Episodes

  • PP078: Using Free Tools for Detection Engineering

    PP078: Using Free Tools for Detection Engineering
    Sep 16 2025
    You can build effective, scalable detection pipelines using free and open-source tools like Zeek, Suricata, YARA, and Security Onion. Today on Packet Protector we welcome Matt Gracie, Senior Engineer at Security Onion Solutions — the team behind the open-source platform used for detection engineering, network security monitoring, and log management. Matt has over 15 years... Read more »
    Show more Show less
    49 mins
  • PP077: News Roundup–Drift Breach Has Long Reach; FCC Investigates Its Own IoT Security Program

    PP077: News Roundup–Drift Breach Has Long Reach; FCC Investigates Its Own IoT Security Program
    Sep 9 2025
    Is any publicity good publicity? On today’s News Roundup we talk about how Salesloft, which makes the Drift chat agent that’s been used as a jumping-off point for credential harvesting and data breach attacks against a bunch of big-name companies, is testing that proposition. We also discuss bugs affecting industrial refrigeration controllers, and Microsoft making... Read more »
    Show more Show less
    37 mins
  • PP076: RF Risks and How to See Unseen Threats

    PP076: RF Risks and How to See Unseen Threats
    Sep 2 2025
    Our airwaves are alive with radio frequencies (RF). Right now billions of devices around the world are chattering invisibly over Wi-Fi, Bluetooth, Zigbee, and other protocols you might not have heard of. On today’s show we peer into the invisible world to better understand the RF threat environment. Our guest is Brett Walkenhorst, CTO of... Read more »
    Show more Show less
    1 hr
  • PP075: Kernel Vs. User Mode In Endpoint Security Software

    PP075: Kernel Vs. User Mode In Endpoint Security Software
    Aug 19 2025
    Microsoft is rethinking allowing endpoint security software to run in the Windows kernel (including third-party and Microsoft’s own endpoint security software). While there are benefits to running security software in the kernel, there are also serious downsides (see the CrowdStrike outage). Dan Massameno joins JJ and Drew on Packet Protector to talk about the role... Read more »
    Show more Show less
    44 mins
  • PP074: News Roundup – Microsoft Dumps Digital Escorts; Palo Alto Bundles Billions Aboard CyberArk

    PP074: News Roundup – Microsoft Dumps Digital Escorts; Palo Alto Bundles Billions Aboard CyberArk
    Aug 12 2025
    Packet Protector goes global for today’s security news roundup. Microsoft discontinues a program in which engineers in China supported the US Department of Defense’s cloud infrastructure (with the help of US ‘digital escorts’), Taiwanese chipmaker TSMC fires several employees over allegations of attempted theft of sensitive tech, an Arizona woman gets 8 years in prison... Read more »
    Show more Show less
    43 mins
  • PP073: Identify Yourself: Authentication From SAML to FIDO2

    PP073: Identify Yourself: Authentication From SAML to FIDO2
    Aug 5 2025
    From SAML to OAuth to FIDO2 to passwordless promises, we unpack what’s working—and what’s broken—in the world of identity and authentication. Today on the Packet Protector podcast, we’re joined by the always thoughtful and occasionally provocative Wolf Goerlich, former Duo advisor, and now a practicing CISO in the public sector. We also talk about authorization... Read more »
    Show more Show less
    40 mins
  • PP072: Mobile Device Threat Management

    PP072: Mobile Device Threat Management
    Jul 29 2025
    Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off suspects as a... Read more »
    Show more Show less
    47 mins
  • PP071: SSE Vendor Test Results; Can HPE and Juniper Get Along?

    PP071: SSE Vendor Test Results; Can HPE and Juniper Get Along?
    Jul 22 2025
    CyberRatings, a non-profit that performs independent testing of security products and services, has released the results of comparative tests it conducted on Secure Service Edge, or SSE, services. Tested vendors include Cisco, Cloudflare, Fortinet, Palo Alto Networks, Skyhigh Security, Versa Networks, and Zscaler. We look at what was tested and how, highlight results, and discuss... Read more »
    Show more Show less
    46 mins