Beers with Talos Podcast

Hazel, Bill, Joe and Dave break down (sometimes in the literal sense) the 2025 Talos Year in Review which is available  now at blog.talosintelligence.com/2025yearinreviewThe team, supported as always by the Turkey Lurkey Man, dives into the biggest cybersecurity trends of the year, including:·       The rapid weaponization of vulnerabilities·       Why identity abuse showed up everywhere ·       Ransomware trends·       A rise in APT investigations·       What defenders should prioritize heading into the year aheadBefore that, we discuss the cyber activity tied to the situation in the Middle East (full details on our blog https://blog.talosintelligence.com/talos-developing-situation-in-the-middle-east).There’s also an alarming amount of discussion about glutes. And gravy.Download the full 2025 Talos Year in Review:blog.talosintelligence.com/2025yearinreview

It's the one, the only, it's Matt Olney! We are delighted to have Matt back to talk with the crew about about the most random things, including TikTok diagnosing us with ADHD, inspiring vtubers, K-Pop Demon Hunters, ransomware in hospitals (the serious bit), attacker use of AI, why 1999-era tricks are still undefeated, and an entirely reasonable number of desserts.We recorded this episode on 20 February - please see the Talos blog for the latest on the developing situation in the Middle East https://blog.talosintelligence.com/talos-developing-situation-in-the-middle-east/Links to some things Matt mentioned:The MapMen: https://www.youtube.com/@JayForemanIronmouse: https://www.youtube.com/watch?v=P1_2JehaKOw&list=RDP1_2JehaKOw&start_radio=1

Guess who’s back? Hazel, Bill and Joe welcome back fresh-from-parental-leave Dave Liebenberg, who has returned with a new baby, and some truly chaotic Thanksgiving opinions.    We kick things off with the security headlines. Joe gets spicy about a recent “AI-orchestrated cyber campaign” report.  Dave brings us the poetic news that AI models can apparently be jailbroken with a well-placed limerick. Hazel challenges the others to a guessing game about just how much cyberattacks cost the UK, and Bill discusses what’s top of mind for organizations right now.  But really, you know what you’re here for: the annual RanksGiving extravaganza. Dave boldly ranks his top five Thanksgiving dishes (with a new twist for this year, because apparently we need to re-engage the ‘youth’ before they’re lost to TikTok forever.) Cue the outrage, the gravy discourse, and a heartfelt (touching on amorous) defense of gluttony from Bill.  Happy holidays everyone! May your gravy be thick and your cyber incidents few. See you in 2026!

Talos' Vice President Christopher Marshall (the “real Marshall,” much to Joe’s displeasure) joins Hazel, Bill, and Joe for a very real conversation about leading people when the world won’t stop moving. We start with Marshall’s days in the Navy’s nuclear program and the art of translating deeply technical work for non-technical leaders. We then get into how he joined Talos (“you WILL do this for me”), why being right beats being first, and how to keep a team steady and mission focussed when the news cycle is anything but. Marshall also talks about the decisions that shaped his life and career, what he’s had to let go of as he’s moved up, and the gloriously nerdy hobbies that keep him grounded.

This week, the B-Team gets an upgrade as we’re joined by Sara McBroom from Talos’ nation-state threat intelligence and interdiction team. Sara shares her journey from a liberal arts major to tracking some of the world’s most advanced adversaries. Along the way, she talks about moving from the U.S federal service to Talos, mentoring, leading with empathy, and why making bad actors miserable is a pretty good day’s work.Before diving into Sara’s story, we hit the security headlines (ouch) and also discuss a Dutch hacker camp with flaming badges and port-a-potty internet. But from 17 minutes in, it’s all about Sara — her path, her research (Static Tundra, anyone?), and how she leads her team without micromanaging.If you’ve ever wondered what it’s like to ruin an APT’s day for a living, this is the episode.Here's the research that Bill mentioned: "Psychopathia Machinalis: A Nosological Framework for Understanding Pathologies in Advanced Artificial Intelligence" https://www.psychopathia.ai

