Think like a hacker. Defend like a pro. Welcome to the Secure AF Cybersecurity Podcast — your tactical edge in the ever-evolving cyber battlefield. Hosted by industry veterans including Donovan Farrow and Jonathan Kimmitt, this podcast dives deep into real-world infosec challenges, red team tactics, blue team strategies, and the latest tools shaping the cybersecurity landscape. Whether you're a seasoned pentester, a SOC analyst, or just breaking into the field, you'll find actionable insight ...
…
continue reading
Alias Cybersecurity Podcasts
1
Episode 89: Meet the Alias SOC - on the Battlefront of Cybersecurity
29:57
29:57
Play later
Play later
Lists
Like
Liked
29:57
Got a question or comment? Message us here! 🔐 Inside the SOC 🔐 Go behind the scenes with the Alias Security Operations Center (SOC) team to learn how they operate, collaborate, and tackle today’s top cyber threats ⚔️. Find out why a SOC matters, and how organizations can still leverage SOC insights and support, even without one in-house 💼. 🎧 Tap in…
…
continue reading
1
Secure AF SOC Brief #5 - Chrome CVE-2025-6554
9:04
9:04
Play later
Play later
Lists
Like
Liked
9:04
Got a question or comment? Message us here! In this episode of The SOC Brief, the team unpacks a critical zero-day vulnerability in Google Chrome (CVE-2025-6554) that’s being actively exploited. Learn how attackers use type confusion bugs to hijack browser memory, what makes this exploit so dangerous, and why it’s targeting high-value organizations…
…
continue reading
1
Ep 91: The Engineers React to Breach News
45:27
45:27
Play later
Play later
Lists
Like
Liked
45:27
Got a question or comment? Message us here! In this episode, our security engineers break down the latest cybersecurity headlines, from the real scoop behind the “16 billion password” leak to the rise of hacker groups like Scattered Spider. 🕷️ We discuss how attackers bypass MFA, why exploited data keeps resurfacing, and what organizations can do t…
…
continue reading
Got a question or comment? Message us here! In this episode of The SOC Brief, Andrew and Dax dive into the world of false positives – those misleading alerts that flood security teams with noise. They discuss how misconfigurations, lack of context, and overly sensitive rules can lead to alert fatigue. With practical tips on investigation, tuning to…
…
continue reading
Got a question or comment? Message us here! 🔐 New SOC Brief Episode: Tracing the Breadcrumbs Cybercriminals always leave a trail, if you know where to look. In this episode, we break down Indicators of Compromise (IOCs) and how they help security teams detect and respond to threats faster. 🎯 What we cover: • Real-world incident reports & proof of c…
…
continue reading
1
Episode 90: Global Wars - Cyber Strikes Back
50:11
50:11
Play later
Play later
Lists
Like
Liked
50:11
Got a question or comment? Message us here! 🎙️ New Secure AF Episode: Global Wars: Cyber Strikes Back 🌐⚔️ How does global news shape cybersecurity operations? In this episode, we dig into how real-world events influence the threats we track, the way we respond, and the tools we use for social engineering/pentesting. 🔍 We talk threat intel, evolving…
…
continue reading
Got a question or comment? Message us here! 🎙️ This Week on the SOC Brief: Join Andrew and Dax as they dive into the emergence of a new threat actor known as SafePay 🕵️♂️💻. They break down the latest tactics, techniques, and procedures observed from this group, offering insights into how organizations can stay vigilant. From detection strategies 🔍…
…
continue reading
Got a question or comment? Message us here! Welcome to 🎙️The SOC Brief 🎙️our byte-sized mini series bringing you weekly updates straight from the Security Operations Center. In this episode, Andrew, Dax, and Dylan break down what life in the SOC looks like, the rise of malvertising, and the emerging threat known as Recipe Lister, discussing how it’…
…
continue reading
1
Episode 88: Two-Time CISO Showdown Champion (and Chad)
46:05
46:05
Play later
Play later
Lists
Like
Liked
46:05
Got a question or comment? Message us here! Alias Cybersecurity Jonathan Kimmitt is joined by Chad Kliewer to discuss the exciting CISO Showdown competition between Chief Information Security Officers (CISOs) at BSidesOK. They delve into the history of the showdown, how it works, and highlight significance of the championship belt. Tune in as they …
…
continue reading
1
Episode 87: Securing Patient Data with HIPAA's New Security Rules
53:31
53:31
Play later
Play later
Lists
Like
Liked
53:31
Got a question or comment? Message us here! Alias Cybersecurity CISO Jonathon Kimmitt is joined by Derrac Page to discuss the new changes to the HIPAA security rules being set in place this year. Listen as they go over many of the biggest points raised from the 660+ page guidelines and discuss ways that HIPAA Privacy Officers and HIPAA Security Off…
…
continue reading
1
Episode 86: How to make your pen test training not suck
33:05
33:05
Play later
Play later
Lists
Like
Liked
33:05
Got a question or comment? Message us here! Following BSides Oklahoma where Tanner gave an 8 hour training on the basics of penetration testing, Tanner and Keelan give advice on how to present red team/pen test training... specifically how to make the trainings not suck. Sponsored by AFCyberAcademy.com. Support the show Watch full episodes at youtu…
…
continue reading
1
Episode 85: Is SANS the overpriced dinosaur of cybersecurity training?
