In this special, celebratory 100th episode of the mnemonic security podcast, Robby speaks with author and industry legend - Jon DiMaggio. Jon is the Chief Security Strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-sta…

In this week's episode, Robby talks with his friend Keven Hendricks, a law enforcement veteran with extensive experience in dark web and cryptocurrency investigations. They explore topics like dark web forums, cryptocurrency's role in illegal activities, and the difficulties law enforcement encounters when monitoring these areas, especially with pr…

Many are familiar with cybersecurity penetration testing – ethical hacking to uncover digital weaknesses. But what about the real-world threats to your company's physical security? How confident are you in your locks, cameras, and physical security measures to protect your sensitive data or equipment? In this episode, Robby speaks with Brian Harris…

Have you ever worked alongside a machine learning engineer? Or wondered how their world will overlap with ours in the "AI" era? In this episode of the podcast, Robby is joined by seasoned expert Kyle Gallatin from Handshake to enlighten us on his perspective on how collaboration between security professionals and ML practitioners should look in the…

Operationalising threat intelligence is back on topic for the mnemonic security podcast! Making a return to the podcast is Joe Slowik from MITRE Corporation, where he is the CTI Lead for MITRE ATT&CK and also Principal Engineer for Critical Infrastructure Threat Intelligence. Also joining is Jeff Schiemann, an industry veteran and CISO at one of th…

When we talk about securing an organisation’s assets, we most often mean its data, devices, servers, or accounts, but are we doing enough to secure the group of people leading the company? Or the ones doing high risk work on behalf of the organisation? To discuss the importance of securing high-risk individuals, like journalists, politicians and ex…

For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI). It is not too long ago since Eoin last visited the podcast, (only 7 months,) but lots has happened in the world of AI since. During the episode, he talks…

Data Brokers and Data Removal Services What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies? To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a…

For this episode, Robby is joined by Levi Gundert, Chief Security Officer at the cybersecurity company Recorded Future and author of the book The Risk Business – what leaders need to know about intelligence and risk-based security. Levi shares from his decades of experience in the threat and risk space – and Robby picks his brain about a broad set …

Ethical social engineering Even the best pentesters out there can be fooled by a social engineering attempt under the right circumstances. But how do we treat the ones that have been tested and failed? Ragnhild «Bridget» Sageng, Senior Security Advisor at Norwegian Customs, has several years of experience from the IT and cybersecurity industry, and…

How will AI impact the next generation of people working with computer science? This question is probably relevant for anyone making their way through school now, in all fields of study. Without looking for a definite answer, but to help him navigate this question, Robby has invited two people with quite different backgrounds: Richard Stiennon, aut…

How does cybersecurity play a part in ensuring food security? As part of the ISACA series of the mnemonic security podcast, we’re welcoming Karianne Kjønås, Cyber & Privacy Associate at PwC Norway. Karianne recently won the ISACA master’s thesis award with her thesis on how cybersecurity incidents can affect Norwegian food production. During her co…

Conflictual coexistence Today’s guest, Raymond Andrè Hagen, holds over 20 years of experience in cybersecurity and information security, and is currently researching advanced persistent threats for his PhD in Computer and Information Systems Security. He also has experience as a Security Specialist at the Norwegian Digitalization Agency (Digdir), i…

To join Robby for this episode on Russian cybercrime and ransomware, we’re welcoming Sam Flockhart, Cyber Threat Intelligence Manager at Santander UK. Sam has a background in military intelligence from the British army, where he has spent a large part of his career looking at Russian influence in Eastern Europe. Including experience from the Britis…

Metaverses Have you been to the metaverse yet? And are you among the 78% that believe the metaverse will provide a significant value to their organisation in the future? To join Robby for this episode, we’re welcoming Julia Hermann, Senior Technology and Innovation Manager at Giesecke+Devrient, where she works on identifying opportunities in the me…

Defending EVE Online How does combatting botting, hacking, and fraud in a virtual game relate to fighting real cybercrime? To share his take on this, Maksym Gryshchenko joins us to share how he works as a Security analyst at CCP Games, a leading game developer based in Iceland, and the developers behind the sci-fi role-playing game EVE Online. EVE …

Last year, threat researchers all over the world got a sneak peek into the inner workings of the Russian defence contractor NTC Vulkan. The Vulkan files leak provided an interesting behind the scenes look at Russian cyber capabilities and scalability, and the ways state sponsored organisation work. Joe Slowik, managing threat intelligence at the cy…

Cryptology is fundamental for the way the internet works today. But what exactly is modern cryptology, and what are the most common areas in which it’s being used? To guide us through this complex area, Robby’s joined by Bor de Kock, PhD. in Cryptology and Assistant Professor at NTNU. They talk about some of the main challenges to cryptology these …

