PP087: Why SBOMs Are Cooler and More Useful Than You Think

There may be misconfigurations and other problems lurking in your wireless network. From a lack of peer isolation to poor segmentation to RADIUS problems and vendor fails, these issues can make your WLAN less secure. Jennifer “JJ” Minella goes from Packet Protector co-host to guest as she discusses these issues with Drew Conry-Murray. This episode... Read more »

Web applications have always been tricky to protect. They’re meant to be accessible over the Internet, which exposes them to malicious actors, they’re designed to take end-user inputs, which can be manipulated for malicious purposes, and they often handle sensitive data. Then the rise of public cloud and microservices architectures added new layers of complexity... Read more »

Just what’s inside that commercial software you bought? Does it contain open-source components, NPM packages, or other third-party code? How could you find out? The answer is a Software Bill of Materials, or SBOM, a machine-readable inventory of a finished piece of software. Why should you care about SBOMs? Our guest, Natalie Somersall, is here... Read more »

Certificates are the socks of IT—everyone needs them, and you always lose track of a few. On today’s show we dive into the ACME protocol, an IETF standard to help automate how a domain owner gets a domain validation certificate from a Certificate Authority (CA). Our guest, Ed Harmoush, a former network engineer with AWS... Read more »

Did you know college students are snooping on satellite transmissions? On today’s news roundup we discuss new research in which university investigators use off-the-shelf equipment to intercept traffic from geostationary satellites and discover that a lot of it is unencrypted. We also dig into the credential hygiene lessons we can learn from a corpus of... Read more »

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today’s Packet Protector, sponsored by Cisco, we talk about the organizations and processes that... Read more »

Model Context Protocol (MCP) is an open-source protocol that enables AI agents to connect to data, tools, workflows, and other agents both within and outside of enterprise borders. As organizations dive head-first into AI projects, MCP and other agentic protocols are being quickly adopted. And that means security and network teams need to understand how... Read more »

Today we’re bringing back one of our favorite guests — Akili Akridge. He’s a former Baltimore cop who transitioned to building and leading mobile offense and defense teams for federal agencies and Fortune 100s. These days he’s a straight-talking expert on all things mobile security. We’re digging into mobile threats, why they keep CISOs up... Read more »

From a massive SIM farm takedown to dealing with supply chain attacks targeting npm, our news roundup provides context and commentary on a fresh crop of security news. We discuss exploits against Cisco firewalls and switches, a SonicWall firmware update to remove a rootkit targeting its SMA 100, and GitHub’s plans to harden npm packages.... Read more »

What does the risk environment for Operational Technology (OT) look like in 2025? JJ and Drew review four recent reports on the state of OT security from Dragos, Fortinet, and others. We discuss ransomware impacts, ongoing risks of RDP traffic, directly exposed OT devices, and overall attack trends and the tools and processes that organizations... Read more »