Best Offsec Podcasts (2025)

1
Episode 147: When to Accept the Risk 39:02

Play Pause

4d ago39:02

39:02

In this episode, we’re digging into one of the most overlooked parts of a penetration test, when it actually makes sense to not fix a finding. Not every vulnerability deserves equal treatment, and sometimes accepting the risk is the most mature decision a business can make. We’ll cover how to recognize those situations, avoid common pitfalls, and d…

1
Episode 146: What Are the Security Implications of AI? 45:09

11d ago45:09

45:09

In this episode of The Cyber Threat Perspective, we’re exploring the broader security implications of artificial intelligence. AI is transforming everything—from how we defend our networks to how attackers exploit them. We’ll break down the risks, the opportunities, and what security teams need to be thinking about right now as AI becomes embedded …

1
How Siemens Builds Its Content Strategy (with Niall Sullivan, Head of Marketing for Senseye) 30:54

13d ago30:54

30:54

In this episode of The B2B Content Strategy Show, Niels van Melick is joined by Niall Sullivan, Head of Marketing for Senseye at Siemens. Niall shares how he built a podcast-first content strategy that stands out in a crowded market, uses AI to scale repurposing, and ties efforts to revenue without chasing vanity metrics. Here’s what you’ll learn i…

1
Episode 145: What To Do Minute 1 When Incident Response Arrives 33:46

18d ago33:46

33:46

In this episode, we're diving into what to do the minute incident response arrives. That first moment matters—a lot. Whether it's a ransomware attack, unauthorized access, or data exfiltration, how you act in minute one can either help or hinder the investigation. We’ll cover the do’s, don’ts, and common mistakes we see, so you’re ready when the he…

1
Episode 144: How Cyber Threat Actors Are Using AI 31:53

25d ago31:53

31:53

In this episode of The Cyber Threat Perspective, we're diving into one of the most pressing trends in cybersecurity: how threat actors are using AI. From deepfake scams and AI-generated phishing emails to automated malware and voice cloning, attackers are leveraging artificial intelligence to scale their operations and sharpen their tactics. We’ll …

1
Episode 143: Stop Wasting Money on Pentests - Do This First 44:46

1M ago44:46

44:46

In this episode, we break down a question that often gets overlooked: When should you not do a penetration test? Not every organization needs a pentest right away, and choosing the wrong assessment can waste time, money, and effort. We’ll walk through the differences between pentests, vulnerability scans, and risk assessments — and when each one is…

1
Episode 142: How Active Directory Certificates Become Active Threats 35:56

1M ago35:56

35:56

In this episode, we're diving into one of the most overlooked yet dangerous components of Active Directory: Certificate Services. What was designed to build trust and secure authentication is now being exploited by attackers to silently escalate privileges and persist in your environment. We’ll break down how AD CS works, how it gets abused, and wh…

1
Episode 141: Are You Making These Windows Security Mistakes 30:24

2M ago30:24

30:24

It’s easy to overlook small misconfigurations on Windows endpoints, but those little mistakes can create big opportunities for attackers. In this episode, we break down the most common Windows security missteps we see in real-world environments, from missing the basics to reused local admin passwords. If you’re a sysadmin, IT admin, or just respons…

1
Episode 140: Financial Services Cybersecurity Challenges & How to Address Them - Part 2 43:33

2M ago43:33

43:33

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. We’ll break down common attack paths, what makes financial orgs so attractive to threat actors, and most importantly, what IT and secu…

1
Episode 139: Financial Services Cybersecurity Challenges & How to Address Them - Part 1 41:12

2M ago41:12

41:12

In this episode, we dive into the unique cybersecurity challenges faced by the financial services sector, from high-value targets and strict compliance requirements to the constant threat of phishing and ransomware. Whether you're on the red team, blue team, or in leadership, this episode will help you strengthen your security posture in one of the…

