Adventures of Alice & Bob

Hosted by Merchants Media

TechnologyInterviews guests

Website RSS feed

Episodes

103

Latest episode

Jun 2026

Language

About the show

Welcome to the Adventures of Alice & Bob Podcast, where we talk shop with pen testers, hackers, and the unsung heroes of the cybersecurity world about the human element of being on the front lines of cyber attacks. Produced by Merchants Media. For booking inquires, email booking@merchantsmedia.com RSSVERIFY

Listen to episodes

60 recent

June 12, 202655 min

Ep. 103 – Red teaming with Cats, Cheese, and Drones // Brent White & Tim Roberts

In this episode, James sits down with Brent White and Tim Roberts, senior principal security consultants and covert entry specialists at Dark Wolf Solutions. They trace a remarkable journey together from teenage hijinks exploring phone phreaking, bump keys and IRC channels in the early 90s to running full-spectrum physical red team operations against some of the most secure government facilities in the world. Along the way they share the lessons and common mistakes for anyone entering the field, drawn from years of hard-won experience, alongside some unforgettable stories. That includes a creative attempt to infiltrate a facility using a stray cat, the covert card-cloning clipboard they use to lift staff RFID badges in plain sight, and the unique challenge of explaining "weaponized cat" in a report destined for high-ranking officials. They also open up about their quieter work, volunteering to help law enforcement disrupt human trafficking rings and online predators, something they have been doing since they were teenagers.

May 22, 20261 hr 2 min

Ep. 102 - Lions, Gazelles, and Pig Butchering // Robert Siciliano

In this episode James talks to Robert Siciliano, certified speaking professional, bestselling author, private investigator, and creator of the Strategic Human Firewall. A man whose introduction to adversaries didn't come from a classroom but from being beat up in Boston aged 12. He has spent the 35 years since delivering the same uncomfortable truth, the biggest vulnerability in any system isn't the technology, it's the human trusting by default on the other side of the screen.Together they break down why phishing simulation training can cause a compliance trap that makes CISOs feel safe while leaving employees completely exposed, what the "human blind spot" is and why organized crime understands your psychology better than you do. Robert describes how AI has quietly turned pig butchering scams into the most lucrative fraud operation in human history. Taking us inside his personal undercover conversations with scammers, a deepfake video call with a woman named "Gloria," and the devastating real-world cost of these crimes that can cost people everything.

May 8, 202655 min

Ep. 101 – Cyber Security and the Art of Story Telling // Jeffrey Wheatman

In this episode, James Maude sits down with Jeffrey Wheatman, SVP and Cyber Risk Strategist at Black Kite and former 16-year Gartner VP, whose career started not in a SOC, but behind the counter of a hardware store in New York City. A stack of 2,600 magazines and a Novell NetWare training course later, he found himself in IT but quickly realized there was more than technology involved in security, there was a story to be told. In his career Jeffrey has coached nearly 500 CISOs on how to walk into a boardroom and actually be heard. Jeffrey explains why Hans Christian Andersen fairy tales make better security training tools than most vendor decks, why your choice of words might be quietly killing your credibility. He also discusses why AI isn't just a threat, it's an imperfect storm that is already tearing through your supply chain whether you're watching it or not.

April 17, 20261 hr 8 min

Ep. 100 - 100th Episode Celebration!

In this special milestone episode of Adventures of Alice & Bob, hosts James Maude and Marc Maiffret take a rare step back from interviews and headlines to celebrate reaching 100 episodes! From the accidental move that launched the podcast before Marc had even agreed to do it, to the guests whose stories stopped them cold - this episode is a love letter to the human side of cybersecurity and all of the great guests who have come on to share their stories. Marc and James are also joined for the first time on camera by the man who has silently made every episode possible: super producer Jesse Shirley. Expect honest reflections, genuine laughs, podcast highlights, and what's next for Adventures of Alice & Bob.

