Cybrary Podcasts

401 Access Denied

The 2021 award-winning 401 Access Denied Podcast brings together cybersecurity leaders from Cybrary and Delinea, along with special guests, to discuss cyber security and IT topics in order to make them more accessible and entertaining for laymen and experts alike. Joseph Carson, Chief Security Scientist at Delinea, joins guests to share insights on various security topics such as hiring in cyber, thinking like a hacker, mitigating insider threats, helping secure your kids online, and IoT and OT security.

Our 401 Access Denied podcast with Delinea won the 2022 award for Best Cybersecurity Podcast in North America.

Subscribe or listen now on your favorite podcast app:

All Episodes

401 Access Denied Podcast Ep. 1 | Busting Password Myths
May 6, 2020

401 Access Denied Podcast Ep. 1 | Busting Password Myths

With World Password Day upon us, individuals of all backgrounds and varying levels of cybersecurity hygiene will be confronted with the same question - are my current personal (or corporate) security measures enough? Today's episode will take listeners through a journey of best practices, horror stories, debunked myths, visions of a passwordless future, misconceptions, and just how challenging it really is to crack them.

401 Access Denied Podcast Ep. 10 | Election Security: Can a Hacker Really Pick the Next US President?
September 9, 2020

401 Access Denied Podcast Ep. 10 | Election Security: Can a Hacker Really Pick the Next US President?

Special guest Dan Lohrmann from Security Mentor and former advisor to the White House and Homeland Security joins Thycotic and Cybrary to talk election security. We cover topics from voting registration, mail-in voting, to in-person voting and even the fake news Americans will be bombarded with from now until election day. How do we - and more importantly, should we - feel confident in our election security?

401 Access Denied Podcast Ep. 11 | Favorite Hacker Movies with David Scott Lewis
September 23, 2020

401 Access Denied Podcast Ep. 11 | Favorite Hacker Movies with David Scott Lewis

Who better to discuss our favorite hacker movies with than David Scott Lewis, inspiration for the iconic film "War Games."

 

 Hollywood has a knack for influencing public opinion, and 37 years later, the movie is still credited for shaping society’s impression of hackers. We’ll get the background of the real story behind the movie and discuss the other hacker movies we love to watch over and over.

401 Access Denied Podcast Ep. 12 | OT Security: Introduction to OT Security with Chris Kubecka
October 7, 2020

401 Access Denied Podcast Ep. 12 | OT Security: Introduction to OT Security with Chris Kubecka

In this episode of the 401 Access Denied Podcast, Thycotic and Cybrary welcome special guest Chris Kubecka, the Founder and CEO of HypaSec, to talk about OT Security: what is it, why is it important, and what are the risks? Kubecka will share stories from her exploits in international cyber warfare incident management and what devices in our homes fall short on security.

401 Access Denied Podcast Ep. 13 | OT Security: Transportation with Shift5
October 21, 2020

401 Access Denied Podcast Ep. 13 | OT Security: Transportation with Shift5

We continue delving into the topic of OT Security with special guest Josh Lospinoso, CEO and co-founder of Shift5. Shift5 experts protect OT platforms like planes, trains and tanks against cyber-attack. As former US Army cyber officer, Lospinoso wrote dozens of infosec tools, and built and taught the C++ course that US Cyber Command uses to teach its junior developers. We are excited to welcome him to the 401 Access Denied podcast to dive further into OT Security surrounding transportation.

401 Access Denied Podcast Ep. 14 | OT Security: Scientific Sensors
November 4, 2020

401 Access Denied Podcast Ep. 14 | OT Security: Scientific Sensors

The 401 Access Denied crew from Cybrary and Thycotic are joined today by special guest Steve Jacobs, Systems Architect for a large-scale ecological science program. We discuss data integrity and information security - hot topics for a program that collects over 5 billion ecological sensor readings per day from 81 field sites across the US to provide data to climate change scientists.

401 Access Denied Podcast Ep. 15 | AI, ML, and Quantum Computing: Hope or Hype?
November 18, 2020

401 Access Denied Podcast Ep. 15 | AI, ML, and Quantum Computing: Hope or Hype?

Today, Joe, Mike, and special guest Josh Lospinoso dig into buzzwords like Quantum Computing, Machine Learning and AI. Are they worth all the hype? Should humanity be concerned about the cyber security risks associated with them? Josh is the CEO and co-founder of Shift5, where experts protect OT platforms like planes, trains and tanks against cyber attack.

401 Access Denied Podcast Ep. 16 | Best Practices: Teaching Your Kids to Use Technology Safely
December 2, 2020

401 Access Denied Podcast Ep. 16 | Best Practices: Teaching Your Kids to Use Technology Safely

Most parents are struggling with where to draw the line with their children when it comes to technology. It’s designed to be addictive, so how do you teach your kids to understand the risks, set boundaries, and enforce them? And how do you make sure they protect their passwords and identities? Joe and Mike share the conversations they’ve had with their own kids and the parental controls they’ve put in place.

401 Access Denied Podcast Ep. 17 | Digital Identities & Government Innovations
December 16, 2020

401 Access Denied Podcast Ep. 17 | Digital Identities & Government Innovations

Joining us today is the National Cyber Security Policy Director for the Estonian Government, Raul Rikk. Raul shares lessons in how Estonia excels in the digitalization of government services and cyber defense strategies. We’ll discuss the 2007 coordinated Russian cyber-attacks against Estonia - how Estonia not only recovered from an attempt to isolate them from the rest of the world, but went on to develop one of the best emergency cyber defense operations in the world.

401 Access Denied Podcast Ep. 18 | Cybersecurity News
December 30, 2020

401 Access Denied Podcast Ep. 18 | Cybersecurity News

Joe Carson from Thycotic and Mike Gruen from Cybrary share how they stay up-to-date with security news through podcasts, blogs, and events. They plug their favorite experts who give honest and direct news, sometimes even with a touch of comedy.

401 Access Denied Podcast Ep. 19 | Inside a Russian Troll Farm with Jessikka Aro
January 13, 2021

401 Access Denied Podcast Ep. 19 | Inside a Russian Troll Farm with Jessikka Aro

In 2014 Jessikka Aro was a journalist reporting on the start of the Russo-Ukrainian War when she became aware of a group of Russian citizens who were being paid to promote pro-Russia propaganda. Jessikka joins us today to discuss the influence trolls had on public opinion, as well as how she outed them and became a victim of the trolls herself. And most importantly, we discuss how the Russian disinformation campaign is still working successfully in 2021 to control the narrative worldwide.

