401 Access Denied

Cybersecurity isn’t just an IT issue—it’s a societal challenge. In this special episode of 401 Access Denied, Joseph Carson sits down with Bare Knuckles and Brass Tacks host, George Kamide, to discuss how branding, community building, and effective communication are reshaping the cybersecurity landscape. From the power of podcasts in education to the critical role of user experience, they explore what it takes to stand out and build meaningful connections in a digital world. Tune in for a conversation that goes beyond security to uncover the human side of the industry.

Connect with George:

http...

Cyber threats are evolving—are your defenses keeping up? In this episode of 401 Access Denied, host Joe Carson sits down with Wenzel Huettner, CEO and co-founder of Defend, to explore the future of cybersecurity. From the rise of Zero Trust to the critical role of incident response, they break down what organizations need to know to stay secure. Don’t miss this insightful discussion on building a resilient security strategy while keeping friction low. Tune in now!

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/

...

As cybersecurity threats evolve, staying ahead is more critical than ever. In this episode, Joe Carson welcomes back Dan Lohrmann to discuss what 2025 holds—from the rise of agentic AI to deepfakes, social engineering, and shifting regulatory pressures. They explore proactive security measures, the impact of global dynamics like US-China relations, and why continuous learning is key to staying protected.

Don't miss this insightful discussion packed with expert analysis and strategies to navigate the future of cybersecurity.

Resources:

In an ever-evolving digital landscape, how do organizations build resilience against cyber threats? In this episode, Wendy Nather, a renowned expert in cybersecurity strategy, joins us to explore what it means to think differently about security. From fostering collaboration to embracing innovative approaches, Wendy offers thought-provoking insights that challenge conventional wisdom and inspire forward-thinking solutions. Tune in for a lively and enlightening conversation that will leave you eager to rethink your own approach to cybersecurity.

Key Takeaways:

In the latest episode of 401 Access Denied, host Joseph Carson and cybersecurity expert Frank Vukovits examine 2024’s top cybersecurity trends and what lies ahead. They discuss evolving ransomware tactics, AI's dual role in defense and attack, the skills gap, and quantum computing's threat to encryption. Key topics include cloud security, AI governance, identity protection, and data privacy regulations, offering insights and strategies to navigate the rapidly changing cybersecurity landscape. Don’t miss their expert predictions for 2025 and actionable takeaways.

Listen in for:

In this episode of 401 Access Denied, host Joe Carson and cybersecurity expert Gal Diskin explore the evolving challenges of identity threats. They discuss how attackers compromise identities, the importance of phishing-resistant multi-factor authentication (MFA), and the need for continuous monitoring and detection.

The conversation highlights the criminal economy behind identity theft, the risks of security misconfigurations, and how AI is reshaping the landscape for both attackers and defenders. Listeners will learn actionable best practices to protect against identity threats and the importance of staying informed through collaboration within the cybersecurity community.

Key Takeaways:

Join us as Joe Carson sits down with Craig Jones, a former director at INTERPOL’s Global Cybercrime Programme, to explore the ever-evolving world of cybercrime. With over 40 years in public service, Craig shares unique insights on how criminals have adapted to tech advancements and the immense challenges law enforcement faces in today’s digital landscape. Discover the crucial role INTERPOL plays in bridging global efforts and the pivotal lessons from ransomware attacks like WannaCry. Get ready for a fascinating conversation on what it takes to protect our digital world!

Key Takeaways:

In this episode of 401 Access Denied, Joe Carson and guest Chris Katz dive into identity compliance essentials. They cover the critical steps for organizations to secure access, from defining roles and managing risks to enforcing governance and regular audits. Chris shares insights on using community resources and staying up-to-date through conferences to enhance compliance and reduce risks.

Key Takeaways:

Connect with Delinea:

Delinea Website: https://delinea.com/

...

