Mike Mackintosh
Plan-B Security
Things don't always go according to plan, but they also don't have to go perfect. Having a Plan B is all about being prepared for the unexpected and know how to stay cool under pressure. The Plan B Security Podcast is here to keep you thinking about the unexpected things in security, giving you perspective from the technology side, the business side and the backside. DISCLAIMER: Views are my own and not that of my employer.
Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: planb.security
Autor
Mike Mackintosh
Kategoria
Strona podcastu
Ostatni odcinek
8 lut 2026
Gdzie słuchać?
Podcasty w aplikacji Replaio Radio Już wkrótcePodcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów
Odcinki
S3E4 - Back to the Future with AI 08.02.2026 19:23
Great Scott, we've seen this before. If you could climb into a DeLorean and travel back through your organization's identity management history, you'd find the same pattern repeating at every stop. 2014: overprivileged Active Directory service accounts. 2017: Hadoop credentials nobody remembers creating. 2021: Tray.io integrations that are "too risky to rotate." Different year. Same mistake. And i...
S3E3 - MCP: Model Credential Problems 02.02.2026 24:01
MCP promised to be the USB-C of AI agents, a universal bridge to your tools, APIs, and data. But when the setup docs tell you to copy cookies out of Chrome DevTools and paste them into plaintext config files, something has gone very wrong. This episode traces a year of MCP security breaches from tool poisoning to full supply chain compromise, unpacks the IDE vulnerabilities turning developer lapto...
S3E2 - Your Development Lifecycle Has A Worm Problem 14.12.2025 20:58
In 1983, Ken Thompson warned us: you can't trust code you didn't write yourself. Forty-two years later, a worm called Shai-Hulud proved him right after compromising thousands of packages in hours. Software supply chain attacks aren't just theoretical anymore, they're automated, self-replicating, and could be spreading through the packages your team installed this morning. We break down the s1ngula...
S3E1 - Faux-gentic Agents: Understanding the Lethal Trifecta of AI 08.12.2025 19:34
AI systems are all the buzz - and for good reason! The productivity gains are real! But do the risks outweigh the gains? Every AI agent you deploy has three capabilities: what it can see, what it can access, and what it can do. Combine all three, and you've handed attackers a skeleton key. In this episode, we dig into Meta's Agents Rule of Two framework and show you exactly how to build cu...
S2E10 - When Good Ideas Fail Good Companies: The Dream of Chaos Free Implementation 23.10.2024 24:31
Join us as we explore the treacherous waters between perfect security planning and real-world implementation. Drawing surprising parallels between the Battle of Trafalgar's communication challenges and modern cybersecurity struggles, we dive into seven critical security initiatives that often fail even the most capable companies. From zero trust architecture to passwordless authentication, we exam...
S2E9 - IAM Nocturnal: Seeing Through The Dark of Identity Access Management 15.10.2024 16:57
In this hoot of an episode, we've taken a nocturnal flight through the fascinating world of User Behavior Analytics, guided by the wisdom of our feathered friends, the owls. Just as these majestic birds use their UV-powered pick-up lines to find the perfect mate, we've explored how UBA can help you find the perfect balance between trusting your users and verifying their actions. You'll walk away w...
S2E8 - Reaping What You Sow In the Open Source World 10.10.2024 30:48
Discover how to navigate the rich landscape of open source, from safely integrating external code to contributing your own digital harvest back to the community. Learn practical strategies for implementing a robust Software Bill of Materials (SBOM), managing dependencies, and governing your open source program effectively. Explore the parallels between autumn's vibrant farm stands and the diverse...
S2E7 - Benefit vs Burden: The Legal Labyrinth of Cyber Security 29.09.2024 22:38
In this thrilling episode of Plan B Security, we're diving headfirst into the treacherous Legal Labyrinth of cybersecurity. Picture this: You're a valiant CISO, armed with firewalls and patched systems, suddenly faced with a dragon named "Negligence" breathing hot legal fire your way. We'll guide you through this maze of bits, breaches, and bureaucracy, showing you how to slay the beast of data ne...
S2E6 - To Build or To Buy, That’s Not In My Budget 22.09.2024 26:18
Build vs Buy is a tale as old as time - something every business leader has been challenged with deciding. In this episode, we talk about 5 scenarios on when building vs buying make sense from not just a security perspective, but also a procurement and data privacy perspective. From building your own SIEM to data sharing platforms, we talk about our own experiences and when constraints help you go...
S2E5 - No Party Like a Third Party 14.09.2024 20:25
Whether you’re big or small company or maybe even a solo entrepreneur, third-party risk management is a key part of your business staying secure. In this episode, we talk about a few ways to get ahead of all the international regulations that require compliance with third-party risk programs. As you listen, be sure to pause and apply some of the key concepts into your own business whether it’s dat...
S2E4 - To Control or Be Controlled 07.09.2024 19:01
Security Controls can make or break a business - it could be the difference between going fast or screeching to a halt. Learn how we can use industry data from Marsh McLennan (link at the bottom) to help quantify and justify which controls we should invest in first, and how all the controls in the world may just end up backfiring. Be sure to take a few moments to think through the thought exercise...