401 Access Denied Podcast Ep. 2 | Top 8 Must-Read Cybersecurity Books
May 20, 2020

401 Access Denied Podcast Ep. 2 | Top 8 Must-Read Cybersecurity Books

As many of us are job searching or looking for a break from our evening Netflix routines, it’s a good time to share our top 8 cyber security books that will help you learn new skills and techniques whether you are trying to break into the industry or prepare for the next level of your career. Understand the history of the industry and hone your core skill set with books that can influence your career. Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they share their favorite books that stand the test of time.

401 Access Denied Podcast Ep. 20 | The Latest from the SolarWinds Sunburst Breach
January 27, 2021

401 Access Denied Podcast Ep. 20 | The Latest from the SolarWinds Sunburst Breach

The 401 Access Denied team discusses the latest findings from the recent Sunburst supply chain attack that targeted thousands of SolarWinds customers – quite possibly the largest supply chain attack in history. We cover what’s been learned from the investigation so far and how we can apply those lessons to prevent being victims of future attacks. Joe and Mike are joined by Terence Jackson, CISO at Thycotic and Jonathan Meyers, Principal Infrastructure Engineer and Head of IT at Cybrary.

401 Access Denied Podcast Ep. 21 | How Cyber Criminals Exploit Human Behavior
February 10, 2021

401 Access Denied Podcast Ep. 21 | How Cyber Criminals Exploit Human Behavior

Joe and Mike talk to Jessica Barker, Co-CEO of Cygenta and author of Confident Cyber Security and the recently released Cybersecurity ABC’s. Jessica breaks down the psychology behind cyber criminals and why we frequently blame the employees on the front lines of attacks. Plus, why companies need to stop telling employees to be constantly alert. Get a copy of Confident Cyber Security [here](https://www.amazon.com/Confident-Cyber-Security-Started-Futureproof/dp/1789663407 "https://www.amazon.com/Confident-Cyber-Security-Started-Futureproof/dp/1789663407").

401 Access Denied Podcast Ep. 22 | Responsible Disclosure Programs with Katie Moussouris & Casey Ellis
February 24, 2021

401 Access Denied Podcast Ep. 22 | Responsible Disclosure Programs with Katie Moussouris & Casey Ellis

Casey Ellis, Founder & CTO of Bug Crowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don’t create one at all. So we asked - what processes should companies put in place to be sure they provide vulnerability information safely and in a usable way? Our guests today share the best practice steps that companies should take to prepare.

401 Access Denied Podcast Ep. 23 | Ransomware Rundown with Dan Lohrmann
March 10, 2021

401 Access Denied Podcast Ep. 23 | Ransomware Rundown with Dan Lohrmann

Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take today to reduce attacks, minimize damage, and decide if cyber insurance is really worth it.

 

 Resources:

 https://www.nomoreransom.org/

 https://csrc.nist.gov/

401 Access Denied Podcast Ep. 24 | Joe & Mike's Top 5 Free Cybersecurity Tools
March 24, 2021

401 Access Denied Podcast Ep. 24 | Joe & Mike's Top 5 Free Cybersecurity Tools

In your cyber security journey, you’ve probably heard of a massive number of cyber security tools, many of them free. It can be tricky to figure out where to start and which tool is worth your time. In this podcast, Joe and Mike discuss the free cyber security tools in their arsenal and the significant value they’ve provided over the years.

401 Access Denied Podcast Ep. 25 | Inside Application Security with Ted Harrington
April 7, 2021

401 Access Denied Podcast Ep. 25 | Inside Application Security with Ted Harrington

Special guest Ted Harrington joins Joe and Mike today to discuss application security – how to be more secure, what AppSec myths to reconsider, and how to change mentalities at your organization. Ted is Executive Partner at Independent Security Evaluators and author of Hackable: How To Do Application Security Right.

401 Access Denied Podcast Ep. 26 | Cyber Insurance with the Experts: Michael Phillips and Kevin McGowan
April 21, 2021

401 Access Denied Podcast Ep. 26 | Cyber Insurance with the Experts: Michael Phillips and Kevin McGowan

Mike and Joe dig into the topic of cyber insurance with the folks from Resilience Insurance – Kevin McGowan, VP of Cyber Underwriting and Michael Phillips, Head of Claims. As cyber laws are changing and cyber criminals are continually getting better and more creative in their approach, cybercrimes are becoming more commonplace. We discuss what you need to know when selecting cyber insurance for your organization to help minimize disruption and ease the aftermath of a cyber incident.

401 Access Denied Podcast Ep. 27 | 1 Year Anniversary Special: The Making of 401 Access Denied
May 5, 2021

401 Access Denied Podcast Ep. 27 | 1 Year Anniversary Special: The Making of 401 Access Denied

It’s the special anniversary edition of the 401 Access Denied podcast! In honor of our 1-year anniversary and more than 16,000 listens, Joe and Mike want to take you behind the scenes and introduce you to everyone who works on the podcast and brings it to you biweekly. Listeners, thank you for hanging out with us for 1 magical year. We want to hear your thoughts here. What topics or guest stars matter to you?

401 Access Denied Podcast Ep. 28 | Digital Forensics & Incident Response with Ondrej Krehel of LIFARS
May 19, 2021

401 Access Denied Podcast Ep. 28 | Digital Forensics & Incident Response with Ondrej Krehel of LIFARS

In this episode of 401 Access Denied, we are joined by Ondrej Krehel, CEO and Founder of LIFARS, to discuss Digital Forensics, Incident Response, Ransomware Mitigation, and Cyber Resiliency. Do you know your risks and how to respond if targeted by hackers? We discuss how to be resilient on both a personal and organizational level.

