Sign up to save your podcasts
Or
Share Why Third-Party Apps Can Put You at Risk! #DTF019
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why Third-Party Apps Can Put You at Risk! #DTF019
Welcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk!
Follow us on X: @DTFCyberPodcast
Watch on YouTube: https://www.youtube.com/@DTFCyberPodcast
Timestamps
00:00 - Intro: Welcome to the DTF Cyber Podcast
00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO
01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector
03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident
04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype
06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC)
09:57 - Do CISOs Need to Be Super Technical? The Debate
13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword
18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure
23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers
26:30 - Vendor Transparency and Proactive Disclosure
29:01 - Shadow IT and the Challenges of Vendor Visibility
31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities
36:02 - Managing Up: Communicating Risks to Leadership
39:15 - Gen Z Slang and Workplace Communication Challenges
43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk
47:46 - Future Topics: Non-Human Identities and Agentic AI
51:02 - Actionable Advice: Audit Your OAuth Tokens Now
54:41 - Closing Thoughts from Troy, Damian, Fern, and Lester
What You’ll Learn
- How attackers exploited OAuth tokens in the Salesloft Drift breach
- The cascading risks of third and fourth-party vendors
- Practical steps to audit and secure OAuth tokens and APIs
- Why non-human identity management is critical for modern cybersecurity
Have you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers.
#Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcast
Linkedin:
Damian: https://www.linkedin.com/in/damianchung/
Troy: https://www.linkedin.com/in/kosovotroy/
Fern: https://www.linkedin.com/in/fernrojasaz/
Business Inquiries: dtf at cyberpodcast dot net
View all episodes
By Cyber PodcastWelcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk!
Follow us on X: @DTFCyberPodcast
Watch on YouTube: https://www.youtube.com/@DTFCyberPodcast
Timestamps
00:00 - Intro: Welcome to the DTF Cyber Podcast
00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO
01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector
03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident
04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype
06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC)
09:57 - Do CISOs Need to Be Super Technical? The Debate
13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword
18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure
23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers
26:30 - Vendor Transparency and Proactive Disclosure
29:01 - Shadow IT and the Challenges of Vendor Visibility
31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities
36:02 - Managing Up: Communicating Risks to Leadership
39:15 - Gen Z Slang and Workplace Communication Challenges
43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk
47:46 - Future Topics: Non-Human Identities and Agentic AI
51:02 - Actionable Advice: Audit Your OAuth Tokens Now
54:41 - Closing Thoughts from Troy, Damian, Fern, and Lester
What You’ll Learn
- How attackers exploited OAuth tokens in the Salesloft Drift breach
- The cascading risks of third and fourth-party vendors
- Practical steps to audit and secure OAuth tokens and APIs
- Why non-human identity management is critical for modern cybersecurity
Have you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers.
#Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcast
Linkedin:
Damian: https://www.linkedin.com/in/damianchung/
Troy: https://www.linkedin.com/in/kosovotroy/
Fern: https://www.linkedin.com/in/fernrojasaz/
Business Inquiries: dtf at cyberpodcast dot net