• Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact
Menu

Exploring Information Security

Securing the Future - A Journey into Cybersecurity Exploration
  • Explore
  • Blog
  • Podcast
  • Community
  • About
  • Services
  • Contact

The Exploring Information Podcast Top 10 Podcast Episodes of 2025

December 31, 2025

In 2025, the cybersecurity landscape shifted from "theoretical risk" to "operational reality." This was reflected in the listening habits of the Exploring Information Security community, where the most-consumed content focused on the internal mechanics of cybercrime and the emerging threats of the AI era.

To create the list this year, I looked at the data from two distinct data sets Apple Podcasts and the views on YouTube. Then I threw those into Gemini and had it spit out the Top 10 episodes for this year.

The Top 10 Episodes:

1. How Do Ransomware Gangs Work? (Kyle Andrus)

The Global #1: This was the undisputed heavyweight champion of 2025. It resonated because it stripped away the "hooded hacker" myth and showed ransomware for what it is: a highly organized, corporate-style business.

  • Key Insight: Cybercriminal groups now have HR departments, performance reviews, and 24/7 customer support.

2. Hacking Space Systems: Inside Tempest (Tim Fowler)

The Visual Standout: While popular on audio, this exploded on YouTube. Tim Fowler’s "Tempest" CubeSat project gave the community a rare, hands-on look at the vulnerabilities in our satellite infrastructure.

  • Key Insight: Space is simply the newest extension of the internet—and it’s just as vulnerable.

3. Exploring the Rogue AI Agent Threat (Sam Chehab)

The 2025 Trend-Setter: This episode caught the "AI anxiety" wave perfectly. It identified a new attack vector: sanctioned AI agents that go "rogue" due to over-privileged API permissions.

  • Key Insight: Your biggest AI threat isn't a malicious outsider; it's a misconfigured internal tool with too much power.

4. Real-World Windows Forensics & IR (JC)

The Technical Masterclass: A staple for practitioner reference. JC’s breakdown of forensic artifacts remains one of the most shared episodes among SOC analysts and incident responders.

  • Key Insight: Digital detective work is about meticulous troubleshooting and pattern recognition.

5. NDR with Corelight (Brian Dye)

The Visibility Anchor: As perimeter defenses failed throughout 2025, the industry turned to Network Detection and Response. This episode became the standard guide for understanding the power of open-source Zeek telemetry.

  • Key Insight: In 2025, if you can't see your network traffic in real-time, you've already lost.

6. Monitoring the Inner Workings of a Cybercriminal Org (Matthew Maynard)

The Intelligence Deep-Dive: This served as the perfect companion to Rank #1. Matthew Maynard provided the "how-to" for researchers looking to safely infiltrate and monitor threat actor communities.

  • Key Insight: Effective threat intelligence requires a mix of technical OSINT and a deep understanding of criminal psychology.

7. Info Stealers and Supply Chain Attacks (Kyle Andrus)

The Credential Crisis: This episode highlighted why MFA alone isn't enough anymore. It focused on the rise of "session hijacking" and the commodity market for stolen employee tokens.

  • Key Insight: The supply chain is only as strong as the browser session of your most privileged administrator.

8. How to Implement a Content Security Policy (Jason Gillam)

The Developer’s Choice: A highly technical and practical episode that broke down the stats on why most CSPs fail. It’s the "how-to" guide that many listeners used to harden their own web applications.

  • Key Insight: Security shouldn't be a "bolt-on"—it needs to be built into the code using modern headers like CSP.

9. Gamifying Your Incident Response Playbook (Anushree Vaidya)

The Engagement Winner: This episode stood out for its unique approach to a dry topic. Anushree's method of using game mechanics to train IR teams saw a massive spike in social media sharing and community interaction.

  • Key Insight: People don't learn from boring slide decks; they learn from immersive, high-stakes simulations.

10. 2025 State of the API Report (Postman)

The Data-Driven Wrap-Up: Rounding out the top 10, this provided the statistical backbone for the year. It confirmed that the explosion of AI has made API security the most critical battleground for security engineers.

