HelloInfoSec
InfoSec Bites
Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Authentication and Authorisation bypass: The Invisible Threat 09.07.2026 44:35
Access control serves as a foundational security framework divided into authentication , which verifies identity, and authorization , which regulates interaction boundaries between active subjects and passive resources. Despite its criticality, broken access control remains a top vulnerability, frequently exploited through mechanics such as Insecure Direct Object References (IDOR) , parameter tamp...
Remote Code Execution: Vulnerability Mechanics, Mitigation Bypassing, and Defensive Architecture 02.07.2026 57:03
Remote Code Execution (RCE) represents the highest tier of security compromise, enabling unauthorized attackers to execute arbitrary commands or machine code on a system over a network boundary. These flaws reflect a fundamental failure to isolate untrusted data from the CPU’s instruction registers, effectively subverting the standard security boundaries of the Von Neumann execution model . The me...
Modernising Vulnerability Prioritisation via CISA KEV and BOD 26-04 25.06.2026 50:47
The discussion in this podcast examines CISA’s Known Exploited Vulnerabilities (KEV) catalog and its evolving role in national cybersecurity policy. This authoritative registry identifies security flaws with confirmed evidence of active exploitation and clear remediation paths, serving as a critical tool for prioritizing defensive actions. Recent updates, specifically Binding Operational Directive...
Decoding NIST CSWP 41: Predicting Vulnerability Exploitation Metrics 18.06.2026 35:32
The discussion in this podcast covers the introduction of the Likely Exploited Vulnerabilities (LEV) metric, proposed in NIST Cybersecurity White Paper 41 by Peter Mell and Jonathan Spring to address a critical gap in the "remediation deficit" where organizations can typically only patch a small fraction of annual CVEs. LEV functions as a retrospective, probabilistic score that compounds...
EPSS: Leveraging the Exploit Prediction Scoring System (EPSS) to Reduce Remediation Workloads 11.06.2026 36:28
The discussion in this podcast about paradigm shift in cybersecurity from traditional, static vulnerability management centered on the Common Vulnerability Scoring System (CVSS) toward dynamic, risk-based prioritization models that integrate global threat intelligence with local business context. This evolution is driven by an exponential surge in vulnerability disclosures—surpassing 25,000 annual...
Navigating the Modern Vulnerability Landscape: Leveraging CVSS v4.0, CISA Vulnrichment, and AWS-Native Intelligence 06.06.2026 48:08
The discussion in this podcast explores the evolving landscape of modern vulnerability management, focusing on the critical shift from technical severity scoring in CVSS v3.1 to the contextual, risk-oriented approach of CVSS v4.0 . They detail the foundational governance of the CVE Program and the operational workflows of the National Vulnerability Database (NVD) , while addressing the 2024–2026 N...
NIST Privacy Framework and Regulatory Compliance 27.05.2026 33:09
The dicussion in this podcast outlines how the NIST Privacy Framework can be utilised to align corporate risk management with various international data protection regulations . By employing regulatory crosswalks , organisations can map specific legal mandates from the GDPR , CCPA , and other state-level statutes to a unified set of internal controls. The discussion emphasizes a structured...
NIST Container Security and Compliance Frameworks Guide 21.05.2026 40:18
In this podcast we discuss NIST Special Publication 800-190 , a comprehensive federal guide dedicated to application container security . This publication defines containers as a form of operating system virtualization that enables the portable and efficient packaging of software. The podcast details a multi-tiered architecture comprising images, registries, orchestrators, and host operating...
A Guide to the NIST Risk Management Framework 14.05.2026 45:42
The NIST Risk Management Framework (RMF) , primarily detailed in Special Publication 800-37 , serves as a comprehensive methodology for securing information systems throughout their entire functional lifespan. This structured process guides organisations through seven essential stages: preparing the enterprise, categorising data based on impact, selecting and implementing safeguards, and...
Logging Monitoring and Audit in Cloud Environment 07.05.2026 59:31
In this episode we explore the critical role of monitoring and logging solutions in maintaining the security and performance of modern cloud infrastructures . We will discuss the functionality of Azure Monitor activity logs , explaining how they track management operations and facilitate auditing or alerting for resource changes. A case study from the Cloud Security Alliance examines the ...
Risk Assessment in Cyber Security 30.04.2026 36:08
The discussion in this podcast explores cybersecurity risk assessment as a vital strategic capability for modern organizational resilience. It centers on three primary global frameworks: NIST SP 800-53 , which provides granular technical controls; ISO 27005/31000 , offering principles-based international standards; and COBIT 2019 , which focuses on enterprise IT governance. By examining these...
Risk Governance in Cyber Security: Foundations and Frameworks 23.04.2026 45:52
The discussions in this podcast serves as a comprehensive manual on cybersecurity risk governance , emphasizing its role as the strategic blueprint for resilient enterprise security. It explores the historical evolution of the field, tracing its growth from simple physical server protection to a critical board-level imperative driven by global regulations. The discussion provides a meticulous deep...