401 Access Denied Podcast Ep. 29 | Helpful or Harmful? The Microsoft Exchange Server Hack & FBI Cleanup with Josh Lospinoso
June 2, 2021

401 Access Denied Podcast Ep. 29 | Helpful or Harmful? The Microsoft Exchange Server Hack & FBI Cleanup with Josh Lospinoso

After the four zero-day vulnerabilities were discovered, the FBI also proactively removed backdoors on numerous private Exchange servers. Was that overreach or the right thing to do? On today's episode, we're joined by Josh Lospinoso, CEO and co-founder of Shift5 and former U.S. Army cyber officer, to discuss law enforcement in cyber security.

401 Access Denied Podcast Ep. 3 | Getting Back to Work: The New Pandemic Anxiety
June 3, 2020

401 Access Denied Podcast Ep. 3 | Getting Back to Work: The New Pandemic Anxiety

As many countries around the world are reopening and people are going back to work, countless new challenges arise for both the employer and employee.

 

 - How do businesses ensure employee safety without invading their privacy around health issues?

 - How do businesses ensure that devices that have been used outside of their network for several months are now safe, especially as shift work means employees could be going in and out of the network repeatedly?

 - And as workers, what new privacy issues should we worry about as we go back to shared desks and community spaces?

 - Plus, is my company really doing thermal scans?!

 

 Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they discuss these problems, and more.

401 Access Denied Podcast Ep. 30 | Pen Testing & Incident Response with Pathfynder
June 16, 2021

401 Access Denied Podcast Ep. 30 | Pen Testing & Incident Response with Pathfynder

There are a lot of myths about what pen testing or red-teaming really are. DJ Fuller, CEO of Pathfynder joins us today to share what companies should expect when they engage a third-party to help them with cyber security and how to establish a good incident response program. Get the low down on the common mistakes that organizations make when hiring a third-party service or choosing to move forward internally.

401 Access Denied Podcast Ep. 31 | Ransomware & Critical Infrastructure Q&A with Dan Lohrmann
June 30, 2021

401 Access Denied Podcast Ep. 31 | Ransomware & Critical Infrastructure Q&A with Dan Lohrmann

Recent events confirm that the US’s critical infrastructure and supply chain are very vulnerable to ransomware attacks. What more can and should be done to keep them safe from ransomware? As NATO and the White House announce steps to crack down on bad actors, will it move the needle at all? Dan Lohrmann, CSO of Security Mentor, and formerly of State of Michigan and the NSA, joins the 401 team to discuss.

401 Access Denied Podcast Ep. 32 | Best Practices on Penetration Testing with Dave Kennedy
July 14, 2021

401 Access Denied Podcast Ep. 32 | Best Practices on Penetration Testing with Dave Kennedy

Dave Kennedy, CEO of Binary Defense and TrustedSec and co-author of Metasploit: The Penetration Testers Guide, joins the 401 team to talk about penetration testing. We uncover invaluable lessons from a master in the industry.

401 Access Denied Podcast Ep. 33 | Red Team 101: Offensive Security with Joe Vest
July 28, 2021

401 Access Denied Podcast Ep. 33 | Red Team 101: Offensive Security with Joe Vest

In this episode, Joe Vest joins the 401 Access Denied team to discuss red teaming and pen testing operations and fundamentals. Joe is the author of the original SANS SEC 564 Red Teaming and Threat Emulation course, former technical lead for a DoD red team, and co-author of Red Team Development & Operations. Joe walks us through how to build and run a professional red team, along with the common pitfalls and obstacles most organizations face.  

 

 Check out Joe's book here: https://redteam.guide/

 Follow Joe on Twitter: @joevest

401 Access Denied Podcast Ep. 34 | Analyzing Verizon's Data Breach Investigations Report
August 11, 2021

401 Access Denied Podcast Ep. 34 | Analyzing Verizon's Data Breach Investigations Report

Need a refresher on all that has been happening recently in the cybersecurity industry? Want to educate your team on a summary of this year's data breaches and incidents? Joseph Carson, Chief Security Scientist at Thycotic, and Cybrary's Principal Infrastructure Engineer, Jonathan Meyers, discuss the meaning and value of Verizon's Data Breach Investigations Report (DBIR). Learn more about how you can best understand and plan for rising cybersecurity threats.

401 Access Denied Podcast Ep. 35 | Safeguarding Critical Infrastructure with Ben Miller
August 25, 2021

401 Access Denied Podcast Ep. 35 | Safeguarding Critical Infrastructure with Ben Miller

How and why has critical infrastructure become so targeted by ransomware? What are the key differences between IT and OT? The 401 team asks these key questions and more in this conversation with Ben Miller, VP of Professional Services and R&D at Dragos. Learn more about best practices for cybersecurity management.

401 Access Denied Podcast Ep. 36 | Prepping for Operational Technology Risks with Jon Ramsey and Juan Espinosa
September 8, 2021

401 Access Denied Podcast Ep. 36 | Prepping for Operational Technology Risks with Jon Ramsey and Juan Espinosa

If you've ever closed your garage door or checked your home security camera with a mobile app, then you've relied on a technical communication network of virtual Information Technology and physical Operational Technology devices. This synthesis of IT and OT provides convenient ways for you to secure your home, but your assets are at risk when malicious actors exploit those networks. 

 

 In this episode of 401 Access Denied, listen to host Joseph Carson, Chief Security Scientist at Thycotic, talk with cybersecurity executives, Jon Ramsey and Juan Espinosa, about the significance of OT risk management and mitigation. Learn how security managers can work with designers, vendors, and compliance officers to prioritize investment in OT security.

401 Access Denied Podcast Ep. 37 | Assessing Cyber Insurance Needs with Resilience
September 22, 2021

401 Access Denied Podcast Ep. 37 | Assessing Cyber Insurance Needs with Resilience

How do we accurately measure and minimize cybersecurity risks? How does cyber insurance fit into the risk management process? Joseph Carson, Chief Security Scientist at Thycotic, discusses these questions and more with members of the Resilience cyber insurance company, including Ann Irvine, Chief Data Scientist, and Kevin McGowan, VP of Cyber Underwriting. Learn about how insurance companies like Resilience work with organizations to find the best solutions to offset critical risks.

401 Access Denied Podcast Ep. 38 | Password Cracking with Ethical Hacker Dustin Heywood (aka EvilMog)
October 6, 2021

401 Access Denied Podcast Ep. 38 | Password Cracking with Ethical Hacker Dustin Heywood (aka EvilMog)

You have passwords for nearly everything these days, but just how easy are they to crack? In this episode of 401 Access Denied, award-winning X-Force Red Hacker, Dustin Heywood, gives you several reasons to rethink your approach to password selection and management. As we kick off National Cybersecurity Awareness Month, Dustin takes us into the world of password cracking and shares best practices for both organizational and personal password hygiene. From common mistakes to the future of a passwordless world, we discuss it all.

