents are struggling with where to draw the line with their children when it comes to technology. It’s designed to be addictive, so how do you teach your kids to understand the risks, set boundaries, and enforce them? And how do you make sure they protect their passwords and ...

Read More
November 18, 2020
401 Access Denied Ep. 15 | AI, ML, and Quantum Computing: Hope or Hype?

Today, Joe, Mike, and special guest Josh Lospinoso dig into buzzwords like Quantum Computing, Machine Learning and AI. Are they worth all the hype? Should humanity be concerned about the cyber security risks associated with them? Josh is the CEO and co-founder of Shift5, where experts protect OT platforms like ...

Read More
November 4, 2020
401 Access Denied Ep. 14 | OT Security: Scientific Sensors

The 401 Access Denied crew from Cybrary and Thycotic are joined today by special guest Steve Jacobs, Systems Architect for a large-scale ecological science program. We discuss data integrity and information security - hot topics for a program that collects over 5 billion ecological sensor readings per day from 81 ...

Read More
October 21, 2020
401 Access Denied Ep. 13 | OT Security: Transportation with Shift5

We continue delving into the topic of OT Security with special guest Josh Lospinoso, CEO and co-founder of Shift5. Shift5 experts protect OT platforms like planes, trains and tanks against cyber-attack. As former US Army cyber officer, Lospinoso wrote dozens of infosec tools, and built and taught the C++ course ...

Read More
October 7, 2020
401 Access Denied Ep. 12 | OT Security: Introduction to OT Security with Chris Kubecka

In this episode of the 401 Access Denied Podcast, Thycotic and Cybrary welcome special guest Chris Kubecka, the Founder and CEO of HypaSec, to talk about OT Security: what is it, why is it important, and what are the risks? Kubecka will share stories from her exploits in international cyber ...

Read More
September 23, 2020
401 Access Denied Ep. 11 | Favorite Hacker Movies with David Scott Lewis

Who better to discuss our favorite hacker movies with than David Scott Lewis, inspiration for the iconic film "War Games." Hollywood has a knack for influencing public opinion, and 37 years later, the movie is still credited for shaping society’s impression of hackers. We’ll get the background of the real ...

Read More
September 9, 2020
401 Access Denied Ep. 10 | Election Security: Can a Hacker Really Pick the Next US President?

Special guest Dan Lohrmann from Security Mentor and former advisor to the White House and Homeland Security joins Thycotic and Cybrary to talk election security. We cover topics from voting registration, mail-in voting, to in-person voting and even the fake news Americans will be bombarded with from now until election ...

Read More
August 26, 2020
401 Access Denied Ep. 9 |Password Rules You *Have* to Break

Joseph Carson & Mike Gruen cover all things password today. Are all passwords created equally? As you attempt to balance usability vs security, what should you focus on more? We’ll learn why your children are now a target for hackers and if we can really dream of a password-less society ...

Read More
August 12, 2020
401 Access Denied Ep.08 | International Cyber Warfare: How Real is the Threat? Part 2

Welcome to part 2 of our international cyber warfare episode with special guest Josh Lospinoso. We continue with the discussion of zero-day vulnerabilities - including when to keep, use, and responsibly disclose them. In this episode, we’ll get into the ethical and legal challenges that need to be considered in ...

Read More
July 29, 2020
401 Access Denied Ep.07 | International Cyber Warfare: How Real is the Threat? Part 1

Join Joseph Carson from Thycotic, Mike Gruen from Cybrary and special guest Josh Lospinoso, former Cyber Officer of the US Army for part 1 of our 2-part episode on international cyber war. What does it take to recognize cyber misconduct as an act of war? How do we even attribute ...

Read More
July 15, 2020
401 Access Denied Ep.06 | Emma Heffernan: Diary of a Cyber Security Grad

Joseph Carson from Thycotic is joined today by Emma Heffernan, one of the most recognized new cybersec professionals in the industry. She'll share her experience as a recent graduate turned Pentester and speaker as she navigates her way through various industry roles. Also, you'll hear ideas for learning new skills ...

Read More
July 1, 2020
401 Access Denied Ep.05 | What the Heck is Least Privilege Security Anyway?

Least Privilege has become a pervasive term in cyber security these days. But what does Least Privilege actually mean? How has Zero Trust transformed into building trust and adaptive security that helps employees do their jobs efficiently and securely? Join Joseph Carson, Chief Security Scientist from Thycotic and author of ...

Read More
June 17, 2020
401 Access Denied Ep.04 | The 2020 Verizon Data Breach Investigations Report

Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they deep dive into Verizon’s 2020 Data Breach Investigations Report. We’ll share the good news of what the industry has been doing well this year and we’ll also share the not-so-good news. Ransomware, malware, credential stuffing, employee cyber education, ...

Read More
June 3, 2020
401 Access Denied Ep.03 | Getting Back to Work: The New Pandemic Anxiety

As many countries around the world are reopening and people are going back to work, countless new challenges arise for both the employer and employee. Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they discuss these problems, and more.

Read More
May 20, 2020
401 Access Denied Ep.02 | Top 8 Must-Read Cybersecurity Books

As many of us are job searching or looking for a break from our evening Netflix routines, it’s a good time to share our top 8 cyber security books that will help you learn new skills and techniques whether you are trying to break into the industry or prepare for ...

Read More
May 6, 2020
401 Access Denied Ep.01 | Busting Password Myths

With World Password Day upon us, individuals of all backgrounds and varying levels of cybersecurity hygiene will be confronted with the same question - are my current personal (or corporate) security measures enough? Today's episode will take listeners through a journey of best practices, horror stories, debunked myths, visions of ...

Read More