Avsnitt
-
This episode explores why purple teaming is becoming a smarter security strategy, with host, Matt Triner, speaking alongside guests Jordan Lazo, Gabriel Abdalawad, and Jake Williams from Hunter Strategy. They break down the difference between red, blue, and purple teams, and explain how collaboration helps organizations improve detections and reduce blind spots. The conversation also covers why purple teaming is especially valuable for less mature organizations that need to build stronger security foundations. Overall, the guests argue that sharing tactics, testing detections, and closing gaps creates more practical security than working in silos.
Episode Chapters: 00:00 Introduction to Cybersecurity Teams
01:00 Defining Blue, Red, and Purple Teams
03:19 The Philosophy of Purple Teaming
07:57 Real-World Examples of Detection and Exploitation
12:55 Building a Purple Team in Less Mature Organizations
18:39 The Importance of Detection Engineering
23:49 Understanding Decay and AI Solutions
29:53 Cloud Security: Risks and Responsibilities
31:17 Documentation Challenges in Cloud Implementations
37:54 The Case for Purple Teams
44:24 Strategies for Implementing Purple Teams
-
Cyber warfare is often misunderstood and this episode explains why it’s usually a supporting act rather than the main event in modern conflict. Jake Williams and Bryson Bort break down how cyber operations differ from kinetic warfare, why attribution and battle damage assessment are so difficult, and why political and strategic limits often matter more than the technology itself. You’ll also hear how adversaries use low-cost, scalable cyber campaigns to create disruption without triggering direct escalation. Overall, it’s a sharp look at how cyber tactics are reshaping future warfare and global security.
Episode Chapters:
00:00 Introduction to Cyber Warfare
05:16 The Role of Cyber in Modern Warfare
07:51 Stuxnet: A Case Study in Cyber Warfare
10:52 Legal Definitions and Warfare
16:17 The Complexity of Cyber Operations
17:50 Investment in Cyber Capabilities
22:10 The Future of Cyber Warfare
27:06 Ethics and Cyber Warfare
33:51 Predictions for Future Conflicts
41:30 Educating on Cyber Warfare
-
Saknas det avsnitt?
-
Cybersecurity Challenges in Internet of Things (IoT) Devices
IoT isn't just smart bulbs and garage door openers, it's the badge scanner at your office door, the sensors on a wind turbine, the x-ray machine at your hospital, and the PLC system running a manufacturing floor. The attack surface is enormous, and most of it was never built with security in mind.
In this episode, host Matt Triner sits down with Adeel Chohan, Head of Data & AI at Provectus, to unpack why IoT security is so hard to get right and why it keeps getting harder. They dig into device procurement gaps, firmware vulnerabilities, the challenges of securing brownfield infrastructure, and why security is almost always the last conversation in an IoT deployment, not the first.
From power grids to hospital networks to factory floors, Adeel and Matt explore what it actually takes to secure environments where connected devices outnumber the people managing them - and why legacy perimeter defenses aren't built for this reality.
You can't protect what you can't see.
Episode Chapters:
00:00 Introduction to IoT Device Security
02:47 The Broad Scope of IoT Devices
05:35 Unique Considerations for Securing IoT Devices
09:56 Challenges in Implementing Security Measures for IoT Devices
23:27 The Role of Cloud Providers in Enabling and Securing IoT Devices
26:49 The Challenge of IoT Cybersecurity and the Need for Standardization
27:42 From Point-to-Point Solutions to Standardized Device Management
31:05 The Trade-Offs Between Proprietary and Standardized Protocols
42:01 The Role of Regulation in Ensuring IoT Security
44:27 The Impact of Decreasing Sensor Costs on IoT Security
46:33 The Mindset Shift Towards Prioritizing IoT Security
49:06 The Future of IoT Security: Regulations, Collaboration, and AI
-
Unlock the future of cybersecurity in the Department of Defense with insights on the latest tools, frameworks, and strategies transforming network monitoring. Most agencies are still relying on outdated processes—are you prepared for the shift toward automated, real-time risk assessments? In this episode, Dan Beller, Director of Cloud Solutions at Hunter Strategy, and Chris Sowards, GRC expert, reveal how cutting-edge innovations like OSCAL, cloud-native integrations, and advanced vulnerability scanning are revolutionizing continuous monitoring for defense networks.