H&R Block’s transformational CISO, Joshua Brown, shares lessons for building a security strategy that provides guardrails so business can move faster. He and Joe discuss how to speak the language of the business in terms of motivations and metrics, and the importance of aligning on risk management for material incidents. With a distributed attack surface, including 10,000 retail locations and a seasonal workforce, Joshua has developed effective strategies for building highly collaborative teams, gaining executive buy-in, and driving adoption for security best practices.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea Li...

Executive managing hacker at IBM X Force, known as Evil Mog, is a specialist in authentication security research and passwords. He joins Joe to discuss modern methods for abstracting passwords away from human decision-making and moving them into the background for stronger security. The two discuss how strategies for password management vary depending on your compliance needs, dependencies of legacy systems, and goals for user experience. You’ll learn best practices for managing enterprise passwords and other shared secrets to reduce user fatigue and avoid credential theft.

Connect with Delinea:

Delinea Website: https://delinea.com/

If you started viewing your cybersecurity program through a risk lens, rather than a technical lens, how would that change the conversations you have with business leadership? You might be asking questions like, “How valuable is the thing we’re trying to protect?” “What does it mean to the business?” “What would be the impact if it were compromised?” And, of course, “How much are we willing to invest to protect it?” In this episode, Nathan Wenzler, field CISO and advisor, shares his perspective on the meaning of “Security-by-Design.” More than guiding how you implement security tools or write code, he views it as a...

Access controls have evolved from attribute and role-based to today’s policy-based and knowledge-based access controls. Static controls miss the mark in organizations where job functions are fluid and access to IT systems and business applications must be granular. Nabeel Nizar, EVP of advisory at MajorKey Technologies, joins Joe to share strategies for setting permissions and entitlements that avoid excess privileges and ensure every access request isn’t based on exceptions. They discuss a crawl-walk-run approach to adopting emerging technologies that leverage data and context for access controls that adapt dynamically.

Connect with Delinea:

Delinea Webs...

Join Joseph Carson and digital identity expert Ian Glazer as they dive into the complex world of identity management. Discover the evolving tech expectations, the rise of non-human identities, and why visibility and automation are crucial for incident response. They’ll explore the future of identity management, including AI’s role in detection and policy enforcement. Tune in to understand the shift towards dynamic access, the limitations of role-based access, and how event time data can enhance control models. Don’t miss this deep dive into achieving zero-standing privilege and the future of identity and access management!

Connec...

Platformization is a hot topic in the cybersecurity industry, especially as use cases converge and vendor consolidation continues. Phil Calvin, chief product officer at Delinea, joins Joe to talk about how a platform approach changes the mindset around software development to prioritize agility and accelerate innovation. The two discuss how platforms benefit customers by streamlining the user experience with a set of shared services and a common interface. Learn how platforms bring together multiple use cases so that people get the information they need with context, so they can collaborate more effectively and make better decisions.

Connect...

In this episode, Joseph Carson interviews Myrna Soto, former Global CISO for Comcast, about the changing role of CISOs. Myrna shares her journey into cybersecurity and highlights the importance of business relationships and brand protection. She also offers tips on communicating with the board and staying informed. Tune in for valuable insights and practical advice!

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/

Delinea Twitter: https://twitter.com/delineainc

Delinea Facebook: https://www.facebook.com/delineainc

Delinea YouTube: https...

You can think of authentication as the key that lets you inside a house. Authorization allows you to enter a specific room, open the closet, turn on the TV, and look under the bed. Governance is the historical record of all activity that took place. In an enterprise environment, those interconnected “rooms” are core infrastructure, cloud platforms, and business applications. Authentication, authorization, and governance work together to protect the identity framework across them all. Frank Vukovits, chief security scientist at Delinea, joins Joe to break down how each of these elements contributes to effective identity security. An experienced auditor, Fran...

Join Joseph Carson and Dr. Andrea Isoni as they dive into the complexities of artificial intelligence. Explore AI's definition, practical applications in medicine and law, and the ethical challenges, including algorithmic bias and human oversight. They discuss the EU AI Act, its impact on AI development, and the global challenges of regulation. Discover the importance of accuracy, transparency, and explainability in AI systems, and the balance needed between protecting citizens and fostering innovation.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/

Delinea Twitter...