  • Key Insight: 2025 was the year the API became the "limbs" of the AI brain, creating a massive new attack surface.

What was your favorite episode from this past year. Leave a comment below.

In Podcast Tags Podcast, Top 10, API, threat intelligence, Application Security, Incident Response, malware, Forensics, network security, AI
Comment

Image created by Gemini

Making Security Stick: Lessons from Cybersecurity Awareness Month

December 30, 2025

This blog post was created based on episode 253 of the Exploring Information Security podcast. Gemini created the first draft and a human edited it for publication.

Every October, the cybersecurity community rallies for Cybersecurity Awareness Month—a concentrated effort to bring security behaviors to the forefront of the corporate mind. But as any practitioner knows, getting thousands of employees to care about passwords and phishing is as much an art as it is a science.

In a recent episode of the Exploring Information Security podcast, I sat down with security awareness experts Maeve Mueller to discuss the logistics, the experiments, and the "human risk" of modern awareness programs. While Cybersecurity Awareness Month has already based it’s never too early to start thinking about next year.

Beyond the PowerPoint: Creative Engagement

The consensus is clear: "death by PowerPoint" is the fastest way to lose an audience. Instead, practitioners should turn to gamification and high-impact demonstrations to make lessons stick.

  • Mythbusters & Live Cracking: Mueller’s team found success with a "Cybersecurity Mythbusters" presentation, where they disproved common misconceptions and used live password-cracking demonstrations to show how quickly a weak password can be compromised in a real data breach.

  • "Pitch a Phish" Contests: Rather than just being the targets, employees at Mueller's organization were invited to create their own phishing emails to dupe a fictional persona named "Mimi Click". This role reversal turned the tables and encouraged participation by letting teammates "phish" the security team.

  • Watch and Win: De Block experimented with a marathon-style "Watch and Win" contest, offering prizes to anyone who completed over nine hours of popular security training modules. Despite the length, over 500 employees finished the entire series.

The Logistics of "Food and Swag"

While digital events are scalable, in-person events remain a priority for leadership. However, these come with significant "hidden" time costs in planning and cleanup.

Mueller utilized booths in office lobbies, handing out swag like screen cleaning cloths and info cards. To draw the crowd, they used the ultimate motivator: food. While in another country for a security awareness event, she used candy from the US with clever puns, like "Smarties" (because smart people are cyber-secure).

Food is the best way to fill a room. The challenge, however, is the registration gamble—knowing exactly how much food to buy without running out and leaving attendees without food.

The Shift to "Human Risk Management"

The industry is currently seeing a shift in terminology from "security awareness" toward Human Risk Management (HRM).

HRM seeks to use data science and telemetry to look at the "full person"—analyzing how they respond to training, phishing simulations, and real-world incidents to build a more accurate risk profile. While the term is "HR-adjacent," it reflects a deeper need to manage behaviors rather than just providing information.

Final Thoughts: Awareness is a Year-Round Mission

The ultimate goal of October isn't to be a one-off event, but a "launching pad" for year-round security habits. As Mueller pointed out, "October is just one time to bring it to the forefront of your mind, but this is important every single month".

For those with limited resources, the experts recommend starting small. You don't need a daily blog post or a full-blown event schedule to make an impact. Even reaching just one or two teammates and helping them secure their personal lives—which inevitably bleeds into their professional behavior—is a win for the security team.

In Podcast Tags security awareness, Maeve Mueller
Comment

The image was created by Gemini

The New Perimeter: Why Identity is the Last Line of Defense in a Zero Trust World

December 26, 2025

This is a blog post based on the transcript from episode 251 of the Exploring Information Security podcast. It was created with the help of Gemini and edited by a human.

In the early days of networking, security was relatively straightforward: you built a wall around your data center and managed a single directory for your users. Today, that perimeter has vanished. With the explosion of cloud environments, federated access, and a mobile workforce, identity has become the new perimeter—and the primary target for modern cybercriminals.

In a recent episode of the Exploring Information Security podcast, Matt Topper, President of UberEther, joined me to discuss the evolving landscape of Identity and Access Management (IAM) and why a true Zero Trust strategy is more critical than ever.

