The Cybersecurity Defenders Podcast

In this episode of The Cybersecurity Defenders Podcast, we discuss stress management and avoiding burnout with Amanda Berlin, CEO of Mental Health Hackers. Amanda is the Senior Product Manager of Cybersecurity at Blumira, where she collaborates with a talented team to make security more accessible. With a career in IT spanning nearly her entire adult life, her expertise includes infrastructure security, network troubleshooting, purple teaming, and security awareness training. Beyond her role at Blumira, Amanda leads Mental Health Hackers, an organization dedicated to addressing the unique mental health challenges faced by cybersecurity professionals and heavy technology users. Through education and advocacy, she helps shine a light on the critical intersection of mental health and the tech industry. All of the links: Coffee bot: Donuts Book: The Fearless Organization American Psychological Association Mental Health hackers next at: Bsides Charm in Baltimore, Blue Team Con in Chicago... check social media for more

On this episode of The Cybersecurity Defenders Podcast, we talk about security issues in the Arctic with Deepak Dutt, Founder of Zighra. Deepak is a technology leader and entrepreneur on a mission to secure the future against AI-powered threats and to inspire founders to transform their ideas from zero to meaningful impact. Deepak’s career began in the software space, inspired by his father’s passion for technology. In his late teens, he founded his first company in the eLearning space, which he successfully led to an acquisition, relocating to Ottawa at the age of 21. While in Ottawa, Deepak balanced graduate studies with roles at Newbridge Networks and Nortel, where he spent nearly a decade gaining expertise in product development, go-to-market strategy, and technological innovation. These experiences reinforced his drive to harness technology’s transformative potential. In 2009, Deepak founded his second startup, a cloud-based cybersecurity company. Over the years, he has participated in leading accelerators worldwide, including Barclays/Techstars, Creative Destruction Labs, and the Canadian Technology Accelerator. Today, as Founder and CEO of Zighra, he is building an operating system designed to defend against AI-powered attacks, working with financial institutions and governments to deliver robust security solutions powered by explainable AI, behavioral biometrics, and contextual intelligence. A passionate advocate of the Zero to Impact philosophy, Deepak is committed to inspiring tech founders to embrace big challenges and develop innovations that drive meaningful change.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment. The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks. GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security. Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters. Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.

On this episode of The Cybersecurity Defenders Podcast, we explore MSSP partnerships and technology providers with Raffaele Mautone, CEO of Judy Security. Raffaele brings a strong background in IT, sales, and operations, with extensive experience in cybersecurity and IT shaping the foundation of Judy Security. He has a proven track record of leading teams through successful acquisitions, strategic planning, and large-scale program deployments. Throughout his career, he has worked with major companies like Duo, FireEye, McAfee, and Dell, focusing on marketing and sales strategies, business process improvements, and go-to-market programs. Judy Security delivers enterprise-grade cybersecurity tailored for SMBs and MSPs. Their AI-powered platform is affordable, intuitive, and designed to seamlessly integrate with MSP business models while addressing the unique security challenges of SMBs. With Judy Security, businesses can stay protected with advanced, easy-to-use cybersecurity solutions—because safeguarding data shouldn’t be complicated.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. previous yearcombat cybercrimesupply chain compromisesSolarWinds breachresearchers at Unit 42

On this episode of The Cybersecurity Defenders Podcast we talk about talent acquisition, training, and retention in the MSSP space with Paul Ihme, Cofounder & Managing Principle at Soteria. Paul is a cybersecurity professional with extensive experience in both federal and private sectors. He is the co-founder and managing principal of Soteria, a firm that provides tailored cybersecurity solutions and strategic advisory services to help businesses defend against cyber threats 24/7. Soteria specializes in managed detection and response, domain monitoring, and risk management for Microsoft 365 environments among other things. Prior to founding Soteria, Paul held key roles in cybersecurity, including Vice President of Active Network Defense at JPMorgan Chase and as a Cyber Warfare Operator in the U.S. Air Force. Today, we are going to be discussing what it takes to Build a Skilled Team and exploring his experience with Talent acquisition, training, and retention in the MSSP space.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. avoid detectiondistributed among cybercriminalscredentials on its public websiteaccess to affected systems