43:24
43:24
Play later
Play later
Lists
Like
Liked
43:24
Got a question or comment? Message us here! On this week's Secure AF podcast, Tanner poses a controversial question: is SANS the overpriced dinosaur of cybersecurity training? The answer is not a simple one. Listen in as Tanner and CISO Jonathan Kimmitt go in depth on the pros and cons of different security certifications such as Offensive Security…
…
continue reading
1
Episode 84: New Years Cyber Resolutions Part 2
52:37
52:37
Play later
Play later
Lists
Like
Liked
52:37
Got a question or comment? Message us here! As we step into the new year, it's essential to reinforce our defenses against cyber threats. Join Jonathan Kimmitt and Todd Wedel for part 2 of their discussion of cyberresolutions. Their list includes: - **Data Inventory**: Know your data—what, where, and who has access. Regular audits are a must! - **B…
…
continue reading
1
Episode 83: New Years Cyber Resolutions Part 1
37:34
37:34
Play later
Play later
Lists
Like
Liked
37:34
Got a question or comment? Message us here! 🚀 Kickstart 2025 with Cybersecurity Resolutions! 🔐 In our latest podcast episode, Todd and Jonathan discuss crucial strategies for a secure year ahead. Tune in for more insights and make this year your most secure yet! 🎧✨ #Cybersecurity #AI #Secure2025 Support the show Watch full episodes at youtube.com/@…
…
continue reading
1
Episode 82: Leaving It All On The Table - The What, How, and Why of Tabletop Exercises
43:37
43:37
Play later
Play later
Lists
Like
Liked
43:37
Got a question or comment? Message us here! Ready for an IR? You may have controls, policies, and procedures, but how do you know they exist? Are robust? Followed and adhered to? Join Jonathan Kimmitt and Alexandria Hendryx as they discuss what a tabletop is, how to conduct one effectively, and why they matter to your organization to prevent and pr…
…
continue reading
Got a question or comment? Message us here! Join Jonathan Kimmitt and Todd Wedel as they continue discussing how to practice IR aversion tactics. 'Tis the season for IRs and best practice cybersecurity. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.…
…
continue reading
Got a question or comment? Message us here! 'Tis the holiday season! A time for family...and breaches. Want to be cyberprepared to spoil the hacker's celebration? Listen to our 2 part series where Jonathan Kimmitt ensures your festivities are without incident. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple …
…
continue reading
Got a question or comment? Message us here! Firewalls are an often overlooked or unmanaged part of a network infrastructure. Listen as Andrew Hickman and Keelan Knox discuss what they are, why you should pay attention to them, what we've seen on incident responses, and what you need to do to secure your network. Support the show Watch full episodes…
…
continue reading
Got a question or comment? Message us here! Attend S3CCON? Enjoy experiencing the recap. Miss S3CCON? Hear what was awesome, what we learned, and what to look forward to in 2025! Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.…
…
continue reading
Got a question or comment? Message us here! Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.By Alias
…
continue reading
1
Episode 76: Losing the Cyberwar Through Marketing, Part 2
55:19
55:19
Play later
Play later
Lists
Like
Liked
55:19
Got a question or comment? Message us here! Jonathan and Todd continue the conversation about how the way we talk about cybersecurity puts us in a deficit against the malicious actors and how we might reframe to better equip the defenders. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and…
…
continue reading
1
Episode 75: Losing the Cyberwar Through Marketing, Part 1
43:50
43:50
Play later
Play later
Lists
Like
Liked
43:50
Got a question or comment? Message us here! Are hackers really as successful as they appear? Or is it that they have better messaging? Join us for a conversation about how marketing around cybersecurity might play a part in the hacker mystique. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotif…
…
continue reading
Got a question or comment? Message us here! On this episode of the SecureAF Podcast, Keelan Knox interviews our 2024 interns. They share insights on how they got in, what they are learning, and where this will take them. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get y…
…
continue reading
Got a question or comment? Message us here! Alias CEO Donovan Farrow and Business Development Coordinator Trey Allen talk the tips and tricks of the vishing trade. They're gearing up for the DEFCON social engineering village. Listen or watch to hear their tales and experiences to learn how they're going to bring the heat to Las Vegas. Support the s…
…
continue reading
