CypherTalk

Oak Security

CypherTalk is a twice-monthly podcast on the realities of cybersecurity and privacy in a world that’s moving faster than our defenses. Hosted by Jade Doherty (who translates technical security into plain English) alongside rotating security and privacy experts — including co-host Stefan Beyer, co-founder of Oak Security — the show explores how modern cybersecurity attacks actually happen: not just through bugs in code, but through people, processes, supply chains, and the tools we rely on every day. The show also looks at the latest trends in privacy and its supporting technologies, such as cryptography and zero-knowledge proofs.  Expect conversations that balance big-picture trends (AI-driven threats, privacy tech like zero-knowledge, shifting security standards) with practical takeaways you can apply immediately — whether you’re a developer, a founder, or simply someone who uses the internet. Less hype. More clarity. Better security and privacy habits.

Episodes

  1. SEAL Certifications with Isaac Patka

    4d ago

    SEAL Certifications with Isaac Patka

    In this episode of CypherTalk, Isaac Patka, co-founder of Shield3 and certification lead at the Security Alliance (SEAL), joins Jade Doherty and Stefan Beyer to discuss the human, operational, and governance risks shaping Web3 security. From early smart contract bug hunting to incident response wargames, SEAL 911, Safe Harbor, and the launch of SEAL certifications, Isaac explains why security is no longer just about audits and code. The conversation explores how DeFi protocols can prepare for real incidents, why operational controls matter as much as smart contract reviews, and how AI is changing the threat landscape for both attackers and defenders. Isaac also shares practical insights on slowing down dangerous protocol actions, designing better incident response processes, and building a more mature security culture across crypto. Enjoyed the episode and want to get SEAL certified? Oak Security is a SEAL-approved provider, and can review and certify your protocol to make sure your operational security is as good as your smart contracts. Get in touch via https://oaksecurity.io/  Key topics Isaac’s path from electrical engineering and semiconductors to Web3 security How smart contract security has changed since the early Ethereum days The difference between audits, war games, threat modeling, and incident response How SEAL 911 helps coordinate emergency response across the crypto ecosystem SEAL certifications and why operational security needs its own standard Why SOC 2 and ISO do not fully capture Web3-specific risks Multisig operations, treasury controls, DNS security, DevOps, and identity management The rise of social engineering, insider threats, and operational attacks North Korea, Lazarus Group, and state-sponsored crypto threats How AI is expanding the attack surface for smaller protocols Why protocols should build in slowness, circuit breakers, and operational controls Sound Bites “An audit tries to prevent an incident and the war game tries to help you deal with an incident.” “Social engineering works for a reason. Humans are fallible.” “What is the slowest I can possibly make this and have it still be functional?” “People don’t think during the design process about where they should build slowness into the protocol.” “The core smart contracts have gotten a lot better, which has pushed the security risks to different parts.” “If more people would care from day one about operational controls or circuit breakers, that’s what I would want.” Resources Isaac Patka X https://x.com/isaacpatka Security Alliance / SEAL https://securityalliance.org/ SEAL Frameworks https://securityalliance.org/frameworks SEAL Incident Response Template https://frameworks.securityalliance.org/incident-management/incident-response-template/overview/ SEAL Certifications https://frameworks.securityalliance.org/certs/overview/ Shield3 https://www.shield3.com/ Oak Security’s State of Web3 Security Report https://research.oaksecurity.io/

    59 min

  2. May 22

    Bug Bounties with Joran Honig

    Summary In this in-depth interview, Joran Honig, a renowned bug bounty hunter and security researcher, shares insights into finding crazy bugs, the differences between audits and bug bounties, and the role of AI in security workflows. Discover practical tips, mental models, and future trends in Web3 security and bug hunting. Key topics Edge case bugs and how to find them Differences between audits, bug bounties, and contest models The role of AI and automation in security research Tools and workflows for effective bug hunting Responsible disclosure and handling uncooperative projects   Sound Bites "AI can increase duplicates." "Grimoire guides audit tasks." "Flows help map complex code."   Resources Joran Honig X https://x.com/joranhonig Grimoire https://github.com/JoranHonig/grimoire Joran’s website https://joranhonig.nl/

    54 min

  3. May 11

    Censorship Resistance with Shayan Eskandari

    Summary In this in-depth interview, Shayan Eskandari shares his journey from security expert to privacy innovator, discussing censorship resistance, Web3 security, and the future of decentralized internet infrastructure. Discover how his project MoaV aims to empower users in restrictive environments and explore the role of blockchain in privacy and decentralization.   Soundbites "My belief in information being free drives everything." "My wife’s experience in Iran inspired Moav." "Privacy in blockchain is a complex, layered issue."   Resources The DAO Security Fund: https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16 MoaV https://moav.sh/  Shayan’s website https://shayan.es/ Shayan’s X https://x.com/sbetamc

