78 episodes

Security Nation is a podcast dedicated to celebrating the champions in the cybersecurity community who are advancing security in their own ways. We also cover the latest developments in infosec that you should know about.

Security Nation Jen Ellis and Tod Beardsley

    • Technology
    • 4.7 • 18 Ratings

Security Nation is a podcast dedicated to celebrating the champions in the cybersecurity community who are advancing security in their own ways. We also cover the latest developments in infosec that you should know about.

    Tod and Jen and Jennifer on Season 5 of Security Nation

    Tod and Jen and Jennifer on Season 5 of Security Nation

    No Rapid Rundown this time! But you can get links to all the past episodes in Season 5, here:
    Never Mind the Ears, Here's Security Nation

    • 25 min
    Jeremi Gosney on the Psychology of Password Hygiene

    Jeremi Gosney on the Psychology of Password Hygiene

    Interview links
    Jeremi on Password NihilismThe Rails bug Jeremi referencedRapid Rundown links
    Risky Business Newsletter on fake PoCs: "GitHub aflood with fake and malicious PoCs"The cited paper: "How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub"Also relevant is Honeysploit by Curtis BrazzellLike the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    • 48 min
    James Kettle of PortSwigger on Advancing Web-Attack Research

    James Kettle of PortSwigger on Advancing Web-Attack Research

    Interview Links
    Prior Security Nation episode in which loads of PortSwigger references were dropped:https://www.rapid7.com/blog/post/2021/08/18/security-nation-daniel-crowley/New research from James about browser-powered desync attacks:https://portswigger.net/research/browser-powered-desync-attacksRapid Rundown Links
    Semi-secret Fortinet advisory: https://twitter.com/Gi7w0rm/status/1578398457227878407CVE Details as they come: https://www.rapid7.com/blog/post/2022/10/07/cve-2022-40684-remote-authentication-bypass-vulnerability-in-fortinet-firewalls-web-proxies/Existence of Fortinet CVE-2022-40684 PoC posted, but not the PoC itself:https://twitter.com/Horizon3Attack/status/1579285863108087810The Hidden Harms of Silent Patches: https://www.rapid7.com/blog/post/2022/06/06/the-hidden-harm-of-silent-patches/Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    • 36 min
    Taki Uchiyama of Panasonic on Product Security and Incident Response

    Taki Uchiyama of Panasonic on Product Security and Incident Response

    Interview Links
    Check out Panasonic's delightful PSIRT page – especially if you have a vulnerability in one of Panasonic's many, many products to report.Rapid Rundown Links
    Check out Inti's research on "oops, we made a surveillance system" at notmyplate.com.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    • 30 min
    Chris Levendis and Lisa Olson on Cloud CVEs

    Chris Levendis and Lisa Olson on Cloud CVEs

    Interview Links
    Check out the CVE blog post on handling cloud vulnerabilities.Read up on the rules for assigning CVEs.See an example cloud CVE affecting Microsoft Azure.Read the Microsoft Security Response Center’s blog post on cloud vulnerabilities.Rapid Rundown Links
    Check out Dominic White’s tweet on iOS remembered networks.Read the update on the recently released RFC 9293.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    • 36 min
    Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

    Gordon “Fyodor” Lyon on Nmap, the Open-Source Security Scanner

    Interview Links
    Check out Nmap if, for some reason, you haven’t already.Learn about Npcap, the packet capture library tool that Gordon and his company also offer.Watch Gordon and HD Moore, the creator of Metasploit, chat about the evolution of network scanning on YouTube.Rapid Rundown Links
    Read the Bleeping Computer story on hackers using DeFi bugs to steal cryptocurrency.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

    • 37 min

Customer Reviews

4.7 out of 5
18 Ratings

18 Ratings

Travis Roll ,

A security podcast!

There are podcasts. Then there are security podcasts.

AND THEN THERE IS SECURITY NATION PODCAST.

ALL FACTS.

Nyerrehhtrjsyr ,

I make this podcast and it’s great

Nope, this isn’t an astroturf review, because I’ll come right out and say that I’m one half of the hosts. But which one? Impossible to say. Anyway, I love making this podcast, and if you enjoy it and want me to keep doing it, leave a review and a rating! Otherwise, eventually my employer will get wise that this is too much fun and not growing its audience fast enough, then I’ll have to move on to other probably less fun things. Or, worse, they’ll spend a bunch of money on getting paid ads to attract listeners and then we’ll have to put in product placement or something else that’s not punk rock. So leave ratings and reviews, tell your friends, and I can pretend that I’m not a sellout for just a little longer.

LongCoo1Woman ,

Great Big Picture & Tactical Balance

I love how Jen and Tod balance between security big picture topics around public policy and greater societal and greater good topics to more tactical topics like prioritizing risk in the enterprise. Always an insightful conversation with a perfect sprinkle of natural humor.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
The New York Times
NPR
Ben Gilbert and David Rosenthal
Jack Rhysider