Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Most discussed topics
Brands & references
Est. Listeners
Based on iTunes & Spotify (publisher stats).
- Per-Episode Audience
Est. listeners per new episode within ~30 days
25,001 - 50,000 - Monthly Reach
Unique listeners across all episodes (30 days)
25,001 - 75,000 - Active Followers
Loyal subscribers who consistently listen
15,001 - 40,000
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
From 1 epsHost
Recent guests
Recent episodes
Google's Disruption Mission
Apr 27, 2026
29m 08s
Takeaways from the 2026 M-Trends Report
Apr 15, 2026
27m 55s
Using GTI to Hunt Adversaries on the Dark Web
Mar 23, 2026
30m 01s
How Android Combats Mobile Scams
Jan 16, 2026
31m 48s
UNC5221 and the BRICKSTORM Campaign
Oct 22, 2025
26m 11s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Topics | Guests | Brands | Places | Keywords | Sponsor | Length | |
|---|---|---|---|---|---|---|---|---|---|
| 4/27/26 | Google's Disruption Mission✨ | cyber operationsdisruption strategy+3 | Charley Snyder | Google Threat Intelligence GroupGoogle+1 | — | Googlecybersecurity+5 | — | 29m 08s | |
| 4/15/26 | Takeaways from the 2026 M-Trends Report | Host Luke McNamara is joined by Chris Linklater, Practice Leader at Mandiant, to discuss the 2026 edition of Mandiant's M-Trends Report. Chris dives into the latest trends observed in breached throughout 2025 and into this year, noting some of the key aspects organizations should focus on in applying these insights into today's threat landscape. https://cloud.google.com/security/resources/m-trends | 27m 55s | ||||||
| 3/23/26 | Using GTI to Hunt Adversaries on the Dark Web | In this episode of the Defenders Advantage Podcast, host Luke McNamara sits down with Google Threat Intelligence experts Jose Nazario and Brandon Wood. They dive into the rollout of new dark web and underground monitoring capabilities, explaining how AI is fundamentally changing the way defenders track adversaries. https://cloud.google.com/blog/products/identity-security/bringing-dark-web-intelligence-into-the-ai-era\ | 30m 01s | ||||||
| 1/16/26 | How Android Combats Mobile Scams | Host Luke McNamara is joined by Eugene Liderman, Senior Director in Android's Security and Privacy Group, to discuss the evolving world of mobile-targeting scams. Eugene details some of the unique aspects to mobile scams, regional variations in tactics by scammers, and the steps Android has taken to combat this problem. | 31m 48s | ||||||
| 10/22/25 | UNC5221 and the BRICKSTORM Campaign | Sarah Yoder (Manager, Mandiant Consulting) and Ashley Pearson (Senior Analyst, Advanced Practices on Google Threat Intelligence Group) join host Luke McNamara to discuss UNC5221 and their operations involving BRICKSTORM backdoor. This highly sophisticated, suspected China-nexus cyber-espionage threat group is known for aggressively targeting internet-facing network appliances (like VPNs and firewalls) to establish long-term, stealthy access for espionage. Read our blog post for more: https://... | 26m 11s | ||||||
| 9/15/25 | How vSphere Became a Target for Adversaries | Stuart Carrera (Senior Consultant, Mandiant Consulting) joins host Luke McNamara to discuss how threat actors are increasingly targeting the VMware vSphere estate, and leveraging in this environment to conduct extortion and data theft. Stuart details why this has become an attractive target, and ways organizations can better engineer detections to respond to this activity. https://cloud.google.com/blog/topics/threat-intelligence/defending-vsphere-from-unc3944 https://cloud.google.com/bl... | 39m 01s | ||||||
| 8/18/25 | AI Tools and Sentiment Within the Underground Cyber Crime Community | Michelle Cantos (Senior Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss some of the recent trends in underground marketplaces around the selling of illicit AI tools and services. Michelle discusses GTIG's research into this space, how threat actors are seeking to leverage these models, use cases being discussed, and more. | 25m 44s | ||||||
| 7/28/25 | Protecting the Core: Securing Protection Relays in Modern Substations | Host Luke McNamara is joined by members of Mandiant Consulting's Operational Technology team (Chris Sistrunk, Seemant Bisht, and Anthony Candarini) to discuss their latest blog on securing assets in the energy grid. https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations | 43m 05s | ||||||
