Best Joshua Nicholson Podcasts (2025)

1
Identity-based Cyber: Jasson Casey on Beyond Identity and the Future of Cybersecurity 41:58

Play Pause

6h ago41:58

41:58

In episode 45, we sit down with Jasson Casey, CEO and Co-Founder of Beyond Identity, to explore how identity has become the new perimeter in cybersecurity. With over two decades of experience across security, networking, and software-defined infrastructure, Jasson unpacks why traditional defenses are failing and how the next generation of identity …

1
Eclipse Foundation SBOMs with Mikael Barbero 31:15

8d ago31:15

31:15

In this conversation, Josh speaks with Mikael Barbero, head of security at the Eclipse Foundation. They discuss the foundation's role in enhancing the security posture of open source projects, the importance of Software Bill of Materials (SBOMs), and the various security services provided to projects. Mikael explains the challenges and strategies i…

1
Surviving Ransomware: Strategies and Stories with Cybersecurity Expert Matthew Waddell 42:23

12d ago42:23

42:23

In episode 44 of Cyber Security America, host Joshua Nicholson sits down with Matthew Waddell, a battle-tested cybersecurity leader with over 25 years of experience in digital forensics, incident response, and ransomware defense. From conducting "just-in-time forensics" under combat conditions in Iraq and Afghanistan to leading global ransomware in…

1
Actually finding vulnerabilities using AI with Joshua Rogers 31:35

15d ago31:35

31:35

I chat with Joshua Rogers about a blog post he wrote as well as some bugs he submitted to the curl project. Joshua explains how he went searching for some AI tools to help find security bugs, and found out they can work, if you're a competent human. We discuss the challenges of finding effective tools, the importance of human oversight in triaging …

1
Ep. 102 | After Two Years of War, a Chance for Peace? 46:55

20d ago46:55

46:55

By Providence Magazine

1
Sustaining Package Repositories with Brian Fox 42:20

22d ago42:20

42:20

Brian Fox discusses the challenges and future of open source package repository infrastructure. We discuss the complexities of managing public registries, the impact of overconsumption, and the importance of sustainable practices in the open source community. Brian tells us how organizations can reduce their footprint and contribute to a more balan…

1
Arch Linux Security with Foxboron and Anthraxx 38:08

29d ago38:08

38:08

Join us for a conversation with Foxboron (Morten Linderud) and Anthraxx (Levente Polyak), members of the Arch Linux security team. We talk about the difficulties of maintaining a Linux distribution, the challenges of handling CVEs, and the dedication of volunteers who keep the open-source community working (and how overworked those volunteers are).…

1
Ep. 101 | So Reinhold Niebuhr and John Wesley Walk into a Bar… 1:14:03

1M ago1:14:03

1:14:03

(…actually, Wesley was a teetotaler so not possible.)Ladies and gentlemen, the Provcrew is at war. “Can you be a Wesleyan Protestant and a Christian realist?”The battle lines are drawn. Providence editor Mark Tooley, a Methodist Christian realist, says yes; editor at large Robert Nicholson, a non-Methodist who knows about John Wesley’s optimistic t…

1
Penetration Testing and Social Engineering: Insights from Steve Stasiukoni 56:49

1M ago56:49

56:49

🎙 Inside the World of Cybersecurity with Steve Stasiukonis Tune in to the latest episode of Cyber Security America as we explore real-world solutions for defending against today's ever-evolving cyber threats. Our guest, Steve Stasiukonis, President of Secure Network Technologies, brings over 29 years of experience in penetration testing, informatio…

51
OpenSSL with Hana Andersen and Anton Arapov 28:48

1M ago28:48

28:48

I discuss all things OpenSSL with Hana Andersen and Anton Arapov from the OpenSSL Corporation. Discover the intricacies of organizing the first-ever OpenSSL conference in Prague, the importance of post-quantum cryptography, and the evolution of OpenSSL from a small team to a global community. Whether you're a seasoned cryptographer or just curious …