1
(Replay) How We Evade Detection During Internal Pentests 40:44

2M ago40:44

40:44

(Replay) In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasi…

1
Episode 138: The 7 Questions Every Security Leader Should Ask After a Pentest 42:16

2M ago42:16

42:16

In this episode of The Cyber Threat Perspective, we break down the 7 critical questions every security leader should ask after a penetration test. A pentest isn’t just about checking a box, it’s an opportunity to assess your defenses, measure progress, and refine your strategy. We discuss how to go beyond the report, extract real value from the ass…

1
Episode 137: Common Pentest Findings That Shouldn’t Exist in 2025 27:23

3M ago27:23

27:23

In this episode of The Cyber Threat Perspective, we highlight the pentest findings that, frankly, have no business showing up in 2025. From accounts with weak passwords and no MFA to plaintext credentials on file shares, we break down the common misconfigurations and oversights that attackers still abuse, despite years of seeing the same issues ove…

1
Episode 136: A day in the life of an External Penetration Tester 37:32

3M ago37:32

37:32

In this episode of The Cyber Threat Perspective, we dive into why a “A day in the life of an External Penetration Tester." What do we actually do, and how do the things we do affect the overall engagement? What's important? We answer all of these questions and more in this week's episode. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/…

1
(Replay) How To Harden Active Directory To Prevent Cyber Attacks - Webinar 1:00:04

3M ago1:00:04

1:00:04

(REPLAY) This is a recording of a webinar aimed at IT professionals, system administrators, and cybersecurity professionals eager to bolster their defenses against cyber threats. In this session, "How to Harden Active Directory to Prevent Cyber Attacks," our expert speakers will discuss comprehensive strategies and best practices for securing your …

1
Episode 135: We Couldn’t Get In...And That’s a Good Thing, Or Is It? 41:45

3M ago41:45

41:45

In this episode of The Cyber Threat Perspective, we dive into why a “we couldn’t get in” result on a pentest isn’t always the victory it seems—and why it can be a great sign if interpreted correctly. We break down the real defensive controls that prevented compromise, explore what might still be hiding under the surface, and share why even a clean …

1
Episode 134: Preventing Data Breaches: Strategies to Mitigate Initial Compromise 47:20

4M ago47:20

47:20

In this episode of The Cyber Threat Perspective, we tackle the crucial first step in cybersecurity: preventing initial compromise. We'll dissect common attack vectors like phishing and exploitation and explore layered defenses ranging from MFA and patch management to DMZs and WAFs. Get actionable guidance to integrate these controls into your secur…

1
Episode 133: How Cyber Attackers Steal Credentials & Hijack Sessions 31:51

4M ago31:51

31:51

In this episode of The Cyber Threat Perspective, we break down how attackers steal credentials and hijack sessions to gain unauthorized access to systems and data. From phishing to cookie stealing to session token theft, we’ll explore the most common techniques and how to defend against them. Whether you're an IT admin or security pro, you’ll walk …

1
Episode 132: Reviewing the Mandiant M-Trends 2025 Report 42:23

4M ago42:23

42:23

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and …

1
(Replay) How To Defend Against Lateral Movement 37:48

4M ago37:48

37:48

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strateg…

1
Episode 131: DMARC & PCI 4.0 Compliance - Is your Organization Compliant? 28:19

5M ago28:19

28:19

In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC). Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreat…

1
Episode 130: Using Deception Technology to Detect Cyber Attacks 46:31

5M ago46:31

46:31

In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools allow you to detect threat actors earlier in their attack sequence, disrupt malicious activities, and mitigate potential damage to your organization. Joi…

1
Episode 129: How to Analyze Threat Reports for Defenders 49:51

5M ago49:51

49:51

Threat reports can be goldmines for defenders — but only if we know how to extract and apply what matters. A good analysis can mean catching an attack early or missing it entirely. There's no shortage of threat intel out there. The real challenge is making sense of it without getting overwhelmed. In this episode we discuss: What makes up a threat r…

