Avsnitt
-
In this episode of Reimagining Cyber, Tyler Moffitt, Senior Security Analyst at OpenText Cybersecurity, delves inro the complex issue of insider threats. He concentrates on the two main types of insider threats: malicious insiders who knowingly abuse their access, and unintentional insiders who fall prey to phishing and other social engineering attacks. The conversation is highlighted by recent high-profile cases such as the Coinbase breach, where a third-party contractor was bribed, and the Scattered Spider group's attack on UK retailers like Marks and Spencer and Co-op. The episode explores the real-world financial impacts of these breaches and offers detailed strategies for defending against insider threats, emphasizing the importance of layered security, strict access controls, and thorough training. Listen to learn more about the evolving landscape of insider threats and how to protect your organization.
Links mentioned in this episode:
https://community.opentext.com/cybersec
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, Rob Aragao welcomes Matt Gorham, former Assistant Director of the FBI’s Cyber Division and current leader of PwC’s Cyber and Risk Innovation Institute. Gorham shares critical insights from his 25-year FBI career and discusses the evolution of ransomware—especially the rise of ransomware-as-a-service models and the business-like operations of Eastern European cybercriminal syndicates. He emphasizes the importance of cyber hygiene, incident response planning, and executive-level tabletop exercises. The discussion also covers the often-misunderstood relationship between private companies and law enforcement, as well as the implications of AI, onshoring manufacturing, and the shifting geopolitical cybersecurity landscape. A must-listen for CISOs, board members, and security leaders looking to turn preparation into resilience.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
Saknas det avsnitt?
-
In this episode Senior Security Analyst Tyler Moffitt unpacks the 2025 OpenText Cybersecurity Threat Report. He dives into alarming shifts like a 28% spike in malware infections, the relentless resilience of ransomware group LockBit, and the surge of AI-enhanced phishing campaigns. Tyler breaks down why old-school malware tactics still dominate, how affiliate-driven ransomware-as-a-service is thriving, and why European businesses are increasingly in the crosshairs. Plus, he explores what’s actually working—simple, disciplined defenses—and why “eating your cybersecurity vegetables” may be the most powerful strategy of all. Don't miss Tyler's predictions on AI’s evolving role in both attack and defense for the year ahead.
Find the report here:
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this eye-opening episode of Reimagining Cyber, host Tyler Moffitt is joined by Tom Tovar, co-creator of cybersecurity company Appdome, to unpack one of the fastest-growing threats in mobile security—deepfakes and biometric bypass attacks.
Tom explains why facial recognition, once considered a reliable security measure, was never designed to withstand today’s AI-powered spoofing tactics. From simple call interception techniques to sophisticated real-time face-swapping and buffer overrides, Tom walks us through the anatomy of modern biometric attacks. He also reveals why most mobile apps—and even top-tier facial recognition systems—are currently defenseless against these threats.
We dive deep into the vulnerabilities hiding in plain sight within mobile frameworks, and why defending facial recognition starts with the app itself, not the authentication system. Plus, Tom gives us a glimpse into how AI is being used to both attack and defend, and what the future of mobile app security might look like.
If you think your face is your password, think again.
Topics Covered:
How attackers bypass facial recognition without even needing a deepfakeCommon tools and techniques used to manipulate authentication flowsThe problem with relying on SDK-based facial recognition vendorsWhy the future of defense lies in app-level perimeter securityHow Apto is using AI to build autonomous, in-app defensesWhether you're a security professional or just fascinated by the evolving threat landscape, this is a must-listen episode.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, Tyler Moffitt, Senior Security Analyst at OpenText Cybersecurity, explores the evolution of fast flux — a once obscure spamming tactic that has now become a serious national security concern. Learn how this evasive DNS technique enables ransomware groups and nation-state actors to stay resilient, hide their infrastructure, and extend the life of their attacks.
Tyler breaks down how fast flux works, why it’s seeing renewed attention from the NSA and CISA, and what security teams can do to detect and defend against it. From DNS filtering and anomaly detection to the role of ransomware affiliates and cybercriminal business models, this episode delivers deep insights into one of today’s most pressing cybersecurity threats.
Key topics:
Fast flux: what it is and why it matters nowHow it's being used to protect ransomware infrastructure and leak sitesDetection strategies and red flags for defendersThe bigger picture: national security, affiliate models, and the cybercrime economyPractical steps enterprises can take to prepare and protectDon’t miss this eye-opening discussion. Be sure to check out Tyler’s blog for a deeper dive.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, we set sail into the world of maritime cybersecurity with one of the foremost experts in the field, Dr. Gary Kessler. From GPS spoofing to autonomous vessels, Gary breaks down the evolving threats facing modern ships and ports as they become increasingly digitized and connected. With over 50 years of experience in cybersecurity and a lifelong connection to the water, Gary shares how his career merged passion and profession, leading to groundbreaking research in AIS spoofing and maritime threat mitigation.