1
Ep. 100 | Recovering 'Hebraic Mortar' to Patch Crumbling Foundations 1:09:55

1M ago1:09:55

1:09:55

The shocking assassination of Charlie Kirk is a wakeup call for Americans of every stripe. What is happening to our society? How can we fix it—and where do we start? In a fascinating conversation with Wilfred McClay and Stuart Halpern, authors of a new book entitled The Jewish Roots of American Liberty: The Impact of Hebraic Ideas on the American S…

51
The Python Software Foundation with Deb Nicholson 37:48

1M ago37:48

37:48

In this episode I discuss the Python Software Foundation with Deb Nicholson. We discuss their contributions to the Python programming community. Learn how this dedicated organization supports the growth and innovation of Python, fostering an ecosystem for developers worldwide. Everything funding open-source projects to organizing community events, …

1
Defense Contractors: CMMC Is Here — And the Clock Is Ticking 29:34

2M ago29:34

29:34

In our latest Cybersecurity America episode (42), I had the privilege of speaking with Jim Goepel, a true leader in cybersecurity and compliance — and someone who has helped shape the very ecosystem he now advises. Jim is the CEO of Fathom Cyber, a consulting firm in North Wales, PA specializing in: 🔹 CMMC assessment preparation 🔹 CUI education and…

51
Using Mercator to map assets with Didier Barzin 25:48

2M ago25:48

25:48

In this episode, we the information system mapping tool Mercator with Didier Barzin, a CISO at a hospital in Luxembourg. Discover how Mercator revolutionizes the way organizations map their complex information systems. From hospitals to universities and even the banking sector. Mercator helps manage and protect vast networks by creating dynamic, co…

1
Ep. 99 | An America(s) First Foreign Policy? 1:16:35

2M ago1:16:35

1:16:35

In a weird twist of history, the United States has spent the bulk of its diplomatic energy everywhere but its own backyard: the Western Hemisphere. President Trump has vowed to change that, wisely re-prioritizing Latin America after years of neglect, but may be undermining his chances of success with a counterproductive tariff policy that (ironical…

51
Talos Linux security with Andrey Smirnov 38:04

2M ago38:04

38:04

In this episode, I discuss into the security features of Talos Linux with Andrey Smirnov. Andrey explains how Talos focuses on its immutability and minimal attack surface. Discover how these enhancements fortify your systems against vulnerabilities, ensuring a secure and resilient infrastructure. Join us as we explore the security advancements that…

51
Discussing the Open Source, Open Threats? paper with Behzad and Ali 34:59

2M ago34:59

34:59

In this episode I chat with the authors of a recent paper on open source security: Open Source, Open Threats? Investigating Security Challenges in Open-Source Software. I chat with Ali Akhavani and Behzad Ousat about their findings. There are interesting data points in the paper such as a 98% increase in reported vulnerabilities compared to a 25% g…

1
From Combat Boots to Cybersecurity - Nia Luckey on her journey 53:08

2M ago53:08

53:08

In this episode of the Cybersecurity America Podcast, sponsored by DarkStack7, host Joshua Nicholson sits down with Nia Luckey — Army veteran, published author, and cybersecurity leader — to talk about her powerful journey from military service to the frontlines of cyber defense. Nia shares lessons on resilience, leadership, and transitioning from …

1
Ep. 98 | Are We All Going to Die? 45:32

2M ago45:32

45:32

In an essay commemorating the end of World War II, Providence editor Dr. Paul Miller argues that increased global anarchy and democratic decline are pushing US towards another global war. “The question is not whether there will be conflict,” Miller writes, “but when, what kind, and how large.”In this episode of the Provcast, editor at large Robert …

1
crates.io trusted publishing with Tobias Bieniek 25:39

2M ago25:39

25:39

In this episode we discuss crates.io trusted publishing with Tobias Bieniek. We cover the steps crates.io is taking to enhance supply chain security through trusted publishing, a method that leverages short-lived tokens and GitHub actions to safeguard against unauthorized access. Tobias shares insights into the challenges of managing a large-scale …