On this episode of The Cybersecurity Defenders Podcast we speak with Garret Grajek, CEO of YouAttest, about how MSSPs help clients meet regulatory requirements and what it means for the MSSP. Garret is a certified security leader with nearly 30 years of experience in information security. Garret is widely recognized as a visionary in identity, access, and authentication, holding 13 patents in areas such as x.509, mobile security, single sign-on (SSO), federation, and multi-factor technologies. Over the course of his career, he has contributed to major security projects for prominent commercial clients like Dish Networks, Office Depot, TicketMaster, and E*Trade, as well as public sector organizations including the U.S. Navy and the EPA. Garret began his career as a security programmer at Texas Instruments, IBM, and Tandem Computers, later advancing to key roles at RSA, Netegrity, and Cisco. He is also the founder and creator of SecureAuth IdP, a two-factor authentication and SSO platform. Known for his expertise in security architecture, product development, and leadership, Garret is a thought leader in modern IT architecture, including mobile deployments, cloud, hybrid environments, and advanced authentication technologies.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. potential threatsActive Directory Domain Controllers (DCs)Customer-Provided Keys (SSE-C)unauthorized administrative accessvictims and evade detection

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report. Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech. Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she’s helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard. She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

On this episode of The Cybersecurity Defenders Podcast we talk about automation in MSSP operations with David Burkett, Cloud Security Researcher at Core light. David has deep expertise in cloud threat detection and automation. Over the course of his career, David has built and optimized three different Cyber Security Operations Centers for MSSP and MDR providers, demonstrating his unparalleled skill in scaling security operations through automation and efficient processes. David has consulted for over 40 Fortune 500 companies and large federal organizations, helping them design and implement SOAR platforms and playbooks that enhance detection and response capabilities. He also actively contributes to the open-source detection project Sigma, showcasing his dedication to advancing the cybersecurity community. Among his many accolades, David was part of a team that received the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award, recognizing their SOC as one of the top 1% in cybersecurity programs for cleared facilities. He also holds a robust set of GIAC certifications, reinforcing his technical expertise in threat intelligence, cloud security, and playbook design.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. United States, United Kingdom, and CanadaChinese state-sponsored hackersunpatched systems

MSSPs and other security service providers comprise the backbone of the cybersecurity industry. They are the organizations on the front line that keep the world running in the face of ever more sophisticated adversaries. In this special series we are going to be exploring a variety of topics with seasoned experts around the ways they have learned to improve the effectiveness of their organizations. Our guest today is Nick Gipson - the founder and CEO of Gipson Cyber. Nick founded Gipson Cyber in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare. Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up. Nick Gipson, the founder of Gipson Cyber, a company he launched in February 2023 to provide affordable, subscription-based cybersecurity services to small businesses. With nearly a decade of experience as a digital forensics investigator for the Department of Defense and Fortune 100 companies, Nick recognized a gap in cybersecurity solutions for smaller organizations. Determined to address this, he built Gipson Cyber to deliver proffesional-grade protection to industries like accounting, finance, legal, and healthcare. Nick’s company focuses on equipping small businesses with the tools to prevent cyber threats before they happen, backed by a team with over 20 years of expertise in the field. Today, we’ll explore not only the challenges small businesses face in cybersecurity but also the lessons Nick has learned in building a managed security service provider from the ground up.