Episode Chapters:
00:00 Introduction to Continuous Monitoring and Risk Assessment
02:05 Continuous Monitoring and the ATO Process
03:23 Continuous Monitoring and System Modifications
06:15 Evolution of Continuous Monitoring
08:45 Assessment and Compliance in Continuous Monitoring
12:44 Tooling and Automation in Continuous Monitoring
16:04 Future Trends in Continuous Monitoring
19:04 Building Trust and Relationships
19:43 Challenges in Generating Artifacts
20:29 Automating ATO Process
22:48 GRC as a Gateway into Cybersecurity
24:00 The Value of GRC Professionals
24:29 The Importance of GRC in Software Development
25:51 The Need for Improved Tooling
27:08 The Role of OSCAL in Trusting Tooling
28:31 Tools for Managing Disparate Scanning Results
29:52 The Challenge of Limited Authorizations
30:51 Collaboration and Human Readability in OSCAL
34:07 The Need for Connected Governance
36:27 Measuring the Success of Continuous Monitoring
-
Most organizations overlook the secret ingredient to cybersecurity success: culture. In this eye-opening episode, cybersecurity veterans Russell Eubanks and AJ King reveal how building a strong security culture isn’t just good practice, it's essential. They share powerful stories demonstrating what a thriving security culture looks like and how it can prevent costly breaches. Discover why aligning mindsets and fostering collaboration across teams can transform security from a challenge into a strategic advantage. Perfect for leaders eager to embed security into their organization's DNA, this conversation offers proven strategies to transform your mindset—and your defenses.
00:00 Introduction to Security Culture
02:27 The Importance of Culture in Cybersecurity
05:19 Examples of Good and Bad Security Culture
11:01 Comparing Security Cultures Across Organizations
18:35 Common Pitfalls in Enhancing Security Culture
21:58 Integrating Security into Organizational Culture
23:45 The Role of Non-Security Management
26:35 Empowering All Employees in Security
29:28 Phishing Exercises: A Double-Edged Sword
38:25 Key Takeaways for Executives and Non-Executives
-
In this episode of "This is Fine," AJ King, Alex Sharpe, and Jake Williams delve into the complexities of the Zero Trust framework and its overlay against NIST 800-53 R5. They explore the philosophical and practical aspects of Zero Trust, emphasizing its role in modern cybersecurity. The discussion highlights the challenges and strategies for implementing Zero Trust, particularly in government and commercial sectors. The episode concludes with insights on how organizations can approach Zero Trust as an evolving mindset rather than a fixed goal.
Episode Chapters:
00:00 Introduction to Zero Trust and NIST 800-53
05:37 Challenges in Implementing Zero Trust
11:18 The Role of Identity in Zero Trust
17:11 The Evolution of Zero Trust
22:29 Final Thoughts on Zero Trust Implementation -
In this episode of This is Fine, cybersecurity experts AJ King, Joshua Marpet, and Jake Williams dive into the complexities of pen testing. They explore why standardization is crucial for effective testing and how misconceptions can lead to security gaps. Discover the importance of proper scoping to focus on high-impact areas and why a pen test should simulate real attack scenarios. This discussion is essential for security leaders aiming to enhance their testing programs and communicate value across teams. Learn how to turn pen testing into a strategic security pillar and make smarter cybersecurity investments.00:00 Introduction to Pen Testing and Cybersecurity Experts
02:02 Common Misconceptions About Pen Testing
07:35 The Need for Standardization in Pen Testing
10:49 Defining Pen Testing: Dimensions and Attributes
16:51 The Role of Compliance in Pen Testing
21:57 The Impact of Breaches on Shareholder Value
23:15 The Impact of Cyber Insurance on Business Operations
25:59 Understanding the Role of CISOs in Cybersecurity
27:34 Challenges in Scoping Penetration Tests
30:38 The Importance of Standards in Cybersecurity
33:33 Regulatory Environment and Its Influence on Cybersecurity
36:23 The Role of Regulation in Cybersecurity Standards
39:14 Defining Objectives for Effective Penetration Testing
41:31 Maximizing Value from Penetration Testing Budgets
-
Most organizations dramatically underestimate how quickly offensive cyber techniques evolve—and how crucial stealth and rapid detection truly are. In this episode, Jake Williams, a cybersecurity veteran, joins Hunter Strategy’s AJ King and Jordan Lazo to expose the real tactics behind cyber warfare—and how your organization can keep pace. Discover why the myth of complex, Hollywood-style attacks is just that, and why most breaches happen through simple social engineering or widespread credential theft. Tune in now to master the art of cyber resilience in a hostile digital landscape—because in cyber warfare, the winners are those who adapt first.