April 13, 202651 min

Ep. 99 – Breaches, Births and Battling BS // Rob Black

In this episode, James Maude sits down with Rob Black, founder and CEO of Fractional CISO, who started his career at RSA Security and had a front-row seat to one of the most consequential breaches in cybersecurity history, all while his wife was going into labor with their first child. From inventing patents at RSA to starting a one-man LinkedIn crusade against "SOC 2 in two weeks" scams, Rob's stories are equal parts entertaining and infuriating. He explains why compliance theater is actively making companies less secure, why your CEO needs to hear things with a dollar value, and why you should think about cybersecurity less like an asteroid and more like a roulette wheel. Plus, why the "Lexus of Fractional CISOs" doesn't own a single IoT device.

March 20, 202658 min

Ep. 98 – From Special Ops to Mob Boss // Dahvid Schloss

In this episode, James Maude sits down with Dahvid Schloss, CEO of Emulated Criminals who started his career in special operations comms and pivoted into “not defense” cyber operations for the U.S. military. From painting rocks green for the military to accidentally becoming "APT Big Daddy" in industry when his red team tools were detected triggered a security alert Dahvid’s stories are both entertaining and educational. He explains why cybersecurity is "the wedding industry of IT ", why red teams are failing their clients by not actually emulating real threats, and how that inspired him to become an (emulated) mob boss. Hear how shoveling snow can provide elevated access privileges, why you should write your own malware and reasons to rethink what’s in an ICMP packet.

March 20, 20261 hr 4 min

Ep. 97 - The Quantum State of Security / Pete Herzog

In this episode, James sits down with Pete Herzog, co-founder of ISACOM and creator of the OSSTMM — a comprehensive security control testing framework. He shares stories from his early days: hacking cigarettes vending machines to trade for access to computers, building a fake ID operation out of a college gerontology department, and social engineering his way onto the internet before most people knew it existed. But Pete isn't just telling war stories. He reveals how he helps unmask cybercriminals for law firms using metadata and fake account networks, explains why platforms and domain registrars are financially incentivized to protect scammers, and explains why people need help because the FBI won't touch a fraud case under $20 million anymore. From romance scam victims left with no recourse to rethinking where you place resources to secure systems, Pete shares why he thinks security isn't something we build — it's something written into the fabric of the universe, waiting to be discovered.

February 25, 202655 min

Ep. 96 - Hacking a Bank Through the Front Door (Literally) // Brandyn Murtagh

In this episode, James sits down with Brandyn Murtagh, founder of MurtaSec and top-ranked bug bounty hunter. He shares stories from his early days: learning exploitation from World of Warcraft at age 9, dropping out of college after three days, and how landing an apprenticeship at 16 led him from blue team analyst to elite penetration tester who's discovered critical flaws in banks, healthcare providers, and AI platforms. But Brandyn isn't playing it safe. He reveals how he chained public Wi-Fi access into complete bank control through IBM mainframes older than him, explains why a seven-character password limit enabled total financial system takeover, and demonstrates the reality of locking himself in server racks and wading through snow at 3 AM during physical security assessments. From 48-hour incident response marathons to fabricating funds at will, Brandyn shows why with enough time, anything can get popped eventually.

February 25, 202653 min

Ep. 95 - Phishing 2.0, Deepfakes, and the Death of 'Trust But Verify' // Tim Chase

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

December 27, 202558 min

Ep. 94 – Mistakes, Malware and Missile Industry Day // Silas Cutler

In this episode, James sits down with Silas Cutler, Principal Security Researcher at Census and founding member of Oni Scans, to explore his unconventional journey through threat intelligence and malware analysis. What happens when your first day as a SOC analyst takes down a Fortune 500 company—and Anonymous gets the credit? From accidentally causing international headlines to going undercover in ransomware gangs, Silas has built a career on creative problem-solving and community building. He's become Facebook friends with hackers he investigates, created Malshare (a community malware repository), and founded B-Sides Pyongyang—a security conference celebrating "Missile Industry Day" that started as a joke but attracted 490 attendees.