Listen to Talos security experts as they bring their hot takes on current security topics and Talos research to the table. Along the way Lurene, Matt, and Mitch and a rotating chair of special guests will talk about anything (and we mean anything) that's on their minds, from the latest YouTube trends to Olympic curling etiquette. New episodes every other Thursday.

  • Beers With Talos

    Rachel Tobac on social engineering, expanding opportunities for women in cybersecurity

    In this special episode, Matt is flying solo while he interviews Rachel Tobac, the CEO of SocialProof Security. Rachel's company helps individuals and companies keep their data safe by offering various training and penetration testing opportunities, all related to social engineering attacks and risks. Ahead of BlackHat and DEFCON, Matt wanted to talk to Rachel because they first met at DEFCON a few years ago, where she was a second-place finisher in the Social Engineering Capture the Flag contest for three years in a row. 

    Matt and Rachel discuss the current types of social engineering tactics that adversaries use and the importance of increasing the volume and types of opportunities that exist for women in cybersecurity and privacy. Rachel is the chair of the board for the non-profit Women in Security and Privacy (WISP) where she works to advance women to lead in the fields. She's currently working on sending a delegation of women to BlackHat later this month. 

    Download
    Run Time: 00:50:57

    Keywords

  • Beers With Talos

    Yarrr! There be mercenaries on the high seas!

    The Beers with Talos Crew is back to a team of four this week, with special guest Nick Biasini joining the show to talk about Mercenary Groups and the spyware they're creating. This episode, we talk about the current spyware landscape, and how it encompasses "mercenary" groups like the NSO Group and Intellexa, and state-sponsored actors looking to track high-profile targets. Nick's team recently published multiple pieces about this topic and they are actively researching spyware. If listeners suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at talos-mercenary-spyware-help@external.cisco.com to assist in furthering the community’s knowledge of these threats.

    Download
    Run Time: 00:43:57

    Keywords

  • Beers With Talos

    Oh hello, "Susan"

    Mitch was out for this recording, so Hazel Burton, the newest addition to Team Talos, stepped in to host this episode! She, Lurene and Matt got together for Mental Health Awareness Month and share stories and advice with one another. Cybersecurity is a notoriously rough field for burnout and an imbalance between work and life, so they share some tips they use to decompress after a long day and how they ignore their inner critics. 

    Download
    Run Time: 00:55:35

    Keywords

  • Beers With Talos

    The XDR Files

    Our second of two episodes recorded live at the RSA Conference, Mitch and Lurene are joined by Nick Biasini from Talos Outreach and AJ Shipley, a vice president of product management for Cisco Secure. The four of them recap Nick and AJ's talk they gave at RSA and discuss the centralization of cybersecurity. AJ shares some important insights about the product side of cybersecurity, and how everyone in the space needs to be better focused on stopping the bad guys versus competing against one another.

    They also cover the announcement of Cisco's newest flagship cybersecurity product: Cisco XDR.

    Download
    Run Time: 00:31:58

    Keywords

  • Beers With Talos

    SHIFT_NOP

    This is the first of two episodes we have coming out that we recorded live at the RSA Conference. In this edition of Beers with Talos, we welcome Mick Baccio, a security strategist for Splunk, to talk about all things RSA. At this point in the week, we had hit the halfway point of RSA and were pretty tired already, so bear with us — don't expect any hardcore security takes here. That being said, we do gather 'round to share stories, and reflect on RSA and the security community as a whole. There's no link for it yet, but buy Mick's book when it comes out! 

    Download
    Run Time: 00:37:35

    Keywords

  • Beers With Talos

    The one where they talk a lot about wireless routers

    This episode discusses network resilience, hardware hygiene, and the recently disclosed Jaguar Tooth campaign. J.J. joins the show and the usual cast to discuss the recent attacks against out-of-date and unpatched wireless routers from sophisticated, state-sponsored actors. J.J., Matt and Lurene detail the research around these campaigns and advice for anyone to improve their network hygiene. If you'd like to talk to the BWT crew more about this topic, they'll be at RSA this week with two live episodes and generally hanging around the Cisco booth.

    Important links for this episode:

    Download
    Run Time: 00:54:45

    Keywords

  • Beers With Talos

    Should we even care about vulnerability severity scores?

    Everyone fears the dreaded 10-out-of-10 CVSS severity score on a vulnerability with "critical" written somewhere on the advisory. But does that number even matter to an attacker or hypothetical defender? Matt, Mitch and Lurene discuss the various ways the security community classifies vulnerabilities and how potential targets can use that information to their advantage. They discuss patching strategies, potential security holes that attackers look for and real-world cases of vulnerabilities that have led to breaches or cyber attacks.

    Other suggested talking points:

    • Band jam sessions
    • Conference season getting underway
    • Whether Tom Petty's music is actually complex
    Download
    Run Time: 00:43:00

    Keywords

  • Beers With Talos

    Beers with Talos Ep. #130: Ransomware is a people problem (but getting rid of email helps)

    (Recorded Jan. 27, 2023)

    No Matt this episode, so we have two guests in the rotating chair(s): Nick Biasini and David Liebenberg. Lurene, Mitch and our two esteemed companions talk about the human problem of ransomware. Lurene says getting rid of email altogether is the best option — but since that doesn't seem likely anytime soon, what are some other options for enterprises and companies to avoid being hit with the latest phishing scam? 

    Other suggested talking points:

    • Wawa vs. Sheetz
    • Why everyone has a "Dave in Accounting"
    • Lurene being way ahead of the curve on Twitter's slow demise
    Download
    Run Time: 00:47:34

    Keywords
    • cybersecurity
    • security
    • ransomware
    • spam
    • phishing
    • internet
    • computer science
    • information security
    • information technology

  • Beers With Talos

    Talos Year in Review 2022 w/ Dave Liebenberg

    With this episode, we set out to discuss the first annual Cisco Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023.   Our guest Dave Liebenberg runs the team behind this report and joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings.  The Year in Review is broken down into four major parts, and Talos will be releasing "topic focus reports" to zoom in on each through February. 

    ...BUT...  in reality, we spent the first 20 minutes of the show ranking Thanksgiving foods by awesomeness - henceforth, Ranksgiving - and it was too much fun to cut.  If you don't want to be angered or surprised where turkey lands on the list, skip to the 20 minute mark.  The #1 spot is definitely a hot take that could upset some listeners, just like it upset to the previous long-standing title holder.

    Check out the Year in Review page (https://blog.talosintelligence.com/year-in-review) for the full Year in Review report,  topic summary reports, livestreams, podcasts, and other content starting December 14th.  

    Download
    Run Time: 00:57:48

    Keywords

  • Beers With Talos

    I find your vulnerabilities offensive (and exploitable).

    We are (finally) talking about the recent OpenSSL vulnerability as we had to redo this EP.  In our infinite podcasting wisdom, we took a stab at it roughly 2 hours before the embargo expired and coverage was released - which is obviously is a very silly idea in hindsight.
    After we cover the current issue at hand, Lurene leads us through the surface levels of how vulns can be exploited in the heap or stack, and the different perspective and processes in practice by offensive security experts.  If you want to walk away with a new view of vulns and exploits, stay for the whole hour.

    Here is a great write up from DataDog on OpenSSL vulnerability CVE-2022-3602.

    Download
    Run Time: 01:00:21

    Keywords