Security Cocktail Hour

Joe Patti and Adam Roth
  • 4.8 (5)
  • TECHNOLOGY

Security veterans Joe Patti and Adam Roth welcome a diverse lineup of cybersecurity and information security experts to share their insights at the virtual bar. From cutting edge topics like AI and Operational Technology (OT) to the realities of careers and mental health, you'll get the inside view of what's happening across the industry and what it's really like to work in these fields, from the people who do it every day. Reach us at feedback@securitycocktailhour.com or @SecCocktailHour on Twitter.

  1. FEB 23

    Breaking Vulnerability Management's 30-Year Logjam: Two Cyber Veterans Attack It With AI

    Sharon Isaaci and David Warshavski spent careers on the offensive side of cybersecurity — breaking into organizations, finding zero-days, and cleaning up after the breaches that followed at Sygnia, Israel's premier incident response firm. After hundreds of engagements, they kept finding the same thing on both sides of the wire: breaches happen not because vulnerabilities go undetected, but because they go unmanaged. Vulnerability management has been stuck for 30 years. More tools, more alerts, more dashboards — and vulnerability exploitation as a breach cause nearly tripled in 2024 alone. When ChatGPT arrived in late 2022, Sharon and David saw the missing piece: the organizational context that could fix the problem had always existed, scattered across Slack, email, wikis, and internal tools. GenAI finally made it possible to pull that together at scale. In this conversation, we get into how two practitioners who've spent careers attacking organizations are now applying that attacker's lens — automated with AI — to break open a field that's resisted change for decades. We cover why visibility was never the real problem, what context-driven prioritization actually looks like, and what it takes to mobilize the people who do the patching. This one is for practitioners who've lived the frustration. And for anyone watching AI get applied to a real, stubborn problem — not as a marketing claim, but as the thing that finally moves the needle. Follow us for more conversations with practitioners who've been in the trenches. 00:00 Intro & Guest Introductions 05:35 Vulnerability Management: Still a Problem 09:45 AI as a Security Solution, Not a Problem 15:47 Visibility is Easy; Context is Hard 29:46 Leveraging the Hacker Mindset 35:29 We Need Less Findings, Not More 42:39 We're in Exciting Times Website: https://securitycocktailhour.com Newsletter: https://securitycocktailhour.com/newsletter LinkedIn: https://www.linkedin.com/company/security-cocktail-hour Twitter/X: @SecCocktailHour Enjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

    49 min

  2. FEB 3

    Securing Mars Rovers and Space Stations with NASA's Former CIO Renee Wynn

    What happens when your security perimeter extends to Mars—and MFA isn't an option? In this episode of the Security Cocktail Hour, we sit down with Renee Wynn, former CIO of NASA, to explore what cybersecurity looks like when traditional frameworks simply don't apply. Renee Wynn managed IT for some of humanity's most critical infrastructure: Mars rovers, the James Webb Space Telescope, the International Space Station. We cover the unique challenges of cybersecurity in the aerospace, defense and space fields—and what those constraints teach us about security thinking more broadly. Early in the discussion, Renee emphasizes: "We always have to make sure we don't have a failure of imagination when we're looking at these risk-based decisions." This is the kind of mindset shift that shapes great security leaders. We also explore how she navigated government oversight, built trust with federal auditors, and led through constraints that forced her to rethink everything. Whether you work in government, private sector, or dream of expanding your security career into new industries—this conversation will broaden how you think about what's possible. 00:00 Introduction & The Coolest Resume in Cybersecurity 00:51 No Multi-Factor Authentication on Mars: Securing Assets Beyond Earth 02:54 Navigating Oversight: How to Build Trust With Government Auditors 15:00 Failure of Imagination: Rethinking Risk Assessment in Extreme Environments 35:00 Leadership Lessons: Thinking Bigger in Security Website: https://securitycocktailhour.com Newsletter: https://securitycocktailhour.com/newsletter LinkedIn: https://www.linkedin.com/company/security-cocktail-hour Twitter/X: @SecCocktailHour Enjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

