Best CVE Program Podcasts (2025)

1
PP085: News Roundup – Naked Satellite Signals, Account Recovery Buddies, Busting Ghost Networks 52:28

Play Pause

2d ago52:28

52:28

Did you know college students are snooping on satellite transmissions? On today’s news roundup we discuss new research in which university investigators use off-the-shelf equipment to intercept traffic from geostationary satellites and discover that a lot of it is unencrypted. We also dig into the credential hygiene lessons we can learn from a corp…

1
Cyber's Role in the Rapid Rise of Digital Authoritarianism 39:46

6d ago39:46

39:46

Enterprise cyber teams are in prime position to push back against our current "Golden Age of Surveillance," according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF.By InformaTechtarget

1
PP084: Inside the CVE Process With Cisco (Sponsored) 44:50

7d ago44:50

44:50

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today’s Packet Protector, sponsored by Cisco, we talk about the organizations and processes that…

1
K-12 Transition Services and Community Impact with Crystal Evans, CRC 36:32

10d ago36:32

36:32

Since the late 1970s, the Pittsburgh Public School system has hired Certified Rehabilitation Counselors to provide services for students with disabilities, ranging from ensuring accommodations are in place to providing transition services that prepare them for life after high school. The National Center for Education Statistics reports that 7.5 mil…

1
PP083: A CISO’s Perspective on Model Context Protocol (MCP) 44:03

16d ago44:03

44:03

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understan…

1
The CVE Consumer Working Group (CWG) 20:45

25d ago20:45

20:45

“We Speak CVE” podcast host Shannon Sabens chats with CVE Consumer Working Group (CWG) co-chairs, Jay Jacobs and Bob Lord, and CVE™ Project Lead Alec Summers, about how the CWG was created to address the needs and perspectives of those who use CVE data — ranging from enterprise security teams to tool developers and managed security service provider…

1
PP082: Building a Workable Mobile Security Strategy In a World of Risky Apps 1:02:01

25d ago1:02:01

1:02:01

Today we’re bringing back one of our favorite guests — Akili Akridge. He’s a former Baltimore cop who transitioned to building and leading mobile offense and defense teams for federal agencies and Fortune 100s. These days he’s a straight-talking expert on all things mobile security. We’re digging into mobile threats, why they keep CISOs up... Read …

1
PP081: News Roundup – BRICKstorm Backdoor Targets Network Appliances, GitHub Unveils Supply Chain Defense Plans 48:26

1M ago48:26

48:26

By Packet Pushers

1
PP080: The State of OT Risks in 2025 (and What to Do About Them) 44:32

1M ago44:32

44:32

What does the risk environment for Operational Technology (OT) look like in 2025? JJ and Drew review four recent reports on the state of OT security from Dragos, Fortinet, and others. We discuss ransomware impacts, ongoing risks of RDP traffic, directly exposed OT devices, and overall attack trends and the tools and processes that organizations... …

1
Epilepsy Awareness and People-First Programming with Dr. Courtney Dean, PhD, CRC, NCC 27:06

1M ago27:06

27:06

According to the World Health Organization, around 50 million people worldwide have epilepsy, making it one of the most common neurological disorders globally. One of the challenges of epilepsy is that folks experiencing the disorder can’t always get a precise diagnosis. On top of that, many people misunderstand epilepsy, leading to stigma and a la…

1
Battle Space: Cyber Pros Land on the Front Lines of Protecting US Critical Infrastructure 32:34

2M ago32:34

32:34

Dark Reading Confidential Episode 10: It’s past time for a cohesive plan to protect vital US systems from nation-state cyberattacks, and increasingly, that responsibility is falling to cybersecurity professionals and asset owners across a vast swath of organizations, who likely never bargained for a full-blown international conflict landing in thei…

1
PP079: Rethinking the Architecture of Microsegmentation 57:41

2M ago57:41

57:41

Microsegmentation is a complex topic. We did an overview episode earlier this year, and we invited listeners to reach out to keep the microsegmentation conversation going. Today’s guest did just that. Philip Griffiths is Head of Strategic Sales at Netfoundry. However, this isn’t a sponsored show about NetFoundry. Philip is also involved in a workin…

1
PP078: Using Free Tools for Detection Engineering 49:25

2M ago49:25

49:25

You can build effective, scalable detection pipelines using free and open-source tools like Zeek, Suricata, YARA, and Security Onion. Today on Packet Protector we welcome Matt Gracie, Senior Engineer at Security Onion Solutions — the team behind the open-source platform used for detection engineering, network security monitoring, and log management…

