The Cybersecurity Defenders Podcast

Conversation about a surge in malicious cyber activity linked to the Iran conflict. Discussion of large-scale open source supply chain compromises across GitHub, NPM, PyPI and Docker Hub. Examination of destructive wiper threats and recommendations for access controls and immutable backups. Exploration of AI coding agents used for autonomous espionage and how defenses must adapt.

Andrew Cook, CTO of Recon InfoSec and former Air Force officer, champions builders who create tooling and automation. He recounts inventing early defensive cyber systems, explains hiring and managing engineers-as-builders, and describes building a capability-driven SOC. Practical tips include scripting, home labs, and designing orgs and incentives that let builders thrive.

Justin Searle, Director of ICS Security at InGuardians, joins us today to talk about the challenges facing industrial control system security. With increased attack surface areas and maintaining and updating decades-old systems, Justin's dedication to informing and educating newcomers and experts alike is more important now than ever before.As the Director of ICS Security at InGuardians, Justin specializes in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in creating the NIST Interagency Report 7628 and has played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP). Justin is the owner of ControlThings LLC, a member of the SANS faculty, and an instructor at BlackHat. He has authored and taught numerous courses such as ICS410: ICS/SCADA Security Essentials, Assessing and Exploiting Control Systems and IIoT, Assessing and Exploiting Web Applications with SamuraiWTF, and SEC542: Web App Penetration Testing and Ethical Hacking. Justin also presents on a range of cybersecurity topics at leading security conferences across the globe.Learn more at: controlthings.ioSupport our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

David Burkett, Cloud Security Researcher at Corelight, is back on Defender Fridays this week to discuss thinking in pipelines for AI agents.As a dedicated and highly experienced Cloud Detection Engineer and Security Architect, David has the privilege of working at a Fortune 50 Company where he leverages his extensive background in cybersecurity to protect digital assets. With a proven track record of building three different Cyber Security Operations Centers for multiple MSSP/MDR providers.David's expertise is backed by a strong set of GIAC certifications, including GCTI, GCIA, GPYC, and GCED... among others. He's proud to have been part of a large overall security team that won the prestigious James S. Cogswell Outstanding Industrial Security Achievement Award from the Defense Counterintelligence and Security Agency. Our security operations center was recognized as being among the top 1% of cybersecurity programs for all cleared facilities.In addition to his hands-on experience, David has consulted for over 40 Fortune 500 Companies and Large Federal Organizations, helping them manage their SOAR platforms and playbooks. As a strong believer in knowledge sharing and collaboration, he's also an active contributor to the open-source detection security project known as Sigma. Learn more at https://corelight.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Today we're speaking with Stel Valavanis, Founder and Chairman at onShore Networks and Co-Founder at The Gallery Building, about sustaining a security company over three decades of industry changes. We also dive into investing in start ups and how founders can think long term about governance and growth.Stel has over 40 years of experience ranging from software development to network design and cybersecurity. He's founded 8 companies, invested in 10 more, and sit on various boards. His goal is to build the best tech stack for his customers but also wants to pay forward and make investments in startups, leveraging his knowledge and resources. Stel is always open to board positions and speaking engagements on cybersecurity, media technology, startup investing, and entrepreneurship.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The White House released President Trump’s Cyber Strategy for America, outlining a national framework to strengthen both defensive and offensive cybersecurity capabilities.Iran has expanded the scope of potential targets in the ongoing conflict with Israel and the United States by identifying infrastructure tied to major American technology companies in the Middle East as “legitimate targets.”Chinese-linked threat actors have launched cyberattacks against organizations in Qatar shortly after the initial US-Israel strikes on Iran, indicating a shift in regional targeting strategy.An Iranian-linked hacking group has claimed responsibility for a cyberattack on U.S.-based medical equipment manufacturer Stryker, which disrupted the company’s technology operations across its global offices.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Iranian drone strikes damaged three Amazon Web Services data center facilities in the Middle East, highlighting the physical risks associated with large-scale cloud infrastructure.Cyber activity linked to Iran and pro-Iranian actors has intensified following a joint US–Israeli military strike on Iran that killed Supreme Leader Ayatollah Ali Khamenei and several other government officials.The India-linked advanced persistent threat group known as “Sloppy Lemming” has significantly increased its cyber operations over the past year, targeting organizations in Pakistan, Bangladesh, and other parts of South and Southeast Asia.A cybersecurity researcher has reported a potentially serious vulnerability in Honeywell’s IQ4 building management controller, though the vendor disputes both the severity and practical impact of the issue.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Saurabh Shintre, Founder and CEO of Realm Labs, is on Defender Fridays today to discuss securing AI from within.Saurabh previously led the AI security research at Splunk and Symantec. He has been at the forefront of AI security research for nearly a decade with multiple publications and patents and regularly features on public forums on issues regarding security and AI. Saurabh holds a PhD from Carnegie Mellon. Learn more at https://www.realmlabs.ai/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.io/Follow LimaCharlieSign up for free: https://limacharlie.io/LinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.GitLab’s Threat Intelligence Team published detailed findings on North Korean activity associated with the Contagious Interview campaign and broader IT worker operations.A financially motivated, Russian-speaking threat actor used generative AI tools to compromise more than 600 Fortinet FortiGate firewall instances between January and February, according to Amazon Web Services.Cisco has released emergency patches for a critical zero-day vulnerability in its Catalyst SD-WAN products that has been actively exploited in the wild.Citrini Research presents a forward-looking scenario framed as a June 2028 macro memo describing a “Global Intelligence Crisis” triggered by abundant AI-driven intelligence.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

John V, AI risk, safety, and security at the Institute for Security and Technology (IST), joins Defender Fridays today. John's work spans AI red teaming, adversarial machine learning, AI evals and validation, and AI risk assessment, including policy work at the intersection of AGI and nuclear strategic stability. Learn more at https://securityandtechnology.org/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie