Security by Default

Joseph Carson

Security by Default is a cybersecurity podcast hosted by Joseph Carson, a renowned ethical hacker and security expert. Each episode dives into the latest security trends, real-world threats, and practical advice for staying safe in the digital world. With insightful interviews and clear explanations, Joseph makes complex topics accessible for both IT professionals and curious listeners alike.

  1. Cyber Ops and OSINT with the Grugq

    JAN 20

    Cyber Ops and OSINT with the Grugq

    In this episode of the Security by Default podcast, host Joseph Carson engages with the Grugq, a cybersecurity expert and PhD student, discussing his journey into the field, the evolution of cybersecurity practices, and the complexities of information warfare. The Grugq shares insights on anti-forensics, the importance of understanding human behavior in cybersecurity, and the current landscape of cyber warfare, particularly in the context of the ongoing conflict in Ukraine. The conversation highlights the challenges and changes in the cybersecurity field, emphasizing the need for clarity and understanding in a chaotic information environment. Takeaways The Grugq's journey into cybersecurity began with a Unix book.He transitioned from internships to freelancing in cybersecurity.Moving to Thailand helped reduce living costs while consulting.Understanding anti-forensics is crucial for effective cybersecurity.The rules of cyber warfare differ significantly from peacetime operations.Information warfare involves changing how people interpret information.The Grugq emphasizes the importance of human behavior in cybersecurity.Staying updated in cybersecurity requires monitoring current events and engaging with experts.The evolution of cybersecurity tools has made it easier for new actors to operate.The Grugq's PhD research focuses on the realities of cyber warfare. Additional Resources: https://x.com/thegrugq https://github.com/grugq

    46 min
  2. From Prosecutor to CSO: Joe Sullivan on Cybersecurity Leadership, Crisis, and Resilience

    JAN 6

    From Prosecutor to CSO: Joe Sullivan on Cybersecurity Leadership, Crisis, and Resilience

    In this episode of the Security by Default podcast, host Joseph Carson interviews Joe Sullivan, a prominent figure in cybersecurity. They discuss Joe's journey from a federal prosecutor to the Chief Security Officer at Facebook, exploring the challenges and expectations in transitioning from government to private sector roles. The conversation delves into the evolving landscape of cybersecurity, the impact of ransomware, and the importance of crisis management and preparedness. Joe shares valuable lessons for aspiring security executives and highlights the significance of understanding technology in leadership roles. The episode concludes with Joe's current projects, including his nonprofit initiative, Ukraine Friends, which provides laptops to children affected by the war in Ukraine. Takeaways Security is possible for everyone.Joe Sullivan's journey reflects a unique path into cybersecurity.Transitioning from government to private sector presents challenges.Understanding corporate culture is crucial for success.Measuring success in cybersecurity requires clear metrics.Ransomware has fundamentally changed the cybersecurity landscape.Security leaders are increasingly reporting to CEOs.Crisis management is essential for organizational resilience.Aspiring security executives should focus on business understanding.Giving back to the community is a vital part of the cybersecurity profession. Sound bites "Security is possible for everyone.""I got an MBA through osmosis.""The expectations were so high." Chapters 00:00 Introduction to Security by Default Podcast01:02 Joe Sullivan's Journey into Cybersecurity05:10 Transition from Government to Private Sector11:06 Navigating the Corporate Landscape15:48 Measuring Success in Security20:04 The Impact of Ransomware on Cybersecurity28:01 The Evolving Role of Security Leaders30:57 Understanding Business Strategy in Security32:59 Risk Management and Business Partnership33:52 Navigating Technology Risksli...

