Breaking Badness

In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.

In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps. Security researcher Philippe Caturegli discovered a typo in MasterCard’s DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back years, could have been exploited by attackers to redirect users, intercept data, and manipulate services. The Script Kiddie Trap: In a turn of events that underscores the “no honor among thieves” trope, a threat actor baited low-skilled hackers (script kiddies) with a fake malware builder. Instead of gaining hacking capabilities, they unwittingly installed a backdoor on their own machines, allowing the original attacker to steal their data and take control of their systems.

In this episode of Breaking Badness, Tricia Howard of Akamai joins Kali Fencl and Ian Campbell to dive deep into the intersection of gaming culture, mental health, and cybersecurity. Tricia shares her journey from theater arts to cybersecurity research, her love for gaming, and her experiences tackling emotional toxicity in digital spaces. The episode covers the concept of "mind patches," the role of community in digital wellness, and how gaming and workspaces mirror each other in their challenges with mental health and collaboration. Tune in to hear her thoughts on reducing stigma, creating safe digital spaces, and embracing vulnerability for a healthier cybersecurity community.

In this episode of Breaking Badness, we dive into the cybersecurity headlines making waves in 2025. We discuss the U.S. Treasury breach, allegedly orchestrated by Chinese hackers using third-party access. Learn about how lingering chat histories can expose sensitive data and the importance of digital spring cleaning.

In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybersecurity breaches on industries and individuals. From her creative teaching methods to her advocacy for change in university curriculums, Tanya offers insights that resonate with developers, educators, and security professionals alike. Discover how Tanya is paving the way for accessible AppSec education, the role of AI in secure coding, and her mission to teach security as a fundamental skill for every developer.

Welcome to this special episode of the Breaking Badness Cybersecurity Podcast! We’re turning the spotlight on the books that have shaped the world of cybersecurity and inspired professionals in the field. As part of our ongoing book club series, this episode is a journey into storytelling, research, and the unique perspectives that make cybersecurity literature so compelling. From Ransomware Diaries to the geopolitics of cyber warfare, this discussion is packed with insights and actionable takeaways for anyone working in Infosec.

In this special episode of Breaking Badness, we wrap up 2024 with a countdown of the top episodes, puns, and cybersecurity moments that defined the year. From the hoodiest hacks to the goodiest wins, Kali, Tim, and Taylor reflect on critical insights, industry-changing events, and listener favorites. Tune in for discussions about evolving OT security, DNS mishaps, ransomware trends, and expert predictions for 2025. Featuring special moments like our Hacker Summer Camp interviews and top cybersecurity guests, this episode is both insightful and entertaining.

In this special 2025 Predictions episode of Breaking Badness, host Kali Fencl joins cybersecurity experts Sean McNee, Tim Helming, and Daniel Schwalbe to discuss the future of cyber threats and defense. From ransomware evolution and AI-powered attacks to quantum computing and “synthetic identity fraud,” the group compares their insights with predictions generated by leading AI platforms like ChatGPT, Claude, Copilot, and Meta AI. Will 2025 be the year of AI-compromised models or industrial control system hacks? Are biometric security risks on the rise, and what’s next for ransomware gangs? Tune in for insights, banter, and some predictions you’ll want to track!

In this episode of Breaking Badness, we dive into two fascinating stories shaping the cybersecurity landscape. First, we unpack the case of Gabriel Koo and his surprising acquisition of the domain us-east-1.com, a domain closely tied to AWS’s naming conventions. What insights can this seemingly simple purchase reveal about DNS misconfigurations and AWS security practices? Next, we shift focus to DARPA's ambitious new project aimed at revolutionizing cybersecurity by breaking software into smaller, more secure compartments. With expert analysis and intriguing insights, we explore the intersection of DNS, innovation, and the future of cybersecurity.

In this episode of Breaking Badness, we delve into the cybersecurity trends shaping the holiday season. We unpack the 60% surge in scam domain registrations targeting holiday shoppers, discuss the tactics of TAG-112, a Chinese state-sponsored threat group, and analyze their use of compromised websites to deliver Cobalt Strike malware. Plus, we share actionable insights on mitigating these threats. Tune in for expert analysis, lighthearted banter, and a few cybersecurity holiday tips to keep you safe this season

In this episode of Breaking Badness, we dive into the critical challenges and innovations in healthcare cybersecurity with Ken Zalevsky, CEO of Vigilant Ops. From the vulnerabilities in medical devices to the revolutionary role of Software Bill of Materials (SBOMs), Ken shares his two decades of expertise in safeguarding patient safety and hospital systems against emerging threats. Tune in to learn about shifting cybersecurity left, the complexities of interconnected healthcare systems, and actionable strategies to combat ransomware and legacy vulnerabilities.