401 Access Denied Podcast Ep. 39 | Breaking Down Zero Trust Security with Dave Lewis
October 20, 2021

401 Access Denied Podcast Ep. 39 | Breaking Down Zero Trust Security with Dave Lewis

Zero Trust security architecture models are becoming more popular as organizations seek to reduce risk. But what are both the business and cultural implications of deperimiterization? Enjoy this engaging conversation with Thycotic's Advisory CISO, and Chief Security Scientist, Joseph Carson, and his doppelgänger, Dave Lewis, the Global Security CISO at Cisco Security. Learn how a Zero Trust mindset involves not only technical solutions such as network zone segmentation, but also human-centered security awareness training and mentorship.

401 Access Denied Podcast Ep. 4 | The 2020 Verizon Data Breach Investigations Report
June 17, 2020

401 Access Denied Podcast Ep. 4 | The 2020 Verizon Data Breach Investigations Report

Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they deep dive into Verizon’s 2020 Data Breach Investigations Report. We’ll share the good news of what the industry has been doing well this year and we’ll also share the not-so-good news. Ransomware, malware, credential stuffing, employee cyber education, and much more will be discussed. Plus, we’ll give a rundown of the measures you should have in place to protect your organization against these threats starting today.

401 Access Denied Podcast Ep. 40 | Leveraging Data Science in Security with Kevin Hanes and Jon Ramsey
November 3, 2021

401 Access Denied Podcast Ep. 40 | Leveraging Data Science in Security with Kevin Hanes and Jon Ramsey

Cybersecurity is a growing, expansive industry that transcends the fields of technology and even security. How can organizations leverage the critical work of data scientists not only for machine learning automation, but also for diversifying threat detection strategies? In this episode of 401 Access Denied, Joseph Carson, Chief Security Scientist at Thycotic, discusses data science in the security context with Kevin Hanes, CEO of Cybrary, and Jon Ramsey, a fellow cybersecurity executive and returning guest. Join the conversation on the importance of artificial intelligence and machine learning in the advancement of dynamic, adaptive cybersecurity business strategies and training.

401 Access Denied Podcast Ep. 41 | Unlocking the State of Cybersecurity with Quentyn Taylor
November 17, 2021

401 Access Denied Podcast Ep. 41 | Unlocking the State of Cybersecurity with Quentyn Taylor

If the security industry is booming, what does this mean for the state of cybersecurity and for humanity at large? Information security leader and content creator, Quentyn Taylor, breaks down the flaws in heavily reactive security and “cybersecurity first” approaches that minimize the human-centered elements of risk management. From IoT-enabled smart locks to RFID credit cards, Quentyn assesses the value and risks behind popular security products. Follow Quentyn's advice to make your organization not only more cyber-aware, but also resilient.

401 Access Denied Podcast Ep. 42 | Adopting Simulation-Based Gamified Cybersecurity Training with JC Vega
December 1, 2021

401 Access Denied Podcast Ep. 42 | Adopting Simulation-Based Gamified Cybersecurity Training with JC Vega

When it comes to incident response, “Your plan is worthless, but your planning is priceless.” These wise words from JC Vega, CISO at Devo, highlight the critical difference between having an incidence response plan and being incident response ready. In this episode of the 401 podcast, JC explains how unpredictable, engaging simulations can be a game-changer in building an organization’s resilience against critical cyberattacks like ransomware. Find out how simulation-based training can effectively help your entire organization to build trust and get actively involved in cybersecurity preparedness.

401 Access Denied Podcast Ep. 43 | Hacking the Game: Cybersecurity Training Meets Esports
December 15, 2021

401 Access Denied Podcast Ep. 43 | Hacking the Game: Cybersecurity Training Meets Esports

Could online gaming be the key to bridging the cybersecurity skills gap? Is enumeration more than a scanner's sport? Ian Austin, Head of Content Innovation at Hack The Box, tackles these questions as he explains why cybersecurity training should be less about checking the boxes and more about thinking outside the box. Hear Ian's thoughts on the global reach of gamified security education and the significance of "purple-minded" cybersecurity initiatives that bring red and blue teams together.

401 Access Denied Podcast Ep. 44 | Cybersecurity Year in Review and 2022 Predictions ​with Art Gilliland
December 29, 2021

401 Access Denied Podcast Ep. 44 | Cybersecurity Year in Review and 2022 Predictions ​with Art Gilliland

2021 has been quite a year for all of us, but what have we accomplished and learned in the cybersecurity field? We have certainly had to adjust to a global remote work culture and step up our security strategies to take on new challenges involving more specialized cybercrime. Art Gilliland, CEO of ThycoticCentrify, joins our host, Joseph Carson, to reflect on key lessons learned and predictions for 2022. Will Zero Trust become a security norm like Defense in Depth? How could governments get more involved in cryptocurrency regulation efforts? Enjoy this engaging discussion before we kick off the new year!

401 Access Denied Podcast Ep. 45 | Establishing Multinational Cyber Partners in NATO CCDCOE with Jaak Tarien
January 12, 2022

401 Access Denied Podcast Ep. 45 | Establishing Multinational Cyber Partners in NATO CCDCOE with Jaak Tarien

The 2007 cyberattacks on Estonia culminated into a watershed moment in global cybersecurity awareness. Jaak Tarien, Director of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia, discusses the geopolitical implications of cybercrime. Ransomware attacks can have a significant economic impact, but how are cybercrime operations also indicative of a breach of sovereignty? To best approach this question, Jaak emphasizes the importance of the CCDCOE's legal scholarship, such as the Tallinn Manual, among other efforts that foster transparent multinational cybersecurity communications, research, and training.

