THREATCON1

VulnCheck
  • 5.0(3개의 평가)
  • 과학 기술
  • 격주 업데이트

THREATCON1 is the place to go for insights on emerging cyber threats. Hosted by VulnCheck’s Security Researcher Patrick Garrity, and Chief Marketing Officer Tom Bain, THREATCON1 will give listeners critical cyber insights through discussions with top cybersecurity practitioners and leaders in the industry that drive innovation and thought leadership. Patrick and Tom will dive into emerging news stories and cyber threats, and trends that are materially shaping the industry with sharp analysis and fresh perspectives that matter related to national security and economic viability.

  1. 4월 21일

    Episode 15: Most Enterprise Software Is Already Exploitable (And No One Knows It) | Joe Silva, CEO of Spektion

    In this live episode recorded at RSA Conference, the THREATCON1 team sits down with Joe Silva, Founder & CEO of Spektion, for a deep dive into the evolving reality of enterprise cybersecurity in the age of AI and explosive software complexity. Joe shares his unique journey from military intelligence and government service, through roles at iSight Partners, Symantec, TransUnion, and JLL as CISO, to now building a cybersecurity startup focused on redefining how organizations understand and manage exploitability. At the core of the conversation is a shift away from traditional vulnerability management and CVE-driven thinking toward runtime, behavior-based visibility. Joe explains how modern environments are increasingly filled with custom-built tools, AI-generated code, and rapidly evolving software that often falls outside traditional security models. Key topics covered include: - Why CVE-based vulnerability management is no longer enough - How runtime telemetry reveals true exploitability in real time - The growing problem of alert fatigue and the move toward “non-alerting” security models - Why most enterprise environments contain far more custom and unknown software than teams realize - The rise of AI-generated code and its impact on secure development practices - The shift from patching toward mitigation as a primary security strategy - How supply chain attacks are evolving in an AI-accelerated development world - Why memory-based vulnerabilities remain one of the most under-addressed systemic risks The discussion also explores a forward-looking reality: security teams must increasingly operate at machine speed, focusing less on perfect prevention and more on fast detection, prioritisation, and mitigation of real exploitable conditions. A candid, practical, and forward-thinking conversation on what it truly takes to secure modern software ecosystems.

    28분

  2. 4월 9일

    Episode 14: Network Edge Security - The Attack Surface Everyone Underestimates | Saeed Abbasi of Qualys

    Recorded live at RSA Conference in San Francisco, Patrick Garrity and Kimber Duke from VulnCheck sit down with Saeed Abbasi, Senior Manager of Security Research at the Qualys Threat Research Unit, for a deep dive into one of the most overlooked attack surfaces in cybersecurity: network edge devices. From firewalls and VPN gateways to home routers, edge devices sit at the intersection of the internet and corporate networks — making them prime targets for attackers. In this episode, Saeed shares insights from years of vulnerability research across organizations like Trend Micro, Palo Alto Networks, and Qualys, including: • Why network edge devices are frequently targeted by attackers • The challenges organizations face when patching or replacing vulnerable infrastructure • How botnets exploit consumer routers while ransomware actors target enterprise edge devices • Why visibility and asset inventory are critical for security teams • The growing importance of risk-based vulnerability prioritization • How attackers exploit vulnerabilities within days — or even before patches are available The conversation also explores broader trends in vulnerability research, the evolution of exploitation timelines, and what organizations can do today to reduce risk at the edge. If you're responsible for vulnerability management, threat research, or network security, this episode offers valuable insight into how attackers are evolving — and how defenders can keep up. Guests Saeed Abbasi – Senior Manager, Security Research, Qualys Threat Research Unit Hosts Patrick Garrity – VulnCheck Kimber Duke – Director of Product, VulnCheck Recorded live at RSA Conference.

    36분

  3. 3월 31일

    Episode 13: Why Hackers Are Targeting Edge Devices | Ryan Dewhurst of watchTowr

    In this episode of the THREATCON1 Podcast, Patrick Garrity is joined by Ryan Dewhurst, Head of Threat Intelligence at WatchTowr, for a deep dive into the rapidly evolving world of vulnerabilities, threat intelligence, and real-world exploitation. Ryan shares the story of his journey through cybersecurity — from creating the widely used Damn Vulnerable Web Application (DVWA) and the WPScan vulnerability database, to building projects like KevIntel, and now leading threat intelligence efforts at WatchTowr. The conversation explores how modern attackers operate, why time-to-exploit is shrinking, and why internet-facing infrastructure like routers, firewalls, VPNs, and edge devices has become a primary target for threat actors. Patrick and Ryan also discuss the growing scale of the vulnerability landscape, the limitations of traditional scoring systems like CVSS, and why organizations must move toward context-driven vulnerability prioritization instead of simply chasing severity scores. Along the way, they examine how threat intelligence teams detect exploitation in the wild using honeypot networks, reverse engineering, and vulnerability research — and what defenders should be paying attention to as the cybersecurity landscape continues to accelerate. If you’re interested in emerging threats, exploited vulnerabilities, and the future of cyber defense, this episode is packed with insights. Topics covered in this episode • Ryan Dewhurst’s path from DVWA and WPScan to WatchTowr • The rise of exploited vulnerability intelligence • Why attackers are increasingly targeting network edge devices • The shrinking time-to-exploit window • Zero-day vs end-day vulnerabilities in real attacks • Detecting exploitation with honeypots and threat telemetry • Why CVSS scores alone aren’t enough • The growing challenge of managing vulnerability volume • What cybersecurity teams should expect in the years ahead 🎧 Subscribe to the THREATCON1 Podcast for more conversations with cybersecurity researchers, threat intelligence leaders, and industry experts exploring the evolving threat landscape.

    37분

  4. 2월 17일

    Episode 12: Inside Cyber Threat Intelligence at Chevron | AI, Supply Chains & Nation-State Risks with Lillian Lang of Chevron

    In this episode of the THREATCON1 Podcast, Tom Bain and Patrick Garrity sit down with Lillian Lang, Senior Manager of Cyber Threat Intelligence at Chevron, to explore how modern cyber threats are evolving—and what defenders must do to stay ahead. Lillian shares her journey from federal intelligence work after 9/11 to protecting critical infrastructure in the private sector, offering a rare inside look at: How nation-state actors target the energy industryThe real impact of supply-chain vulnerabilities and zero-day exploitsWhy third-party risk and business continuity are now core security concernsThe growing role of AI in cyber defense—and the new risks it introducesWhat cyber threat intelligence teams actually do inside global enterprises This conversation delivers practical insight for cybersecurity professionals, technology leaders, and anyone interested in how critical infrastructure is defended in an increasingly complex threat landscape. Subscribe for more conversations with the people shaping the future of cybersecurity.

    45분

  5. 2월 10일

    Episode 11: How AI Is Changing Ransomware And What Comes Next Cynthia Kaiser Halcyon Former FBI Cyber Exec

    In this episode of the THREATCON 1 Podcast, hosts Tom Bain and Patrick Garrity sit down with Cynthia Kaiser, SVP at Halcyon and former FBI cyber executive, to explore the rapidly evolving world of ransomware, AI-driven threats, and national-security-level cyber defense. Drawing on two decades inside the FBI—including briefing the President’s Daily Intelligence Brief—Cynthia shares frontline insight into how cyber threats have changed, why ransomware is moving faster than ever, and what organizations must do now to stay protected. In this conversation: How AI is reshaping ransomware attacks and social engineeringWhy today’s cyber threats blur the line between espionage and warfareThe growing gap between government capability and private-sector technologyWhat “assume breach” really means in modern cybersecurityWhen (if ever) paying a ransom makes sensePractical strategies to contain attacks and protect critical infrastructure This is a must-watch discussion for security leaders, IT professionals, policymakers, and anyone concerned about the future of cyber defense. About Cynthia Kaiser Cynthia is an award-winning cyber executive, former FBI leader, and SVP at Halcyon focused on stopping ransomware and advancing threat intelligence. She has been featured in major global media and previously served as a President’s Daily Brief intelligence briefer across two U.S. administrations. Subscribe for more conversations with the people shaping the future of cybersecurity.

    45분

  6. 2월 3일

    Episode 10: Reducing Noise Risk and Attack Surface in Financial Services | Neil Robinson Virgin Money

    Tom and Patrick chat with Neil Robinson, Head of Security Engineering and Cybersecurity, Virgin Money. Neil shares his perspectives on tracking and managing emerging cyber threats in the financial services industry, gives us an alternate role or the CISO - The Chief "Translation" Officer, and provides some ways in which he focuses in on reducing noise, creating more effective signal, and how he sees the "AI slop" affecting that signal-to-noise ratio from some intel providers. Finally, Neil make an enormously salient point on how trust factors into threat actor tracking across a targeted "Top 10" threat actors who matter in the financial industry.