Got a question or comment? Message us here! Bryan Filice of Trap Technologies joins Keelan Knox to talk about the current threat landscape and why security has to involve every system, host, and employee. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podcasts.…
…
continue reading
Got a question or comment? Message us here! Ever wonder what your CISO (or CIO or anyone in IT security management) may be thinking? Are you’re the one in that position having those thoughts? Join Jonathan Kimmitt as he describes all the things CISOs wish they say but don't…and why and when they should. Support the show Watch full episodes at youtu…
…
continue reading
Got a question or comment? Message us here! Heard about the recent revelation of the Boeing breach? Join Alias CEO Donovan Farrow on the SecureAF Podcast as he lays out what we know, what we don't, what this means, and what we hope to learn to better protect our companies and communities, locally and nationally. Support the show Watch full episodes…
…
continue reading
Got a question or comment? Message us here! AI is all the rage. Or AI having rage is the bigger fear. Doesn't matter where you go, it's a topic of attention. The potential uses and abuses are touted on every news station and from every pundit, whether proponent or naysayer. But what's true? Especially in the realm of cybersecurity? Our engineers ha…
…
continue reading
Got a question or comment? Message us here! Seriously, do you know where your data is? It’s an often overlooked question in cybersecurity. In the case of an incident, without knowing where your data is, how do you know what’s been accessed? Where else that data might be? What’s needed to remediate? And what’s less crucial to restore? But even befor…
…
continue reading
Got a question or comment? Message us here! What good is a Pen Test? There are a host of answers - knowing your environment, identifying dangers, implementing remediations, meeting compliance. But how should a CISO view a Pen Test given their unique role in the organization? How do they best understand the need, the conduct, the reporting, and the …
…
continue reading
Got a question or comment? Message us here! Cybersecurity is critical to an organization. But cybersecurity is only part of a robust security posture. It’s equally important, and in fact of first importance, to assess information security. You need to assess what privacy guidelines, compliance, and best practices entail what data you can have so yo…
…
continue reading
Got a question or comment? Message us here! Scheduling a cybersecurity engagement can be stressful, for client and pentester alike. Both want the same thing - a well conducted, accurate assessment of the client infrastructure to provide the best value add to bolster cybersecurity. It helps to start from a shared set of standard expectations and pra…
…
continue reading
1
Episode 63 - Critial Infrastructure: The Final Frontier
39:40
39:40
Play later
Play later
Lists
Like
Liked
39:40
Got a question or comment? Message us here! wWhat's the Final Frontier? For Trekkies, it's space. For cybersecurity, it's Critical Infrastructure. Might not sound exciting, but the risks from poor security and the rewards of strong controls might get you to sit up and take notice. Maybe even motivate you to boldly go where no ethical hacker has gon…
…
continue reading
Got a question or comment? Message us here! Wondering what the best path into cybersecurity is? Here's a hint: There's not one answer. On this episode of the SecureAF Podcast, Tanner Shinn and Keelan Knox share very different stories of getting into the field. Even with different paths, they'll share what they have in common and what you should thi…
…
continue reading
Got a question or comment? Message us here! You may have heard of Penetration Tests. You may know you need one. You may have had one or more. But do you know there's more than one type? More than one take? More than one test? On this episode of the SecureAF Podcast, Alias Principal Security Engineer Tanner Shinn and CISO Jonathan Kimmitt discuss th…
…
continue reading
Got a question or comment? Message us here! There has been a lot of news about the alleged incident experienced by Integris. Some of you may have even received emails from the threat actors revealing personal information to solicit money. This is not the first attack to leverage the threat of leaked data for monetary reward. It is among the first f…
…
continue reading
Got a question or comment? Message us here! You know you need regular penetration tests to ensure your network is secure. You know the steps to remediate the findings and take the recommended actions to continue on a path toward cybersecurity. But what about what you don't know? What about what the penetration test doesn't cover or doesn't reveal? …
…
continue reading