1
PP077: News Roundup–Drift Breach Has Long Reach; FCC Investigates Its Own IoT Security Program 37:20

2M ago37:20

37:20

Is any publicity good publicity? On today’s News Roundup we talk about how Salesloft, which makes the Drift chat agent that’s been used as a jumping-off point for credential harvesting and data breach attacks against a bunch of big-name companies, is testing that proposition. We also discuss bugs affecting industrial refrigeration controllers, and …

1
Vocational Services for Veterans with Monnie Rebecca Waltz, BS, MRC, VE, CRC, Christopher Briggman, MRC, CRC, CVE, LCMHC, LPC, and Keith Hosey 1:10:38

2M ago1:10:38

1:10:38

An increasing amount of research is exploring the connection between work and wellness. This includes mental wellness and physical health, both of which can be positively impacted by having employment, particularly for those navigating a disability. Simply put, work is more than just a means to earn a living or spend a significant portion of your w…

1
PP076: RF Risks and How to See Unseen Threats 59:58

2M ago59:58

59:58

Our airwaves are alive with radio frequencies (RF). Right now billions of devices around the world are chattering invisibly over Wi-Fi, Bluetooth, Zigbee, and other protocols you might not have heard of. On today’s show we peer into the invisible world to better understand the RF threat environment. Our guest is Brett Walkenhorst, CTO of... Read mo…

1
A Guided Tour of Today's Dark Web 32:39

2M ago32:39

32:39

Join us for a look around today's Dark Web, and find out how law enforcement, AI, nation-state activities, and more are reshaping the way cybercriminals conduct their dirty business online. Keith Jarvis, senior security researcher at Sophos' Counter Threat Unit joins Dark Reading's Alex Culafi for a conversation you don't want to miss.…

1
PP075: Kernel Vs. User Mode In Endpoint Security Software 43:39

3M ago43:39

43:39

Microsoft is rethinking allowing endpoint security software to run in the Windows kernel (including third-party and Microsoft’s own endpoint security software). While there are benefits to running security software in the kernel, there are also serious downsides (see the CrowdStrike outage). Dan Massameno joins JJ and Drew on Packet Protector to ta…

1
PP074: News Roundup – Microsoft Dumps Digital Escorts; Palo Alto Bundles Billions Aboard CyberArk 42:35

3M ago42:35

42:35

Packet Protector goes global for today’s security news roundup. Microsoft discontinues a program in which engineers in China supported the US Department of Defense’s cloud infrastructure (with the help of US ‘digital escorts’), Taiwanese chipmaker TSMC fires several employees over allegations of attempted theft of sensitive tech, an Arizona woman g…

1
PP073: Identify Yourself: Authentication From SAML to FIDO2 40:06

3M ago40:06

40:06

From SAML to OAuth to FIDO2 to passwordless promises, we unpack what’s working—and what’s broken—in the world of identity and authentication. Today on the Packet Protector podcast, we’re joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about …

1
Mapping the Root Causes of CVEs 23:51

3M ago23:51

23:51

“We Speak CVE” podcast host Shannon Sabens chats with CVE™/CWE™ Project Lead Alec Summers and CWE Top 25 task lead/CWE Root Causes Mapping Working Group lead Connor Mullaly about the importance of mapping CVE Records (vulnerabilities) to their technical root causes using Common Weakness Enumeration (CWE). Additional topics include the benefits of R…

1
Funding the CVE Program of the Future 52:37

3M ago52:37

52:37

Dark Reading Confidential Episode 8: Federal funding for the CVE Program expires in April and a trio of experts agree the industry isn't doing enough to deal with the looming crisis. Bugcrowd's Trey Ford, expert Adam Shostack, and vulnerability historian Brian Martin sit down with Dark Reading to help us figure out what a "good" future of the CVE P…

1
Brain Injury Support Services with Lindsay Prenoveau, MS, QP, CRC, CBIS and Rachel Weber, MS, CRC 36:15

3M ago36:15

36:15

Since the early 1980s, Community Partnerships has worked to create new opportunities for people with intellectual and developmental disabilities. Serving over 1,100 people a year, their cross-functional team includes job coaches, consultants, trainers, and of course, Certified Rehabilitation Counselors – two of whom I had the pleasure to talk to fo…

1
PP072: Mobile Device Threat Management 47:13

3M ago47:13

47:13

Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off …

1
PP071: SSE Vendor Test Results; Can HPE and Juniper Get Along? 46:20

4M ago46:20

46:20

CyberRatings, a non-profit that performs independent testing of security products and services, has released the results of comparative tests it conducted on Secure Service Edge, or SSE, services. Tested vendors include Cisco, Cloudflare, Fortinet, Palo Alto Networks, Skyhigh Security, Versa Networks, and Zscaler. We look at what was tested and how…

1
PP070: News Roundup – Scattered Spider Bites MSPs, Microsoft Rethinks Kernel Access, North Koreans Seem Good at Their Illicit Jobs 44:03

