In this episode, we’ll explore what quantum computing might mean for the world of security in the future, and the concrete measures the banking sector is taking to prepare for it. Robby is joined by Ulf Larsson, Security CTO at the SEB Group, a leading financial services group in the Nordics, to discuss the work he’s been doing on the potential impact quantum computing will have on his sector, what it can do with our ability to protect data, and preparing his bank to be quantum safe by 2030. The...
Jun 18, 2025•28 min
Magic Cat (part 1) with security researchers Erlend Leiknes and Harrison Sand Darcula is a phishing-as-a-service operation targeting victims globally. Over the past 1.5 years, mnemonic researchers and an international investigative reporting team have been looking into the technology, operations and individuals connected to this crime group. In this episode, Robby speaks with mnemonic's Erlend Leiknes and Harrison Sand about the findings from their technical investigation, offering a rare look b...
Jun 02, 2025•1 hr 2 min
Magic Cat (part 2) with investigative journalist Martin Gundersen This is the second part of our series about our investigation into Darcula, a phishing-as-a-service operation targeting victims globally, and the phishing kit platform Magic Cat. Over a period of 1,5 years, mnemonic researchers and an international investigative reporting team from the Norwegian media agency NRK, together with French Le Monde and German BR, looked into the technology, operations and individuals connected to this s...
Jun 02, 2025•45 min
We are all negotiating, in one way or another, every single day. In this episode, we’re joined by someone that has not only mastered the skill of negotiation, she’s traveling worldwide doing negotiating training, particularity for technology companies; Tine Anneberg, Founder & CEO of CREOSUM Create Impact – part of the SMARTnership Negotiation Organization. Tine and Robby talk about the benefits of taking a collaborative approach to negotiations, the value of trust, and why curiosity is the ...
May 19, 2025•34 min
As a manager, there's no getting around the fact that how well people like and trust you matters. According to this week’s guest, Patric J.M. Versteeg – CISO at Viterra, a global agricultural network operating in 39 countries, trust and likability are even more critical in security than in many other fields. Last year, Patric was named European CISO of the Year. With over two decades of experience in the role, it’s safe to say he knows a thing or two about what makes a strong leader in the world...
May 05, 2025•33 min
In this episode, Robby speaks with Harry Wetherald, Co-Founder and CEO of the security platform Maze, about the current wave of LLM innovation in security and how to separate real progress from marketing fluff. Drawing on his experience building security products, Wetherald shares how large language models are changing the way we approach vulnerability management, what to ask vendors about their "AI" claims, and why UX may be just as important as the models themselves. Send us a text...
Apr 21, 2025•39 min
In this episode of the mnemonic security podcast, Robby speaks with Knut Elde Johansen and Øyvind Bergerud from Storebrand about their transformation from early cloud challenges to established cloud maturity. They discuss how Storebrand shifted from outsourced IT to building a modern, in-house cloud infrastructure, and how security evolved alongside it. From implementing policy as code to enabling developers through threat modelling, purple teaming, and CNAPP, Knut and Øyvind share hard-earned l...
Apr 01, 2025•40 min
In this episode of the mnemonic security podcast, Robby is joined by Ricardo Ferreira, CISO EMEA at Fortinet, to explore the power of policy as code and its role in technical resilience. Ferreira explains how organisations can move beyond manual processes to automate security policies, reduce complexity, and enhance agility. They discuss cloud transformation, the challenges of enforcing policy at scale, and why automation and cultural change are essential for security teams. Plus, the growing ro...
Mar 31, 2025•36 min
In this episode of the mnemonic security podcast, Robby is joined by Bernard Montel, EMEA Technical Director & Security Strategist at Tenable, to break down the evolution of vulnerability management into exposure management. Bernard explains how security has shifted from traditional vulnerability scanning to a broader approach that considers misconfigurations, attack paths, and identity risks. They discuss why most breaches stem from a toxic combination of exposures, the growing complexity o...
Mar 17, 2025•35 min
Audio-visual (AV) equipment is everywhere – meeting rooms, auditoriums, and control centres – but how often do we think about its security? In this episode of the mnemonic security podcast, Robby talks to Øystein Stadskleiv from Leteng, about the overlooked risks of AV systems. They discuss real-world attack scenarios, common vulnerabilities, and practical steps to secure AV infrastructure. Send us a text...
