To kick off 2025, Robby chats with Duncan Ogilvie, a renowned expert in Reverse Engineering (RE), the creator of x64dbg (a popular open-source x64/x32 debugger for Windows), and the mind behind 100+ other cool projects.

Their conversation covers the evolving field of RE, discussing common challenges, practical techniques, and how professionals navigate the landscape. Duncan also shares his insights on the current tools shaping the field, explores the role of "AI" in RE, and speculates on what the future might hold for the industry niche.

Listeners will also get a sneak peek into Duncan’s upcoming course, scheduled for February 20-21 in Oslo. The course will focus on using LLVM for binary analysis and is designed to help intermediate reverse engineers sharpen their skills. If you’re interested, sign up here!
https://www.mnemonic.io/resources/events-webinars/exclusive-training-with-duncan-ogilvie-LLVM-IR-and-binary-lifting/

In this episode of the mnemonic security podcast, Robby is joined by Tony Fergusson, CISO EMEA at Zscaler. They start with a market update on Zero Trust and discuss the challenges relating to adoption that he has observed (ever heard of the Popcorn Theory?). 

Fergusson then introduces the concept of risk hunting – a proactive strategy to identify and mitigate risks before they escalate into breaches – and explains how it relates to threat hunting. He emphasizes the importance of least privilege, continuous evaluation, and what Zero Trust looks like for users and workloads.

In this episode of the mnemonic security podcast, Robby is joined by Scott Piper from Wiz and Håkon Sørum from O3 Cyber to talk cloud security. 

They cover the evolution of cloud security products since Amazon's release of S3 and EC2 in 2006 and how the market has matured into the CNAPP we know today.  They chime in on most of the buzzwords associated with CNAPP, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Cloud Infrastructure Entitlement Management (CIEM), and Cloud Detection and Response (CDR), as well as other key areas of CNAPP such as vulnerability scanning, "shift-left" security, cloud data security, and compliance.   

They explain the definition and challenges of "cloud-native attacks" and misconfigurations and discuss whether third-party SOCs can add context and enhance detection capabilities.  

In this episode, Robby is joined by Maximilian Heinemeyer, Chief Product Officer at Darktrace.

The conversation focuses on Max's perspective on detection engineering and the use of machine learning. He shares his opinion on the limitations of traditional, signature/behaviour-based detection methods and the challenges organisations face when building complex detection engineering systems.

Max contrasts these traditional approaches with the unsupervised machine learning techniques used by Darktrace, and describes the "aha moments" he experienced when seeing this technology work in its early days.

In this new episode of the mnemonic security podcast, Robby Peralta is joined by Leonid Rozenberg, a cybersecurity expert and dark web researcher at Hudson Rock, to discuss infostealers. Rozenberg provides a brief history of infostealers, which began with Zeus in 2007, a malware initially designed to steal only banking information. Today, infostealers have evolved to capture all types of personal and sensitive data, including passwords, cookies, and cryptocurrency information. Infostealer malware can be bought on the dark web as a turnkey solution, or "mass malware as a service," for as little as $99 per month.

Rozenberg emphasises the importance of cybersecurity education and debunks common misconceptions about antivirus protection, complex passwords, and multi-factor authentication. He also highlights the ongoing threat of infostealers and their adaptability in bypassing security measures.

Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly "critical" in a landscape where every sector claims importance.

They explore the difficulty in distributing security investments across industries and the growing need for organisations of all sizes to adopt a mindset of self-defence. Joe also addresses the potential consequences of large-scale cyberattacks, such as those by Volt Typhoon, emphasising the need for coordinated incident response and leadership during crisis scenarios. He concludes with a strong call for resilience and highlights the vital role CEOs play in ensuring organisational preparedness.

KraftCERT trusselvurdering 2024 | In Norwegian only

In this episode, Robby is joined by Espen Endal and Bjørn Tore Hellesøy from KraftCERT/InfraCERT - the Norwegian CERT for the energy and petroleum sectors. 

The trio discuss the Threat Assessment report recently published by KraftCERT/InfraCERT, and the unique challenges the Norwegian energy sectors are facing. They touch into topics such as threat evaluation, insider threats, countermeasures, and the importance of maintaining robust security practices despite evolving digital landscapes. 

The conversation emphasises the contextualization of national threat assessments to be practical for energy production companies, stressing the balance between emerging technologies like AI and Digital Twins and their associated risks.

The Threat Assessment 2024 report is available at: https://www.kraftcert.no/filer/KraftCERT-ThreatAssessment2024.pdf

In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers.

Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber preparedness at the Danish Energy Agency, and served as a subject matter expert for SCADA, OT, ICS and IoT at the Danish Center for Cyber Security.

In the discussion Jens shares his unique perspective on how security acts as both an enabler and a potential barrier in the transition towards renewable energy transition, and how the industry needs to move from a reactive, compliance-driven approach towards a more proactive, risk-based model. Jens also shares insights into the threat landscape, potential motivations of state actors, and how Vestas is working to quantify cyber risk and empower customers to better understand and control their own cyber risks.

In this episode of the mnemonic security podcast, Robby is joined by Matt Cooke from Proofpoint. 

They discuss the evolving landscape of email security, emphasising the need for a multi-layered approach beyond traditional prevention methods, as well as the importance of pre-delivery, post-delivery, and click-time protection to combat phishing and business email compromise (BEC) attacks. 

Matt notes that 76% of data breaches involve human error, and stresses the significance of threat intelligence and machine learning in detecting and mitigating threats. The conversation also touches on the role of AI in enhancing email security, the importance of DMARC for email authentication, and the concept of "very attacked people" (VAPs) to prioritise security efforts.

In this special, celebratory 100th episode of the mnemonic security podcast, Robby speaks with author and industry legend - Jon DiMaggio.

Jon is the Chief Security Strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, Jon authored several investigative reports, including Robby´s favourite, “The Ransomware Diaries”, and also wrote the award-winning book “The Art of Cyberwarfare.” 

Jon has gone as far as to go develop relationships with some of the world’s most notorious ransomware gangs, for example LockBit, and exposed the interworkings of cartels behind major ransomware attacks. Their conversation explores the operational models of ransomware groups, which often function through a web of partnerships, specialised roles, and profit-sharing structures. DiMaggio provides his unique perspective on building relationships with cybercriminals to gather intelligence while navigating the ethical dilemmas and personal risks. 

Most importantly, he answers Robby´s burning question: “What’s your opinion of the bad guys?”