    48 min
  3. Laughing with Cyber - A Standup Comedy Special with Ian

    2025-12-23

    Laughing with Cyber - A Standup Comedy Special with Ian

    In this episode of the Security by Default podcast, host Joseph Carson welcomes Ian Murphy, a cybersecurity expert and stand-up comedian. They discuss Ian's unconventional journey into cybersecurity, his experiences at the MOD and Symantec, and his transition to self-employment and comedy. Ian shares insights on the importance of storytelling in both cybersecurity awareness and comedy, as well as navigating online criticism and audience interactions. The conversation highlights the need for humor in serious industries and the value of real human connections. Takeaways Ian's journey into cybersecurity was unplanned and unconventional.The importance of storytelling in both cybersecurity and comedy.Self-employment offers freedom but comes with challenges.Humor can be a powerful tool in serious industries.Navigating online criticism requires thick skin and perspective.Comedy is subjective, and not everyone will appreciate it.Real human interactions are essential in today's digital age.Learning from experiences is crucial for growth in any field.Networking and peer relationships are vital for success.Life is better when you find joy and laughter in everyday situations. Titles From Cybersecurity to Comedy: Ian Murphy's Journey The Power of Storytelling in Cybersecurity and Comedy Sound bites "I wanted to be a footballer." "Comedy is subjective." "You need to grow the fuck up." Chapters 00:00 Introduction to the Podcast and Guest00:56 Ian's Origin Story and Journey into Cybersecurity06:29 Experiences at MOD and Symantec10:44 Transitioning to Self-Employment and Freedom14:27 The Switch to Stand-Up Comedy22:05 The Impact of Humor in Cybersecurity Awareness30:06 Audience Feedback and Social Media Interaction31:54 The Power of Audience Engagement34:49 Navigating Controversy in Comedy37:43 The Art of Timing and Response40:47 Comedy as a Reflection of Life43:44 The Evolution of Comedy and Storytelling49:53 Learning

    57 min
  4. From Hacker to Hollywood: Alissa Knight's Journey

    2025-12-16

    From Hacker to Hollywood: Alissa Knight's Journey

    In this episode of the Security by Default podcast, host Joe Carson engages with cybersecurity expert Alissa Knight, who shares her unique journey into the world of hacking and cybersecurity. They discuss the evolution of hacking, the challenges of API security, and the transformative impact of AI on the industry. Alissa emphasizes the importance of continuous learning and adapting to new technologies, while also reflecting on her career shifts and the significance of storytelling in cybersecurity marketing. The conversation highlights the need for organizations to invest in their employees' education and the future of cybersecurity innovation. Takeaways Alissa started hacking at the age of 13, driven by curiosity.The early days of hacking were like the wild west, with fewer resources.A significant turning point in Alissa's life was her arrest at 17.Cybersecurity offers lucrative career opportunities for skilled individuals.API security is a growing concern as more services rely on APIs.AI is reshaping the cybersecurity landscape, creating new challenges and opportunities.Continuous learning is essential in the fast-evolving field of cybersecurity.Organizations must invest in training their developers in secure coding practices.Storytelling can be a powerful tool in cybersecurity marketing. The future of cybersecurity will heavily involve AI and automation. Sound bites "It was the wild, wild west." "I was arrested on my school campus." "This industry pays very well." Chapters 00:00 Introduction to the Podcast and Guest00:57 Alissa Knight's Unique Origin Story05:30 The Evolution of Hacking and Cybersecurity10:54 Turning Points and Career Shifts16:10 The Impact of DDoS Attacks on Career Paths20:57 The Importance of API Security24:06 Hacking APIs and Security Vulnerabilities27:52 The Evolution of AI in Coding31:30 From Cybersecurity to Hollywood36:32 Introducing ARIES: AI for Cybersecurity39:03 The Importance of Continuous Learning in Cybersecurity Resources https://www.linkedin.com/in/alissaknight/ https://www.knightgroup.co/ https://microreels.com/ https://www.youtube.com/@AlissaKnightArchives