The Identity Crisis: Beyond GRC

For years, many organizations viewed Identity and Access Management primarily through the lens of Governance, Risk, and Compliance (GRC)—a box to be checked for auditors. However, as Topper points out, the modern threat landscape has shifted IAM firmly into the center of security operations.

Legitimate credentials are now the easiest and most effective way for attackers to gain access to an environment. Whether through social engineering, purchasing leaked credentials on Telegram, or bribing disgruntled employees, once an attacker has a legitimate identity, they can bypass most traditional security tools and move laterally through a network.

Zero Trust vs. "VPN 2.0"

While "Zero Trust" has been a buzzword for over a decade, Topper warns that many organizations are falling into the trap of implementing what he calls "VPN 2.0". They deploy a new client to connect to services but fail to address the core pillars of a true Zero Trust architecture.

A robust Zero Trust strategy requires linking multiple signals together—including the health of the device, the identity of the user, and machine-to-machine communications. It’s not just about the network; it’s about ensuring that every access request is continuously verified based on all available context.

The Rise of Non-Human Identities

One of the most significant and often overlooked risks in modern environments is the proliferation of non-human identities. These include:

  • API Keys and Tokens: Used by services and applications to communicate with one another.

  • Service Accounts: Automated accounts that perform tasks within an environment.

  • Devices: Mobile phones, servers, and IoT devices that require network access.

These identities often run unchecked and carry broad permissions. As we move toward a world of AI agents and Model Context Protocol (MCP) servers, mapping and governing these non-human identities will be the next major security frontier.

Shared Signals: A Path Toward Better Defense

Topper is hopeful about emerging frameworks like the Shared Signals Framework from the OpenID Foundation. This open-source approach allows different vendors—such as Google, Salesforce, and Microsoft—to exchange security information in real-time.

For example, if an identity provider detects a credential compromise, it can send a signal to a SaaS application like Salesforce to immediately revoke that user's sessions and force re-authentication. This level of cross-organizational collaboration is essential to closing the window of opportunity for attackers.

The Human Risk and Data Quality

Finally, the conversation highlighted the ongoing challenge of data quality. IAM systems are only as good as the data they receive from source systems like HR. Topper suggests that exposing this data directly to users and help desks can help organizations identify and fix inconsistencies before they lead to security gaps or operational friction.

Closing Thoughts: Identity as the Foundation

As organizations continue to embrace the cloud and AI, the old ways of securing the network are no longer sufficient. Identity is no longer just a checkbox for compliance; it is the foundation of modern security. By focusing on continuous verification, governing non-human identities, and leveraging shared signals, organizations can move toward a Zero Trust model that actually protects their data in an increasingly complex world.

To learn more about UberEther and their approach to identity, visit UberEther.com.

In Podcast Tags IAM, Zero Trust
Comment

Filling the Cyber Gap: How Student-Powered SOCs are Building the Next Generation of Security Experts

December 4, 2025

This blog post was generated by Gemini using the transcript from the podcast episode.

The cybersecurity industry is facing a persistent skills shortage, and universities often struggle to provide students with the real-world experience needed to land a job in the Cybersecurity industry. Bruce Johnson of TekStream recently discussed a solution that is simultaneously addressing both problems: the student-powered Security Operations Center (SOC).

In a conversation with me, Bruce detailed this innovative private-public partnership, its unique funding model, and how it’s cultivating not just cyber analysts, but well-rounded professionals.

A Private-Public Partnership for Workforce Development

TekStream's student-powered SOC program is a well-established solution designed to automate proactive threat detection and remediation while also serving as a crucial workforce development initiative. This is not a simple outsourcing model; it’s a three-way collaboration that includes the state, educational institutions, and TekStream.

TekStream emphasizes that their solution is an "investment solution," where the institutions own their SIEM environment licenses and retain all built assets, fostering collaborative value building instead of an outsourced expense.

Training the Analytical Detective

Johnson noted that many new graduates struggle to find jobs due to minimum experience requirements. The student-powered SOC addresses this by providing practical, real-world experience in a working SOC environment.