We welcome new Talos teammate and incident commander Alex Ryan to the pod this week. Bill, Joe and Hazel chat with Alex about what it really takes to lead through the chaos of a cybersecurity incident, from coordinating stressed-out teams, fielding exec questions, and making sure people eat.Much to Bill's dismay, we have something resembling a "format" for this episode, and we start by breaking down the week's security news, including:The SharePoint zero-day exploit (“ToolShell”) and what defenders should do now. Here's the Talos blog we mention https://blog.talosintelligence.com/toolshell-affecting-sharepoint-servers/An AI assistant gone rogue — and how a consultant lost thousands of databases in his sleep.Everything Talos has got going on at Black HatWe then ask Alex more about her career story, including what it’s like breaking into security from a philosophy degree. We also have some honest talk about making mistakes, women in cyber, and why we need to keep mid-career women in tech. Want to meet Talos at Black Hat? Come find us at the Cisco booth, play Backdoors & Breaches over lunch with us, and hear the latest threat research. More details in this blog https://blog.talosintelligence.com/cisco-talos-at-black-hat-2025-briefings-booth-talks-and-what-to-expect/

Welcome back to the podcast where the structure is theoretical and the only certainty is uncertainty. In this episode, the crew reassembles after a totally intentional and not-at-all accidental hiatus (blame is assigned, forgiveness is not).We cover:AI-assisted IVF (spoiler: it's mostly robots and headlines)The dawning of Mind-games-as-a-service in ransomware operationsConference dogs that may have been the real security MVPsA possible underground war against dairyAnd the billionaires quietly building their own genetically-diversified endgame.We also mourn Bill's departure as he abruptly quits the podcast after one pun too many.As always, we make absolutely no guarantees that this episode makes any sense whatsoever.

Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities of the year, network-based attacks, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. For the full report, head to blog.talosintelligence.com/2024yearinreview

Bill springs a surprise topic on the team in this episode - how did you get into cybersecurity, and what skills have you brought with you throughout your career? What ensues is a rather lovely, vulnerable conversation that we hope will be helpful for anyone currently thinking about their next career move.Before that Dave has some surprising facts about Tasmanian devils, what they didn't cover (or deliberately hid?) in Looney Tunes, and why the scientific name for Tasmanian devils is a hotly debated topic. Some resources for getting into cybersecurity:Threat intelligence 101 with Cisco TalosDiversity in cybersecurity: A mosaic of career opportunitiesHow to hire the best (an earlier episode of BWT that Bill references)

More hijinks and silliness ensue in the second episode of the BWT B Team podcast. Joe shares his frustration with being involuntarily removed from a social media platform, Hazel conducts a live experiment, Dave talks about his newfound addiction to crossword puzzles and its parallels to cybersecurity, and Bill recommends the game "Nine Lives" and shares his top books of the year. Joe also briefly chats about his work customizing a tabletop cybersecurity game for humanitarian organizations. And we do a shoutout to Talos’ research on vulnerable Windows drivers and  proxy chain abuse.Find the latest research at https://blog.talosintelligence.com

With Mitch, Matt and Lurene currently stuck in the void, the Beers with Talos B team duly elect themselves to reopen the sacred BWT airwaves with their own brand of nonsense. Hazel, Joe, Bill and Dave each share the security rabbit hole they went down this week - from analyst in-jokes about AI, oligarchs and bad actors refusing to learn good op sec, the songs you'd play to send a message mid-hack, and the long awaited return of Turkey Lurkey Man, TM. Dave's insane creation is back with an exciting new take on Thanksgiving. For all the latest and greatest Talos research not featuring six degrees of Ally McBeal, head to https://blog.talosintelligence.com

It's been a while huh? Apologies for our absence, but the team are back with a run through of everything we've got going on at Black Hat - from our 10 year birthday celebrations, the interesting lightning talks in our booth, and Joe Marshall's "Backdoors and Breaches" game. Come and visit us at Cisco Booth 1732 and Splunk Booth 1940.Before that, Matt encourages Mitch and Lurene to join him in the joy of Tekkno Train by Electric Callboy (Choo Choo!) and Mitch explains why his son has developed a huge potty mouth, with no sense of irony. Lurene also reveals insights into creating a university curriculum for cyber weapons development.Stick around for an illumunating discussion on how AI could affect a Furby. Just don't google "Long Furbie". You just googled it didn't you? Ah man, we warned you...

