Security Café

Quint Ketting Menno van der Horst

“Pull up a chair at the Security Café – your monthly deep dive into the hottest cybersecurity news and trends. Each episode brings you an inspiring guest and a story that will spark your imagination. Produced by Quint & Menno (Atos), this is where insights meet conversation. Don’t just stay informed—join the discussion!”

  1. 6 DAYS AGO ·  BONUS

    SecurityCafe Special | Mythos – Facts, Fiction and What You Need to Do Now

    About this episode In this special edition of SecurityCafe, Quint Ketting and Koen Maris join host Menno van der Horst for an open, no-nonsense conversation about Mythos — Anthropic's frontier AI model expected to become more widely available around mid-August. No panic, no hype — just an honest look at what will actually change, and what your organization should already have been doing. What we cover Mythos: revolution or evolution? Koen opens with a sharp reality check: if it takes five days to build an exploit today and Mythos brings that down to twenty hours — how much really changes? The hype around Mythos risks drawing attention away from what's already happening. Claude Opus 4.7 is already live, carrying many of the same capabilities, with barely anyone noticing. The real shift: accessibility The barrier to sophisticated attacks is dropping fast. It's not that experts are becoming more dangerous — it's the new wave of attackers without deep technical skills that warrants concern. Quint illustrates the point with his own experience using Claude: from building custom tools to recovering audio from a faulty recording. What this means for your organization Cyber hygiene first. If your foundations aren't in order, you already have a problem — Mythos just makes it more visible and more urgent.Third-party contracts. Patch response clauses of 90 days or more are no longer viable. Time to renegotiate.Asset management. If you don't know what you have, you don't know what to protect. A scan often reveals 40% more assets than organizations think they manage.Exposure management. Unmanaged assets are exactly where attackers will strike first.Patch cycles. Microsoft recently released 250 patches in a single Patch Tuesday — normally 10 to 20. That pattern is not a coincidence.Prepare, Respond, Adapt Koen introduces the PRA framework: we are currently in a fragile peace. Use this window well. Organizations that prepare thoroughly will weather the storm quickly. Those that don't may find themselves in a prolonged and costly recovery. Frontier AI: the next buzzword — and what it actually means Mythos is part of a broader phenomenon. Vendors like Palo Alto are already embedding the same AI engines into their defensive toolsets. The question isn't whether this will affect you — it's whether you'll be ready. Project Glasswing & responsible disclosure Anthropic has given early access to a select group of major technology companies, resulting in both an explosion of patches and new AI-powered defenses. Responsible management of this capability is exactly the right approach — and a model the industry should follow. Key takeaways Start an internal working group now. Structure it with proper governance, board-level reporting, and weekly progress reviews.Review your third-party agreements: do your SLAs still hold in a world of 24/7 patching?Don't wait for Mythos to get your basics right. A low security maturity level cannot be fixed in two months.Frontier AI is the bigger frame. Follow developments across Anthropic, Google, and others — not just the Mythos headlines.Guests linkedin.com/in/menno-van-der-horst-74710794 linkedin.com/in/koen-maris linkedin.com/in/quintketting

    29 min
  2. Navigating the Future of Cybersecurity, Frontier-AI, and Society: Insights from the Security Café

    7 MAY

    Navigating the Future of Cybersecurity, Frontier-AI, and Society: Insights from the Security Café