    56 min

  4. May 6

    The State of Web3 Security with Diogo Patão from rekt.news

    Summary This episode features a deep dive into two newly released reports on Web3 security by rekt.news and Oak Security, insights from industry experts, and discussions on the future of blockchain security. We explore recent hacks, the role of AI, and how the community can enhance security practices.   Soundbites "AI is here to help us, not just to attack." "Human attack vectors dominate the security issues." "Diversify your assets and protocols to stay safe."   Links The DAO Security Fund CypherTalk: https://qf.giveth.io/project/cyphertalk-podcast:-security-education-for-ethereum?roundId=16 Rekt News: https://qf.giveth.io/project/rekt-news-ethereums-security-intelligence-layer?roundId=16   The Reports: Oak Security’s State of Web3 Security: https://research.oaksecurity.io/  Rekt News’ War Room Report: https://github.com/RektHQ/Reports/blob/main/Rekt_Security_Summit_War_Room_Report.pdf

    1h 4m

  5. Apr 21

    Auditing Cryptographic Protocols with Nadim Kobeissi

    Summary In this in-depth interview, Nadim Kobeissi shares his extensive experience in cryptography audits, the limitations of formal verification, responsible disclosure practices, and the future of cryptography and security, including post-quantum cryptography and AI's impact on cybersecurity.   Keywords cryptography, security audits, formal verification, post-quantum cryptography, zero-knowledge proofs, responsible disclosure, cryptographic protocols, AI cybersecurity, cryptography research, software security   Key Topics Cryptography audit process and focus areas Limitations of formal verification tools Responsible disclosure methodology Future threats in cryptography including AI and quantum computing Educational tools for understanding cryptographic protocols   Sound Bites "Cryptography is about designing systems that are mathematically sound." "Claims of formal verification being bug-free are often exaggerated." "AI will be used to stockpile vulnerabilities and exploits."   Links Nadim’s website: https://nadim.computer/ Nadim’s LinkedIn: https://www.linkedin.com/in/nadimkobeissi https://symbolic.software/ https://cure53.de/

    54 min

  6. Apr 7

    Password Manager Security and Applied Cryptography with Matilda Backendal

    Summary In this in-depth interview, cryptography researcher Matilda Backendal discusses applied cryptography, end-to-end encryption vulnerabilities, password manager security flaws, and the future of cryptographic research. Gain insights into real-world security challenges and best practices for protecting digital data. Keywords cryptography, end-to-end encryption, cloud storage security, password managers, cryptographic research, privacy, zero-knowledge proofs, digital identity, homomorphic encryption Key topics Applied cryptography and real-world applications Vulnerabilities in end-to-end encryption systems Security flaws in cloud storage and password managers Cryptographic research and formal verification Future trends and challenges in cryptography    Sound bites "Crypto is all around us in daily life." "Most cloud storage isn't end-to-end encrypted by default." "User-chosen passwords are a major security factor." Links Matilda's Website - https://mbackendal.github.io/ Paper - Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers - https://eprint.iacr.org/2026/058

    47 min

  7. Mar 26

    TheDAO Security Fund with Griff Green

    Summary In this in-depth interview, Griff Green shares insights from the historic DAO hack, the evolution of Ethereum security, and TheDAO Security Fund. Discover how security practices have transformed over the years and explore new models for funding and coordinating security efforts in the crypto space. Keywords Ethereum, DAO hack, security, smart contracts, DAO Security Fund, crypto security, auditing, quadratic funding, white hats, blockchain security key topics: TheDAO hack and its impact on Ethereum security Evolution of smart contract auditing and security practices TheDAO Security Fund and its role in community-led security funding Innovative models like quadratic funding for supporting security projects The importance of community, diversity, and AI in securing crypto ecosystems Sound Bites "It was an existential threat for Ethereum." "Funding security is a systemic problem in crypto." "The industry needs to communicate more openly." Links https://x.com/Giveth  https://thedao.fund/  https://x.com/thedaofund  https://giveth.io/  https://x.com/griffgreen

    1 hr

  8. Mar 11

    Threat Intelligence with Peter Kacherginsky

    Summary In this episode of CypherTalk, Peter Kacherginsky, the founder of BlockThreat, joins us to discuss the evolution of his newsletter into a comprehensive source of actionable intelligence in the cybersecurity landscape, particularly focusing on Web3. He emphasizes the importance of understanding attack patterns, the role of operational security, and the impact of AI on security practices. The conversation also touches on the implications of privacy-preserving technologies and the need for teams to prepare for future security challenges. Peter shares insights on common misassumptions in security practices and the correlation between market conditions and security incidents, concluding with advice for security teams to foster a culture of awareness and proactive measures.