    54 min

  3. JAN 19

    Why Cybersecurity is Ripe for Disruption | John Strand | Part 2

    In part 2 of our discussion, John Strand tells us how the cybersecurity industry has turned stagnant, with a lack of innovation and an investment model that isn't going to turn that around any time soon. We explore why venture capital funding hasn't led to the breakthrough products the industry needs, and what's holding back real innovation. John also highlights the leaders in the security industry who are actively giving back to the community, and he and Adam try to one-up each other over who's stayed in the most disgusting hotel room. 00:00 Intro 00:12 Security is Ripe for Disruption 06:19 Better Investors = Better Security Products 10:22 Security is Awesome 12:43 Scaling Conference Talks 15:54 John's Advice on Guests 17:30 A Great Set of People 23:18 Bad Hotels, Good People 29:10 Wrapup 29:54 Outro This is Part 2 of our conversation with John Strand. Website: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHour Enjoyed this episode? Subscribe and share with colleagues who'll enjoy honest discussions among security professionals.

    30 min

  4. JAN 12

    Disruption Through Kindness | John Strand's Revolution in Security Education | Part 1

    John Strand isn't interested in fixing the broken security education system—he's tearing it down and rebuilding it. In Part 1 of this two-part conversation, the founder of Black Hills Information Security explains why scholarships don't solve the real problem, how American universities are losing ground to European programs, and the unexpected places where he's finding the next generation of security talent. What We Cover: Why scholarships preserve a broken system instead of fixing it The barriers that actually matters: Not what you expect American universities vs. European programs: who's winning and why Career changers bringing new perspectives to the industry. AI's "fallow period" in hiring and what comes next The standardization of mediocrity: how AI is making everything "blah" 00:00 Introduction 00:50 Rethinking Cyber Education 07:01 Diversity Brings Amazing People into Security 09:53 Changing Lives 11:42 Giving Back to the Community 14:33 The Strand Family of Companies 17:02 Security's AI Mistake Part 2 coming soon Website: https://securitycocktailhour.com Newsletter: https://securitycocktailhour.com/newsletter LinkedIn: https://www.linkedin.com/company/security-cocktail-hour Twitter/X: @SecCocktailHour Enjoyed this episode? Subscribe and share with colleagues who need to hear this perspective on the future of security education.

    28 min

  5. 12/22/2025

    Flipper Zero Firmware Update: If at first you don't succeed...

    Keeping your Flipper Zero's firmware updated is critical for security and performance—but the update process isn't always smooth. In this episode, we'll walk you through every step of updating your Flipper Zero firmware, including how to work through a snag you might encounter. Whether you're a security professional, pentester, or hardware enthusiast, regular firmware maintenance is essential for keeping your tools secure and functional. This guide shows you what it takes for the popular Flipper Zero. 00:00 Introduction to Flipper Zero 02:30 Laptop connection and app 06:20 Begin Update 07:23 This doesn't look right 09:40 Definitely not right 10:27 Success 12:57 Next steps Catch up with the previous episode in this series when we unboxed the Flipper Zero: https://open.spotify.com/episode/1rU2o8B5cd9MYZ4uQSB3VG?si=cce55d68cdc048b6 And our episode on the ethics of 'hacking' devices: https://open.spotify.com/episode/0olsN2LKLn09wOLpnxqeIH?si=adf4b00394714209 📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox. 👉 https://securitycocktailhour.com/newsletter/ 🔗 Connect With Us: Website: https://securitycocktailhour.com LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/ Twitter: @SecCocktailHour

    16 min

  6. 12/15/2025

    Unboxing the Device Every Hacker Wants

    Curious about the Flipper Zero, one of the most talked-about `gadgets` out there? We give you a quick look as we unbox a new one. This is a companion to one of our earliest episodes, where we talked about the ethics and proper use of hacking tools. https://youtu.be/BVca3X8wE_c 📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox. 👉 https://securitycocktailhour.com/newsletter/ 🔗 Connect With Us: Website: https://securitycocktailhour.com LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/ Twitter: @SecCocktailHour

