Best Dmarc Podcasts (2025)

1
Episode 131: DMARC & PCI 4.0 Compliance - Is your Organization Compliant? 28:19

23d ago28:19

28:19

In this episode, Tyler and Brad discuss DMARC and how the latest version of the PCI framework requires phishing protection. You'll also learn about DMARC, DKIM, and SPF and how to elevate them to help protect your organization from attacks like Business Email Compromise (BEC). Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreat…

1
S6 Ep 03 – How long does it take to make an email campaign with Mike and Justine from Really Good Emails 36:36

19h ago36:36

36:36

You’ve heard of them before and they’ve definitely got the knowledge. Mike Nelson, Co-Founder of Really Good Emails and Justine Jordan, Email Enthusiast at Really Good Emails brought us their findings from their yearly survey on how long email marketeing teams take to craft a campaign. The results are fascinating and we’re excited they sharing what…

1
Episode 132: Reviewing the Mandiant M-Trends 2025 Report 42:23

23h ago42:23

42:23

In this episode Spencer and Brad review the M-Trends 2025 Report. M-Trends 2025 is Mandiant's annual report that shares frontline learnings from its global incident-response engagements—over 450 000 hours of investigations in 2024—providing sanitized, data-driven analysis of evolving attacker tactics, dwell times, industry and regional trends, and …

1
(Replay) How To Defend Against Lateral Movement 37:48

10d ago37:48

37:48

In this replay, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strateg…

1
S6 Ep 02 - Prepping for EAA with Megan Boshuyzen 39:59

18d ago39:59

39:59

Megan Boshuyzen is back and with some critical updates in the email accessibility realm. She’s got a ton of tips on how you can optimize your email campaigns to be accessible ready for the new EAA (European Accessibility Act) that is going to roll out this June 28th. Listen up as she shares resources and how you can prepare for this new regulation.…

1
Episode 130: Using Deception Technology to Detect Cyber Attacks 46:31

1M ago46:31

46:31

In this episode of The Cyber Threat Perspective, we explore the strategic integration of deception technology like canaries and honeypots into your cybersecurity defenses. Discover how these tools allow you to detect threat actors earlier in their attack sequence, disrupt malicious activities, and mitigate potential damage to your organization. Joi…

1
Episode 129: How to Analyze Threat Reports for Defenders 49:51

1M ago49:51

49:51

Threat reports can be goldmines for defenders — but only if we know how to extract and apply what matters. A good analysis can mean catching an attack early or missing it entirely. There's no shortage of threat intel out there. The real challenge is making sense of it without getting overwhelmed. In this episode we discuss: What makes up a threat r…

1
Episode 128: The Most Common External Pen Test Findings—And How to Fix Them 34:57

1M ago34:57

34:57

In this episode, Brad and Sam discuss the most common security issues found on external penetration tests, how to find them yourself, and how to address them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspence Spencer's LinkedIn: https://linke…

1
S6 Ep 01 - How to make DMARC easier with Brian Westnedge of Red Sift 34:42

2M ago34:42

34:42

Friend of the podcast and friend of Mailgun, Brian Westnedge of Red Sift stopped by to talk about how Mailgun and Red Sift want to make DMARC adoption easy as possible for Mailgun users and why DMARC authentication is needed in your email strategy. Peter Trinder from Mailgun joined us as well to let us know what went into this process and what to e…

1
Episode 127: SaaS Supply Chain Attacks - How to Stay Secure 42:53

2M ago42:53

42:53

This episode focuses on SaaS (Software as a Service) Supply Chain Attacks. We discuss what SaaS applications are most at risk, what the real danger of saas supply chain attacks are and most importantly how to defend and detect these attacks. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthre…

1
Episode 126: Typosquatting - How and Why It Works and How to Defend Against It 31:37

2M ago31:37

31:37

Dive into the quirky underworld of digital misdirection in this episode, where we explore the art of typosquatting. Discover how a simple mistyped URL can turn into a gateway for cyber trickery, as we break down the many forms of typosquatting—from subtle misspellings that mimic trusted sites to more elaborate schemes designed to deceive. Learn why…

1
Episode 125: Whose Job Is Harder? Red or Blue 55:30

2M ago55:30

55:30

In this episode, we discuss whose job is harder. The red team or the blue team? We discuss the roles and responsibilities of many red and blue teamers, the challenges both those teams face, and then we share some advice for handling and overcoming those challenges. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter:…

1
(Replay) How To Monitor Your Attack Surface 35:12

2M ago35:12

35:12

Unlock the secrets of effective attack surface monitoring in this replay of The Cyber Threat Perspective. Brad and Spencer dive into essential practices, tools, and methodologies to keep your systems secure. Define and understand attack surface and attack vectors Distinguish between physical and digital attack surfaces Explore DIY vs. commercial to…

1
Episode 124: MFA != Secure 54:21

3M ago54:21

54:21

Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatpov Spencer's Twitter: https://x.com/techspence Spencer's LinkedIn: https://linkedin.com/in/SpencerAlessi Work with Us: https://securit360.comBy SecurIT360

1
Episode 123: Insecure Active Directory Protocols 39:47

3M ago39:47

39:47

In this episode, we discuss several insecure protocols that are found within Active Directory environments. When these protocols are enabled, they could be abused by an attacker to perform a number of attacks, including privilege escalation and lateral movement. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: ht…

1
Episode 122: AI/ChatGPT Interviews a Web Pen Tester!! 15:02

3M ago15:02

15:02

In this episode, Chelsea (ChatGTP) interviews Brad about web application penetration testing. Listen in to learn how the process works from start to finish! Resources https://owasp.org/ https://nvd.nist.gov/vuln-metrics/cvss https://chatgpt.com/ Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyber…

1
Episode 121: How We Evade Detection During Internal Pentests 40:44

3M ago40:44

40:44

In this episode, Spencer and Brad discuss the ever popular and highly debated topic of evasion. In this podcast we talk about evasion from the context of evading defense controls, not necessarily EDR specific evasion techniques. Our hope with this episode is to shed light on this topic and help defenders understand various methods of evasion and th…

1
Episode 120: Demystifying Pentests: What Every Organization Needs to Know 40:38

4M ago40:38

40:38

In this episode, Spencer and Tyler discuss key things that they as pentesters wish all organizations knew about pentesting and the pentest process. They go through the entire lifecycle of a pentest and discuss definitions, processes, misconceptions and much more. By the end of this episode, we hope you have a better understanding of everything that…

1
Episode 119: Lessons Natural Disasters Can Teach Us About Cybersecurity 45:33

4M ago45:33

45:33

In this episode, we draw parallels between natural disasters and navigating today’s cybersecurity landscape. From the importance of preparation and layered defenses to the critical need for constant monitoring and resilience, we uncover valuable lessons that nature’s challenges can teach us about protecting systems and data. Whether you’re an IT pr…

1
(Replay) Tales From The Trenches 57:06

4M ago57:06

57:06

Join us for this replay of episode 78 - an enthralling journey into the heart of cybersecurity operations with “Tales from the Trenches,” an exclusive podcast presented by Brad Causey, Vice President of Offensive Security at SecurIT360. Dive deep into the high-stakes world of offensive security as Brad shares his firsthand experiences from a career…

1
(Replay) Email Spoofing: From Basics to Advanced Techniques and Solutions 27:10

4M ago27:10

27:10

Welcome to this replay on The Cyber Threat Perspective! In this episode, Brad and Spencer dive into the mechanics and recent developments of email spoofing, shedding light on how attackers are bypassing advanced email protections. In this episode, we cover: The fundamentals of email spoofing and why it's a significant threat. Insight into the recen…

1
(Replay) Windows and Active Directory Hardening 47:58

5M ago47:58

47:58

In this episode of The Cyber Threat Perspective, Nathan and Spencer discuss crucial strategies for Windows and Active Directory hardening, emphasizing the importance of community collaboration and the value of using CIS benchmarks for security compliance. In this episode, we cover: Implementing multi-factor authentication for domain admins The bene…

1
Episode 118: 2025 - A CISO's Perspective with Mike Whitt 46:26

5M ago46:26

46:26

In this episode, we’re discussing what a seasoned CISO is focused on going into 2025. Mike Whitt is a Cheif Information Security Officer in the financial sector with over 20 years of experience building teams, security programs, and leading organizations to a more secure posture. https://www.linkedin.com/in/mike-whitt-a4b4802/ Blog: https://offsec.…

1
Episode 117: Why Do Pentests Cost So Much? 39:03

5M ago39:03

39:03

In this episode, we’re peeling back the layers of the question so many organizations ask: Why do penetration tests cost so much? But here’s the real twist—are they actually expensive, or are we measuring their value the wrong way? By the end of this episode, you’ll understand not just the cost of a penetration test, but its value as an investment i…

1
Episode 116: Painfully Persistent Problems - Weak Passwords 35:52

5M ago35:52

35:52

In this episode, we’re diving into one of the most enduring cybersecurity challenges—weak passwords. We’ll explore how poor password practices and identity management pitfalls leave organizations vulnerable to compromise. From understanding the most common mistakes to implementing effective defenses, we’re breaking down what it takes to fortify you…

