Best Mandiant Podcasts (2024)

1
EP183 Cloud Security Journeys: Improve, Evolve, Transform with Cloud Customers 30:15

2h ago30:15

30:15

Guests: Jaffa Edwards, Senior Security Manager @ Google Cloud Lyka Segura, Cloud Security Engineer @ Google Cloud Topics: Security transformation is hard, do you have any secret tricks or methods that actually make it happen? Can you share a story about a time when you helped a customer transform their cloud security posture? Not just improve, but …

1
What Iranian Threat Actors Have Been Up To This Year 36:13

6h ago36:13

36:13

Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros. For more on this topic, please see: https://blog.google/tec…

1
EP182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy? 28:20

20m ago28:20

28:20

Guest: Adam Bateman, Co-founder and CEO, Push Security Topics: What is Identity Threat Detection and Response (ITDR)? How do you define it? What gets better at a client organization once ITDR is deployed? Do we also need “ISPM” (parallel to CDR/CSPM), and what about CIEM? Workload identity ITDR vs human identity ITDR? Do we need both? Are these the…

1
EP181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams 30:32

7d ago30:32

30:32

Guest: Zack Allen, Senior Director of Detection & Research @ Datadog, creator of Detection Engineering Weekly Topics: What are the biggest challenges facing detection engineers today? What do you tell people who want to consume detections and not engineer them? What advice would you give to someone who is interested in becoming a detection engineer…

1
EP180 SOC Crossroads: Optimization vs Transformation - Two Paths for Security Operations Center 28:09

16d ago28:09

28:09

Guests: Mitchell Rudoll, Specialist Master, Deloitte Alex Glowacki, Senior Consultant, Deloitte Topics: The paper outlines two paths for SOCs: optimization or transformation. Can you elaborate on the key differences between these two approaches and the factors that should influence an organization's decision on which path to pursue? The paper also …

1
EP179 Teamwork Under Stress: Expedition Behavior in Cybersecurity Incident Response 23:28

12d ago23:28

23:28

Guests: Robin Shostack, Security Program Manager, Google Jibran Ilyas, Managing Director Incident Response, Mandiant, Google Cloud Topics: You talk about “teamwork under adverse conditions” to describe expedition behavior (EB). Could you tell us what it means? You have been involved in response to many high profile incidents, one of the ones we can…

1
Mandiant's Approach to Securely Using AI Solutions 32:00

16d ago32:00

32:00

Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, …

1
EP178 Meet Brandon Wood: The Human Side of Threat Intelligence: From Bad IP to Trafficking Busts 32:09

1M ago32:09

32:09

Guest: Brandon Wood, Product Manager for Google Threat Intelligence Topics: Threat intelligence is one of those terms that means different things to everyone–can you tell us what this term has meant in the different contexts of your career? What do you tell people who assume that “TI = lists of bad IPs”? We heard while prepping for this show that y…

1
EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant 30:07

26d ago30:07

30:07

Guests: Omar ElAhdan, Principal Consultant, Mandiant, Google Cloud Will Silverstone, Senior Consultant, Mandiant, Google Cloud Topics: Most organizations you see use both cloud and on-premise environments. What are the most common challenges organizations face in securing their hybrid cloud environments? You do IR so in your experience, what are to…

1
EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use 27:00

2M ago27:00

27:00

Guest: Seth Vargo, Principal Software Engineer responsible for Google's use of the public cloud, Google Topics: Google uses the public cloud, no way, right? Which one? Oh, yeah, I guess this is obvious: GCP, right? Where are we like other clients of GCP? Where are we not like other cloud users? Do we have any unique cloud security technology that w…

1
Lessons Learned from Responding to Cloud Compromises 30:16

2M ago30:16

30:16

Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromis…

1
EP175 Meet Crystal Lister: From Public Sector to Google Cloud Security and Threat Horizons 26:43

1M ago26:43

26:43

Guest: Crystal Lister, Technical Program Manager, Google Cloud Security Topics: Your background can be sheepishly called “public sector”, what’s your experience been transitioning from public to private? How did you end up here doing what you are doing? We imagine you learned a lot from what you just described – how’s that impacted your work at Goo…

1
EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework 21:33

2M ago21:33

21:33

Guest: Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet Topics: Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare? You have created a new framework for measuring how ready you are for an incident, what i…

1
The ORB Networks 29:54

2M ago29:54

29:54

Michael Raggi (Principal Analyst, Mandiant Intelligence) joins host Luke McNamara to discuss Mandiant's research into China-nexus threat actors using proxy networks known as “ORBs” (operational relay box networks). Michael discusses the anatomy and framework Mandiant developed to map out these proxy networks, how ORB networks like SPACEHOP are leve…