Mar 03, 2025•36 min
In this episode of the mnemonic security podcast, Robby is joined by Emil Vaagland, Security Manager at FINN.no, Norway’s leading online marketplace. They discuss the unique security challenges of a cloud-first, developer-heavy organisation, covering everything from vulnerability management and secure coding, to fraud detection and access control. Vaagland shares insights into their approach to bug bounties, DevSecOps, and balancing security with developer efficiency. Send us a text...
Feb 17, 2025•34 min
In this episode of the mnemonic security podcast, Robby is joined by Dustin Childs, Head of Threat Awareness at Trend Micro’s Zero Day Initiative (ZDI). Dustin explains the ZDI’s role in purchasing and analysing vulnerabilities to provide early protection for customers and how zero days – previously unknown vulnerabilities – become "n-days" once disclosed or patched. The conversation highlights the critical importance of timely patching, the risks posed by bad patches, and the concept of virtual...
Feb 03, 2025•43 min
In this episode of the m nemonic security podcast , Robby is joined by Eirik Nordbø and Marius Kotlarz from Equinor, as well as Haakon Staff from mnemonic. Together, they discuss the world of Capture the Flag (CTF) competitions, exploring their origins, structure, and benefits. CTFs, as they explain, are “hacking” contests featuring challenges such as cryptography and reverse engineering, where participants solve tasks to uncover "flags" and earn points. The discussion highlights the educational...
Jan 20, 2025•44 min
To kick off 2025, Robby chats with Duncan Ogilvie, a renowned expert in Reverse Engineering (RE), the creator of x64dbg (a popular open-source x64/x32 debugger for Windows), and the mind behind 100+ other cool projects. Their conversation covers the evolving field of RE, discussing common challenges, practical techniques, and how professionals navigate the landscape. Duncan also shares his insights on the current tools shaping the field, explores the role of "AI" in RE, and speculates on what th...
Jan 06, 2025•52 min
In this episode of the mnemonic security podcast, Robby is joined by Tony Fergusson, CISO EMEA at Zscaler. They start with a market update on Zero Trust and discuss the challenges relating to adoption that he has observed (ever heard of the Popcorn Theory?). Fergusson then introduces the concept of risk hunting – a proactive strategy to identify and mitigate risks before they escalate into breaches – and explains how it relates to threat hunting. He emphasizes the importance of least privilege, ...
Dec 16, 2024•46 min
In this episode of the mnemonic security podcast, Robby is joined by Scott Piper from Wiz and Håkon Sørum from O3 Cyber to talk cloud security. They cover the evolution of cloud security products since Amazon's release of S3 and EC2 in 2006 and how the market has matured into the CNAPP we know today. They chime in on most of the buzzwords associated with CNAPP, including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP), Cloud Infrastructure Entitlement Manageme...
Dec 02, 2024•44 min
In this episode, Robby is joined by Maximilian Heinemeyer, Chief Product Officer at Darktrace. The conversation focuses on Max's perspective on detection engineering and the use of machine learning. He shares his opinion on the limitations of traditional, signature/behaviour-based detection methods and the challenges organisations face when building complex detection engineering systems. Max contrasts these traditional approaches with the unsupervised machine learning techniques used by Darktrac...
Nov 18, 2024•41 min
In this new episode of the mnemonic security podcast, Robby Peralta is joined by Leonid Rozenberg, a cybersecurity expert and dark web researcher at Hudson Rock, to discuss infostealers. Rozenberg provides a brief history of infostealers, which began with Zeus in 2007, a malware initially designed to steal only banking information. Today, infostealers have evolved to capture all types of personal and sensitive data, including passwords, cookies, and cryptocurrency information. Infostealer malwar...
Nov 04, 2024•37 min
Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly "critical" in a landscape where every sector claims importance. They explore the difficulty in distributing security investments across industries...
Oct 14, 2024•36 min
KraftCERT trusselvurdering 2024 | In Norwegian only In this episode, Robby is joined by Espen Endal and Bjørn Tore Hellesøy from KraftCERT/InfraCERT - the Norwegian CERT for the energy and petroleum sectors. The trio discuss the Threat Assessment report recently published by KraftCERT/InfraCERT, and the unique challenges the Norwegian energy sectors are facing. They touch into topics such as threat evaluation, insider threats, countermeasures, and the importance of maintaining robust security pr...