1
Episode 115: How to understand and address risk w/ Robert McElroy 40:25

6M ago40:25

40:25

In this episode, we discuss the broad concept of risk, what it is, and how to manage it. This episode is a great way to begin understanding how to develop an overall risk management strategy at your organization or understand how a risk management program might work for you. You find out more about what Rob and his team can do here: https://www.sec…

1
Episode 114: Making Penetration Test Results Actionable 38:07

6M ago38:07

38:07

In this episode, we discuss the challenge of translating penetration test findings into practical and effective security improvements, and we delve into the three major bottlenecks to improving security and give recommendations for overcoming them. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cy…

1
Episode 113: Phishing with Malicious RDP Files 28:14

6M ago28:14

28:14

In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US a…

1
Episode 112: Key Insights From The Microsoft Digital Defense Report 2024 38:45

6M ago38:45

38:45

In this episode, we dive deep into the newly released Microsoft Digital Defense Report 2024, which offers a comprehensive look at the latest trends in the global cybersecurity landscape. From evolving cyber threats and attack strategies to Microsoft's analysis of the most vulnerable sectors, we break down the key findings and what they mean for bus…

1
(Replay) How To Actually Protect Credentials 43:31

6M ago43:31

43:31

In this episode replay, Spencer and Darrius break down the complexities of credential protection, discussing everything from user education and tools to threat modeling and guardrails. Plus, we delve into the world of protecting credentials within scripts and code. This is a must-listen for all IT admins, CISOs and any other IT/Security professiona…

1
Episode 111: Red Team Tools (OST) Managing Open-Source Threats 31:04

7M ago31:04

31:04

In this episode, Spencer and Brad discuss a recent Trend Micro research project and associated white paper "Red Team Tools in the Hands of Cybercriminals and Nation States". Spencer and Brad dig into what red teaming is, what red team tools (often referred to as offensive security tools) are and why they are used. They also cover the abuse of red t…

1
(Replay) Vulnerability Management Deep Dive 35:42

7M ago35:42

35:42

In this replay episode, Spencer is joined by Daniel Perkins, a Senior Information Security Officer at SecurIT360 to discuss the intricacies of vulnerability management, the important prerequisites to vulnerability management, and best practices, and provide actionable strategies to level up your vulnerability management program. Blog: https://offse…

1
Episode 110: AD Security Workshop Preview 23:28

7M ago23:28

23:28

In this episode, Brad and Spencer discuss Spencer's upcoming in-person workshop at Cyber SC. The **Hardening Active Directory to Prevent Cyber Attacks** Workshop is aimed at IT professionals, system administrators, and cybersecurity professionals eager to learn how to bolster their defenses against cyber threats. In this workshop, we will discuss c…

1
Episode 109: Current State of Pentesting - Internal and External 39:41

7M ago39:41

39:41

In this episode, Spencer and Tyler share what they love and hate about the current state of penetration testing, they discuss current and future trends, and what it means to be a true cybersecurity partner. We hope you enjoy this episode! Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.com/cyberthreatp…

1
Episode 108: New tales from the trenches! 38:38

8M ago38:38

38:38

In this episode, Tyler and Brad talk about various security issues found on recent penetration tests. They outline the how and why, and talk about mitigation strategies to help you beat these issues in your environment. Resources Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://twitter.com/cyberthreatpov …

1
S5 Ep 07 - Take that, rewind it back - Season Recap and Email Camp MessageMania 27:50

8M ago27:50

27:50

In the season finale of Email's Not Dead, hosts Eric and Jonathan recap the key insights from Season 5 and look ahead to the future of email. They revisit important discussions on DMARC implementation, Google and Yahoo's new sender requirements, and email marketing best practices. The hosts emphasize the importance of proactive email authentication…

1
Episode 107: How To Defend Against Lateral Movement 37:48

8M ago37:48

37:48

In this episode, Spencer and Brad dive into lateral movement, discussing various techniques like RDP, RATs, Impacket tools, PsExec, PTH, PTT, and PowerShell Remoting. They explain how attackers use these methods to gain unauthorized access, evade detection, and enable malicious activities. They also discuss precursors to lateral movement and strate…

1
(Replay) DNS Security 31:12

8M ago31:12

31:12

In our "DNS Security" podcast, we delve into DNS's critical role in how the internet works, exploring its vulnerabilities and attacks like DNS spoofing, cache poisoning, and DDoS. We discuss DNSSEC and its components, including public and private keys, and examine practical solutions such as DNS and content filtering. The episode also highlights th…

