mnemonic security podcast

In this episode of the mnemonic security podcast, we take a closer look at a tension that remains invisible to most of us, yet is very real: the quiet conflict unfolding within our critical infrastructure. This topic gave us the perfect excuse to once again invite one of our favorite guests, for the fourth time, Joe Slowik. Joe brings over 15 years of experience in cyber threat intelligence (CTI), detection engineering, and incident response, with expertise in industrial control systems (ICS...

In this episode, Robby welcomes Dan Cleary, Co-founder and CEO of PromptHub, an organisation focused on enhancing LLM-based applications. He’s also one of the organisers behind the Prompt Engineering Conference, the world’s first event exclusively dedicated to prompt engineering, taking place in London on October 16th. They discuss prompt engineering and management, what to expect from the upcoming conference, and what this emerging field means for enterprise AI and security. Cleary also shar...

Everyone’s talking about Agentic AI, but beyond the buzz, what’s actually happening on the ground? The mnemonic security podcast is continuing to dive into the world of Agentic AI in our latest episode, recorded live at Sikkerhetsfestivalen. For this episode, Robby is joined by fellow podcaster (CloudFirst Podcast and KI til Kaffen) Marius Sandbu. They look at real-world implementations of agent-based systems, particularly what’s been done in Norway. And try to answer the question: are we ahe...

Brian Singer, a PhD candidate at Carnegie Mellon University, joins Robby to talk about his research on creating autonomous attackers and defenders for networks. In their conversation, they discuss how Brian and his team made a system that uses LLMs to autonomously attack networks. Singer and his team recently got a lot of attention after using this system to successfully recreate the Equifax cyber-attack from 2017, one of the largest data breaches in U.S. history, in a virtualised cloud envir...

Trust is one of the most powerful and dangerous currencies that we have. Whether it's a phishing email, a romance scam or a human trafficking operation, the criminals behind it exploit some of the same dynamics; mainly that trust can be earned by playing to our emotions. This is particularity true when it comes to this episode’s topic; the global crime of "pig butchering". The scam involves luring victims into fake romantic relationships, convincing them to invest in cryptocurrency schemes, a...

This episode, we’re joined by Ford Merrill, Senior Director of Research and Innovation at SEC Alliance, to discuss the evolution and sophistication of Phishing as a Service (PhaaS). Merrill shares from his 11 years of experience working on security research in primarily the areas of phishing and DDoS botnets. In the episode, he talks about the shift from Russian to Chinese-speaking operators, who the developers of advanced kits like Darcula and Lighthouse are, and who actually uses them to i...

We´re back from Summer break! To kick things off, we’re excited to have Armin Buescher and Einar Oftedal from RSAC join Robby for a dive into the most talked-about topic at this year’s RSA Conference: the emergence of agentic AI. Agentic AI, the way they define it, are agents that complete tasks acting on behalf of a user. Unlike the traditional LLM experience, where the agent is relying on human prompts, agentic AI is designed to plan, decide, and act on their own within set goals - i...

In this episode, we’ll explore what quantum computing might mean for the world of security in the future, and the concrete measures the banking sector is taking to prepare for it. Robby is joined by Ulf Larsson, Security CTO at the SEB Group, a leading financial services group in the Nordics, to discuss the work he’s been doing on the potential impact quantum computing will have on his sector, what it can do with our ability to protect data, and preparing his bank to be quantum safe by 2030. ...

Magic Cat (part 1) with security researchers Erlend Leiknes and Harrison Sand Darcula is a phishing-as-a-service operation targeting victims globally. Over the past 1.5 years, mnemonic researchers and an international investigative reporting team have been looking into the technology, operations and individuals connected to this crime group. In this episode, Robby speaks with mnemonic's Erlend Leiknes and Harrison Sand about the findings from their technical investigation, offering a ra...

Magic Cat (part 2) with investigative journalist Martin Gundersen This is the second part of our series about our investigation into Darcula, a phishing-as-a-service operation targeting victims globally, and the phishing kit platform Magic Cat. Over a period of 1,5 years, mnemonic researchers and an international investigative reporting team from the Norwegian media agency NRK, together with French Le Monde and German BR, looked into the technology, operations and individuals connected to thi...

