As a manager, there's no getting around the fact that how well people like and trust you matters. According to this week’s guest, Patric J.M. Versteeg – CISO at Viterra, a global agricultural network operating in 39 countries, trust and likability are even more critical in security than in many other fields.

Last year, Patric was named European CISO of the Year. With over two decades of experience in the role, it’s safe to say he knows a thing or two about what makes a strong leader in the world of security.

In this episode, Robby and Patric discuss what makes a great CISO, the importance of “personal leadership,” and the common pitfalls many fall into.

Send us a text

In this episode, Robby speaks with Harry Wetherald, Co-Founder and CEO of the security platform Maze, about the current wave of LLM innovation in security and how to separate real progress from marketing fluff.

Drawing on his experience building security products, Wetherald shares how large language models are changing the way we approach vulnerability management, what to ask vendors about their "AI" claims, and why UX may be just as important as the models themselves.

Send us a text

In this episode of the mnemonic security podcast, Robby speaks with Knut Elde Johansen and Øyvind Bergerud from Storebrand about their transformation from early cloud challenges to established cloud maturity.

They discuss how Storebrand shifted from outsourced IT to building a modern, in-house cloud infrastructure, and how security evolved alongside it. From implementing policy as code to enabling developers through threat modelling, purple teaming, and CNAPP, Knut and Øyvind share hard-earned lessons from building a secure, cloud-native environment. They also explore the changing threat landscape and how Storebrand prepares for attackers who are becoming just as cloud-savvy as defenders.

Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Ricardo Ferreira, CISO EMEA at Fortinet, to explore the power of policy as code and its role in technical resilience. 

Ferreira explains how organisations can move beyond manual processes to automate security policies, reduce complexity, and enhance agility. They discuss cloud transformation, the challenges of enforcing policy at scale, and why automation and cultural change are essential for security teams. Plus, the growing role of AI and what the future holds for policy-driven security.

You can find his book Policy Design in the Age of Digital Adoption, here: https://www.amazon.com/Policy-Design-Digital-Adoption-transformation-ebook/dp/B09WJBQ7L7

Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Bernard Montel, EMEA Technical Director & Security Strategist at Tenable, to break down the evolution of vulnerability management into exposure management. 

Bernard explains how security has shifted from traditional vulnerability scanning to a broader approach that considers misconfigurations, attack paths, and identity risks. They discuss why most breaches stem from a toxic combination of exposures, the growing complexity of cloud security, and how organisations can prioritise real risks instead of drowning in vulnerability lists. Plus, how AI is changing the game for both defenders and attackers.

Send us a text

Audio-visual (AV) equipment is everywhere – meeting rooms, auditoriums, and control centres – but how often do we think about its security?

In this episode of the mnemonic security podcast, Robby talks to Øystein Stadskleiv from Leteng, about the overlooked risks of AV systems. They discuss real-world attack scenarios, common vulnerabilities, and practical steps to secure AV infrastructure. 

Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Emil Vaagland, Security Manager at FINN.no, Norway’s leading online marketplace.

They discuss the unique security challenges of a cloud-first, developer-heavy organisation, covering everything from vulnerability management and secure coding, to fraud detection and access control. Vaagland shares insights into their approach to bug bounties, DevSecOps, and balancing security with developer efficiency.

Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Dustin Childs, Head of Threat Awareness at Trend Micro’s Zero Day Initiative (ZDI). Dustin explains the ZDI’s role in purchasing and analysing vulnerabilities to provide early protection for customers and how zero days – previously unknown vulnerabilities – become "n-days" once disclosed or patched.

The conversation highlights the critical importance of timely patching, the risks posed by bad patches, and the concept of virtual patching as a defence strategy. Dustin also delves into attack surface monitoring, the evolving threat landscape, and the ongoing challenges of balancing security and usability in modern networks.

Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Eirik Nordbø and Marius Kotlarz from Equinor, as well as Haakon Staff from mnemonic.

Together, they discuss the world of Capture the Flag (CTF) competitions, exploring their origins, structure, and benefits. CTFs, as they explain, are “hacking” contests featuring challenges such as cryptography and reverse engineering, where participants solve tasks to uncover "flags" and earn points.

The discussion highlights the educational value of CTFs, particularly in helping developers, pentesters, and other IT professionals refine their skills and master advanced techniques. The group also addresses the logistical challenges of hosting a CTF—such as the Equinor CTF—from infrastructure setup to stress testing, while emphasizing the passion and expertise required to organize a successful event. Finally, they explore how CTFs can serve as a valuable recruitment tool for identifying and attracting top security talent.

Send us a text

To kick off 2025, Robby chats with Duncan Ogilvie, a renowned expert in Reverse Engineering (RE), the creator of x64dbg (a popular open-source x64/x32 debugger for Windows), and the mind behind 100+ other cool projects.

Their conversation covers the evolving field of RE, discussing common challenges, practical techniques, and how professionals navigate the landscape. Duncan also shares his insights on the current tools shaping the field, explores the role of "AI" in RE, and speculates on what the future might hold for the industry niche.

Listeners will also get a sneak peek into Duncan’s upcoming course, scheduled for February 20-21 in Oslo. The course will focus on using LLVM for binary analysis and is designed to help intermediate reverse engineers sharpen their skills. If you’re interested, sign up here!
https://www.mnemonic.io/resources/events-webinars/exclusive-training-with-duncan-ogilvie-LLVM-IR-and-binary-lifting/

Send us a text