Episode Chapters:
00:00 Introduction to Cybersecurity and Nation-State Threats
04:46 The Rise of Zero-Day Exploits
12:23 Common Misconceptions in Offensive Cyber Operations
18:15 The Reality of Cyber Attacks
25:33 Public-Private Collaboration in Cybersecurity
30:15 Staying Ahead in Offensive Operations -
Most organizations overlook a simple truth that could save them millions: understanding when and how to choose between monolithic, modulithic, and microservices architectures. This episode reveals a practical framework to make those calls confidently, impacting security, scalability, and team throughput. Greg Vanore and Scott Hiland break down these concepts with relatable analogies, offering clarity and tactical guidance. Perfect for tech leaders and practitioners, it turns complex concepts into clear actions to transform your organization’s tech strategy today.
Episode Chapters:
00:00 Introduction to Software Architectures
02:23 Understanding Monolithic, Modulithic, and Microservices
05:15 Complexity and Scaling in Software Development
08:12 The Role of Data in Architecture Decisions
11:17 Bridging the Gap Between Business and Technical Teams
14:10 Maintenance and Security in Software Systems
17:09 Defining Monolithic vs. Modulithic Architectures
23:51 Building API Specifications for Business Needs
26:27 Microservices: When and Why?
28:04 The Role of Technical Debt in Architecture
30:32 Hype-Driven Development vs. Real Business Needs
32:34 The Evolution of DevOps Tooling
37:21 Testing Strategies in Modern Development
41:47 Aligning Technology with Business Goals
47:08 Sustainability of Technology Solutions -
Unlock the secrets of securing government systems in the cloud and avoid costly pitfalls with guests Dan Beller and Michael Christopherson. Discover insider strategies for seamless, compliant, and secure cloud migration. Learn the subtle differences between commercial clouds and GovCloud environments, and why they matter for your project's security. Perfect for government IT leaders and cloud architects, this episode is your essential guide to a smarter, safer, and more compliant GovCloud journey.
Episode Chapters:
00:00 Introduction to GovCloud and Its Importance
00:55 Understanding GovCloud: Definition and Characteristics
03:17 The Need for GovCloud: Security and Compliance
06:12 Practical Differences Between GovCloud and Commercial Cloud
07:27 Challenges in Implementing GovCloud Solutions
09:07 Navigating the Complexities of GovCloud Services
12:23 Service Availability and Documentation in GovCloud
18:51 The Evolution of Cloud Migration Strategies
29:04 Best Practices for Transitioning to GovCloud -
In this episode of "This is Fine," we dive into the complexities of time management in software, infrastructure, and security. We explore how time zones, political changes, and system synchronization impact software development and security operations. The discussion highlights the challenges of maintaining consistent time across distributed systems and the importance of using standardized time protocols like UTC. The episode also touches on historical and cultural aspects of timekeeping, illustrating the intricate relationship between time and technology.