The program focuses on transforming curious individuals into professional analysts. The onboarding process has been compressed to just six weeks , and students are trained on tools, runbooks, and cybersecurity fundamentals through hands-on labs.

The biggest indicator of a student’s success is a proprietary critical thinking test that assesses logical reasoning and due diligence. Students are incrementally matured by starting with low-complexity threats (like IP reputation and brute force) and gradually increasing to advanced topics like TTPs (Tactics, Techniques, and Procedures), guided by a complexity scoring system.

The Value of the "Transcript" and Placement

The program provides immense reputational value to participating schools because it boasts a 100% placement rate for students. This outcome differentiates these institutions from those offering only academic backgrounds.

For the student, the program produces a highly valuable "transcript". This document details:

  • The specific use cases and threats the student tackled.

  • The level of complexity involved.

  • The student's productivity and quality metrics.

This transcript instills professionalism and serves as a practical skills record, giving students a significant leg up against other job candidates who only have academic backgrounds. Furthermore, the program incorporates integrated career counseling to review metrics and guide students toward roles like red teaming, forensics, or engineering.

AI Supervision: The Expert in the Loop

In a world where AI is automating level one (SA1) security tasks, students must transition from performing basic skills to supervising AI. Bruce Johnson acknowledged the concern that students might struggle with AI hallucinations or incorrect outputs due to their lack of industry experience.

TekStream’s answer is the "expert in the loop" approach. The program trains students in three areas:

  1. Using AI in the context of incident response.

  2. Supervising the AI.

  3. Understanding AI more broadly.

The training environment requires students to second-guess the AI and understand the foundational work before they can effectively supervise. This approach emphasizes that trust in the technology is built incrementally over time.

An Investment in Future Talent

Beyond the immediate goal of cybersecurity, the student-powered SOC delivers an unexpected but profound benefit: the development of non-cybersecurity skills. Students gain critical life lessons and skills that help isolated individuals become more engaged, including: collaboration, accountability, professionalism, and general "adulting".

These detective and critical thinking skills are universally transferable to any industry. Ultimately, the program prepares students to handle complex threats and risk scenarios, teaching them that working in security is about developing a nuanced understanding of risk, not expecting "black-and-white answers." The demonstrated success—with students handling 50% of incident volume within a quarter of onboarding—proves this model is effectively bridging the skills gap and shaping the next generation of security professionals.

In Podcast Tags Bruce Johnson, SOC, Career, Student
Comment

Image generated by Gemini

The State of the API: 2025 – Security, AI, and the Human Element

December 3, 2025

This blog post was generated by Gemini using the transcript from the podcast episode.

The API remains the "connective tissue of the modern world", but as Postman's Sam Chehab highlighted in a recent discussion with me, the State of the API report reveals that the landscape is rapidly evolving, driven by the rise of AI and persistent security challenges.

The Collaboration Crisis and the Security Connection

The annual Postman State of the API report, now in its seventh year , synthesizes data on how APIs are produced and consumed across industries. A major insight from this year's report focuses on the persistent struggle with collaboration. A shocking 93% of teams are struggling with API collaboration, which leads directly to a lot of duplicated work. From a security perspective, this fragmented collaboration means the "attack surface is getting wider". When developers find unofficial ways to share information—like Slack threads, wikis, or Confluence docs—it bypasses established security and governance processes.

However, there is a silver lining: documentation is on the rise. Fifty-eight percent of respondents cited documenting APIs as one of the most common activities they are undertaking to improve collaboration. While this is a step toward better practices, Sam Chehab notes it may be driven by the need for better collaboration or the demand for AI-ready APIs.

Shifting Left: Integrating Security into the Developer Workflow

Postman is primarily an engineering-first tool , used by 98% of the Fortune 500. The key to better security, according to Chehab, is working with the developer workflow, not against it.

The pathway to good security is a byproduct of good collaboration. This starts with the fundamentals: achieving an inventory of enterprise and software assets —the first two CIS controls—to kickstart the security journey. Postman enables developers to run security tests directly within their normal workflow using Postman collections. This drastically improves development velocity and moves security closer to the "shift left" ideal.

