Insights from recent episode analysis
Audience Interest
Podcast Focus
Publishing Consistency
Platform Reach
Insights are generated by CastFox AI using publicly available data, episode content, and proprietary models.
Total monthly reach
Estimated from 1 chart position in 1 market.
By chart position
- 🇳🇿NZ · Technology#160500 to 3K
- Per-Episode Audience
Est. listeners per new episode within ~30 days
250 to 1.5K🎙 Weekly cadence·25 episodes·Last published 8mo ago - Monthly Reach
Unique listeners across all episodes (30 days)
500 to 3K🇳🇿100% - Active Followers
Loyal subscribers who consistently listen
150 to 900
Market Insights
Platform Distribution
Reach across major podcast platforms, updated hourly
Total Followers
—
Total Plays
—
Total Reviews
—
* Data sourced directly from platform APIs and aggregated hourly across all major podcast directories.
On the show
Recent episodes
Episode 24: Voice AI Under Attack: Hackers Exploit AI Call Agents | Traffic Light Protocol Podcast
Sep 16, 2025
55m 27s
Episode 23:AI Voice Agent Security: Voice AI Under Siege: SIP Spoofing, Cost Drain, and How to Fight Back
Sep 5, 2025
34m 25s
Episode 22:AI Chat Forensics: How to Find, Investigate, and Analyse Evidence from ChatGPT, Claude & Gemini
Jun 22, 2025
41m 48s
Episode 21: How IRCO is Changing DFIR: The AI Copilot for Real-Time Cyber Investigations
Jun 10, 2025
15m 48s
Episode 20:What Makes an Elite Incident Response Team: Mindset, Mastery, and Real-World DFIR Lessons
Jun 4, 2025
39m 10s
Social Links & Contact
Official channels & resources
Official Website
Login
RSS Feed
Login
| Date | Episode | Description | Length | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 9/16/25 | Episode 24: Voice AI Under Attack: Hackers Exploit AI Call Agents | Traffic Light Protocol Podcast | Send a text Voice AI is moving fast — but so are the attackers. In this episode of the Traffic Light Protocol Podcast, Clint and Myles break down how scammers are exploiting Voice AI platforms with the same tricks that wrecked email and telecom decades ago: Premium-rate fraud dressed up in AI clothingBot-driven spam that floods calendars and burns ops teamsConsent loopholes where “user input” becomes an attacker’s best weaponThis isn’t FUD. It’s happening right now, and the industry risks wal... | 55m 27s | ||||||
| 9/5/25 | Episode 23:AI Voice Agent Security: Voice AI Under Siege: SIP Spoofing, Cost Drain, and How to Fight Back | Send a text In this episode of Traffic Light Protocol, we kick off our AI series with a hard look at how voice AI agents are being targeted; and how fast small businesses and startups can rack up serious bills overnight. Guest Myles Agnew returns to unpack how old-school telecom tricks are being repurposed in the age of SIP/VoIP and AI: caller ID spoofing, open SIP trunks, and automated call loops that tie up your agents and quietly burn cash. We break down how easy it is to spin up a low-cos... | 34m 25s | ||||||
| 6/22/25 | Episode 22:AI Chat Forensics: How to Find, Investigate, and Analyse Evidence from ChatGPT, Claude & Gemini | Send a text Unlock the secrets behind digital forensic investigations into AI chat platforms like ChatGPT, Claude, and Google's Gemini in this insightful episode. Learn the precise methods for discovering, extracting, and interpreting digital evidence across Windows, Mac, and Linux environments, whether it's browser caches, memory forensics, network logs, or cloud-based data exports. From identifying subtle signs of malicious AI usage and attempts to evade security controls, to piecing togeth... | 41m 48s | ||||||
| 6/10/25 | Episode 21: How IRCO is Changing DFIR: The AI Copilot for Real-Time Cyber Investigations | Send a text Link to IRCO- Incident Response Copilot on Chat GPT https://chatgpt.com/g/g-68033ce1b26481919b26df0737241bac-irco-incident-response-co-pilot In this episode of TLP: The Digital Forensics Podcast, Clint dives deep into IRCO (a custom GPT designed specifically for DFIR and SOC analysts). From real-world cyber incidents to post-incident reporting and CTF training, IRCO acts like your AI-powered colleague: fast, focused, and built for real investigations or even CTF's. Learn how... | 15m 48s | ||||||
| 6/4/25 | Episode 20:What Makes an Elite Incident Response Team: Mindset, Mastery, and Real-World DFIR Lessons | Send a text Drawing inspiration from observing military special forces and over five years of hands-on DFIR experience, Clint explores the mindset, habits, and tactical processes that set top-performing IR teams apart. Clint Marsden explores the mindset, habits, and tactical processes that set top-performing IR teams apart. From threat intelligence workflows and detection-first thinking to deep forensic analysis and clear executive reporting, this episode is packed with real-world lessons, re... | 39m 10s | ||||||
| 5/26/25 | Episode 19: AI Data Poisoning: How Bad Actors Corrupt Machine Learning Systems for Under $60 | Send a text Clint Marsden breaks down a critical cybersecurity report from intelligence agencies including the CSA, NSA, and FBI about the growing threat of AI data poisoning. Learn how malicious actors can hijack AI systems for as little as $60, turning machine learning models against their intended purpose by corrupting training data. Clint explains the technical concept of data poisoning in accessible terms, comparing it to teaching a child the wrong labels for objects. He walks through th... | 27m 16s | ||||||