We explore the real-world cyber risks impacting global logistics, including the infamous 2017 NotPetya attack on Maersk, the rise of ghost and dark fleets, and how pirates are using hacked logistics systems to target high-value cargo. Gary also explains why the term “cybersecurity” may miss the mark—and why protecting the information itself is what really matters.
Plus, hear about the upcoming Maritime Hacking Village at DEFCON and how you can get involved. If you're curious about the cyber threats lurking beyond the horizon, this episode is your compass.
Links:
Maritime Cybersecurity: A Guide for Leaders and Managers
Maritime Hacking VillageFollow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, host Tyler Moffitt welcomes Tim Armandpour from PagerDuty to explore how organizations can assess and manage their cyber risk in an era of rapid technological change. They discuss the importance of continuous risk evaluation, building a culture of resilience, and the impact of AI on security practices.
Tim shares insights on zero trust architecture, lessons learned from major incidents like the CrowdStrike outage, and how businesses can adapt their security strategies to stay ahead. Whether you're a security leader or just interested in the evolving cybersecurity landscape, this episode offers valuable takeaways on managing risk, ensuring operational resilience, and preparing for the future of AI-driven security.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, threat research analyst Tyler Moffitt explores the evolution of cryptocurrency—from a libertarian dream to a key enabler of cybercrime. Tyler shares his personal journey into crypto mining and breaks down pivotal moments in Bitcoin’s history, including the rise of Silk Road, the emergence of ransomware, and the infamous WannaCry attack.
The discussion also dives into why criminals prefer privacy coins like Monero, how law enforcement is fighting back using blockchain analytics, and whether crypto can ever shake its association with illicit activities. Packed with expert insights and real-world examples, this episode is a must-listen for anyone curious about the intersection of cryptocurrency and cybersecurity.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, we dive into Europol’s latest report, The Changing DNA of Serious and Organised Crime, which highlights how AI is accelerating cybercrime and global information warfare. Rob Aragao, breaks down the report’s key findings, including AI-driven fraud, deepfake scams, and automated cybercrime operations.
We also explore the broader implications of AI in shaping misinformation campaigns, with major players like China, Russia, and Iran investing billions in disinformation efforts. As law enforcement agencies struggle to keep up, we discuss the challenges of combating AI-powered threats and what this means for cybersecurity on a global scale.
Rob also touches on how The U.S. is facing challenges in defending against AI-driven disinformation, as key institutions are shut down. This reduction in information validation and support makes it harder to track and counter adversarial efforts.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
Significant changes are underway at the Cybersecurity and Infrastructure Security Agency (CISA), and the cybersecurity community is paying close attention. In this episode, we break down the recent funding cuts, layoffs, and restructuring efforts that could reshape the agency’s mission—and potentially impact national cybersecurity.
Join Rob Aragao as he analyzes:
🔹 The key drivers behind CISA’s transformation
🔹 How these changes affect state and local cybersecurity efforts
🔹 The debate between efficiency vs. security risks
🔹 What cybersecurity professionals should watch for nextWith critical infrastructure and election security on the line, these shifts could have far-reaching consequences.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode, we’re diving into the world of LockBit, one of the most notorious ransomware groups out there, and how it’s keeping law enforcement on its toes. We’ll break down their latest moves, the battle between hackers and agencies like the FBI, and what it means for cybersecurity moving forward.
Here’s what we cover:
The Kash Patel Incident: Recently, LockBit took a jab at Kash Patel, the FBI Director, in a post on their leak site. The group congratulated him on his appointment and dropped a hint that they had info that could embarrass the FBI. It’s all part of LockBit’s strategy to keep itself in the headlines and make sure it stays relevant, even as law enforcement gets serious about shutting them down.
LockBit’s Operations: LockBit operates on a ransomware-as-a-service model. What does that mean? Well, they provide the tools and infrastructure for affiliates to carry out attacks. And those affiliates don’t hold back—LockBit has gone after hospitals, government agencies, and businesses, demanding huge ransoms in the process.
Takedowns and Law Enforcement’s Response: The FBI has had some wins, like taking down LockBit’s leak site during Operation Kronos. But LockBit? It’s not exactly slowing down. They’ve bounced back with new infrastructure and continued to wreak havoc. The group seems to enjoy the back-and-forth with law enforcement, using it to attract more affiliates and keep their operation growing.