In this episode of The Cybersecurity Defenders Podcast, we recount some hacker history, and with the help of Casey Ellis, Founder and CSO at Bugcrowd, tell the story of the largest critical infrastructure ransomware attacks in history: The Colonial Pipeline On May 7, 2021, Colonial Pipeline, an American oil pipeline system that originates in Houston, Texas, and carries gasoline and jet fuel mainly to the Southeastern United States, suffered a ransomware cyberattack that impacted computerized equipment managing the pipeline. The Colonial Pipeline Company halted all pipeline operations to contain the attack. Overseen by the FBI, the company paid the amount that was asked by the hacker group (75 bitcoin or $4.4 million USD) within several hours; upon receipt of the ransom, an IT tool was provided to the Colonial Pipeline Company by DarkSide to restore the system. However, the tool required a very long processing time to restore the system to a working state. This episode was written by the talented Nathaniel Nelson. Casey Ellis can be found on LinkedIn here.

On this episode of The Cybersecurity Defenders Podcast, we share both parts of 'When the Lights Went Out in Ukraine.' Beginning on January 13th, 2022, a Russian APT installed wiper malware on the IT networks of government, NGO, and IT companies across Ukraine. The malicious program was designed to appear like ransomware, but contained no recovery feature – it simply destroyed any computer it wished. Just one day later, hackers from the intelligence service of Belarus – Russia’s close ally – took down 70 websites belonging to the Ukrainian government. This was tilling – laying down the foundation for an all-out ground attack. Plastered on the 70 downed websites was a message from the attackers: “be afraid,” they wrote, and expect the worst.” This episode was written by the talented Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. And a special thank you to Robert Lipovsky for sharing his first-hand knowledge.

This episode of the Cybersecurity Defenders podcast is a two-part mini-series about the greatest cyber attack ever conceived: Stuxnet. Joining to help us tell the story is Kim Zetter, Journalist and Author - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon. Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history, and with the help of Marcus Hutchins, tell the story of the WannaCry ransomware attack. The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It propagated by using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. Researcher Marcus Hutchins discovered the kill switch domain hardcoded in the malware. Registering a domain name for a DNS sinkhole stopped the attack spreading as a worm, because the ransomware only encrypted the computer's files if it was unable to connect to that domain, which all computers infected with WannaCry before the website's registration had been unable to do. While this did not help already infected systems, it severely slowed the spread of the initial infection and gave time for defensive measures to be deployed worldwide, particularly in North America and Asia, which had not been attacked to the same extent as elsewhere.

In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Shawn Carpenter; a rogue cybersecurity defender who singlehandedly identified a Chinese APT. It is a phenomenal story that exemplifies the grit and moral fortitude that the best defenders among us have. Titan Rain was a series of coordinated attacks on computer systems in the United States since 2003; they were known to have been ongoing for at least three years. The attacks originated in Guangdong, China. The activity is believed to be associated with a state-sponsored advanced persistent threat. It was given the designation Titan Rain by the federal government of the United States. Titan Rain hackers gained access to many United States defense contractor computer networks, which were targeted for their sensitive information, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.

In this episode, we recount the story of Operation Flyhook - an FBI sting operation in 2000 that resulted in the arrest of two Russian hackers on American soil. It is quite the story and leaves us with some pretty heavy conclusions. This episode was written by Nathaniel Nelson, narrated by Christopher Luft, and produced by the team at LimaCharlie. Any questions or feedback can be directed to defenders@limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. ptcpdump is an eBPF-based version of tcpdump that adds process information to each packet. It supports filtering by process ID, process name, container ID, and Kubernetes pod name. In a recent implementation, Target's cybersecurity team adopted TLSH (Trend Micro Locality Sensitive Hash) to improve their malware detection capabilities. Huntress recently issued a threat advisory regarding active exploitation of a zero-day vulnerability affecting Cleo's file transfer software, specifically impacting LexiCom, VLTrader, and Harmony versions up to 5.8.0.21. Sublime Security recently analyzed a phishing campaign that impersonates Microsoft SharePoint to deliver the XLoader malware. Palo Alto Networks' Unit 42 team has uncovered a new packer-as-a-service (PaaS) operation named HeartCrypt, which has been active since July 2023 and began sales in February 2024. HeartCrypt is designed to obfuscate malware, making detection by security solutions more challenging.