Threat Talks - Your Gateway to Cybersecurity Insights

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/87/c2/f8/87c2f8ef-8e03-63a6-264f-698f5239d96e/mza_17716733432111276097.jpg/600x600bb.jpg

Threat Talks - Your Gateway to Cybersecurity Insights

Threat Talks

94 episodes

17 hours ago

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Show more...

All content for Threat Talks - Your Gateway to Cybersecurity Insights is the property of Threat Talks and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Threat Talks is your cybersecurity knowledge hub. Unpack the latest threats and explore industry trends with top experts as they break down the complexities of cyber threats. We make complex cybersecurity topics accessible and engaging for everyone, from IT professionals to every day internet users by providing in-depth and first-hand experiences from leading cybersecurity professionals. Join us for monthly deep dives into the dynamic world of cybersecurity, so you can stay informed, and stay secure!

Show more...

Episodes (20/94)

Threat Talks - Your Gateway to Cybersecurity Insights

Patch Smarter, Not Harder

Patch smarter, not harder.
Lieuwe Jan Koning and ON2IT Field CTO Rob Maas break down why “patch everything now” isn’t a strategy, but a risk multiplier. In this session, they teach a practical patching strategy: know your assets, patch edge first, stage updates, and use Zero Trust segmentation to choke off exposure so you only patch what truly matters: fast, safely, and without outages.

(00:00) - 01:11 - Intro
(01:11) - - 02:28 - Reality check #1: Not everything can be patched
(02:28) - - 05:02 - Reality check #2: Patches are scary
(05:02) - - 08:45 - The solution: Patch in phases
(08:45) - - 10:36 - How Zero Trust enables patch management
(10:36) - - 11:23 - Prioritization matters
(11:23) - - 14:50 - Patching tips and tricks
(14:50) - - 16:21 - Guidelines for patching triage
(16:21) - - 17:37 - Practical advice
(17:37) - - END - Outro

Key Topics Covered

· Why “patch everything immediately” fails; availability vs. security

· Staged deployments and rollback safety for crown-jewel services

· Zero Trust segmentation to reduce urgency and shrink attack surface

· Priority signals that matter: asset criticality, exposure, KEV, CVSS

Related ON2IT content & explicitly referenced resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks (site): https://threat-talks.com/
CVSS (FIRST): https://www.first.org/cvss/
CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD

Click here to view the episode transcript.

1 week ago

18 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Public Key Infrastructure: The Foundation of Digital Trust

How solid is your digital trust—or are you just hoping your PKI is secure?
Let’s be honest: too many companies run on borrowed trust and forgotten certificates. In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning and Rob Maas pull back the curtain on what really holds your digital world together—and what can tear it down overnight.
They break down PKI in plain language: the root of trust that must stay locked away, the intermediates that keep your systems running, and the automation that stops your team from clicking “ignore” on yet another warning.
You’ll see why rolling your own keys beats trusting anyone else, how to keep your devices speaking the same language of trust, and why short-lived certificates might just save you from the next big breach.
This isn’t theory—it’s how Zero Trust really starts: by proving that your organization can trust itself.

Additional Resources
• Threat Talks Episode on SSL Decryption – https://youtu.be/Xv_jVHVsD9w
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• ACME protocol (RFC 8555): https://datatracker.ietf.org/doc/rfc8555/
• Let’s Encrypt / ACME protocol – https://letsencrypt.org
• DigiNotar case study background – https://en.wikipedia.org/wiki/DigiNotar
• Mozilla CA Program (trusted root store): https://wiki.mozilla.org/CA
• infographic about encryption  https://on2it.s3.us-east-1.amazonaws.com/20250304_Infographic_Encryption.pdf

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Key Topics Covered
• Why root certificates must never be online—and how intermediates provide a safe fallback.
• Real-world PKI failure: DigiNotar compromise and lessons for CISOs.
• How ON2IT built a secure, low-cost PKI with offline key bearers and ACME automation.
• The hidden risks of training employees to ignore certificate warnings—and how Zero Trust demands the opposite.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

2 weeks ago

34 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Why Your Cyber Hygiene Matters?