S2E3 - Pace of Action 02.09.2024 18:02
Pace of Action is all about understanding how fast, or how slow, you should be moving. It is a concept that applies to everything from handling tickets and defining an SLA to incident response. Take a server offline to mitigate a malware-based attack and lose forensics information? That's a tough one. But, you can learn how to make a thoughtful and informed decision by defining your pace of ac...
S2E2 - Speed vs Stability 27.08.2024 20:40
Sometimes it feels like there's a war happening between Product/Eng and Security/Privacy team. Speed vs Stability can make or break a business. Not getting a feature out fast enough? You could loose the market edge. The service constantly going down? The only thing you'll grow are detractors. Listen to this tale of how to apply security principles using things like tests and data presentat...
S2E1 - The Only Limitation Is You 16.08.2024 18:13
Join us in Celebrating not just our first podcastiversary, but also, a great perspective in growing a security mindset. Learn how to start good habits just like waking up when your alarm goes off. Building strong security habits in yourself allow you to grow those around you. Like a plant, you must water and find your purpose first, before you can inspire. Sometimes, you can inspire yourself throu...
Ep. 23 - The Dangers of Direct and Indirect Data 02.05.2024 16:30
A picture says 1,000 words is something everyone has heard. In lieu of a picture, data visualizations tell the story for the author. Sometimes, it's what the data shows that's most important. Sometimes, it's what the data is missing that speaks louder. Come along for this quick lightning round on direct and indirect data and the dangers that hide within.
Ep. 22 - How I Got Started In InfoSec 14.04.2024 32:50
Everyone always asks for a piece of advice when it comes to getting started in infosec. The problem is, everyone is different. My story started when I was young kid, because I wasn't into sports, comics, sci-fi or dragons. I just wanted to make computers do the cool things I always thought of. So, in this episode of PlanB Security, listen to a little bit of my story on how I got to where I am toda...
Ep. 19 - Making Security Usable 15.03.2024 18:42
This is a quick episode geared at showing the importance of making security usable. Using the GDPR and e-Privacy Directive cookie consent popup as an example, we can explore the difference the letter of the law vs the spirit of the law makes. Usable security follows the spirit of the law, where as bad security experiences are just to satisfy the letter of the law. So put on your most comfortable s...
Ep. 21 - What Is Authentication and Authorization? 11.03.2024 25:20
Authentication (Authn) and Authorization (Authz) are two of the most overloaded and incorrectly used words in the field of cybersecurity. It's with good reason - they are the two most fundamental principles behind building trust in the digital world. Authentication is when an identity is validated and verified to be who it say's it is. Authorization is the enforcement of permissions of the...
Ep. 20 - Detect Or Respond, That Is The Question 16.02.2024 24:56
Have you ever been in the middle of an important life event and the dreaded happens? A page for a security event comes in? And worse, you're not prepared or don't have everything you need to handle it. Let's take a scenario and break it down on how we can detect it, mitigate it, remediate it and recycle it through creating playbooks and replaying it at future table top exercises.
Ep. 18 - The Bridge Between Your Customers and Your Castle 02.02.2024 17:48
Your customers need access to your data - that is the service you provide that they're willing to pay you for. But what if you're on opposite sides of a river? You would build a bridge. How do you make sure it's safe? How do you make sure they can travel across the bridge with privacy in mind? What happens if there was an accident on the bridge? It's a simple metaphor you can use t...
Ep. 17 - All About Application Security 09.01.2024 32:30
First one out of the gate for 2024 is all about Application Security. We get right to it, talking about all aspects of Application Security from the importance AppSec has on the overall business, to the minuet details of input validation, honeypotting, secure logging and more. Tune in to hear some stories from the past decade solving challenging attacker v defender scenarios, and what we did to in...
Ep. 16 - Securing the Perimeter, People, Policy and Product 22.12.2023 41:35
In this episode, we explore the framework of what to secure when starting out a security program, or looking to mature it. Starting with the perimeter helps build a defensible position for you to get a foothold on security by knowing what needs to be protected and how attackers might try to access it. Next, we talk about securing the people aspect, building on awareness from the perimeter phase. P...
Ep. 15 - As Secure and As Lenient As Possible 12.12.2023 16:32
Learn how you can apply both the As Soon As Possible and As Late as Possible principles in your decision making when you're trying to figure out the risk/benefit trade off. As Secure As Possible and As Lenient As Possible are two adaptations to the same principle that quantify risks using data and allow you the prioritize the work you need to do to make an educated decision and create a smart...
Ep. 14 - What Is Corporate Security? 22.11.2023 26:41
Corporate security can mean so many different things depending on the maturity of your company and your security program. Some of my favorite projects were done while I focused on Corporate Security over the past 15 years. In this episode, I share a few of those stories, things that I totally didn't expect, but that made me a stronger engineer.
Ep. 12 - From Risks to Enablement 14.11.2023 18:28
There are risks we encounter everyday, at home, in the field and at work. Some of these risks are important for us to be mindful of, that cannot be clearly remediated. Some of these risks however, can be remediated in a way that creates an enablement for those around it. In this episode, learn how we identify risks and turn them into an enablement. This skill is for all listeners, not just those i...
Podobne podcasty
Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS