Shows
The Adversarial PodcastAdversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomware00:00 Intro01:50 Louvre password08:54 Trump budget cuts20:35 Google AI threat report36:56 Nevada didn’t pay ransom48:25 Moved the needle58:38 L3Harris Trenchant boss stole exploits, sold to Russia62:00 Ransomware remediation firm employees go rogue63:40 Cybersecurity Is A Digital Identity Problem And We Must Deal With ItThe password for the Louvre’s video surveillance system was “Louvre”The Louvre Museum reportedly had a video-surveillance server password of simply “LOUVRE” as early as 2014..Trump budget cuts, agency...
2025-11-111h 13The Adversarial PodcastAdversarial Podcast S4E06 – F5 Breach, AWS Outage, Risk Management vs. Security Engineering00:00 Intro 00:50 AWS Outage 20:48 F5 Breach 41:06 Risk Management vs. Security Engineering 58:19 Moving the Needle Part 3F5 Hack Blamed on ChinaChinese state-backed hackers allegedly breached U.S. cybersecurity firm F5, gaining year-long access to its systems and BIG-IP source code, prompting security fears and causing the company to warn of revenue impacts and falling shares.AWS OutageA race condition in Amazon DynamoDB’s DNS management system caused widespread outages across the US-EAST-1 region on October 19–20, 2025, disrupting DynamoDB, EC2, NLB, and...
2025-10-281h 12The Adversarial PodcastAdversarial Podcast S4E05 – Oracle Zero-Day, US cyber info sharing law expires, UK government guarantor for Jaguar attack00:00 Highlight03:44 Oracle E-Business Suite Zero-Day14:49 UK government to be guarantor for Jaguar Land Rover cyberattack25:54 "Moved the needle" Part 248:18 12 Security Problems Practitioners Want Solved1:02:53 National Risk of Losing the CISA 2015 Act?Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion CampaignMandiant and Google Threat Intelligence Group uncovered a large-scale CL0P-linked extortion campaign exploiting a zero-day (CVE-2025-61882) in Oracle E-Business Suite to steal data from organizations before patches were released.https://cloud.google.com/blog/topics/threat-intelligence/oracle-ebusiness-suite-zero-day-exploitation
2025-10-141h 10The Adversarial PodcastAdversarial Podcast S4E04 – "Moving the needle" awards, effect of H-1B changes on cyber industry, Salesloft aftermath00:00 Highlight 00:43 Intro 06:40 "Moved the needle" awards 37:05 Scattered Lapsus$ and Jaguar Hack 44:39 One Token to Rule Them All - Entra pwned 1:02:21 H-1B visa changes and their effect on the cyber industryScattered Lapsus$ and Jaguar HackJaguar Land Rover has extended its production pause until October after a cyberattack crippled its IT systems. The company is struggling to recover operations at Range Rover plants.https://www.wsj.com/business/jaguar-land-rover-extends-production-pause-until-october-following-cyberattack-0e39b7e8One Token to Rule...
2025-09-301h 19The Adversarial PodcastAdversarial Podcast S4E03 – Fumbled NPM Attack, Entering the AI Browser Market, Salesloft breach00:00 Intro03:10 NPM supply chain attack leaves attackers empty handed24:44 Why is Atlassian buying a browser company?37:20 Apple's new Memory Integrity Enforcement52:56 Salesloft breach leads to downstream hacksHackers left empty-handed after massive NPM supply-chain attackHackers briefly compromised popular NPM packages like chalk and debug-js, infecting ~10% of cloud environments, but despite the massive supply-chain reach they only netted about $600 in stolen cryptocurrency.https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/Why is Atlassian Buying a Browser Company?Atlassian...
2025-09-161h 09The Adversarial PodcastAdversarial Podcast S4E02 - Cyber acquisitions and raises, 95% of GenAI pilots failing, Zelle's alleged security lapses00:00 Introduction & BlackHat02:06 Cybersecurity in Schools18:53 Black Hat Conference Highlights34:02 New York sues Zelle44:48 Trends in Cybersecurity Mergers and Acquisitions1:02:44 95% of generative AI pilots at companies are failing1:08:53 Prompt injection with poisoned calendar invitesDARPA announces $4 million winner of AI code review competition at DEF CONDARPA announced Team Atlanta as the winner of its two-year competition among researchers to create the best artificial intelligence systems that can find and fix vulnerabilities.Attorney General James Sues Company Behind...
