Financial markets make good targets for criminals - after all, that's where the big money is. Surprisingly, many of these criminals are not your run-of-the-mill black hat hacker, but brokers registered with the SEC: genuine finance industry professionals – check it out...

October 18, 2022 /

Rachel Tobac is a hacker and CEO of SocialProof Security, where she helps people and companies keep their data safe by training and pentesting them on social engineering threats like Vishing and the many psychological tricks attackers employ to hack people – check it out...

October 11, 2022 /

Some stock traders are willing to go to great lengths to get information before anyone else, even hacking into trading technologies to gain an unfair advantage and make a fortune along the way–check it out...

October 4, 2022 /

The Malicious Life Podcast Team is excited to announce that we won the This Week in Tech Technology Category honor at the 17th Annual People's Choice Podcast Awards...

October 3, 2022 / 1 minute read

As their name implies, LulzSec was known for trolling their victims:, and while their childish behavior might have fooled some people into thinking that LulzSec was harmless, the story you’re about to hear will show they were anything but – check it out...

September 28, 2022 /

The US government says that Kim Schmitz, better known as Kim DotCom, is the leader of a file sharing crime ring. He sees himself as an internet freedom fighter: a fugitive on the run from vindictive overly-powerful governments. Can King Kimble escape the wrath of the USA? Check it out...

September 19, 2022 /

Multi-Factor Authentication (MFA) is usually considered a better solution for authentication – but Roger Grimes, a veteran security professional and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provide us is false - check it out...

September 13, 2022 /

Language models are everywhere today, and most interestingly they are available via several experiential projects trying to emulate natural conversations such as OpenAI’s GPT-3 and Google’s LaMDA. Can these models be hacked to gain access to the sensitive information they learned from their training data? Check it out...

September 6, 2022 /

In May 2021, following the SolarWinds and the Colonial Pipeline attacks, the Biden administration published a presidential Executive Order mandating the use of SBOMs - Software Bill of Materials - in all government agencies. What are SBOMs and how useful are they in cybersecurity? Nate Nelson talks to two experts: Allan Friedman (CISA) and Chris Blask (Cybeats) - check it out...

August 31, 2022 /

A ruthless person for whom the end truly justifies the means, Leo Kuvayev was very successful as a cybercriminal. But even a genius criminal can go just one step too far - check it out...

August 22, 2022 /

Railway systems are a mess of old systems built on top of older systems, running ancient operating systems. Why are railway systems so difficult to defend, and what are the most probable attack vectors against them? Israel Railway's first ever CISO discusses why - check it out...

August 15, 2022 /

The Anom was the holy grail of dark, illegal communication: a mobile phone that could send encrypted messages that even included a secret Kill-Switch to foil attempts by law enforcement agents to get to its contents. Thousands of criminals used the Anom, certain that they were completely safe from the police - they were wrong - check it out...

August 8, 2022 /

Ken Thompson is a legendary computer scientist who also made a seminal contribution to computer security in 1983 when he described a nifty hack that could allow an attacker to plant almost undetectable malicious code inside a C compiler. Surprisingly, it turns out a very similar hack was also used in the SolarWinds attack - check it out...

August 1, 2022 /

Silk Road’s success did more than bring the site more sellers and buyers, it also brought it more attention from law enforcement agencies as well as malicious hackers and other shady characters. Some of these shady characters, it turns out, were part of the task force aiming to shut down Silk Road - check it out...

July 25, 2022 /

Your organization was hit by ransomware, and it is now time to negotiate the terms of a deal that will bring back your data and (hopefully) won’t leave the company’s coffers empty. But are you sure you know what you’re doing? Are you certain that you won’t screw up the negotiations and do more harm than good? Check it out...

July 18, 2022 /

Ross Ulbricht always had a thing with testing his limits. He was also an avid libertarian who wanted to change the world. So, in 2010, he came up with the idea to build a truly free market: a website where anybody can buy and sell anything anonymously - including illegal drugs - check it out...

July 12, 2022 /

Will Bitcoin and the other cryptocurrencies be able to replace money as we know it today? Will governments embrace a future where they have no control over their currencies? Jacob Goldstein (Planet Money, What's Your Problem) talks to Nate Nelson about what the future holds for Bitcoin - check it out...

