Threat Talks - Your Gateway to Cybersecurity Insights

AI vs. Human Pentesting: Who Wins?What happens when you try to automate something that’s part science, part art? In an industry rushing to adopt AI for everything from detection to response, the real question is: can a machine truly replace the craft of a human pentester?In this episode of Threat Talks, host Lieuwe Jan Koning is joined by Melanie Rieback, co-founder and CEO of Radically Open Security, and Luca Cipriano, a red teamer and threat intel specialist. Together, they dig into what makes great pentesting work.Melanie explains why her company donates 90% of profits to open source and operates with a not-for-profit model, and how that connects with their mission to support NGOs and civil society groups. Together, she and Luca share their hands-on experience with pentesting and why creativity, gut instinct, and lateral thinking are still crucial in ethical hacking.They discuss:🤖 Can AI outsmart human red teamers?🧠 What makes great hacking truly human?🔍 What’s still too complex for automation?From tool-assisted testing to old-school intuition, this conversation offers a grounded take on the reality of modern pentesting and what AI can’t do (yet).🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

PLCs with default passwords. Devices searchable online. Siloed asset inventories. These OT challenges are common, but they’re also fixable. In this episode of Threat Talks, host Lieuwe Jan Koning sits down with Venable’s Caitlin Clarke and Schneider Electric’s Patrick Ford to discuss why the OT side of your business deserves the same focus and attention as IT. From default passwords to exposed PLCs, they show how these ‘tech risks’ span beyond just OT and IT. They discuss:✅ How to replace "default" thinking on OT security🌐 Spotting internet-facing assets before attackers do🔍 Using CISA’s Installed Base Initiative to locate orphaned tech🤝 Building joint response plans across IT, OT, and governmentOrganizations are getting ahead of risk by building live OT inventories, applying smart controls, and partnering with federal teams to strengthen critical infrastructure. Are you ready to join them?Additional Resources:► Securing critical infrastructure: https://www.se.com/ww/en/download/doc... [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblhvQTJzcWhpbWRoZ3dDZGNKZTN4VFpZV1hxUXxBQ3Jtc0tsdHl5bzFsVVNnY1ZzX3B3OEdDTmFGNGg0U3ZmSkN2bGlDRzZXdHJvYkIzXzB0S0FzSjlmc1V3QUxRdldlSnVLRE9NM0tudEMxVWMtb0R2MTd6T0dvNXViV054LXkxR3hPcTNfXzQyRHlvQmQ4Vm9rSQ&q=https%3A%2F%2Fwww.se.com%2Fww%2Fen%2Fdownload%2Fdocument%2FSecure_by_Operations_Posture%2F&v=dECAYCEjgb0]🔔 Follow and Support our channel! 🔔=== ► YOUTUBE:    / @threattalks   [https://www.youtube.com/channel/UCKutrBruTCCOd4p9Ob2gebQ]► SPOTIFY: https://open.spotify.com/show/1SXUyUE... [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbWZobmNIa0FGYjBpMXBTXzhETF9XbzN6Snlud3xBQ3Jtc0ttRmNYb21oUTZJam5fOXJMN3Q5a2Y5ZFJ1TmZBaE1KTTAzQXJCa1RRR3duWFVVYlZzcU9TUnNhUFdTOGw1cDVENi1KNV9YX203ekdiaXRGVmNfRlVmX1VkOG1IVXh6eG5yQzVVMmI2X3prS0l3T3VKdw&q=https%3A%2F%2Fopen.spotify.com%2Fshow%2F1SXUyUEndOeKYREvlAeD7E&v=dECAYCEjgb0]► APPLE: https://podcasts.apple.com/us/podcast... [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbUQ4TXVocnJiMy1lelhwSTJLYk5zSUFXVzhLZ3xBQ3Jtc0tsUDhiQk5fTmpsdWlBSDBFeVdIOW0yU09TSFQyNHJvejBBQ3ZoY1p1YTcxMXdWSzZWYlppVUlyTkZLMDJlM1J4S1lja3F2NWVkTUR6ZDJ3QXM4SGE0ajktWUpYWEswTF8ybWhvOG5kZlFmSmhoak81TQ&q=https%3A%2F%2Fpodcasts.apple.com%2Fus%2Fpodcast%2Fthreat-talks-your-gateway-to-cybersecurity-insights%2Fid1725776520&v=dECAYCEjgb0]👕 Receive your Threat Talks T-shirthttps://threat-talks.com/ [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa2Y4aVg5eHNHQ0wwd2phc3B3TXYtbDJhaEg0Z3xBQ3Jtc0ttWnBPaDI4REI0Z0RXZTJkcG83NU1XTXJMTGJTNHZZc2xZVUVwUmlHd3NocWxBWlNfVDlPZFlTSm43bDRUN2p1VU9uUWFRbFRGOHIyTlAwcWRrZURxcHRxakhmdUx3N0FUUVpFWktiUE1XZzMxaV9tSQ&q=https%3A%2F%2Fthreat-talks.com%2F&v=dECAYCEjgb0]🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbktndnlNNFVQS3JucjlzMnBfMnRUMVJ2bmdXd3xBQ3Jtc0tsVDNCcnkzWERvTHBJLVpXNGxXdWdUQ3U0VkNIOVdGWEgzdnlYMS1KWUVBdXlEZHkybzZJVjh5czMyejhfeFF0RzJ2ZjJyUXQ0T1pCRURpRk5nMGtaZnUxWHlDbkJEYVpiSU90OW1Jd000aEpwRzU4cw&q=https%3A%2F%2Fthreat-talks.com%2F&v=dECAYCEjgb0]🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Once you have defined a few protect surfaces (see: ⁠Step 1 of Zero Trust-video link below⁠), the next step is to start mapping the transaction flows: how these protect surfaces communicate with one another.   Understanding how data travels to, from and around protect surfaces is your next logical movie. Why? Because if you don’t know how your systems talk to each other, you can’t secure them.   In this episode of Threat Talks, host Lieuwe Jan Koning and Field CTO Rob Maas discuss how to identify communication paths between protect surfaces and why this visibility is critical for both risk containment and policy validation. They explore: ✅ How to identify communication paths ⛕The difference between inbound and outbound traffic (and why this matters) 🙋🏼‍♂️Why business owners and business context are essential Get all the details and insights on this second step of Zero Trust: mapping the transaction flows. Additional Resources: ► Zero Trust Step One: https://youtu.be/mC66i-tEEFs

