Paul's Security Weekly (Audio) We Left It Vulnerable On Purpose - Rob Allen - PSW #910
7 snips
Jan 22, 2026 
Rob Allen, Chief Product Officer at ThreatLocker, explains why default allow is dangerous and how default deny can be practical. He discusses permit-by-exception, app definitions vs behavioral profiling, ringfencing, agent integrity, and using configuration checks to harden setups. Quick-paced conversation about managing thousands of apps, AI risks, and making controls complement detection.
AI Snips
Chapters
Transcript
Episode notes
University Firewall Migration Pain
- Paul described converting a university network from default allow to deny and breaking services repeatedly.
- Each flip to default deny caused friction but highlighted the need to fix access intentionally.
Continuously Check Configurations
- Continuously audit configurations to detect risky exceptions or overly-broad policies.
- Use automated checks that explain problems and suggest fixes, not just alert you to issues.
Rainbow Tables Lower The Barrier For NTLMv1 Cracking
- Mandiant released public NetNTLMv1 rainbow tables to accelerate defensive and offensive testing.
- Public availability lowers the bar for password cracking on legacy NTLMv1 systems.