Geoff White, author and investigative journalist, has interviewed the masterminds behind some of the most notorious cyberattacks. His new book, Rinsed, reveals how technology has revolutionized money laundering, from drug cartels washing their cash in Bitcoin to organized fraud gangs recruiting money mules on social media. In this episode, the expert on technology and organized crime joins Joe to share what he’s learned about the motives and techniques cyberattackers use to conduct their crimes. Listen in to learn their secrets. This is more than the typical discussion of phishing, social engineering and malware, as Geoff and Joe dig in...

Joe Carson and Tony Goulding dive into the Verizon Data Breach Investigations Report (DBIR), revealing key insights on the top threats in cybersecurity. Discover why credential compromise remains the leading attack method and how ransomware, data exfiltration, and extortion are on the rise. Learn about the critical importance of strong authentication, authorization, and continuous monitoring. Don’t miss their expert advice on protecting credentials and staying ahead of evolving security threats.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/

Delinea Twitter: https://twitter.co...

In this episode, join us as Brent Deterding, a cybersecurity professional with 19 years of experience, unveils his top strategies for managing stress, prioritizing risks, and building resilience in the high-stakes world of cybersecurity. Discover how Brent's focus on controllable factors and his calm, composed approach—drawn from emergency medicine—can transform your risk management practices. Dive into his expert insights on the critical role of a CISO, effective third-party risk management, and the power of compelling storytelling to win stakeholder support. Plus, learn why Brent champions risk reduction over compliance and how Estonia's cutting-edge cybersecurity methods can inspire seamless, secu...

It’s becoming more common for companies to rely on cloud platforms like AWS, SaaS tools, Okta, and Github actions on CICD pipelines. In this episode, penetration tester and creator of HackTricks Carlos Polop shares how he’s helping cloud-first organizations understand the risk of vulnerabilities, misconfigurations, and exploitation techniques such as stealing secrets and abusing trusted relationships. His videos, demos, and training sessions are essential resources for IT security pros in cloud or hybrid organizations. Listen in as he shares his research on how cloud services are commonly misused and exploited and breaks down the latest strategies for main...

Evil Mog is the Chief Architect of IBM X-Force, IBM's Hacking Incident Response and Threat Intelligence division, and a renowned password security researcher. He studies the movements of access brokers across the criminal software supply chain and warns that credentials are being traded on the Dark Web for pennies on the dollar, stored in Github, and driving the growth of identity-based attacks. Meanwhile, shared passwords, reused passwords, legacy software, and the growth of AI applications makes effective authentication challenging. He and Joe discuss the latest research on the current state of passwords and how they’re evolving for layered au...

Allan Friedman of the Cybersecurity and Infrastructure Security Agency (CISA) explains how creating a Software Bill of Materials (SBOM) for any application you build helps you improve quality control and proactively address your customers' security questions. You'll learn how to build SBOMs into your process and increase collaboration between vendors and buyers to improve the security of the global supply chain.

Connect with Allan:

Website: http://allan.friedmans.org/

LinkedIn: https://www.linkedin.com/in/allanafriedman/

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https...

In this episode, Joseph Carson interviews Art Gilliland, CEO of Delinea, about the challenges and trends in identity security. They discuss the shift in identity security from infrastructure-centric to security-centric, driven by the move to cloud and SaaS products. They highlight the importance of visibility and security controls in a decentralized infrastructure. The conversation also covers the concepts of authentication, authorization, and governance in identity security. They explore the future of digital wallets and federated identity, as well as the need for consolidation and convergence in authorization. The episode concludes with a call to prioritize identity as a security...

Joe Carson and Louis Zezeran explore why the ethos that drives gamers is so relevant for hackers. As they note, the culture and ideas attackers are using today often stem from the environment of retro gaming. Both groups use techniques such as reverse engineering, modifying signals, upscaling, and software emulation. Though most retro games simply want to improve their own experiences and keep playing the games they love, malicious hackers and criminal gangs are skirting restrictions and copyrights to stop sales. Joe and Louis share ideas on how gaming and hacking communities can learn from each other. Plus, their...

