Podcast
mnemonic security podcast
Hosted by mnemonic · EN
The mnemonic security podcast is a place where IT Security professionals can go to obtain insight into what their peers are working with and thinking about.
17episodes
Episodes
Newest firstAll episodes
Lay of the Land: How Attackers Move in '26
1w ago00:40:33Tap to summarizeThe security world is a noisy place lately. What's actually going on in the trenches? Candid Wüest, Principal Security Advocate at xorlab, joins Robby to cut through the hype and take a look at how attackers are actually operating in 2026.They open with a reference to their last discussion about LLM-infused malware, and touch upon using deception techniques such as honey tokens, fake password files and prompt injections to derail automated attackers. From there, they walk through the actual lay of the land: edge device exploits, credential abuse via infostealers, supply chain attacks targeting GitHub repositories, and why ClickFix social engineering is still working just as well as ever. They also dig into the growing connection between AI-assisted development and supply chain risk and what organisations should actually be doing about it.The episode closes on the bug bounty market, where AI is quietly disrupting the economics of responsible disclosure, and what that might mean for how vulnerabilities get reported, priced, and exploited going forward.Send us Fan Mail
Transcribe →Auditing AI
May 400:34:05Tap to summarizeHow do you audit machine learning models, and where do you start on your AI governance journey? In this episode, Robby is joined by Gaute Brynildsen, Chief Audit Executive at Gjensidige, one of the leading Nordic insurance groups. Gjensidige has built a mature and tested approach to AI governance, and Gaute shares what they’ve learned along the way.Gaute explains how they went about auditing their in-house machine learning model trained solely on their own data, before expanding into broader governance across security, policies, roles, training, and risk. He also covers where he recommends starting when building AI governance, highlighting the risks of shadow AI and how to monitor it, the importance of cloud competence and the value of an AI risk officer role.They also discuss the level of automation among organisations in the Nordics, exploring agentic agents, and whether it’s overhyped or the next real shift.Send us Fan Mail
Transcribe →OpenClaw
Apr 2000:32:41Tap to summarizeThe AI agent everyone is talking about.In this episode of the mnemonic security podcast, Robby is joined by Marius Sandbu, fellow podcaster (CloudFirst Podcast and KI til Kaffen/AI with Coffee) and Cloud Evangelist at Sopra Steria. Together, they dive into the potential of agentic technologies, as of now. In particular, they cover OpenClaw, the open-source autonomous AI agent that is one of the most popular repositories on GitHub right now.The conversation covers key risks, including remote control access, overly broad permissions and supply-chain concerns. As well as enterprise governance challenges, the need for policies and observability across different agent platforms.They both share what conversations they're having with customers and security teams these days, both with the "gatekeepers" and the "believers". Send us Fan Mail
Transcribe →INTERPOL
Apr 800:33:00Tap to summarizeEver wondered how INTERPOL tackles organised crime and cyber threats?In this episode of the mnemonic Security Podcast, we’re joined by Bjørn Watne, Global Chief Information Security Officer at INTERPOL, for a conversation on how cybercrime is evolving, and what it takes to combat it.Bjørn draws on more than 25 years of experience across industries including law enforcement, financial services and telecoms. In his role at INTERPOL, he explains how the organisation connects and supports law enforcement across 196 countries, tackling terrorism, organised crime, financial crime, and cybercrime. He also explains how and why INTERPOL distinguishes between cybercrime and cyber-enabled crime, highlighting how traditional crimes are increasingly amplified by digital tools, AI, and cloud technologies.During Bjørn and Robby's conversation, Bjørn outlines INTERPOL’s coordination model with local jurisdictional leads, partnerships with private expertise, and the need for neutrality, including avoiding state-on-state cyber war issues. As well as discusses the “cybercrime supply chain”, attribution challenges, and where they've observed AI do the most harm.Send us Fan Mail
Transcribe →Social Engineering TTPs
Mar 2300:36:43Tap to summarize“Human behavior is not going to change significantly year after year.”In our latest podcast episode, Robby is joined by Rob Shapland, ethical hacker and Director at Cyonic Cyber, to explore how social engineering works in practice today.Despite advances in technology, social engineering remains an effective attack method. Whether it is a convincing email, a friendly conversation, or a well-timed request to the support desk, attackers continue to exploit human trust.In this episode, we discuss how social engineering tactics have evolved and what still stays the same, how new tools are making attackers more effective, and real-world stories, including how many buildings Rob has gained access to during his career so far.Rob will also be speaking at mnemonic’s annual conference, C2 Summit, this May. Check out the program and see if you should join us as well: mnemonic.io/c2-summit-2026 Send us Fan Mail