Physical penetration testing | ISACA series For this episode that is part of our ISACA series, we’re joined by Rob Shapland, Ethical Hacker/Head of Cyber Innovation at Falanx Cyber. Rob talks about what he’s learned from his 15 years of testing physical and cyber security for his clients, including more than 200 building intrusions assignments. He …

Artificial intelligence (AI) and machine learning (ML) models have already become incorporated into many facets of our lives. In this episode, we discuss what happens if these models are attacked. How can the models that AI and ML are built upon be attacked? And how can we defend them? Eoin Wickens, Senior Adversarial ML Researcher at HiddenLayer, …

What do you really know about your vendors? And about your vendors' vendors? To talk about supply chain attacks, and how to best mitigate and meet these risks, Robby is joined by a pair with a lot of experience on this topic: Roger Ison-Haug, CISO of StormGeo, and Martin Kofoed, CEO of Improsec. Martin and Roger discuss what a supply chain attack l…

How to succeed with bug bounties Responsible disclosure and vulnerability reporting have come a long way in recent years, and have gone from being feared and even something you took legal action against, to something that is appreciated for its value. Ioana Piroska, Bug Bounty Program Manager at Visma, joins Robby to share how Visma has succeeded w…

Influencing the board What are some of the most effective methods of gaining a board’s support, and how do you maintain this trust and improve it over time? Our guest today has worked with a lot of boards, and joins us to share his experiences providing boards with the tools to ask the right questions when it comes to cybersecurity, and conveying t…

KraftCERT trusselvurdering 2023 | In Norwegian only Our podcast guest this week is Espen Endal, previous mnemonic colleague and currently OT Security Analyst at the Norwegian energy sector CERT: KraftCERT/InfraCERT. InfraCERT is an ISAC (Information Sharing and Analysis Center) and an IRT (Incident Response Team). Mainly working to update their mem…

Avoiding overload and managing stress in cybersecurity For today’s episode, Robby’s joined by Lisa Ventura, Cybersecurity Specialist, Author, and qualified Mental Health First Aider. After many years of experience from the industry, she’s become particularly interested in the human aspects of cybersecurity, especially when it comes to mental health…

Asset Intelligence Imagine a scenario where your organisation discovers that a threat actor currently possesses more knowledge about your environments than you do. Let’s find a way to make sure we don’t end up there - but how? For this episode, Robby is joined by a serial entrepreneur and serial guest at the mnemonic security podcast. For the fourt…

Operationalising Threat Intelligence What can you do to get the most out of your threat intelligence initiatives? A good place to start, is picking Kyle Wilhoit’s brain. Kyle’s the Director of Threat Research at Palo Alto Network's Unit 42, and author of the book Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber…

Crypto Finance How does a crypto finance agency work with security? To answer this question, and provide insight into security in the world of crypto, we’re joined by Dr. Dominik Raub. He has more than 10 years of experience from the financial industry, a Doctor of Sciences in Cryptography, and works as CISO at Crypto Finance AG, an organisation pr…

Office IoT Can you say for certain that you have a full overview of the IoT devices that are set up in your office environment? Smart Lighting, thermostats, locks, appliances, security cameras, sensors... perhaps even a fish tank? To talk about the importance of securing our office IoT, and specifically our printers, Robby is joined by Quentyn Tayl…

Passwords and their managers How do you create your passwords? Do you get help from a password manager, or is your personal “system” bulletproof? Robby has invited two guests passionate about passwords, and how we manage them. Not surprisingly, they can with confidence say that our own “systems” are highly guessable, and not as unique as you might …

Darkwebs Most of us have our ideas and perceptions of what the Dark Web is. But could it be more than just the dark side of the World Wide Web? To talk about the Dark Web, Robby is joined by Keven Hendricks, Dark Web Subject Matter Expert at The Ubivis Project. Keven has worked in law enforcement in the US since 2007, in areas such as computer and …

The importance of identity within our field has been established. According to analysis from CrowdStrike, 8/10 attacks are identity-based. But what does that actually mean? How do we even define identity these days, and how has it changed? To look into this, Robby has invited an expert within the field, Peter Barta. Peter works as a Senior Cloud Se…

Bots; they can be both helpful assistants and harmful pests, and you’ll find them all over the internet targeting most public facing applications in some way or another. But what actually are they? To explore the bad bots on the Internet, Robby is joined by someone that has spent the last seven years studying them, Dan Woods, Global Head of Intelli…

House of Pain: new EU cyber regulations NIS2, DORA, the Cyber Resilience and Artificial Intelligence acts; have you started to familiarise yourself with the new EU cyber regulations that are coming into force? In this episode, Robby welcomes Rolf von Roessing, former Vice Chair of ISACA Global, and CEO of FORFA Consulting, a German company speciali…

This episode is for anyone working within cybersecurity that has ever had to explain what they actually do, or defend why they are investing in security. We’re happy to welcome Jeff Barto back to the podcast, to go through his presentation “We are Defending” that he presented at mnemonic’s C2 summit this summer. Jeff is the CISO of a large hedge fo…

What happens when cyber criminals don’t get what they believe they're owed? For this episode, Robby is joined by John Fokker, Head of Trellix Threat Intelligence. John shares from his long experience fighting cybercrime, where he among other places has worked for the Dutch National High-Tech Crime Unit (NHTCU), the Dutch National Police unit dedica…

Network detection and response (NDR): the value of evidence What exactly is NDR, how have these technologies changed over the years, and are they more relevant now than ever? To help answer these questions, Robby is joined by Jean Schaffer. She’s had, to say the least, an interesting career with more than 33 years of experience from the US Departme…

Industrial Control Systems (ICS) in the cloud Can the cloud fundamentally revolutionise Operational Technology (OT) security? To help Robby understand some of the nuances of OT security and help connect the dots between IT and OT, we’re joined by Vivek Ponnada from the OT, ICS & IoT security company Nozomi Networks. Vivek shares from his 24 years o…

Enterprise Security Architecture Most organisations find it challenging to protect themselves against the ever-evolving list of risks and threats. The fact that most of us do this with a limited set of resources makes this even more complicated. Knowing what you should spend your time and efforts on is far from straight forward. But hopefully this …

Azure monitoring & hardening What is the best way to build and automate security in the world of Azure? For this episode, Robby has invited someone that spends all their time doing exactly that, or more specifically, identifying all the things that can go wrong within the Microsoft ecosystem; Rik van Duijn, Hacker & Co-Founder of the Dutch cybersec…

Who are the people helping us to keep the lights on? And what are our adversaries doing to get in the way of this? This episode of the mnemonic security podcast is directing some love and attention toward the people working with Operational Technology (OT) / Industrial Control Systems (ICS). To help him navigate this field, Robby is joined by Micha…

What does mobile security mean in 2022? And what are defenders doing to keep the bad guys out of our pockets? To provide some insight into these questions, Robby has invited someone who has worked his entire career in Android security; Dario Durando, Android Malware Analyst at the Dutch security company ThreatFabric. During their conversation, they…

As a follow up from last week’s episode on the malicious use-cases of drones with Mario Bartolome Manovel, Robby chats with Pablo Ruiz Encinas, Security Consultant at mnemonic. He recently did a course on drone security – the Drone Security Operations Certificate (DSOC) by DroneSec - and hence has a lot to say on the subject. Pablo did not only bri…

Drones: malicious use-cases and how to counteract them. As unmanned aerial vehicles (UAVs), or drones, are growing in popularity commercially, their use-cases are also growing in numbers. To discuss them from a security professional’s view point, Robby has invited Mario Bartolome Manovel, Offensive Security Engineer at Telefonica. Mario talks about…

Application Programming Interfaces (APIs) Why is Gartner predicting that API-based attacks will become the most frequent attack vector for applications? Although APIs deserve the credit for a lot of digital transformation and innovation, they’re also an attractive target for bad actors. To explain how APIs are being used these days, and why they ar…

From the 14th to the 16th of November, the annual Industrial Security Conference will take place in Copenhagen, Denmark. Are you interested in Operational Technology and Industrial Control System security, and wonder what's going on in that part of our industry? Or just curious about the conference, and some of the speakers that will be there? Robb…

Securing LinkedIn For this episode, Robby welcomes the CISO, and VP of Engineering for LinkedIn, Geoff Belknap. Geoff has more than 20 years of experience in security and network architecture, and has previously also held the CISO positions at Slack and Palantir. He shares some advice on navigating the security job market, and reflects on his role …

Lessons learned from a real incident: Nordic Choice Hotels What can we learn from the Nordic Choice Hotels supply chain attack of December 2021, and how it was handled? For this episode, we’re happy to welcome Kari Anna Fiskvik, Vice President Technology at Nordic Choice Hotels, that will share some of her lessons learned from being at the centre o…

Threat Intelligence-Based Ethical Red-teaming In most organisations, there’s more to security than preventive measures. This means that testing your capabilities within detection, investigation and containment can be just as relevant as looking at preventive capabilities. One way of doing so, is by following the Threat Intelligence Based Ethical Re…

Security leadership essentials for managers What knowledge base should a CISO have? And what is the best approach to shaping the next generation of security leaders? Our guest today is better equipped than most to answer these questions. Frank Kim, former CISO of and currently a Fellow and Curriculum Director at SANS Institute, joins Robby to discu…