Threat Talks - Your Gateway to Cybersecurity Insights – Details, episodes & analysis

Patch smarter, not harder.
Lieuwe Jan Koning and ON2IT Field CTO Rob Maas break down why “patch everything now” isn’t a strategy, but a risk multiplier. In this session, they teach a practical patching strategy: know your assets, patch edge first, stage updates, and use Zero Trust segmentation to choke off exposure so you only patch what truly matters: fast, safely, and without outages.

• (00:00) - 01:11 - Intro
• (01:11) - - 02:28 - Reality check #1: Not everything can be patched
• (02:28) - - 05:02 - Reality check #2: Patches are scary
• (05:02) - - 08:45 - The solution: Patch in phases
• (08:45) - - 10:36 - How Zero Trust enables patch management
• (10:36) - - 11:23 - Prioritization matters
• (11:23) - - 14:50 - Patching tips and tricks
• (14:50) - - 16:21 - Guidelines for patching triage
• (16:21) - - 17:37 - Practical advice
• (17:37) - - END - Outro

Key Topics Covered

·       Why “patch everything immediately” fails; availability vs. security

·       Staged deployments and rollback safety for crown-jewel services

·       Zero Trust segmentation to reduce urgency and shrink attack surface

·       Priority signals that matter: asset criticality, exposure, KEV, CVSS

Related ON2IT content & explicitly referenced resources
ON2IT Zero Trust: https://on2it.net/zero-trust/
Threat Talks (site): https://threat-talks.com/
CVSS (FIRST): https://www.first.org/cvss/
CISA guidance – Citrix/NetScaler (Citrix Bleed example): https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
Crowdstrike episode: https://youtu.be/IRvWVg1lSuo?si=f8Sj6WYG0KNxlkJD 

Click here to view the episode transcript.

How solid is your digital trust—or are you just hoping your PKI is secure?
Let’s be honest: too many companies run on borrowed trust and forgotten certificates. In this episode of Threat Talks, ON2IT’s Lieuwe Jan Koning and Rob Maas pull back the curtain on what really holds your digital world together—and what can tear it down overnight.
They break down PKI in plain language: the root of trust that must stay locked away, the intermediates that keep your systems running, and the automation that stops your team from clicking “ignore” on yet another warning.
You’ll see why rolling your own keys beats trusting anyone else, how to keep your devices speaking the same language of trust, and why short-lived certificates might just save you from the next big breach.
This isn’t theory—it’s how Zero Trust really starts: by proving that your organization can trust itself.

Additional Resources
• Threat Talks Episode on SSL Decryption – https://youtu.be/Xv_jVHVsD9w
• ON2IT Zero Trust: https://on2it.net/zero-trust/
• ACME protocol (RFC 8555): https://datatracker.ietf.org/doc/rfc8555/
• Let’s Encrypt / ACME protocol – https://letsencrypt.org
• DigiNotar case study background – https://en.wikipedia.org/wiki/DigiNotar
• Mozilla CA Program (trusted root store): https://wiki.mozilla.org/CA
• infographic about encryption  https://on2it.s3.us-east-1.amazonaws.com/20250304_Infographic_Encryption.pdf

Guest & Host Links:
Rob Maas (Field CTO, ON2IT): https://www.linkedin.com/in/robmaas83/ 
Lieuwe Jan Koning (Founding Partner, ON2IT): https://www.linkedin.com/in/lieuwejan/

Key Topics Covered
•  Why root certificates must never be online—and how intermediates provide a safe fallback.
•  Real-world PKI failure: DigiNotar compromise and lessons for CISOs.
•  How ON2IT built a secure, low-cost PKI with offline key bearers and ACME automation.
•  The hidden risks of training employees to ignore certificate warnings—and how Zero Trust demands the opposite.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Russia’s most notorious cyber unit—Seashell Blizzard (also known as Sandworm, APT 44 and Iron Viking)—has taken down shipping giants, Olympic systems, and Ukraine’s power grid.

In this Threat Talks deep dive, Lieuwe Jan Koning, Yuri Wit (Red Team), and Rob Maas (Blue Team) reveal exactly how these attacks unfold, why they’re so hard to stop, and how Zero Trust can tip the balance back to defenders.