One unlocked phone can unravel the defenses of a billion-dollar enterprise—because in cybersecurity, small mistakes don’t stay small for long. Attackers can read notes, steal IDs, or impersonate you on WhatsApp. A reused password can launch a remote tool that looks completely legitimate.

Rob Maas (Field CTO, ON2IT) and Luca Cipriano (Cyber Threat Intelligence Program Lead, ON2IT) reveal how poor cyber hygiene erodes trust, endangers partners, and weakens enterprise defenses.
CISOs, CIO and IT managers remember: in a Zero Trust world, your weakest link might not even be inside your organization.

(00:00) - Why your cyber hygiene affects others
(00:28) - Meet the speakers (Rob Maas, Luca Cipriano)
(00:47) - Cyber hygiene defined for CISOs
(03:00) - Unlocked phone → passwords in notes, WhatsApp fraud, ID photos
(05:53) - SOC case: contractor email compromise → remote tool drop (ConnectWise)
(09:40) - OSINT: 19 breaches + iterative password reuse
(17:01) - What to fix now: MFA, vaults, device lock, breach monitoring
(20:24) - Final takeaways & resources

What You’ll Learn (From Real-Life Example Discussions)
• How a stolen phone quickly turns into identity theft, impersonation, and scams targeting your contacts.
• A real SOC case: a contractor’s reused password allowed attackers to hide a remote access tool inside normal IT activity.
• How OSINT and dark web data reveal how password reuse spreads risk across accounts.
• Why shared tools like Google Docs can quietly multiply breaches when one user slips up.
• Simple upgrades—MFA, password vaults, breach alerts, and secure devices—that cut your organization’s exposure fast.

Click here to view the episode transcript.

Related ON2IT Content & Referenced Resources
• ON2IT: https://on2it.net/
• Threat Talks: https://threat-talks.com/
• AMS-IX: https://www.ams-ix.net/ams
• WatchYourHack: https://watchyourhack.com
• Have I Been Pwned: https://haveibeenpwned.com

Guest and Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/
Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/

If this helped, subscribe to Threat Talks. Share this episode with your partners and contractors—stronger cyber hygiene across your ecosystem protects everyone.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

3 weeks ago

21 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Resilience Over Fragmentation: The Risk You Can’t Ignore

The internet promised freedom. Now it monetizes you. The trade-off? Convenience for control.
In this episode, Lieuwe Jan Koning and Prof. Jacobs reveal how scattered tools like meta and X create security gaps—and how one policy, fewer interfaces, and less data shared cut exposure and keep operations running.

Real examples you’ll hear:
• The neighborhood chat stuck on WhatsApp—and how switching to Signal breaks dependency.
• How your address book upload leaks other people’s data to platforms.
• Why secure doesn’t mean private on platforms that profit from your data.
• Age checks done right: passport chip + selective disclosure instead of oversharing.
• Patient groups and municipalities using PubHubs for private, verified rooms (no ads).
• Continuity risk in the real world: federated login outages, US-dependent authenticators, transatlantic cable cuts, and a court moving email to ProtonMail to stay operational.

(00:00) - – Free vs. monetized internet
(02:22) - – Facebook: secure ≠ private
(05:31) - – WhatsApp vs. Signal trade-offs
(07:05) - – Metadata & social graph risk
(11:58) - – Attribute-based auth (Yi)
(19:55) - – Decentralized login; split keys
(28:11) - – PubHubs: private, verified rooms
(49:54) - – Continuity: vendor/cable risk
(56:01) - – Close & takeaways

Related ON2IT Content & Referenced Resources
• ON2IT: https://on2it.net/
• Threat Talks: https://threat-talks.com/
• AMS-IX: https://www.ams-ix.net/ams
• Yivi (privacy-preserving authentication): https://yivi.app/
• PubHubs (privacy-first social platform): https://pubhubs.net/
• European alternatives (mentioned): http://european-alternative.eu/
• Privacy tools (mentioned): https://privacytools.io/

Guest and Host Links:
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/
Bart Jacobs: http://www.cs.ru.nl/~bart/

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

4 weeks ago

56 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Zero Trust Step 5B: Maintain Controls

Boards don’t buy dashboards—they buy assurance. Breaches are late-stage symptoms of drift: rules pile up, logs lose signal, cloud/Kubernetes outpace governance. Lieuwe Jan Koning (ON2IT Co-Founder) and Rob Maas (Field CTO) show how Zero Trust Step 5B (Maintain) proves your controls still work—today.

