Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks
  • 5.0 (1)
  • Tech News
  • Updated Weekly

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

  1. Europe Is Losing the Sea Cable Race

    6d ago

    Europe Is Losing the Sea Cable Race

    In 2026, 40 new submarine cables go live. Most won't land in Europe. Europe is losing the sea cable race, and most people haven't noticed yet. In this second part of our sea cables conversation, host Peter Ernst sits down with Ernst Noorman, the Netherlands' Cyber Ambassador-at-Large and a member of the ITU Advisory Body on Submarine Cable Resilience, to move from the “how” of sea cables to the “why it matters.” We compare two places that were once called the two hardest spots in the world to build digital infrastructure, Amsterdam and Singapore, and unpack how Singapore solved its crunch with 32 cable landings, five years of zero cable faults, and a green-energy-first tender process, while the Netherlands risks resting on a 30-year-old head start. Along the way: the difference between sovereignty and autonomy, why “always the cheapest option” no longer works, the EU Cyber Resilience Act and security by design, what NIS2 means for boards and CEOs personally, and why Europe needs to stop being modest about Airbus-sized wins. Chapters 00:00 — 40 new cables, most skip Europe00:30 — Meet Ernst Noorman & the ITU advisory body02:00 — The sea cable map is being redrawn04:08 — Why the Netherlands risks losing its head start06:26 — How Singapore solved it: 32 landings, zero faults08:09 — Tax cuts for digital, would Europe ever?08:59 — Sovereignty vs autonomy: it's about choice15:02 — You can't own the whole stack (ASML, Nokia, Ericsson)15:53 — Why “always the cheapest” stops working17:47 — The Cyber Resilience Act & security by design18:51 — The water-from-the-tap analogy19:51 — What boards and CEOs must actually ask25:30 — Back to Singapore: government-led, by design29:39 — The good news: Europe's real strengths36:15 — What needs to happen in the next 3–5 years Threat Talks is a podcast by ON2IT and AMS-IX. Subscribe for more on Zero Trust, cyber resilience, and the infrastructure behind the internet.

    35 min
  2. Russia Cutting Cables?

    Jun 2

    Russia Cutting Cables?

    The headlines say Russia’s shadow fleet is cutting cables. The experts say most faults come from clumsy ship anchors. Ninety-nine percent of global internet traffic runs across the ocean floor, and the conversation about what threatens it is mostly wrong. In this episode of Threat Talks, Peter van Burgel, CEO of AMS-IX, sits down with Ernst Noorman, Cyber Ambassador at Large for the Netherlands and member of the ITU Advisory Board on Submarine Cable Resilience, to separate geopolitical noise from engineering reality, and explain what actually puts global internet connectivity at risk. Timestamps 00:00:00 Introduction 00:00:55 The ITU Advisory Board on Submarine Cable Resilience 00:05:04 Shadow Fleets, Geopolitics, and the Sabotage Myth 00:10:30 Shunts, Faults, and What Actually Breaks Cables 00:15:47 Why Satellite Cannot Replace Submarine Cables 00:17:06 Digital Sovereignty and the Big Tech Cable Takeover 00:28:16 What Every CEO Should Put on the Agenda Key Topics Covered •             Why most submarine cable faults come from anchors, fishing nets, and natural events, not state actors •             How aging repair ships and bureaucratic permitting barriers make restoration slow in most of the world •             Why satellite (including Starlink) cannot replace subsea fiber at any meaningful scale •             How big tech dominance over new cable investment creates digital sovereignty risks for governments and large organizations •             What NIS2 means for CEO accountability on digital infrastructure resilience Related ON2IT Content & Referenced Resources ITU Advisory Board on Submarine Cable Resilience: https://www.itu.int/digital-resilience/submarine-cables/advisory-body/ ICPC (International Cable Protection Committee): https://www.iscpc.org Dutch Cybersecurity Council / CEO manual on NIS2: https://www.cybersecuritycouncil.nl Dutch Cybersecurity Act (NIS2 implementation): https://www.dutchncca.nl/the-cybersecurity-act Threat Talks: https://threat-talks.com/russia-cutting-cables-whos-protecting-it/ ON2IT (Zero Trust as a Service): https://on2it.net AMS-IX: https://www.ams-ix.net/ams Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques. 🔔 Follow and Support our channel! 🔔 ► YOUTUBE: / @threattalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUE… ► APPLE: https://podcasts.apple.com/us/podcast… 👕 Receive your Threat Talks T-shirt https://threat-talks.com/ 🗺️ Explore the Hack’s Route in Detail 🗺️ https://threat-talks.com 🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    33 min
  3. Hero Culture and a $1 Million Mistake