401 Access Denied Podcast Ep. 46 | Fighting Cybercrime & Tracking Malware Trends with Shyam Sundar Ramaswami
January 26, 2022

401 Access Denied Podcast Ep. 46 | Fighting Cybercrime & Tracking Malware Trends with Shyam Sundar Ramaswami

Everyone is talking about malware these days, but what new developments and trends are we seeing in malware attacks? This week’s featured guest is Shyam Sundar Ramaswami—Senior Research Scientist at Cisco by day, and the Batman of Hacking by night. So how does cybersecurity’s Bruce Wayne propose that we strengthen our incident response plans against emerging malware threats? What’s really happening when we click that inconspicuous link in the “Delivery Address Confirmation Needed” email? Find out the answers to these questions from the ethical hacker hero who’s here to help you save the world from cyberattacks!

401 Access Denied Podcast Ep. 47 | Cybersecurity Conference Survival Tips with Chris Roberts
February 9, 2022

401 Access Denied Podcast Ep. 47 | Cybersecurity Conference Survival Tips with Chris Roberts

Whether you’re new to cybersecurity or a longtime security professional, one of your best opportunities to network is at conferences. In this fun-filled episode of 401 Access Denied, seasoned conference-goers, Joe Carson and HillBilly Hit Squad’s vCISO (aka “Chief Geek”), Chris Roberts, share their insights on how to make the most of networking events. What clothes should you pack? How can you best plan your daily schedule so that you maximize productivity and have time to socialize? And, most importantly, where in the world can you find the best whiskey? Cheers to a new year filled with engaging, informative cybersecurity events!

401 Access Denied Podcast Ep. 48 | IoT Hacking with Beau Woods and Paulino Calderon
February 23, 2022

401 Access Denied Podcast Ep. 48 | IoT Hacking with Beau Woods and Paulino Calderon

How can we improve the security of life-saving medical, communications, and transportation devices? What hands-on skills do we need in order to design more trustworthy hardware? In this episode of 401 Access Denied, InfoSec veterans Beau Woods and Paulino Calderon discuss key tips from their informative book, "Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things." If you enjoy working with your hands and breaking things, then you'll want to hear Beau and Paulino's tips for how to kick off a dynamic, fulfilling career in IoT security. Learn more about why accessibility and collaboration are essential to improving the way that humans interact with, trust, and benefit from technological devices.

401 Access Denied Podcast Ep. 49 | Getting Smart About Security Awareness Training with Paula Januszkiewicz
March 9, 2022

401 Access Denied Podcast Ep. 49 | Getting Smart About Security Awareness Training with Paula Januszkiewicz

In just the first half of 2021, the financial industry saw a 1,318% increase in ransomware attacks. How can knowledge of ransomware gangs' encryption strategies help employees at every level of an organization to develop stronger incident response plans? Paula Januszkiewicz, acclaimed security leader, pen tester, and CQURE CEO, offers practical guidance on inclusive approaches to security awareness training. As the threat landscape evolves alongside new technological innovations, questions emerge about how we need to rethink password protection, privilege access, and at-home security. Enjoy this thought-provoking conversation about the value of curiosity and teamwork in forward-thinking security strategy development.

401 Access Denied Podcast Ep. 5 | What the Heck is Least Privilege Security Anyway?
July 1, 2020

401 Access Denied Podcast Ep. 5 | What the Heck is Least Privilege Security Anyway?

Least Privilege has become a pervasive term in cyber security these days. But what does Least Privilege actually mean? How has Zero Trust transformed into building trust and adaptive security that helps employees do their jobs efficiently and securely? Join Joseph Carson, Chief Security Scientist from Thycotic and author of “Least Privilege for Dummies,” along with Mike Gruen from Cybrary as they dive into the topic of Least Privilege and how it can transform an organization with more automation.

401 Access Denied Podcast Ep. 50 | The State of Global Information Wars with Dan Lohrmann
March 23, 2022

401 Access Denied Podcast Ep. 50 | The State of Global Information Wars with Dan Lohrmann

As cybersecurity teams seek to enhance their defenses in the wake of worldwide ransomware attacks and the spread of wiper malware in Ukraine, what predictions can we make about the evolution of global information wars? Acclaimed security leader and Field CISO at Presidio, Dan Lohrmann, discusses emerging trends in cyber insurance, cyber incident reporting, and incident response planning. Learn more about the potential impact of the Shields Up advisory published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Amidst growing risk and uncertainty, hear Dan's advice on how you can develop best practices for training and preparing your security team.

401 Access Denied Podcast Ep. 51 | Privilege Escalation Using Hack Tricks with Carlos Polop
April 6, 2022

401 Access Denied Podcast Ep. 51 | Privilege Escalation Using Hack Tricks with Carlos Polop

With privilege escalation vulnerabilities like Dirty Pipe posing potentially critical impacts, it is more important than ever to learn how adversaries are exploiting key flaws to gain root access, launch attacks, and more. Security researcher Carlos Polop joins us on this episode of 401 Access Denied to discuss his valuable contribution to the penetration testing community: Privilege Escalation Awesome Scripts Suite (PEASS). Gain insights on how pen testers can leverage LinPEAS and WinPEAS to exploit vulnerabilities in CTF environments. Plus, hear how you can contribute to Carlos' research.

401 Access Denied Podcast Ep. 52 | Hacking the Penetration Test with FC (aka Freaky Clown)
April 20, 2022

401 Access Denied Podcast Ep. 52 | Hacking the Penetration Test with FC (aka Freaky Clown)

In a world where cybersecurity is no longer just an IT issue, it is more important than ever to assess the human, technical, and physical security aspects of any organization. Bringing responsible awareness to this triad, FC (aka Freaky Clown) and his team at Cygenta are reimagining the role of penetration testing in fostering sustainable cyber resilience. Hear the tricks that FC has learned on the job while (ethically!) robbing banks to identify physical security weaknesses, enhancing the comprehensive value of pen tests, and developing cybersecurity training exercises for people of all ages.

401 Access Denied Podcast Ep. 53 | Password Security Secrets with Dustin Heywood (aka EvilMog)
May 4, 2022

401 Access Denied Podcast Ep. 53 | Password Security Secrets with Dustin Heywood (aka EvilMog)

Just in time for World Password Day, this podcast episode is all about password cracking and the solutions to securing your secrets. Four-time DEF CON Black Badge winner and Chief Architect of IBM X-Force, Dustin Heywood, shares essential tips for easy password management. And if you're into ethical hacking, listen to Dustin's advice on which tools, hardware baselines, technique variations, and intellectual abilities will give you the advantage you need to start cracking.