| 7/15/25 | The Rise of ClickFix | Dima Lenz (Security Engineer, Google Threat Intelligence Group) joins host Luke McNamara to discuss how threat actors have been using ClickFix to socially engineer users. Dima recounts the growth of this technique in 2024, some of the campaigns and actors that have leveraged it, and where it may be headed next. | 23m 33s | ||||||
| 6/4/25 | Vishing in the Wild | Nick Guttilla and Emily Astranova, from Mandiant Consulting's Offensive Security team, join host Luke McNamara for an episode on voice-based phishing, or "vishing." Nick and Emily cover their respective blogs and experiences, diving into how they employ vishing techniques to social engineer organizations--both organically and using AI-powered voice cloning to mimic specific employees--during red team engagements. https://cloud.google.com/blog/topics/threat-intelligence/technical-a... | 37m 48s | ||||||
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 5/19/25 | Responding to a DPRK ITW Incident | JP Glab (Mandiant Consulting) joins host Luke to discuss responding to activity from North Korean IT workers. He walks through what initially triggered the investigation at this organization, how it progressed in parallel with an HR investigation, and ultimately what was discovered. For more on the DPRK IT workers and trends in incident response, check out Mandiant's 2025 M-Trends report. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025 | 16m 35s | ||||||
| 5/5/25 | UNC5221 and The Targeting of Ivanti Connect Secure VPNs | Matt Lin (Senior Incident Response Consultant, Mandiant) and Daniel Spicer (Chief Security Officer, Ivanti) dive into the research and response of UNC5221's campaigns against Ivanti. They cover how this threat actor has evolved from earlier campaigns, the continued focus of edge infrastructure by APT actors, and the shared responsibility of security in mitigating threats like this. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerabil... | 27m 55s | ||||||
| 4/14/25 | Windows Remote Desktop Protocol: Remote to Rogue | Host Luke McNamara is joined by GTIG Senior Security Researcher Rohit Nambiar to discuss Rohit's recent blog on some interesting usage of RDP by UNC5837. Rohit covers the discovery of the campaign, and the novel functionalities they were using to likely support cyber espionage goals. He delves into these findings and the usage of RemoteApps and victim file mapping via RDP, and closes with some of the mysteries that remain about this activity. https://cloud.google.com/blog/topics/threat-... | 34m 27s | ||||||
| 3/10/25 | Cybersecurity Conversations with the C-Suite and Board | Imran Ahmad (Senior Partner, Canadian Head of Technology and Canadian Co-Head of Cybersecurity and Data Privacy at Norton Rose Fulbright) joins host Luke McNamara to discuss how executives are thinking about cyber risk in a changing and evolving landscape. He touches on the importance of training before a breach, how ransomware has changed security conversations with boards, and the promise and risk of emerging technologies like AI play for enterprises. | 36m 14s | ||||||
| 2/28/25 | What to Watch For in 2025 | Kelli Vanderlee, Kate Morgan, and Jamie Collier join host Luke McNamara to discuss trends that are top of mind for them in tracking emergent threats this year, from nation state intrusions to financially motivated ransomware campaigns. https://cloud.google.com/security/resources/cybersecurity-forecast https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat | 44m 31s | ||||||
| 2/19/25 | Signals of Trouble | Dan Black (Principal Analyst, Google Threat Intelligence Group) joins host Luke McNamara to discuss the research into Russia-aligned threat actors seeking to compromise Signal Messenger. Dan lays out how this latest evolution of Russia's usage of cyber in Ukraine compares to previous phases of the conflict, how this activity is likely supporting battlefield operations, and how users of secure messaging applications can mitigate some of the risks associated with activity like this. https... | 26m 03s | ||||||
| 2/5/25 | Agentic AI in Cybersecurity | Steph Hay (Senior Director for Gemini Product and UX, Google Cloud Security) joins host Luke McNamara to discuss agentic AI and its implications for security disciplines. Steph walks through how generative AI is already impacting the finding of threats, reduction of toil, and the scaling up of workforce talent, before discussing how agents will increasingly play a role in operationalizing security. Steph details how this automation of processes, with humans in the loop, can increase the capab... | 26m 40s | ||||||