    31분

  7. 1월 13일

    Episode 9: Teen Hackers, Billion-Dollar Damage — Zafran’s Yonatan Keller & Nate Rollings on AI Threats Rising

    In this episode of THREATCON1, hosts Tom Bain and Patrick Garrity sit down with Nathan Rollings, Field CISO at Zafran, and Yonatan Keller, Analyst Team Lead at Zafran, for a deep, practitioner-focused conversation on the realities of modern vulnerability management. Together, they explore why patching alone can’t keep up with today’s threat landscape — and how security teams can dramatically reduce risk by prioritizing what actually matters. 🔍 Key Topics Covered Why patching is too slow The average enterprise takes ~49 days to patch — while attackers weaponize vulnerabilities in days (or minutes). Mitigating controls vs. patching How firewalls, EDRs, WAFs, segmentation, and configuration changes can meaningfully reduce exploitability — even when patching isn’t possible. The “1 in 50,000” insight Why only a tiny fraction of vulnerabilities are truly critical when you factor in runtime, reachability, exploitability, and existing controls. Zero-days without CVEs How agentic workflows can assess exposure, identify impacted assets, and recommend mitigations before scanners, signatures, or CVE IDs exist. CTEM as a maturity journey Moving from noisy vulnerability lists to operationalized, risk-driven exposure management — without creating shelfware. Threat enablement is the real danger Why loosely organized groups and even teenagers are now capable of causing enterprise-level disruption. Edge devices, legacy software, and OT risk Why internet-facing systems and unpatchable environments (manufacturing, healthcare, critical infrastructure) demand a mitigation-first mindset. AI vulnerabilities: the next frontier No CVEs, no standards, rapid adoption — and a growing attack surface most organizations aren’t tracking yet. AI as a force multiplier for defenders How agentic AI can shorten exposure windows, automate analysis, and upskill under-resourced security teams. 🎯 Why This Episode MattersIf you’re overwhelmed by vulnerability volume, constrained by patching windows, or struggling to align security priorities with business reality, this episode offers a grounded, experience-driven perspective on how modern teams are adapting — and where the industry is heading next. THREATCON1 is created by VulnCheck and focuses on emerging threats, real-world security operations, and conversations with practitioners shaping the future of cybersecurity. 🔔 Subscribe for more episodes exploring vulnerabilities, threat intelligence, and exposure management with the people who matter most.

    48분

  8. 2025. 12. 23.

    Episode 8: When Offense Meets Defense — How Cybersecurity Teams Reduce Risk Faster | Tyler Shields

    In this episode of the Threatcon1 Podcast, Tom and Patrick sit down with Tyler Shields, Cybersecurity Strategy Analyst at Omdia, for a wide-ranging conversation on where cybersecurity is heading — and what actually matters to practitioners right now. Tyler brings a rare perspective shaped by years spent across research, offensive security, vendor strategy, and analyst work. Together, they unpack how AI is reshaping cybersecurity workflows, why threat and exposure management is emerging as a critical discipline, and how offensive and defensive security must converge to drive real risk reduction. The discussion dives deep into the realities behind AI hype, the importance of keeping humans in the loop, and why buyers are overwhelmed by security debt rather than lacking data. Tyler also offers a candid take on the CVE ecosystem, vulnerability scoring fragmentation, and why context — not raw severity scores — is the only thing that makes vulnerability data actionable. The episode closes with a look at the next generation of cybersecurity leaders, startup strategy, and what students entering the field are uniquely positioned to do differently. Key topics include: Applied AI vs. AI hype in cybersecurityThreat & exposure management as a risk-reduction engineOffensive security’s role in prioritization and validationWhy vulnerability scoring breaks down without contextCVEs, ecosystem fragmentation, and global vulnerability dataPlatformization, consolidation, and the future of security toolingBuilding cybersecurity startups that solve real buyer problems http://threatcon1.org https://vulncheck.com https://omdia.tech.informa.com

    41분
모두 보기(15개)

평가 및 리뷰

5
최고 5점
3개의 평가

소개

THREATCON1 is the place to go for insights on emerging cyber threats. Hosted by VulnCheck’s Security Researcher Patrick Garrity, and Chief Marketing Officer Tom Bain, THREATCON1 will give listeners critical cyber insights through discussions with top cybersecurity practitioners and leaders in the industry that drive innovation and thought leadership. Patrick and Tom will dive into emerging news stories and cyber threats, and trends that are materially shaping the industry with sharp analysis and fresh perspectives that matter related to national security and economic viability.

정보

  • 제작진
    VulnCheck
  • 방송 연도
    2025년 - 2026년
  • 에피소드
    15
  • 등급
    전체 연령 사용가
  • 저작권
    © 2025 THREATCON1 VulnCheck
  • 웹사이트 보기
    THREATCON1

좋아할 만한 다른 항목