1
Cybersecurity's Golden Rule: The Legal Blueprint No One Shares 48:07

2M ago48:07

48:07

In this episode, sponsored by Darkstack7, Joshua sits down with Chris Cronin, partner at Halock Security Labs and founding partner of Reasonable Risk, to explore the intersection of cybersecurity, risk management, and the legal principles behind "reasonable" safeguards. Chris unpacks the DoCRA Standard and CIS RAM, sharing how historical and legal …

1
CVE update with Patrick Garrity 32:25

3M ago32:25

32:25

In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on t…

1
Ep. 97 | America, Destroyer of Worlds? 2:12:46

3M ago2:12:46

2:12:46

On August 6, 1945 at 8:15 AM, US forces dropped a new kind of bomb—one which harnessed the very power of the sun—on the Japanese city of Hiroshima. The devastation was total and unprecedented: some 70,000 Japanese died in the blast and tens of thousands more by year’s end. The event marked the start of new era in international politics and of a lon…

1
GCVE with Cédric Bonhomme and Alexandre Dulaunoy 31:38

3M ago31:38

31:38

In this episode I discuss GCVE and Vulnerability-Lookup with Alex and Cedric from CIRCL. GCVE offers a decentralized approach, allowing organizations to assign their own IDs and publish vulnerabilities independently. Vulnerability-Lookup is the tool that makes GCVE a reality. The flexibility addresses many of the limitations we see today with a sin…

1
Ep. 96 | The West and Weapons of Mass Destruction 80 Years after Hiroshima 1:20:26

3M ago1:20:26

1:20:26

Taking a break from guest interviews, the Provcrew (Tooley, Diddams, LiVecche, Nicholson) meets up to discuss a few big topics looming above the current news cycle. First, they talk through a recent Washington Post article from George Will arguing the need for more clarity about the nature and purpose of Western civilization. Moving between domesti…

1
EU Regulations will change everything with Daniel Thompson 31:57

3M ago31:57

31:57

In this episode, we dive into the Product Liability Directive and Cyber Resilience Act with Daniel Thompson, CEO of Crab Nebula. The EU's new legislative framework impacts manufacturers in ways we don't totally understand, but are going to bring substantial changes to how companies use and develop open source. Daniel explains the broader implicatio…

1
Ep. 95 | Why We Need the Apocalypse 1:18:43

3M ago1:18:43

1:18:43

The end times get a bad rap. Typically associated with Christian fundamentalists, the apocalypse has in fact been an object of human fascination for thousands of years. In this offbeat conversation with Robert Joustra, professor of politics and international studies at Redeemer University, the Provcast crew (James Diddams and Robert Nicholson) unpa…

1
Open source microprocessors with Jan Pleskac 30:51

3M ago30:51

30:51

In this episode Jan Pleskac, CEO and co-founder of Tropic Square, shares insights on the challenges and innovations in creating open and auditable hardware. While most hardware is very closed, Tropic Square is working to change this. WE discuss how open source can enhance security, the complexities of integrating third-party technologies, and the f…

1
Memory-Only Malware: The Threat You're Probably Missing 51:27

3M ago51:27

51:27

In episode 39, host Josh Nicholson is joined by memory forensics expert Andrew Case, co-developer of the Volatility framework and co-author of The Art of Memory Forensics. Together, they explore the critical role of memory analysis in modern incident response—uncovering hidden malware, insider threats, and ransomware techniques invisible to traditi…

1
Ep. 94 | What We Mean by 'Judeo-Christian' 1:21:53

4M ago1:21:53

1:21:53

On June 30th, Providence and Tikvah partnered to convene a panel titled "What We Mean by 'Judeo-Christian'" to discuss the role of the Hebrew Bible as a shared point of reference in the American traditions of liberal democracy and constitutional republicanism. This panel was inspired by the Providence article "The Judeo-Christian Nation" by Pete Pe…