Power grid security expert Joe Marshall joins the crew today to talk all things, well, power grid security. But not before he gets an impromptu pop quiz from Matt in the roundtable.Joe then tells some stories from his days working in electric utility,  deploying new systems and his experiences with pentesting teams ("Wow, y'all need to stop!"). Plus, the team ask Joe about  the risks with both aging infrastructure versus newer, smarter based infrastructure. And what happens when threat actors target critical infrastructure?

Matt, Mitch and Lurene discuss if the internet is better or worse today than it was 20 years ago.  This leads them to discuss their various career paths, with Lurene talking about how she got into vulnerability exploitation and how Matt got into threat intelligence. And why neither of those paths would be recommended today. Lurene and Matt then clash about threat research and and the importance of approaching things from a "how do I be a problem" perspective.

You will no doubt have seen the advisories published over the last few weeks concerning Volt Typhoon's malicious activities. In this episode, JJ Cummings joins the crew to discuss the background to this threat actor, their impact on the threat landscape, and the covertly strategic (and specific) nature of their operations. The team also discusses their recommendations for defenders, particularly for critical infrastructure organizations.The CISA statement on Volt Typhoon can be found here https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

Matt, Mitch and Lurene sit down to discuss “random stuff from Reddit” (don’t be put off – they’re all genuinely interesting security questions!). Topics range from password managers and how password security guidance has become outdated, how to ‘self-learn’ in cybersecurity, and thoughtful approaches towards security incidents. Before that, the team comes up with a prank to pull on their co-workers and bring some joy and chaos to Webex meetings. And Lurene reflects on what advice she would give high schoolers today. As Matt says at the end of the episode, we want to hear from you! Get in touch at [email protected]'s the video 'Hi Ren' that Matt mentions at the outset https://www.youtube.com/watch?v=s_nc1IVoMxc

Mitch, Matt and Lurene were almost about to be in the same physical space at the same time to record an episode, and then Lurene couldn't make it...so we made this instead! Mitch is joined by Azim Khodjibaev from the Talos Threat Intelligence and Interdiction team to rapid-fire interview a bunch of Talos employees who happened to be around the Maryland office. Hear from teammates from all walks of life and areas of expertise about what they've loved working on in 2023 and how they feel their work has changed the broader security landscape.

We recorded this episode AFTER Thanksgiving, so you'll need to forgive us for the amount of Thanksgiving talk that doesn't actually apply until Thanksgiving 2024. It all evens out in the end because the annual "Ranksgiving" from special guest David Liebenberg results in the creation of TurkeyLurkey Man. Then, TurkeyLurkey Man helps the rest of the gang recap the top malware and attacker trends from 2023. If you'd like to read more, download the full Talos Year in Review report here. We also discussed the recent CNN article and Talos blog post on our work to protect Ukraine's power grid.

It's that time of the quarter again when we sit down to look at what we learned over the past three months. Caitlin Huey from the Talos Threat Interdiction Team joins the show for this special look at the latest Talos Incident Response Quarterly Trends report. Caitlin's team helps compile these reports and digs through mountains of data to find out what defenders can learn from what Talos IR is seeing live in the field. If you want to learn more about this report, you can read it on our blog, or watch the Talos IR On Air video here.

This episode of Beers with Talos has a very special guest: Our old friend Nigel Houghton. He's one of the OG BWTers and is back with two-plus years' worth of hot takes to get off his chest. Nigel starts out by delivering his long-awaited update on his beloved Mighty Red. But he, Mitch, Matt and Lurene do eventually get to cybersecurity talk, including things like:The challenge of keeping mountains of cybersecurity data and sharing it with partners.The importance of context around that data when it is shared.How better context leads to better detection methods.Weird Elon Musk guys.