What do public sector organizations need to know about ransomware trends, identity-based attacks, and incident response? Hear from Dan Lohrmann, Field CISO for the public sector at Presidio and co-author of Cyber Mayday and the Day After: A Leader's Guide to Preparing, Managing, and Recovering from Inevitable Business Disruptions. He and Joe discuss the reasons for ransomware’s decline in 2022 and subsequent acceleration in 2023, as threat agents leverage AI, social engineering, data exfiltration, and ransomware-as-a-service techniques. Dan shares the background of recent ransomware incidents that have impacted state, local, and educational organizations in Texas, Florida, and Michigan. You’ll get...

As founding chief executive of the UK National Cyber Security Centre (NCSC), Ciaran Martin sits at the intersection of national security, law, and politics. In this episode, he and Joe discuss how the UK NCSC took on the challenge of understanding security concerns and best practices from the private sector and translating them into effective crisis communications and policy changes. They share stories of cyber threats and attacks on critical infrastructure, and the impact these incidents have on citizens financially, physically, and psychologically. You’ll get a look at what it took to update the UK’s cybersecurity posture, incl...

As a virtual CISO and cybersecurity consultant, Gideon Rasmussen helps new CISOs and organizations that are bringing on a CISO for the first time build a program architecture, conduct budgetary assessments, and translate cybersecurity into business impact the board understands. Gideon and Joe discuss the importance of consistent process execution, QA, and automation to help teams avoid things slipping through the cracks and experiencing “compliance jitter.” They dig into the latest update for the NIST Cybersecurity Framework, and share ways to use risk assessments and incident response exercises to improve cyber resilience. If you’ve got an upcoming board presen...

Meet Tanel Sepp, Ambassador at Large for Cyber Diplomacy at Ministry of Foreign Affairs of Estonia. He talks with Joe about navigating Estonia’s security strategy as the country emerged from 2007 cyberattacks to become an international leader for digital governance, banking, and media. Learn about the latest advancements in cyber law, public-private partnerships, and multi-national bodies that are coordinating cybersecurity thought leadership and response activities.

Tanel on X(Twitter): @tanel_sepp

Tanel on LinkedIn: linkedin.com/in/tanel-sepp-79b89226b

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea Li...

Cyber criminals love to take advantage of human behavior, which is why social engineering remains a top attack vector. Hear how James McQuiggan, Security Awareness Advocate for KnowBe4, helps people make smarter security decisions, with training for all levels, phishing assessments, and mitigating controls. In this episode, James and Joe discuss emerging techniques driven by sophisticated, generative AI, and strategies you can employ to educate users and reduce risk of cyberattacks both at work and at home.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/<...

In this episode, Joseph Carson interviews Mikko Hypponen, a renowned cybersecurity expert, about notable cybersecurity events of 2023, including the rise of ransomware attacks and the success of cybercrime unicorns. They discuss specific cases such as the MGM Grand and Caesar's Palace attacks, as well as the Vastaamo incident in Finland. The conversation also touches on the growing threat of supply chain attacks and recommendations for combatting the coming surge of AI-driven attacks. They explore the potential battle between good AI and bad AI, with the rise of deep fake scams and the automation of malware campaigns.

Connect...

Join the candid conversation between Joseph Carson and cybersecurity advisor Klaus Agnoletti on living and working with ADHD. Klaus shares his personal story of being diagnosed later in life and the strategies he uses to succeed, including adapting his work style and environment to match his needs. This thought-provoking discussion emphasizes the importance of embracing neurodiversity in the workplace and the benefits of bringing your whole self to your career.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/company/delinea/

Delinea Twitter: https://twitter.com...