| 2/28/25 | Audiobook - Mastering Sysmon. Deploying, Configuring, and Tuning in 10 easy steps | Send a text This episode features the complete narration of my ebook: Mastering Sysmon – Deploying, Configuring, and Tuning in 10 Easy Steps, providing a step-by-step guide to getting Sysmon up and running for better threat detection and incident response. If you’re in security operations, digital forensics, or incident response, this episode will help you: Deploy Sysmon efficiently.Tune Sysmon logs for maximum insight while reducing noise.Use Sysmon for investigations—from process creation t... | 44m 12s | ||||||
| 2/27/25 | Episode 17 - Building a CTF | Send a text So You Want to Build Your Own DFIR CTF? Ever wanted to build your own Digital Forensics and Incident Response (DFIR) Capture the Flag (CTF) challenge but weren’t sure where to start? In this episode of Traffic Light Protocol, we share the how-to of CTF builders, making it easy for anyone—no pentesting skills required! Today's episode includes: Choosing Your CTF Theme – Using MITRE ATT&CK and APT tracking to craft a realistic attack scenario.Setting Up the Lab – Spin... | 29m 03s | ||||||
| 2/27/25 | Episode 16 - Mastering the Basics: Key Strategies for Cyber Investigations | Send a text Kicking off 2025, we're getting back to basics with something every cyber investigator needs to master—starting an investigation the right way. Too often, investigations get derailed because the right questions weren’t asked at the outset, evidence wasn’t properly handled, or reporting lacked clarity. In this episode, we cover how to build an investigation plan that keeps you on track, ensures consistency, and leads to better results. We talk about evidence volatility, log retenti... | 31m 39s | ||||||
| 10/15/24 | Episode 15 -Windows event log analysis with Hayabusa. The Sigma-based log analysis tool | Send a text Key Takeaways: Introduction to Hayabusa: Hayabusa is an open-source Windows Event Log Analysis Tool used for processing EVTX logs to detect suspicious activities in Windows environments.Critical Alerts Detection: The tool is capable of detecting a variety of suspicious activities, including WannaCry ransomware and unauthorized Active Directory replication.Efficient Incident Response: Hayabusa is ideal for incident response workflows, enabling teams to quickly triage and analyze Wi... | 23m 20s | ||||||
Want analysis for the episodes below?Free for Pro Submit a request, we'll have your selected episodes analyzed within an hour. Free, at no cost to you, for Pro users. | |||||||||
| 9/22/24 | Episode 14 - AI and the future of log analysis, bug detection, forensics and AI ethical considerations with Jonathan Thompson | Send a text In this episode of Traffic Light Protocol, Clint Marsden is joined by Jonathan Thompson, a developer and AI enthusiast currently studying at Macquarie University. Together, they dive into how artificial intelligence (AI) is transforming the cybersecurity landscape and discuss Jon’s insights into AI’s potential applications in digital forensics, incident response, and everyday IT operations. The conversation touches on ethical considerations, potential job impacts, and how AI c... | 1h 09m 29s | ||||||
| 8/20/24 | Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson | Send a text Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon. Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capturing and analyzing detailed system activity. Automation in Investigations: Jacob emphasizes the importance of automating repetitive tasks, such as b... | 55m 52s | ||||||
| 8/13/24 | Episode 12 - You're forced to decide: Cyber Generalist or Cyber Specialist? | Send a text Quotes: “In the fast-paced world of DFIR, you are a mission critical system. Your job isn’t just to uncover what happened during an incident, but to do so in a way that gets results fast.”“Specialists bring expertise that pushes the entire industry forward, while generalists offer versatility and adaptability in the ever-changing landscape of cybersecurity.”“The choice between specializing and generalizing doesn’t always need to be a conscious decision. Often, you just fall into o... | 17m 47s | ||||||
| 7/29/24 | Episode 11 - Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles Agnew | Send a text In this episode of Traffic Light Protocol, we sit down with Myles, a cybersecurity veteran with over 15 years of Cyber experience and background as a Combat Engineer in the Army. Myles brings his unique perspective on integrating automation and cloud technologies into cybersecurity infrastructure deployment (Used specifically when deploying Velciraptor- an advanced open-source endpoint monitoring, digital forensic and cyber response platform). We delve into his journey fro... | 53m 43s | ||||||
| 7/17/24 | Episode 10 - Detecting and Preventing Phishing Attacks | Send a text Quotes: "Phishing targets the human element, the 'wetware,' often the weakest link in any security chain." - Clint Marsden "Phishing isn't just about poorly spelled emails anymore; it's about sophisticated campaigns that even cyber-aware individuals can fall victim to." - Clint Marsden "Effective defense against phishing involves not just technology but ongoing education and a culture of security awareness." - Clint Marsden Key Takeaways: Phishing attacks continue to evo... | 19m 04s | ||||||
| 7/12/24 | Episode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense Strategies | Send a text Episode Title: "Unmasking APT40: Tactics, Challenges, and Defense Strategies" Key Takeaways: APT40 is a sophisticated Chinese state-sponsored cyber espionage group active since 2009. They target various sectors including academia, aerospace, defense, healthcare, and maritime industries. APT40 uses advanced tactics such as spear phishing, watering hole attacks, and living off the land binaries (LOLBINS). Digital forensics faces challenges in detecting APT40 due to their use of leg... | 21m 48s | ||||||
| 7/7/24 | Episode 8 - Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensics | Send a text In this episode, Clint Marsden goes straight into 4 practical strategies that enable better forensics and stop data exfiltration, no matter the size of your budget. Clint covers deploying Sysmon for enhanced monitoring, and using Group Policy to tighten print and USB security. Event log cleared: Event ID 1102 ACSC Sysmon: https://github.com/AustralianCyberSecurityCentre/windows_event_logging Swift on security Sysmon: https://github.com/SwiftOnSecurity/sysmon-config Printer ... | 19m 57s | ||||||
| 6/25/24 | Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures | Send a text In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures. Key Takeaways Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purposes. Common Tools and Techniques: They employ tools for reconnaissance (PingCastle, ADRecon), credential dumping (Mimikatz, Lazagne), Re... | 17m 07s | ||||||
| 6/20/24 | Episode 6 - Responding to ransomware - is your VPN a target? Plus ransomware risk mitigation with Phil Ngo | Send a text In this episode, we speak with Phil Ngo, a Primary Investigator in Accenture's global cyber response team. As a primary investigator, he is responsible for helping clients recover from major incidents as well as delivering proactive cyber services, such as threat hunting and tabletop exercises. Philip started his career as a high school teacher, before moving into IT support and eventually into cyber security six years ago. Philip has a worked across multiple industri... | 27m 08s | ||||||
| 6/12/24 | Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity) | Send a text This is the biggest episode from a content perspective so far. I'm excited to share it with you. Episode Highlights: How to run post-incident debriefs and post-mortems.Involving external teamsUsing lessons learned to form actionable insights.Key questions to address in incident analysis.Effective report writing strategies, including timelines and executive summaries.Evaluating and improving incident response procedures and tools preparation.Engaging broader teams in the deb... | 34m 03s | ||||||
| 6/7/24 | Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery) | Send a text Show Notes: Episode on Containment, Eradication, and Recovery In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling. Key Topics Covered: Containment Strategies: Choosing appropriate containment methods based on the incident type, potential damage, service availability, and evidence preservation. Examples include power disconnection... | 22m 10s | ||||||
| 5/31/24 | Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection) | Send a text In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident. Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using these factors. To finish off, Clint discusses incident notification - Who are the stakeholders that need to be informed and included in your incident re... | 11m 41s | ||||||
| 5/28/24 | Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection) | Send a text In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61. Attack vectors for digital security incidents, including insider threats and weaponized USBs. Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation The importance of following temporal linearity in Forensic Investigations, expanding analysis to 5-10 minutes prior to and after events, particularly in Internet History and Memor... | 47m 48s | ||||||
| 5/17/24 | Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation) | Send a text In this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives. Show notes: Link to NIST SP 800-61 PDF https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Bro has been renamed to Zeek. https://zeek.org/ Rita is Real Intelligence Threat Analytics. Created by Active Countermeasures - Available from http... | 28m 14s | ||||||
| 5/16/24 | Episode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting started | Send a text In this first episode we kick off with Clint Marsden, the host of Traffic Light Protocol (TLP) where he talks about what its like to work in DFIR, how to get started with Cyber training, what to expect in future episodes, and of course a light touch on AI Forensics! Join us for the first episode. The next episodes coming up talk about the NIST SP 800-61 where we break down Preparation, Detection, Eradication and Recovery. Highlights: Current trends and best practices in digital... | 23m 27s | ||||||
Showing 25 of 25
Sponsor Intelligence
Sign in to see which brands sponsor this podcast, their ad offers, and promo codes.
Chart Positions
1 placement across 1 market.
Chart Positions
1 placement across 1 market.