HelloInfoSec

InfoSec Bites

Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec

Author

HelloInfoSec

Category

Technology

Podcast website

www.youtube.com

Latest episode

Jul 9, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Authentication and Authorisation bypass: The Invisible Threat 09.07.2026

Access control serves as a foundational security framework divided into authentication , which verifies identity, and authorization , which regulates interaction boundaries between active subjects and passive resources. Despite its criticality, broken access control remains a top vulnerability, frequently exploited through mechanics such as Insecure Direct Object References (IDOR) , parameter tamp...

Remote Code Execution: Vulnerability Mechanics, Mitigation Bypassing, and Defensive Architecture 02.07.2026

Remote Code Execution (RCE) represents the highest tier of security compromise, enabling unauthorized attackers to execute arbitrary commands or machine code on a system over a network boundary. These flaws reflect a fundamental failure to isolate untrusted data from the CPU’s instruction registers, effectively subverting the standard security boundaries of the Von Neumann execution model . The me...

Modernising Vulnerability Prioritisation via CISA KEV and BOD 26-04 25.06.2026

The discussion in this podcast examines CISA’s Known Exploited Vulnerabilities (KEV) catalog and its evolving role in national cybersecurity policy. This authoritative registry identifies security flaws with confirmed evidence of active exploitation and clear remediation paths, serving as a critical tool for prioritizing defensive actions. Recent updates, specifically Binding Operational Directive...

Decoding NIST CSWP 41: Predicting Vulnerability Exploitation Metrics 18.06.2026

The discussion in this podcast covers the introduction of the Likely Exploited Vulnerabilities (LEV) metric, proposed in NIST Cybersecurity White Paper 41 by Peter Mell and Jonathan Spring to address a critical gap in the "remediation deficit" where organizations can typically only patch a small fraction of annual CVEs. LEV functions as a retrospective, probabilistic score that compounds...

EPSS: Leveraging the Exploit Prediction Scoring System (EPSS) to Reduce Remediation Workloads 11.06.2026

The discussion in this podcast about paradigm shift in cybersecurity from traditional, static vulnerability management centered on the Common Vulnerability Scoring System (CVSS) toward dynamic, risk-based prioritization models that integrate global threat intelligence with local business context. This evolution is driven by an exponential surge in vulnerability disclosures—surpassing 25,000 annual...

Navigating the Modern Vulnerability Landscape: Leveraging CVSS v4.0, CISA Vulnrichment, and AWS-Native Intelligence 06.06.2026

The discussion in this podcast explores the evolving landscape of modern vulnerability management, focusing on the critical shift from technical severity scoring in CVSS v3.1 to the contextual, risk-oriented approach of CVSS v4.0 . They detail the foundational governance of the CVE Program and the operational workflows of the National Vulnerability Database (NVD) , while addressing the 2024–2026 N...

NIST Privacy Framework and Regulatory Compliance 27.05.2026

The dicussion in this podcast outlines how the  NIST Privacy Framework  can be utilised to align corporate risk management with various  international data protection regulations . By employing  regulatory crosswalks , organisations can map specific legal mandates from the  GDPR ,  CCPA , and other state-level statutes to a unified set of internal controls. The discussion emphasizes a  structured...

NIST Container Security and Compliance Frameworks Guide 21.05.2026

In this podcast we discuss NIST Special Publication 800-190 , a comprehensive federal guide dedicated to  application container security . This publication defines containers as a form of  operating system virtualization  that enables the portable and efficient packaging of software. The podcast details a  multi-tiered architecture  comprising images, registries, orchestrators, and host operating...

A Guide to the NIST Risk Management Framework 14.05.2026

The  NIST Risk Management Framework (RMF) , primarily detailed in  Special Publication 800-37 , serves as a comprehensive methodology for securing information systems throughout their entire functional lifespan. This structured process guides organisations through seven essential stages:  preparing  the enterprise,  categorising  data based on impact,  selecting  and  implementing  safeguards, and...

Logging Monitoring and Audit in Cloud Environment 07.05.2026

In this episode we explore the critical role of  monitoring and logging solutions  in maintaining the security and performance of modern  cloud infrastructures . We will discuss the functionality of  Azure Monitor activity logs , explaining how they track management operations and facilitate  auditing or alerting  for resource changes. A case study from the  Cloud Security Alliance  examines the ...

Risk Assessment in Cyber Security 30.04.2026

The discussion in this podcast explores  cybersecurity risk assessment  as a vital strategic capability for modern organizational resilience. It centers on three primary global frameworks:  NIST SP 800-53 , which provides granular technical controls;  ISO 27005/31000 , offering principles-based international standards; and  COBIT 2019 , which focuses on enterprise IT governance. By examining these...

Risk Governance in Cyber Security: Foundations and Frameworks 23.04.2026

The discussions in this podcast serves as a comprehensive manual on cybersecurity risk governance , emphasizing its role as the strategic blueprint for resilient enterprise security. It explores the historical evolution of the field, tracing its growth from simple physical server protection to a critical board-level imperative driven by global regulations. The discussion provides a meticulous deep...