Transcribe →Initial Access Trends
Mar 900:33:12Tap to summarizeIn this episode of the mnemonic security podcast, we’re joined by Will Thomas, Senior Threat Intelligence Advisor at the CTI company Team Cymru, to discuss the latest trends in initial access.Will shares what he is currently observing, including the growing exploitation of edge devices, the targeting of SaaS environments using infostealers and stolen credentials, and the rise of ClickFix-style social engineering techniques.He also explains how these trends differ between threat actors depending on their motivations, and what organisations should prioritise to stay ahead. Will outlines practical steps defenders can take and the key questions security teams should be asking to stay ahead of attackers.The conversation also covers Will’s main concerns around threat actors’ use of LLMs, and how CTI and threat hunting should ideally be carried out to support security operations.Want more Will Thomas? Here you can find his Ransomware-Tool-Matrix: https://github.com/BushidoUK/Ransomware-Tool-Matrix/tree/main/ToolsAnd his own podcast Future of Threat Intelligence (FoTI) Podcast: https://www.team-cymru.com/future-of-threat-intelligence-podcastSend us Fan Mail
Transcribe →Runtime
Feb 2300:37:53Tap to summarize"It's prime time for runtime!"In this episode of the mnemonic security podcast, we're joined by Sergej Epp, Global CISO & Member of the Executive Team of Sysdig, to discuss threats at machine speed and runtime security.Sergej explains how runtime security enables organisations to understand what is really happening inside containers and serverless workloads, and why, without it, they are effectively blind to critical activity within their cloud-native environments. He shares recent examples of supply chain incidents that highlight these risks, including the GitHub Actions compromise, NPM attacks, and the two waves of Shai-Hulud.Robby and Sergej also discuss the most common ways that attackers get access to clusters and containers, and how organisations can stay ahead of attacks using real-time telemetry.Send us Fan Mail
Transcribe →Cloud Detection and Response
Feb 900:32:24Tap to summarize"We are not really seeing as many attacks in the cloud where people hack in. It's more likely that they simply log in."In this episode of the mnemonic security podcast, we're exploring Cloud Detection & Response (CDR) together with Brian Contos; returning guest, fellow podcast host, author, and serial security entrepreneur. In his conversation with Robby, he shares from his new role as Field CISO for the Cloud Detection & Response platform Mitiga.They discuss the Salesforce supply chain attack and the challenges of protecting interconnected cloud ecosystems, the evolution of Cloud Detection & Response so far, and what we should expect in the near future.Send us Fan Mail
Transcribe →Pentesting anno 2026
Jan 2600:32:47Tap to summarizePentesting anno 2026Erica Burgess, an experienced penetration tester and security consultant, joins us for this episode of the mnemonic security podcast to deliver a state of the union on penetration testing in 2026. Drawing on her Black Hat Europe AI Security Summit keynote, “Never Break the Chain: Attack Chaining for 0-Days,” Erica breaks down how seemingly low-severity or “informational” findings can be chained together into full system compromises. Erica details her practical approach to using customized AI agents for subtasking, from validating dynamic scanner results to finding obscure commands that bypass blacklists. Tasks that once required three days of manual research can now be completed in minutes, dramatically increasing the volume and sophistication of findings during time-constrained engagements. They also explore the broader implications of AI-assisted hacking: the risk of new blind spots when everyone leans on similar models, and the uncomfortable questions this raises about creativity, labor, and the future of junior talent in cybersecurity. Erica emphasizes the importance of maintaining human intuition and critical thinking, warning that over-reliance on AI can literally reduce brain activity, while acknowledging that pen testers who don't adapt to these tools risk being left behind.Send us Fan Mail
Transcribe →LLMalware
Jan 500:51:34Tap to summarizeWe’re kicking off the new year by taking a closer look at some of the threats that will shape 2026, and how they impact defenders.In this episode of the mnemonic security podcast, Robby welcomes Candid Wüest, Principal Security Advocate at xorlab, drawing on more than 25 years of experience in the field. After seeing Candid's talk “The Rise of AI-Driven Malware: Threats, Myths, and Defenses” at BlackHat Europe, Robby invited him to share his research and perspectives on the current state of AI-driven malware.They talk about the most common misunderstandings around AI-powered, AI-generated and AI-supported threats, as well as which types of LLM-related attacks Candid expects to make the news, and actually be effective, in 2026.Candid also shares his thoughts on how defenders’ roles are evolving, where he has seen organisations successfully implement AI in defense, and why going back to basics still matters. They also explore some of the biggest topics from Black Hat Europe in December, including AI-enabled SOCs.Send us Fan Mail
Transcribe →