Data Security Decoded

Data Security Decoded

Data Security Decoded provides actionable, vendor-agnostic insights to reduce data security risk and improve resilience outcomes. Designed for cybersecurity and IT professionals who want actionable insights on preparing for attacks before they happen, so they can respond effectively when they inevitably do. Episodes feature insights from researchers, crafters of public policy, and senior cybersecurity leaders, to help organizations reduce risk and improve resilience. Data Security Decoded provides practical advice, proven strategies, and in-depth discussions on the latest trends and challenges in data security, helping listeners strengthen their organizations' defenses and recovery plans.

Recent Episodes

Ep 57 | 6.30.26

Defending the Authentication Flow: Device Code Phishing with Selena Larson

Host Caleb Tolin sits down with Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast, to discuss the mechanics of device code phishing and the widespread abuse of Microsoft OAuth authentication flows. The conversation explores the historical evolution of credential fishing from early red team testing to modern phishing as a service kits distributed across cyber criminal forums. Selena breaks down how financially motivated adversaries execute account takeovers and navigate enterprise infrastructure once initial access is achieved.

TranscriptTranscript
Ep 56 | 6.23.26

Beyond the Doomsday: Operational Resilience, Identity Sprawl, and Back-to-Basics Cyber Defense

This special episode brings together top industry experts to dissect the rapidly shifting landscape of modern cyber threats, cloud technologies, and artificial intelligence. The conversation moves past standard industry hype to deliver practical frameworks for building true operational resilience. Listeners will walk away with actionable strategies to harden their environments, manage expanding identity footprints, and move from basic network visibility to deep behavioral observability.

Ep 55 | 6.9.26

The Anatomy of Cloud Ransomware with Matt Castriotta

Are your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mindsets in public cloud networks. Castriotta charts the history of high-profile incidents from the Colonial Pipeline timeline up through modern adversaries like Scattered Spider and Storm-0501. He highlights how today's attackers move laterally by exploiting over-privileged, non-human identities to trigger malwareless mass deletion rather than relying on on-prem style encryption loops. The discussion pivots into an actionable critique of popular resilience assumptions. Castriotta details why relying on built-in features like S3 versioning and cross-region replication handles business continuity but leaves organizations entirely defenseless against automated cyber assaults. He delivers a precise operational roadmap for defining a "minimum viable business," establishing secure isolated recovery environments, and breaking the 80% ransomware reinfection cycle. This episode serves as an essential strategic guide for any enterprise trying to align the cloud shared responsibility model with predictable, audited return-to-service timelines.

Ep 54 | 5.26.26

Running the Inverted Offensive Campaign with Adam Karcher

Host Caleb Tolin sits down with Adam Karcher, FBI Supervisory Special Agent, Cyber Division, to discuss the urgent shift from reactive defense to a long-term operational campaign mindset. As threats evolve into a blended ecosystem of state and criminal actors, defenders must adapt their cadence to match adversaries who stay hidden for years. This conversation explores how to bridge the gap between public and private sectors to build true resilience.

Ep 53 | 5.19.26

Protecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan Sevilla

In this episode, host Caleb Tolin sits down with Dr. Ido Sivan Sevilla, an Assistant Professor at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, to expose critical vulnerabilities within U.S. county governments. As the founder of UMD's Tech Policy Hub and an Assistant Professor at the College of Information, Dr. Sivan Sevilla explains how passive reconnaissance reveals that 23 counties face a 95% likelihood of imminent exploitation. They discuss the specific risks of agentic AI and why cyber resilience is now a requirement for local defenders securing water and energy grids with minimal budgets.

Load More
Data Security Decoded
Host(s)
Caleb Tolin
As the host of Data Security Decoded, Caleb Tolin dives deep with cyber experts to deliver actionable, vendor-agnostic insights to reduce data security risks and improve cyber resilience outcomes. Caleb asks the incisive questions that you need answered, extracting actionable guidance for defenders. Come be obsessed with improving your organization's cyber resilience.
Schedule: Two times per month. Every other Tuesday.
Credits: Data Security Decoded is a podcast by Rubrik.
Creator: Rubrik
Rubrik