In this episode of Breaking Badness, Kali Fencl sits down with Mick Baccio, Global SecurityAdvisor at Splunk and former CISO for Pete Buttigieg’s 2020 presidential campaign. Mickshares his journey from aspiring Navy nuclear engineer to leading security in some of thehighest-stakes environments, including the White House.They explore how threat inte…

In this episode of Breaking Badness, we sit down with John Donovan of ZEDEDA to unpack thelighter and more profound sides of cybersecurity’s biggest gatherings. From RSA’s unexpectedbaby goats and vendor booth antics to BSides San Francisco’s community-driven keynotestage, John shares personal stories, industry insights, and valuable advice on how …

In this episode of Breaking Badness, the crew investigates two escalating threats in the cybercrime ecosystem: the cleverly named phishing-as-a-service platform Morphing Meerkat, and the bulletproof hosting provider Proton66, a favorite among amateur cybercriminals.First, they dig into how Morphing Meerkat uses DNS-over-HTTPS (DoH) and clever phish…

In this powerful continuation of our DFIR series, cybersecurity experts Daniel Schwalbe, DavidBianco, Lesley Carhart, and Sarah Sabotka dissect the heart of effective incident response,containment, eradication, recovery, and lessons learned. Packed with firsthand war stories,sharp tactical advice, and honest debates, this episode is a must-listen f…

In Part 1 of this special two-part panel, the Breaking Badness podcast gathers leadingcybersecurity experts to explore the foundations of DFIR - Digital Forensics and IncidentResponse. Featuring Daniel Schwalbe (DomainTools), Lesley Carhart (Dragos), David Bianco(Splunk), and Sarah Sabotka (Proofpoint), the panel dives into what makes an effective …

In this episode of Breaking Badness, host Kali Fencl is joined by DomainTools' Daniel Schwabeand disinformation expert Scot Terban to uncover how modern Russian disinformationcampaigns are using domain registrars, homoglyph attacks, and generative AI to mimiclegitimate news outlets and manipulate public perception. From the eerie sophistication ofD…

In this special DNS Masterclass episode of Breaking Badness, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce take a deep dive into the Domain Name System often dubbed the backbone and battleground of the internet. From its humble beginnings with host files to its critical role in modern security, the episode unpacks DNS’s evolution, vulnera…

In this episode of Breaking Badness, host Kali Fencl welcomes Wes Young of CSIRT Gadgets and Daniel Schwalbe, CISO and head of investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analyst…

In this episode of Breaking Badness, we dive into two major cybersecurity stories: the exploitation of a VPN vulnerability by Chinese APT 41 and the newly discovered “Wall Bleed” flaw in the Great Firewall of China.APT 41 has been using a critical VPN vulnerability to infiltrate operational technology (OT) organizations, targeting industries like a…

Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far):● Black Basta’s Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama.● Salt Typhoon’s Cyber Espiona…

In this episode of Breaking Badness, we sit down with Bruce and Heidi Potter, two of the masterminds behind ShmooCon, the legendary cybersecurity conference that ran for 20 years. They take us behind the scenes, from its hilarious bar-napkin origins to how they built a tight-knit hacker community that thrived for two decades.…

In this episode of Breaking Badness, we dive into two major cybersecurity concerns: the risks of abandoned S3 buckets and a wave of phishing attacks impersonating DeepSeek. Watchtowr Labs uncovers how forgotten AWS storage can be hijacked for malicious purposes, potentially compromising military, government, and enterprise systems. Meanwhile, attac…

Welcome to the 200th episode of Breaking Badness! 🎉 In this special milestone edition, we take a nostalgic stroll down memory lane, discuss the evolution of cybersecurity, and explore how the podcast—and the security landscape—has changed since 2019.In this special milestone episode, hosts Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce are joine…

In this episode of Breaking Badness, we welcome back Tanya Janca, aka SheHacksPurple, to discuss her latest book, Alice and Bob Learn Secure Coding. Tanya dives deep into the fundamental principles of secure software development, the psychology behind developer incentives, and the often-overlooked importance of zero trust security.…

In this episode of Breaking Badness, we analyze two fascinating cybersecurity incidents that expose both corporate misconfigurations and hacker missteps. Security researcher Philippe Caturegli discovered a typo in MasterCard’s DNS records, which left the company open to traffic hijacking and data exposure. This long-overlooked flaw, dating back yea…

In this episode of Breaking Badness, Tricia Howard of Akamai joins Kali Fencl and Ian Campbell to dive deep into the intersection of gaming culture, mental health, and cybersecurity. Tricia shares her journey from theater arts to cybersecurity research, her love for gaming, and her experiences tackling emotional toxicity in digital spaces. The epis…

