Administrative accounts come with serious power – and serious power, comes with serious risk.
In part B of our deep dive into step four of Zero Trust (create Zero Trust policy), host Lieuwe Jan Koning and ON2IT Field CTO Rob Maas unpack how to build Zero Trust policies specifically for administrative access.
They explore:
1) Why admins are a high-value target – and what that means for policy
2) How to build secure jump hosts and enforce strict access controls
3) What ‘separation of identity’ really looks like in practice
🎧 Part B builds on the policy work discussed in part A. Worth a listen if you deal with access management or design policy.
Shownotes
⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs
⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc
⁃ Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac
⁃ Zero Trust Step 4a episode: https://youtu.be/qT_nqbBEkVw
Now that you’ve defined your protect surfaces, mapped your transaction flows and built your Zero Trust architecture, it’s time for step four of Zero Trust: creating policy. In other words, it’s time to turn strategy into actual rules.
In this episode of Threat Talks, host Lieuwe Jan and Koning and Field CTO of ON2IT Rob Maas talk through how to create and validate Zero Trust policies.
They explore:
· What makes a ‘good’ policy (and why broad strokes won’t cut it)
· How to apply the Kipling method to policy creation
· Why policies need ongoing validation to stay effective
Make sure to stay tuned for the second part of this episode as well, where Lieuwe Jan and Rob dive into the specifics of policy for administrative access.
Shownotes
⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs
⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc
⁃ Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac
What does quantum computing mean for blockchain? And how should platforms respond before Q-day becomes reality? In this episode of Threat Talks, ON2IT Field CTO Rob Maas is joined by Jeroen Scheerder, who leads ON2IT's post-quantum cryptography research group. They explore how quantum algorithms interact with current blockchain designs, what makes certain cryptocurrencies more flexible than others, and where we're already seeing movement toward future-ready solutions. ⛓ How does blockchain actually work again? 🔓 What makes classical encryption vulnerable to quantum algorithms? 🧠 Why can't you just “update” Bitcoin? From cryptographic design to real-world limitations, this episode is all about understanding the risks and opportunities in a post-quantum future. Shownotes Post-Quantum Threat to Encryption episode : https://youtu.be/rimW1XJNNLo
Windows Recall is a new feature in Windows 11 that captures screenshots every few seconds and stores them in a local database. It’s designed to help users find what they’ve seen or done: but that convenience may come at a high cost.
In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.
In this episode of Threat Talks:
🧠 How Recall works and what makes it so controversial
🔍 Why bolted-on security measures leave gaps
🎯 Which users and organizations are most exposed
Tune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.
Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.
He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.
They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.”
Key topics:
✅ How to adopt your security and governance to the use of AI
🧠 Why applying existing IT risk frameworks is a smart starting point
⚖️ How to balance regulation, trust, and innovation
Can your organization keep up with AI that moves faster than human oversight?
It’s time to get practical. After identifying protect surfaces and mapping flows, the third step in Zero Trust is about designing the actual architecture.In this episode of Threat Talks, Lieuwe Jan and Rob Maas talk about segmentation, control selection, and why this is the most operational step in your Zero Trust journey.They cover:✅ Why segmentation is one of the most important Zero Trust measures🔒 How to choose and assign technical controls (and what matters most)📄 How frameworks like MITRE ATT&CK, ISO 27001, and the Cyber Kill Chain help map risks to controlsFrom translating compliance requirements into actionable controls to whiteboarding micro-perimeters and network segments, this is where the vision meets the real world.Shownotes:⁃ Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs ⁃ Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc ⁃ Rick Howard episode on the Kill Chain https://www.youtube.com/watch: v=GC8z3W2OSwQ&t=1s ⁃ Outlook Web Access Deep Dive episode: https://www.youtube.com/watch?v=Bd5mhPiqT5Q 🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX
From sovereign clouds to Zero Trust, and from cross-border investments to threat intelligence sharing, cooperation between the US and Europe is crucial, but still complex. With differing policies, fragmented markets, and varying strategies, the cyber world remains anything but unified.In this special episode of Threat Talks, Davis Hake (Senior Director for Cybersecurity at Venable) leads a discussion with Lisa Hill (Director of Investor Relations at Shield Capital), Chris Painter (the US’s first cyber ambassador and founder partner of the Cyber Policy Group), Lieuwe Jan Koning (CTO and co-founder of ON2IT cybersecurity) and Peter Brown (former EU official and diplomat). Together, they explore where collaboration is gaining ground and where major obstacles still stand. 🌐 How do the US and EU differ in their approach to Zero Trust and prevention?📊 What role does private sector investment play in advancing national security?🔁 Why is threat intelligence still so difficult to share effectively across borders?Tune in for a grounded conversation that connects regulation, strategy, and industry, and shows how both sides of the Atlantic are navigating today’s cyber challenges.🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX
AI vs. Human Pentesting: Who Wins?What happens when you try to automate something that’s part science, part art? In an industry rushing to adopt AI for everything from detection to response, the real question is: can a machine truly replace the craft of a human pentester?In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Melanie Rieback, co-founder and CEO of Radically Open Security, and Luca Cipriano, a red teamer and threat intel specialist. Together, they dig into what makes great pentesting work.Melanie explains why her company donates 90% of profits to open source and operates with a not-for-profit model, and how that connects with their mission to support NGOs and civil society groups. Together, she and Luca share their hands-on experience with pentesting and why creativity, gut instinct, and lateral thinking are still crucial in ethical hacking.They discuss:🤖 Can AI outsmart human red teamers?🧠 What makes great hacking truly human?🔍 What’s still too complex for automation?From tool-assisted testing to old-school intuition, this conversation offers a grounded take on the reality of modern pentesting and what AI can’t do (yet).🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX
PLCs with default passwords. Devices searchable online. Siloed asset inventories. These OT challenges are common, but they’re also fixable. In this episode of Threat Talks, host Lieuwe Jan Koning sits down with Venable’s Caitlin Clarke and Schneider Electric’s Patrick Ford to discuss why the OT side of your business deserves the same focus and attention as IT. From default passwords to exposed PLCs, they show how these ‘tech risks’ span beyond just OT and IT. They discuss:✅ How to replace "default" thinking on OT security🌐 Spotting internet-facing assets before attackers do🔍 Using CISA’s Installed Base Initiative to locate orphaned tech🤝 Building joint response plans across IT, OT, and governmentOrganizations are getting ahead of risk by building live OT inventories, applying smart controls, and partnering with federal teams to strengthen critical infrastructure. Are you ready to join them?Additional Resources:► Securing critical infrastructure: https://www.se.com/ww/en/download/doc...🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: / @threattalks ► SPOTIFY: https://open.spotify.com/show/1SXUyUE...► APPLE: https://podcasts.apple.com/us/podcast...👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX
Once you have defined a few protect surfaces (see: Step 1 of Zero Trust-video link below), the next step is to start mapping the transaction flows: how these protect surfaces communicate with one another.
Understanding how data travels to, from and around protect surfaces is your next logical movie. Why? Because if you don’t know how your systems talk to each other, you can’t secure them.
In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas discuss how to identify communication paths between protect surfaces and why this visibility is critical for both risk containment and policy validation.
They explore:
✅ How to identify communication paths
⛕The difference between inbound and outbound traffic (and why this matters)
🙋🏼♂️Why business owners and business context are essential
Get all the details and
insights on this second step of Zero Trust: mapping the transaction flows.
Additional Resources:
► Zero Trust Step One: https://youtu.be/mC66i-tEEFs
Now that we know what a PLC, HMI and SCADA are (check out last week’s episode for a refresher if you need one!), we’re ready for part two of our OT deep dive: how does an OT attack work? In this Deep Dive, Rob Maas and Luca Cipriano break down just how complex an OT attack really is. From needing to stay hidden, to requiring access to very specific system settings and blueprints; setting up a successful OT attack (thankfully) is no easy task. But does that mean it’s easier to defend against them?Key topics:⚙️ How IT and OT attacks differ☠️ What the ICS cyber kill chain is🌎 How OT attacks can impact whole nationsJoin Rob and Luca for a discussion on the motivations behind OT attacks, how to bridge the gap between cybersecurity and engineering, and what we can do to prevent these high impact OT attacks.
From heating systems in Ukraine to petrochemical plant safety controls, Operational Technology (OT) systems are the hidden workhorses behind critical infrastructure: and they're wide open to cyber threats.
In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it’s different from IT, where the two overlap and how we can start securing both before it’s too late.
Key topics:
⚙️ What OT is (and isn’t)
📉 Why IT and OT often don’t speak the same language
🛠️ Real-life OT cyberattacks (hello, FrostyGoop and TRITON)
Welcome to OT 101: explained in plain language, with a healthy dose of practicality.
From ships and cities to hospitals and airports, Operational Technology (OT) keeps the world running. The problem? It was never designed with cybersecurity in mind.
In this episode of Threat Talks, host Karin Muller is joined by TC Hoot (VP of Contracts at TAC) and Luca Cipriano (Threat Intel Specialist at ON2IT) to explore how airports, hospitals, ports, and even water systems can be compromised.
Key topics they tackle:
🛳️ Why are modern ships, airports, hospitals and even cities targeted?
🛡️ What makes OT so hard to secure compared to IT?
✈ What do real-world OT threats look like and how can we defend against them?
If you’ve ever asked “how could a fish tank lead to a casino breach?” or “can someone actually hack an airport’s baggage system?” this one’s for you.
Zero Trust is about more than just IP addresses and firewalls: it’s about understanding what truly matters to your business.
In step one of Zero Trust: define your protect surface, we focus on how to prioritize what you want to protect, how to avoid common pitfalls, and how to kick off your Zero Trust journey from a solid, business-aligned foundation.
