In this episode of The Adversarial Podcast, former CISOs Jerry Perullo, Mario Duarte, and Sounil Yu explore critical topics shaping the cybersecurity landscape.
1. Crosspoint Capital’s RSA Innovation Sandbox Model The hosts discuss Crosspoint Capital's controversial $5 million SAFE investment requirement for Innovation Sandbox finalists. They examine the implications for startups, founders, and the cybersecurity ecosystem as a whole, weighing its potential to drive innovation against the risks of stifling participation.
Reference: RSA’s Innovation Sandbox: Cybersecurity Startups Must Accept $5 Million Investment - https://www.securityweek.com/rsa-conference-will-take-equity-in-innovation-sandbox-startup-finalists/
2. The Effectiveness of Phishing Simulations and Training Phishing simulations are dissected, from their role in training effectiveness to their limitations. The hosts share personal experiences, propose smarter testing methods, and stress the need for customized, relevant security awareness programs.
Reference: Understanding the Efficacy of Phishing Training in Practice - https://www.computer.org/csdl/proceedings-article/sp/2025/223600a076/21B7RjYyG9q
3. Insights from a CISA Red Team Report A recent CISA red team assessment of critical infrastructure prompts discussions on systemic security flaws, logging and monitoring challenges, and the importance of infrastructure segmentation. The team critiques current approaches and highlights the risks of improper cleanup after penetration testing.
Reference: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization - https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
4. Cookie Theft and FBI Warnings The conversation shifts to session cookie theft, a rising threat targeting big identity providers like Google and Microsoft. The hosts explore technical solutions like device-bound session cookies and discuss why such attacks bypass MFA, affecting both enterprises and public users.