    1h 11m

  9. Mar 9

    Zero-Knowledge Technology with Jordi Baylina

    In this episode of CypherTalk, we are joined by Jordi Baylina, founder of Zisk, and Stefan Beyer to explore the intricate world of privacy technology, particularly focusing on zero-knowledge proofs and their implications for security and privacy in the blockchain space. The conversation delves into the definitions of privacy, the evolution of zero-knowledge technology, the role of developers, regulatory challenges, and the future of privacy technology beyond blockchain. Takeaways Privacy means having control over what information you reveal. Selective disclosure allows for privacy without sacrificing security. Zero-knowledge technology enables privacy while maintaining compliance. Developers need to adopt a privacy-first mindset in their applications. Regulations like GDPR highlight the importance of privacy in technology. Privacy coins face scrutiny from governments concerned about security. The future of privacy technology may involve obfuscation techniques. Understanding zero-knowledge proofs is crucial for developers. Auditing privacy protocols requires specialized knowledge in cryptography. The balance between privacy and security is evolving with new technologies.

    46 min

  10. Feb 16

    Operational Security

    In this episode of CypherTalk, Jade Doherty and Stefan Beyer delve into the intricacies of operational security, particularly in the context of modern tech organizations and distributed teams. They discuss the definition of operational security, the emerging challenges faced by organizations, and the importance of implementing a zero-trust architecture. Stefan highlights the vulnerabilities of different departments, the evolving landscape of phishing attacks, and the significance of securing communication channels. He emphasizes the need for awareness and proactive measures in operational security, especially for startups and web3 teams managing significant value. The episode concludes with practical advice on securing GitHub access and the best practices for communication in a professional setting. A must-listen if you are running a distributed team! Topics Operational security encompasses the security of business operations, not just products Zero-trust architecture means assuming every communication is suspicious Everyone in an organization is a potential target for attacks Phishing attacks have evolved to become more sophisticated and harder to detect Social engineering exploits human vulnerabilities, making training essential Supply chain attacks are a growing threat, especially in software development

    1 hr

  11. Feb 4

    Security and Privacy in 2026

    Welcome to the first episode of CypherTalk — a new podcast exploring the real-world intersection of cybersecurity, privacy, and the human side of staying safe online. In this inaugural episode, host Jade Doherty is joined by co-host Stefan Beyer, co-founder of Oak Security, to introduce what the show is about and why security in 2026 looks different from what it did even a few years ago. They unpack why the human attack vector is now the easiest way into most systems, how remote work and “always-on” device habits changed the threat landscape, and why modern attacks increasingly target social engineering, phishing, and supply chains rather than just code. You’ll also hear how the rise of AI is accelerating both attacks and defenses, why zero-knowledge (ZK) and privacy tech introduce new implementation risks (including the danger of “proving the wrong thing”), and how composability and cross-protocol dependencies continue to reshape blockchain security. Stefan shares a personal story of a highly targeted “podcast invite” scam that nearly turned into a credential-stealing attack — a perfect example of why, in 2026, it’s less about never making mistakes and more about designing systems that limit blast radius when mistakes happen. Next up: an episode fully focused on operational security (OpSec) — practical steps you can take to protect yourself and your organization. In this episode What CypherTalk will cover (cybersecurity + privacy, with rotating guests/co-hosts) Why humans are the #1 target: phishing, social engineering, supply chain attacks Remote work, context switching, and why “always-on” makes mistakes more likely AI as an arms race: scaling attacks vs improving defenses ZK/privacy tech maturity: new opportunities and new failure modes Why “zero trust” is about reducing impact, not paranoia Institutional security expectations and how crypto security is (slowly) evolving Call to action If you enjoyed the episode, follow/subscribe, leave a review, and send topic suggestions (or corrections!) — the team wants this podcast to be shaped by what listeners actually want to learn.

    44 min
  • 11 Episodes

About

CypherTalk is a twice-monthly podcast on the realities of cybersecurity and privacy in a world that’s moving faster than our defenses. Hosted by Jade Doherty (who translates technical security into plain English) alongside rotating security and privacy experts — including co-host Stefan Beyer, co-founder of Oak Security — the show explores how modern cybersecurity attacks actually happen: not just through bugs in code, but through people, processes, supply chains, and the tools we rely on every day. The show also looks at the latest trends in privacy and its supporting technologies, such as cryptography and zero-knowledge proofs.  Expect conversations that balance big-picture trends (AI-driven threats, privacy tech like zero-knowledge, shifting security standards) with practical takeaways you can apply immediately — whether you’re a developer, a founder, or simply someone who uses the internet. Less hype. More clarity. Better security and privacy habits.

Information

  • Creator
    Oak Security
  • Years Active
    2K
  • Episodes
    11
  • Rating
    Clean
  • Copyright
    © Copyright 2026 All rights reserved.
  • Show Website
    CypherTalk