Best Best Practices For Cloud First Cybersecurity Podcasts (2025)

1
Root Causes 516: PQC for ADCS 13:39

18h ago13:39

13:39

Microsoft has finally announced that it will offer an update to Active Directory Certificate Services (ADCS, formerly MSCA) to support post quantum cryptography. We discuss Microsoft's checkered support for ADCS and offer some questions users should be asking.By Tim Callan and Jason Soroko

1
Root Causes 515: What Is Entropy-aware Governance? 14:51

4d ago14:51

14:51

Jason coins the term "entropy-aware governance" to describe the idea of using the degree of entropy it contains to measure the strength of any given secret. This could be an objective, consistent metric that could be applied to standard practices and requirements.By Tim Callan and Jason Soroko

1
Root Causes 514: Diary of an Online Firestorm 12:45

6d ago12:45

12:45

Tim describes how the addition of an item to the CABF face-to-face meeting agenda blew up into a panicked and outraged online thread. We discuss what a more functional response would have looked like.By Tim Callan and Jason Soroko

1
Root Causes 513: Is Revocation the Best Remedy for CPS Misalignment? 12:21

8d ago12:21

12:21

We continue our discussion of CPS misalignment by discussing the reasons for revocation as a remedy, its disadvantages, and the possibility of another solution that provides the same benefits at less cost.By Tim Callan and Jason Soroko

1
Root Causes 512: CPS Versus Practices Misalignment 12:41

11d ago12:41

12:41

We examine the circumstance where otherwise allowed practices are out of alignment with the stated practices in the relevant CPS. We discuss CA transparency and accountability, increased scrutiny of the CPS, and mass revocation.By Tim Callan and Jason Soroko

1
Root Causes 511: The GoML Root Store 15:41

16d ago15:41

15:41

We follow up on our discussion of the Get off My Lawn (GoTM) browser with Jason's adventure in creating his own custom root store.By Tim Callan and Jason Soroko

1
Root Causes 510: Introducing the GoML Browser 10:18

26d ago10:18

10:18

We discuss Jason's code vibing journey to create the Get Off My Lawn! (GoTM) browser. We discuss SSL certificate information, EV indicators, and cookie handling.By Tim Callan and Jason Soroko

1
Root Causes 509: What Is a CPS? 7:30

27d ago7:30

7:30

We define CPS (Certificate Practices Statement) and explain the role it plays in both the WebPKI and private CAs.By Tim Callan and Jason Soroko

1
Root Causes 508: What Is Code Vibing? 17:43

28d ago17:43

17:43

"Code vibing" is using generative AI to create or improve working code. We share Jason's adventure using code vibing to create his own web browser.By Tim Callan and Jason Soroko

1
Root Causes 507: First Distrust of 2025 9:32

1M ago9:32

9:32

The first CA distrust event of 2025 comes with two simultaneous CA distrusts. We give you the details.By Tim Callan and Jason Soroko

1
Root Causes 506: Recap of CABF Face-to-face #65 8:53

1M ago8:53

8:53

For the first time ever, Jason and I record an episode from the floor of the CA/Browser Forum face-to-face meeting. We recap the themes of this meeting, and Jason gives his first impressions of a CABF Face-to-face.By Tim Callan and Jason Soroko

1
Root Causes 505: Trust Now, Forge Later 10:33

1M ago10:33

10:33

In this episode we explain the potential for future quantum computers to break files signed today with RSA or ECC, called "Trust now, forge later."By Tim Callan and Jason Soroko

1
Root Causes 504: Jason Programs a Quantum Computer 17:48

1M ago17:48

17:48

Jason describes his recent experience using Amazon Braket.By Tim Callan and Jason Soroko

1
Root Causes 503: What Are Hybrid and Composite PQC? 8:03

2M ago8:03

8:03

We explain the difference between two strategies of PQC implementation, which we call hybrid and composite.By Tim Callan and Jason Soroko

1
Root Causes 502: The PQC Game of Chicken 10:59

2M ago10:59

10:59

In this episode Jason explains the fallacy of "playing chicken" with the Quantum Apocalypse. We discuss stack ranking and "eyes open" PQC risk decisions.By Tim Callan and Jason Soroko

1
Root Causes 501: Why Increasing RSA Key Size Won't Solve the Quantum Problem 3:35

2M ago3:35

3:35

In this brief episode we explain why the problem that Shor's Algorithm poses to RSA and ECC can't be solved simply by increasing key size.By Tim Callan and Jason Soroko

1
Root Causes 500: OMG! 500 Episodes of Root Causes! 20:46

2M ago20:46

20:46

Wow. It's episode 500 of Root Causes. Jason and Tim talk about how the podcast has evolved in the past six years, how it remains consistent, and the updates we're making to keep being a valuable resource for our listeners.By Tim Callan and Jason Soroko

