Plan-B Security

Hosted by Mike Mackintosh

Technology

Website RSS feed

Episodes

Latest episode

Feb 2026

Language

EN-US

About the show

Things don't always go according to plan, but they also don't have to go perfect. Having a Plan B is all about being prepared for the unexpected and know how to stay cool under pressure. The Plan B Security Podcast is here to keep you thinking about the unexpected things in security, giving you perspective from the technology side, the business side and the backside. DISCLAIMER: Views are my own and not that of my employer. Plan-B Security is a registered trademark.

Listen to episodes

37 recent

February 8, 2026Episode 419 min

S3E4 - Back to the Future with AI

Great Scott, we've seen this before.If you could climb into a DeLorean and travel back through your organization's identity management history, you'd find the same pattern repeating at every stop. 2014: overprivileged Active Directory service accounts. 2017: Hadoop credentials nobody remembers creating. 2021: Tray.io integrations that are "too risky to rotate."Different year. Same mistake. And if my calculations are correct, your AI agents are about to become the next entry in this timeline.In this episode, we'll fire up the flux capacitor and take you on a tour through twenty-five years of IAM failures. From Operation Aurora through SolarWinds to the no-code revolution. The lesson? We keep traveling back to the same problems because we never actually fix them. We just give them new technology to hide behind.

February 2, 2026Episode 124 min

S3E3 - MCP: Model Credential Problems

MCP promised to be the USB-C of AI agents, a universal bridge to your tools, APIs, and data. But when the setup docs tell you to copy cookies out of Chrome DevTools and paste them into plaintext config files, something has gone very wrong. This episode traces a year of MCP security breaches from tool poisoning to full supply chain compromise, unpacks the IDE vulnerabilities turning developer laptops into open doors, and makes the case that credential brokers, not user discipline, are the architectural answer. If your AI agents hold raw OAuth tokens, this one's for you.

December 14, 2025Episode 220 min

S3E2 - Your Development Lifecycle Has A Worm Problem

In 1983, Ken Thompson warned us: you can't trust code you didn't write yourself. Forty-two years later, a worm called Shai-Hulud proved him right after compromising thousands of packages in hours. Software supply chain attacks aren't just theoretical anymore, they're automated, self-replicating, and could be spreading through the packages your team installed this morning. We break down the s1ngularity and Shai-Hulud campaigns, explain why attackers target developers differently than customers, and give you seven things you can do this week to stop being an easy target.

December 8, 2025Episode 119 min

S3E1 - Faux-gentic Agents: Understanding the Lethal Trifecta of AI

AI systems are all the buzz - and for good reason! The productivity gains are real! But do the risks outweigh the gains?Every AI agent you deploy has three capabilities: what it can see, what it can access, and what it can do. Combine all three, and you've handed attackers a skeleton key. In this episode, we dig into Meta's Agents Rule of Two framework and show you exactly how to build customer service bots, fraud detection systems, and inbox assistants that can't be weaponized.

October 23, 2024Episode 1024 min

S2E10 - When Good Ideas Fail Good Companies: The Dream of Chaos Free Implementation

Join us as we explore the treacherous waters between perfect security planning and real-world implementation. Drawing surprising parallels between the Battle of Trafalgar's communication challenges and modern cybersecurity struggles, we dive into seven critical security initiatives that often fail even the most capable companies. From zero trust architecture to passwordless authentication, we examine why brilliant ideas sometimes sink faster than a lead anchor - and more importantly, how to keep them afloat. The perfect intersection of historical insight and modern security challenges, this episode reminds us that sometimes the best security strategy isn't the most elegant – it's the one your team can actually execute.

October 15, 2024Episode 916 min

S2E9 - IAM Nocturnal: Seeing Through The Dark of Identity Access Management

In this hoot of an episode, we've taken a nocturnal flight through the fascinating world of User Behavior Analytics, guided by the wisdom of our feathered friends, the owls. Just as these majestic birds use their UV-powered pick-up lines to find the perfect mate, we've explored how UBA can help you find the perfect balance between trusting your users and verifying their actions. You'll walk away with a toolkit full of insights on implementing UBA in Okta, turning your security system into a wise old owl that can spot a rat from a mile away. Whether you're dealing with midnight oil burners or potential security breaches, you'll be equipped to handle it all with the grace of an owl gliding through the digital forest.

October 10, 2024Episode 830 min

S2E8 - Reaping What You Sow In the Open Source World

Discover how to navigate the rich landscape of open source, from safely integrating external code to contributing your own digital harvest back to the community. Learn practical strategies for implementing a robust Software Bill of Materials (SBOM), managing dependencies, and governing your open source program effectively. Explore the parallels between autumn's vibrant farm stands and the diverse ecosystem of open source projects, and gain insights on balancing innovation with security. Whether you're a seasoned tech farmer or just starting to cultivate your digital fields, this episode offers a cornucopia of actionable advice to help your organization reap the benefits of open source while mitigating potential risks.

September 29, 2024Episode 722 min

S2E7 - Benefit vs Burden: The Legal Labyrinth of Cyber Security

In this thrilling episode of Plan B Security, we're diving headfirst into the treacherous Legal Labyrinth of cybersecurity. Picture this: You're a valiant CISO, armed with firewalls and patched systems, suddenly faced with a dragon named "Negligence" breathing hot legal fire your way. We'll guide you through this maze of bits, breaches, and bureaucracy, showing you how to slay the beast of data negligence and rescue Princess Data from the clutches of cybercriminals and overzealous attorneys general. From the perils of leaving your claims file on the digital equivalent of a park bench (we're looking at you, Harleysville Insurance!) to the pitfalls of playing ostrich with your head in the sand, we'll equip you with the knowledge to navigate the murky waters of FTC actions, state AG smackdowns, and the ever-looming specter of privilege waiver. So grab your digital sword and shield, and join us on this quest to keep your data safe and your legal team off your back. Remember, in the realm of cybersecurity, there's always a Plan B!

September 22, 2024Episode 626 min

S2E6 - To Build or To Buy, That’s Not In My Budget

Build vs Buy is a tale as old as time - something every business leader has been challenged with deciding. In this episode, we talk about 5 scenarios on when building vs buying make sense from not just a security perspective, but also a procurement and data privacy perspective. From building your own SIEM to data sharing platforms, we talk about our own experiences and when constraints help you go faster or when they'll slow you down.

September 14, 2024Episode 520 min

S2E5 - No Party Like a Third Party

Whether you’re big or small company or maybe even a solo entrepreneur, third-party risk management is a key part of your business staying secure. In this episode, we talk about a few ways to get ahead of all the international regulations that require compliance with third-party risk programs. As you listen, be sure to pause and apply some of the key concepts into your own business whether it’s data mapping or risk mapping two and from a vendor. So grab your favorite snack and your favorite beverage and let’s get ready to have a party.