In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas get down to the basics of step one of Zero Trust: defining the protect surface.
They explore:
✅ Methods for defining protect surfaces
⛨ Establishing the relevance of each protect surface
📈 How to align your cybersecurity with business needs and goals
In this second episode of a multi-part deep dive on Zero Trust, Lieuwe Jan and Rob clarify where to start with Zero Trust implementation, discuss the importance of business and board involvement and explain why starting small is key.
Zero Trust is everywhere – but what does this actually mean? Is it a cybersecurity strategy, a set of tactics, a product you can buy, or just clever marketing?
In this kickoff episode of this Zero Trust series, Lieuwe Jan Koning and Rob Maas explore what Zero Trust actually is, how to think about it strategically, and why it’s not just about identity or buying new tools.
They discuss:
✅ Why Zero Trust isn’t a product, and what it actually is
🗺️ The five steps and four core principles of Zero Trust
🚧 Why business alignment – and not anything technical – is the hardest part of Zero Trust implementation
They debunk the most common myths, from “Zero Trust is identity” to “just buy a firewall,” and explain what it takes to embed Zero Trust into business operations. A must-watch, whether you’re just curious, are just starting your Zero Trust journey or are already well underway.
What happens when a cyber threat actor doesn’t want to make headlines? Volt Typhoon, a state-sponsored group tied to the People’s Republic of China, has been quietly infiltrating Western critical infrastructure, staying under the radar by avoiding malware, using native tools, and taking things slow.
In this episode of Threat Talks, Lieuwe Jan Koning is joined by Rob Maas and Luca Cipriano to break down how these attackers operate and what their endgame might be.
💨 What makes “low and slow” attacks so hard to detect?
🔧 How do living-off-the-land tactics help attackers blend in?
📉 What motivations do threat actors like Volt Typhoon have?
Volt Typhoon isn’t just another cyber threat: it’s a sign that the game has changed. If you’re focused on national security, infrastructure, or advanced threat defense, you won’t want to miss this episode.
Dark Markets are making cybercrime more accessible than ever. Malware, remote access tools, phishing kits, credit cards information: all of it is readily available, and oftentimes available as a service, if you just know where to look. Subscribing to these illicit services is now as easy as signing up for Disney+.
In this Deep Dive, host Rob Maas and special guest, cybersecurity researcher Michele Campobasso, discuss dark markets, and the rise of cybercrime-as-a-service.
Key questions answered in this Deep Dive:
🕶️ What are dark markets, and how do they work?
🔑 How do cybercriminals (or intrepid researchers) access these dark markets?
🎬 How is cybercrime becoming as accessible as a streaming service?
⚠️ What risks do businesses face from dark markets?
🔎 What role does threat intelligence plays in monitoring these markets?
With cybercrime as easy to access as a Netflix subscription, Rob and Michele explore how these underground marketplaces operate, how they’re changing the threat landscape, and what organizations can do to protect themselves.
The Dark Web Economy: Hacks for $10?
Would you pay $10 for access to a corporate system? Because someone on the dark web already has. In this episode of Threat Talks, host Lieuwe Jan Koning talks to cybersecurity researcher Michele Campobasso about the business of cybercrime. From ransomware services to stolen credentials, the dark web is thriving.
💰 How much is YOUR data worth on the dark web?
🚨What’s for sale—and who’s buying?
🛒 How is hacking becoming a subscription-based service?
Cybercriminals operate like well-run businesses, offering hacking tools, stolen credentials, and even customer support. But if cybercrime is getting more sophisticated, what can individuals and businesses do to fight back?
⏳ What happens when time goeswrong?
Time synchronizationis an overlooked but essential part of cybersecurity. A few microseconds ofdrift can lead to failed transactions, inaccurate forensic logs, or evensecurity breaches.
In this episode of ThreatTalks, host Rob Maas (Field CTO, ON2IT) and guest Jan van Boesschoten(Innovation Manager, AMS-IX) discuss:
· How does time impact cybersecurity, and whathappens when it drifts?
· Why is NTP no longer sufficient for high-speeddigital transactions?
· How does Precision Time Protocol (PTP) providemicrosecond accuracy (and why does that matter)?
· Could time manipulation be an attack vector,and how do organizations mitigate this risk?
From financialtransactions to forensic log analysis, knowing exactly when an eventoccurs can make or break an organization’s security posture.
Many organizations hesitate to implement SSL decryption due to concerns over complexity, privacy, and performance. However, the reality is that failing to decrypt means failing to see threats.In this Deep Dive, host Lieuwe Jan Koning and Rob Maas (Field CTO at ON2IT) explore why decrypting SSL traffic is critical for cybersecurity.
Rob Maas explains how decrypting SSL traffic allows security teams to detect and stop threats at an early stage, preventing malware downloads, phishing attempts, and web-based attacks before they reach endpoints.