1
Root Causes 499: Don't Blame Signal 8:37

2M ago8:37

8:37

The recent Signal controversy highlights the importance of understanding what protections an E2EE messaging app provides, and what it does not.By Tim Callan and Jason Soroko

1
Root Causes 498: UK NCSC PQC Guidance 15:31

2M ago15:31

15:31

The UK National Cyber Security Centre (NCSC) has released new PQC guidance. We take exception to the dates it gives and explain why.By Tim Callan and Jason Soroko

1
Root Causes 497: PQC Update with Sofia Celi 19:50

2M ago19:50

19:50

Guest Sofia Celi (IETF, Brave) returns to talk about important developments in post quantum cryptography. Sofia tells us about her candidate algorithm MAYO and what is happening with the NIST PQC onramp. We learn about KEM TLS and the status of PQC initiatives in IETF.By Tim Callan and Jason Soroko

1
Root Causes 496: E2EE Gmail 12:26

2M ago12:26

12:26

Gmail is now end-to-end encrypted for all recipients, regardless of the receiving client. We explain how Gmail accomplishes this trick.By Tim Callan and Jason Soroko

1
Root Causes 495: Trust Models and Post Quantum Cryptography 7:00

2M ago7:00

7:00

We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).By Tim Callan and Jason Soroko

1
Root Causes 494: Introduction to Trust Models 21:09

2M ago21:09

21:09

We explain the basics of trust models and compare various models including WebPKI, private CA, and consortium models.By Tim Callan and Jason Soroko

1
Root Causes 493: Disentangling Public and Private Certificate Use Cases 12:10

3M ago12:10

12:10

Changing root store requirements mean CAs must separate their root hierarchies for different certificate types. We explain why enterprises should consider private CA for some use cases.By Tim Callan and Jason Soroko

1
Root Causes 492: When Mandatory Security Training Sucks 19:36

3M ago19:36

19:36

In this episode we get excited about errors we see in mandatory security trainings.By Tim Callan and Jason Soroko

1
Root Causes 491: RSA's Non-quantum Threat 31:41

3M ago31:41

31:41

We are rejoined by Dr. Michele Mosca to explore the potential threat of RSA being broken even in the absence of a quantum computing attack.By Tim Callan and Jason Soroko

1
Root Causes 490: Chrome and Chromium 10:02

3M ago10:02

10:02

We define Chrome versus Chromium, explaining what each is and the difference between the two.By Tim Callan and Jason Soroko

1
Root Causes 489: Does AI Nullify E2EE? 12:04

3M ago12:04

12:04

Does AI kill end-to-end encryption? There is a contention that the presence of AI agents in the workstream will render your confidential information visible outside the encrypted communication channels and therefore that E2EE is pointless. We explore this argument.By Tim Callan and Jason Soroko

1
Root Causes 488: CABF Face-to-Face Meeting Update 5:37

3M ago5:37

5:37

We explain the major news items from the most recent CA/Browser Forum face-to-face meeting in Tokyo. Topics include MPIC, 47-day certificate term, and Temporary Restraining Orders.By Tim Callan and Jason Soroko

1
Root Causes 487: Security 2030 46:40

3M ago46:40

46:40

Jason and I take a peek forward at what we imagine IT security looks like in 2030. Topics include PQC, ZTNA, "green zones," deep fakes, IoT, connected cars, agentic AI, blockchain, and CLM.By Tim Callan and Jason Soroko

1
Why Cloud Identity is Your New Front Line in Cybersecurity 9:04

3M ago9:04

9:04

Stolen credentials. Risky login behavior. Shared accounts with no audit trail. Businesses that overlook identity management face serious security gaps, compliance challenges, and operational inefficiencies. Most cybersecurity strategies focus on firewalls and endpoint tools—but today, your real perimeter is every login. In this episode of Perimeter…

1
Root Causes 486: 47-day Maximum Term Ballot Passes CABF 11:11

3M ago11:11

11:11

Apple's ballot to step the maximum term for public SSL certificates down to 47 days has passed in the CA/Browser Forum. We explain.By Tim Callan and Jason Soroko

1
Root Causes 485: What Is Open MPIC? 20:28

3M ago20:28

20:28

Guest Dmitry Sharkov joins us to describe Open MPIC, the open-source project to help public CAs support MPIC.By Tim Callan and Jason Soroko

1
Root Causes 484: Multi Good Factor Authentication 12:46

3M ago12:46

12:46

We define multi good factor authentication, which is the idea that not all authentication factors are equal. We discuss the importance of considering authentication strength and the contextual nature of trust.By Tim Callan and Jason Soroko

1
Root Causes 483: Introducing the PQC Sandbox 22:40

4M ago22:40

22:40

We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows you to get quantum resistant certificates in your hands to understand how they work with your systems.By Tim Callan and Jason Soroko