Furthermore, the platform's built-in load testing and performance capabilities help address the "Availability" component of the CIA triad, which security teams often historically ignore. Developers can trivially simulate denial-of-service attacks using their existing tests and Postman's features.

Preparing for the AI Agent Invasion

As AI agents increasingly consume APIs, they require a different approach to API design and documentation.

While developers often hate documentation, AI agents thrive on it. Tools can be leveraged to help write documentation about APIs that then other AIs can read. Humans may get away with a generic "error something broke" , but AI agents require rich, contextual error messages. These should specify the problem (e.g., "invalid parameter"), what was expected, and what was received so the AI can effectively process the issue.

AI also needs centralized information, clear metadata, and good descriptions around APIs to function effectively. This makes centralized platforms like Postman essential, replacing scattered wikis, portals, and Slack threads.

Top Security Concerns: Credentials and Amplification

One of the top security risks cited by 51% of developers in the report is unauthorized agent access.

This issue is primarily driven by the industry's failure to effectively solve secrets management , with API keys floating everywhere. Postman addresses this by providing tools for API key management, including forcing expiration, managing revocation policies, and having a "revoke all" option. Furthermore, Postman actively scans public repositories like GitHub for leaked Postman keys, auto-revoking them and notifying the administrator to minimize the blast radius of a leak.

Another risk is Credential Amplification. This refers to the risk that is exponential, not linear , where one credential grants access to one service, and that service then has access to another , allowing for lateral movement. This puts a name to what that sprawl looks like now.

The Emergence of Model Context Protocol (MCP)

A new concept discussed was the Model Context Protocol (MCP) , which is an emerging standard for AI interaction.

MCP acts as an abstraction layer. It sits on top of a restful-like protocol and allows you to abstract yourself away from the endpoint that you're communicating with. It enables the use of natural language to interact with a scoped-down number of APIs , making interaction with different services more agnostic (e.g., interacting with a Jira instance without hardwiring to it).

MCP, however, introduces a new supply chain risk. Security practitioners must validate which MCP servers they are using. Chehab cited the first benign "MCP hack" in the wild, where a malicious server added a BCC to an email every time an action was performed.

The Wrap Up

Chehab's final advice echoes his security philosophy: go back to basics. Secure your APIs by focusing on the fundamentals:

  • Gain Leadership Buy-in: Security efforts will be fleeting without support from management.

  • Document and Test: Focus on how you are documenting, sharing, and testing your APIs.

  • Ensure Consistency: Validate that your design-time plan maps to what you build and what you deploy in runtime.

By solving collaboration and basic security problems first—and using AI to help automate those basic tasks —teams can successfully secure their systems before chasing new, complex AI threats.

In Podcast Tags Postman, Sam Chehab, API, AI
Comment

Latest PoDCASTS

Featured
Jan 13, 2026
What is BSides ICS?
Jan 13, 2026
Jan 13, 2026
Jan 6, 2026
Cybersecurity Career Panel: Transitioning from Technical to Leadership
Jan 6, 2026
Jan 6, 2026
Dec 30, 2025
What is React2Shell (CVE-2025-55182)?
Dec 30, 2025
Dec 30, 2025
Dec 23, 2025
[RERELEASE] What is application security?
Dec 23, 2025
Dec 23, 2025
Dec 16, 2025
The Final Frontier of Security: The State of Space Security with Tim Fowler
Dec 16, 2025
Dec 16, 2025
Dec 9, 2025
How to Manage Cybersecurity Awareness Month
Dec 9, 2025
Dec 9, 2025
Dec 2, 2025
Exploring the Next Frontier of IAM: Shared Signals and Data Analytics
Dec 2, 2025
Dec 2, 2025
Nov 25, 2025
How to Close the Cybersecurity Skills Gap with a Student Powered SOC
Nov 25, 2025
Nov 25, 2025
Nov 18, 2025
What is the 2025 State of the API Report From Postman?
Nov 18, 2025
Nov 18, 2025
Nov 11, 2025
How AI Will Transform Society and Affect the Cybersecurity Field
Nov 11, 2025
Nov 11, 2025

Powered by Squarespace