• (00:00) - – Cyber warfare in the Ukraine conflict: setting the stage
• (01:10) - – Who is Seashell Blizzard? Names, aliases, and Russian GRU ties
• (04:00) - – NotPetya, Olympic Games, and high-profile disruption campaigns
• (07:31) - – Initial access: stealth exploits on edge devices
• (11:40) - – Privilege escalation via Living-off-the-Land (LOLBin) tactics
• (15:23) - – Weaponizing Group Policy Objects with “Tank Trap” for mass wipers
• (19:13) - – Objectives: disruption, damage, and public bragging rights
• (23:40) - – Zero Trust defenses, segmentation, and last-resort recovery

Related ON2IT Content & Referenced Resources
• ON2IT Threat Talks Playlist: https://www.youtube.com/@ThreatTalks/playlists ON2IT Zero Trust Resources: https://on2it.net/zero-trust
• MITRE ATT&CK – Sandworm Team (APT 44): https://attack.mitre.org/groups/G0034/

Click here to view the episode transcript.

🔔 Follow and Support our channel! 🔔
=== 
► YOUTUBE: https://youtube.com/@ThreatTalks
► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E
► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520

👕 Receive your Threat Talks T-shirt
https://threat-talks.com/

🗺️ Explore the Hack's Route in Detail 🗺️
https://threat-talks.com

🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

One mis-typed contact detonates Signal Gate, turning “secure” messaging into a classified-data leak.Host Lieuwe Jan Koning (Co-founder, ON2IT) and Thomas Manolis (Security Officer, AMS-IX) lay out the breach blow-by-blow—then drop the Zero Trust, Shadow IT and information-governance tactics every CISO needs before the next incident hits.High stakes, hard lessons—compressed into actionable steps you can brief to the board.Timestamps00:00 Cold-open: “wrong recipients” analogy00:37 What really happened in Signal Gate01:38 Mistake #1 – Choosing a consumer app over classified03:34 Mistake #2 – Human error: the mis-added journalist07:55 Shadow IT, usability & Secure Messaging Apps 09:10 Information Governance, audits and technical controls12:02 Zero Trust takeaways & action planKey Topics Covered• Anatomy of the Signal Gate breach & timeline• Why Shadow IT sabotages secure operations• Building airtight Information Governance for secure messaging apps• Operationalizing Zero Trust: least privilege, continuous verification, human-centric trainingRelated ON2IT Content & Referenced Resources• “Understanding Zero Trust – Lessons from Experts” whitepaper: https://on2it.net/resources/?• Zero Trust Readiness Assessment (PDF): https://on2it.net/wp-content/uploads/2022/05/Zero-Trust-Readiness-Assessment-EN-US.pdf• Threat Talks podcast hub: https://threat-talks.com/🔔 Follow and Support our channel! 🔔=== ► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

ON2IT’s Lieuwe Jan Koning goes one-on-one with AMS-IX CEO Peter van Burgel to expose why the once-open internet is splintering into rival, firewalled regions. Discover the geopolitical forces fueling this cybersecurity trend. Learn the Zero Trust resilience moves CISOs must deploy to stay sovereign in the future of the internet.Key Topics Covered• Drivers behind the Splinternet & what they mean for CISOs• Scenario-planning methodology for threat forecasting• Aligning Zero Trust with data-localization mandates• Resilience vs. redundancy: how to build real business continuity• Earth-IX concept: keeping critical flows alive amid fragmentationRelated Content & Resources• ON2IT Zero Trust Framework → https://on2it.net/zero-trust/• AMS-IX MORE-IP Conference insights → https://www.ams-ix.net/ams• EU Digital Services Act overview → https://digital-strategy.ec.europa.eu/en🔔 Follow and Support our channel! 🔔► YOUTUBE: https://youtube.com/@ThreatTalks► SPOTIFY: https://open.spotify.com/show/1SXUyUEndOeKYREvlAeD7E► APPLE: https://podcasts.apple.com/us/podcast/threat-talks-your-gateway-to-cybersecurity-insights/id1725776520👕 Receive your Threat Talks T-shirthttps://threat-talks.com/🗺️ Explore the Hack's Route in Detail 🗺️https://threat-talks.com🕵️ Threat Talks is a collaboration between @ON2IT and @AMS-IX

Administrative accounts come with serious power – and serious power, comes with serious risk.
In part B of our deep dive into step four of Zero Trust (create Zero Trust policy), host Lieuwe Jan Koning and ON2IT Field CTO Rob Maas unpack how to build Zero Trust policies specifically for administrative access.
 They explore:
1) Why admins are a high-value target – and what that means for policy
2) How to build secure jump hosts and enforce strict access controls
3) What ‘separation of identity’ really looks like in practice
 
🎧 Part B builds on the policy work discussed in part A. Worth a listen if you deal with access management or design policy.
Shownotes
⁃       Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs
⁃       Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc
⁃       Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac
⁃       Zero Trust Step 4a episode: https://youtu.be/qT_nqbBEkVw

Now that you’ve defined your protect surfaces, mapped your transaction flows and built your Zero Trust architecture, it’s time for step four of Zero Trust: creating policy. In other words, it’s time to turn strategy into actual rules.
In this episode of Threat Talks, host Lieuwe Jan and Koning and Field CTO of ON2IT Rob Maas talk through how to create and validate Zero Trust policies.
They explore:
·      What makes a ‘good’ policy (and why broad strokes won’t cut it)
·      How to apply the Kipling method to policy creation
·      Why policies need ongoing validation to stay effective
 
Make sure to stay tuned for the second part of this episode as well, where Lieuwe Jan and Rob dive into the specifics of policy for administrative access.
Shownotes
⁃       Zero Trust Step 1 episode: https://youtu.be/mC66i-tEEFs
⁃       Zero Trust Step 2 episode: https://youtu.be/wp0q9aZHuXc
⁃       Zero Trust Step 3 episode: https://youtu.be/eGsw2JCnrac

What does quantum computing mean for blockchain? And how should platforms respond before Q-day becomes reality? In this episode of Threat Talks, ON2IT Field CTO Rob Maas is joined by Jeroen Scheerder, who leads ON2IT's post-quantum cryptography research group. They explore how quantum algorithms interact with current blockchain designs, what makes certain cryptocurrencies more flexible than others, and where we're already seeing movement toward future-ready solutions. ⛓ How does blockchain actually work again? 🔓 What makes classical encryption vulnerable to quantum algorithms? 🧠 Why can't you just “update” Bitcoin? From cryptographic design to real-world limitations, this episode is all about understanding the risks and opportunities in a post-quantum future. Shownotes Post-Quantum Threat to Encryption episode : https://youtu.be/rimW1XJNNLo

Windows Recall is a new feature in Windows 11 that captures screenshots every few seconds and stores them in a local database. It’s designed to help users find what they’ve seen or done: but that convenience may come at a high cost.

In this episode of Threat Talks, ON2IT Field CTO Rob Maas speaks with security expert Jeroen Scheerder about the real risks of Recall. They break down how the tool works, what data it captures, and why the built-in protections may not be enough.

In this episode of Threat Talks:

🧠 How Recall works and what makes it so controversial

🔍 Why bolted-on security measures leave gaps

🎯 Which users and organizations are most exposed

Tune in to hear why Windows Recall is raising red flags and what you need to know to protect your organization.

Andy Grotto (founder and director of the Program on Geopolitics, Technology and Governance at Stanford University) puts it plainly: there's a 5% chance that within the next 10 years, AI could rule over humans. That number might sound small, but it's enough to take seriously.

He joins host Lieuwe Jan Koning and guest Davis Hake (Senior Director for Cybersecurity at Venable) as they dive into the technology, governance, and risks behind autonomous AI. From system trustworthiness to liability, and market incentives to regulation, they break down what’s already happening and what needs to happen next.
They also discuss how humans will struggle to validate AI outcomes in areas where AI excels, why thoughtful deployment is key, and what it means to be “quick, but not in a hurry.” 

Key topics:
✅ How to adopt your security and governance to the use of AI
🧠 Why applying existing IT risk frameworks is a smart starting point
⚖️ How to balance regulation, trust, and innovation
Can your organization keep up with AI that moves faster than human oversight?