Best Lewis Costellos Podcasts (2024)

1
Today's Hybrid Work Era: Integrated Approach & Implementing Identity - ESW #382 30:38

15h ago30:38

30:38

Today’s cyber threat actors are capitalizing on organizations’ identity vulnerabilities, such as MFA. Nearly 75% of cloud security failures now result from mismanaged identities, access, and privileges, and the identity attack surface is becoming more challenging to protect as companies expand their cloud environments and supply chains to meet thei…

1
The Right CISO, with a New Security Leadership Style, to Safeguard Your Business - BSW #371 26:57

2h ago26:57

26:57

In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more! Show Notes: https://securityweekly.com/bsw-371

1
Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306 33:29

32m ago33:29

33:29

Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell…

1
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306 32:08

42m ago32:08

32:08

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for…

1
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306 1:05:35

11m ago1:05:35

1:05:35

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for…

1
Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371 38:23

34m ago38:23

38:23

Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal…

1
Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371 1:05:15

1h ago1:05:15

1:05:15

Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal…

1
Funding, AI controls your PC, Cyberstarts stops Sunrise, public cyber goes private - ESW #382 1:04:31

18m ago1:04:31

1:04:31

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts’ sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enter…

1
Recall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - Rob Allen - SWN #427 36:50

19m ago36:50

36:50

Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Vis…

1
Recall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - SWN #427 36:50

1h ago36:50

36:50

Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Vis…

1
What if securing buildings was as easy as your smartphone? - Blaine Frederick - ESW #382 31:27

39m ago31:27

31:27

The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to …

1
What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382 2:06:19

11m ago2:06:19

2:06:19

The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to …

1
A Man Called Hitchcock & Abbott & Costello 56:36

2h ago56:36

56:36

"This is Jay Lewis.. Tell us how you liked the show!" Jay wraps up the series, The Master's of Macabre by talking about the man who was called The Master of Suspense! That is no other than Alfred Hitchcock. Learn all about this man who pioneered the movie genre of Suspense and Horror. The radio show is from The Abbott and Costello Radio show. It's …

1
EDR Is Dead, EDR Is Not Dead - PSW #849 1:50:52

1h ago1:50:52

1:50:52

Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more o…

1
Shadow IT and Security Debt - Dave Lewis - PSW #849 2:50:27

1d ago2:50:27

2:50:27

We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities…

1
Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426 36:50

1d ago36:50

36:50

Halloween, TikTok Rip Off, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-426

1
Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426 36:50

31m ago36:50

36:50

Halloween, TikTok Rip Off, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-426

1
Shadow IT and Security Debt - Dave Lewis - PSW #849 59:44

1d ago59:44

59:44

We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities…

1
Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305 30:42

13h ago30:42

30:42

Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it’s essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. …

1
The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - David Bradbury, Erin Baudo Felter - BSW #370 1:03:37

1d ago1:03:37

1:03:37

In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more! Identity continues to be one of the most used attack vectors by cybercrim…

1
Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305 53:04

20h ago53:04

53:04

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared Show Notes: https://securityweek…

1
Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305 1:22:48

8d ago1:22:48

1:22:48

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared Generative AI has been the talk …

1
Stay Ahead of Identity Threats & Addressing Cybersecurity Disparities - David Bradbury, Erin Baudo Felter - BSW #370 33:10

1d ago33:10

33:10

Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat lan…

1
The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - BSW #370 30:36

1d ago30:36

30:36

In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more! Show Notes: https://securityweekly.com/bsw-370…

1
Era of Bot Battlers & Security Focused Company Culture - ESW #381 32:13

4d ago32:13

32:13

Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all…

1
Cyber Security Awareness for Election and Poll Workers - Kirsten Davies - ESW #381 48:02

5d ago48:02

48:02

The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll loca…

1
Tourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425 35:07

5d ago35:07

35:07

Tourist Abuse, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-425

1
Tourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425 35:07

5d ago35:07

35:07

Tourist Abuse, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-425

1
Transforming the Defender's Dilemma into the Defender's Advantage - Charlotte Wylie, Bhawna Singh, Lenny Zeltser - ESW #381 1:50:15

7d ago1:50:15

1:50:15

Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alon…

1
Transforming the Defender's Dilemma into the Defender's Advantage - Lenny Zeltser - ESW #381 30:18

5d ago30:18

30:18

Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alon…

1
Not The Vulnerabilities You're Looking For - PSW #848 2:06:29

6d ago2:06:29

2:06:29

This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculati…

Podcasts Worth a Listen

Lewis Costellos Podcasts

Podcasts Worth a Listen

Quick Reference Guide