    5 min

  7. 12/08/2025

    Job Scams Are Getting Worse | Four of the Most Dangerous

    Job scams are getting scary good. We're talking AI deepfakes, fake recruiters, and cryptocurrency traps that are fooling even tech-savvy professionals. In this Security Cocktail Hour holiday special, Joe and Adam break down four of the most dangerous job scams hitting people right now—because nothing says "Happy Holidays" quite like protecting yourself from scammers, right? If you're job hunting (or know someone who is), grab a drink and settle in. We're covering everything from deepfake video interviews to the bizarre world of "lucky order" scams that'll drain your crypto wallet faster than you can say "I got the job!" What You'll Learn: ✅ How scammers use real-time deepfake technology to impersonate legitimate recruiters ✅ The malware delivery tactics hidden in "competency tests" and coding exercises ✅ How to spot fake job postings before sharing personal information ✅ The "lucky order" scam that tricks workers into depleting their own accounts 00:00 Intro: Job Scams for the Holidays 01:08 AI Enhanced Interview Fraud 11:26 Packaging and Processing Scams 17:23 Mystery Shopper Scam 24:30 Gamify/Task Scams 28:48 Help Spread Awareness 29:40 Wrapup and Happy Holidays 30:58 Bonus Bloopers! Key Takeaways: 🚩 Red Flag #1: Any job asking for money upfront (deposits, equipment fees, background check fees) 🚩 Red Flag #2: Payment exclusively in cryptocurrency for employment 🚩 Red Flag #3: Requests for excessive personal information before an interview 🚩 Red Flag #4: Downloading special software for interviews or tests 🚩 Red Flag #5: "Too good to be true" easy money for simple tasks Protect Yourself: ✓ Always verify recruiters through official company websites (not LinkedIn alone) ✓ Never give MFA/2FA codes to anyone—even for "deposits" ✓ Be wary of video interviews that seem glitchy (could be deepfakes) ✓ Research the company independently before sharing personal data ✓ Use multi-factor authentication on all financial accounts 📧 Subscribe to Our Newsletter: Get exclusive cybersecurity insights, episode updates, and career tips delivered to your inbox every week. 👉 https://securitycocktailhour.com/newsletter/ 🔗 Connect With Us: Website: securitycocktailhour.com LinkedIn: https://www.linkedin.com/company/security-cocktail-hour/ Twitter: @SecCocktailHour Share This Episode: Know someone job hunting? Share this video to help protect them from these evolving scams.

    32 min
  8. Bonus: Holiday Scams Unwrapped: Tips to Stay Safe this Season

    12/02/2025

    Bonus: Holiday Scams Unwrapped: Tips to Stay Safe this Season

    Scammers stay busy during the holidays. From recognizing fake gift card requests to safe phone payments for teens, we're bringing back the best cyber security tips from last year's holiday episode, as a warmup for a new episode focusing on the latest job scams coming next week. 00:00 Introduction to the Holiday Episode 00:31 Phone malware and app privacy 06:41 EZPass Alerts and Package Delivery 08:56 Sexploitation 12:07 The Importance of Zero Trust 14:07 Gift Cards 20:54 Tap to Pay 24:52 The Debate: Debit vs. Credit Cards 29:56 Subscriptions and Hidden Costs 31:41 Wrapup Whether you’re buying gifts, traveling, or just enjoying the holidays with family, these practical tips will help you protect yourself and your loved ones. 👉 Help us fight back against the scammers: Share this episode with friends and family to keep them safe too! Leave a comment with your experiences or questions about scams. Stay safe, stay smart, and have a happy holiday season! 🎁

    33 min
See All (73)

4.8
out of 5
5 Ratings

About

Security veterans Joe Patti and Adam Roth welcome a diverse lineup of cybersecurity and information security experts to share their insights at the virtual bar. From cutting edge topics like AI and Operational Technology (OT) to the realities of careers and mental health, you'll get the inside view of what's happening across the industry and what it's really like to work in these fields, from the people who do it every day. Reach us at feedback@securitycocktailhour.com or @SecCocktailHour on Twitter.

Information

  • Creator
    Joe Patti and Adam Roth
  • Years Active
    2023 - 2026
  • Episodes
    73
  • Rating
    Clean
  • Copyright
    © Joe Patti and Adam Roth
  • Show Website
    Security Cocktail Hour