Got a question or comment? Message us here! The Solar Winds breach is not news. The CISO being personally named in the investigation is. Although not the first CISO to be so identified, this is the most high profile. This raises questions for the future of CISO role and responsibility and IT more generally. Should an individual be held responsible …
…
continue reading
Got a question or comment? Message us here! If you follow our socials, you know Phillip Wylie recently joined the Alias crew! We’re excited to welcome him to help us build our team’s presence supporting organizations’ and individuals’ growth in cybermaturity. Join Alias CISO Jonathan Kimmitt to hear his story of getting into cybersecurity, what’s b…
…
continue reading
Got a question or comment? Message us here! It requires technical expertise to respond to a breach. It requires thinking like a hacker to know where to go, what to do, and what level of response is appropriate. It requires the human element. But humans aren't machines. Your staff and any outside experts require basic needs to be met: food, shelter …
…
continue reading
Got a question or comment? Message us here! Did you know some ransomware groups have customer support better than major businesses? That the negotiations might feel more like a regular corporate transaction than a back-alley holdup? On this episode of the SecureAF Podcast, CEO Donovan Farrow and Security Team Lead Tanner Shinn share their experienc…
…
continue reading
Got a question or comment? Message us here! You know you may be a target. But what about your family? How could a hacker leverage those closest to you to gain advanced access to your work? Recently on the And Security For All podcast, Alias CISO Jonathan Kimmitt and Security Team Lead Tanner Shinn discussed this question. You can listen to their co…
…
continue reading
Got a question or comment? Message us here! What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went…
…
continue reading
Got a question or comment? Message us here! Headed to DEF CON? Want to know what you should know and where you should be? And most importantly, how to survive? On this episode of the SecureAF Podcast, host Donovan Farrow and guest Tanner Shinn talk all thing DEF CON. New to DEF CON? Learn from us how to make the most of the experience. Returning to…
…
continue reading
Got a question or comment? Message us here! Digital forensics may be something you don't think about. Or think about only after an incident or breach. But knowing what techniques and tools are used will help equip you to understand your potential vulnerabilities and strengthen your security posture. And you'll gain more insight into the work an Inc…
…
continue reading
Got a question or comment? Message us here! The SecureAF Podcast is 50! Listen this week as our hosts discuss a critical topic in cybersecurity. Your environment may be unique. Your business may feel to small to be noticed. But to a hacker, everyone is a target of opportunity, and every target may yield to the same avenues of attack. On this episod…
…
continue reading
Got a question or comment? Message us here! Want to become a Pentester rather than a Thintester? Want to find out what a Thintester even means? In this episode of the SecureAF Podcast, Alias CEO Donovan Farrow and CISO Jonathan Kimmitt discuss one of our often-asked questions: What do I need to do to become a Pentester? They'll talk about what qual…
…
continue reading
1
Episode 48 - Updates and Announcements - Secure AF
2:02
2:02
Play later
Play later
Lists
Like
Liked
2:02
Got a question or comment? Message us here! SecureAF host Donovan Farrow shares news about transitions with the SecureAF Podcast and exciting announcements about what else is coming for the Alias podcast lineup. Support the show Watch full episodes at youtube.com/@aliascybersecurity. Listen on Apple Podcasts, Spotify and anywhere you get your podca…
…
continue reading
1
Episode 47 - IOT and XIOT Devices and Dangers
53:46
53:46
Play later
Play later
Lists
Like
Liked
53:46
Got a question or comment? Message us here! The Internet of Things (IoT) and connection Operational Technology (OT) devices has opened up possibilities for extending interconnectivity and creating means of more immediate controls on crucial systems and everyday devices. These open opportunities for hackers to exploit their connections and leverage …
…
continue reading
1
Episode 46 - Hacking a Cybersecurity Career
51:07
51:07
Play later
Play later
Lists
Like
Liked
51:07
Got a question or comment? Message us here! Building a cybersecurity career is a two-way street. There are the questions for those who do the hiring and those who are being hired - they're the same set of questions - What should and do employers look for? What education or certifications are needed? How do employers find and attract good talent? In…
…
continue reading
