THREATCON1

VulnCheck
  • 5.0 (3)
  • TECHNOLOGY
  • UPDATED BIWEEKLY

THREATCON1 is the place to go for insights on emerging cyber threats. Hosted by VulnCheck’s Security Researcher Patrick Garrity, and Chief Marketing Officer Tom Bain, THREATCON1 will give listeners critical cyber insights through discussions with top cybersecurity practitioners and leaders in the industry that drive innovation and thought leadership. Patrick and Tom will dive into emerging news stories and cyber threats, and trends that are materially shaping the industry with sharp analysis and fresh perspectives that matter related to national security and economic viability.

Episodes

  1. 20H AGO

    Episode 11: How AI Is Changing Ransomware And What Comes Next Cynthia Kaiser Halcyon Former FBI Cyber Exec

    In this episode of the THREATCON 1 Podcast, hosts Tom Bain and Patrick Garrity sit down with Cynthia Kaiser, SVP at Halcyon and former FBI cyber executive, to explore the rapidly evolving world of ransomware, AI-driven threats, and national-security-level cyber defense. Drawing on two decades inside the FBI—including briefing the President’s Daily Intelligence Brief—Cynthia shares frontline insight into how cyber threats have changed, why ransomware is moving faster than ever, and what organizations must do now to stay protected. In this conversation: How AI is reshaping ransomware attacks and social engineeringWhy today’s cyber threats blur the line between espionage and warfareThe growing gap between government capability and private-sector technologyWhat “assume breach” really means in modern cybersecurityWhen (if ever) paying a ransom makes sensePractical strategies to contain attacks and protect critical infrastructure This is a must-watch discussion for security leaders, IT professionals, policymakers, and anyone concerned about the future of cyber defense. About Cynthia Kaiser Cynthia is an award-winning cyber executive, former FBI leader, and SVP at Halcyon focused on stopping ransomware and advancing threat intelligence. She has been featured in major global media and previously served as a President’s Daily Brief intelligence briefer across two U.S. administrations. Subscribe for more conversations with the people shaping the future of cybersecurity.

    45 min

  2. FEB 3

    Episode 10: Reducing Noise Risk and Attack Surface in Financial Services | Neil Robinson Virgin Money

    Tom and Patrick chat with Neil Robinson, Head of Security Engineering and Cybersecurity, Virgin Money. Neil shares his perspectives on tracking and managing emerging cyber threats in the financial services industry, gives us an alternate role or the CISO - The Chief "Translation" Officer, and provides some ways in which he focuses in on reducing noise, creating more effective signal, and how he sees the "AI slop" affecting that signal-to-noise ratio from some intel providers. Finally, Neil make an enormously salient point on how trust factors into threat actor tracking across a targeted "Top 10" threat actors who matter in the financial industry.

    31 min

  3. JAN 13

    Episode 9: Teen Hackers, Billion-Dollar Damage — Zafran’s Yonatan Keller & Nate Rollings on AI Threats Rising

    In this episode of THREATCON1, hosts Tom Bain and Patrick Garrity sit down with Nathan Rollings, Field CISO at Zafran, and Yonatan Keller, Analyst Team Lead at Zafran, for a deep, practitioner-focused conversation on the realities of modern vulnerability management. Together, they explore why patching alone can’t keep up with today’s threat landscape — and how security teams can dramatically reduce risk by prioritizing what actually matters. 🔍 Key Topics Covered Why patching is too slow The average enterprise takes ~49 days to patch — while attackers weaponize vulnerabilities in days (or minutes). Mitigating controls vs. patching How firewalls, EDRs, WAFs, segmentation, and configuration changes can meaningfully reduce exploitability — even when patching isn’t possible. The “1 in 50,000” insight Why only a tiny fraction of vulnerabilities are truly critical when you factor in runtime, reachability, exploitability, and existing controls. Zero-days without CVEs How agentic workflows can assess exposure, identify impacted assets, and recommend mitigations before scanners, signatures, or CVE IDs exist. CTEM as a maturity journey Moving from noisy vulnerability lists to operationalized, risk-driven exposure management — without creating shelfware. Threat enablement is the real danger Why loosely organized groups and even teenagers are now capable of causing enterprise-level disruption. Edge devices, legacy software, and OT risk Why internet-facing systems and unpatchable environments (manufacturing, healthcare, critical infrastructure) demand a mitigation-first mindset. AI vulnerabilities: the next frontier No CVEs, no standards, rapid adoption — and a growing attack surface most organizations aren’t tracking yet. AI as a force multiplier for defenders How agentic AI can shorten exposure windows, automate analysis, and upskill under-resourced security teams. 🎯 Why This Episode MattersIf you’re overwhelmed by vulnerability volume, constrained by patching windows, or struggling to align security priorities with business reality, this episode offers a grounded, experience-driven perspective on how modern teams are adapting — and where the industry is heading next. THREATCON1 is created by VulnCheck and focuses on emerging threats, real-world security operations, and conversations with practitioners shaping the future of cybersecurity. 🔔 Subscribe for more episodes exploring vulnerabilities, threat intelligence, and exposure management with the people who matter most.