1
Ep. 93 | The Israeli General Who Predicted Oct 7 – and What He's Predicting Now (Yossi Kuperwasser) 1:12:30

4M ago1:12:30

1:12:30

In July 2023, Brig. Gen. (ret.) Yossi Kuperwasser saw something catastrophic on the horizon: a Hamas invasion of Israel. A year later, in a conversation with Providence, he predicted an aggressive IDF military campaign to proactively degrade Hezbollah, the Assad regime, and Iran itself -- another bold prediction which also came true. One year later…

1
Episode 92 | Is America Betraying Middle East Christians? 1:13:05

4M ago1:13:05

1:13:05

Responding to two recent essays, the Provcast team interview Rich Ghazal, Executive Director of In Defense of Christians, to discuss the question of Christian persecution as it relates to US foreign policy past and present—and particularly to the well being of Christians now under threat in Syria. What is America’s obligation to these Christians an…

1
Digital Forensics & Incident Response (DFIR) with Surefire Cyber. 35:42

4M ago35:42

35:42

Cyber threats aren't slowing down—and neither are we. In episode 38 of Cyber Security America, I sit down with two powerhouses from Surefire Cyber—Karla Reffold and Billy Cordio—to pull back the curtain on what's really happening in today's incident response and threat intelligence landscape. 💡 What we cover: 📈 Real-world ransomware trends (like lo…

151
Package URLs with Philippe Ombredanne 36:48

4M ago36:48

36:48

I'm joined by Philippe Ombredanne, creator of the Package URL (PURL), to discuss the surprisingly complex and messy problem of simply identifying open source software packages. We dive into how PURLs provide a universal, common-sense standard that is becoming essential for the future of SBOMs and securing the software supply chain. The show notes a…

1
Episode 91 | Is Israel's Fight for Survival also America's Fight? 1:12:44

4M ago1:12:44

1:12:44

Talking with Iranian scholar and policy expert Dr. Farhad Rezaei, the Provcast crew get caught up on the latest developments related to the Iran-Israel war before talking through a number of hard questions: the nature of America's involvement, the potential for escalation and unexpected outcomes, and the controversial question of regime change. How…

151
Hobbyist Maintainers with Thomas DePierre 49:03

4M ago49:03

49:03

Thomas DePierre joins Open Source Security to discuss the central idea from his blog post, "You are all on the hobbyist maintainers turf now," exploring the massive disconnect between the corporate world that consumes open source and the hobbyist community that actually produces it. The conversation reveals this isn't a new problem, but a long-stan…

1
Episode 90 | Is There a “Trump Doctrine”? And What Just Happened in Ukraine? 1:36:10

5M ago1:36:10

1:36:10

In this two-part conversation, the Provcast crew unpacks Ukraine’s surprise drone attack on Russia and what it means for the war (and the future of war in general), America’s involvement, and whether the attack risks escalation with Russia.The crew then shifts to President Trump’s recent speech in Riyadh, which lays out the preliminary principles o…

1
Episode 89 | The Sources of Iran's Revolutionary Ideology 43:03

5M ago43:03

43:03

Providence Managing Editor James Diddams is joined by Jozef Kosc, Hamilton Center Fellow at the University of Florida, to discuss the varied ideological parentage of Iran's official state ideology, which includes not only Islamic sources but also European philosophers such as Martin Heidegger, Georges Sorel, Vladimir Lenin, Ernst Cassirer, and GWF …

151
STIG automation with Aaron Lippold 33:28

5M ago33:28

33:28

I chat with Aaron Lippold, creator of MITRE's Security Automation Framework (SAF), to discuss how to escape the pain of manual STIG compliance. We explore the technical details of open-source tools like InSpec, Heimdall, and Vulcan that automate validation, normalize diverse security data, and streamline the entire security authoring process. The s…

1
Data Intelligence: Breaking Chaos with Kyle DuPont | Ohalo's Innovation in Unstructured Data 40:22

5M ago40:22

40:22

In this powerful episode, we sit down with Kyle DuPont, CEO and Co-Founder of Ohalo, the trailblazing company reshaping the way organizations understand and manage unstructured data. With deep experience in both finance and technology, including a background at Morgan Stanley, Kyle shares the origin story of Ohalo and how their flagship product, Da…