2025-09-041h 16The Adversarial PodcastAdversarial Podcast S4E01 - Trump's AI Action Plan, Chip Security Act, receiving gifts from vendors00:00 Introduction & BlackHat 03:14 AI Action Plan Overview 13:30 Chip Security Act 20:48 Government led AI-ISAC? 23:16 UK government considering banning public sector ransomware payments 28:14 Microsoft probing if Chinese hackers learned SharePoint flaws through alert 42:07 Ethics in Vendor Relationships – Gifts for meetingsAmerica's AI Action Plan“America’s AI Action Plan,” released by the Trump administration, outlines a roadmap with over 90 federal actions across three pillars—accelerating AI innovation, building U.S. AI infrastructure, and asserting international AI leadership through exports and technology alliances.The...
2025-07-3051 minThe Adversarial PodcastAdversarial Podcast Ep. 27 - Is AI necessary for cyber investment? Microsoft moving away from kernel-based AV; Moonlighting and Fake IT workers00:00 Intro3:23 Cybersecurity stocks: why now might be the time to buy?8:55 AI in cyber investment and business29:28 Microsoft is moving antivirus providers out of the Windows kernel34:29 New AI Malware PoC Reliably Evades Microsoft Defender37:08 VSCode Fork; Putting Millions at Risk43:39 Extensions turn Trojan and infect 2.3M Chrome and Edge users54:20 US government takes down major North Korean ‘remote IT workers’ operation1:06:06 Phishing Training Doesn't WorkCybersecurity stocks: why now might be the time to buy?https://mone...
2025-07-151h 16The Adversarial PodcastAdversarial Podcast Ep. 26 - US Treasury's Cybersecurity Failures, SEC scraps proposed cybersecurity rules, what makes AI Security different00:00 Intro03:17 Banks call out US Treasury's cybersecurity failures28:54 SEC scraps proposed cybersecurity rules38:05 What makes AI Security differentBanks Challenge Treasury on Cybersecurity Failures. A coalition of major U.S. banking associations—including the American Bankers Association, Bank Policy Institute, MFA, and SIFMA—has publicly challenged the U.S. Treasury and OCC to adopt private-sector cybersecurity standards, decentralize sensitive data, enforce rapid breach notifications, and streamline data collection following high-profile email breaches at federal regulators. https://www.theglobaltreasurer.com/2025/06/10/banking-groups-demand-regulator-cybersecurity-standards/SEC scraps proposed cybersecurity rules for investment advi...
2025-07-0159 minThe Adversarial PodcastAdversarial Podcast Ep. 25 – From CISOs to Entrepreneurs, Trump changes to Biden's Cyber EOs, banks ask SEC to drop disclosure requirements00:00 Intro04:15 Our journeys from CISOs to Entreprenuers23:48 Trump changes Biden's Cyber EOs28:40 States rebuff proposed federal ban on AI laws36:43 Vanta bug exposes customers' data to other customers49:12 SentinelOne outage52:53 Banking groups ask SEC to drop incident disclosure requirements1:00:37 Cybersecurity teams generate average $36M in business growth1:03:50 Cybersecurity Companies Want to Go Public. The Market Isn’t Letting ThemTrump Cybersecurity Fact Sheet President Trump announced a reprioritization of U.S. cybersecurity efforts, shifting away from prior frameworks and em...
2025-06-161h 11The Adversarial PodcastAdversarial Podcast Ep. 24 – Global Lumma takedown, Coinbase employee bribed, malicious MCP integrations and NPM packages00:00 Intro02:49 Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by Cybercriminals14:29 Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom26:24 Fake OpenAI MCP Integration32:25 Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials36:03 Destructive malware available in NPM repo went unnoticed for 2 years48:10 Sam & Jony introduce io58:23 Discussion: how risky are local admin rights?Authorities Carry Out Elaborate Global Takedown of Infostealer Heavily Used by CybercriminalsIn May 2025, an...