In this episode of Breaking Badness, we explore two fascinating cybersecurity stories. First, we delve into the unusual case of an ex-Disney employee who hacked menu systems, creating chaos in the happiest place on Earth. Next, we discuss Sophos' five-year-long battle with a determined group of attackers targeting their firewalls. Tune in as we break down the insider threat at Disney, the lessons learned from Sophos' transparency, and what it all means for the future of cybersecurity. Plus, don't miss our signature Gold, Guidance, and Grievances segment for unique insights and takeaways.

In this episode of the Breaking Badness Cybersecurity Podcast, Jason Haddix dives into his unique journey from red teaming and pentesting to leading security teams as a CISO in high-profile organizations, including a top gaming company. Jason unpacks the distinct challenges of securing a gaming company, where risks come not only from state actors but also from clout-seeking young hackers. He shares valuable insights on building scalable security programs, secrets management, and the importance of radical transparency in corporate security cultures. Tune in to hear why, in Jason's words, "gaming saved me from a misspent youth," and learn about his latest ventures into offensive security training and AI-driven security solutions.

In this week’s episode of Breaking Badness, we dive deep into two major cybersecurity stories that are shaping today’s landscape. First, we explore the alarming capabilities of Locate X, a powerful smartphone tracking tool used by U.S. law enforcement without a warrant. How does it work, what are the privacy implications, and what can individuals do to protect their data? We then shift gears to APT29’s latest campaign as discovered by Amazon, uncovering how this well-known threat actor employed advanced tactics to impersonate AWS infrastructure and target victims. Join Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce as they dissect these stories and share their expert insights. Stick around for the Grim Reaper’s hoodie ratings and our signature segment, Gold, Guidance, and Grievances.

Join Kali Fencl as she dives deep into a conversation with cybersecurity veteran The Gibson. With 25+ years in InfoSec, The Gibson shares his journey from coding as a child to shaping threat intelligence and privacy-first technology today. In this episode, they discuss hacker ethics, the influential hacker groups Loft and Cult of the Dead Cow, the evolution of hacktivism, and the groundbreaking work on privacy-focused projects like Veilid. Tune in for insights on hacking culture, cybersecurity ethics, and the balance between creativity and responsibility in the digital age.

In this episode of Breaking Badness, Kali, Tim, and Taylor discuss two major stories shaking up the cybersecurity world. First, a researcher has discovered how attackers are exploiting Whois data to grant themselves unprecedented superpowers in the digital space. Second, the Internet Archive suffers a breach possibly exposing 31 million accounts, raising questions about the security of trusted online platforms. Join the team as they break down these complex stories, share lessons learned, and explore how organizations can better protect themselves in similar situations.

In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming game changers in threat detection and prevention. Join us as Carl Froggett, CIO at Deep Instinct, and Melissa Bischoping, Senior Director of Security at Tanium, discuss the past, present, and future of EDR, the impact of AI on cybersecurity, and how SOC teams are evolving to stay ahead of bad actors. Learn about how generative AI is influencing attacks, the challenge of SOC burnout, and the innovations shaping the future of endpoint security.

In this episode of Breaking Badness, we dive deep into the critical world of API security and governance, uncovering key strategies to keep data safe in today’s threat landscape. Special guests Matthias Friedlingsdorf (iVerify), Tristan Kalos (ESCAPE), and Aqsa Taylor (Gutsy) join the conversation to share their experiences with detecting advanced threats like Pegasus, the importance of API governance, and the powerful role bug bounty programs play in identifying critical vulnerabilities. Whether you're an API developer, cybersecurity professional, or someone navigating the risks of mobile device exploits, this episode will arm you with the knowledge to better protect your digital assets.

In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO at NetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offensive and defensive cybersecurity strategies, and the growing threat of ransomware in today’s digital landscape. With insights from BlackHat and beyond, we discuss everything from the future of phishing defense to the challenges AI poses in securing sensitive data, as well as how ransomware continues to evolve. Tune in to gain actionable insights on staying ahead of cyber threats and protecting your digital domain.

In this special Black Hat edition of Breaking Badness, Part 2 of a 5 Part Series, we dive deep into the world of vulnerability management, cyber resilience, and supply chain security. Our expert guests—Jacob Graves, Director of Solution Architecture at Gutsy, Theresa Lanowitz, Chief Evangelist at Level Blue, Pukar Hamal, CEO at SecurityPal, and Vinay Anand, Chief Product Officer at NetSPI discuss the increasing complexity of managing vulnerabilities, the critical importance of reducing mean time to detect (MTTD) and mean time to repair (MTTR), and the emerging strategies for securing the supply chain against growing risks. Learn how vulnerability management isn’t just a technical challenge but an organizational one, and explore the nuanced roles of the CIO, CTO, and CISO in maintaining a resilient cyber infrastructure.