1
Ecosyste.ms with Andrew Nesbitt 35:38

5M ago35:38

35:38

I recently chatted with Andrew Nesbitt about his project, Ecosyste.ms. Ecosyste.ms catalogs open source projects by tracking packages, dependencies, repositories, and more. With this dataset Andrew is able to incredible insights into the world of open source. We chat all about how Ecosyste.ms works and how he manages to wrangle all this data. The s…

201
Curl vs AI with Daniel Stenberg 34:23

5M ago34:23

34:23

Daniel Stenberg, the maintainer of Curl, discusses the increase in AI security reports that are wasting the time of maintainers. We discuss Curl's new policy of banning the bad actors while establishing some pretty sane AI usage guidelines. We chat about how this low-effort, high-impact abuse pattern is a denial-of-service attack on the curl projec…

1
Episode 88 | How Hindu Political Theology Halted, then Restarted Indian Nuclear Proliferation 26:43

5M ago26:43

26:43

Providence Editor James Diddams is joined by Bill Drexel, Fellow at Hudson Institute in US-India relations and geopolitical competition with China, to discuss his April 4th article "How Competing Hindu Theologies Drove India’s Nuclear Decision Making—In Opposite Directions." The story of India's acquisition of nuclear weapons is a compelling counte…

201
Repository signing with Kairo De Araujo 33:29

5M ago33:29

33:29

I recently had a chat with Kairo about a project he maintains called Repository Service for TUF (RSTUF). We explain why TUF is tough (har har har), what RSTUF can do, and some of the challenges around securing repositories. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-05-rstuf-with-kairo-de-a…

1
Episode 87 | Of American Popes and American Power in a Multipolar Age 1:33:38

5M ago1:33:38

1:33:38

Pondering recent events in the Vatican, the Provcast crew talks through the legacy of Pope Francis and the rise of "Pope Bob from Chicago" (the first Bishop of Rome to laugh at the Blues Brothers?) against the backdrop of a more important question: What role should the Roman Pontiff play in global affairs, if any? They then pick up questions surrou…

201
Securing GitHub Actions with William Woodruff 31:50

6M ago31:50

31:50

William Woodruff discussed his project, Zizmor, a security linter designed to help developers identify and fix vulnerabilities within their GitHub Actions workflows. This tool addresses inherent security risks in GitHub Actions, such as injection vulnerabilities, permission issues, and mutable tags, by providing static analysis and remediation guid…

1
Episode 86 | Providence Magazine's 10th Anniversary 1:37:53

6M ago1:37:53

1:37:53

As Providence Magazine approaches 10 years since its launch, editors Mark Tooley, Marc LiVecche, Robert Nicholson, and James Diddams discuss the founding vision of Providence and how the magazine has functioned as a forum for Christian realism since its inception.By Providence Magazine

201
Embedded Security with Paul Asadoorian 34:24

6M ago34:24

34:24

Recently, I had the pleasure of chatting with Paul Asadoorian, Principal Security Researcher at Eclypsium and the host of the legendary Paul's Security Weekly podcast. Our conversation dove into the often-murky waters of embedded systems and the Internet of Things (IoT), sparked by a specific vulnerability discussion on Paul's show concerning refer…

1
Episode 85 | Early America: Christian Republic—or Republic of Christians? 44:55

6M ago44:55

44:55

In his recent book "Religion and Republic: Christian America from the Founding to the Civil War" (Davenant, 2024), Miles Smith IV, Assistant Professor of History at Hillsdale College, explores the interplay between faith and politics in early America, revealing a more complex picture than current polemics might have us believe. Breaking down his th…

201
tj-actions with Endor Lab's Dimitri Stiliadis 32:39

6M ago32:39

32:39

Dimitri Stiliadis, CTO from Endor Labs, discusses the recent tj-actions/changed-files supply chain attack, where a compromised GitHub Action exposed CI/CD secrets. We explore the impressive multi-stage attack vector and the broader often-overlooked vulnerabilities in our CI/CD pipelines, emphasizing the need to treat these build systems with produc…