2025-05-271h 05The Adversarial PodcastAdversarial Podcast Ep. 23 – Crowdstrike layoffs, RSA Innovation Sandbox, new Pentagon CIO00:00 Intro00:44 Sounil's RSA Innovation Sandbox experience5:00 5% staffing cuts at Crowdstrike, AI cited as a factor16:00 Trump picks private sector veteran as Pentagon CIO32:41 Messaging app used by Trump official suspends operations after reported hack49:52 An open letter to third-party suppliers59:32 Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support1:04:42 Discussion: delivering secret keys stored in PDFs for password managersHosts:Jerry Perullo (Founder, https://adversarial.com/)Sounil Yu (Founder, https://www.knostic.ai/)
2025-05-141h 09The Adversarial PodcastAdversarial Podcast Ep. 22 – RSA Conference is here, Verizon's 2025 Data Breach Investigations Report, China names alleged US hackers00:00 Intro00:31 RSA conference14:38 Verizon's 2025 DBIR report37:55 Security of "Sign in with Google/Microsoft"1:02:50 China accuses US of launching 'advanced' cyberattacks, names alleged NSA agentsRSA Links:Innovation Sandbox: https://www.rsaconference.com/usa/programs/innovation-sandboxProfessional Association of CISOs: https://theciso.org/Pitch for Charity: https://www.okta.com/newsroom/press-releases/pitch-for-charity/Verizon's 2025 Data Breach Investigations Report This year's Verizon DBIR (Data Breach Investigations Report) has been released, which covers the latest techniques that lead...
2025-04-281h 09The Adversarial PodcastAdversarial Podcast Ep. 21 – Chris Krebs & Sentinel One's clearances revoked, Oracle hack, how Goldberg got added to Signal chat⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme23:05 Intro06:56 White House revokes Chris Krebs and SentinelOne's security clearances16:55 How Jeffrey Goldberg got added to the White House Signal group chat26:48 DOGE staffer provided tech support to cybercrime ring39:29 China Acknowledged Role in U.S. Infra Hacks51:56 Oracle under fire for its handling of security incidents54:51 Hackers Spied on 100 US Bank Regulators’ Emails for Over a YearFact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs...
2025-04-151h 08The Adversarial PodcastAdversarial Podcast Ep. 20 – corporate espionage among SaaS companies, DC's Signal snafu, where is the cyber market going?⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:28 Intro02:15 Unicorn startup allegedly cultivated spy to steal trade secrets from competitor18:19 Google Strikes $32 Billion Deal for Cybersecurity Startup Wiz33:35 Trump Administration accidentally sends war plans to reporter via Signal47:20 GitHub action supply chain attack53:55 Oracle under fire for its handling of security incidentsRippling Alleges Deel Cultivated Spy, Orchestrated Trade-Secret Theft Against CompetitorRippling has filed a lawsuit alleging that $12 billion HR-tech company Deel orchestrated a months-long corp...
2025-04-0459 minThe Adversarial PodcastThe Adversarial Podcast Ep. 19 – AI-Powered Cybercrime, CISO job market, the BYOL elephant in the room⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme00:37 Intro01:37 Malvertising campaign leads to info stealers hosted on GitHub11:59 Wall Street is worried it can't keep up with AI-powered cybercriminals24:02 What Really Happened With the DDoS Attacks That Took Down X28:34 Bring-your-own-laptop policies40:41 Are WAFs useful or are they just another TPRM box to check?46:59 Is the CISO job market warming up?Malvertising campaign leads to info stealers hosted on GitHubMicrosoft Threat Intelligence uncovered a la...
2025-03-1851 minThe Adversarial PodcastThe Adversarial Podcast Ep. 18 - CISA cuts, North Koreans steal $1.5B in crypto, planning for RSA Conference00:00 Highlight00:28 Intro3:41 What's getting cut at CISA?19:01 USCYBERCOM told to stop planning offensive attacks against Russia27:54 ByBit hacked for $1.5B in cryptocurrency40:01 CISO discussion: How to regain trust after a cyber breach49:17 CISO discussion: Data security for GenAI tools58:43 How to get the most out of RSA Conference💰 Budget cuts hit CISA, and election security programs might be first on the chopping block. The team debates whether these cuts were expected, what they mean for cybersecurity, and whether some programs were out...