(00:00) - — Welcome & Zero Trust Step 5B
(00:57) - — Five steps: fast recap
(03:12) - — Maintain = policy validation
(05:31) - — Vendor updates, hidden features
(08:46) - — Traffic flows vs. reality
(10:19) - — Behavior analytics, baselines
(11:56) - — Cloud/K8s/service-mesh shifts
(16:32) - — Wrap-up & next actions

Related ON2IT Content & Referenced Resources
• Threat Talks homepage: https://threat-talks.com/
• ON2IT Zero Trust: https://on2it.net/zero-trust/

Zero Trust Series
Step 1: https://youtu.be/mC66i-tEEFs
Step 2: https://youtu.be/wp0q9aZHuXc
Step 3: https://youtu.be/eGsw2JCnrac
Step 4A: https://youtu.be/qT_nqbBEkVw
Step 4B: https://youtu.be/fnKyMITZes8
Step 5A: https://youtu.be/N7pWXLxI6kY

Guest and Host Links:
Lieuwe Jan Koning (ON2IT Co-Founder): https://www.linkedin.com/in/lieuwejan/
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/

If this helped you strengthen your Zero Trust policy, subscribe, like, and share. New episodes weekly. Follow Threat Talks on YouTube, Spotify, and Apple Podcasts.

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

1 month ago

17 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Defend Against Hacktivist Groups like APT Handala | The Cyber Security Podcast

Hacktivists don’t need zero-days to hurt you—they weaponize people. Host Lieuwe Jan Koning sits down with Yuri Wit (SOC analyst) and Rob Maas (Field CTO) to dissect APT Handala: how they hunt targets, deliver wipers, and brag about leaks. We map their moves to the Lockheed Martin Kill Chain and turn it into a Zero Trust defense playbook you can actually use—today.

(00:00) - - 01:40 - Introduction
(01:40) - - 02:27 - What is APT Handala?
(02:27) - - 05:27 - Kill Chain Step 1: Reconnaissance
(05:27) - - 06:43 - Kill Chain Step 2: Weaponization
(06:43) - - 10:39 - Kill Chain Step 3: Delivery
(10:39) - - 14:37 - Kill Chain Step 4: Exploitation
(14:37) - - 17:34 - Kill Chain Step 5: Installation
(17:34) - - 23:39 - Kill Chain Step 6: Command and control
(23:39) - - 26:40 - Kill Chain Step 7: Act on objectives
(26:40) - - 29:35 - How to respond to being hacked
(29:25) - - 30:22 - Closing notes

Key Topics Covered
• Handala’s playbook: people-centric recon, phishing kits, wipers, boast-and-leak ops.
• Zero Trust counters: deny-by-default egress, newly-registered-domain blocks, hard EDR, passkeys.
• SOC tells: DNS DGA spikes, encrypted C2 on common apps, “human error” as the biggest CVE.
• Comms reality: when openness helps—and when strategic silence limits amplification.

Additional Resources
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• Lockheed Martin Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Tor Project (onion services): https://www.torproject.org/
• Threat Talks hub: https://threat-talks.com/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

1 month ago

30 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Promptlock – The First AI-Powered Malware | The Cyber Security Podcast

First documented case: AI inside the breach.
Promptlock marks the first time malware has used AI during execution, not just in preparation. In this Threat Talks deep dive, Rob Maas (Field CTO, ON2IT) sits down with Yuri Wit (SOC Analyst, ON2IT) to break down how it works: a Go loader calling an attacker’s LLM in real time, generating fresh payloads that adapt on the fly.

This episode strips away sci-fi hype. You’ll see the psychology of an adversary that thinks mid-attack—and the Zero Trust defenses that box it in. When AI runs inside the kill chain, malware doesn’t just evolve. It crosses into super-malware.