    SecurityCafe – Liesbeth Holterman, Cyberveilig NederlandHosts: Quint Ketting & Menno Recorded: Eindhoven Studio (our first ever in-person guest!) We always say: Prepare. Respond. Adapt. — Quint's microphone broke mid-recording. We practiced what we preached. 🎙️💀 About Our GuestLiesbeth Holterman is Managing Director of Cyberveilig Nederland — the Dutch trade association for the cybersecurity industry, focused on improving quality, transparency, and the digital resilience of the Netherlands. What We DiscussedData leaks — daily news, preventable problems Breaches are no longer weekly — they're daily. Social engineering, not sophisticated hacking, is the attacker's weapon of choice. The Odido case is a perfect example. Basic cyber hygiene remains the answer. Check your credentials: 👉 HaveIBeenPwned.com AI & Mythos — marketing or menace? Agentic AI can scan environments and find zero-days at scale. Bad actors have been using LLMs for a while already — what's new is that low-skill attackers now have access too. Bruce Schneier calls some of the fear "marketing hype" — but the underlying shift is real. The good news: in 4–5 years, defence will benefit just as much. 👉 Schneier on Security NIS2 & EU legislation Don't know where to start with cyber hygiene? Read NIS2 Article 21 — it's a solid baseline checklist. Legislation is finally getting boards to ask the right questions. 👉 NIS2 Directive | Article 21 Dutch critical infrastructure The Netherlands' legendary efficiency — remote dikes, interconnected logistics, everything online — is also its biggest attack surface. The cybersecurity workforce of tomorrow AI will reshape roles like pen testing and SOC analysis. But the need for cyber professionals is still enormous. The sector isn't thinking strategically enough about what this means. Liesbeth's call: reach out, collaborate, have the conversation. 👉 cyberveilignederland.nl 🎬 RecommendationsQuint → Hanna (Amazon Prime) A girl targeted by a CIA program for what an algorithm predicts she'll do — not what she's done. A thought-provoking lens on AI, surveillance, and pre-emptive power. 👉 IMDb Liesbeth → The Boys (Amazon Prime) Superheroes in the hands of a private corporation guided by profit, not public interest. Sound familiar? 👉 IMDb SecurityCafe — because good security conversations deserve good coffee.

    47 min
  3. The Rise of the Agents & Modern Geopolitics

    30 MAR

    The Rise of the Agents & Modern Geopolitics

    Host: Menno van der Horst Regular Guest & Chief Storyteller: Quint Ketting Special Guest: Jan Paul Oosterom (EMEA Regional Business Lead for Security, Microsoft) Episode SummaryIn this episode, the trio dives into the rapidly shifting threat landscape. While geopolitical tensions remain the "elephant in the room," the real tactical shift is happening within the realm of AI Agents. Jan Paul explains why identity management is no longer just about people—it’s about governing the thousands of non-human entities now operating within corporate environments. The team discusses the "Assume Breach" mindset, the death of "badly written" phishing emails, and why protecting your Intellectual Property (IP) requires a deep understanding of who exactly is targeting you. Key TakeawaysThe Identity of Agents: We are moving beyond managing human access. Organizations now face the challenge of managing non-human identities (AI Agents) that have their own permissions, access levels, and potential for "rogue" behavior.Assume Breach as a Culture: Security isn't just a set of tools; it’s a mindset. "Assume Breach" means every employee and executive must operate with the default action of verifying before acting, especially regarding financial transactions or data access.The Intellectual Property Target: Threat intelligence isn't one-size-fits-all. A camera manufacturer faces different risks (IP theft) than a national tax office (financial disruption). Knowing your "Why" helps you build the right "How."Timestamped Highlights[01:10] – Jan Paul Oosterom’s role at Microsoft and his remit across EMEA.[03:45] – The "Elephant in the Room": Geopolitical risks and the pace of AI evolution.[05:50] – The 10,000 Agent Problem: How one customer already has a massive fleet of autonomous agents running.[07:20] – Deep dive into Identity Management: Protecting non-human identities.[12:15] – The evolution of phishing: Why attackers are now "spot on" with their messaging.[15:30] – The "Assume Breach" mindset: Moving from "Can we stop it?" to "How do we respond when it fails?"[18:45] – Threat Intel: Identifying your specific enemies based on your business IP.[24:10] – Closing thoughts: Why the Board needs to be challenged on security.Memorable Quotes"The days that we were able to easily recognize something bad are over." — Jan Paul Oosterom "What you need to protect is probably not what you have budget for. You need to get those things in line." — Quint Ketting "If you cannot truly verify that what you see is real or good—stop it and start asking questions." — Jan Paul Oosterom The Recommendation CornerMovie: Minority Report (Recommended by Jan Paul Oosterom)Why: It explores the philosophical and ethical boundaries of "Predictive Systems"—how far can we go in flagging "criminal behavior" before a crime is even committed?Quint was referring to a movie which was actually a Serie called: Hannah