1
Episode 128: The Most Common External Pen Test Findings—And How to Fix Them 34:57

6M ago34:57

34:57

In this episode, Brad and Sam discuss the most common security issues found on external penetration tests, how to find them yourself, and how to address them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/link…

1
Episode 127: SaaS Supply Chain Attacks - How to Stay Secure 42:53

6M ago42:53

42:53

This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthre…

1
How AI Can Make You a Better Content Marketer (with Catie Grasso from Dataiku) 26:25

6M ago26:25

26:25

This week on the podcast, Niels van Melick sits down with Catie Grasso, Head of Content Marketing at Dataiku, to dive into how AI is reshaping content marketing. Catie shares her insights on how her team integrates AI into their daily workflows, balances automation with creativity, and ensures high-quality content at scale. Here's what you'll learn…

1
Episode 126: Typosquatting - How and Why It Works and How to Defend Against It 31:37

6M ago31:37

31:37

Dive into the quirky underworld of digital misdirection in this episode, where we explore the art of typosquatting. Discover how a simple mistyped URL can turn into a gateway for cyber trickery, as we break down the many forms of typosquatting—from subtle misspellings that mimic trusted sites to more elaborate schemes designed to deceive. Learn why…

1
The Art of Doing More with Less in Content Marketing (with Elise Thrale from Napier AI) 21:24

6M ago21:24

21:24

This week on the podcast, Niels van Melick is joined by Elise Thrale, Head of Content at Napier AI, to discuss how to maximize content marketing impact with limited resources. Elise shares her insights on prioritizing content efforts, learning from past experiments, and repurposing high-performing assets for long-term success. Here's what you'll le…

1
Episode 125: Whose Job Is Harder? Red or Blue 55:30

6M ago55:30

55:30

In this episode, we discuss whose job is harder. The red team or the blue team? We discuss the roles and responsibilities of many red and blue teamers, the challenges both those teams face, and then we share some advice for handling and overcoming those challenges. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter:…

1
(Replay) How To Monitor Your Attack Surface 35:12

6M ago35:12

35:12

Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure. Define and understand attack surface and attack vectors Distinguish between physical and digital attack surfaces Explore DIY vs. commercial to…

1
Episode 124: MFA != Secure 54:21

7M ago54:21

54:21

Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇ Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.comBy SecurIT360

1
How to Align Sales and Marketing Without the Headaches (with Aino Hakkinen from Sievo) 20:17

7M ago20:17

20:17

This week on the podcast, Niels van Melick sits down with Aino Hakinen, VP of Marketing at Sievo, to dive into the challenges and opportunities of sales and marketing alignment. With a background in sales development, Aino brings a unique perspective on how marketing can drive revenue, build stronger relationships with sales teams, and create strat…

1
Episode 123: Insecure Active Directory Protocols 39:47

7M ago39:47

39:47

In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht…

1
Episode 122: AI/ChatGPT Interviews a Web Pen Tester!! 15:02

7M ago15:02

15:02

In this episode, Chelsea (ChatGTP) interviews Brad about web application penetration testing. Listen in to learn how the process works from start to finish! Resources https://owasp.org/ https://nvd.nist.gov/vuln-metrics/cvss https://chatgpt.com/ Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyber…

1
Episode 121: How We Evade Detection During Internal Pentests 40:44

7M ago40:44

40:44

In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and th…

1
Episode 120: Demystifying Pentests: What Every Organization Needs to Know 40:38

8M ago40:38

40:38

In this episode, Spencer and Tyler discuss key things that they as pentesters wish all organizations knew about pentesting and the pentest process. They go through the entire lifecycle of a pentest and discuss definitions, processes, misconceptions and much more. By the end of this episode, we hope you have a better understanding of everything that…

1
Episode 119: Lessons Natural Disasters Can Teach Us About Cybersecurity 45:33

8M ago45:33

45:33

In this episode, we draw parallels between natural disasters and navigating today’s cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that nature’s challenges can teach us about protecting systems and data. Whether you’re an IT pr…