4M ago44:03

44:03

There’s lots of juicy stories in our monthly security news roundup. The Scattered Spider hacking group makes effective use of social engineering to target MSPs, Microsoft pushes for better Windows resiliency by rethinking kernel access policies for third-party endpoint security software, and the US Justice Department files indictments against alleg…

1
PP069: A Quantum Primer: It’s More Than Cracking Crypto 41:44

4M ago41:44

41:44

Quantum computing is here, and it’s being used for more than cracking encryption. On today’s Packet Protector we get a primer on quantum, how it differs from classical computing, its applications for difficult computing problems, why quantum will be the death of blockchain, and how to think about quantum risks. Our guest, Johna Johnson, is... Read …

1
Top 10 Most Asked Questions about the CRC Exam with Jennifer Marcu 26:08

4M ago26:08

26:08

Nobody gets more questions here at CRCC than our Certification Department. Certification Supervisor Jen Marcu works with her team to answer questions, clarify steps in the process, and connect with thousands of certificants and future CRCs across the US. Jen is our guest this week, and we will explore some of the questions she hears most from stude…

1
CISA is Shrinking: What Does it Mean for Cyber? 34:30

5M ago34:30

34:30

Dark Reading Confidential sits down with two cybersecurity leaders to find out what cuts at CISA mean for the business of cyber. Featuring: Tom Parker, CEO of Hubble Technology Jake Williams, aka "@malwarejake", VP of R&D at Hunter Strategy In today’s episode, we’ll cover… The impact of CISA's workforce reduction How the private sector can fill the…

1
PP068: Common Kubernetes Risks and What to Do About Them 39:09

5M ago39:09

39:09

Today’s Packet Protector digs into risks and threats you might encounter in a Kubernetes environment, what to do about them, and why sometimes a paved path (or boring technology) is the smartest option. My guest is Natalie Somersall, Principal Solutions Engineer for the Public Sector at Chainguard. We talk about risks including identity and access.…

1
PP067: Protecting Secrets With Vault and TruffleHog 35:35

5M ago35:35

35:35

Secrets trickle out through misconfigurations, poor tooling, and rushed Git commits. Today’s guest, John Howard, joins us on Packet Protector to walk through practical secrets management with Vault and TruffleHog to help make sure you don’t expose your privates. John discusses work he’s done to build an automated process in his organization for dev…

1
PP066: News Roundup – NIST’s New Exploit Metric, Windows RDP Issues, Compromised Routers, and More 41:34

5M ago41:34

41:34

Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electric…

1
TBI Deep Dive for Rehabilitation Counselors with Shannon Juengst, PhD, CRC 44:58

5M ago44:58

44:58

Traumatic Brain Injury is the leading cause of death and disability worldwide, with an estimated 5.3 million Americans living today with the disability. Of all types of injury, those to the brain are among the most likely to result in death or permanent disability, making research and a deep understanding of how to navigate services for those impac…

1
PP065: A Microsegmentation Overview 33:47

5M ago33:47

33:47

Microsegmentation divides a network into boundaries or segments to provide fine-grained access control to resources within those segments. On today’s Packet Protector we talk about network and security reasons for employing microsegmentation, different methods (agents, overlays, network controls, and so on), how microsegmentation fits into a zero t…

1
PP064: How Aviatrix Tackles Multi-Cloud Security Challenges (Sponsored) 42:51

6M ago42:51

42:51

Aviatrix is a cloud network security company that helps you secure connectivity to and among public and private clouds. On today’s Packet Protector, sponsored by Aviatrix, we get details on how Aviatrix works, and dive into a new feature called the Secure Network Supervisor Agent. This tool uses AI to help you monitor and troubleshoot... Read more …

1
The Day I Found an APT Group In the Most Unlikely Place 25:05

6M ago25:05

25:05

Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way.By Dark Reading

1
PP063: Wi-Fi Security and AI in the WLAN at Mobility Field Day 52:57

6M ago52:57

52:57

Wireless security takes center stage in this episode of Packet Protector. Jennifer Minella and guests discuss “secure by default” efforts by WLAN vendors; the current state of PSK, SAE, and WPA3; NAC and zero trust; more WLAN vendors adding AI to their products (or at least their messaging); and more. Jennifer is joined by Jonathan... Read more »…

1
PP062: Hunting for Host Security and Performance Issues with Stratoshark 33:45

6M ago33:45

33:45

Stratoshark is a new tool from the Wireshark Foundation that analyzes system calls on a host. Network, security, and application teams can use Stratoshark to diagnose performance issues and investigate behavior that may indicate malware or other compromises of the host. On today’s Packet Protector we talk with Gerald Combs of the Wireshark Foundati…