2025-03-041h 07The Adversarial PodcastThe Adversarial Podcast Ep. 17 - 2025 CISO Compensation Survey, Okta layoffs and employee value, TLS inspection⬇️ See below for timestamps/summaries/references for each topic00:00 Highlight/theme 00:37 Intro 1:21 Hitch Partners survey of CISOs 13:34 Dangling S3 buckets 24:35 Update on Cybersecurity Innovation Executive Order 32:58 Cyber stocks - NET and CRWD at all-time highs 44:07 Okta lays off 180 employees, including security engineers 55:47 Is anyone actually doing TLS inspection? 1:03:21 Is a SOC2 certificate enough to pass TPRM?Hitch Partners survey of CISOsThe 2025 CISO Security Leadership Survey by Hitch Partners highlights key trends in CISO compensation, repo...
2025-02-111h 09
The Adversarial PodcastThe Adversarial Podcast Ep. 16 - Cyber policy wishlist, RedNote/TikTok, Marsh's cyber insurance report, do CISOs need deep technical skills?⬇️ See below for timestamps/summaries/references for each topic00:00 Intro01:33 Biden's Executive Order on Cyber Security05:18 Cyber policy wishlist21:30 TikTok and RedNote29:36 Marsh's report on cyber insurance49:21 Do CISOs need to be highly technical?Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity The outgoing Biden administration issues an executive order aimed at enhancing cybersecurity innovation in the U.S. The order focuses on strengthening national cybersecurity infrastructure, promoting technological advancements, and ensuring robust defenses against cyber threats.📖 Reference...
2025-01-281h 05
The Adversarial PodcastThe Adversarial Podcast Ep. 15 - US-China-Taiwan cyber relations, mobile app ads facilitating spying, holiday DoS vulnerabilitiesJoin former CISOs Jerry, Mario, and Sounil as they dissect the latest cybersecurity news, discuss evolving threats, and share their seasoned perspectives on infosec. 00:00 Highlight00:32 Intro1:48 China accuses US of stealing trade secrets10:05 Taiwan reports 2.4M Chinese cyberattacks/day18:21 Christmas day Chrome Extension hacks, including Cyberhaven23:28 Krebs: U.S. Army Soldier arrested for Snowflake customer extortions26:40 Wired: Popular apps hijacked to spy on locations through ad tracking33:28 Holiday DoS vulnerabilities in Palo Alto and Windows LDAP34:36 Are DoS vulnerabilities neglected by...
2025-01-141h 07The Adversarial PodcastThe Adversarial Podcast Ep. 14 - Future of CISA/SEC under Trump, US Telco news, DAO faces $50M hackIn this episode of The Adversarial Podcast, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the latest developments in cybersecurity, geopolitical threats, and emerging trends as 2025 approaches.00:00 Introduction 02:06 Trump 2.0's effect on security 03:25 Future of CISA 09:00 Future of SEC cyber reports 15:57 Possible Trump 2.0 priorities 19:40 Spying on US Telco 20:20 What is SS7? 24:04 SS7 vs. SMS interception 25:40 Privacy impact of SS7 attacks 30:12 National security 31:17 CISA's guidance for telco 36:58 DPRK targets DAO network, $50M heist using macOS malware
2024-12-2354 minThe Adversarial PodcastThe Adversarial Podcast Ep. 13 - East/west coast CISOs, top CISO expenses in 2024, crypto regulationIn this episode of The Adversarial Podcast, Jerry, Mario, and Sounil bring their adversarial insights to a packed discussion of the latest topics in enterprise cybersecurity. - East Coast vs. West Coast CISOs: The trio explores the divide between East Coast and West Coast CISOs. Is the East too focused on risk? Does the West overfit to AppSec and "shift-left" practices? - 2024 CISO Budget Report: Where are CISOs spending their increasing budgets in 2024? The hosts chat about the increasing expenses in identity management and generative AI security. Reference: https://news.crunchbase.com/cybersecurity/ciso-budgets-rising-generative-ai-ellis-yl-ventures/
2024-12-101h 12The Adversarial PodcastThe Adversarial Podcast Ep. 12 - RSA Conference making competition winners accept investment, inefficacy of phishing trainingIn this episode of The Adversarial Podcast, former CISOs Jerry Perullo, Mario Duarte, and Sounil Yu explore critical topics shaping the cybersecurity landscape.1. Crosspoint Capital’s RSA Innovation Sandbox Model The hosts discuss Crosspoint Capital's controversial $5 million SAFE investment requirement for Innovation Sandbox finalists. They examine the implications for startups, founders, and the cybersecurity ecosystem as a whole, weighing its potential to drive innovation against the risks of stifling participation.Reference: RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment - https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/2. The Effectiveness of Phishing Simulations and Trai...