In this episode of Breaking Badness, we dive into the cybersecurity headlines making waves in 2025. We discuss the U.S. Treasury breach, allegedly orchestrated by Chinese hackers using third-party access. Learn about how lingering chat histories can expose sensitive data and the importance of digital spring cleaning.…

In this episode of Breaking Badness, we sit down with Tanya Janca, aka SheHacksPurple, a cybersecurity educator, and author of the best-selling book Alice and Bob Learn Application Security. Tanya shares her journey from software developer to AppSec expert, dives into the unique challenges of teaching secure coding, and discusses the impact of cybe…

Welcome to this special episode of the Breaking Badness Cybersecurity Podcast! We’re turning the spotlight on the books that have shaped the world of cybersecurity and inspired professionals in the field. As part of our ongoing book club series, this episode is a journey into storytelling, research, and the unique perspectives that make cybersecuri…

In this special episode of Breaking Badness, we wrap up 2024 with a countdown of the top episodes, puns, and cybersecurity moments that defined the year. From the hoodiest hacks to the goodiest wins, Kali, Tim, and Taylor reflect on critical insights, industry-changing events, and listener favorites. Tune in for discussions about evolving OT securi…

In this special 2025 Predictions episode of Breaking Badness, host Kali Fencl joins cybersecurity experts Sean McNee, Tim Helming, and Daniel Schwalbe to discuss the future of cyber threats and defense. From ransomware evolution and AI-powered attacks to quantum computing and “synthetic identity fraud,” the group compares their insights with predic…

In this episode of Breaking Badness, we dive into two fascinating stories shaping the cybersecurity landscape. First, we unpack the case of Gabriel Koo and his surprising acquisition of the domain us-east-1.com, a domain closely tied to AWS’s naming conventions. What insights can this seemingly simple purchase reveal about DNS misconfigurations and…

In this episode of Breaking Badness, we delve into the cybersecurity trends shaping the holiday season. We unpack the 60% surge in scam domain registrations targeting holiday shoppers, discuss the tactics of TAG-112, a Chinese state-sponsored threat group, and analyze their use of compromised websites to deliver Cobalt Strike malware. Plus, we shar…

In this episode of Breaking Badness, we dive into the critical challenges and innovations in healthcare cybersecurity with Ken Zalevsky, CEO of Vigilant Ops. From the vulnerabilities in medical devices to the revolutionary role of Software Bill of Materials (SBOMs), Ken shares his two decades of expertise in safeguarding patient safety and hospital…

In this episode of Breaking Badness, we explore two fascinating cybersecurity stories. First, we delve into the unusual case of an ex-Disney employee who hacked menu systems, creating chaos in the happiest place on Earth. Next, we discuss Sophos' five-year-long battle with a determined group of attackers targeting their firewalls. Tune in as we bre…

In this episode of the Breaking Badness Cybersecurity Podcast, Jason Haddix dives into his unique journey from red teaming and pentesting to leading security teams as a CISO in high-profile organizations, including a top gaming company. Jason unpacks the distinct challenges of securing a gaming company, where risks come not only from state actors b…

In this week’s episode of Breaking Badness, we dive deep into two major cybersecurity stories that are shaping today’s landscape. First, we explore the alarming capabilities of Locate X, a powerful smartphone tracking tool used by U.S. law enforcement without a warrant. How does it work, what are the privacy implications, and what can individuals d…

Join Kali Fencl as she dives deep into a conversation with cybersecurity veteran The Gibson. With 25+ years in InfoSec, The Gibson shares his journey from coding as a child to shaping threat intelligence and privacy-first technology today. In this episode, they discuss hacker ethics, the influential hacker groups Loft and Cult of the Dead Cow, the …

In this episode of Breaking Badness, Kali, Tim, and Taylor discuss two major stories shaking up the cybersecurity world. First, a researcher has discovered how attackers are exploiting Whois data to grant themselves unprecedented superpowers in the digital space. Second, the Internet Archive suffers a breach possibly exposing 31 million accounts, r…

In this episode of Breaking Badness, we dive deep into the evolving world of Endpoint Detection and Response (EDR) and its critical role in modern cybersecurity. With threats advancing and the sheer volume of endpoint data skyrocketing, AI and deep learning are becoming gamechangers in threat detection and prevention. Join us as Carl Froggett, CIO …

In this episode of Breaking Badness, we dive deep into the critical world of API security and governance, uncovering key strategies to keep data safe in today’s threat landscape. Special guests Matthias Friedlingsdorf (iVerify), Tristan Kalos (ESCAPE), and Aqsa Taylor (Gutsy) join the conversation to share their experiences with detecting advanced …

In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO atNetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offens…

