Podcast thumbnail for Data Security Decoded

Data Security Decoded

Claim This Podcast

by Rubrik

57 episodes
Updated Daily
Accepts GuestsHas SponsorsLocation 🇺🇸

Podcast Overview

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

Language

🇺🇲

Publishing Since

12/20/2022

1 verified contact email on file for Data Security Decoded

Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.

Recent Episodes

Episode thumbnail for Defending the Authentication Flow: Device Code Phishing with Selena Larson

June 30, 2026

Defending the Authentication Flow: Device Code Phishing with Selena Larson

This episode delivers critical battlefield stories regarding the operational reality of modern identity based threats. Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast and the Only Malware in the Building podcast, joins host ⁠Caleb Tolin⁠ to detail the specific mechanics of device code phishing campaigns, revealing how adversaries exploit legitimate communication structures to capture administrative and enterprise access. The discussion centers on the rapid commercialization of cybercrime, highlighting the leak of specialized kits in late 2025 that catalyzed the democratization of sophisticated technical exploits. The conversation unpacks the behavioral patterns of specific threat groups, analyzing the intersection of business email compromise, credential harvesting, and account takeover jumping. Selena explains how opportunistic targeting allows threats to pivot horizontally through trusted external supplier networks and specific industry verticals. Rather than focusing solely on defensive theory, the dialogue transitions into hard technical controls, challenging the long-term viability of traditional security awareness programs. Defenders are provided with direct architectural recommendations, including the precise deployment of conditional access policies and rigid device compliance frameworks designed to stop unauthorized authentication attempts before execution. What You'll Learn Core operational mechanics behind the exploitation of Microsoft OAuth authentication workflows. Historical transition from early red team utility testing to commercialized phishing platforms. Impact of leaked cyber criminal source code on the current volume of identity attacks. Analytical methods to distinguish between intentional industry targeting and opportunistic account jumping. Strategic deployment of conditional access policies to terminate unauthorized authentication capabilities. Technical constraints of legacy security awareness training against modern behavioral engineering. Structural integration of strict device compliance validation within identity perimeters.

Episode thumbnail for Beyond the Doomsday: Operational Resilience, Identity Sprawl, and Back-to-Basics Cyber Defense

June 23, 2026

Beyond the Doomsday: Operational Resilience, Identity Sprawl, and Back-to-Basics Cyber Defense

In this comprehensive roundtable episode, a powerhouse panel of seasoned security professionals—Cynthia Kaiser, Matt Castriotta, Allison Wikoff, John Fokker, Amit Malik, and Joe Hladik—joins host Caleb Tolin to confront the uncomfortable realities facing modern organizations. As digital infrastructure becomes more interconnected, traditional defense playbooks are being constantly challenged by sophisticated automated tactics, complex cloud migrations, and a massive explosion of non-human identities. Across both public and private sectors, the consensus among these experts is clear: maintaining foundational security hygiene is more critical than ever. The episode begins with a deep dive into active threat mitigation, exploring why layered defense strategies and robust identity controls are mandatory components of a resilient architecture. The conversation then seamlessly transitions into cloud environment realities, breaking down the often-misunderstood boundaries of the shared responsibility model. The panel challenges teams to look past surface-level configuration patching and focus intensely on data survivability, business continuity, and systemic recovery planning. Finally, the dialogue shifts to the rapidly evolving frontier of artificial intelligence integration. The guests examine the critical operational differences between simple environmental visibility and context-rich observability. Rejecting sensationalist doomsday narratives, they offer a grounded, realistic blueprint for the future of technological growth. This discussion provides essential high-level insights and tactical takeaways for both technical learners and strategic leaders looking to safeguard their organizations against modern operational risks. What You’ll Learn The Reality of Modern Ransomware: Why today’s cybercriminals act exactly like elite red teams, utilizing native tools to move surreptitiously across networks. Phishing-Resistant Identity Controls: How to implement hard tokens and application-based authentication to eliminate man-in-the-middle vector attacks. The Cloud Backup Blueprint: Practical methods for translating traditional concepts like air-gapping and data immutability directly into hyperscaler environments. Demystifying Shared Responsibility: Why cloud providers guarantee service uptime but leave data security and data care entirely in your hands. Visibility vs. Observability: A clear framework for understanding not just what assets exist on your network, but the active context of what they are executing. Overcoming the "Cyber Red Cross" Syndrome: Why healthcare and critical infrastructure must abandon the assumption that threat actors consider them off-limits. The Human-in-the-Loop Mandate: How to strategically design checkpoint systems that maintain human oversight over rapid AI agent execution.

Episode thumbnail for The Anatomy of Cloud Ransomware with Matt Castriotta

June 9, 2026

The Anatomy of Cloud Ransomware with Matt Castriotta

Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host Caleb Tolin, Matt Castriotta, Field CTO for Cloud at Rubrik, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops. The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines. Resources ⁠Rubrik Cloud Cyber Resilience Solutions Microsoft Threat Intelligence Report on Storm-0501 Scattered Spider Threat Profile What You’ll Learn How to separate low-probability disaster recovery protocols from high-probability cyber attacks. The architectural threat mechanisms behind malwareless, privilege-driven data destruction. A blueprint for prioritizing operations based on your minimum viable business components. Solutions to tackle non-human credential sprawl and enforce just-in-time domain separation. The hard realities of cloud platform pricing mechanics during major recovery events.

57 total episodes available

Deep-dive analytics for Data Security Decoded

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is Data Security Decoded?

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want practical insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

How often does this podcast release new episodes?

This podcast updates daily.

Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

Information about guest appearances is not available.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.