    37 min

  4. 3 MAR ·  BONUS

    Bonus Episode: The AI Shift: From Script Kiddies to Agentic Warfare

    SecurityCafe Podcast: Bonus EpisodeThe AI Shift: From Script Kiddies to Agentic WarfareIn this unplanned, deep-dive "after-talk," Menno Van Der Horst, Quint Ketting, and Max Heinemeyer peel back the curtain on the rapid evolution of AI in cybersecurity. Recorded just weeks after a massive shift in the landscape, the trio discusses why the "old ways" of hacking are being supercharged by AI agents and what this means for national resilience. Key TakeawaysThe Scaling of Social Engineering: Data leaks (passports, IBANs, addresses) are no longer just static dumps; AI can now process these at scale to create hyper-personalized phishing campaigns for thousands of victims simultaneously. The "Agentic" Shift: We are moving from static scripts to AI Agents. Unlike traditional malware, agents can make autonomous decisions, potentially making them more effective but also far more unpredictable and dangerous (the "Stuxnet with a brain" scenario). The Defender’s Dilemma: While attackers don't care about "breaking" systems as long as they get in, defenders and penetration testers must remain deterministic and safe—a gap that AI is currently making harder to bridge.Systemic Resilience: Cybersecurity is no longer just about protecting a single company; it’s about the "ecosystem." National security now depends on how well the entire supply chain—from big telcos to small vendors—is defended.Timestamped Highlights[00:41] The Four-Week Shift: Max explains how AI has hit the mainstream for both attackers and personal assistance (OpenCloud, NotebookLM).[01:15] Weaponizing Data Dumps: How AI turns old-school data leaks into targeted, automated social engineering machines.[02:45] From SQLi to Prompt Injection: Quint draws a parallel between the early days of SQL injection and the modern "hobby" of breaking LLM guardrails.[04:48] Nation-State Guardrails: A look at how China and other actors use Western AI infrastructure and the risks of "spillover" (WannaCry style) in AI-led operations.[08:27] The "Autonomous Stuxnet": What happens when an attack isn't run by a human, but by an agent with its own prompts?[09:38] The Car Wash Paradox: Menno shares a hilarious (yet scary) anecdote about an AI losing the plot, illustrating why "hallucinations" in autonomous pen-testing are a major liability.[12:39] The End of the Human Bottleneck: Max discusses how AI is removing the "human hands" requirement for vulnerability research and exploit development.[16:40] The "Football Team" Analogy: Quint argues that cybersecurity needs to move past silos—even the best "players" (companies) lose if they don't play as a coordinated unit.[21:17] Reason for Optimism: Why Max believes NIS2 and the rise of ML-driven SOC operations give defenders a fighting chance to regain the upper hand.Links & Resources MentionedBacktrack / Kali Linux: The "old school" penetration testing roots. DARPA Grand Challenge (2016): The early race for autonomous cyber defense (Shellphish & Mayhem).NIS2 Directive: The evolving European legislation for cybersecurity.Sven Herpig: Mentioned as a leading researcher on nation-state cyber policy.

    23 min

  5. 25 FEB

    The Year of the Data Leak: Why SaaS is the New Frontier (with Max Heinemeyer & Quint Ketting)

    Show Notes | Episode: The Year of the Data LeakWelcome back to the Security Cafe, the podcast where we discuss cybersecurity with good coffee, questionable humor, and guests who—for their own good—know far too much about the cyber world. In this episode, your host Menno Van Der Horst sits down with regular guest Quint Ketting (our human equivalent of a SIEM) and special guest Max Heinemeyer, a heavyweight in cyber threat intelligence and AI-driven defense. As we kick off 2026, one thing is clear: the battlefield has shifted. We are no longer just fighting off ransomware; we are living in the "Year of the Data Leak." From massive telco breaches to compromised SaaS environments, the tactics are getting louder, faster, and more automated. In this episode, we break down: The Pivot in Tactics: Why attackers are moving away from complex network encryption and towards "low-hanging fruit" like CRM databases and SaaS solutions.The Identity Crisis: How AI-driven social engineering is becoming a machine, making phishing attempts nearly indistinguishable from reality.The "Least Privilege" Paradox: Why do we still struggle with basic principles 20 years later? We discuss how a single helpdesk account can lead to 6 million compromised records.Boardroom Liability & NIS2: Moving from "security as a risk" to personal accountability for the C-suite.The Watchlist: Why Mr. Robot is being outpaced by reality and which "hacker" shows you should avoid at all costs.Special Guest Highlight: Stick around for a meta-moment where Max’s own security team accidentally proves that real-world controls actually work during our recording. Grab your coffee, log your accounts, and join us in the chaos.