    May 26

    Hero Culture and a $1 Million Mistake

    A company skips a security check two days before Black Friday and loses $1 million when transactions land in the wrong bank accounts. A machine learning team is told no on production data access, gets it via SharePoint anyway, and a year later the data is on contractor laptops nobody can account for.  Two stories, one pattern: when security blocks, the risky work doesn’t stop – it just happens without you. Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on the prevention paradox, why a “no” from the CISO is an illusion of control, and how a technical security team turns into a business partner instead of a roadblock.  Timestamps 00:00:00 Introduction 00:01:55 The $1 million Black Friday story 00:04:14 Hero culture rewards shipping, not prevention 00:06:55 The prevention paradox 00:08:00 NIS2 and executive accountability 00:09:00 Avoiding the Department of No 00:12:18 Production data on contractor laptops 00:16:13 The technical CISO as business partner Key Topics Covered Why hero culture quietly trains organizations to bypass security under deadline pressureThe prevention paradox: why the person who avoids a loss never gets the creditWhat happens after a CISO says no: shadow workflows, friendly handovers, and data on laptops nobody ownsWhat a counter-proposal in risk-based language gets you that a flat refusal does notRelated ON2IT Content & Referenced Resources Aplite GmbH: https://aplite.dePrevious Threat Talks with Sina Yazdanmehr (Security Culture part 1): https://youtu.be/1JnAsXDCKzM?si=qFlMxC617E30U1dWPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1wPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dYThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/amsSubscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.  🔔 Follow and Support our channel! 🔔 === ► YOUTUBE:    / @threattalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUE... ► APPLE: https://podcasts.apple.com/us/podcast...  👕 Receive your Threat Talks T-shirt https://threat-talks.com/  🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com  🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    20 min
  4. When Compliance Replaces Security

    May 19

    When Compliance Replaces Security

    A SaaS company buys enterprise ChatGPT for 800 staff and strangely only uses 30 seats. A corporate signs annual risk exemptions for five years until the exception list itself is mistaken for a working security process. Same root cause, two symptoms. Compliance is not security. Security culture is company culture. If your employees do not trust their managers, no policy you write will save you. Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on why security policy depends on trust, why a signed risk acceptance is a legal act, and what a leadership cadence on security communication actually looks like. Timestamps 00:00:00 Introduction00:02:20 When risk exceptions become culture00:07:50 Turning a five-year exemption list around00:09:07 Working with auditors instead of around them00:13:14 The trust gap: enterprise tools and personal accounts00:19:27 Security culture is company culture00:22:21 Wrap and what is next Key Topics Covered Why employee trust in management determines whether any security policy landsHow sanctioned enterprise tools, AI included, quietly fail when context and trust are missingThe legal weight of a signed risk acceptance, and why most managers treat it as paperworkWhat a working leadership cadence on security communication actually looks likeRelated ON2IT Content & Referenced Resources Aplite GmbH: https://aplite.dePrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=wBodTl_nY1wPrevious Threat Talks with Sina Yazdanmehr: https://www.youtube.com/watch?v=fBwdGXf-0dYThreat Talks: https://threat-talks.com/ON2IT (Zero Trust as a Service): https://on2it.net/AMS-IX: https://www.ams-ix.net/amsSubscribe to Threat Talks and turn on notifications for deep dives into the world's most active cyber threats and hands-on exploitation techniques.  👕 Receive your Threat Talks T-shirt https://threat-talks.com/  🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com  🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    23 min
  5. The Agent Problem

