CyberWire Daily – "Hot sauce and hot takes: An Only Malware in the Building Special"
Date: September 2, 2025
Host: Keith Millarsky (Q Intel, Retired FBI)
Guests: Dave Buettner (CyberWire Daily), Selena Larson (Proofpoint)
Episode Overview
This playful and fiery episode of "Only Malware in the Building" features a unique twist on traditional cybersecurity discussions—guests are grilled with both spicy hot sauces and probing cybersecurity questions. Drawing inspiration from the "Hot Ones" format, host Keith Millarsky turns up the heat (literally and figuratively) with co-hosts Dave Buettner and Selena Larson. Together, they reflect on career stories, the evolution of security habits, near-misses with malware, industry burnout, and some truly memorable moments from the trenches of cybercrime investigation.
Key Discussion Points & Insights
1. Password Origins and Changing Habits
Timestamp: 02:37–05:27
-
Selena Larson: Her first password was likely her last name or something equally simple, as she was very young when she started online. She highlights the transition to stronger habits, using password managers and multi-factor authentication.
- "A better fun fact is my first AIM screen name, which was PITA[Name]—pain in the posterior. But definitely my password usage has changed... definitely not using that when I was a teeny bopper." (03:05–03:43)
-
Dave Buettner: Started on a TRS 80 in the early 80s, when computers often had no password mechanism. First memorable username: Ziggy Stardust. His password at the time was probably something like "Bowie 69." Emphasizes that he no longer uses such basic or personal passwords.
- "My first username was the highly original and clever Ziggy Stardust... My original password, it was probably something appropriate for an 11- or 12-year-old boy." (04:25–04:39)
-
Keith Millarsky: His was "28if," a Beatles reference from the Abbey Road album, showing early creativity and a mix of letters/numbers even for early Hotmail.
2. Personal Security Routines & Threat Modeling
Timestamp: 06:19–08:52
-
Selena Larson: Describes being "imminently findable" online, so she’s cautious about public posts and stays vigilant not just for herself but also ensures her friends and family maintain good digital hygiene.
- "For public people, it can be a little bit of a supply chain...your friends and family can bring risk to you." (07:10–07:42)
-
Dave Buettner: Relies heavily on his phone for everything from alarms to news. Uses two-factor authentication and is vigilant but admits to similar habits.
-
Keith Millarsky: He’s habitually checking bank accounts for fraudulent charges, particularly when traveling, emphasizing vigilance beyond passwords or MFA.
3. ‘Almost Got Hacked’ Experiences
Timestamp: 09:22–14:41
-
Dave Buettner: Admits to falling for a phishing text: "Hey Dave, did you see this video that was posted of you?" He logged into a fake Facebook page—his first and only time being "got," but acted quickly enough to avoid major problems.
- "I just fell for it hook, line, and sinker... They got my ego, my curiosity, my fear..." (10:14–10:32)
- "It's so important because... part of the hack is making you feel stupid. They prey on your brain... trying to hack your feelings." —Selena (11:27–11:42)
-
Selena Larson: Nearly phished by a spoofed airline call center (one digit off), asking for sensitive info. She got suspicious, fed in fake details, and was impressed by the sophistication of the scam.
-
Keith Millarsky: Tells a gripping story of being undercover reviewing a malware "control panel" on a non-production network that sent template NCFTA files back to criminals—compromising his cover. Quick remediation involved scrubbing DNS/WHOIS to avert exposure.
- "They really thought somebody on my site was a fed. So... they backdoored [the malware]..." (13:01–13:41)
4. Cybersecurity Burnout & Digital Detox
Timestamp: 16:57–22:14
-
Selena Larson: "Anyone who says they know everything about cybersecurity is lying." Stays focused on areas most critical to her job and decompresses by reading physical books and getting off screens during self-care routines.
- "Burnout in cybersecurity is so real, so prevalent." (18:49)
-
Dave Buettner: Acknowledges the weight of covering "today's bad news." Relies on experts, relationships, and colleagues for knowledge, and decompresses by listening to music (not David Bowie anymore!), hiking, and unplugging—sometimes taking a day off from screens entirely.
-
Keith Millarsky: Avoids screens in his bedroom for better sleep and prefers cruise vacations to enforce digital distance.