2024-11-261h 11The Adversarial PodcastThe Adversarial Podcast Ep. 11 - Incoming Trump administration, Microsoft's leaked SaaS creds, and software liability policyIntroduction:The episode opens with a discussion on securing devices for employees traveling to high-risk countries, like China, as a way to protect corporate data and maintain customer trust.Hosts Jerry, Sounil, and Mario welcome listeners and discuss recent events, including the FS-ISAC Fall Summit in Atlanta and geopolitical implications of the recent election.Key Topics:Geopolitical Risks:The group explores China's espionage activities and Russia's geopolitical maneuvers, predicting shifts in attacker strategies depending on U.S. political leadership.Concerns about China's possible invasion of Taiwan and its implications for global tech, particularly chip manufacturing, are...
2024-11-1953 min
Tools for Tech LeadersAdversarial Risk Management: Staying Ahead of Cyber Threats with Jerry PerulloJerry Perullo, former Chief Information Security Officer at Intercontinental Exchange and the New York Stock Exchange, shares invaluable insights from his extensive career in cybersecurity, including his experiences at Silicon Valley Bank and his current venture, Adversarial Risk Management. Jerry offered practical advice on conducting effective red team exercises, managing critical infrastructure security, and adapting to the ever-changing nature of cyber risks. His unique perspective on the FDIC's role during bank receiverships and the concept of "adversarial risk management" provided eye-opening lessons for tech leaders navigating today's complex security landscape. This conversation is packed with actionable insights for C-suite...
2024-11-0759 minThe Adversarial PodcastThe Adversarial Podcast Ep. 10 - the CISO job market, CRQ, beg bounties, and cryptography(00:00) Intro (5:15) The CISO job market: present and future (25:57) Handling beg bounties and VDP (41:30) Quantum cryptography – how important is cryptography, really? Stories: “Chinese Researchers Reportedly Crack Encryption With Quantum Computer” - https://www.pcmag.com/news/chinese-researchers-reportedly-crack-encryption-with-quantum-computer Hosts:Jerry Perullo: https://www.linkedin.com/in/perullo/Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/Sounil Yu: https://www.linkedin.com/in/sounil/Producer: Tillson Galloway (linkedin.com/in/tillson)
2024-10-2254 minThe Adversarial PodcastThe Adversarial Podcast Ep. 9 - NIST password guidelines, CUPS vulnerabilities, breach vs. hack(00:00) Intro & NIST’s new password complexity requirements(13:19) CUPS vulnerability: critical or a distraction(31:26) Federal standards for cybersecurity in health care: should legal responsibility fall on individuals?(47:30) What constitutes a hack vs a breach?Stories:“NIST Drops Password Complexity, Mandatory Reset Rules” - https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules“Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution” - https://thehackernews.com/2024/09/critical-linux-cups-printing-system.html“Wyden and Warner Introduce Bill to Set Strong Cybersecurity Standards for American Health Care System” - https://www.finance.senate.gov/chairmans-news/wyden-and-warner-introduce-bill-to-set-strong-cybersecurity-standards-for-american-health-care-systemHosts...