    May 12

    The Agent Problem

    Your AI agents are users now. They have your permissions. They read your email. They send messages. And they act on instructions that anyone with an internet connection can drop into your inbox. In this episode of Threat Talks, Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Jack Cable, CEO and Co-founder of Corridor and former lead of Secure by Design at CISA, to walk through the “lethal triangle” (the three conditions that turn helpful AI into a breach vector) and what CISOs should be doing right now, before the technology runs further ahead of the controls. Timestamps 00:00 – 01:36 Cold Open: The User Inside Your Software 01:36 – 04:23 What Agentic AI Actually Is 04:23 – 07:20 The Lethal Triangle: Three Conditions for a Breach 07:20 – 10:05 Why Prompt Injection Has No Fix Today 10:05 – 14:09 Sanctioning Agents Without “Allow Fatigue” 14:09 – 18:45 OpenClaw: Should Your CISO Authorize It? 18:45 – 21:17 Sandboxing, Sub-Agents, and What to Do Right Now Key Topics Covered The “lethal triangle” – sensitive access, untrusted input, and the ability to take unapproved actions – and why every basic email agent already breaks all three rulesWhy prompt injection cannot be reliably solved by another LLM, and why deterministic guardrails (sandboxing, allow-lists, human-in-the-loop) are the only durable answer todayWhy “allow, allow, allow” fatigue makes per-action approvals largely theatrical, and why routing approvals through a separate model is a real, if partial, improvementWhy Jack Cable’s CISO answer on OpenClaw and similar general-purpose agents today is short: don’t authorize (and what to deploy in its place)

    21 min
  6. Your Sales Team is now a Developer

    May 5

    Your Sales Team is now a Developer

    The biggest security threat in your organization right now? Your sales team. AI coding tools have crossed into every department, and most organizations have no idea what's being built or deployed in their name. In this episode of Threat Talks, Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Jack Cable, CEO and Co-founder of Corridor and former lead of Secure by Design at CISA to talk about why the answer isn’t to block innovation. What's in this episode for you: The non-engineer coding problem. AI coding agents have put software creation in the hands of anyone with a laptop, and the security implications are only starting to land.Why blocking doesn't work. Teams self-provision anyway, individual accounts, zero visibility. Shadow vibe coding is far worse than sanctioned use, and organizations that block fall behind.How to actually solve it. Platform-level mitigations that prevent known vulnerability classes regardless of who wrote the code: standard auth libraries, dependency management, MFA on anything externally deployed.Timestamps 00:00 – Introduction 01:41 – Where It All Started: Hacking the Air Force at 18 06:25 – What Jack Found: 350 Vulnerabilities Across Google, Facebook and the DoD 12:24 – How AI Coding Agents Changed Software Development 17:04 – How Secure Is the Code That AI Coding Agents Write 28:53 – What CISOs Need to Know About Agentic AI Security 31:50 – Next Week and Wrap-Up Key topics covered How software development has changed with the arrival of AI coding agentsWhy sanctioned AI coding use requires visibility into tools, licenses, and configurationsWhat the right guardrails look like for engineering teams vs. non-technical teamsResources Corridor: https://corridor.devThreat Talks – New US Cyber Strategy [URL]Threat Talks: https://threat-talks.com/  ON2IT (Zero Trust as a Service): https://on2it.net/   AMS-IX: https://www.ams-ix.net/ams    Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.   🔔 Follow and Support our channel! 🔔  ===  ► YOUTUBE:    / @threattalks   ► SPOTIFY: https://open.spotify.com/show/1SXUyUE... ► APPLE: https://podcasts.apple.com/us/podcast...   👕 Receive your Threat Talks T-shirt https://threat-talks.com/   🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com   🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    33 min
  7. The Hidden Risk of Your Infrastructure