1
Root Causes 482: Microsoft and PQC 14:38

4M ago14:38

14:38

In this episode we explore the potential PQC future for Microsoft Active Directory Certificate Services, aka MSCA. We discuss potential paths for Microsoft to take and their consequences.By Tim Callan and Jason Soroko

1
Root Causes 481: What Is Protocol Ossification? 11:49

4M ago11:49

11:49

Protocol ossification is the phenomenon whereby ecosystems fail to work correctly with the full range of options included in a protocol. This occurs when individual software components only partially support the capabilities that should be available. We define protocol ossification, explain how and why it occurs, give real world examples, and talk …

1
The Future of Work: Why the Modern Desktop Experience Changes Everything 10:27

4M ago10:27

10:27

Slow device setups. Frustrating VPN issues. Former employees still accessing company data. Businesses relying on outdated IT models face major security risks, lost productivity, and unnecessary costs. Most organizations focus on cybersecurity tools but ignore a foundational shift that could improve security, streamline operations, and boost employe…

1
Root Causes 480: White House PQC Executive Order 10:22

4M ago10:22

10:22

Many people believe that the Trump White House rescinded an important cybersecurity executive order from late days of the Biden administration. We set the record straight.By Tim Callan and Jason Soroko

1
Root Causes 479: AI Adversarial Machine Learning 13:10

4M ago13:10

13:10

In this episode we discuss the thinking on how adversaries can exploit the flaws in AI models to achieve unexpected and dangerous results. We explore some potential paths of defense against attacks of this sort.By Tim Callan and Jason Soroko

1
IT Lifecycle Management: The Foundation of Secure Operations 10:15

4M ago10:15

10:15

40% higher IT costs. Unpatched security gaps. Former employees still accessing company data. These are just a few of the risks businesses face when they don’t have a structured IT lifecycle strategy. Most organizations focus on cybersecurity tools but overlook the foundational issue: lifecycle management. Without a plan for tracking, securing, and …

1
Root Causes 478: Should We All Switch from RSA to ECC? 16:01

4M ago16:01

16:01

RSA is under attack. Even without the quantum threat, we face the possibility of smart new exploits reducing the viable RSA key space and rendering it unsafe. In this episode we discuss the merits of choosing ECC over RSA as soon as today.By Tim Callan and Jason Soroko

1
Root Causes 477: Comparative Security Philosophies 17:51

4M ago17:51

17:51

We discuss how various popular computing platforms approach security and highlight the differences between them.By Tim Callan and Jason Soroko

1
From Detection to Action: How SOAR Stops Cyberattacks in Minutes 15:40

4M ago15:40

15:40

287 days. That’s how long it takes—on average—to detect and contain a breach. Cybercriminals aren’t waiting for you to catch up. With automated attack methods and round-the-clock threats, small to mid-sized businesses (SMBs) can’t afford slow response times. Traditional security tools detect threats - but without automation, attackers have the uppe…

1
Root Causes 476: The Need for Security KPIs 16:34

4M ago16:34

16:34

Jason recounts a 2024 Black Hat talk about the need for objective measurements of our IT defenses and whether the good guys or bad guys are winning. Jason breaks down how to define and measure the impact of security measures.By Tim Callan and Jason Soroko

1
Root Causes 475: Can Your AI Scheme Against You? 15:56

5M ago15:56

15:56

It's the stuff of science fiction! Interesting research shows how today's AI technology is capable of lying to and scheming against its human owners in service of its goals.By Tim Callan and Jason Soroko

1
Why SIEM and Threat Detection Are Foundational for SMB Cybersecurity 12:17

5M ago12:17

12:17

Cybercriminals aren’t just targeting enterprises anymore. SMBs are in the crosshairs, and the consequences are costly. A single data breach can cost an SMB over $3 million, yet many businesses still lack the visibility needed to detect threats before it’s too late. In this episode of Perimeter Perspective, hosts Michael Moore and Alyssa Birchfield …

1
Root Causes 474: Explaining Shor's Algorithm 21:12

5M ago21:12

21:12

We talk a lot about Shor's Algorithm in our discussion of post quantum cryptography (PQC). In this episode Jason explains Shor's algorithm for non-quantum physicists.By Tim Callan and Jason Soroko

1
Root Causes 473: Does Security Software Lack Creativity? 10:08

5M ago10:08

10:08

Jason reports on a 2024 Black Hat keynote about how modern software development practices inhibit innovation and invention.By Tim Callan and Jason Soroko

1
Root Causes 472: AI Offensive Modeling 11:14

5M ago11:14

11:14

AI tools are now available to perform red-teaming activity for DevSecOps. Such tools are soon to be table stakes in the constantly escalating IT security arms race. Join us to learn more.By Tim Callan and Jason Soroko

Podcasts Worth a Listen

Best Practices For Cloud First Cybersecurity Podcasts

Podcasts Worth a Listen

Quick Reference Guide