Decipher Security Podcast

Unlike a lot of founders in the industry, Sravish Sridhar hasn't spent his career in the security world. He comes from a background in distributed computing and advanced math, and is a successful entrepreneur who's now bringing that experience to bear at TrustCloud, where he's helping CISOs automate and streamline their compliance programs.

Ari Redbord, Global Head of Policy at TRM Labs, talks about the insane background behind the $285 million Drift Protocol crypto heist, how law enforcement agencies are investigating ransomware-linked cryptocurrency wallets, and how effective sanctions are on cybercrime.

Will Dixon has seen the evolution of cybercrime as both a GCHQ intelligence officer and a private sector executive and analyst, and has seen the way these groups operate up close. He joins Dennis to talk about the ongoing threat from ransomware gangs, how organizations are managing their responses, and what he expects to come next.

The security news was out of hand this week, so we had to pick our spots. We start with the nasty cPanel/WHM vulnerability that affects tens of millions of domains in shared hosting environments, then we discuss the Copy Fail Linux bug and its effects before seguing into the delightful history of branded bugs, logos, and parodies.

Links

Branded bugs and logos: https://io.netgarage.org/logo/

Ariana Mirian, cofounder of startup Beesafe, joins Dennis to talk about the mechanics of online romance and finance scams, how the scammers draw in victims over weeks or months, and why user awareness isn't the complete solution to the problem. LinksBeesafe AI: https://beesafe.ai/

This week we dig deep into the Vercel intrusion that emerged last weekend, how it happened, what the response was, and what the downstream effects may be for defenders. Then we talk about CISA's bizarre delayed response to the Axios npm compromise and what it signals about the agency's capabilities going forward.

It's been A WEEK. Security news never sleeps, and neither does AI, so Dennis and Lindsey dive into all of the storylines coming from the Claude Mythos and Project Glasswing announcements, how organizations will deal with the coming flood of CVEs and patches, NIST's decision to only enrich specific CVEs going forward, and what could possibly be next on the horizon.

The internet is dark and full of terrors, but thanks to folks such as Andrew Northern, a principal security researcher at internet-mapping pioneer Censys, it doesn't have to be, Andrew joins Dennis to talk about the cybercrime ecosystem, getting his start in security on a tiny team with huge responsibilities, and the value of a strong mentor.

It's been quite a week in security news, and Dennis and Lindsey dig into the continued effects of the axios supply chain attack, the incredibly fast adoption of AI tools for vulnerability research and what that means for software makers and defenders, and what the future holds for vulnerability research and exploit development.

Security Theater in Austin: https://material.security/theater-2026#theater-live-event

Fresh off the plane from RSA, Dennis fills Lindsey in on everything she missed (and didn't miss) at this year's conference (0:23), from the insanity of the expo floor (4:06) to the appearance of a line of synchronized robots or spacemen or something (8:18), to some very interesting conversations about the hyper speed of AI malware development and what's coming next for defenders (27:25).

With the RSA Conference on the horizon, Dennis and Lindsey are here with a preview of the conference's more interesting sessions and keynotes, a discussion of the recent and ancient history of the conference, and a quick game: Is this a security vendor or a prescription drug name?

Sure, space pirate is a cool title, but what about space hacker? Way cooler! With the imminent release of Project Hail Mary, Wendy Nather joins Dennis Fisher to dig into the nutrient-rich narrative soil that produced a modern classic that truly epitomizes the hacker ethos. We are the greatest podcasters on Mars!