We know we're like two weeks late to the Barbie party, but the whole Beers with Talos crew has seen it now so we had to talk about it. Expect a lot of "Barbie" talk up at the top. After that, though, we dive into how to set up deception systems and establish your environment to make it harder for an intruder to get in. The goal here is to make it so that attackers have to waste time and resources trying to get in but ultimately come away empty-handed. We talk about why this is important for the systems we build and why the security community doesn't talk enough about this approach.

In this special episode, Matt is flying solo while he interviews Rachel Tobac, the CEO of SocialProof Security. Rachel's company helps individuals and companies keep their data safe by offering various training and penetration testing opportunities, all related to social engineering attacks and risks. Ahead of BlackHat and DEFCON, Matt wanted to talk to Rachel because they first met at DEFCON a few years ago, where she was a second-place finisher in the Social Engineering Capture the Flag contest for three years in a row. Matt and Rachel discuss the current types of social engineering tactics that adversaries use and the importance of increasing the volume and types of opportunities that exist for women in cybersecurity and privacy. Rachel is the chair of the board for the non-profit Women in Security and Privacy (WISP) where she works to advance women to lead in the fields. She's currently working on sending a delegation of women to BlackHat later this month.

The Beers with Talos Crew is back to a team of four this week, with special guest Nick Biasini joining the show to talk about Mercenary Groups and the spyware they're creating. This episode, we talk about the current spyware landscape, and how it encompasses "mercenary" groups like the NSO Group and Intellexa, and state-sponsored actors looking to track high-profile targets. Nick's team recently published multiple pieces about this topic and they are actively researching spyware. If listeners suspect their system(s) may have been compromised by commercial spyware, please consider notifying Talos’ research team at [email protected] to assist in furthering the community’s knowledge of these threats.

Mitch was out for this recording, so Hazel Burton, the newest addition to Team Talos, stepped in to host this episode! She, Lurene and Matt got together for Mental Health Awareness Month and share stories and advice with one another. Cybersecurity is a notoriously rough field for burnout and an imbalance between work and life, so they share some tips they use to decompress after a long day and how they ignore their inner critics.

Our second of two episodes recorded live at the RSA Conference, Mitch and Lurene are joined by Nick Biasini from Talos Outreach and AJ Shipley, a vice president of product management for Cisco Secure. The four of them recap Nick and AJ's talk they gave at RSA and discuss the centralization of cybersecurity. AJ shares some important insights about the product side of cybersecurity, and how everyone in the space needs to be better focused on stopping the bad guys versus competing against one another. They also cover the announcement of Cisco's newest flagship cybersecurity product: Cisco XDR.

This is the first of two episodes we have coming out that we recorded live at the RSA Conference. In this edition of Beers with Talos, we welcome Mick Baccio, a security strategist for Splunk, to talk about all things RSA. At this point in the week, we had hit the halfway point of RSA and were pretty tired already, so bear with us — don't expect any hardcore security takes here. That being said, we do gather 'round to share stories, and reflect on RSA and the security community as a whole. There's no link for it yet, but buy Mick's book when it comes out!

This episode discusses network resilience, hardware hygiene, and the recently disclosed Jaguar Tooth campaign. J.J. joins the show and the usual cast to discuss the recent attacks against out-of-date and unpatched wireless routers from sophisticated, state-sponsored actors. J.J., Matt and Lurene detail the research around these campaigns and advice for anyone to improve their network hygiene. If you'd like to talk to the BWT crew more about this topic, they'll be at RSA this week with two live episodes and generally hanging around the Cisco booth. Important links for this episode:Talos blog post on Jaguar ToothCisco's advice on appropriate network hygieneCisco PSIRT blog post on Jaguar Tooth.Cisco Software Checker

Everyone fears the dreaded 10-out-of-10 CVSS severity score on a vulnerability with "critical" written somewhere on the advisory. But does that number even matter to an attacker or hypothetical defender? Matt, Mitch and Lurene discuss the various ways the security community classifies vulnerabilities and how potential targets can use that information to their advantage. They discuss patching strategies, potential security holes that attackers look for and real-world cases of vulnerabilities that have led to breaches or cyber attacks.Other suggested talking points:Band jam sessionsConference season getting underwayWhether Tom Petty's music is actually complex

