Security Cocktail Hour

Hosted by Joe Patti and Adam Roth

TechnologyInterviews guests

Website RSS feed YouTube

Episodes

Latest episode

Jun 2026

Language

EN-US

About the show

Security veterans Joe Patti and Adam Roth welcome a diverse lineup of cybersecurity and information security experts to share their insights at the virtual bar. From cutting edge topics like AI and Operational Technology (OT) to the realities of careers and mental health, you'll get the inside view of what's happening across the industry and what it's really like to work in these fields, from the people who do it every day. Reach us at feedback@securitycocktailhour.com or @SecCocktailHour on Twitter.

Listen to episodes

60 recent

June 2, 2026Episode 7846 min

Charles Bolden: Why Space Is Not Air-Gapped

Former NASA Administrator and astronaut Charles Bolden joins the Security Cocktail Hour to explain why space is not as isolated as people assume.We cover:Why mission control still sits in the middleWhy messages get routed, reviewed, and filtered before reaching a vehicleHow consumer devices expand the attack surface in spaceWhat cooperation in orbit teaches about security and civicsWhy he does not buy the hype about easy moon or Mars colonizationOrganizations mentioned in this episode:Intrepid Museum: https://intrepidmuseum.org/Astronauts for America: https://www.astronautsforamerica.org/

May 19, 2026Episode 7748 min

Your Stolen Car Can Track Itself

Modern cars are phones with wheels: GPS, telematics, connected apps, and data streams that can expose privacy risks, but also help recover a stolen vehicle before it disappears across jurisdictions.Maria Santos and Eugene Giordani, co-founders of Autoscope, join the Security Cocktail Hour to explain how law enforcement can use consent-based access to connected-car data after a theft. We talk about relay attacks, key cloning, license plate reader limits, built-in GPS, jurisdiction problems, AirTags, immobilizers, Faraday bags, dash cams, and the practical steps car owners can take before something happens.If you care about cybersecurity, connected vehicles, public safety, privacy, or just keeping your car in your driveway, this one is for you.Website: https://securitycocktailhour.comLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Follow us and share it with a colleague or friend who owns a connected car.

May 8, 2026Episode 7653 min

Drones Were Just the Beginning. Space Security Is Next.

In this episode, Ché Bolden joins us to talk about drone security, uncrewed systems, satellite security, GPS, autonomy, counter-drone defense, and the growing cyber risks around space-based infrastructure. We get into how drones were originally secured, why unencrypted links were such a problem, how command-and-control attacks can work, and why space is now part of the security conversation.This conversation sits at the intersection of cyber security, drone warfare, satellite security, space security, and the future of connected systems. If you care about drones, satellites, GPS, cyber risk, or the security of critical infrastructure, this episode is worth a listen.GuestChé BoldenLearn more:bolden.groupinterastra.institute

April 20, 2026Episode 7553 min

Zero Trust in Orbit: Getting Satellite Security Off the Ground | Joe South

Joe South joins the Security Cocktail Hour to discuss the state of communication satellite security and the doctoral research he is doing to change it. Joe is Director of Cloud & AI Security at Abira Security and hosts the Security Unfiltered podcast, one of the larger independent cybersecurity podcasts. The conversation covers what satellite defense actually looks like today: why most of the security is at the ground station rather than on the satellite itself, what happens when CubeSats stay in orbit for 10 to 12 years without meaningful patching, and how a zero trust framework could be made to work on hardware that operates on less than three watts of power. Joe walks through his proposed approach, which combines TPM-based component authentication with a distributed trust ring across satellite orbits.We also get into cyber warfare and the attribution problem, the strategic implications of a compromised satellite fleet, and Joe's personal story about building self-sufficiency. If you work in cloud, infrastructure, or national security and have never had space in your threat model, this is a good place to start. Guest: Joe South, Director of Cloud & AI Security at Abira Security, host of Security Unfiltered (securityunfiltered.com), doctoral candidate at Capital Technology University.Subscribe to the Security Cocktail Hour newsletter at securitycocktailhour.com for a biweekly read on cybersecurity news and upcoming episodes.

April 6, 2026Episode 7459 min

How Drones in Public Safety Went From "That's a Toy" to 1,000 Programs | Matt Sloane

Matt Sloane has spent 13 years in the drone industry, working with over 1,000 public safety agencies to build and operate drone programs. As Co-Founder and Chief Strategy Officer of SkyfireAI, he's at the intersection of drone operations, AI-enabled autonomy, and national security policy.In this conversation, Matt covers how drone first response (DFR) programs are changing 911 operations, why the FAA's upcoming Part 108 framework will prioritize autonomy over human pilots, how counter-UAS mitigation actually works (with memorable stories from the Super Bowl and World Cup preparations), and what he told the White House about the Chinese drone ban's impact on American public safety agencies.Supply chain risk from Chinese-made drones mirrors the Hikvision and Huawei debates. Counter-UAS involves signal jamming and RF detection. Autonomous drone systems are expanding the attack surface in ways most security programs haven't accounted for yet.

March 23, 2026Episode 7340 min

What Happens When an Iranian APT Targets You Personally | Amanda King

Amanda King was a Senior Director of Breakthrough Technology at an aerospace and defense company when she learned she was on a list of 77 people specifically targeted by Iran's Charming Kitten APT group. In this episode, she tells the full story: how the Associated Press tried to reach her three times, what the attackers accessed, how a US government agency got involved, and what she changed in her personal and professional life afterward.The conversation covers the real-world experience of being targeted by a nation-state actor, the gap between corporate and personal security, what it's like when a three-letter agency asks for access to your life, and how the experience shaped Amanda's approach as she moved into executive roles. Amanda also shares her perspective on resilience, including her cancer journey, and a practical framework for processing difficult experiences.Hosts: Joe Patti and Adam Roth. Recorded March 14, 2026.