Cloud Forensic : Trustworthiness of Digital Evidence in Cloud Environments 16.04.2026

In this podcast we discuss a systematic literature review investigating the legal and technical hurdles of cloud-based digital forensics . The discussion highlights that traditional investigative methods often fail in cloud environments due to data volatility , distributed storage across multiple jurisdictions , and a reliance on third-party service providers. By analyzing 32 core studies publishe...

VM Escape in Cloud: Hypervisor Security and the Evolution of Virtual Isolation 09.04.2026

In this podcast we examine the complex security landscape of virtualization and bare metal cloud environments, focusing on the critical threat of Virtual Machine (VM) escape vulnerabilities. The discussion detail high-risk exploits like CVE-2025-22224 , which target hypervisor race conditions, and discuss hardware-level risks such as firmware rootkits and microarchitectural side-channels . To coun...

VM and Resource Sprawl: Mastering Cloud Efficiency 02.04.2026

This podcast collectively define and address the challenges of  cloud and virtual machine sprawl , emphasizing the necessity of  cost optimization  and robust  security governance . It explain that rapid, unmonitored resource deployment leads to  financial waste , performance lags, and expanded  attack surfaces  for cyber threats. To mitigate these risks, the authors recommend a  FinOps framework...

Zero-Click Attacks: The Invisible Cyber Threats 26.03.2026

In this episode we examine the rise of  zero-click hacking , a sophisticated cyber threat that compromises devices through  unpatched software flaws  without requiring any user interaction. Unlike traditional phishing, these attacks exploit "zero-day" vulnerabilities in messaging apps and operating systems to  silently install spyware  like Pegasus. High-profile case studies, such as  Op...

Crypto-Shredding: Cloud Data Sanitization and Quantum Security Strategies 20.03.2026

In this Podcast we discuss  crypto-shredding , a data sanitization method where information is rendered unreadable by permanently destroying its  encryption keys . This technique is essential for  cloud computing  environments because users lack physical access to hardware, making traditional disk destruction impossible. While the process is  fast and scalable , it relies heavily on flawless  key...

Cloud Data Governance: Life Cycle, Global Regulations, and Compliance Frameworks 13.03.2026

In this podcast we will discuss comprehensive analysis of Cloud Data Lifecycle Management (CDLM) , tracing the journey of digital information from its initial creation to its final, secure deletion. The discussion emphasize that managing data in the cloud requires a shared responsibility model where both providers and customers must align on identity and access management , encryption, and automat...

Cloud eDiscovery and Jurisdictional Conflicts 06.03.2026

Modern legal discovery and digital forensics are increasingly defined by the transition from traditional email to complex cloud-based platforms and collaborative tools like Slack and Microsoft Teams. This podcast discusses the technical hurdles of capturing modern attachments , which are hyperlinked files rather than static documents, and the necessity of using hash values to ensure data integrity...

GDPR vs The CLOUD Act: Navigating Global Data Sovereignty 27.02.2026

In this podcast we examine the complex regulatory intersection of the  General Data Protection Regulation (GDPR)  and international laws governing data access, such as the  U.S. CLOUD Act . Under the  GDPR , organizations must follow strict rules regarding  personal data processing , necessitating clear contracts between  data controllers  and  processors  to ensure security and confidentiality. A...

Hypervisor - Security and Architecture : AWS, GCP, Azure 20.02.2026

Hypervisor - Security and Architecture : AWS, GCP, Azure

Confidential Computing and Trusted Execution Environments (TEEs) in the Cloud 13.02.2026

In this podcast we discuss Confidential computing which refers to technologies that protect data while it's being processed in memory, ensuring it remains encrypted and isolated from unauthorized access, including from cloud providers. TEEs are hardware-based secure enclaves within processors that enable this isolation, such as Intel's SGX, AMD's SEV, and ARM's TrustZone. In cloud...

Cloud Security Alliance's Governance Frameworks: Cloud Control Matrix and STAR 07.02.2026

The Cloud Security Alliance (CSA) provides a global framework for cloud governance and trust. Key tools like the Cloud Controls Matrix (CCM) and the STAR program standardise security across providers. Recent updates address AI risks , compliance automation , and shared responsibility .

Well Architected Framework :The Architecture of Resilience 06.02.2026

Major cloud providers like  Amazon Web Services ,  Microsoft Azure , and  Google Cloud  have developed  Well-Architected Frameworks  to help organisations build high-quality, resilient infrastructure. These frameworks are structured around core  pillars , which typically include  security ,  reliability ,  operational excellence ,  cost optimization , and  performance efficiency .  AWS  uniquely a...

Engineering Resilience: The Netflix Chaos Framework 02.02.2026

In this podcast we explore Netflix’s  Chaos Engineering philosophy , a proactive strategy designed to ensure  business continuity and disaster recovery  by intentionally simulating system failures. Rather than viewing outages as anomalies, this approach treats  infrastructure instability as an inevitability  of cloud computing, using empirical experimentation to identify and fix vulnerabilities be...

Listen to the InfoSec Bites podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.