(Recorded Jan. 27, 2023)No Matt this episode, so we have two guests in the rotating chair(s): Nick Biasini and David Liebenberg. Lurene, Mitch and our two esteemed companions talk about the human problem of ransomware. Lurene says getting rid of email altogether is the best option — but since that doesn't seem likely anytime soon, what are some other options for enterprises and companies to avoid being hit with the latest phishing scam? Other suggested talking points:Wawa vs. SheetzWhy everyone has a "Dave in Accounting"Lurene being way ahead of the curve on Twitter's slow demise

With this episode, we set out to discuss the first annual Cisco Talos Year in Review report - a look back at the major threats, trends, and topics from 2022 and what we should take forward into 2023.   Our guest Dave Liebenberg runs the team behind this report and joins us to discuss *why* his team undertook this effort, and some of the finer points of the report findings.  The Year in Review is broken down into four major parts, and Talos will be releasing "topic focus reports" to zoom in on each through February.  ...BUT...  in reality, we spent the first 20 minutes of the show ranking Thanksgiving foods by awesomeness - henceforth, Ranksgiving - and it was too much fun to cut.  If you don't want to be angered or surprised where turkey lands on the list, skip to the 20 minute mark.  The #1 spot is definitely a hot take that could upset some listeners, just like it upset to the previous long-standing title holder. Check out the Year in Review page (https://blog.talosintelligence.com/year-in-review) for the full Year in Review report,  topic summary reports, livestreams, podcasts, and other content starting December 14th.

We are (finally) talking about the recent OpenSSL vulnerability as we had to redo this EP.  In our infinite podcasting wisdom, we took a stab at it roughly 2 hours before the embargo expired and coverage was released - which is obviously is a very silly idea in hindsight. After we cover the current issue at hand, Lurene leads us through the surface levels of how vulns can be exploited in the heap or stack, and the different perspective and processes in practice by offensive security experts.  If you want to walk away with a new view of vulns and exploits, stay for the whole hour.Here is a great write up from DataDog on OpenSSL vulnerability CVE-2022-3602.

Mitch was trying to preserve his voice, so Matt is driving the bus during this episode — hang on! In this edition, we're talking about script kiddies (unfortunately, not "kitties.") These are basically adversaries with an extreme base level of computer knowledge who use basic scripts to carry out cyber attacks. How can we avoid these attacks, even if they'll look like benign activity in your environment?

At the onset of Russia's invasion of Ukraine, many experts and government officials expected there to be two fronts of the war — one on the ground in Ukraine and one in cyberspace. But all things considered, we haven't seen as much offensive cyber warfare come from either side of this conflict this year. J.J. Cummings from Talos Threat Intelligence and Interdiction joins the show again to share his experience from working hands-on with networks in Ukraine. He, Lurene, Mitch and Matt discuss why there haven't been as many offensive attacks as we were expecting, or if they're just happening in the background and no one's talking about it.Other suggested talking points include:What is the "Texas" of other continents?Drama inside the Conti ransomware gang.Why Matt definitely doesn't spend too much time on Twitter.How sad should we be about the Queen of England dying?Some helpful links:HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine from SentinelOneAcidRain | A Modem Wiper Rains Down on Europe from SentinelOneTranslated: Talos' insights from the recently leaked Conti ransomware playbookVictoria & Albert Museum in Discussions to Return Artifacts to GhanaUkraine Independence Day: Talos update

At the onset of Russia’s invasion of Ukraine, many experts and government officials expected there to be two fronts of the war — one on the ground in Ukraine and one in cyberspace. But all things considered, we haven’t seen as much offensive cyber warfare come from either side of this conflict this year. J.J. Cummings from Talos Threat Intelligence and Interdiction joins the show again to share his experience from working hands-on with networks in Ukraine. He, Lurene, Mitch and Matt discuss why there haven’t been as many offensive attacks as we were expecting, or if they’re just happening in the background and no one’s talking about it. Other suggested talking points include: What is the “Texas” of other continents? Drama inside the Conti ransomware gang. Why Matt definitely doesn’t spend too much time on Twitter. How sad should we be about the Queen of England dying? Some helpful links: HermeticWiper: New Destructive Malware Used In Cyber Attacks on Ukraine from SentinelOne AcidRain: A Modem Wiper Rains Down on Europe from SentinelOne Translated: Talos’ insights from the recently leaked Conti ransomware playbook Victoria & Albert Museum in Discussions to Return Artifacts to Ghana Ukraine Independence Day: Talos update