Episode Chapters:
00:00 Introduction to Time in Software
04:30 The Importance of Synchronized Time
09:12 Challenges in Distributed Systems
15:34 Understanding Unix Time and Its Implications
24:04 Real-World Examples of Time Failures
27:33 Best Practices for Managing Time in Software
-
Welcome back to This is Fine - the podcast all about navigating the complex world of government technology and cybersecurity.
Today’s guest is a true pioneer in government software development: Bryon Kroger. As co-founder of Kessel Run, the Department of Defense’s first software factory, Bryon proved that government agencies can develop and deliver software with the speed and agility of Silicon Valley. Now, as CEO of Rise8, he’s applying those lessons to drive even greater innovation.
Bryon is the mastermind behind DoD’s first continuous Authority to Operate, turning a massive security bottleneck with debatable security impact into a value add daily practice. His work is all about dismantling the bureaucratic barriers that prevent agencies from delivering effective, user-focused software.
We’re excited to dive into what it really takes to transform government technology with someone who’s not only taken on the system but reshaped it for the better.
Episode Chapters:
00:00 Introduction to Government Technology Transformation
01:21 Brian Kroger's Journey: From Air Force to Kessel Run
03:29 Understanding the Acquisition Process in Government
07:09 Bureaucracy Hacking: Navigating Complex Systems
15:23 The Role of Culture in Bureaucracy Hacking
20:53 Pairing as a Tool for Cultural Change
25:41 Implementing Continuous ATOs: Challenges and Insights
27:20 Understanding Security Assessment Challenges
30:14 The Evolution of CATO and Its Implementation
34:39 Continuous Monitoring and Risk Management
39:35 Streamlining Processes for Efficiency
43:47 Scaling Agility in Large Organizations -
In this episode of ‘This Is Fine’, Matt sits down with Harold Smith III, the CEO and Founder of Monkton, to discuss the complexities of the Small Business Innovation Research (SBIR) program. They cover the program's role in government acquisition and the challenges small businesses encounter in navigating the contracting world. Matt and Harold explore the advantages of SBIR for both small businesses and the government, emphasizing the power of collaboration and user-centered design. They also address criticisms of the program, such as 'SBIR mills', and advocate for reform to encourage true innovation. Tune in to learn more about SBIR Phase 3 and how it can help your small business thrive!
Chapters:
00:00 Introduction to SBIR and Its Importance
03:01 Understanding the SBIR Program
06:12 Benefits of SBIR for Government
08:56 Challenges in Government Contracting
11:59 The Role of User-Centered Design
14:57 Critiques of the SBIR Program
18:06 Navigating the Valley of Death
20:54 The Future of SBIR and Innovation
25:24 Innovation vs. Acquisition: Understanding the Landscape
26:50 Navigating the Challenges of COVID-19
29:29 The Transition from Air Force to Space Force
32:08 Understanding the SBIR Process and Its Challenges
35:20 Technical Barriers in Government Contracting
39:06 Best Practices for Compliance and Data Management
43:40 Advice for Companies Entering the SBIR Space
47:31 Future Conversations: Expanding the Discussion on SBIRs
Keywords:
SBIR, Small Business Innovation Research, government contracting, small business, Phase I, Phase 2, Phase 3, Space Force, compliance, data management, best practice
-
On this episode of "This Is Fine," we dive into the controversial Windows 11 recall feature and its implications for privacy and security. Our host, Matt Triner, CEO of Hunter Strategy, along with expert guests Jake Williams, VP of Research & Development at Hunter Strategy, Jennifer Lee, Partner at Constangy, Brooks, Smith & Prophete, LLP, and Andrew King, CISO at Hunter Strategy, dissect the legal and security concerns surrounding a feature that takes screenshots of users' work every five seconds and stores them locally.
We'll explore...
Privacy Laws,
Incident Response Discoverability,
the Impact on Attorney-Client Privilege
...as well as the broader security culture at Microsoft and the call for better governance.
Tune in to learn why turning off this feature might be the best move for both enterprise users and consumers alike.