Join host Joseph Carson for a compelling discussion with Bugcrowd founder Casey Ellis on the evolution of coordinated vulnerability disclosure. Ellis’ pioneering work connects ethical hackers with organizations to enhance their cyber resilience. He shares his experiences and unique insights into disclosure trends, including how changing regulations and emerging AI considerations are having an impact. Don't miss this engaging dialogue to learn how the next generation of builders and breakers can take the lead and collaborate for better security.

Connect with Delinea:

Delinea Website: https://delinea.com/

Delinea LinkedIn: https://www.linkedin.com/co...

Steven Ursillo, Partner in the Risk & Accounting Advisory Services Practice and Leader of the Cybersecurity Group at Cherry Bekaert, joins Joe Carson to talk about meeting the challenges of costly, time-consuming compliance requirements. They discuss the nuances of cybersecurity frameworks like NIST CSF and ISO 27001, industry regulations like PCI, HIPAA, and SOX, and the differences between SOC1 and SOC2 examinations. Steven shares recommendations for scoping compliance programs and preparing for audits without breaking the bank or burning out your team. He offers advice on navigating the complexity of compliance based on your risk tolerance and strategies for using technology...

Jason Haddix, CISO and Hacker in Charge at BuddoBot, joins Joe to discuss his journey from hacking to penetration testing and ultimately taking on cybersecurity leadership roles. You’ll see how starting as an offensive practitioner provides valuable exposure, and hones your abilities to report and present results and provide defensive and remediation advice. They share tips for leadership, including prioritization, communicating the business impact of security, and developing a strategy to align with business goals. Whether you're just starting out in cybersecurity or looking to advance your career, you’ll learn practical guidance you can put into action righ...

Dive into the fascinating world of hacking. Sick.Codes gives you a glimpse into hacker culture, including the importance of collaboration and knowledge sharing. You’ll also learn how hackers identifying vulnerabilities impacts the growing “right-to-repair” legislative movement that seeks to make it easier and cheaper for consumers to fix products by requiring manufacturers to share information. This episode is packed with advice on tools and strategies for IT and security pros looking to uncover vulnerabilities, reverse engineer threats, and try their hand at ethical hacking. Will you heed the call to get involved with the hacker community?

More...

Cybersecurity experts Joe Carson and Dara Gibson discuss the importance of viewing cybersecurity as a cross-functional problem rather than solely an IT issue. Boards are now requiring organizations to have cyber insurance in place, making it crucial for businesses to be prepared for these conversations. For those who are new to the topic or need a refresher, listen in to get Dara's recommendations on making sure your cyber insurance is protecting you and Joe's recommendations for having an offline response plan in case of an attack.

ABOUT DARA GIBSON

Dara Gibson is the Senior Manager...

Hear how hackers target everything from airplanes to talking dolls. Pen testing expert Ken Munro discusses ways to close security gaps and protect embedded systems and connected devices.

Connect with Ken Munro:

Ken Munro on LinkedIn

Twitter: @TheKenMunroShow

Connect with Delinea:

Delinea Website

Delinea LinkedIn

Delinea Twitter

Delinea Facebook

Delinea YouTube

This week Joe Carson is joined by Merike Kaeo as they discuss the dynamic role of the CISO within an organization. They dive deeper into the role and how it interacts with different areas of the business, and what specific assets need protection and within what frameworks. An episode not to be missed!

Jump-start your cybersecurity career for FREE with Cybrary! 

Follow us on Social!

~Cybrary Twitter

~Delinea Twitter

~Instagram

~Facebook

~YouTube

In this episode we join host Joe Carson as he discusses state cybersecurity with Tonu Tammer of the Estonian National Cybersecurity Center. Tonu goes into the day-to-day operations of defending a country and its citizens from adversaries, as well as ransomware and DDOS attacks. Come along for an in-depth discussion with a cyber defender with years of experience in this exciting new episode!

Below are links referenced in the episode:

CERT-EE RFC 2350 | RIA

Reporting a cyber incident | RIA

Studies, analyses, overviews | RIA

Jump-start your cybersecurity career for FREE with...