July 5, 2022 /

Years before credit card transactions gave banks and data-brokers free access to our private financial information, a man named David Chaum became the first person to really, materially grapple with the problem of privacy in money. His ideas inspired a movement of "Crypto Anarchists" who aspired to change money forever - check it out...

June 27, 2022 /

This special Malicious Live Ask Us Anything event celebrates the 5 year anniversary of the show: How did Malicious Life come to be? How do we choose the stories we tell? Who was Ran's most memorable guest? And why does Nate keep inserting weird names into the scripts? Check it out…

June 21, 2022 /

Hector - better known as Sabu, the ringleader of the LulzSec hacking group - knew the FBI was on to him. But it turned out that of all the people who broke or disregarded the law in this particular story, only one man had a reason to be worried: Jeremy Hammond - check it out…

June 17, 2022 /

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

June 13, 2022 /

AbdelKader Cornelius, a German Threat Researcher and an expert on the cybercrime ecosystem, shares a story about how he helped German police put a sophisticated cybercriminal behind bars by uncovering tiny mistakes the hacker made in the past. - check it out…

May 31, 2022 /

An anonymous hacker posted a list of 6.5 Million encrypted passwords for LinkedIn users on a Russian forum. These passwords were hashed using an outdated and vulnerable hashing algorithm and were also unsalted. Lawsuits followed shortly… can we trust big organizations to keep our secrets safe? Check it out…

May 24, 2022 /

We delve into a recently discovered cyber-espionage campaign targeting the Defense, Energy, Aerospace, Biotech and Pharma industries conducted by the Winnti Group (APT 41, BARIUM, and Blackfly) - a Chinese state-sponsored APT group known for its stealth and sophistication...

May 17, 2022 /

In 2007, Estonia suffered a large-scale DDoS attack which crippled many organizations and digital services. Joseph Carson, a Security Scientist and adviser to several governments discusses the lessons learned from that event and how Estonia became 'A Cloud Country' - check it out…

May 9, 2022 /

In May 1990, a massive operation carried out by hundreds of Secret Service and FBI agents was focused on a new type of crime: Hacking. But every action has an equal and opposite reaction, and the reaction to Operation Sundevil was the birth of a new power in the cybersphere: the Electronic Frontier Foundation - check it out…

May 2, 2022 /

The MITRE Attack Flow Project is a new way to visualize, analyze and share knowledge about sequences of adversary behavior. Ingrid Skoog, Ass. Director of R&D at the Center for Threat-Informed Defense, and Cybereason CISO Israel Barak discuss the benefits of the MITRE Attack Flow project to Defenders and executives alike - check it out…

April 25, 2022 /

When 24-year-old Aaron Swartz was caught scraping millions of science articles off of JSTOR, he faced up to 35 years in prison plus a fine of up to 1 million dollars. Did Aaron's crime justify such a harsh punishment? Check it out…

April 19, 2022 /

Several weeks after the invasion of Ukraine by Russian forces, and the lights are still on and other important infrastructure is still operating. Cybereason CEO Lior Div, CTO Yonatan Striem-Amit, and CSO Sam Curry examine what we know so far about the cyber aspect of the conflict...

April 11, 2022 /

Due to some controversy in the community over the airplane hacking episode, we have decided to remove it from the playlist...

April 5, 2022 /

What issues should CISOs be prioritizing, and how can they get the most bang for their buck? An esteemed panel of accomplished security leaders discuss the challenges for 2022 and more - check it out...

March 31, 2022 /

DIE, an acronym for Distributed, Immutable and Ephemeral, is a framework for designing secure systems where we should treat our precious data less like pets and more like cattle. Sound confusing? New paradigms always are - check it out…

March 28, 2022 /

Wayman Cummings, VP of Security Operations at Unisys, examines how industry stagnation impacts the security for our critical infrastructure, the value true public-private partnerships can bring and more - check it out...

March 24, 2022 /

We usually count the damage from a cyberattack in Dollars and Euros, but the psychological damage to the victims is rarely discussed. Can scams, hacks, and breaches lead to Cyber Post-Traumatic Stress Disorder? Check it out…

March 22, 2022 /

Renee Guttmann needed a way to determine and communicate the right decisions to the organization, so she developed the “Six-Minute Rule” as a guide - Renee explains how to help stakeholders make informed risk/reward decisions - check it out...

March 17, 2022 /

What is the most critical of all critical infrastructure? According to Jeff Engles, it's our Banking and Finance systems - Jeff joins us to discuss the resilience of our financial system and potential worst-case scenarios - check it out…

March 16, 2022 /

This final episode of the series is going to explore how the Crypto AG spying operation was kept secret for over 70 years from governments, military and intelligence services, and even the company’s own personnel - check it out…

March 10, 2022 /

ISACs were formed to promote the centralized sharing of threat intel within a particular sector. Grant Sewell, Director of Security at AHEAD, shares his experience in working with an ISAC and how this benefited his organization - check it out...

March 10, 2022 /

Quantum Computing is a revolutionary technology, but what's the threat posed by Quantum attacks on encryption, and is the first major attack even closer than most of us think? Check it out…

March 7, 2022 /

Richard Clarke, who spent several decades serving Presidents of both parties, provides some pragmatic tips for effectively communicating the need to invest in security in terms the Board of Directors can support - check it out...

March 3, 2022 /

How did Boris Hagelin succeed in selling compromised cipher machines to half the world over more than 50 years? Was there some kind of backdoor - or it was more clever than that? Check it out…

February 28, 2022 /

What was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, CEO of Zero Networks, takes us deeper - check it out...

February 24, 2022 /

Threat Research lead Assaf Dahan discusses new discoveries about Iranian APTs Moses Staff and Phosphorus that blur the line between state-sponsored attacks and criminal activity - check it out…

February 22, 2022 /

What issues should CISOs be prioritizing, and how can they get the most bang for their buck while minimizing risk and maximizing outcomes? Join our panel of esteemed CISOs from multiple industries as they share their perspectives...

February 18, 2022 / 1 minute read

How does the CISO establish the value proposition for an investment? Jack Jones, Chief Risk Scientist at RiskLens, discusses using a well-tested risk framework to evaluate current state of loss exposure - check it out...

February 17, 2022 /

General McArthur, Egypt's Anwar Sadat, and Iran's Ayatollah Khomeini: these are just a few of the dozens (likely hundreds) of targets in the biggest, most ambitious hacking operation ever - check it out…

February 14, 2022 /

Security departments need to acquire tool after tool over - Kevin Richards walks through a very creative method for getting the budget you need and explains how to leverage the current environment to “find” new sources of funding...

February 10, 2022 /

Attacks against Small-to-Medium size businesses (SMBs) accounts for 40% to 50% of all data breaches. Josh Ablett, founder and CISO of Adelia Risk, discusses security for SMBs - spoiler: it's not a pretty picture - check it out…

February 7, 2022 /

When a particular skill is needed that is not available, what do you do? Should you hire someone externally or bring in a consultant? CISO John Iatonna discusses his experience in making these tough decisions - check it out...

February 3, 2022 /

In this episode, we go back to the Yom Kippur War of 1973 to discover how a national trauma and an intelligence failure paved the way for Israel to become a cybersecurity mini-empire - check it out…

January 31, 2022 /

The locus of control has been slipping away from IT teams - and by default Security teams. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change - check it out...

January 27, 2022 /

Pete Herzog, co-founder of ISECOM and Hacker Highschool, wants our kids to learn about cybersecurity - especially the more advanced stuff like security analysis and hacking - check it out...

January 24, 2022 /

Steve Orrin, Federal CTO at Intel, joins the podcast to discuss approaches to remaining compliant with the various laws when moving to the cloud - check it out...

January 20, 2022 /

A cryptic message posted on 4Chan in January 2012 started thousands of crypto-lovers competing to be the first to crack the puzzles created by the mysterious Cicada 3301. Who is Cicada3301, and what are their goals? Check it out...