    Apr 28

    The Hidden Risk of Your Infrastructure

    Volt Typhoon spent years pre-positioning inside US critical infrastructure. Salt Typhoon pulled off one of the largest espionage campaigns in history. They didn't break in. They were already there. So what do you actually do about it? Caitlin Clarke, Senior Director of Cybersecurity Services at Venable and former Special Assistant to the President for Cybersecurity and Emerging Technology, joins Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, to work through the practical steps security leaders should be taking right now, before the regulatory guidance catches up with the threat.   What's in this episode for you:   A clearer view of what's actually in your stack. Hardware is the easy part. Software updates, open source libraries, AI-generated code, outsourced R&D — any of it could be adversarial, and most teams have never asked.A practical way to map your supply chain before you have to. Fourth party. Nth party. Vendor exit strategies baked into business continuity. Procurement and security in the same room before the purchase, not after the incident.A framing that goes beyond the technical. Insider risk. IP theft. Economic espionage. Nation state actors target people and research, not just networks — and that's the gap most organizations leave wide open.  Timestamps 00:00 – Introduction: Critical Infrastructure and the Nation State Threat 01:45 – Volt Typhoon, Salt Typhoon and Why CISOs Need to Think Differently 03:21 – What Is Actually in Your Stack: Critical Infrastructure Cybersecurity Beyond Hardware 09:32 – Mapping Your Supply Chain Including Your Supplier's Suppliers 16:34 – Software, Open Source and AI: The Layers of Risk Most Organizations Have Not Mapped 21:59 – Insider Risk, IP Theft and Economic Security + Wrap Up   Key Topics Covered Why cost-driven procurement decisions create long-term security exposureHow to map your supply chain including your supplier's suppliersWhat the Huawei rip-and-replace experience tells us about waiting too longHow software, open source and AI-generated code extend the risk beyond hardwareWhy insider risk and IP theft belong in the same conversation as supply chain security  Resources Threat Talks – New US Cyber Strategy https://youtu.be/KIByq-ynIZAThreat Talks: https://threat-talks.com/  ON2IT (Zero Trust as a Service): https://on2it.net/   AMS-IX: https://www.ams-ix.net/ams     Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.   🔔 Follow and Support our channel! 🔔  ===  ► YOUTUBE:    / @threattalks   ► SPOTIFY: https://open.spotify.com/show/1SXUyUE... ► APPLE: https://podcasts.apple.com/us/podcast...   👕 Receive your Threat Talks T-shirt https://threat-talks.com/   🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com   🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    27 min
  8. America Just Changed the Rules of Cyber War

    Apr 21

    America Just Changed the Rules of Cyber War

    If you're waiting for the executive orders to act, you're already behind.    The U.S. has just released a new national cyber strategy. The core message is clear: stop waiting to be hit, and start making it costly to try.   In this episode of Threat Talks, Caitlin Clarke, Senior Director of Cybersecurity Services at Venable and former Special Assistant to the President for Cybersecurity & Emerging Technology, join Lieuwe Jan Koning, Co-founder & CTO at ON2IT Cybersecurity to break down what the strategy actually says, and what it means for your organization.   The direction is clear. The details are still coming.  But the clock is already running.   This episode helps you stay ahead with three clear pillars of the strategy: Pillar 1: Shaping adversary behavior – making it harder, costly and risky to target US and allied interests. Pillar 2: Regulatory simplification – deregulation, or simply harmonizing cyber incident reporting requirementsPillar 4: Securing critical infrastructure – your stack may already contain foreign technology that can be labelled as ‘adversarial’   Spoiler alert: if you haven't started your Zero Trust and post-quantum cryptography roadmaps yet, the new strategy has a message for you too.   Timestamps 00:00 – America's New Cyber Strategy: First Impressions  01:28 – What the US National Cyber Strategy Is Really Saying  02:52 – Pillar 1: Shaping Adversary Behavior and Cyber Deterrence  10:28 – Pillar 4: Securing Critical Infrastructure and Adversary Technology  18:07 – Pillar 2: Harmonizing Cyber Incident Reporting Requirements  22:17 – What CISOs Should Do Now: Supply Chain, Zero Trust and Post-Quantum Cryptography  27:11 – Wrap up   Key Topics Covered What the US national cyber strategy means for security leaders How cyber deterrence is shifting beyond pure defense Why supply chain risk is now a board-level issue What regulatory simplification means for cyber incident reporting requirements Where Zero Trust and post-quantum cryptography fit in  Resources Threat Talks – Vendor Audit episode with Lokke Moerel: https://www.youtube.com/watch?v=hyKOxJUa4Go Threat Talks – Vendor dependency episode with Bart Groothuis: https://www.youtube.com/watch?v=Vj5Z7RYMACY Office of National Cyber Director website: https://www.whitehouse.gov/oncd/ Threat Talks: https://threat-talks.com/  ON2IT (Zero Trust as a Service): https://on2it.net/   AMS-IX: https://www.ams-ix.net/ams    Subscribe to Threat Talks and turn on notifications for deep dives into the world’s most active cyber threats and hands-on exploitation techniques.   🔔 Follow and Support our channel! 🔔 ► YOUTUBE:    / @threattalks   ► SPOTIFY: https://open.spotify.com/show/1SXUyUE... ► APPLE: https://podcasts.apple.com/us/podcast...   👕 Receive your Threat Talks T-shirt https://threat-talks.com/   🗺️ Explore the Hack's Route in Detail 🗺️ https://threat-talks.com   🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

    27 min
See All (126)

Trailer

About

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Information

You Might Also Like