| 12/2/24 | The Art of Remediation in Incident Response | Jibran Ilyas (Consulting Leader, Mandiant Consulting) joins host Luke McNamara to discuss remediation as part of incident response. Jibran covers various scenarios (espionage and ransomware) and how they may differ in approaching remediation, how types of architecture could shape remediation efforts, non-technical components of the remediation phase, and more. | 40m 59s | ||||||
| 10/18/24 | How to Run an Effective Tabletop Exercise | Mandiant Senior Consultant Alishia Hui joins host Luke McNamara to discuss all things tabletop exercise related. Alishia walks through the elements of a tabletop exercise, important preparatory steps, the success factors for a good exercise, and how organizations can implement lessons learned. https://cloud.google.com/transform/the-empty-chair-guess-whos-missing-from-your-cybersecurity-tabletop-exercise https://www.mandiant.com/sites/default/files/2021-09/ds-tabletop-exercise-000005-2... | 29m 14s | ||||||
| 10/4/24 | Using LLMs to Analyze Windows Binaries | Vicente Diaz, Threat Intelligence Strategist at VirusTotal, joins host Luke McNamara to discuss his research into using LLMs to analyze malware. Vicente covers how he used Gemini to analyze various windows binaries, the use cases this could help address for security operations, technical challenges with de-obfuscation, and more. For more on this topic: https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html https://blog.virustotal.com/2024/04/analyzing-malware-in-binari... | 36m 40s | ||||||
| 9/26/24 | How Threat Actors Bypass Multi-Factor Authentication | Josh Fleischer, Principal Security Analyst with Mandiant's Managed Defense organization sits down with host Luke McNamara to discuss trends in MFA bypass and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Josh walks through a case study of MFA bypass, how token theft occurs, the increasing amount of AiTM activity with more features being added to phishing kits, and more. | 27m 20s | ||||||
| 9/4/24 | TAG's Work Tracking Commercial Surveillance Vendors | Host Luke McNamara is joined by Clement Lecigne, security researcher at Google's Threat Analysis Group (TAG) to discuss his work tracking commercial surveillance vendors (CSVs). Clement dives into the history and evolution of the CSV industry, how these entities carry out operations against platforms like mobile, and the nexus of this problem into the increasing rise of zero-day exploitation. For more on TAG's work on CSVs: https://blog.google/threat-analysis-group/state-backed-attacke... | 23m 58s | ||||||
| 7/25/24 | What Iranian Threat Actors Have Been Up To This Year | Mandiant APT Researcher Ofir Rozmann joins host Luke McNamara to discuss some notable Iranian cyber espionage actors and what they have been up to in 2024. Ofir covers campaigns from suspected IRGC-nexus actors such as APT42 and APT35-related clusters, as well as activity from TEMP.Zagros. For more on this topic, please see: https://blog.google/technology/safety-security/tool-of-first-resort-israel-hamas-war-in-cyber/ https://cloud.google.com/blog/topics/threat-intellige... | 36m 13s | ||||||
| 6/27/24 | Mandiant's Approach to Securely Using AI Solutions | Mandiant Consultants Trisha Alexander, Muhammed Muneer, and Pat McCoy join host Luke McNamara to discuss Mandiant's recently launched services for securing AI. They discuss how organizations can proactively approach securing the implementation of AI workloads, red-team and test these security controls protecting generative AI models in production, and then also employ AI within the security organization itself. For more, please see: https://cloud.google.com/security/solutions/mandiant-... | 32m 00s | ||||||
| 6/3/24 | Lessons Learned from Responding to Cloud Compromises | Mandiant consultants Will Silverstone (Senior Consultant) and Omar ElAhdan (Principal Consultant) discuss their research into cloud compromise trends over 2023. They discuss living off the land techniques in the cloud, the concept of the extended cloud attack surface, how organizations can better secure their identities, third party cloud compromise trends, and more. Will and Omar's talk at Google Next: https://www.youtube.com/watch?v=Fg13kGsN9ok&t=2s | 30m 16s | ||||||
Showing 25 of 178
Sponsor Intelligence
Sign in to see which brands sponsor this podcast, their ad offers, and promo codes.
Chart Positions
2 placements across 2 markets.
Chart Positions
2 placements across 2 markets.