We are all negotiating, in one way or another, every single day. In this episode, we’re joined by someone that has not only mastered the skill of negotiation, she’s traveling worldwide doing negotiating training, particularity for technology companies; Tine Anneberg, Founder & CEO of CREOSUM Create Impact – part of the SMARTnership Negotiation Organization. Tine and Robby talk about the benefits of taking a collaborative approach to negotiations, the value of trust, and why curiosity is t...

As a manager, there's no getting around the fact that how well people like and trust you matters. According to this week’s guest, Patric J.M. Versteeg – CISO at Viterra, a global agricultural network operating in 39 countries, trust and likability are even more critical in security than in many other fields. Last year, Patric was named European CISO of the Year. With over two decades of experience in the role, it’s safe to say he knows a thing or two about what makes a strong leader in the wo...

In this episode, Robby speaks with Harry Wetherald, Co-Founder and CEO of the security platform Maze, about the current wave of LLM innovation in security and how to separate real progress from marketing fluff. Drawing on his experience building security products, Wetherald shares how large language models are changing the way we approach vulnerability management, what to ask vendors about their "AI" claims, and why UX may be just as important as the models themselves. Send us a text

In this episode of the mnemonic security podcast, Robby speaks with Knut Elde Johansen and Øyvind Bergerud from Storebrand about their transformation from early cloud challenges to established cloud maturity. They discuss how Storebrand shifted from outsourced IT to building a modern, in-house cloud infrastructure, and how security evolved alongside it. From implementing policy as code to enabling developers through threat modelling, purple teaming, and CNAPP, Knut and Øyvind share hard-earne...

In this episode of the mnemonic security podcast, Robby is joined by Ricardo Ferreira, CISO EMEA at Fortinet, to explore the power of policy as code and its role in technical resilience. Ferreira explains how organisations can move beyond manual processes to automate security policies, reduce complexity, and enhance agility. They discuss cloud transformation, the challenges of enforcing policy at scale, and why automation and cultural change are essential for security teams. Plus, the g...

In this episode of the mnemonic security podcast, Robby is joined by Bernard Montel, EMEA Technical Director & Security Strategist at Tenable, to break down the evolution of vulnerability management into exposure management. Bernard explains how security has shifted from traditional vulnerability scanning to a broader approach that considers misconfigurations, attack paths, and identity risks. They discuss why most breaches stem from a toxic combination of exposures, the growing com...

Audio-visual (AV) equipment is everywhere – meeting rooms, auditoriums, and control centres – but how often do we think about its security? In this episode of the mnemonic security podcast, Robby talks to Øystein Stadskleiv from Leteng, about the overlooked risks of AV systems. They discuss real-world attack scenarios, common vulnerabilities, and practical steps to secure AV infrastructure. Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Emil Vaagland, Security Manager at FINN.no, Norway’s leading online marketplace. They discuss the unique security challenges of a cloud-first, developer-heavy organisation, covering everything from vulnerability management and secure coding, to fraud detection and access control. Vaagland shares insights into their approach to bug bounties, DevSecOps, and balancing security with developer efficiency. Send us a text

In this episode of the mnemonic security podcast, Robby is joined by Dustin Childs, Head of Threat Awareness at Trend Micro’s Zero Day Initiative (ZDI). Dustin explains the ZDI’s role in purchasing and analysing vulnerabilities to provide early protection for customers and how zero days – previously unknown vulnerabilities – become "n-days" once disclosed or patched. The conversation highlights the critical importance of timely patching, the risks posed by bad patches, and the concept of virt...

In this episode of the mnemonic security podcast, Robby is joined by Eirik Nordbø and Marius Kotlarz from Equinor, as well as Haakon Staff from mnemonic. Together, they discuss the world of Capture the Flag (CTF) competitions, exploring their origins, structure, and benefits. CTFs, as they explain, are “hacking” contests featuring challenges such as cryptography and reverse engineering, where participants solve tasks to uncover "flags" and earn points. The discussion highlights the educationa...