Cloud Forensic : Trustworthiness of Digital Evidence in Cloud Environments 16.04.2026 48:49
In this podcast we discuss a systematic literature review investigating the legal and technical hurdles of cloud-based digital forensics . The discussion highlights that traditional investigative methods often fail in cloud environments due to data volatility , distributed storage across multiple jurisdictions , and a reliance on third-party service providers. By analyzing 32 core studies publishe...
VM Escape in Cloud: Hypervisor Security and the Evolution of Virtual Isolation 09.04.2026 1:15:01
In this podcast we examine the complex security landscape of virtualization and bare metal cloud environments, focusing on the critical threat of Virtual Machine (VM) escape vulnerabilities. The discussion detail high-risk exploits like CVE-2025-22224 , which target hypervisor race conditions, and discuss hardware-level risks such as firmware rootkits and microarchitectural side-channels . To coun...
VM and Resource Sprawl: Mastering Cloud Efficiency 02.04.2026 55:22
This podcast collectively define and address the challenges of cloud and virtual machine sprawl , emphasizing the necessity of cost optimization and robust security governance . It explain that rapid, unmonitored resource deployment leads to financial waste , performance lags, and expanded attack surfaces for cyber threats. To mitigate these risks, the authors recommend a FinOps framework...
Zero-Click Attacks: The Invisible Cyber Threats 26.03.2026 50:13
In this episode we examine the rise of zero-click hacking , a sophisticated cyber threat that compromises devices through unpatched software flaws without requiring any user interaction. Unlike traditional phishing, these attacks exploit "zero-day" vulnerabilities in messaging apps and operating systems to silently install spyware like Pegasus. High-profile case studies, such as Op...
Crypto-Shredding: Cloud Data Sanitization and Quantum Security Strategies 20.03.2026 41:55
In this Podcast we discuss crypto-shredding , a data sanitization method where information is rendered unreadable by permanently destroying its encryption keys . This technique is essential for cloud computing environments because users lack physical access to hardware, making traditional disk destruction impossible. While the process is fast and scalable , it relies heavily on flawless key...
Cloud Data Governance: Life Cycle, Global Regulations, and Compliance Frameworks 13.03.2026 56:26
In this podcast we will discuss comprehensive analysis of Cloud Data Lifecycle Management (CDLM) , tracing the journey of digital information from its initial creation to its final, secure deletion. The discussion emphasize that managing data in the cloud requires a shared responsibility model where both providers and customers must align on identity and access management , encryption, and automat...
Cloud eDiscovery and Jurisdictional Conflicts 06.03.2026 34:20
Modern legal discovery and digital forensics are increasingly defined by the transition from traditional email to complex cloud-based platforms and collaborative tools like Slack and Microsoft Teams. This podcast discusses the technical hurdles of capturing modern attachments , which are hyperlinked files rather than static documents, and the necessity of using hash values to ensure data integrity...
GDPR vs The CLOUD Act: Navigating Global Data Sovereignty 27.02.2026 39:57
In this podcast we examine the complex regulatory intersection of the General Data Protection Regulation (GDPR) and international laws governing data access, such as the U.S. CLOUD Act . Under the GDPR , organizations must follow strict rules regarding personal data processing , necessitating clear contracts between data controllers and processors to ensure security and confidentiality. A...
Hypervisor - Security and Architecture : AWS, GCP, Azure 20.02.2026 47:21
Hypervisor - Security and Architecture : AWS, GCP, Azure
Confidential Computing and Trusted Execution Environments (TEEs) in the Cloud 13.02.2026 34:10
In this podcast we discuss Confidential computing which refers to technologies that protect data while it's being processed in memory, ensuring it remains encrypted and isolated from unauthorized access, including from cloud providers. TEEs are hardware-based secure enclaves within processors that enable this isolation, such as Intel's SGX, AMD's SEV, and ARM's TrustZone. In cloud...
Cloud Security Alliance's Governance Frameworks: Cloud Control Matrix and STAR 07.02.2026 27:57
The Cloud Security Alliance (CSA) provides a global framework for cloud governance and trust. Key tools like the Cloud Controls Matrix (CCM) and the STAR program standardise security across providers. Recent updates address AI risks , compliance automation , and shared responsibility .
Well Architected Framework :The Architecture of Resilience 06.02.2026 28:08
Major cloud providers like Amazon Web Services , Microsoft Azure , and Google Cloud have developed Well-Architected Frameworks to help organisations build high-quality, resilient infrastructure. These frameworks are structured around core pillars , which typically include security , reliability , operational excellence , cost optimization , and performance efficiency . AWS uniquely a...
Engineering Resilience: The Netflix Chaos Framework 02.02.2026 40:27
In this podcast we explore Netflix’s Chaos Engineering philosophy , a proactive strategy designed to ensure business continuity and disaster recovery by intentionally simulating system failures. Rather than viewing outages as anomalies, this approach treats infrastructure instability as an inevitability of cloud computing, using empirical experimentation to identify and fix vulnerabilities be...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.