2024-10-081h 01The Adversarial PodcastThe Adversarial Podcast Ep. 8 - Pagers and Supply Chain Attacks, GitHub stealers, “Founder Mode”(00:00) Intro (02:24) Exploding pagers: are psychological attacks worse than breaches? (20:21) Are credit card breaches still a concern in 2024? (24:57) Infostealer delivered through GitHub Issues: how are trustworthy services being abused? (31:45) Founder mode: when is it time to switch from "founder mode" to "manager mode?"(44:02) Is open-source more secure than closed-source? Stories and books mentioned: “Israel planted explosives in Hezbollah's Taiwan-made pagers, say sources” - https://www.reuters.com/world/middle-east/israel-planted-explosives-hezbollahs-taiwan-made-pagers-say-sources-2024-09-18/ Darkwire, by Joseph Cox - https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/?lens=publ...
2024-09-2457 minThe Adversarial PodcastThe Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security ControlsListen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels.StoriesLinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has...
2024-09-121h 06The Adversarial PodcastThe Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and PasskeysJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they debate the impact of SSN leaks, discuss the effectiveness of recently implemented ransom payment bans in Miami, and recently reported AWS misconfigurations. Then, listen as they debate passkeys, vulnerability management, and board reporting.00:00 Intro 02:17 Social Security Number breach 14:48 Ransomware payment bans 21:47 AWS environments 39:55 Passkeys 52:30 Maturity assessmentsStories: “2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you” - https://www.cnbc.com...
2024-08-261h 04The Adversarial PodcastThe Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at EvantaSpeaking live at the Evanta CISO Summit in Atlanta in June 2024, host Jerry Perullo talks candidly about why CISOs are failing to land Board Director roles.
2024-08-1626 minThe Adversarial PodcastThe Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote EmployeesJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they discuss upcoming lawsuits related to the recent CrowdStrike outage, switching costs, overhyped security vulnerabilities and their effect on practitioners' responsibilities, fake employees from North Korea, the information stealers and the state of password managers, and the increasing threat of deepfakes.Stories“CrowdStrike is sued by shareholders over huge software outage” - https://www.reuters.com/legal/crowdstrike-is-sued-by-shareholders-over-huge-software-outage-2024-07-31/“Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million” - https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html“Microsoft And AWS Outages: A Wake-Up Call For C...
2024-08-051h 26The Adversarial PodcastThe Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWindsIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent Crowdstrike outages, PR in the recent Wiz acquisition rumors, stakeholder value in Rapid7, and the SEC dropping charges in the SolarWinds case.Stories: - Activist Jana has a stake in Rapid7. There are two paths to bolster value at the cybersecurity company: https://www.cnbc.com/2024/06/29/two-paths-for-jana-to-bolster-shareholder-value-at-rapid7.html - Google Near $23 Billion Deal for Cybersecurity Startup Wiz: https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a - Most SEC charges dismissed in SolarWinds...
2024-07-261h 15The Adversarial PodcastThe Adversarial Podcast Pilot – Cybersecurity Investments, Secure Configurations vs. Code, and Risk ManagementJoin former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they reflect on the state of cybersecurity investments in 2024, debate the importance of configuration vs. code security, and discuss the importance of governance in risk management.Stories:‘There’s A Lot Of Noise’ — VCs Trying To Find Clarity In Cluttered Cyber AI Landscape: https://news.crunchbase.com/cybersecurity/venture-funding-ai-wiz-ma-rsa/Wiz raises $1B at a $12B valuation to expand its cloud security platform through acquisitions: https://techcrunch.com/2024/05/07/wiz-raises-1b-at-12b-valuation-expanding-through-acquisitions/CyberArk Signs Definitive Agreement to Acquire Machine Identity Management Leader Venafi from Thoma Bravo: h...