1
Episode 106: An Overview of Cyber Risk 27:52

8M ago27:52

27:52

Let's talk about cyber risk classification in this episode of The Cyber Threat Perspective. Brad and Tyler provide a high-level overview of various types of cyber risk encountered in penetration testing. -Reputational Risk -Financial Risk -Operational Risk -Direct Risk -Indirect Risk -Lateral Risk -Strategic Risk -Compliance Risk https://offsec.blo…

1
Episode 105: How to Monitor Your Attack Surface 35:12

9M ago35:12

35:12

In this episode Brad and Spencer discuss Attack Surface Monitoring, what it is, and why it's important for defending against cyber-attacks. They give into the difference between attack vectors and attack surface and share a high-level overview on how to go about monitoring your own attack surface. Finally, they share tools and techniques for attack…

1
Episode 104: How To Get Into Cyber For First Responders 32:41

9M ago32:41

32:41

In this episode, Spencer has Sam Killingsworth on the show to talk about getting into cybersecurity, specifically penetration testing, coming from a first responder background. Sam is currently a full-time Firefighter/EMT and part-time penetration tester here at SecurIT360. Sam shares his background and experiences of learning cybersecurity and pen…

1
Episode 103: Email Spoofing 27:10

9M ago27:10

27:10

In this episode, Spencer and Brad dive into the complex maze of 3rd party email providers, filtering and spoofing. Email spoofing is a technique used by cybercriminals to disguise the sender's address in an email message, making it appear as though the email originated from a different source. This can be used for a variety of malicious purposes, s…

1
Episode 102: The Global CrowdStrike Outage 48:30

9M ago48:30

48:30

In this episode, Spencer is joined by Joey Vandergrift (SecurIT360's VP of Security Operations) and Mark Brophy (SecurIT360's DFIR practice lead). Together they discuss how CrowdStrike, a leading EDR product, caused one of the largest global IT outages in history. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: …

1
Episode 101: Infostealers - 10,000 Victims a Day 38:11

9M ago38:11

38:11

In this episode, Spencer and Brad dive into the deep underworld of infostealer malware. They discuss what infostealers are, how they are used and what they are used for. They will dig into how the information obtained from infostealers can help cyber threat actors compromise large and small organizations, cloud providers and more but also how the i…

1
(Replay) How We Hack Medical Devices To Save Lives 36:12

10M ago36:12

36:12

Discover the vulnerabilities lurking within medical devices and how ethical hacking can safeguard patient care. Join Brad, VP of Offensive Security at SecurIT360, as he unpacks the risks and protections against cyber threats in healthcare tech. - Unveiling the risks of wireless communication vulnerabilities in insulin pumps and glucose monitors tha…

1
Episode 100: The OpenSSH RegreSSHion Vulnerability 27:14

10M ago27:14

27:14

In this episode, Spencer and Brad discuss the OpenSSH "regreSSHion" vulnerability. This is being tracked as CVE-2024-6409 & CVE-2024-6387. A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker m…

1
Episode 99: Tool Time - OneDriveEnum & AD Miner 37:05

10M ago37:05

37:05

In this episode, Spencer and Tyler discuss two of their current favorite tools: OneDriveEnum for enumerating user accounts in Microsoft 365 and AD Miner for visualizing attack paths in Active Directory. We hope you enjoy and get value from this episode! Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitter: https://x.c…

1
S5 Ep 06 - What is M3AAWG and how can you get involved? 24:34

10M ago24:34

24:34

On this latest episode of Email’s Not Dead, the M3AAWG organization stopped by along with their Brand SIG committee and board of directors to talk about all the amazing work they’ve accomplished. They’ve just celebrated their 20 year anniversary and they’re committed to making the internet a safer place. Learn more about the Messaging Malware Mobil…

1
Episode 98: Current State of M365 Attacks: Initial Access 27:01

10M ago27:01

27:01

In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Topics covered: Credential Stuffing, Brute Force Attacks, Password Spraying, Prom…

1
Episode 97: Current State of M365 Attacks: Enumeration 26:18

11M ago26:18

26:18

In this episode, we discuss the latest trends and techniques for enumerating Microsoft 365. We break down how attackers may identify M365 tenants, how they discover and validate accounts and what you as an IT admin can do to protect your organization in-light of this. Blog: https://offsec.blog/ Youtube: https://www.youtube.com/@cyberthreatpov Twitt…

Podcasts Worth a Listen

Dmarc Podcasts

Podcasts Worth a Listen