In this special Black Hat edition of Breaking Badness, Part 2 of a 5 Part Series, we dive deep into the world of vulnerability management, cyber resilience, and supply chain security. Our expert guests—Jacob Graves, Director of Solution Architecture at Gutsy, Theresa Lanowitz, Chief Evangelist at Level Blue, Pukar Hamal, CEO at SecurityPal, and Vin…

In this special Black Hat edition of the Breaking Badness Cybersecurity Podcast, Part 1 of a 5 Part Series, we dive deepinto how artificial intelligence is transforming the cybersecurity landscape. Our guests—Mark Wojtasiak (VP of Product at Vectra AI), Carl Froggett (CIO at Deep Instinct), Dan Fernandez(Staff Product Manager at Chainguard), and Ma…

In this special research edition of Breaking Badness, hosts Kali Fencl, Tim Helming, Sean McNee, and guest Sasha Angus from Sylla Intel dive deep into the world of cybercriminal campaigns targeting retailers. They explore how bad actors exploit the growing threatlandscape, discussing specific fraud tactics, infrastructure reuse, and ways organizati…

Kali Fencl and Daniel Schwalbe sat down with Lesley Carhart, aseasoned incident responder specializing in Operational Technology (OT) cybersecurity at Dragos, in person at BlackHat USA 2024. Lesley shares their journey, from their uniquebackground in avionics and electronics to becoming a leading expert in the field. We explore the evolving landsca…

Kali Fencl, Daniel Schwalbe, and Tim Helming discuss Brian Krebs’ article on namespace collisions and the risks associated with new generic TLDs (gTLDs) along with facial recognition and privacy concerns at major sporting eventsDe către DomainTools

Kali Fencl, Daniel Schwalbe, and Malachi Walker discuss all things Hacker Summer Camp. What sessions were their favorites? How did they beat the heat? Listen to the episode and find out!De către DomainTools

This week we compromised domains targeting DeFi protocols along with the JFrog research team's findings regarding a leaked access token with admin access to Python repositoriesDe către DomainTools

We're thrilled Tanya Janca (aka SheHacksPurple) joined us this week on the podcast! She and Kali Fencl discuss secure guardrails, Semgrep Academy, the process of writing two books, gardening, and so much more.De către DomainTools

In this episode of the Breaking Badness Cybersecurity Podcast, Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce discuss vulnerabilities impacting your phone's 5G connection along with the new owner of the popular Polyfill JS project injecting malware into more than 100,000 sites.De către DomainTools

Jake Bernardes, Field CISO of Anecdotes, joins the Breaking Badness Cybersecurity Podcast in this week’s episode! We’re sharing Jake’s background and path within infosec along with what’s intriguing him about the industry currently, how conferences and in-person events can still play a role in community involvement, and we’ll touch briefly on Ameri…

This week Kali Fencl, Tim Helming, and Taylor Wilkes-Pierce discuss vishing attacks against CISA along with a threat campaign targeting Snowflake customer database instances.De către DomainTools

It is the final episode of our mini-series from RSAC 2024! Join Kali as she speaks with Aqsa Taylor, Director of Product Management at Gutsy! They'll discuss Aqsa's path to infosec, the importance of governance strategy and how to achieve a cleaner security posture, women in cybersecurity, and how to break into the field.…

It's the penultimate episode of our RSAC mini series! We're speaking with Zack Schuler of NINJIO in the first half of the episode and in the second, we speak with Lawrence Gentilello of Optery.De către DomainTools

We're halfway through our RSAC mini series! We're speaking with Joe Slowik of MITRE in the first half of the episode and in the second, Kali is joined by Daniel Schwalbe to speak with David Goldschlag of Aembit.De către DomainTools

In our second iteration of our mini-series, we'll speak with Ben April of Maltego and Allan Liska of Recorded Future. We'll cover topics such as AI, the LockBit ransomware gang, cybersecurity comic books, and more!De către DomainTools

In our first episode of our mini-series, we'll speak with Jori VanAntwerp of EmberOT and Steve Stone of Rubrik Zero Labs. We'll cover topics like IT and operational technology and how ransomware is impacting the healthcare space.De către DomainTools

We're back on the road at RSA 2024 talking with thought leaders in the infosecurity space! Be sure to check in weekly as we share nine interviews with folks from Recorded Future, Gutsy, Maltego, Aembit, MITRE, EmberOT, Optery, Rubrik, and NINJIO.De către DomainTools

This week on the Breaking Badness Cybersecurity podcast, Kali Fencl is joined by CEO of DomainTools, Tim Chen, and Executive Chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike, Dmitri Alperovitch to discuss his book, “World on the Brink: How America Can Beat China in the Race for the 21st Century.”…