(00:00) - — Cold open: “What if malware could think?”
(00:18) - — Welcome: Rob Maas & Yuri Wit
(00:41) - — First reaction to PromptLock
(01:02) - — How attackers already use AI (phishing, coding, negotiations)
(03:02) - — Why PromptLock is different: AI during execution
(03:35) - — How it works: Go → Ollama → LLM → Lua
(06:36) - — Proof-of-concept tells (the Satoshi wallet)
(07:55) - — Defense shift: hashes die, behavior wins
(10:40) - — Detecting LLM calls: SSL inspection realities
(11:26) - — Quick wins: block interpreters (Lua/Python/PowerShell)
(12:23) - — Zero Trust moves: default-deny egress & segmentation
(12:41) - — What’s next: dynamic exploits & on-demand EDR bypass
(16:21) - — Timelines & hardware: why adoption could accelerate
(18:21) - — Wrap-up & CTA

Key Topics Covered
• The first documented case of AI inside the breach — why Promptlock changes the game
• Promptlock’s core loop: calling an LLM mid-attack to generate fresh payloads.
• Why hash-based detection breaks against AI-powered malware detection, ever-changing scripts.
• Behavioral defense over signatures: EDR/XDR, sandboxing, and SSL inspection.
• Zero Trust in practice: block script interpreters, restrict egress, and shrink blast radius.

Additional Resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks hub: https://threat-talks.com/
Ollama (referenced in episode): https://ollama.com/
The Rising Threat of Deepfakes: https://youtu.be/gmtZ_aYmQdQ

Guest & Host Links:
Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/
Yuri Wit, SOC Specialist, ON2IT: https://www.linkedin.com/in/yuriwit/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

1 month ago

19 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Data Bouncing: How HTTP Headers Leak Data | The Cyber Security Podcast

Your tools say “secure.” Your headers say “leaking.”
In this Threat Talks Deep Dive, ON2IT’s Luca Cipriano (CTI & Red Team Lead) exposes Data Bouncing—a stealthy exfiltration trick that hides inside HTTP headers and abuses DNS lookups through trusted third parties. We show the demo, decode the psychology of the attack, and translate it into Zero Trust moves you can deploy today.

(00:00) - – Why your defenses aren’t enough
(00:11) - – What is Data Bouncing?
(01:22) - – How attackers exfiltrate data via DNS & headers
(05:20) - – Live demo: DNS lookups & Burp Suite interception
(10:48) - – Reassembling stolen files undetected
(15:24) - – Can you defend against Data Bouncing?
(19:20) - – Testing it in your own environment
(21:00) - – Key takeaways & call to action

Key Topics Covered
• How Data Bouncing enables covert data exfiltration
• Abuse of headers like X-Forwarded-For to bypass firewalls
• Live demo: attacker vs. victim scenario
• Defensive measures: decryption, inspection, Zero Trust, and SOC awareness

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
• Luca Cipriano, Cyber Threat Intelligence Program Lead, ON2IT: https://www.linkedin.com/in/luca-c-914973124/
• Rob Maas, Field CTO, ON2IT: https://www.linkedin.com/in/robmaas83/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

1 month ago

21 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

AI, Play It Safe: Why CISOs Are Wrong to Ban AI

Playing it safe with AI sounds smart, but is banning it really how you prevent data leaks?

In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning (ON2IT Co-Founder) sits down with Rob Maas, Field CTO at ON2IT, to tackle the hard question: How can CISOs and security leaders embrace AI safely—without exposing their organization to destructive data leaks?

From Samsung’s ChatGPT ban to real-world AI hallucinations, we unpack why “AI, play it safe” doesn’t mean blocking innovation—it means controlling it.

(00:00) - 00:00 – AI, play it safe introduction
(00:00) - 00:41 – Customer fears: Ban AI or embrace it?
(00:00) - 01:13 – Real case: $1 Chevrolet Tahoe & AI chatbots gone wrong
(00:00) - 02:46 – Samsung’s ChatGPT ban: lessons for CISOs
(00:00) - 06:50 – How AI transforms work & productivity (coding, translation, ops)
(00:00) - 17:00 – Data exposure & AI governance: the #1 risk
(00:00) - 30:21 – LLM on Prem
(00:00) - 33:10 – AI hallucinations & unsafe outputs (dangerous examples)
(00:00) - 40:50 – The CISO dilemma: Fall behind or take control

Key Topics Covered
• Why “banning AI” is a bigger risk than using it with the right safeguards.
• Real-world AI risks: hallucinations, unsafe outputs, and data exposure.
• Zero Trust approach to AI adoption: categorize sanctioned, tolerated, unsanctioned tools.
• How CISOs can transform AI fear into competitive advantage with the right strategy.

