Adventures of Alice & Bob

In this episode, James sits down with Pete Herzog, co-founder of ISACOM and creator of the OSSTMM — a comprehensive security control testing framework. He shares stories from his early days: hacking cigarettes vending machines to trade for access to computers, building a fake ID operation out of a college gerontology department, and social engineering his way onto the internet before most people knew it existed. But Pete isn't just telling war stories. He reveals how he helps unmask cybercriminals for law firms using metadata and fake account networks, explains why platforms and domain registrars are financially incentivized to protect scammers, and explains why people need help because the FBI won't touch a fraud case under $20 million anymore. From romance scam victims left with no recourse to rethinking where you place resources to secure systems, Pete shares why he thinks security isn't something we build — it's something written into the fabric of the universe, waiting to be discovered.

In this episode, James sits down with Brandyn Murtagh, founder of MurtaSec and top-ranked bug bounty hunter. He shares stories from his early days: learning exploitation from World of Warcraft at age 9, dropping out of college after three days, and how landing an apprenticeship at 16 led him from blue team analyst to elite penetration tester who's discovered critical flaws in banks, healthcare providers, and AI platforms.

But Brandyn isn't playing it safe. He reveals how he chained public Wi-Fi access into complete bank control through IBM mainframes older than him, explains why a seven-character password limit enabled total financial system takeover, and demonstrates the reality of locking himself in server racks and wading through snow at 3 AM during physical security assessments. From 48-hour incident response marathons to fabricating funds at will, Brandyn shows why with enough time, anything can get popped eventually.

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

In this episode, James sits down with Silas Cutler, Principal Security Researcher at Census and founding member of Oni Scans, to explore his unconventional journey through threat intelligence and malware analysis. What happens when your first day as a SOC analyst takes down a Fortune 500 company—and Anonymous gets the credit?

From accidentally causing international headlines to going undercover in ransomware gangs, Silas has built a career on creative problem-solving and community building. He's become Facebook friends with hackers he investigates, created Malshare (a community malware repository), and founded B-Sides Pyongyang—a security conference celebrating "Missile Industry Day" that started as a joke but attracted 490 attendees.

In this episode, James and Marc sit down with Aaron Portnoy, Head of Research at MindGuard and founder of Pwn2Own.He shares stories from his early days: learning exploitation from anonymous IRC hackers, getting visits from both the IRS and FBI, a chance meeting with HD Moore at a party, and how his ability to reverse engineer fast led him to become the youngest manager at Zero Day Initiative where he helped create the Pwn2Own competition.

But Aaron isn't living in the past. He reveals how he found a persistent RCE in Google's brand-new Anitgravity IDE within its first 24 hours, explains why AI security is fundamentally broken, and demonstrates how AI agents become insider threats that enterprises can't control or understand. From six-hour firewall exploits to decimal IP bypasses, Aaron shows why the attack surface has become "literally endless."