LockBit’s Evolution: The group just dropped version 4.0 of their ransomware, and they’re still advertising on their site, offering affiliates big payouts and even luxury cars for successful attacks. Now, they’ve even started to position themselves as a kind of twisted “pen-testing” service—after they ransom someone, they’ll help them find security flaws in their systems.
Law Enforcement Struggles: Despite efforts from the FBI and other agencies, ransomware groups like LockBit keep adapting. The Russia-Ukraine conflict has only made things worse, and LockBit has shown no signs of slowing down. While law enforcement is certainly stepping up, the fact remains: no major figures have been caught yet.
Practical Tips for Organizations: We’ve got some actionable advice for businesses to stay ahead of these ransomware gangs. First off, enable two-factor authentication (2FA) wherever you can. Also, don’t ignore your software updates—many attacks exploit outdated systems. And if you can, hire a professional red team to conduct penetration testing and find the holes before the hackers do..
LockBit may not be invincible, but they’re still a huge threat. The group’s persistence and ability to evolve mean that ransomware operations are going to be around for a while. The battle between cybercriminals and law enforcement is far from over, and it’s only going to escalate as these groups get more sophisticated and resilient.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber we tackle two seismic shifts in digital security: the fight over encryption and the rise in quantum computing.
First up, the UK's aggressive push against encryption. With legislation like the Investigatory Powers Act and the Online Safety Bill, the UK government is pressuring tech giants to create backdoors for law enforcement. But what happens when those backdoors fall into the wrong hands? Cybersecurity expert Tyler Moffitt doesn’t mince words: “The moment you create a backdoor for the government, you open it up to everybody—cybercriminals, rogue states, you name it.” Apple initially took a hard stance, threatening to pull iMessage and FaceTime from the UK. But in a move that sent ripples through the industry, they recently scaled back their Advanced Data Protection feature for UK users. Is the result a chilling precedent that other governments may soon follow?
If that weren’t enough, encryption’s future faces another existential threat—quantum computing. Even the strongest cryptographic methods in use today could become obsolete once quantum processors reach critical mass. To explore this, we revisit Episode 43: Inside the Fight to Protect Data from Quantum Computers, featuring veteran cryptographic engineer Terence Spies. He warns that the fundamental rules of encryption could soon change forever. “Unlike other areas of software, cryptography is about proving what can’t happen,” Spies explains. “Quantum computing changes that equation entirely.”
With quantum breakthroughs on the horizon, governments and enterprises must scramble to adopt post-quantum cryptography—before it’s too late. Transitioning away from RSA and elliptic-curve encryption isn’t just a technical challenge; it’s a bureaucratic and logistical nightmare that could take decades. And yet, with quantum attacks potentially capable of breaking today’s encryption in mere hours, the race is on to secure our digital future.
Listen to the full episode of Reimagining Cyber and stay ahead of the encryption debate. The stakes have never been higher.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, host Rob Aragao explores the concept of shadow AI and its implications in cybersecurity. Inspired by the recent AI Action Summit in Paris, Rob delves into core areas such as threat detection, governance, and data privacy. He addresses the growing concerns around unauthorized AI implementations within organizations and emphasizes the importance of collaborative efforts and governance frameworks. Practical solutions like API secure gateways, data sandboxes, and centers of excellence for AI are discussed to mitigate risks and enhance cybersecurity practices.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, new co-host Tyler Moffitt talks about the intersection of blockchain technology and cybersecurity. He discusses the basics of blockchain, its differences from traditional databases, real-world applications, the current rate of adoption, and the challenges it faces. Tyler also shares his personal journey into the world of blockchain and his passion for the technology. The episode concludes with a discussion on the future of blockchain in cybersecurity and a fascinating tale about lost Bitcoin worth millions.
Links mentions in the episode:
https://en.wikipedia.org/wiki/Bitcoin_buried_in_Newport_landfill
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, host Rob Aragao explores the role of the Professional Association of CISOs (PAC) with Demetrius Comes, a CISO executive advisor at EVOTEK and a leader within PAC. Comes, who has held cybersecurity leadership roles at companies like GoDaddy and Warner Brothers Games, discusses PAC’s mission to support CISOs through professional development, peer collaboration, and industry education.
The conversation covers PAC’s initiatives, including local chapters, certification programs, and resources designed to help CISOs navigate leadership responsibilities, liability concerns, and emerging cybersecurity threats. Combs also provides insight into broader industry trends, such as the evolving role of CISOs, the importance of cyber hygiene, and the growing impact of AI in cybersecurity.