    47 min
  5. Building Trust in Customer Success with David Muniz

    2025-12-09

    Building Trust in Customer Success with David Muniz

    In this episode of the Security by Default podcast, Joseph Carson engages with David Muniz to explore the evolving landscape of cybersecurity. They discuss the importance of diversity in the field, the distinction between customer success and support, and the critical role of trust in business relationships. The conversation also delves into the Zero Trust paradigm, emphasizing the need for a human-centric approach in cybersecurity. David shares insights on staying updated in a rapidly changing industry and the significance of happiness in the workplace, concluding with thoughts on the human element in cybersecurity. Keywords cybersecurity, customer success, zero trust, trust in business, diversity in tech, human relationships, customer support, industry insights, happiness in work, staying updated Takeaways ·       Customer success focuses on long-term relationships, not just immediate problem-solving. ·       Trust is a key component in building successful customer relationships. ·       Zero Trust is about managing trust dynamically, not eliminating it. ·       Customer success involves understanding what success means to the customer. ·       Building trust requires consistent and reliable service. ·       Human interactions are crucial in customer success, even in a digital world. ·       Customer success can lead to increased revenue through renewals and up-selling. ·       Trust in cybersecurity involves both technical and human elements. ·       Effective customer success strategies can differentiate a company in the market. ·       Balancing security with user experience is essential for customer satisfaction. Sound bites ·       "Customer success is about long-term relationships." ·       "Trust is not just assumed; it must be earned." ·       "Zero Trust is about managing trust, not eliminating it." ·       "Success is defined by the customer's perspective." ·       "Human interactions are crucial in a digital world." ·       "Trust leads to increased revenue and loyalty." ·       "Cybersecurity involves both technical and human elements." ·       "Balancing security with user experience is key." ·       "Customer success can differentiate a company." ·       "Trust is a business differentiator." Chapters 00:00 Introduction to Cybersecurity and Guest Background 04:10 The Importance of Diversity in Cybersecurity 08:41 Understanding Customer Success vs. Customer Support 12:52 Building Trust in Customer Relationships 17:15 The Role of Zero Trust in Cybersecurity 22:07 Understanding Zero Trust and Its Implications 27:33 The Dynamic Nature of Trust in Cybersecurity 32:01 The Human Element in Building Trust Additional Resources The Trust Paradox: A Cybersecurity Mindset for Human Relationships https://www.linkedin.com/pulse/trust-paradox-cybersecurity-mindset-human-david-muniz-f9fzf The Hidden ROI of Trust in Business and Cybersecurity...

    42 min
  6. Transforming Cybersecurity Awareness Training with Michael Waite

    2025-12-03

    Transforming Cybersecurity Awareness Training with Michael Waite

    In this episode of Security by Default, host Joe Carson sits down with Michael Waite from Dune Security to explore how AI is reshaping cybersecurity and why it’s time to rethink traditional awareness training. As cyber threats become more sophisticated, personalized, and AI-powered, organizations can no longer rely on outdated, one-size-fits-all learning models. Joe and Michael break down what modern cybersecurity training should look like, how to engage employees more effectively, and why empowering people both inside and outside the office is essential to strong defense. What You’ll LearnHow AI is transforming both cyber attacks and defensive strategiesWhy the volume and quality of phishing attempts continue to riseThe limitations of traditional annual awareness trainingThe shift toward personalized, role-based learningHow real-time intervention improves security habitsWhy cybersecurity awareness must extend beyond the workplacePractical ways to engage employees and build a security-first cultureThe importance of collaboration and communication across teamsHow threat intelligence informs more effective training programs Key TakeawaysAI is rewriting the threat landscape.Attackers are faster, more convincing, and more scalable than ever.Generic awareness training is no longer enough.Personalization is essential to reducing real-world risk.Engagement drives stronger security culture and better outcomes.Cybersecurity begins at home, not just at work.Bite-sized, real-time lessons are more effective than long annual videos.Employees are part of the detection engine—and must be empowered accordingly. Memorable Quotes“Cybersecurity doesn’t start in the office.”“The one size fits all approach is dead.”“We need to democratize security.”“Let’s give individuals the tools they need.”“We need to make cybersecurity more fun.”“This is my favorite thing to talk about.” Episode Chapters00:00 – Introduction to the Chaos of Cybersecurity 03:05 – The Impact of AI on Cybersecurity 09:40 – Best Practices for Cybersecurity Awareness 18:51 – Personalizing Cybersecurity Training 27:00 – Engaging Employees in Cybersecurity 29:20 – Resources for Further Learning Additional Resources: https://www.linkedin.com/in/mr-michael-waite/ https://www.dune.security/ https://www.dune.security/threat-intelligence-report

    32 min
  7. Hacking AI and Building Trustworthy Systems: Insights from Satu Korhonen