We’re excited to add to the growing Beers with Talos family with the addition of Lurene Grenier to the squad. Lurene joins her first episode and hits the ground running talking about her current role within Talos. She, Mitch and Matt talk about the major differences between exploit development and vulnerability discovery, and how Lurene started her career in exploit development. While exploit development might sound like the stereotypical thing a “basement hacker” does, it’s actually very important to the security arena and something a hobbyist can easily turn into a career. Other talking points: Unsolicited marketing advice for Pennsylvania government agencies. Dunking on the Tampa Bay Rays. Why Lurene is always right. $8 million worth of exploit development for Apple products.

We're excited to add to the growing Beers with Talos family with the addition of Lurene Grenier to the squad. Lurene joins her first episode and hits the ground running talking about her current role within Talos. She, Mitch and Matt talk about the major differences between exploit development and vulnerability discovery, and how Lurene started her career in exploit development. While exploit development might sound like the stereotypical thing a "basement hacker" does, it's actually very important to the security arena and something a hobbyist can easily turn into a career. Other talking points:Unsolicited marketing advice for Pennsylvania government agencies.Dunking on the Tampa Bay Rays.Why Lurene is always right.$8 million worth of exploit development for Apple products.

Recorded May 11, 2020 – Craig wins MVP of the podcast for his attempts to avoid discussing… something. Anyway, we went a little long on this podcast, but stick with us as we wind through the recent Executive Order on cybersecurity, and then discuss another… interesting take on how we should then combat these new threats. I feel almost obligated to let you know before you listen, it’s a letter of marque take, and oddly, we all agreed on something.Full show notes on the Talos blog

You’re not going to believe this, but everyone actually agreed on something in this episode. And no, it’s not regarding the best flavor of beef jerky. In this episode, we discuss a new category of threat actors that we’re choosing to call privateers. The guys discuss why this classification is much needed in the security community, the previous research on this topic, and the ways private security firms can partner with public intelligence agencies to protect against this type of threat. You can find complete show notes and links over on the Talos blog.

Summer hacking, happened so fast….We’ve been trying to enjoy our summer, but supply chain attacks just had to go and ruin the fun. So Mitch got back from fishing and decided to pull the guys together to discuss the Kaseya supply chain attack. We cover this major event BWT-style, and talk phony patches, mitigation strategies, and unsolicited advice for Kaseya’s CISO. For more, you can also watch our recent live stream with Nick Biasini covering everything you need to know about this attack.Also, if you want more Beers with Talos (and you’re listening to this the day it’s released) join us over on the Cisco Twitter account on Thursday, Aug. 5 for a #TalosTakeover. We can’t believe they’re letting us do this, either.

Most of the Beers with Talos folks are refreshed after a summer vacation. But don’t assume that means they actually prepared for this episode. This is more of a free-flowing episode, where we discuss cyber conflict between nations — one of the many things that keep Matt up at night. They go back and forth discussing what a “cyber war” could actually look like, and what crosses the line into conflict versus traditional “hacktivism.”

We mainly spend this episode doing some catching up because it’s been a while since we recorded. But on the actual, helpful, front, we discuss a recently released list of the vulnerabilities that are most often exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency.It’s particularly interesting to compare the lists from 2020 and 2021 to see how threat actors have changed up their tactics and parse through all the information to tell you what you need to know. It’s also important to question these types of reports and how helpful they are to defenders.This is also a great episode for any Snort fans out there who are interested in the old days of writing rules for some Y2K-era malware.

