Best Claroty Podcasts (2024)

1
Vinnie Liu on Offensive Security Testing During Incidents 29:30

18d ago29:30

29:30

Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure…

1
Diana Kelley on Protecting the AI Lifecycle 26:11

26d ago26:11

26:11

Protect AI Chief Information Security Officer Diana Kelley joins the Claroty Nexus podcast to discuss the intricacies of securing machine learning and artificial intelligence use inside the enterprise. She also explains the concept of MLSecOps and how it compares and contrasts to DevOps used in application development.…

1
Jennifer Minella on OT Cybersecurity Convergence 29:56

1M ago29:56

29:56

Jennifer Minella, founder and principal advisor of Viszen Security, joins the Claroty Nexus podcast to discuss her experiences advising organizations on operational technology implementations, risk management, and succeeding at IT/OT convergence. This episode was recorded during RSA Conference where Jennifer and Bryson Bort gave a talk on convergen…

1
Charles Blauner on the Changing Role of the CISO 31:00

1M ago31:00

31:00

Charles Blauner, Team8 operating partner and CISO in residence, joins the Claroty Nexus podcast to discuss the rapid changes in responsibilities and liability risks facing today's chief information security officers. Blauner, former CISO at JP Morgan and Deutsche Bank, describes how, for example, the new SEC rules around disclosures and incidents, …

1
Mikko Hypponen on a Decade of Corporate Ransomware Attacks 32:18

2M ago32:18

32:18

Cybersecurity pioneer Mikko Hypponen joins the Claroty Nexus live at the RSA Conference to discuss a decade of ransomware attacks against corporate networks. Hypponen is Chief Research Officer at WithSecure, the former F-Secure for Business. He has observed and analyzed malware from its infancy when it was a merely a means of disruption and attenti…

1
Adm. Michael Rogers on Geopolitics and Cybersecurity 27:57

2M ago27:57

27:57

Former NSA Director Adm. Michael S. Rogers (Ret. USN) joins the Claroty Nexus Podcast live from RSA Conference in San Francisco to discuss the current geopolitical climate, its impact on chief information security officers, and how they can and should response. Rogers discusses how the doctrines of adversaries are changing and that U.S. critical in…

1
Abel Archundia on Complexity in Critical Infrastructure 35:37

2M ago35:37

35:37

Abel Archundia, chief technology officer and global head of advisory for Istari, joins the Claroty Nexus podcast to discuss the nature of complexity, technical debt, and regulation, and how it influences risk decisions in critical infrastructure environments. He explains the challenges complexity brings to manufacturing, pharmaceuticals, and other …

1
Adam Gluck on Industrial DevOps 37:04

2M ago37:04

37:04

Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can impro…

1
Greg Garcia on the Change Healthcare Cyberattack 44:35

3M ago44:35

44:35

Greg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future. Garcia has had a long career on the…

1
Ryan Pickren on New Web-Based PLC Malware Research 35:17

4M ago35:17

35:17

Ryan Pickren, a Ph.D. student in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, joins the Claroty Nexus podcast to discuss a recently published research paper that explains a new web-based malware attack against programmable logic controllers. Pickren, the lead author, along with colleagues Tohid Shekari, …

1
Mike Rogers on Understanding a CISO's Personal Exposure in Cyber Incidents 37:26

5M ago37:26

37:26

Hormel Foods Chief Information Security Officer and Director of Information Security and Compliance Mike Rogers joins the Claroty Nexus podcast to discuss why it's so important for CISO's to understand their personal liability during cybersecurity incidents. New regulations, including the SEC's cybersecurity rules, are driving this need for securit…

1
Team82 Answers More of your OT Cybersecurity Questions 31:58

5M ago31:58

31:58

Noam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders. This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode her…

1
Wrap-up: Final Episode of Security Voices 41:57

5M ago41:57

41:57

After 5 seasons, it’s curtain call for Security Voices. In this final episode, Jack and I reflect on half a decade of podcasting together through times that were both extraordinary for the world and for each of us personally. We discuss some of our favorite moments, most memorable guests, and the lessons learned from roughly 60 episodes of explorin…