January 18, 2022 /

Organization's may be leaking information without proper procedures in place - CCO/CPO Samantha Thomas explains how she changed this and the law in the process - check it out...

January 13, 2022 /

Jeff Man was one of the first people at the NSA to make the transition from hardware to software, and he shares with us his experiences from that period - check it out…

January 10, 2022 /

Dawn-Marie Hutchinson, CISO at BAT, has navigated organizations during crises with a “play like you practice” Incident Response approach - check it out...

January 6, 2022 /

When the FBI asked Apple to write code that would give the FBI access to a suspect's iPhone, Apple refused, arguing it violates the First Amendment - check it out…

January 4, 2022 /

CISO Leon Ravenna dives into cyber insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs...

December 29, 2021 /

Yonatan Striem-Amit, CTO & Co-Founder of Cybereason discusses the Log4j vulnerability and the unusual vaccine dubbed Logout4Shell that uses the the Log4Shell exploit to close the vulnerability - check it out…

December 27, 2021 /

Jim Routh joins the podcast to discuss his experience around creating over 300 models using data science, machine learning and automated incident response to bolster the security posture for a large commercial organization - check it out...

December 22, 2021 /

Shawn Carpenter - an employee of Sandia National Laboratory - was at a crossroads: should he ignore a Chinese attack against U.S. targets as his superiors ordered him to do, or continue investigating the case on his own? Check it out…

December 20, 2021 /

How does the CISO ensure that the proper skills are maintained to continue to lead the security organization? ISSA President Candy Alexander joins the podcast to discuss how CISOs can stay on top of their game - check it out...

December 16, 2021 /

Ken Westin, Director of Security Strategy, discusses the findings in recent report "Organizations at Risk: Ransomware Attackers Don’t Take Holidays" - including why ransomware attacks today are so effective and dangerous - check it out...

December 13, 2021 /

Are you reporting the same risks each year? This may be due to lack buy-in from senior management - Chris Apgar joins the podcast to discuss how to show that funding security initiatives is more than just risk avoidance - check it out...

December 9, 2021 /

Microsoft Tay could tweet, answer questions and even make its own memes - but within mere hours of going live, Tay began outputting racist, anti-Semitic and misogynist tweets - check it out...

December 6, 2021 /

Infosec skills don’t necessarily transfer to CISO skills, but CISO skills are 100% transferable to your infosec career - Richard Kaufmann VP/CISO at Amedisys discusses how growth begins outside of your comfort zone...

December 2, 2021 /

Black Hills Infosec founder John Strand discusses The Wild West Hackin’ Fest - a unique security conference that emphasizes diversity and lowering the barriers to entering the world of security...

November 29, 2021 /

Regulations provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security?

November 24, 2021 /

To capture Alexey Ivanov and his business partner and bring them to justice, the FBI created an elaborate ruse: a fake company named Invita, complete with a fake website and a fake office building - check it out...

November 22, 2021 /

How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? Ricardo Lafosse, CISO at Kraft Heinz, explains - check it out...

November 18, 2021 /

William Miaoulis. CISO at Auburn University, joins the podcast to discuss some of the typical situations that lead to the exposure of sensitive information and how to prevent them - check it out...

November 11, 2021 /

Alexey Ivanov thought he had a brilliant idea: hack American corporations and then blackmail them to force them to contract his services as a security consultant - so what could go wrong? Check it out...

November 8, 2021 /

Allison Miller, CISO at Reddit, discusses the nexus of Security, Privacy and Trust - should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? Check it out...

November 4, 2021 /

The NSA is one of the world's most formidable intelligence operations. We spoke at length with Ira Winkler, CISO, Skyline Technology Solutions, who started his career at the NSA - check it out...

November 1, 2021 /

Charles Cresson Wood joins the podcast to discuss the five key mistakes teams make in creating and delivering impactful policies for any organization - check it out...

October 28, 2021 /

Marcus Hutchins became a hero for stopping the WannaCry attacks despite his troubled past as the teenage hacker who created the dangerous rootkit KRONOS - should a criminal-turned-hero be punished for past crimes? Check it out...