    48 min

  4. 12/23/2025

    Episode 8: When Offense Meets Defense — How Cybersecurity Teams Reduce Risk Faster | Tyler Shields

    In this episode of the Threatcon1 Podcast, Tom and Patrick sit down with Tyler Shields, Cybersecurity Strategy Analyst at Omdia, for a wide-ranging conversation on where cybersecurity is heading — and what actually matters to practitioners right now. Tyler brings a rare perspective shaped by years spent across research, offensive security, vendor strategy, and analyst work. Together, they unpack how AI is reshaping cybersecurity workflows, why threat and exposure management is emerging as a critical discipline, and how offensive and defensive security must converge to drive real risk reduction. The discussion dives deep into the realities behind AI hype, the importance of keeping humans in the loop, and why buyers are overwhelmed by security debt rather than lacking data. Tyler also offers a candid take on the CVE ecosystem, vulnerability scoring fragmentation, and why context — not raw severity scores — is the only thing that makes vulnerability data actionable. The episode closes with a look at the next generation of cybersecurity leaders, startup strategy, and what students entering the field are uniquely positioned to do differently. Key topics include: Applied AI vs. AI hype in cybersecurityThreat & exposure management as a risk-reduction engineOffensive security’s role in prioritization and validationWhy vulnerability scoring breaks down without contextCVEs, ecosystem fragmentation, and global vulnerability dataPlatformization, consolidation, and the future of security toolingBuilding cybersecurity startups that solve real buyer problems http://threatcon1.org https://vulncheck.com https://omdia.tech.informa.com

    41 min

  5. 12/09/2025

    Episode 7: The Biggest Cyber Threats Today - Nabil Hannan on Insecure Software, CVEs & AI

    In this episode of THREATCON1, Tom and Patrick sit down with Nabil Hannan, Field CISO at NetSPI, AI-focused startup advisor, and host of the Agent of Influence podcast. Nabil shares his unique perspective on today’s most pressing cybersecurity challenges, including: Insecure software and why vulnerabilities are becoming increasingly dangerous in our hyper-connected world.The human factor in cybersecurity: why people often pose a bigger risk than technology itself.Secure by design principles and the hurdles organizations face when trying to implement them at scale.CVE program insights: understanding the gap between published vulnerabilities and real-world threats.Software Bill of Materials (S-BoM): why tracking third-party components is critical for enterprise security.AI in cybersecurity: from deepfakes to real-time impersonation, Nabil breaks down the risks and practical applications.Career insights: Nabil reflects on his journey through software development, product management, and cybersecurity leadership. Whether you’re a cybersecurity professional, software engineer, or just interested in the evolving digital threat landscape, this episode is packed with actionable insights and real-world examples from someone on the front lines of security. Resources & Links Mentioned: THREATCON1: https://www.threatcon1.org/ NetSPI: https://www.netspi.com Agent of Influence Podcast: https://www.netspi.com/podcast/logistics-cybersecurity/ Follow THREATCON1 for more expert discussions on emerging threats.

    50 min

  6. 12/03/2025

    Episode 6: From North Korea to LinkedIn: The New Era of Social-Engineered Intrusion with Christine Fignar