401 Access Denied Podcast Ep. 54 | Creativity, Community, and Bug Bounties with STÖK
May 18, 2022

401 Access Denied Podcast Ep. 54 | Creativity, Community, and Bug Bounties with STÖK

How does the hacker of all trades, Fredrik Alexandersson (aka STÖK), take the time to learn new things, design sustainable fashion, and connect with a growing social media community? Hear how you can satisfy your curiosity with the ultimate work-life balance. Follow STÖK down the bug bounty career path that influenced his cybersecurity career journey and inspired his creative pursuits.

401 Access Denied Podcast Ep. 55 | Investing in People and Reducing Skills Gaps with Kevin Hanes
June 1, 2022

401 Access Denied Podcast Ep. 55 | Investing in People and Reducing Skills Gaps with Kevin Hanes

Where can organizations find specialized candidates for millions of unfilled security jobs? How can the right approach to training help increase employee retention and close the notorious cybersecurity skills gap? Kevin Hanes, CEO of Cybrary, shares why investing in people is a vital part of reducing risk. Learn how you can effectively prioritize diversity in the hiring process and support the growth of people who value the continuous educational journey that is cybersecurity.

401 Access Denied Podcast Ep. 56 | Highlights from Verizon's 2022 Data Breach Investigations Report
June 15, 2022

401 Access Denied Podcast Ep. 56 | Highlights from Verizon's 2022 Data Breach Investigations Report

Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can develop smart, data-driven security solutions based on evolving threat actor behavior and incident analysis.

401 Access Denied Podcast Ep. 57 | Tackling Trauma in Cybersecurity with Chloé Messdaghi
June 29, 2022

401 Access Denied Podcast Ep. 57 | Tackling Trauma in Cybersecurity with Chloé Messdaghi

Living in the Information Age means that we have a wide world of knowledge and networks at our fingertips, but where do we find that balance between enlightenment and exhaustion? If you're weary from doomscrolling and tired of putting bandaids on burnout, you'll want to hear what Chloé Messdaghi has to say about maintaining sanity in the security industry. Join Chloé as she kicks off her latest gig as the co-host of the 401 Access Denied podcast, where she will share insights on prioritizing mental health support and positive leadership in cybersecurity.

401 Access Denied Podcast Ep. 58 | Creating a Human-Centered Cyber Strategy with Robert Burns
July 13, 2022

401 Access Denied Podcast Ep. 58 | Creating a Human-Centered Cyber Strategy with Robert Burns

As our threat landscape evolves and remote work opportunities continue to grow in popularity, it's important that security leaders enhance their future-proofing strategies. How can organizations cultivate human-centered approaches to prioritizing risks and developing proactive incident response plans? Robert Burns, Chief Security Officer of the Thales Cloud Protection and Licensing division, sits down with the 401 Access Denied team to discuss these strategies and other key takeaways from the June 2022 BSIDES and RSA conferences.

401 Access Denied Podcast Ep. 59 | Unlocking Identity Management with Pamela Dingle
July 27, 2022

401 Access Denied Podcast Ep. 59 | Unlocking Identity Management with Pamela Dingle

What is your ideal password management experience? Pamela Dingle, Director of Identity Standards at Microsoft, chats with us during the 2022 RSA conference about forward-thinking identity management strategies from the perspectives of consumers, businesses, and government entities. Hear Pamela's take on how authentication, standardization, and decentralization efforts are changing the way that we think about digital identity.

401 Access Denied Podcast Ep. 6 | Emma Heffernan: Diary of a Cyber Security Grad
July 15, 2020

401 Access Denied Podcast Ep. 6 | Emma Heffernan: Diary of a Cyber Security Grad

Joseph Carson from Thycotic is joined today by Emma Heffernan, one of the most recognized new cybersec professionals in the industry. She'll share her experience as a recent graduate turned Pentester and speaker as she navigates her way through various industry roles. Also, you'll hear ideas for learning new skills and sharing your expertise with others to further your industry knowledge.

401 Access Denied Podcast Ep. 60 | Ethically Exploiting Vulnerabilities with John Hammond
August 10, 2022

401 Access Denied Podcast Ep. 60 | Ethically Exploiting Vulnerabilities with John Hammond

With thousands of new vulnerabilities discovered each year, how can security teams prioritize which ones to mitigate? John Hammond, acclaimed content creator and Senior Security Researcher at Huntress, explains key factors determining a vulnerability's potential impact. Join John behind the scenes at the RSA conference as he discusses threat actor mindsets, community engagement, and the ethics of hacking.

401 Access Denied Podcast Ep. 61 | Escaping Ukraine with Chris Kubecka
August 24, 2022

401 Access Denied Podcast Ep. 61 | Escaping Ukraine with Chris Kubecka

A distressing escape from a nation at the outbreak of war. A race to the border filled with sharp turns, sleepless nights, and evasion from mercenary groups. This is the true story of cyberwarfare expert Chris Kubecka's exodus from Ukraine in early 2022. Follow Chris down the winding Ukrainian backroads in part 1 of her perilous story.

401 Access Denied Podcast Ep. 62 | Warfare and Welfare in Ukraine with Chris Kubecka
September 7, 2022

401 Access Denied Podcast Ep. 62 | Warfare and Welfare in Ukraine with Chris Kubecka

At the onset of the 2022 war in Ukraine, how did the wiper malware attacks deployed by Russia impact civilians? To what extent does cyberwarfare coincide with information warfare in the context of the Russo-Ukrainian War? In part 2 of our conversation with Chris Kubecka, CEO of HypaSec, we discuss the importance of open-source intelligence and community support amidst global conflict.

401 Access Denied Podcast Ep. 63 | Building a Safer Cyberspace with Philipp Amann
September 21, 2022

401 Access Denied Podcast Ep. 63 | Building a Safer Cyberspace with Philipp Amann

With ransomware, supply-chain attacks, and other organized cybercrime incidents on the rise, what can we do to better protect society? Philipp Amann, Head of Strategy at the European Cybercrime Centre (EC3), invites us to his world of cyber law enforcement and analysis. Learn more about the evolution of cyberattacks and cybercriminal investigations. Hear how you can join government agencies in the fight against new and pervasive threats.