2024-07-1948 minThe Adversarial PodcastThe Adversarial Podcast Ep. 2 - Chrome Extension Vulns, Cyber Job Market, Mouse Jigglers, and the Ransomware PlagueIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss malicious Chrome extensions, the cybersecurity job market, mouse jigglers and security policy, and the impact of the recent ransomware wave. They share insights from their experiences, exploring the challenges of managing browser security policies, job burnout, and banning ransom payments.Stories:Millions under threat from malicious browser extensions — what to do: https://www.tomsguide.com/news/millions-under-threat-from-malicious-browser-extensions-what-to-doDemand for better cybersecurity fuels a booming job market: https://www.washingtonpost.com/business/2024/06/21/cybersecurity-job-demand-boot-camps/Wells Fargo Fires Over a Dozen for ‘Simu...
2024-07-101h 02The Adversarial PodcastThe Adversarial Podcast Ep. 1 - Snowflake, Shared Fate, and the Gili Ra’anan ModelIn this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent wave of cyber-attacks using Snowflake and the model of shared fate. They debate the effectiveness of banning ransom payments and explore the complexities of cybersecurity regulation, using recent events involving UnitedHealth and Jerry's former employer as case studies. The conversation also touches on the ethical dilemmas CISOs face when interacting with venture capital, highlighting personal experiences and the fine line between advisory roles and conflicts of interest.Stories:UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion: https...
2024-07-011h 12The Adversarial PodcastSeason 02 Episode 02 - The Interim CISOJoined by fellow Interim CISO veterans Yael Nagler of Yass Partners and Aurobindo Sundaram of RELX, host Jerry Perullo reflects on his experience as the Interim CISO of Silicon Valley Bank and explores the challenges of the role from hiring manager and candidate perspectives.Yael Nagler: https://www.linkedin.com/in/yaelnagler/Aurobindo Sundaram: https://www.linkedin.com/in/aurobindosundaram/
2024-01-2356 minThe Adversarial PodcastSeason 02 Episode 01 - Board/CISO InteractionReturning from 6 months as the interim CISO of Silicon Valley Bank, host Jerry Perullo speaks about Board/CISO interaction on the FS-ISAC Insights podcast. Full video interview at fsisac.com/insights
2023-08-0231 min
FinCyber TodayJerry Perullo: Cyber in the Board Room: Battle-Tested AdviceWhile the Board sets up broad policies and priorities for companies, there’s a whole cyber universe that Board members may not fully understand. Jerry Perullo draws on more than two decades of experience, including as CISO at Intercontinental Exchange/New York Stock Exchange (ICE/NYSE), and recently as interim CISO at Silicon Valley Bank, to explain his framework for presenting cybersecurity risks and solutions to the Board.Notes from Our Discussion with Jerry(3:03) - CISOs as Board membersCISOs want a seat at the Board table and want to be part of the discussions. To...
2023-07-2727 minThe Adversarial PodcastSeason 01 Episode 07 - Bug Bounties with guest Casey EllisBugcrowd founder Casey Ellis joins #lifeafterCISO to talk about bug bounty programs in the wake of the Joe Sullivan Uber trial. Whether you've been running bounty programs for years or just learned of them last week, this conversation will take you from basics straight into the most interesting and controversial bits.
2022-10-2058 minThe Adversarial PodcastSeason 01 Episode 06 - Retire Many Times with guest Sounil YuSounil Yu joins the #lifeafterCISO podcast and shares the idea of "retiring many times". Sounil is the renowned author of the Cyber Defense Matrix and lauded by the CISO community for his ability to step back and view problems in a new light. Host Jerry Perullo and Sounil go on to look at the Equifax breach from a new angle, talk about CISO accountability, and finally offer up their early thoughts on the Twitter whistleblower report.01:43 Returning to work as a CISO10:30 Do CISOs spend too much time on tech?11:38 CDM and the...
2022-09-0635 minThe Adversarial PodcastSeason 01 Episode 05 - Deciding When It's Time to Go with guest Jason ChanAn essential part of moving on from a long tech career is just figuring out when the time is right. Join host Jerry Perullo and retired Netflix CISO Jason Chan for a discussion about picking your time, "Identity Management" after retirement, and the Psychology of Happiness.Links to the material discussed by Jason Chan include:https://arthurbrooks.com/podcast_show/the-art-of-happiness-with-arthur-brooks/https://www.coursera.org/learn/the-science-of-well-being
2022-08-2338 min
The Cyber Ranch PodcastThe Overrated in Cybersecurity with Jerry PerulloJerry Perullo, former CISO of the NYSE, former chairman of the board off the FS-ISAC, founder, professor, and host of the Life After CISO podcast, comes down to the Cyber Ranch to discuss the many roles he’s had throughout his career and the many highly unique opinions he has on the cyber industry. Together, Jerry and Allan break down what’s overrated in cybersecurity, from patching to dark web to vulnerability departments, and every detail and concept in between.