1
PP061: Comparing Breach Reports, RSAC 2025 Highlights, and a Security Awareness Soapbox 35:36

6M ago35:36

35:36

New breach reports show threat actor dwell times are dropping significantly. It’s a positive development, but there is a caveat. We discuss this caveat and other findings from the 2025 editions of the Verizon Data Breach Investigations Report and the Google M-Trends Report. We also get highlights from the 2025 RSA Conference, and JJ gets... Read mo…

1
PP060: Subsea Cables and the Watery Risks to Critical Infrastructure 44:43

6M ago44:43

44:43

Submarine cables are a hidden wonder. These fiber optic bundles carry data and voice traffic around the world and serve as critical global links for communication and commerce. Today on Packet Protector, guest Andy Champagne dives into the history of submarine cables, the technological and operational advancements that allow voice and data to trave…

1
PP059: News Roundup – Oracle Plays Breach Word Games, Fast Flux Worries CISA, AI Package Hallucinations, and More 34:09

7M ago34:09

34:09

Once a month, the Packet Protector podcast likes to see what’s going on out there via our news roundup. There’s a lot happening! Today we discuss Fortinet warning that a threat actor has found a way to maintain read-only access on Fortinet devices even if you’ve applied the patch for the original threat. Avanti VPNs... Read more »…

1
PP058: Network Discovery with NMAP: You’ve Got Swaptions 45:09

7M ago45:09

45:09

We’re diving into NMAP on today’s show with guest Chris Greer. Chris, an expert in network analysis and forensics, explains what NMAP is, the difference types of scans, how device fingerprinting works, and more. We also coin the term “swaptions” as we have some fun with NMAP terminology. He also gives details on how to... Read more »…

1
The Intersection of Mental Health and Work with Dr. Xiaolei Tang, PhD, CRC, and Dr. David Strauser, PhD 38:32

7M ago38:32

38:32

At the University of Illinois Urbana-Champaign, the Illinois Institute for Rehabilitation and Employment Research (IIRER) is a hub for innovation and discovery that addresses vocational behavior, community integration, career development, and employment. Partnering with communities in Illinois and around the world, IIRER is continuously innovating …

1
PP057: Behind the Scenes At Cisco: PSIRT, AI, CVEs, and VEX 54:13

7M ago54:13

54:13

Cisco Systems has a sprawling portfolio of home-grown and acquired products. What’s it like trying to find and address bugs and vulnerabilities across this portfolio? Omar Santos, a Distinguished Engineer at Cisco, gives us an inside look. We dig into how Cisco identifies security bugs using internal and external sources, the growing role of AI... …

1
PP056: Ask A CISO with Joe Evangelisto 38:30

7M ago38:30

38:30

On today’s show, we chat with Joe Evangelisto, CISO at NetSPI. He recounts his journey to becoming a Chief Information Security Officer, one that started as an IT sysadmin, advanced to management, and led him ultimately to the CISO role. Joe talks about building security programs from the ground up and developing both personally and... Read more »…

1
Hoff’s Rules: People First 32:46

8M ago32:46

32:46

Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber incident and built from the ground up a security team and security culture. In this frank conversation, Hoff has some valuable advice for how to handle and rebound from a …

1
Starting a Private Practice as a CRC with Joseph Young, CRC, MS, LRC 48:46

8M ago48:46

48:46

Joseph Young is a Certified Rehabilitation Counselor, an LRC in Massachusetts, and owner of JOSEPH YOUNG CONSULTING, L.L.C. In this conversation, Joe shares his perspective on the importance of credentials, his journey with an invisible disability, and how CRCs who want to start their own private practice can begin their journey to working for them…

1
PP055: News Roundup – BotNet Targets TP-Link, Threat Hunting In the Electric Grid, Apple Vs. UK Snoops, and More 38:28

8M ago38:28

38:28

This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant …

1
PP054: Understanding WireGuard and Overlay VPNs with Tom Lawrence 49:11

8M ago49:11

49:11

WireGuard and other overlay VPNs are the focus of today’s podcast with guest Tom Lawrence from Lawrence Systems. We dig into differences between WireGuard and traditional IPSec VPNs, how WireGuard’s opinionated approach to crypto suites helps improve its performance, and how WireGuard compares to OpenVPN. We also look at the broader category of ove…

1
PP053: Rethinking Secure Network Access and Zero Trust With Bowtie (Sponsored) 42:47

8M ago42:47

42:47

On today’s Packet Protector episode we talk with sponsor Bowtie about its secure network access offering. If you think secure network access is just another way to say ‘VPN,’ you’ll want to think again. Bowtie’s approach aims to provide fast, resilient connectivity while also incorporating zero trust network access, a secure Web gateway, CASB, and.…