    Tom and Patrick sit down with Christine Fignar, Cybersecurity Analyst at the Federal Reserve Bank of Minneapolis, to unpack one of the most misunderstood areas of security: insider threats and human-driven risk. Christine’s background spanning aviation, HR, communications, and counterterrorism gives her a rare perspective on stress, behavior patterns, and the subtle signals that often precede incidents. We get into her “Cone of Uncertainty” framework for visualizing how threats form and evolve, discuss hiring fraud, offboarding gaps, nation-state recruitment, and why organizations routinely miss early warning signs. A conversation for anyone looking to better understand, track, and communicate human-centric risk. 🔍 Topics Covered How the Federal Reserve approaches insider threat detectionThe “Cone of Uncertainty” model — and why it works for cyberWhy human stress is one of the strongest predictors of insider riskHow to watch for early “storm signals” inside your organizationThe rise of nation-state hiring scams (North Korea, China)OSINT techniques for tracking behavioral riskWhy cyber teams must become “English-to-English translators”Problems with spreadsheets, CVSS scores, and risk communicationThe hidden dangers in onboarding/offboarding workflowsReal-world examples: sales data theft, disgruntled employees, access misconfigurationsWhy organizations still fail at protecting sensitive information 🎙️ About Our Guest Christine Fignar Cybersecurity Analyst, Federal Reserve Bank of Minneapolis Specializes in insider threat, incident response, human-behavior-driven risk, and threat intelligence analysis. Background includes aviation operations, HR, communications, and counterterrorism/anti-corruption studies. 📢 If You’re in Cybersecurity, This Episode Is For You Perfect for security leaders, threat intel analysts, defenders, SOC teams, and anyone who wants to understand the human side of modern cyber threats — beyond the dashboards and detection tools.

    45 min

  7. 11/24/2025

    Episode 5: Building a Proactive Cyber Strategy with Focus and Cross-team Collaboration

    Tom and Patrick welcomed Simon Goldsmith, CISO, Ovo Energy to the show, to chat about the emerging threat landscape across different industries he’s served in - from the CISO’s perspective. We dig into some of his cyber experiences throughout his career, talk rugby, debate Oasis vs Blur and even drill down into how to counter coordinated nation-state attacks!

    42 min

  8. 11/17/2025

    Episode 4: Cyber Ops Experience Meets Following Industry Money with Mike Privette

    Tom and Patrick host Mike Privette, Founder, Return on Security, to get a sense of Mike's perspectives on how he's used his operational background in cyber as a former multi-time CISO to pivot into something entirely different in the cyber market today! Mike brings insights on how he tracks and slices data on all cyber funding and M&A activity with his broad-ranging dataset and his leading newsletter. They cover ground on emerging threats, AI investment in cyber and what pushed him to pursue a unique pivot in his cybersecurity journey!

    44 min

  9. 11/12/2025

    Episode 3: CVE's Emerging Threats and Horror Movies — with Tod Beardsley (RunZero)

    Tom and Patrick sit down with VP of Security Research, Tod Beardsley. We talk to Tod about his current role leading cyber research at RunZero, his time at CISA, emerging cyber threats he's currently engaged in researching, his perspective on the CVE program and its future - and finally, horror movies, of which Tod is an aficionado and active podcast host himself of Podsothoth: A Lovecraft Book Club. This session isn't THAT scary really...

    49 min

  10. 09/17/2025

    Episode 1: Cyber Summer Break with Jen Easterly

    In this episode, Tom and Patrick chat with Jen Easterly, former Director of CISA, for the U.S. government. Topics covered range from public-private collaboration efforts to better protect our national security, to her perspectives on defending against threat actors targeting U.S. interests as well as the impact AI is having on cyber today, with a sneak peak into a few of her upcoming key initiatives. And we go to learn how Jen Easterly spent her summer!

    30 min

  11. 09/17/2025

    Episode 2: The Ins and Outs of Offensive Cyber with Andrew Boyd

    In this episode, Tom and Patrick chat with former Director of the CIA’s Center for Cyber Intelligence, Andrew Boyd, about the root of today’s emerging cyber threats to both business and to citizens. They dive into his experience in offensive cybersecurity across multiple former government roles, how he grew his skillset into cyber and experiences in serving the U.S. in many innovation-led cyber capacities, and his current cyber-inspired initiatives.

    33 min
  • 11 Episodes

Ratings & Reviews

5
out of 5
3 Ratings

About

THREATCON1 is the place to go for insights on emerging cyber threats. Hosted by VulnCheck’s Security Researcher Patrick Garrity, and Chief Marketing Officer Tom Bain, THREATCON1 will give listeners critical cyber insights through discussions with top cybersecurity practitioners and leaders in the industry that drive innovation and thought leadership. Patrick and Tom will dive into emerging news stories and cyber threats, and trends that are materially shaping the industry with sharp analysis and fresh perspectives that matter related to national security and economic viability.

Information

  • Creator
    VulnCheck
  • Years Active
    2025 - 2026
  • Episodes
    11
  • Rating
    Clean
  • Copyright
    © 2025 THREATCON1 VulnCheck
  • Show Website
    THREATCON1