1
Juan Piacquadio on Securing Pharma 4.0 47:26

6M ago47:26

47:26

Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along …

1
David Elfering on CISOs and Cyber Liability Insurance 44:19

6M ago44:19

44:19

David Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings i…

1
Team82 Answers Your Vulnerability Research Questions 28:47

7M ago28:47

28:47

Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on…

1
Cultural Decryption: A Closer Look at Understanding the India/U.S. Relationship in Cyber 1:00:08

7M ago1:00:08

1:00:08

The ascendancy of India in Silicon Valley is undeniable. From top executives such as Satya Nadella (Microsoft) and Nikesh Arora (Palo Alto Networks) to leading investors, we’ve become well accustomed to working with and often for people who have immigrated from India. Given the wave of immigration from India started decades ago, our Indian coworker…

1
Mandiant on Sandworm APT Attacks in Ukraine 30:27

8M ago30:27

30:27

Nathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine. Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a pow…

1
Don Weber on Security Culture in Control Environments, STAR Methodology 44:41

8M ago44:41

44:41

Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall …

1
MITRE on Caldera for OT 43:42

9M ago43:42

43:42

Misha Belisle and Blaine Jeffries of MITRE join the Claroty Nexus podcast to discuss Caldera for OT, a new set of operational technology plugins for the open source core Caldera adversary emulation platform. Caldera for OT supports the Modbus, BACnet, and dnp protocols, and Belisle and Jeffries hope to add future support for additional protocols. R…

1
Farewell, Sun Tzu: The Modern Security Mindset with Kelly Shortridge 1:03:12

9M ago1:03:12

1:03:12

The classic mindset of cyber security unmistakably originates from its early leaders: financial services, the defense industrial complex, and big companies that had too much to lose from ignoring what was called at the time “information security risk”. They tried to calculate largely unknowable risks to explain digital concepts to analog executives…

1
Jim LaBonty on the OT Security Stack 46:50

10M ago46:50

46:50

Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems. Labonty …

1
Choosing your own adventure: Frank Wang on academia, VC, sec engineering & side hustles 59:04

10M ago59:04

59:04

Let’s say it’s 2012. And you're graduating Stanford with a comp sci degree. You could go to Google, Facebook or any of a number of well-paying emerging juggernauts. If you’re Frank Wang, you move across the coast and do your PhD in cybersecurity at MIT. Now you’re doing your PhD. And you make pals with a local VC. So naturally, you start a cybersec…

1
Stephen Reynolds on Protecting the CISO During Incident Investigations 33:46

10M ago33:46

33:46

Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, joins the Nexus Podcast to discuss some of the concerns and questions CISOs and other security executives may have about their personal liability and exposure during breach investigations. The short of it: Don’t panic, but don’t be unprepared either. In this case, preparatio…

1
Team82 on NAS Research, OPC UA Exploit Framework 34:30

10M ago34:30

34:30

Team82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON disclosing vulnerabilities in Synology and Western Digital NAS cloud connections and the unveiling of a unique OPC UA exploit framework. In thi…

1
Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk 26:30

11M ago26:30

26:30

In this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities. Petro and Vargas explain a number of protocol weaknesses and vulnerabiliti…

1
Jennifer Lyn Walker on Cybersecurity Risks in the Water Sector 46:42

11M ago46:42

46:42

Jennifer Lyn Walker, Director of Infrastructure Cyber Defense for the WaterISAC, joins the Nexus podcast to discuss the state of cybersecurity within the water and wastewater critical infrastructure sector. Walker explains where the cybersecurity technology, funding, and skills gaps currently exist among smaller—and larger—water providers. She also…

1
Episode #57: Claroty’s Galina Antova on the global infrastructure war & building an $100M OT security juggernaut 1:06:24

11M ago1:06:24

1:06:24

This past weekend, the New York Times posted an article explaining the United States is scrambling to clean government systems from a deep, pervasive infiltration of the country’s infrastructure by the Chinese. Much like the Russian attacks on Ukrainian infrastructure, the intent appears to be to disrupt any U.S. action that would be a response to …

1
Kathleen Moriarty on CIS' IoT Security Guidance 38:38

12M ago38:38

38:38

Kathleen Moriarty, Chief Technology Officer of the Center for Internet Security (CIS) joins the Nexus podcast to discuss CIS' recently published IoT Embedded Security Guidance. The document walks vendors, developers, DevOps professionals through the most commonly used IoT protocols and analyzes them from a security perspective. The aim is to help v…