401 Access Denied Podcast Ep. 64 | The Future State of Cybersecurity with Rik Ferguson
October 5, 2022

401 Access Denied Podcast Ep. 64 | The Future State of Cybersecurity with Rik Ferguson

With the state of cybersecurity in constant flux, how can security teams better prepare both their organizations and society for the challenges ahead? Rik Ferguson, VP of Security Intelligence at Fourscout Technologies, shares best practices for tackling issues of trust, authenticity, communication, and problem-solving in the security world.

401 Access Denied Podcast Ep. 65 | Bringing the Fun Back to Cybersecurity with Ian Murphy
October 19, 2022

401 Access Denied Podcast Ep. 65 | Bringing the Fun Back to Cybersecurity with Ian Murphy

Feeling fatigued from all the fear and uncertainty surrounding cybersecurity news? Take a breather in this engaging podcast conversation with Ian Murphy, founder of CyberOff and affectionately known as the Monty Python of Cyber! Join in the fun as Ian breaks down the complexities of cybersecurity to focus on the value of human impact, bravery, and connectedness in this dynamic field.

401 Access Denied Podcast Ep. 66 | Cultivating Critical Infrastructure Resilience with George Eapen
November 2, 2022

401 Access Denied Podcast Ep. 66 | Cultivating Critical Infrastructure Resilience with George Eapen

When threat actors target enterprise security environments, they often seek to compromise the accounts with the most privileged access. How can organizations minimize security risks in a world where remote account access is growing? George Eapen, Group Chief Information Officer at Petrofac, discusses important strategies for reducing risk and increasing resilience in the face of threats like ransomware attacks. Learn more about how layered security controls, privileged access management, and employee training can foster a positive organizational security culture.

401 Access Denied Podcast Ep. 67 | Hack the Community with Phil Wylie
October 19, 2022

401 Access Denied Podcast Ep. 67 | Hack the Community with Phil Wylie

The art of hacking is often synonymous with high-profile cybercrime. But how can the cybersecurity and penetration testing community help more crafty hackers go from breaking bad to breaking good? Phil Wylie, author of "The Pentester Blueprint," joins Joe Carson and Chloé Messdaghi to discuss innovative ways of fostering a safe, supportive, and rewarding culture among ethical hackers. We explore how effective mentorship, gamified bug bounty challenges, and free training opportunities can positively impact cybersecurity job recruitment and satisfaction.

401 Access Denied Podcast Ep. 68 | Know Your Hackers' Rights with Chloé Messdaghi
November 30, 2022

401 Access Denied Podcast Ep. 68 | Know Your Hackers' Rights with Chloé Messdaghi

Ethical hackers are motivated to make society safer, but how can they ensure that they are following the law? This episode of the 401 Access Denied Podcast explores all the gray areas of vulnerability disclosure policies, copyright laws, and end-user license agreements. Learn essential hacker safety tips from our hosts, Joe Carson and Chloé Messdaghi!

401 Access Denied Podcast Ep. 69 | Cloud Hacks with Carlos Polop
December 14, 2022

401 Access Denied Podcast Ep. 69 | Cloud Hacks with Carlos Polop

Cloud services have made it easier for users to stay connected and access resources from anywhere. But how can we reduce the security risks resulting from on-premises-to-cloud infrastructure migration? Security researcher Carlos Polop returns to the 401 Access Denied Podcast to expose the most unexpected cloud security flaws commonly leveraged by adversaries. From tackling misconfigurations to enhancing security controls, we cover top risk mitigation strategies recommended by cloud penetration testers!

401 Access Denied Podcast Ep. 7 | International Cyber Warfare: How Real is the Threat? Part 1
July 29, 2020

401 Access Denied Podcast Ep. 7 | International Cyber Warfare: How Real is the Threat? Part 1

Join Joseph Carson from Thycotic, Mike Gruen from Cybrary and special guest Josh Lospinoso, former Cyber Officer of the US Army for part 1 of our 2-part episode on international cyber war. What does it take to recognize cyber misconduct as an act of war? How do we even attribute transgressions to the right players as modern technologies make cyber operations harder to detect and defend against?

401 Access Denied Podcast Ep. 70 | Cybersecurity Year in Review and 2023 Predictions with Dan Lohrmann
December 28, 2022

401 Access Denied Podcast Ep. 70 | Cybersecurity Year in Review and 2023 Predictions with Dan Lohrmann

What were the biggest cybersecurity trends of 2022, and which types of threats do experts predict we should prepare for in 2023? Dan Lohrmann, Field CISO with Presidio, returns to the 401 Access Denied Podcast to provide a consolidated perspective on all the trends from an eventful year. From the war in Ukraine to the rise in cyber mercenary attacks, hacktivism, cloud hacks, and deepfakes, we're welcoming 2023 with a careful review of all the most memorable topics!

401 Access Denied Podcast Ep. 71 | Hacking It Live with NahamSec
January 11, 2023

401 Access Denied Podcast Ep. 71 | Hacking It Live with NahamSec

Who knew that casual livestream ethical hacking could lead to a full-time content creation career? The one-and-only Ben Sadeghipour aka NahamSec takes us down memory lane from the time he studied computer science and digital marketing in college to the moment he saw a promising future in bug bounty hunting. Get into the livestream hacker's mindset in this fun conversation about mentorship and community building in the cybersecurity space!

401 Access Denied Podcast Ep. 72 | Mistaken Identities with Paul Simmonds
January 25, 2023

401 Access Denied Podcast Ep. 72 | Mistaken Identities with Paul Simmonds

How can you establish a better security culture for your business and life? In this episode of the 401 Access Denied Podcast, Joe Carson sits down with “Serial CISO” (Motorola, AstraZeneca) and Security Analyst Paul Simmonds, CEO of the Global Identity Foundation, to discuss why Zero-Trust has only intensified at the height of an ever-evolving digital age. You won’t want to miss Paul’s philosophy on securing your identity and assets against any given entity, risk, or persona!