Additional Resources
• ON2IT Threat Talks Podcast: https://www.on2it.net/threat-talks
• Zero Trust Resources: https://www.on2it.net/zero-trust/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

If you’re a CISO, CIO, or security leader navigating the AI storm, this episode is a must-watch.

Click here to view the episode transcript.

🔔 Follow and support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

2 months ago

44 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Zero Trust step 5A: Stop Breaches—Inspect Every Event Now | The Cybersecurity Podcast

Zero Trust step 5A is where monitoring turns raw logs into decisive action.
Hosts Lieuwe Jan Koning and Rob Maas (Field CTO, ON2IT) expose why MDR alone isn’t protection—and how context closes the gap. Learn to inspect every event, use Indicators of Good/Compromise, and set Rules of Engagement that stop lateral movement and alert fatigue.

(00:00) - — Welcome & Step 5A (Monitor) setup
(00:37) - — Steps 1–4 recap: protect surfaces, flows, architecture, policy
(04:12) - — MDR vs protection: why “collect all logs” fails
(07:28) - — Events vs logs: inspect every event & retention reality
(10:22) - — Context from protect surfaces: mapping IPs to business systems
(13:41) - — IoG vs IoC vs Unknown: triage model & beating alert fatigue
(17:59) - — Rules of Engagement: automation, kill switch & blast radius (prevention first)

Key Topics Covered
• MDR ≠ protection: why Step 5A only works after Steps 1–4 are in place.
• Events vs logs: what to keep, what to act on, and how to avoid SIEM sprawl.
• Context from protect surfaces: mapping IPs to business systems to triage fast.
• Automation with Rules of Engagement: IoG/IoC/Unknown, kill switches, and reducing blast radius.

If this helped sharpen your Zero Trust monitoring strategy, subscribe to Threat Talks and turn on notifications—don’t miss Step 5B (Maintain).

Additional Resources
• https://on2it.net/zero-trust/
• https://on2it.net/managed-security/protect-surface-management/
• https://on2it.net/wp-content/uploads/2023/02/Zero-Trust-Dictionary-EN.pdf
• https://on2it.net/context-is-key-the-data-challenge-of-cybersecurity/
• https://threat-talks.com/
• https://www.ams-ix.net/

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a podcast created in collaboration with ON2IT and AMS-IX. Each episode features leading cybersecurity experts sharing real-world insights on emerging threats, trends, and defense strategies — helping organizations stay secure in today’s rapidly evolving digital world.

ON2IT website: https://on2it.net/
AMS-IX website: https://www.ams-ix.net/ams

2 months ago

25 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

From Stealth to Wipers: Inside Russia’s APT 44 AKA Seashell Blizzard | The Cybersecurity Podcast

Russia’s most notorious cyber unit—Seashell Blizzard (also known as Sandworm, APT 44 and Iron Viking)—has taken down shipping giants, Olympic systems, and Ukraine’s power grid.

In this Threat Talks deep dive, Lieuwe Jan Koning, Yuri Wit (Red Team), and Rob Maas (Blue Team) reveal exactly how these attacks unfold, why they’re so hard to stop, and how Zero Trust can tip the balance back to defenders.

(00:00) - – Cyber warfare in the Ukraine conflict: setting the stage
(01:10) - – Who is Seashell Blizzard? Names, aliases, and Russian GRU ties
(04:00) - – NotPetya, Olympic Games, and high-profile disruption campaigns
(07:31) - – Initial access: stealth exploits on edge devices
(11:40) - – Privilege escalation via Living-off-the-Land (LOLBin) tactics
(15:23) - – Weaponizing Group Policy Objects with “Tank Trap” for mass wipers
(19:13) - – Objectives: disruption, damage, and public bragging rights
(23:40) - – Zero Trust defenses, segmentation, and last-resort recovery

Key Topics Covered
• Seashell Blizzard’s attack chain: from stealth reconnaissance to mass destruction.
• NotPetya & global fallout: when a Ukraine-targeted attack crippled global shipping.
• Defense strategies: hardening edge devices, segmentation, and EDR behavior detection.
• Zero Trust in action: protecting critical assets before the breach happens.

Related ON2IT Content & Referenced Resources
• ON2IT Threat Talks Playlist: https://www.youtube.com/@ThreatTalks/playlists ON2IT Zero Trust Resources: https://on2it.net/zero-trust
• MITRE ATT&CK – Sandworm Team (APT 44): https://attack.mitre.org/groups/G0034/

🔔 Follow and Support our channel! 🔔
===
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

2 months ago

25 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Signal Gate: One Wrong Number Triggered the Largest U.S. Gov Data Leak | The Cybersecurity Podcast

One mis-typed contact detonates Signal Gate, turning “secure” messaging into a classified-data leak.Host Lieuwe Jan Koning (Co-founder, ON2IT) and Thomas Manolis (Security Officer, AMS-IX) lay out the breach blow-by-blow—then drop the Zero Trust, Shadow IT and information-governance tactics every CISO needs before the next incident hits.High stakes, hard lessons—compressed into actionable steps you can brief to the board.Timestamps00:00 Cold-open: “wrong recipients” analogy00:37 What really happened in Signal Gate01:38 Mistake #1 – Choosing a consumer app over classified03:34 Mistake #2 – Human error: the mis-added journalist07:55 Shadow IT, usability & Secure Messaging Apps 09:10 Information Governance, audits and technical controls12:02 Zero Trust takeaways & action planKey Topics Covered• Anatomy of the Signal Gate breach & timeline• Why Shadow IT sabotages secure operations• Building airtight Information Governance for secure messaging apps• Operationalizing Zero Trust: least privilege, continuous verification, human-centric trainingRelated ON2IT Content & Referenced Resources• “Understanding Zero Trust – Lessons from Experts” whitepaper: https://on2it.net/resources/?• Zero Trust Readiness Assessment (PDF): https://on2it.net/wp-content/uploads/2022/05/Zero-Trust-Readiness-Assessment-EN-US.pdf• Threat Talks podcast hub: https://threat-talks.com/🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

2 months ago

13 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Splinternet Reality Check: Zero Trust Strategies for a Fragmenting Web

ON2IT’s Lieuwe Jan Koning goes one-on-one with AMS-IX CEO Peter van Burgel to expose why the once-open internet is splintering into rival, firewalled regions. Discover the geopolitical forces fueling this cybersecurity trend. Learn the Zero Trust resilience moves CISOs must deploy to stay sovereign in the future of the internet.Key Topics Covered• Drivers behind the Splinternet & what they mean for CISOs• Scenario-planning methodology for threat forecasting• Aligning Zero Trust with data-localization mandates• Resilience vs. redundancy: how to build real business continuity• Earth-IX concept: keeping critical flows alive amid fragmentationRelated Content & Resources• ON2IT Zero Trust Framework → https://on2it.net/zero-trust/• AMS-IX MORE-IP Conference insights → https://www.ams-ix.net/ams• EU Digital Services Act overview → https://digital-strategy.ec.europa.eu/en🔔 Follow and Support our channel! 🔔► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

3 months ago

39 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Zero Trust Step 4B: How to Secure Admin Access

Administrative accounts come with serious power – and serious power, comes with serious risk.In part B of our deep dive into step four of Zero Trust (create Zero Trust policy), host Lieuwe Jan Koning and ON2IT Field CTO Rob Maas unpack how to build Zero Trust policies specifically for administrative access. They explore:1) Why admins are a high-value target – and what that means for policy2) How to build secure jump hosts and enforce strict access controls3) What ‘separation of identity’ really looks like in practice 🎧 Part B builds on the policy work discussed in part A. Worth a listen if you deal with access management or design policy.Shownotes⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc⁃ Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac⁃ Zero Trust Step 4a episode: https://youtu.be/qT_nqbBEkVw

3 months ago

13 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Mastering Step Four of Zero Trust: Policy Creation