Timecoded Guide:
[01:53] Taking on a variety of roles in the cyber industry and break...
2022-07-0640 minThe Adversarial PodcastSeason 01 Episode 04 - The CISO ProfessorIn this Episode host Jerry Perullo talking about cybersecurity in higher education. A Professor of the Practice in the Georgia Tech School of Cyber Security and Privacy, Perullo thinks aloud on the challenges that have prevented cyber from taking off at the undergraduate level before focusing on specific steps you might take to pursue this career path.00:00:55 A Brief History of Cyber in Higher Ed 00:03:11 The Archetype Cyber Curriculum 00:08:03 Enter the CISO: t-500:13:25 When You Are Ready to Take the Leap 00:16:01 Is It Worth It?
2022-06-1623 minThe Adversarial PodcastSeason 01 Episode 03 - Angel Investing and Advisory WorkIn this episode we are talking about Angel Investing, Advisory Work, and how they are essentially the same thing when you get down to it. Hear some details about evaluating opportunities, structuring "deals", and avoiding mistakes along the way.00:05:37 Don’t Screw Up - Riding VC Paper, the FAST Agreement, Option Vesting,... 00:21:26 Win - Playing to your Strengths 00:24:11 Diversify - Frequency and Volume to Avoid Black Swans 00:30:17 Conflicts & Disclosure
2022-04-1835 minThe Adversarial PodcastSeason 01 Episode 02 - The CISO Board DirectorIn this episode, host Jerry Perullo explores the opportunities and challenges for retiring tech executives and CISOs in the Board room. Hear about how Boards need business leaders first and specialists second, and what you can do today to groom yourself in that very direction.01:57 Background07:45 The Traditional Board Director09:50 Episode BLUF10:19 Landing a Seat14:32 Your Board Profile16:08 t-3: What You Should do Now28:40 Recap
2022-03-2829 minThe Adversarial PodcastSeason 01 Episode 01 - The Portfolio LifeIn this introductory episode, host Jerry Perullo talks about the range of opportunities available to tech executives after the day job. Perullo leverages his 20 years of experience as the founding CISO of ICE and the New York Stock Exchange to discuss what you can do 3-5 years before leaving your post to get prepared.00:08:43 Advisory Work00:13:20 Consulting00:16:00 Angel Investing00:25:05 Board Directorship00:35:12 Entrepreneurship00:37:06 Teaching00:39:12 Volunteering
2022-02-2341 min
Inside the ICE HouseDon’t Ask Jerry Perullo, ICE’s Cybersecurity Chief, What Keeps Him Up at NightInformation Security is at the forefront of global business, especially those tasked with maintaining the smooth functioning of regulated markets. At Intercontinental Exchange, Chief Information Security Officer Jerry Perullo is constantly on guard against external threats. Perullo explains how -- with the help of a red team, blue team, and a Kraken -- ICE secures critical economic infrastructure across multiple subsidiaries and geographies. Inside the ICE House: https://www.theice.com/insights/conversations/inside-the-ice-house
2019-09-231h 08Inside the ICE HouseDon’t Ask Jerry Perullo, ICE’s Cybersecurity Chief, What Keeps Him Up at NightInformation Security is at the forefront of global business, especially those tasked with maintaining the smooth functioning of regulated markets. At Intercontinental Exchange, Chief Information Security Officer Jerry Perullo is constantly on guard against external threats. Perullo explains how -- with the help of a red team, blue team, and a Kraken -- ICE secures critical economic infrastructure across multiple subsidiaries and geographies. Inside the ICE House: https://www.theice.com/insights/conversations/inside-the-ice-house
2019-09-231h 08