401 Access Denied Podcast Ep. 73 | Cybersecurity Government Task Force with Jen Ellis
February 8, 2023

401 Access Denied Podcast Ep. 73 | Cybersecurity Government Task Force with Jen Ellis

Have you ever wondered how cybersecurity policy gets created, updated, and enforced? In this episode of the 401 Access Denied Podcast, Joe Carson speaks with Jen Ellis, founder of NextJenSecurity and board member of several major cybersecurity institutions including the UK Government, to discuss the ins and outs out cyber policy. Learn how entities, including governments, corporations, and individuals, interact with and are impacted by these policies. Jen is a leader in this space, so tune in and gain a lot of insight on this important topic!

401 Access Denied Podcast Ep. 74 | Decentralized Centralization with Brian Honan
February 22, 2023

401 Access Denied Podcast Ep. 74 | Decentralized Centralization with Brian Honan

How have businesses adapted to the ever-evolving field of cybersecurity over the years? Join Joe Carson as he catches up with long-time friend Brian Honan for an entertaining and informative conversation. Brian’s decades of experience in IT, cybersecurity, consulting, and executive leadership offers a unique perspective full of wisdom and anecdotes. Newcomers and cyber experts alike won’t want to miss this engaging discussion!

401 Access Denied Podcast Ep. 75 | Security & Trust in Voting Systems with Christian Folini
March 8, 2023

401 Access Denied Podcast Ep. 75 | Security & Trust in Voting Systems with Christian Folini

As technology advances, how can governments and organizations keep up in order to maintain, secure, and legitimize elections? In this episode of the 401 Access Denied Podcast, Joe Carson speaks with security engineer Christian Folini to discuss how diversifying tech is democratizing elections. Gain insight into the rise and impact of online voting, including the recent Estonian Prime Minister election where the predominant voting method was over the internet. You won’t want to miss this pertinent conversation!

401 Access Denied Podcast Ep. 76 | Discovering and Stealing Secrets with Mackenzie Jackson
March 22, 2023

401 Access Denied Podcast Ep. 76 | Discovering and Stealing Secrets with Mackenzie Jackson

How can programmers prevent breaches and bolster security from the root of their code? Joe Carson is joined by Mackenzie Jackson, a developer advocate for GitGuardian, who are leaders in helping keep secrets and credentials out of source code. Mackenzie explains the primary ways attackers are able to exploit these secrets, and how developers can defend against their attacks. These lessons are vital for overall security in all sectors, so don’t miss out on this episode!

401 Access Denied Podcast Ep. 8 | International Cyber Warfare: How Real is the Threat? Part 2
August 12, 2020

401 Access Denied Podcast Ep. 8 | International Cyber Warfare: How Real is the Threat? Part 2

Welcome to part 2 of our international cyber warfare episode with special guest Josh Lospinoso. We continue with the discussion of zero-day vulnerabilities - including when to keep, use, and responsibly disclose them. In this episode, we’ll get into the ethical and legal challenges that need to be considered in cyber war operations.

401 Access Denied Podcast Ep. 9 | Password Rules You *Have* to Break
August 26, 2020

401 Access Denied Podcast Ep. 9 | Password Rules You *Have* to Break

Joseph Carson & Mike Gruen cover all things password today. Are all passwords created equally? As you attempt to balance usability vs security, what should you focus on more? We’ll learn why your children are now a target for hackers and if we can really dream of a password-less society someday.

All Episodes

401 Access Denied Podcast Ep. 73 | Cybersecurity Government Task Force with Jen Ellis
February 8, 2023

401 Access Denied Podcast Ep. 73 | Cybersecurity Government Task Force with Jen Ellis

Have you ever wondered how cybersecurity policy gets created, updated, and enforced? In this episode of the 401 Access Denied Podcast, Joe Carson speaks with Jen Ellis, founder of NextJenSecurity and board member of several major cybersecurity institutions including the UK Government, to discuss the ins and outs out cyber policy. Learn how entities, including governments, corporations, and individuals, interact with and are impacted by these policies. Jen is a leader in this space, so tune in and gain a lot of insight on this important topic!

401 Access Denied Podcast Ep. 72 | Mistaken Identities with Paul Simmonds
January 25, 2023

401 Access Denied Podcast Ep. 72 | Mistaken Identities with Paul Simmonds

How can you establish a better security culture for your business and life? In this episode of the 401 Access Denied Podcast, Joe Carson sits down with “Serial CISO” (Motorola, AstraZeneca) and Security Analyst Paul Simmonds, CEO of the Global Identity Foundation, to discuss why Zero-Trust has only intensified at the height of an ever-evolving digital age. You won’t want to miss Paul’s philosophy on securing your identity and assets against any given entity, risk, or persona!

401 Access Denied Podcast Ep. 71 | Hacking It Live with NahamSec
January 11, 2023

401 Access Denied Podcast Ep. 71 | Hacking It Live with NahamSec

Who knew that casual livestream ethical hacking could lead to a full-time content creation career? The one-and-only Ben Sadeghipour aka NahamSec takes us down memory lane from the time he studied computer science and digital marketing in college to the moment he saw a promising future in bug bounty hunting. Get into the livestream hacker's mindset in this fun conversation about mentorship and community building in the cybersecurity space!

401 Access Denied Podcast Ep. 70 | Cybersecurity Year in Review and 2023 Predictions with Dan Lohrmann
December 28, 2022

401 Access Denied Podcast Ep. 70 | Cybersecurity Year in Review and 2023 Predictions with Dan Lohrmann

What were the biggest cybersecurity trends of 2022, and which types of threats do experts predict we should prepare for in 2023? Dan Lohrmann, Field CISO with Presidio, returns to the 401 Access Denied Podcast to provide a consolidated perspective on all the trends from an eventful year. From the war in Ukraine to the rise in cyber mercenary attacks, hacktivism, cloud hacks, and deepfakes, we're welcoming 2023 with a careful review of all the most memorable topics!

401 Access Denied Podcast Ep. 69 | Cloud Hacks with Carlos Polop
December 14, 2022

401 Access Denied Podcast Ep. 69 | Cloud Hacks with Carlos Polop

Cloud services have made it easier for users to stay connected and access resources from anywhere. But how can we reduce the security risks resulting from on-premises-to-cloud infrastructure migration? Security researcher Carlos Polop returns to the 401 Access Denied Podcast to expose the most unexpected cloud security flaws commonly leveraged by adversaries. From tackling misconfigurations to enhancing security controls, we cover top risk mitigation strategies recommended by cloud penetration testers!