Sep 30, 2024•41 min
In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers. Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber preparedness at the Danish Energy Agency, and served as a subject matter expert for SCADA, OT, ICS and IoT at the Danish Center for Cyber Security. In the di...
Sep 16, 2024•33 min
In this episode of the mnemonic security podcast, Robby is joined by Matt Cooke from Proofpoint. They discuss the evolving landscape of email security, emphasising the need for a multi-layered approach beyond traditional prevention methods, as well as the importance of pre-delivery, post-delivery, and click-time protection to combat phishing and business email compromise (BEC) attacks. Matt notes that 76% of data breaches involve human error, and stresses the significance of threat intelligence ...
Sep 09, 2024•39 min
In this special, celebratory 100th episode of the mnemonic security podcast, Robby speaks with author and industry legend - Jon DiMaggio. Jon is the Chief Security Strategist at Analyst1 and has over 15 years of experience hunting, researching, and writing about advanced cyber threats. As a specialist in enterprise ransomware attacks and nation-state intrusions, Jon authored several investigative reports, including Robby´s favourite, “The Ransomware Diaries”, and also wrote the award-winning boo...
Aug 26, 2024•47 min
In this week's episode, Robby talks with his friend Keven Hendricks, a law enforcement veteran with extensive experience in dark web and cryptocurrency investigations. They explore topics like dark web forums, cryptocurrency's role in illegal activities, and the difficulties law enforcement encounters when monitoring these areas, especially with privacy coins like Monero. Keven emphasizes the need for companies to take a ‘boots on the ground’ approach to monitoring dark web activities, rather th...
Aug 19, 2024•42 min
Many are familiar with cybersecurity penetration testing – ethical hacking to uncover digital weaknesses. But what about the real-world threats to your company's physical security? How confident are you in your locks, cameras, and physical security measures to protect your sensitive data or equipment? In this episode, Robby speaks with Brian Harris, a leading expert in physical penetration testing as a part of Black Teaming. Black Teaming is a type of security assessment that simulates an attack...
Aug 05, 2024•48 min
Have you ever worked alongside a machine learning engineer? Or wondered how their world will overlap with ours in the "AI" era? In this episode of the podcast, Robby is joined by seasoned expert Kyle Gallatin from Handshake to enlighten us on his perspective on how collaboration between security professionals and ML practitioners should look in the future. They discuss the typical workflow of an ML engineer, the risks associated with open-source models and machine learning experimentation, and t...
Jul 01, 2024•27 min
Operationalising threat intelligence is back on topic for the mnemonic security podcast! Making a return to the podcast is Joe Slowik from MITRE Corporation, where he is the CTI Lead for MITRE ATT&CK and also Principal Engineer for Critical Infrastructure Threat Intelligence. Also joining is Jeff Schiemann, an industry veteran and CISO at one of the world's first crypto banks. The conversation ventures across how security teams are currently using threat intelligence, the importance of frame...
Jun 17, 2024•46 min
When we talk about securing an organisation’s assets, we most often mean its data, devices, servers, or accounts, but are we doing enough to secure the group of people leading the company? Or the ones doing high risk work on behalf of the organisation? To discuss the importance of securing high-risk individuals, like journalists, politicians and executives, Robby is joined by an expert in this field, Runa Sandvik, journalist, security researcher and founder of Granitt. At Granitt, Runa works wit...
Jun 03, 2024•31 min
For this episode, Robby is once again joined by Eoin Wickens, Technical Research Director at HiddenLayer, an organisation doing security for Machine learning (ML) and Artificial Intelligence (AI). It is not too long ago since Eoin last visited the podcast, (only 7 months,) but lots has happened in the world of AI since. During the episode, he talks about some of the most significant changes and developments he’s seen the last months, how models are getting smarter, smaller and more specific, and...
Apr 15, 2024•39 min
Data Brokers and Data Removal Services What does the process of removing your online presence look like? And how would you handle the data brokers that have collected your personal information with just a few clicks of the mouse to sell to other companies? To answer this, we’re joined by an expert in this field; Darius Belijevas, Head of Incogni, a service that automates user personal data removal from data brokers. Darius shares from his research on data brokers and their business models, and e...
Mar 25, 2024•37 min