This episode offers valuable information for cybersecurity professionals looking to understand the benefits of PAC and the challenges facing modern security leaders.
Links relevant to this episode:
Professional Association of CISOs - https://theciso.org/
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode, we dive into the world of passkeys and how they’re revolutionizing online security. Say goodbye to password fatigue and phishing scams—passkeys promise a more secure and seamless authentication experience. We discuss what passkeys are, how they work, and why major tech companies are adopting them.
Topics Covered:
What are passkeys and how do they work?The difference between passkeys and traditional passwordsHow passkeys improve security and prevent phishing attacksThe role of biometrics in passkey authenticationHow losing your phone affects access to accountsCross-device authentication and cloud synchronizationWhy big tech companies like Google, Apple, and Microsoft are embracing passkeysThe potential future of cybersecurity beyond passwordsKey Takeaways:
Passkeys use cryptographic keys stored on devices for authentication, eliminating the need for passwords.They are more secure than traditional passwords and resistant to phishing attacks.Losing a device doesn’t mean losing access—most platforms allow recovery through cloud-based synchronization.Biometrics, such as fingerprint or face recognition, enhance the convenience and security of passkeys.Tech giants are pushing for a passwordless future to improve online security and user experience.Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of 'Reimagining Cyber,' Rob Aragao explores major trends and focus areas for cybersecurity in 2025. The discussion includes regulatory impacts, particularly around the Digital Operational Resiliency Act (DORA) and the EU AI Act, the complexities of data privacy with eight new laws in the U.S., and the growing emphasis on compliance automation. Rob also delves into the evolution of identity and access management, the convergence of data and identity, and the critical importance of supply chain security. The episode wraps up with insights into the recent DeepSeek incident and its implications for national security and data privacy.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode, Reimagining Cyber's Rob Aragao dives into the World Economic Forum's recently released Cybersecurity Outlook for 2025. Key areas highlighted include the impact of geopolitical tensions on cyber espionage, the persistent threat of ransomware, the dual role of AI in bolstering cybersecurity and amplifying cyber attacks, and the ongoing cybersecurity skills shortage. The discussion also covers the importance of resilience in cybersecurity strategy and the critical need for improved collaboration across industries and with the public sector. The episode is packed with practical insights for C-suite leaders, particularly in how these findings can inform and strengthen organizational cybersecurity programs.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
Join Reimagining Cyber's host Rob Aragao as he talks about the evolving role of the CISO in aligning cybersecurity with business objectives. Rob emphasizes the importance of integrating security early in development processes to foster business agility and protect customer trust. He highlights key strategies for CISOs to effectively communicate with executive leadership and align security initiatives with financial and operational goals. Tune in for expert advice on driving growth and efficiency through a robust cybersecurity framework.
00:00 Introduction and New Year Greetings
00:59 Reflecting on Past Episodes and Setting the Agenda
02:09 The Evolving Role of the CISO
03:03 Integrating Cybersecurity with Business Operations
03:37 Enhancing Business Agility and Reducing Friction
05:55 Protecting Customer Trust and Data Privacy
06:46 Mitigating Financial Losses from Security Incidents
07:36 Operational Efficiency and Early Security Integration
07:52 Communicating Cybersecurity to Stakeholders
13:08 Financial Literacy and Budget Justification
14:34 Challenges in Cybersecurity Communication
17:22 Concluding Remarks and Farewell
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. -
In this episode of Reimagining Cyber, host Rob Aragao welcomes Dr. Andrew Reeves, a cyber psychology expert from the University of New South Wales Institute for Cybersecurity. They discuss Andrew's groundbreaking national study on mental well-being in the cybersecurity sector and the high burnout rates among cybersecurity professionals. Dr. Reeves compares these rates to those in other industries, notably frontline healthcare workers, and highlights the lack of appreciation and support for cyber professionals. He shares an example of a colleague who experienced a severe panic attack due to job stress, leading to early retirement. The episode explores systemic issues and potential resources for mental health support within the cybersecurity industry.
00:00 Welcome and Introduction
00:34 Exploring Cyber Psychology
00:44 Comparing Cybersecurity to Other Industries
02:47 Burnout in Cybersecurity
05:27 Personal Stories and Experiences
11:18 Resources and Final Thoughts
Links/resources mentioned this episode:
University of New South Wales Institute for Cybersecurity.
https://www.unsw.edu.au/research/ifcyber
Cybermindz
https://cybermindz.org/
University of Adelaide Defence and Security Institute
https://www.adelaide.edu.au/defence-security/Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings. - Visa fler