1
EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations 33:16

2M ago33:16

33:16

Guest: Shan Rao, Group Product Manager, Google Topics: What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems? Your talk covers 5 risks, why did you pick these five? What are the five, and are these the worst? Some of the mitigation seems the same for all risks. What are the popular SAIF mitigatio…

1
Investigations Into Zero-Day Exploitation of the Ivanti Connect Secure Appliances 27:47

3M ago27:47

27:47

Mandiant Principal Analysts John Wolfram and Tyler McLellan join host Luke McNamara to discuss their research in the "Cutting Edge" blog series, a series of investigations into zero-day exploitation of Ivanti appliances. John and Tyler discuss the process of analyzing the initial exploitation, and the attribution challenges that emerged following t…

1
EP172 RSA 2024: Separating AI Signal from Noise, SecOps Evolves, XDR Declines? 27:20

2M ago27:20

27:20

Guests: None Topics: What have we seen at RSA 2024? Which buzzwords are rising (AI! AI! AI!) and which ones are falling (hi XDR)? Is this really all about AI? Is this all marketing? Security platforms or focused tools, who is winning at RSA? Anything fun going on with SecOps? Is cloud security still largely about CSPM? Any interesting presentations…

1
EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side 27:03

2M ago27:03

27:03

Guest: Elie Bursztein, Google DeepMind Cybersecurity Research Lead, Google Topics: Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)? What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical? Do we really have …

1
M-Trends 2024 with Mandiant Consulting Vice President Jurgen Kutscher 25:53

3M ago25:53

25:53

Jurgen Kutscher, Mandiant Vice President for Consulting, joins host Luke McNamara to discuss the findings of the M-Trends 2024 report. Jurgen shares his perspective on the "By the Numbers" data, the theme of evasion of detection in this year's report, and how Mandiant consultants have been leveraging AI in purple and red teaming operations. For mor…

1
EP170 Redefining Security Operations: Practical Applications of GenAI in the SOC 27:48

3M ago27:48

27:48

Guest: Payal Chakravarty, Director of Product Management, Google SecOps, Google Cloud Topics: What are the different use cases for GenAI in security operations and how can organizations prioritize them for maximum impact to their organization? We’ve heard a lot of worries from people that GenAI will replace junior team members–how do you see GenAI …

1
EP169 Google Cloud Next 2024 Recap: Is Cloud an Island, So Much AI, Bots in SecOps 27:36

3M ago27:36

27:36

Guests: no guests (just us!) Topics: What are some of the fun security-related launches from Next 2024 (sorry for our brief “marketing hat” moment!)? Any fun security vendors we spotted “in the clouds”? OK, what are our favorite sessions? Our own, right? Anything else we had time to go to? What are the new security ideas inspired by the event (you …

1
EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It 33:18

3M ago33:18

33:18

Guests: Umesh Shankar, Distinguished Engineer, Chief Technologist for Google Cloud Security Scott Coull, Head of Data Science Research, Google Cloud Security Topics: What does it mean to “teach AI security”? How did we make SecLM? And also: why did we make SecLM? What can “security trained LLM” do better vs regular LLM? Does making it better at sec…

1
Assessing the State of Multifaceted Extortion Operations 40:54

4M ago40:54

40:54

Kimberly Goody, Head of Mandiant's Cyber Crime Analysis team and Jeremy Kennelly, Lead Analyst of the same team join host Luke McNamara to breakdown the current state of ransomware and data theft extortion. Kimberly and Jeremy describe how 2023 differed from the activity they witnessed the year prior, and how changes in the makeup of various groups…

1
EP167 Stolen Cards and Fake Accounts: Defending Google Cloud Against Abuse 25:24

3M ago25:24

25:24

Speakers: Maria Riaz, Cloud Counter-Abuse, Engineering Lead, Google Cloud Topics: What is “counter abuse”? Is this the same as security? What does counter-abuse look like for GCP? What are the popular abuse types we face? Do people use stolen cards to get accounts to then violate the terms with? How do we deal with this, generally? Beyond core tech…

1
EP166 Workload Identity, Zero Trust and SPIFFE (Also Turtles!) 30:06

4M ago30:06

30:06

Guests: Evan Gilman, co-founder CEO of Spirl Eli Nesterov, co-founder CTO of Spril Topics: Today we have IAM, zero trust and security made easy. With that intro, could you give us the 30 second version of what a workload identity is and why people need them? What’s so spiffy about SPIFFE anyway? What’s different between this and micro segmentation …

1
Hunting for "Living off the Land" Activity 42:32

4M ago42:32

42:32

Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and mor…

1
EP165 Your Cloud Is Not a Pet - Decoding 'Shifting Left' for Cloud Security 24:34

4M ago24:34

24:34

Guest: Ahmad Robinson, Cloud Security Architect, Google Cloud Topics: You’ve done a BlackHat webinar where you discuss a Pets vs Cattle mentality when it comes to cloud operations. Can you explain this mentality and how it applies to security? What in your past led you to these insights? Tell us more about your background and your journey to Google…

