The Adversarial Podcast

by Jerry Perullo, Sounil Yu, Mario Duarte

Join former ICE:NYSE CISO Jerry Perullo, former Snowflake CISO Mario Duarte, and former JupiterOne CISO and Bank of America leader Sounil Yu as they dive into the good, the bad, and the ugly in the latest cybersecurity news. Each week, we discuss the most pressing headlines, offer candid commentary, and share unique insights from our extensive experience in the field.

Podcast episodes

  • Season 3

  • The Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security Controls

    The Adversarial Podcast Ep. 7 - Security Certs, Vulnerability Disclosure, and Effective Security Controls

    Listen as CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the value of security exams and question the relevance of certain certifications in today’s industry. Then, they debate into the vulnerability disclosure process, exploring how CVEs impact companies outside the SaaS world and whether CISA’s "Secure by Design" initiative is truly effective across industries. Finally, they discuss security misprioritization, from school systems to corporate desktops, and the evolving role of account management in protecting digital crown jewels. Stories LinkedIn Post on ISC2 exams - https://www.linkedin.com/posts/mlockhart_hate-to-see-how-isc2-has-devolved-over-the-activity-7234368996647604225-tKVp “Is the vulnerability disclosure process glitched? How CISOs are being left in the dark” - https://www.csoonline.com/article/3491353/is-the-vulnerability-disclosure-process-a-glitch-in-itself-how-cisos-are-being-left-in-the-dark.html LinkedIn Post on Chrome DevTools blocked in schools - https://www.linkedin.com/posts/perullo_im-lucky-enough-to-have-my-6th-grade-daughter-activity-7237092980996632577-5T62 00:00 Intro 01:00 ISC2 Exams 20:39 VDP and Secure by Design 35:29 Security controls 49:06 Admin accounts

  • The Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and Passkeys

    The Adversarial Podcast Ep. 6 - SSN Leaks, Cloud Misconfigurations, and Passkeys

    Join former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they debate the impact of SSN leaks, discuss the effectiveness of recently implemented ransom payment bans in Miami, and recently reported AWS misconfigurations. Then, listen as they debate passkeys, vulnerability management, and board reporting. 00:00 Intro 02:17 Social Security Number breach 14:48 Ransomware payment bans 21:47 AWS environments 39:55 Passkeys 52:30 Maturity assessments Stories: “2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you” - https://www.cnbc.com/2024/08/15/billions-people-social-security-numbers-and-data-stolen-allegedly.html “Hack on North Miami Tests Ransom Payment Bans” - https://www.wsj.com/articles/hack-on-north-miami-tests-ransom-payment-bans-077be398 “AWS environments compromised through exposed .env files” - https://www.csoonline.com/article/3488207/aws-environments-compromised-through-exposed-env-files.html "An AWS Configuration Issue Could Expose Thousands of Web Apps" - https://www.wired.com/story/aws-application-load-balancer-implementation-compromise/ Hosts: Jerry Perullo: https://www.linkedin.com/in/perullo/ Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/ Sounil Yu: https://www.linkedin.com/in/sounil/

  • The Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at Evanta

    The Adversarial Podcast Ep. 5 - Why Boards want more Joe Sullivans and Tim Browns and less CISOs - Jerry Perullo live at Evanta

    Speaking live at the Evanta CISO Summit in Atlanta in June 2024, host Jerry Perullo talks candidly about why CISOs are failing to land Board Director roles.

  • The Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote Employees

    The Adversarial Podcast Ep. 4 - CrowdStrike Lawsuits, Overhyped Exploits, and Fake Remote Employees

    Join former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu as they discuss upcoming lawsuits related to the recent CrowdStrike outage, switching costs, overhyped security vulnerabilities and their effect on practitioners' responsibilities, fake employees from North Korea, the information stealers and the state of password managers, and the increasing threat of deepfakes. Stories “CrowdStrike is sued by shareholders over huge software outage” - https://www.reuters.com/legal/crowdstrike-is-sued-by-shareholders-over-huge-software-outage-2024-07-31/ “Delta CEO says CrowdStrike-Microsoft outage cost the airline $500 million” - https://www.cnbc.com/2024/07/31/delta-ceo-crowdstrike-microsoft-outage-cost-the-airline-500-million.html “Microsoft And AWS Outages: A Wake-Up Call For Cloud Dependency“ - https://www.forbes.com/sites/emilsayegh/2024/07/31/microsoft-and-aws-outages-a-wake-up-call-for-cloud-dependency/ “Microsoft confirms Azure, 365 outage linked to DDoS attack” - https://www.cybersecuritydive.com/news/microsoft-azure-365-outage-ddos/722920/ “Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue” - https://www.darkreading.com/endpoint-security/millions-of-devices-vulnerable-to-pkfail-secure-boot-bypass-issue “Who Knew? Domain Hijacking Is So Easy” - https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/ “Security Firm Alarmed to Discover Their Remote Employee Is a North Korean Hacker” - https://futurism.com/the-byte/security-firm-remote-employee-north-korean-hacker “The Evolution and Rise of Stealer Malware” (Josh Lefowitz/Flashpoint) https://www.linkedin.com/posts/activity-7209733860715098114-ZgYQ / https://flashpoint.io/blog/evolution-stealer-malware/ ‘I Need to Identify You': How One Question Saved Ferrari From a Deepfake Scam - https://www.bloomberg.com/news/articles/2024-07-26/ferrari-narrowly-dodges-deepfake-scam-simulating-deal-hungry-ceo “AI-Powered Deepfake Tools Becoming More Accessible Than Ever” - https://www.trendmicro.com/en_us/research/24/g/ai-deepfake-cybercrime.html

  • The Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWinds

    The Adversarial Podcast Ep. 3 - CrowdStrike, Wiz Acquisition Rumors, and SolarWinds

    In this episode, former CISOs-turned-founders Jerry Perullo, Mario Duarte, and Sounil Yu discuss the recent Crowdstrike outages, PR in the recent Wiz acquisition rumors, stakeholder value in Rapid7, and the SEC dropping charges in the SolarWinds case. Stories: - Activist Jana has a stake in Rapid7. There are two paths to bolster value at the cybersecurity company: https://www.cnbc.com/2024/06/29/two-paths-for-jana-to-bolster-shareholder-value-at-rapid7.html - Google Near $23 Billion Deal for Cybersecurity Startup Wiz: https://www.wsj.com/business/deals/google-near-23-billion-deal-for-cybersecurity-startup-wiz-622edf1a - Most SEC charges dismissed in SolarWinds hack case: https://www.axios.com/2024/07/18/sec-solarwinds-cyberattack-case-dismissal Hosts: Jerry Perullo: https://www.linkedin.com/in/perullo/ Mario Duarte: https://www.linkedin.com/in/mario-duarte-7855237/ Sounil Yu: https://www.linkedin.com/in/sounil/