Now that you’ve defined your protect surfaces, mapped your transaction flows and built your Zero Trust architecture, it’s time for step four of Zero Trust: creating policy. In other words, it’s time to turn strategy into actual rules.In this episode of Threat Talks, host Lieuwe Jan and Koning and Field CTO of ON2IT Rob Maas talk through how to create and validate Zero Trust policies.They explore:· What makes a ‘good’ policy (and why broad strokes won’t cut it)· How to apply the Kipling method to policy creation· Why policies need ongoing validation to stay effective Make sure to stay tuned for the second part of this episode as well, where Lieuwe Jan and Rob dive into the specifics of policy for administrative access.Shownotes⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc⁃ Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac

3 months ago

25 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Blockchain in a Post-Quantum World

What does quantum computing mean for blockchain? And how should platforms respond before Q-day becomes reality? In this episode of Threat Talks, ON2IT Field CTO Rob Maas is joined by Jeroen Scheerder, who leads ON2IT's post-quantum cryptography research group. They explore how quantum algorithms interact with current blockchain designs, what makes certain cryptocurrencies more flexible than others, and where we're already seeing movement toward future-ready solutions. ⛓ How does blockchain actually work again? 🔓 What makes classical encryption vulnerable to quantum algorithms? 🧠 Why can't you just “update” Bitcoin? From cryptographic design to real-world limitations, this episode is all about understanding the risks and opportunities in a post-quantum future. Shownotes Post-Quantum Threat to Encryption episode : https://youtu.be/rimW1XJNNLo

3 months ago

30 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Windows Recall: Convenience or Catastrophe?

Windows Recall is a new feature in Windows 11 that captures screenshots every few seconds and stores them in a local database. It’s designed to help users find what they’ve seen or done: but that convenience may come at a high cost.In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.In this episode of Threat Talks:🧠 How Recall works and what makes it so controversial🔍 Why bolted-on security measures leave gaps🎯 Which users and organizations are most exposedTune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.

3 months ago

23 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Agentic AI: Hype, Hope, or Real Risk?

Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” Key topics:✅ How to adopt your security and governance to the use of AI🧠 Why applying existing IT risk frameworks is a smart starting point⚖️ How to balance regulation, trust, and innovationCan your organization keep up with AI that moves faster than human oversight?

4 months ago

42 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Zero Trust Step Three: Build a Zero Trust Architecture

It’s time to get practical. After identifying protect surfaces and mapping flows, the third step in Zero Trust is about designing the actual architecture.In this episode of Threat Talks, Lieuwe Jan and Rob Maas talk about segmentation, control selection, and why this is the most operational step in your Zero Trust journey.They cover:✅ Why segmentation is one of the most important Zero Trust measures🔒 How to choose and assign technical controls (and what matters most)📄 How frameworks like MITRE ATT&CK, ISO 27001, and the Cyber Kill Chain help map risks to controlsFrom translating compliance requirements into actionable controls to whiteboarding micro-perimeters and network segments, this is where the vision meets the real world.Shownotes:⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs ⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc ⁃ Rick Howard episode on the Kill Chain https://www.youtube.com/watch: v=GC8z3W2OSwQ&t=1s ⁃ Outlook Web Access Deep Dive episode: https://www.youtube.com/watch?v=Bd5mhPiqT5Q 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

4 months ago

39 minutes

Threat Talks - Your Gateway to Cybersecurity Insights

Cybersecurity Without Borders

From sovereign clouds to Zero Trust, and from cross-border investments to threat intelligence sharing, cooperation between the US and Europe is crucial, but still complex. With differing policies, fragmented markets, and varying strategies, the cyber world remains anything but unified.In this special episode of Threat Talks, Davis Hake (Senior Director for Cybersecurity at Venable) leads a discussion with Lisa Hill (Director of Investor Relations at Shield Capital), Chris Painter (the US’s first cyber ambassador and founder partner of the Cyber Policy Group), Lieuwe Jan Koning (CTO and co-founder of ON2IT cybersecurity) and Peter Brown (former EU official and diplomat). Together, they explore where collaboration is gaining ground and where major obstacles still stand. 🌐 How do the US and EU differ in their approach to Zero Trust and prevention?📊 What role does private sector investment play in advancing national security?🔁 Why is threat intelligence still so difficult to share effectively across borders?Tune in for a grounded conversation that connects regulation, strategy, and industry, and shows how both sides of the Atlantic are navigating today’s cyber challenges.🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

4 months ago

34 minutes