March 11, 2026Episode 721 hr 28 min

Drones Are the Next Cyber Weapon — And We're Not Ready

Luke Canfield has been building, flying, and hacking drones for years. In this episode, he walks us through the real intersection of drones and cybersecurity — war-flying attacks on financial institutions, cartel drone operations at the US-Mexico border, DIY drone building with no attribution, and why "security exists in three dimensions."Topics covered:War-flying: aerial man-in-the-middle attacks with drone-mounted Wi-Fi Pineapples3 real cases of drone-based cyberattacks against financial institutionsMexican cartels: 330+ drone incursions/day at the US borderUkraine: how the conflict advanced drone tech by 15 yearsDrone detection: RF tracking, acoustic sensors, radar, AIFAA regulations and fines up to $100KDisaster response: mesh networks and radio repeaters via dronesThe coming Part 108 era and why a fake Amazon drone is the next attack vectorGuest: Luke Canfield — cybersecurity professional and drone security researcherLearn more: https://www.lsechub.comConnect: securitycocktailhour.com | Newsletter: securitycocktailhour.com/newsletter

February 23, 2026Episode 7149 min

Breaking Vulnerability Management's 30-Year Logjam: Two Cyber Veterans Attack It With AI

Sharon Isaaci and David Warshavski spent careers on the offensive side of cybersecurity — breaking into organizations, finding zero-days, and cleaning up after the breaches that followed at Sygnia, Israel's premier incident response firm. After hundreds of engagements, they kept finding the same thing on both sides of the wire: breaches happen not because vulnerabilities go undetected, but because they go unmanaged.Vulnerability management has been stuck for 30 years. More tools, more alerts, more dashboards — and vulnerability exploitation as a breach cause nearly tripled in 2024 alone. When ChatGPT arrived in late 2022, Sharon and David saw the missing piece: the organizational context that could fix the problem had always existed, scattered across Slack, email, wikis, and internal tools. GenAI finally made it possible to pull that together at scale.In this conversation, we get into how two practitioners who've spent careers attacking organizations are now applying that attacker's lens — automated with AI — to break open a field that's resisted change for decades. We cover why visibility was never the real problem, what context-driven prioritization actually looks like, and what it takes to mobilize the people who do the patching.This one is for practitioners who've lived the frustration. And for anyone watching AI get applied to a real, stubborn problem — not as a marketing claim, but as the thing that finally moves the needle.Follow us for more conversations with practitioners who've been in the trenches.00:00 Intro & Guest Introductions05:35 Vulnerability Management: Still a Problem09:45 AI as a Security Solution, Not a Problem15:47 Visibility is Easy; Context is Hard29:46 Leveraging the Hacker Mindset35:29 We Need Less Findings, Not More42:39 We're in Exciting TimesWebsite: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

February 3, 2026Episode 7053 min

Securing Mars Rovers and Space Stations with NASA's Former CIO Renee Wynn

What happens when your security perimeter extends to Mars—and MFA isn't an option?In this episode of the Security Cocktail Hour, we sit down with Renee Wynn, former CIO of NASA, to explore what cybersecurity looks like when traditional frameworks simply don't apply.Renee Wynn managed IT for some of humanity's most critical infrastructure: Mars rovers, the James Webb Space Telescope, the International Space Station. We cover the unique challenges of cybersecurity in the aerospace, defense and space fields—and what those constraints teach us about security thinking more broadly.Early in the discussion, Renee emphasizes: "We always have to make sure we don't have a failure of imagination when we're looking at these risk-based decisions." This is the kind of mindset shift that shapes great security leaders. We also explore how she navigated government oversight, built trust with federal auditors, and led through constraints that forced her to rethink everything.Whether you work in government, private sector, or dream of expanding your security career into new industries—this conversation will broaden how you think about what's possible.00:00 Introduction & The Coolest Resume in Cybersecurity00:51 No Multi-Factor Authentication on Mars: Securing Assets Beyond Earth02:54 Navigating Oversight: How to Build Trust With Government Auditors15:00 Failure of Imagination: Rethinking Risk Assessment in Extreme Environments35:00 Leadership Lessons: Thinking Bigger in SecurityWebsite: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Follow us and share with colleagues who'll enjoy honest discussions among security professionals.

January 19, 202630 min

Why Cybersecurity is Ripe for Disruption | John Strand | Part 2

In part 2 of our discussion, John Strand tells us how the cybersecurity industry has turned stagnant, with a lack of innovation and an investment model that isn't going to turn that around any time soon. We explore why venture capital funding hasn't led to the breakthrough products the industry needs, and what's holding back real innovation. John also highlights the leaders in the security industry who are actively giving back to the community, and he and Adam try to one-up each other over who's stayed in the most disgusting hotel room.00:00 Intro00:12 Security is Ripe for Disruption06:19 Better Investors = Better Security Products10:22 Security is Awesome12:43 Scaling Conference Talks15:54 John's Advice on Guests17:30 A Great Set of People23:18 Bad Hotels, Good People29:10 Wrapup29:54 OutroThis is Part 2 of our conversation with John Strand. Website: https://securitycocktailhour.comNewsletter: https://securitycocktailhour.com/newsletterLinkedIn: https://www.linkedin.com/company/security-cocktail-hourTwitter/X: @SecCocktailHourEnjoyed this episode? Subscribe and share with colleagues who'll enjoy honest discussions among security professionals.