Now that we know what a PLC, HMI and SCADA are (check out last week’s episode for a refresher if you need one!), we’re ready for part two of our OT deep dive: how does an OT attack work? In this Deep Dive, Rob Maas and Luca Cipriano break down just how complex an OT attack really is. From needing to stay hidden, to requiring access to very specific system settings and blueprints; setting up a successful OT attack (thankfully) is no easy task. But does that mean it’s easier to defend against them?Key topics:⚙️ How IT and OT attacks differ☠️ What the ICS cyber kill chain is🌎 How OT attacks can impact whole nationsJoin Rob and Luca for a discussion on the motivations behind OT attacks, how to bridge the gap between cybersecurity and engineering, and what we can do to prevent these high impact OT attacks. Additional Resources: ► Operational Technology for Dummies (Previous Episode): https://youtu.be/Pdp_OCf6npQ ► Inside Volt Typhoon: China’s Silent Cyber Threat: https://youtu.be/DSalzpj59RI ► Hack the Boat - cybersecurity on the high seas 🌊 - Threat Talks Cybersecurity Podcast: https://youtu.be/Xa0TJ3eRTCw

From heating systems in Ukraine to petrochemical plant safety controls, Operational Technology (OT) systems are the hidden workhorses behind critical infrastructure: and they're wide open to cyber threats.   In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it’s different from IT, where the two overlap and how we can start securing both before it’s too late.   Key topics: ⚙️ What OT is (and isn’t) 📉 Why IT and OT often don’t speak the same language 🛠️ Real-life OT cyberattacks (hello, FrostyGoop and TRITON) Welcome to OT 101: explained in plain language, with a healthy dose of practicality.