1
(Replay) Tales From The Trenches 57:06

8M ago57:06

57:06

Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career…

1
(Replay) Email Spoofing: From Basics to Advanced Techniques and Solutions 27:10

8M ago27:10

27:10

Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections. In this episode, we cover: The fundamentals of email spoofing and why it's a significant threat. Insight into the recen…

1
(Replay) Windows and Active Directory Hardening 47:58

9M ago47:58

47:58

In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance. In this episode, we cover: Implementing multi-factor authentication for domain admins The bene…

1
How to Build and Scale a High-Performing Content Team (with John Habib from Diligent) 25:25

9M ago25:25

25:25

This week on the podcast, Niels van Melick is joined by John Habib, Director of Content Strategy at Diligent, to explore what it takes to build and scale a high-performing content team. With years of experience leading content teams, John shares his insights on identifying key roles, balancing internal and external resources, and adapting to evolvi…

1
Episode 118: 2025 - A CISO's Perspective with Mike Whitt 46:26

9M ago46:26

46:26

In this episode, we’re discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture. https://www.linkedin.com/in/mike-whitt-a4b4802/ Blog: https://offsec.…

1
Episode 117: Why Do Pentests Cost So Much? 39:03

9M ago39:03

39:03

In this episode, we’re peeling back the layers of the question so many organizations ask: Why do penetration tests cost so much? But here’s the real twist—are they actually expensive, or are we measuring their value the wrong way? By the end of this episode, you’ll understand not just the cost of a penetration test, but its value as an investment i…

1
Breaking Down Internal Silos for Better Marketing ROI (with Elizabeth Strickert from A-LIGN) 26:50

9M ago26:50

26:50

This week on the podcast, Niels sits down with Elizabeth Strickart, Director of Content Marketing at A-LIGN, to explore the challenges and opportunities of breaking down organizational silos in marketing. Elizabeth shares her journey of fostering collaboration across teams to create more impactful campaigns and drive better results. Here's what you…

1
Episode 116: Painfully Persistent Problems - Weak Passwords 35:52

9M ago35:52

35:52

In this episode, we’re diving into one of the most enduring cybersecurity challenges—weak passwords. We’ll explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, we’re breaking down what it takes to fortify you…

1
How B2B Marketing Teams Should Differentiate Their Content (with Matthew Grant from SAP LeanIX) 26:45

9M ago26:45

26:45

This week on the podcast, Niels sits down with Matthew Grant, Director of Content Marketing at SAP LeanIX, to explore the challenges and opportunities of creating truly differentiated content in the age of AI. Matthew shares his wealth of experience in content strategy, customer storytelling, and leveraging subject matter expertise to stand out in …

1
Episode 115: How to understand and address risk w/ Robert McElroy 40:25

10M ago40:25

40:25

In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you. You find out more about what Rob and his team can do here: https://www.sec…

1
From Silos to Synergy: How Companies Should Align Their Content and Product Marketing (with Thereasa Roy from OffSec) 28:09

10M ago28:09

28:09

This week on the podcast, Niels van Melick is joined by Thereasa Roy, Director of Content and Product Marketing at OffSec, to explore the unique benefits of aligning product marketing with content marketing for long-term success. Thereasa shares her experiences overseeing both teams and how it has led to more cohesive messaging and impactful campai…

1
Episode 114: Making Penetration Test Results Actionable 38:07

10M ago38:07

38:07

In this episode, we discuss the challenge of translating penetration test findings into practical and effective security improvements, and we delve into the three major bottlenecks to improving security and give recommendations for overcoming them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cy…

1
How to Run Events That Drive Real Business Impact (with Carleen Hughes from Kainos) 34:13

10M ago34:13

34:13

This week on the podcast, Niels van Melick talks with Carleen Hughes, VP of Marketing at Kainos, about how to maximize ROI from events. With experience managing over 30 events annually, Carleen shares her insights on integrating events as a core element of a B2B marketing strategy, covering everything from planning to post-event follow-up. Here's w…