    2025-11-19

    Hacking AI and Building Trustworthy Systems: Insights from Satu Korhonen

    In this episode of the Security by Default podcast, Joseph Carson and guest Satu Korhonen a passionate practitioner, researcher and founder of Helheim Labs delve into the intersection of AI and cybersecurity. They discuss the challenges and opportunities in creating trustworthy AI systems, the importance of collaboration between AI and cybersecurity professionals, and the role of regulation in ensuring AI safety. Satu shares her journey from education to AI, highlighting key moments and insights from her career. The conversation also touches on the EU AI Act, the importance of understanding AI's limitations, and the need for a balanced approach to AI development. Key Takeaways AI systems are fundamentally probability-based, not perfect.Collaboration between AI and cybersecurity is crucial for safety.The EU AI Act focuses on human rights and risk management.Understanding AI's limitations is key to using it effectively.AI can enhance productivity but requires careful implementation.Training AI with both good and bad data improves its robustness.AI should serve humans, not the other way around.Hacking AI can reveal vulnerabilities and improve security.Community events like hacker camps foster innovation and learning.AI's role in society should be carefully considered and discussed. Chapters 00:00:00 Introduction to AI and Cybersecurity 00:03:00 Satu's Journey into AI 00:09:00 Trustworthy AI and the EU AI Act 00:15:00 Challenges in AI and Cybersecurity Collaboration 00:21:00 The Role of Community and Events in AI Resources: https://hackai.quest/ https://helheimlabs.ai/ https://helheimlabs.ai/about-satu-korhonen/ https://www.linkedin.com/in/satu-m-korhonen/ https://why2025.org/ https://www.ccc.de/en/home https://events.ccc.de/en/ https://disobey.fi/2026/

    40 min
  8. Identity Threats, AI Attacks, and the Power of Community with Filipi Pires

    2025-11-05

    Identity Threats, AI Attacks, and the Power of Community with Filipi Pires

    In this episode of the Security by Default podcast, host Joe Carson welcomes back Filipi Pires, Head of Identity Threat Labs & Global Product Advocate at Segura® to discuss the latest trends in identity threats and cybersecurity. They explore the evolution of attacks, particularly focusing on social engineering and the role of AI in both offensive and defensive strategies. Filipi shares insights from recent events, including the significance of BSides conferences in fostering community and knowledge sharing. The conversation emphasizes the importance of a zero trust approach and the need for continuous education in cybersecurity. Key Takeaways The BSides community is essential for cybersecurity education.Attackers are increasingly using social engineering techniques.AI is being leveraged by both attackers and defenders.Zero trust is a critical framework for modern security.Organizations must implement multiple layers of protection.Credential theft is a major concern in identity threats.B-Sides events provide networking opportunities for newcomers.Cybersecurity Awareness Month is a time for reflection and improvement.The rise of AI in social engineering poses new challenges.Community-driven events like B-Sides foster collaboration and learning. Chapters 00:00 Introduction to Security by Default Podcast01:59 Understanding BSides Events05:57 Current Trends in Identity Threats11:50 The Evolution of Authentication Methods14:57 The Rise of InfoStealer Malware18:52 AI's Role in Cybersecurity Threats21:13 AI in Cybersecurity: Defensive and Offensive Perspectives24:36 The Role of APIs and Observers in Cybersecurity26:06 Best Practices for Securing AI in Organizations31:04 BSides Porto: Community and Event Insights39:06 Future BSides: Expanding to Porto Alegre Resources: https://www.linkedin.com/in/filipipires/ https://segura.security/ https://www.instagram.com/filipipires.sec/ https://segura.security/events/filipi-pires https://www.linkedin.com/showcase/identity-threat-labs/about/ https://labs.segura.blog/ About Segura® Segura® is an Identity Security Platform built to help organizations secure privileged access, detect identity threats, and respond rapidly to attacks targeting human and machine identities. Designed for hybrid and high-risk environments, Segura delivers identity threat detection and response (ITDR), secure remote access, and privileged session protection — ensuring that only verified users, devices, and applications can access critical systems. From infrastructure and servers to cloud platforms and the supply chain, Segura provides unified visibility and control across every identity interaction. By combining advanced analytics, behavioural detection, and Zero Trust access principles, Segura empowers companies to prevent credential misuse, lateral movement, and privilege escalation before damage occurs.

    39 min
See All (22)

About

Security by Default is a cybersecurity podcast hosted by Joseph Carson, a renowned ethical hacker and security expert. Each episode dives into the latest security trends, real-world threats, and practical advice for staying safe in the digital world. With insightful interviews and clear explanations, Joseph makes complex topics accessible for both IT professionals and curious listeners alike.

Information

  • Creator
    Joseph Carson
  • Years Active
    2025 - 2026
  • Episodes
    22
  • Rating
    Explicit
  • Copyright
    © Copyright 2026 Joseph Carson
  • Show Website
    Security by Default