1
EP164 Quantum Computing: Understanding the (very serious) Threat and Post-Quantum Cryptography 31:23

5M ago31:23

31:23

Guest: Jennifer Fernick, Senor Staff Security Engineer and UTL, Google Topics: Since one of us (!) doesn't have a PhD in quantum mechanics, could you explain what a quantum computer is and how do we know they are on a credible path towards being real threats to cryptography? How soon do we need to worry about this one? We’ve heard that quantum comp…

1
Director of NSA's Cybersecurity Collaboration Center on Trends in 2024 25:48

5M ago25:48

25:48

Morgan Adamski, Director of the NSA's Cybersecurity Collaboration Center (CCC) joins host Luke McNamara to discuss the threat posed by Volt Typhoon and other threat actors utilizing living off the land (LotL) techniques, zero-day exploitation trends, how the CCC works with private sector organizations, and more.…

1
EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI 25:54

4M ago25:54

25:54

Guest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics: You had this epic 8 megatrends idea in 2021, where are we now with them? We now have 9 of them, what made you add this particular one (AI)? A lot of CISOs fear runaway AI. Hence good governance is key! What is your secret of success for AI governa…

1
EP162 IAM in the Cloud: What it Means to Do It 'Right' with Kat Traxler 28:09

4M ago28:09

28:09

Guest: Kat Traxler, Security Researcher, TrustOnCloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? A lot of people say “in the cloud, you must do IAM ‘right’”. What do you think that means? What is the first or the main idea that comes to your mind when you hear it? Ho…

1
EP161 Cloud Compliance: A Lawyer - Turned Technologist! - Perspective on Navigating the Cloud 27:38

5M ago27:38

27:38

Guest: Victoria Geronimo, Cloud Security Architect, Google Cloud Topics: You work with technical folks at the intersection of compliance, security, and cloud. So what do you do, and where do you find the biggest challenges in communicating across those boundaries? How does cloud make compliance easier? Does it ever make compliance harder? What is y…

1
The North Korean IT Workers 34:40

5M ago34:40

34:40

Principal Analyst Michael Barnhart joins host Luke McNamara to discuss Mandiant's research into the threat posed by the Democratic People's Republic of Korea's (DPRK) usage of IT workers to gain access to enterprises. For more on Mandiant's analysis of North Korea's cyber capabilities, please see: https://www.mandiant.com/resources/blog/north-korea…

1
EP160 Don't Cloud Your Judgement: Security and Cloud Migration, Again! 27:32

5M ago27:32

27:32

Guest: Merritt Baer, Field CTO, Lacework, ex-AWS, ex-USG Topics: How can organizations ensure that their security posture is maintained or improved during a cloud migration? Is cloud migration a risk reduction move? What are some of the common security challenges that organizations face during a cloud migration? Are there different gotchas between …

1
EP159 Workspace Security: Built for the Modern Threat. But How? 25:31

5M ago25:31

25:31

Guests: Emre Kanlikilicer, Senior Engineering Manager @ Google Sophia Gu, Engineering Manager at Google Topics Workspace makes the claim that unlike other productivity suites available today, it’s architectured for the modern threat landscape. That’s a big claim! What gives Google the ability to make this claim? Workspace environments would have ma…

1
Prescriptions for a Healthy Cybersecurity Future with Google Cloud's OCISO 44:27

6M ago44:27

44:27

Taylor Lehmann (Director, Google Cloud Office of the CISO) and Bill Reid (Security Architect, Google Cloud Office of the CISO) join host Luke McNamara to discuss their takeaways from the last year of threat activity witnessed by enterprises within healthcare and life sciences. They discuss applying threat intelligence to third-party risk management…

1
EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics 21:33

5M ago21:33

21:33

Guest: Jason Solomon, Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling avail…

1
EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud 25:27

6M ago25:27

25:27

Guest: Arie Zilberstein, CEO and Co-Founder at Gem Security Topics: How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response? What are the key challenges of cloud detection and response? Often we lift and shift our teams to Cloud, and not always for bad reasons, so what’s your advice on how to teach th…

1
Is The CTI Lifecycle Due For An Update? 28:08

6M ago28:08

28:08

Mandiant Intelligence Advisor Renze Jongman joins host Luke McNamara to discuss his blog on the CTI Process Hyperloop and applying threat intelligence to the needs of the security organization and larger enterprise. For more on this topic, please see: https://www.mandiant.com/resources/blog/cti-process-hyperloop…

Podcasts Worth a Listen

Mandiant Podcasts

Podcasts Worth a Listen

Quick Reference Guide