-
Notable Quote:
"You can't sprint a marathon... otherwise you'll burn out very quick." —Keith (21:00–21:13)
5. Cybercrime War Stories: Wildest Cases
Timestamp: 25:52–28:32
-
Keith Millarsky: Shares tales from FBI cybercrime investigations, notably "WAGINT" (Wives and Girlfriends Intelligence)—leveraging social media oversharing by suspects' partners.
- "Their wives and girlfriends always never met a camera they didn't like." (27:05–27:24)
- "We called it WAGINT... just seeing what they were posting all the time—you just saw crazy stuff." (27:24–27:40)
-
Dave Buettner: References infamous cybercriminals like Bogachev, noted for keeping exotic cats.
6. First Encounters with Technology
Timestamp: 28:13–32:51
-
Selena Larson: Did not initially love technology (was focused on journalism), but realized tech and news are inseparable, especially in San Francisco. Credits self-teaching for her transition to cybersecurity.
- "I was like, I'm a hacker, but didn't really like technology... but then I really liked cybersecurity and privacy and dove in." (28:37–29:36)
-
Dave Buettner: Fell in love with computing early, programming on a TRS 80 with BASIC, saving up for his first computer. Later got into "phone freaking."
- "You don't have any money, but you have time... I would spend all summer long, just like all night...programmed all my own stuff." (30:44–30:52)
-
Keith Millarsky: Came to computers in college, drawn by the convenience of typing over typewriters; recounts Gateway desktop days, 28k modems, and the evolution to internet-enabled law enforcement. Praises his mentor, Tom Grasso.
Notable Quotes & Moments
-
On Social Engineering:
"That’s part of the hack—making you feel stupid. They prey on your brain… trying to hack your feelings." —Selena Larson (11:27–11:42) -
On Surviving Undercover Blunders:
“That was probably the worst act, because that was my undercover identity. But we were able to make it through." —Keith Millarsky (14:32–14:41) -
On Cybersecurity Burnout:
"Burnout in cybersecurity is so real... We are all under a lot of pressure... everything is a five-alarm fire, not just these wings." —Selena (18:49–21:20) -
On Malicious Forums:
“They’re always worried—are there feds or cops on the forum? So they're always trying to dox people... I would always make sure you’re opening it up in a VM and a totally non-attributable network.” —Keith Millarsky (14:49–15:21) -
On Learnings from the Field:
"Their wives and girlfriends always never met a camera that they didn't like… We called it WAGINT—wives and girlfriends intelligence." —Keith Millarsky (27:05–27:40) -
On Early Computer Days:
"My first username was Ziggy Stardust." —Dave Buettner (04:25–04:39)
"You could run a marathon or you could run a sprint, but you can't sprint a marathon." —Keith Millarsky (21:00–21:13)
Episode Structure & Key Segment Timestamps
- Introductions / Theme Setup: 00:23–02:02
- Password History: 02:37–05:27
- Personal Security Routines: 06:19–08:52
- Near Misses with Malware: 09:22–14:41
- (Ad break – skipped)
- Burnout & Digital Detox: 16:57–22:14
- FBI/Cybercrime Tales: 25:52–28:32
- Tech Origin Stories: 28:13–32:51
- Wrap-Up & Encouragement: 33:09–33:43
Tone and Vibe
The episode is spirited and approachable, blending professional insights with banter, nostalgia, and genuine camaraderie. Humor abounds as the group wrestles with increasingly hot sauces, making security talk both digestible and high-energy. The format encourages transparency about mistakes, self-care, and the very human elements behind cybersecurity.
Final Thoughts
This special "Only Malware in the Building" episode showcases the lighter—and sometimes spicier—side of cybersecurity, offering practical lessons, confessions, and a reminder: Nobody, not even the experts, is immune from mistakes or burnout. The underlying message? Keep learning, support your peers, and sometimes, take a break—from both screens and infernal sauces.
![Hot sauce and hot takes: An Only Malware in the Building special. [OMITB] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F62c13692-850a-11f0-ad7c-3f099007ece8%2Fimage%2Fc9e03c2780f2971756311ea6bbed3d9a.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)