Chapters
00:00 Introduction to the Windows 11 Recall Feature
06:45 Legal Implications: Privacy Laws and Attorney-Client Privilege
08:36 Security Implications: Clear Text Information and Breach Defense
12:37 The Security Culture at Microsoft and the Lack of Governance
34:56 Recommendations: Turn Off the Recall Feature
Keywords
Windows 11 recall feature, Screenshot capture privacy risks, Legal implications of data capture, Security concerns in Windows 11, Compliance with privacy laws, Data governance challenges, Oversight in security protocols, Microsoft security governance, Attorney-client privilege risks, Incident response discoverability
-
On this episode of "This Is Fine," we delve into the critical topic of software supply chain security with our guests Jessica Sweet, Supply Chain Expert, and Dan Beller, Director of Cloud Engineering, at Hunter Strategy. We explore the vulnerabilities and risks tied to the software supply chain, including malicious software insertion and open-source vulnerabilities.
We'll uncover...
Common Risks,
Best Practices,
Vendor Management Challenges
...as well as how cloud technologies both enhance and complicate supply chain security.
Tune in to discover essential strategies like maintaining machine-readable SBOMs and implementing multifactor authentication to secure your software supply chain!
Chapters
00:00 Introduction and Importance of Software Supply Chain Security
02:11 Common Vulnerabilities and Risks in the Software Supply Chain
04:41 Challenges of Vendor Management in Supply Chains
09:43 The Role of Cloud in Enhancing and Complicating Supply Chain Security
15:59 Best Practices for Software Supply Chain Security
Keywords
Software Supply Chain Vulnerabilities, Risks of Malicious Software Insertion, Open-Source Security Issues, Vendor Management Challenges in Software Security, Cloud Impacts on Supply Chain Security, Best Practices for SBOMs (Software Bill of Materials), Multifactor Authentication in Supply Chains
-
On this episode of "This Is Fine," we dive into the cutting-edge world of Artificial Intelligence and its pivotal role in cyber threat detection. Our host, Matt Triner, is joined by special guests Matt D’vertola, the Applied AI Lead at Hunter Strategy, and Andrew King, the CISO at Hunter Strategy.
Together, they explore:
Predictive Analytics,
Automated Response Systems,
The Future of Cybersecurity,
...and the challenges we face in this dynamic field.
Tune in to learn how GPT and other large language models are revolutionizing cybersecurity and why staying ahead of AI advancements is crucial for both professionals and tech enthusiasts alike.
Chapters
00:00 Introduction to AI technologies in cyber threat detection
03:12 Practical applications of AI in compliance and redaction
06:49 The importance of human validation and risk-based decision-making
25:49 Measuring the impact of AI: Mean toil time and quality written pieces
Keywords
GPT, LLMs, Cyber Threat Detection, AI Technologies, Traditional Approaches, Junior Analysts, Compliance, Redaction, Human Validation, Risk-Based Decision-Making, Automation, Mean Toil Time, Quality Written Pieces
-
On this episode of "This Is Fine," we explore insider threat mitigation strategies for small-to-medium sized businesses. Often at a disadvantage due to limited resources, these companies can face unique challenges in effectively detecting and preventing insider threats. We'll help to provide effective strategies to help bridge this gap and safeguard your organization.
Joining us is Andrew King, Chief Information Security Officer, and Joel Cabrera, Director of Security Operations, here at Hunter Strategy. Their experience and understanding of cybersecurity challenges faced by businesses of all sizes help to provide invaluable insights into effective insider threat mitigation strategies, specifically tailored for small to medium enterprises.
So, whether you're a business owner, an IT professional, or simply curious about insider threat mitigation best practices, sit back and tune in as we share how small businesses can confidently and resiliently navigate the complex landscape of insider threats.
Want to learn more about the Google Security Checklist mentioned in this episode? Click here! Security checklist for medium and large businesses (100+ users) - Google Workspace Admin Help
Chapters:
00:00 Introduction and Context: Insider Threats in SMBs
01:26 Overlaying Insider Threat Intelligence Programs
04:45 Prevention and Detection Strategies
06:30 Hardening Your Environment and Role-Based Access Control
09:55 Microsoft Tools for Insider Threat Mitigation
11:35 The Role of Company Culture in Insider Threat Mitigation
14:19 User Access Audits and Minimizing Access
16:07 Data Classification and Labeling
20:03 Differentiating Startups and SMBs
23:06 User Access Management and Deprovisioning
-
On this episode of "This Is Fine," we tackle securing mobile applications for military use with security expert, Harold Smith III. Harold, Co-Founder & CEO of Monkton (a secure mobile app provider) and owner of the MATTER IDIQ, joins us to navigate the complexities of NIAP Certification for military apps.
We'll uncover...
Challenges, Best Practices, and Solutions...for deploying secure mobile applications on the battlefield.
Tune in and discover how you can help to protect our troops, one app at a time!
Chapters:
00:00 Introduction and the Role of Contracts Officers
00:45 The Importance of Secure Mobile Applications for Military Use
02:12 Monkton's Journey and the NIAP Certification Process
06:37 The Challenges and Rarity of Going Through NIAP Evaluation
10:50 The Baseline Importance of NIAP Requirements
15:54 The Need to Stay Ahead in Secure App Development
17:38 The Current State of Software Development and Security
20:54 Building Secure Mobile Apps from the Beginning
21:43 Data Security and Architecture in Mobile App Development
23:03 Native Mobile Applications and Cloud Services
24:02 Cost Savings and Efficiency with Functions Platform as a Service
25:46 Challenges and Education for Contracting Officers
32:23 The Importance of Collaboration and Innovation in Government
Keywords:
secure mobile applications, NIAP certification, National Information Assurance Partnership, authentication mechanisms, legacy systems, future of app development, data security, mobile app development, native applications, cloud services, Amazon Lambda, DynamoDB, SBIR, small-business-innovation-research, set-aside programs, edge computing
-
On today’s special episode of “This Is Fine”, we unpack the very recent global CrowdStrike outage. CrowdStrike is an industry leading cybersecurity company that provides endpoint detection and response (EDR) software. On the morning of July 19th, 2024, CrowdStrike released a faulty update that impacted Microsoft Windows systems, leading to a widespread outage in industries varying from the airlines to emergency services.
To help us unpack what went wrong, we’re joined by Jake Williams, VP of Research and Development here at Hunter Strategy. In light of this problematic update, Matt and Jake discuss planning methods like balancing security needs with operational needs, mitigating disruption through staged deployments, providing clear communication during outages, and managing data confidentiality and system availability with BitLocker management.
Listen now and learn how you can improve your organization’s security posture and incident response plan from today’s CrowdStrike outage!
References mentioned in today’s episode: Jake’s Tweets: https://x.com/MalwareJake/status/1814183916099780886 /https://x.com/MalwareJake/status/1814295097204449318Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers: https://www.amazon.com/Sandworm-Cyberwar-Kremlins-Dangerous-Hackers/dp/0385544405
-
This week, we're exploring a topic at the intersection of cloud services and national defense: FedRAMP Equivalence. New requirements introduced by the DoD CIO may bring significant changes for cloud vendors eager to supply the Defense Industrial Base.
We are joined by our special guest, Alex Trafton, Senior Managing Director from Ankura Consulting. Alex’s core focus is on regulatory and compliance frameworks within the defense industry. Alex leads a practice focused on helping organizations meet some of the most stringent compliance frameworks such as FedRAMP, CMMC, and NIST 800-171.
Join us as we discuss the changes to FedRAMP equivalence and the impacts they will have on the DIB and organizations looking to serve it.
Chapters:
00:00 Introduction and Background
06:16 The Need for FedRAMP Equivalence
13:30 The Role of Third-Party Assessors
29:07 Strategic advice for vendors
37:51 Navigating the regulatory requirements
- Visa fler