1
Walter Risi on the CISO's Journey from IT to OT 35:07

12M ago35:07

35:07

Walter Risi, Global OT Lead and the Technology and Cyber Security Consulting leader at KPMG in Argentina, joins the Nexus podcast to discuss the CISO's journey from IT to OT. Risi explains what's driving this convergence of security disciplines, and the challenges security leaders are facing across industries. You'll also learn why resilience shoul…

1
Defending the U.S. Communications Backbone in the Age of CyberWar: Dialogue & Career Retro with Mary Haynes 1:14:59

1y ago1:14:59

1:14:59

"Any country that intervenes in Taiwan will face serious consequences, including cyber attacks." This statement in January by the Chinese Ministry of Foreign Affairs made clear that the United States must be ready to defend itself in what many assume to be an inevitable conflict over Taiwan’s independence. It begs the question, how will we defend o…

1
Noam Moshe on Teltonika 4G IIoT Router Cybersecurity Research 16:51

1y ago16:51

16:51

Claroty Team82's Noam Moshe joins the Nexus podcast to discuss a recent research collaboration with OTORIO looking at Teltonika's 4G industrial routers and cloud management platforms. Eight vulnerabilities were uncovered and patched by the vendor in a recent update. Moshe discusses the vulnerabilities, attack vectors involved, and the state of secu…

1
Charles Carmakal on Cybersecurity Threats to Healthcare 37:54

1y ago37:54

37:54

Mandiant Chief Technology Officer Charles Carmakal joins the Claroty Nexus podcast to discuss real-world threats to healthcare organizations. Mandiant has a unique vantage point as an incident response team involved in many high-profile cyberattacks. Based on that insight, Carmakal is able to comment on the conventional and opportunistic attacks he…

1
The Hidden Dangers of Generative AI: Who is Responsible for Protecting our Data? 1:04:21

1y ago1:04:21

1:04:21

The breakaway success of ChatGPT is hiding an important fact and an even bigger problem. The next wave of generative AI will not be built by trawling the Internet but by mining hordes of proprietary data that have been piling up for years inside organizations. While Elon Musk and Reddit may breathe a sigh of relief, this ushers in a new set of conc…

1
Lorrie Cranor on IoT Security and Privacy Labels 32:39

1y ago32:39

32:39

Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufa…

1
Skip Sorrels on the 405(d) HICP, Healthcare Cybersecurity 41:04

1y ago41:04

41:04

Skip Sorrels, director of cybersecurity at Ascension Technologies, which oversees the technology needs for Ascension Healthcare, one of the country’s biggest non-profit healthcare providers, joins the Nexus podcast to discuss the 405(d) Task Group's Health Industry Cybersecurity Practices (HICP). The HICP identifies top cybersecurity threats to the…

1
Dave Elfering on Cyber Liability Insurance 42:34

1y ago42:34

42:34

Dave Elfering, senior vice president at Marsh, a global insurance broker and risk management company, joins the Nexus podcast to discuss the current state of cyber insurance. A longtime figure in information security, Elfering explains the current volatility around coverage, premiums, and exclusions. He goes deep into what can sometimes be contenti…

1
Threat modeling life: Prepping for the rest of us with Michal Zalewski (lcamtuf) 1:06:35

1+ y ago1:06:35

1:06:35

Hidden bunkers, stacks of canned food and piles of artillery. Disaster preparedness has become an Internet meme and these are some of the “prepper” community’s showcase images. But most of us who have lived through the recent pandemic, the Capital insurrection on January 6th and more no longer take the threat of a major disaster lightly. For those …

1
Vera Mens on Akuvox E11 Vulnerabilities 21:16

1+ y ago21:16

21:16

Team82 researcher Vera Mens joins the Nexus podcast to discuss her research that uncovered 13 vulnerabilities in the popular Akuvox E11 smart intercoms. These devices are used to control access to offices, residential, and commercial establishments. The vulnerabilities range in severity, and pose serious privacy implications for users. Vera will di…

1
Adm. Mike Rogers on the National Cybersecurity Strategy 39:38

1+ y ago39:38

39:38

Adm. Mike Rogers, USN (Ret.) joins the Nexus podcast to discuss the recently released National Cybersecurity Strategy, the first such strategy from the Biden administration. The strategy codifies many of the cyber-physical systems security initiatives the White House has produced since 2021 in the aftermath of the Colonial Pipeline ransomware attac…