[Re-uploaded to fix an audio gap.] Yes, we’ve been sitting on this one for a while. But it’s worth it, we promise! We wanted to wait until we had more news to share, so it’s finally time to announce that Craig has left us. We will absolutely miss Craig, but look forward to the next act of Beers with Talos now that 2/5ths of the original crew is gone. We take the time to reminisce with Craig about his time at Talos and talk about this new trend of “bandwidth-sharing” applications. Stay tuned to BWT Ep. #112 where we’ll debut with a new host!

This is our first episode sans-Craig, but we didn’t wait long to find his replacement! Tune in as we add a new host to the crew. Then, we talk about drama on the ransomware landscape among as-a-service groups. Please note, we recorded this episode before everything dropped on Log4J. We are recording an emergency episode as we speak on this and will be releasing it later this week.

Log4j was a big enough deal that we finally decided to host a live show. Mitch, Matt, Liz and special guest JJ Cummings from our Threat Intel team got together to update everyone on where things stand with this critical vulnerabilities. It’s not all doom and gloom though, Matt at least brought some memes!

(Uploaded again, this time with the correct music!) The OG Beers with Talos folks are dropping like flies, because now we also have to say goodbye to Joel! We know this has been quite the roller coaster for listeners, but we appreciate you all sticking with us through all these changes. We take some time in Joel’s farewell to discuss “Rent,” as only BWT could, and burnout in cybersecurity.

We wanted to start off the new year by reflecting on 2021 with Talos Incident Response. The one thing many cyber attacks had in common? People.There are issues that arise any time humans are involved, whether it’s being tempted by a phish or someone making simple human errors. So, Matt, Mitch and Liz discuss how logs are crucial during the worst-case scenario and look at how to remove human error as much as possible from the equation.Outside of initial infection vectors, there are plenty of other lessons learned from 2021 that we can take into incident response this year.

We’re dropping two episodes today. This is undoubtedly the less serious of the two, as it was recorded prior to the invasion of Ukraine. Check out Ep. #118 for more on that situation. In this episode, though, we got to talk about Talos’ involvement at the Super Bowl. Mitch welcomes on Brett Ellis, who was at SoFi Stadium in Los Angeles to help defend “The Big Game,” of Talos Incident Response to discuss his experience. He, JJ and Liz talk about what goes into securing these major global events and talk about what it’s like to have to come in and handle someone else’s networking equipment and then parachute out. If you want to learn more about Talos and Cisco Secure at the Super Bowl, you can read Cisco’s announcement.

This was admittedly a tough one to record. In the middle of us trying to respond to the situation in Ukraine, we felt it was important to let our listeners in a bit. Matt, JJ and Liz discuss the work they and their teams are doing in Ukraine to protect critical systems there and keep users online. We also talk about the human side of things, and why it’s important for folks in cybersecurity to think about self care during this time.If you want to stay up to date on Talos’ work in Ukraine and our ongoing research about cybersecurity concerns in the region, continually check cs.co/TalosUA. Here are some additional links to Talos research and Cisco announcements:Livestream with Cisco ThousandEyes, Cisco Secure and Cisco TalosSpam campaigns leveraging Ukraine themes to spread malware, steal cryptocurrencyCisco’s statement on standing with Ukraine

We’re all still pretty exhausted from our work in Ukraine. But that hasn’t slowed down any of the threat actors, unfortunately. So we enlisted special guest Nick Biasini to dive into the BlackCat ransomware group to discuss how it potentially is or isn’t connected to BlackMatter/DarkSide. These ransomware-as-a-service groups surprisingly run like regular companies, and even have the same problems with employee retention! Plus, Matt and Liz provide updates on their work in helping to defend Ukrainian networks and organizations.Other talking points:- How to pronounce the company “Nike”- Surprisingly safe-for-work videos on Omegle- Avoiding burnout when everything is on fire

Our rotation of special guests continues on with Nate Pors from Talos Incident Response. Nate has been following several different attacks in which attackers bypassed multi-factor authentication with “prompt bombing” and other techniques. The crew discusses what the security community can do to make MFA safer and how to improve user education about using the technology. Plus, Matt gets an opportunity to eat some humble pie regarding the FBI and the removal of wireless router malware, so that’s always exciting.