Join host Viktor Petersson as he delves into the fascinating world of physical penetration testing with expert Warren Houghton. This eye-opening episode reveals the techniques and tools used by professional pen testers to bypass building security systems and gain unauthorized access to secure facilities. Warren shares his real-world experiences breaking into banks, arenas, and corporate buildings, explaining everything from badge cloning and lock picking to social engineering tactics that exploit human psychology. Learn about the vulnerabilities in common access control systems, why HID proximity cards should be avoided, and why security awareness among staff is the most critical defense against physical breaches. Whether you're responsible for facility security or simply curious about how physical pen testers operate, this episode offers rare insights into the covert methods used to test and improve physical security postures.

14 MAR • 2025 1 hour 6 mins

Join host Viktor Petersson as he sits down with Marc Pous of Balena to explore the ever-evolving world of IoT, from remote management and fleet updates to security legislation and software bills of materials (SBOMs). Marc reveals how Balena pioneered container-based deployments on devices like Raspberry Pi, explains why over-the-air (OTA) updates are critical for any hardware project, and offers insights into upcoming regulations such as the Cyber Resilience Act (CRA). Discover why IoT is quickly becoming "just connected products," how businesses can adapt to this new era, and why it's time to rethink everything from SD cards to DevOps workflows. Whether you're an IoT veteran or curious about the future of connected tech, this episode offers a deep dive into managing devices at scale and keeping them secure.

28 FEB • 2025 1 hour 4 mins

In this episode, I sat down with Dustin Kirkland to discuss the critical topic of supply chain security and the innovative work being done at Chainguard. We delved into the concept of zero-CVE containers, exploring how this approach is revolutionizing container security. Dustin shared insights on modern supply chain threats, the importance of software bill of materials (SBOM), and practical strategies for maintaining secure container environments. The conversation covered both the technical challenges and solutions in today's rapidly evolving security landscape.

14 FEB • 2025 59 mins

In my conversation with Warren Houghton, he showed exactly how a penetration test unfolds: starting with scoping and permission paperwork, then moving into reconnaissance and tooling. He demonstrated how a tester uses Kali Linux alongside Nmap for port scanning, Metasploit for exploiting vulnerabilities, and Burp Suite for intercepting and manipulating web traffic. He also highlighted the risks of overlooked exposures—like a public .git directory or outdated WordPress plugins—and stressed how secure configurations and network segmentation can prevent lateral movement. Throughout, he emphasized the constant need for learning and vigilance against ever-evolving threats.

31 JAN • 2025 1 hour 1 min

In my conversation with Kate Stewart and Gary O'Neall, we explore the evolution and impact of SPDX in software transparency. From its origins in license compliance to its current role in security and vulnerability tracking, we unpack how this open standard is shaping modern software development practices. The discussion reveals fascinating insights into SBOM generation challenges and how SPDX 3.0 is being designed to meet the demands of today's CI/CD environments.

16 JAN • 2025 50 mins