1
Katherine Gronberg on the Federal Government and OT/IoT Cybersecurity 43:56

1+ y ago43:56

43:56

Katherine Gronberg, head of government services at cybersecurity venture capital firm NightDragon, joins the Nexus Podcast to discuss what's driving the federal government's renewed interest and investment in OT and IoT cybersecurity. Katherine brings insight from her unique perspective on these issues, especially as it pertains to upcoming require…

1
10,000 to 5: The Improbable Odds of Securing the Nation’s Largest Child & Family Services Agency 52:16

1+ y ago52:16

52:16

Continuing from our dialogue with Tomas Maldonado who has the unique job of securing the NFL, we have a conversation with Allen Ohanian whose day job is to protect the Los Angeles Department of Child and Family Services (DCFS). LA DCFS is the largest agency of its type in the United States, its central focus is its 10,000 social workers who help de…

1
Security Data Lakes with Omer Singer, Pathik Patel & ChatGPT 1:10:44

1+ y ago1:10:44

1:10:44

After 2 decades of trying to make SIEMs work, security data lakes are a hot topic as they present an increasingly attractive alternative. The only hotter topic is ChatGPT and the game changing potential of AI. So in episode 52 of Security Voices, we mash the two together as Dave, Pathik Patel (Informatica), and Omer Singer (Snowflake) explore the m…

1
Noam Moshe on a Generic WAF Bypass Technique 30:46

1+ y ago30:46

30:46

Claroty Team82 researcher Noam Moshe joins the podcast to discuss his recent research and development of a generic bypass of leading vendors' web application firewalls. This research was presented at Black Hat Europe and on the Team82 blog. The technique involves prepending JSON syntax to a SQL injection payload. Prior to this research, WAFs were b…

1
Sharon Brizinov on Hacking IoT 26:19

1+ y ago26:19

26:19

Claroty Team82 Director of Research Sharon Brizinov joins the podcast to discuss the recent Pwn2Own Toronto event. Brizinov was successful in three categories at the event, finding and exploiting zero day vulnerabilities in two network-attached storage devices and a popular router. In this episode, Brizinov explains his preparation for the contest,…

1
Massive Stakes & Undersized Budgets: Roundtable on Life After the Joe Sullivan Conviction 1:23:48

1+ y ago1:23:48

1:23:48

The winds of change are always blowing in cybersecurity, but there’s moments when they reach a gale force, When the landscape is reshaped dramatically by an event that hits us like a hurricane, changing how we feel about our jobs, our industry, and perhaps even shaking our resolve to continue on in the same career path. When Joe Sullivan, former he…

1
Joe Slowik on TRITON Malware, XENOTIME Hacking Group 42:17

1+ y ago42:17

42:17

Joe Slowik, threat intelligence and detections lead at Gigamon, joins the podcast to discuss the XENOTIME hacking group, the entity believed to be responsible for the 2017 Triton attack. Triton was deployed within a petrochemical facility in Saudi Arabia and triggered a fault in the Schneider Electric Triconex Safety Instrumented Systems that initi…

1
Fixing Security's Human Problem: Behavioral Engineering at Robinhood 50:11

1+ y ago50:11

50:11

In cybersecurity, we have teams focused on managing vulnerabilities. We have SOCs who spend their days obsessing over threats. App sec teams. Data privacy teams. In the typical, modern cybersecurity team, we have exactly zero people focused on helping humans defend themselves and the organization in spite of a massive increase in scams and fraud th…

1
Inside Team82's EvilPLC Attack 22:09

1+ y ago22:09

22:09

Team82's Noam Moshe, one of the researchers involved in developing the EvilPLC attack, discusses the technique of using a weaponized programmable logic controller to compromise an engineer's workstation and gain access to other PLCs on the OT network. Read more about the EvilPLC technique Download Team82's paper on EvilPLC…

1
Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List 47:04

1+ y ago47:04

47:04

Sarah Fluchs, CTO at Admeritia, joins the Aperture podcast to discuss the Top 20 Secure PLC Coding Practices List. Written for engineers by engineers, the list provides recommendations that can be used to securely design and code programmable logic controllers (PLCs). The first iteration of the list was published in 2021, and since then, its core g…

Podcasts Worth a Listen

Claroty Podcasts

Podcasts Worth a Listen

Quick Reference Guide