    38 min

  6. 26 JAN

    Navigating Cybersecurity in a Geopolitical Landscape

    Summary: In this episode of the Cybersecurity Cafe, Menno Van Der Horst, Koen, and Quint Ketting delve into the complexities of cybersecurity in the context of geopolitical tensions and digital autonomy. They discuss the importance of preparation, adaptation, and response in maintaining business resilience and sovereignty. The conversation also touches on the role of cybersecurity frameworks like ISO 27001 and NIST in enhancing organizational resilience.   Keywords:cybersecurity, digital autonomy, geopolitical tensions, business resilience, ISO 27001, NIST, sovereignty, cyber resilience, cybersecurity frameworks, digital sovereignty     Takeaways:  Sovereignty is becoming a crucial topic in cybersecurity.Preparation, adaptation, and response are key to resilience.Geopolitical tensions impact digital autonomy.ISO 27001 and NIST frameworks aid in resilience.Understanding your organization's purpose is vital.Cyber resilience protects brand and organization.Frameworks focus on preventing incidents.Resilience ensures business continuity.Digital sovereignty is linked to data control.Effective cybersecurity requires both planning and execution.

    32 min
  7. What to Expect in 2026?

    23/12/2025

    What to Expect in 2026?

    🎄 Security Café Christmas Special! 🎄 What does the future of cybersecurity look like in 2026? In this episode of the Security Cafe Podcast, host Menno van der Horst and guests Quint Ketting and Fred Streefland discuss the future of cybersecurity, focusing on predictions for 2026. They explore current trends, the impact of AI, the importance of government involvement, and the need for digital education. The conversation highlights the increasing threat of cybercrime and the necessity for organizations to adapt to new challenges in the digital landscape.   ✔ AI-driven security & prompt injection challenges ✔ Why government involvement is critical ✔ The role of digital education for future generations ✔ How collaboration can fight cybercrime – now the third-largest economy in the world Grab a coffee (or a mulled wine 🍷) and tune in to this insightful conversation! 🎧 Listen now! #Cybersecurity #ChristmasSpecial #AI #DigitalEducation #Cybercrime #SecurityTrends #Technology

    28 min
  8. AI and Cybersecurity: A New Frontier

    05/12/2025

    AI and Cybersecurity: A New Frontier

    In this episode of the Security Cafe Podcast, host Menno Van Der Horst and guests Ahmed Achchak and Quint Ketting discuss the intersection of AI and cybersecurity. They explore how AI can be both a tool for attackers and a defense mechanism for businesses. The conversation delves into the importance of trust in AI systems, the role of data in enhancing security operations, and the challenges posed by generative AI. The episode emphasizes the need for basic cybersecurity hygiene and the potential of AI to transform security operations while maintaining human oversight. Video Link: SecurityCafe ep29

    34 min
See All (25)

About

“Pull up a chair at the Security Café – your monthly deep dive into the hottest cybersecurity news and trends. Each episode brings you an inspiring guest and a story that will spark your imagination. Produced by Quint & Menno (Atos), this is where insights meet conversation. Don’t just stay informed—join the discussion!”

Information

  • Creator
    Quint Ketting Menno van der Horst
  • Years Active
    2025 - 2026
  • Episodes
    25
  • Rating
    Explicit
  • Copyright
    © 2025 Quint Ketting Menno van der Horst
  • Show Website
    Security Café

You Might Also Like