October 25, 2021 /

Todd Inskeep walks us through the lessons learned after managing a NotPetya ransomware attack. Don’t miss this podcast for valuable insights from a real-life scenario - check it out...

October 21, 2021 /

Newly identified Iranian threat actor MalKamak that has been leveraging a new and sophisticated RAT (remote access trojan) dubbed ShellClient that abuses Dropbox for C2 (command and control)...

October 18, 2021 /

Steven Lentz joins the podcast to explain how he successfully engaged the workforce through creative and visible security awareness methods - check it out...

October 14, 2021 /

Smart TVs - equipped with microphones, cameras, and an internet connection - are the weakest link in smart home security. So, is a person's smart home still their castle? Check it out...

October 11, 2021 /

CISO Kathy Wang discusses challenges in extending detection and response capabilities to cloud deployments while ensuring threats are correlated across endpoints, mobile, application suites and user identities - check it out...

October 7, 2021 /

Cybereason CISO Israel Barak delves into the MITRE ATT&CK framework and explains how it can help organizations get better at detecting stealthy advanced attacks - check it out...

October 4, 2021 /

Every organization must be able to respond to an attack quickly - Sam Monasteri joins the podcast to discuss key steps to implement in an incident response plan without breaking the bank...

September 30, 2021 /

Every year there’s a new story of some software like 'Tik Tok' or 'FaceApp' from a hostile country that may be a security threat to us in the West - so what should be done in cases like this? Ira Winkler joins the discussion - check it out...

September 27, 2021 /

CISO Kevin Novak explains how to bring business units together to form your own DEFCON-type event in-house or in partnership with other organizations - check it out...

September 23, 2021 /

Jack Rhysider discusses the origins of Darknet Diaries and the effect the show’s success has had on his personal life - which you might be surprised to discover wasn’t always 100% positive - check it out...

September 20, 2021 /

Melanie Ensign joins the podcast to explain how security teams benefit from relationships with the communications and public relations specialists before, during and after a breach event - check it out...

September 16, 2021 /

A mysterious stranger approached an employee of Tesla's Gigafactory and offered him 1 million dollars to insert a malware-laden USB flash drive into a company computer - check it out...

September 13, 2021 /

Rachel Tobac delves into social engineering where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature - check it out...

September 9, 2021 /

Lt. Colonel (Ret.) Bill Hagestad examines how China's culture and troubled history of western colonialism influenced its government views regarding the internet and its interactions with western tech companies...

September 7, 2021 /

What happens when you get the funding you asked for? CSO James Christiansen joins the podcast to discuss security budgeting lessons learned you won’t want to miss - check it out...

September 2, 2021 /

What do you get when you take a gun-toting cybersecurity pioneer and add a serious amount of money to the mix? You get John McAfee's unbelievable life and times - check it out...

August 30, 2021 /

Jonathan Nguyen-Duy, VP Field CISO Team, joins this podcast to discuss strategies for working with MSSPs to ensure that your organization is obtaining the most value - check it out...

August 26, 2021 /

So how far have security solutions and capabilities come in a decade? Art Coviello, former CEO of RSA Security, is joined by Malcolm Harkins, former CSO at Intel, to discuss the cybersecurity landscape 10 years after the RSA Breach - check it out...

August 23, 2021 /

David Nolan, Vice President of Information Security at Aaron’s, joins the podcast to discuss how to achieve consensus on security in the organizations - check it out...

August 19, 2021 /

Cybereason identified several attack campaigns targeting the telecoms industry across Southeast Asia that are assessed to be the work of multiple Chinese APT groups - Nocturnus Team lead Assaf Dahan discusses the implications...

August 16, 2021 /

Kerissa Varma discusses the security skills shortage and her initiative to recruit people from fields who have skill sets applicable to security, but they might not even know it - check it out...

August 11, 2021 /

The Jester is a patriotic, pro-American Hacktivist that since 2010 has waged a personal cyberwar against an array of targets. So, who is The Jester and what can we make of his reported exploits? Check it out…

August 9, 2021 /

Kevin Morrison, CISO at Alaska Air Group, joins the podcast to discuss strategies for dealing with salespeople and selecting the best products for the organization - check it out...

August 5, 2021 /