15 security takeaways from 150 episodes of Random but Memorable

It’s hard to believe, but Random but Memorable has hit 150 episodes! Along the way, we’ve won a Signal Award, been named a Webby Honoree, and somehow convinced computer security legend Bruce Schneier to be on the show.

But the real joy? The friends we made along the way. 🫶 We’ve heard from listeners who’ve recreated our security games at work, who’ve sent us fan art and poems (yes, actual poems), and who tune in week after week just to hear the hosts’ hot takes and banter, alongside the occasional piece of life-changing security advice. 

In honor of our 150th episode, we’ve put together 15 of our favorite takeaways from the show. We hope you find something here to keep you – and your passwords – a little safer. But before we dive in, a snippet from one of those poems we mentioned: 

Your podcast is great,
Just like I expected,
Like a bird in a nest,
My passwords are protected.

After every episode,
I always feel great,
But my bliss fades to sadness,
as now I must wait.

Same, dear listener, same. Luckily, there’s a new episode out now and a new season in the works! Here’s to many more 🥂 

1. Digital estate planning takes time (and it’s worth it). 

We often picture wills and physical assets when we think about estate planning. But your digital life – including your online accounts, passwords, photos, and even subscription services – needs looking after, too. Without a plan, your loved ones might struggle to access important information or  close accounts after you’re gone. 

It might seem overwhelming, but the good news is that you don’t have to do it all at once. Take it step by step, and don’t stress if it takes a while. Learn more in episode 14.3, Digital Planning Therapy Session. 

2. To secure your business, focus on the fundamentals first.

Esoteric cybersecurity threats and fancy tools might grab the headlines, but you need to cover the basics first. Strong passwords, up-to-date software, good access controls, endpoint protection, vulnerability management, and employee training – these will protect you more than trying to chase down and protect against every bleeding-edge threat. Wondering where to get started? Our CISO Jacob DePriest explains how to build a strong security culture in episode 14.4, Security Audit App Ideas. 

3. Companies take on average 100 days to fully recover from a data breach.

That’s over three months of disrupted business operations – not to mention the stress and long-term cleanup of a cybersecurity incident. All the more reason to invest in preventative security measures before anything happens. Learn how in episode 13.8, Relic Robot Printer Report with Troy Bettencourt from IBM.

4. The "stunt hacking" era defined by Lizard Squad and LulzSec is over.

Gone are the days of hacking just for the lulz. Cybercrime has gotten more organized, not to mention more lucrative, meaning the bar for causing mischief is higher than ever before. Hackers these days have bigger financial incentives and are generally more professionalized. The prankster hacker gangs of the past? They’ve mostly faded into internet history. 

Discover the reasons why in episode 14.1, Breakfast Cereal Hacking Culture with Emily Crose. 

5. It's going to take a while for passkeys to replace passwords completely.

We  know – passwords should be a thing of the past, and passkeys promise a bright, shiny, passwordless future. But change takes time. At least three generations have been using passwords on electronic devices and that kind of habit doesn’t vanish overnight. 

Sierre Wolfkostin, Principal Product Designer at 1Password, shares why passkey adoption is slow and why you shouldn’t throw away your password manager in episode 13.7, Honesty Salable Uppish Penguin with Sierre Wolfkostin.

6. The public is starting to become desensitized to data breaches.

With so many different incidents popping up in the headlines, we risk developing data breach fatigue and, worse, an accompanying sense of inertia. That means, unless a security incident affects us personally, we’re likely to shrug off the news. 

In episode 13.6, Life Admin Selfie Fatigue with Troy Hunt, the creator of Have I Been Pwned, unpacks this question and discusses an even more worrying phenomenon: people not responding to data breaches that involve their own data, and why that’s really important.

7. Older people are less susceptible to social engineering than younger people.

We were also surprised to hear this, but Grandpa and Grandma aren’t always the ones who are more likely to get taken for a ride. Different generations fall for different tricks: the scam that might fool a 20-something is less likely to work on a retiree, and vice versa. Every age group has its weaknesses and the stereotype that older people are easier marks isn’t necessarily true. 

Dr. Erik Huffman goes deeper into the psychology of cybercrime in episode 13.5, Human Factor Authentication Pitch.

8. Set up a red team if you want to adopt a Zero Trust strategy at work.

If you’re serious about Zero Trust security then try unleashing an in-house red team on your company. These friendly hackers will test your systems and people, revealing who clicks the sketchy link and which doors (both virtual and physical, though mostly virtual) are left propped open. It’s a free trial run against real adversaries – and the perfect way to plan your defenses around actual gaps in security before any bad guys find them. 

Get the lowdown on Zero Trust in episode 12.7, Zero Trust Fall Out with Dr. Chase Cunningham & Elliot Volkman.

9. If you want your boss to invest more in security, focus on the financial benefits.

It pays to speak the same language as your boss. So when you need to get security buy-in, talk money instead of scary breach statistics. Fixing vulnerabilities can reduce cloud costs. Tightening access controls can eliminate pricey software licenses for ex-employees. When leadership sees that strong security can actually save or make your company money, wallets open much faster.

Learn a different approach to security in episode 12.2, Smart Toothbrush Botnet Army with Greg Van Der Gaast.

10. It's very, very difficult to hack an airplane.

Join us in a collective sigh of relief now: phew. Thankfully aircraft systems are super segregated and locked down, and cabin Wi-Fi is on a different network from cockpit controls. While no system is 100% unhackable, cyberhijacking an airplane is extremely unlikely (messing with the in-flight entertainment system is slightly easier… But please don’t do that!)

Go down the rabbit hole of airplane security in episode 11.8, Wrong Movie Airplane Tampering with Ken Munro from Pen Test Partners.

11. Sometimes, all it takes is a Domino's pizza to hack a business 🍕

Why bother with complex malware when you can just walk in with a pizza? One of our favorite ethical hackers proved that a clever IRL ploy (read: getting a job as a pizza delivery guy) can bypass security guards and locked doors. We’ve all been guilty of thinking with our stomachs, which is perhaps why the human element is often the weakest link in a security chain. 

Learn how a pizza delivery led to server room access in episode 11.5, Ethical Pizza Delivery Hobbies with Jamie Woodruff.

12. It's trickier than you think to portray hacking accurately in TV shows and movies.

Hollywood hacking scenes make a lot of us roll our eyes, but it turns out there’s a reason they often get things wrong. Even with experts on set, directors and writers can’t always nail the details for a variety of creative and technical reasons. Ultimately, it’s a balancing act between realism and entertainment – and it’s harder than it looks to get right. 

Go behind the scenes on Mr. Robot, Snowden, and more in episode 14.5: Triple Hollywood Movie Sabotage with Ralph Echemendia.

13. There's a trick to finding the right MSP that can help secure your business.

Find a provider with connections. The best Managed Service Providers are actively involved in the security community, staying updated on threats, and sharing knowledge. If an MSP operates in a bubble, that’s a red flag. You want a security partner who’s plugged in and always learning.

Tarah Wheeler, CEO of Red Queen Dynamics, shares more tips for small businesses in episode 14.7: Malicious Pottery Service Provider.

14.You won't believe the techniques used by law enforcement to take down organized crime.

How far will the good guys go to take down the bad? Pretty far, it turns out. If you haven’t heard the story of ANOM, prepare yourself for a wild ride (alongside an Australian biker gang): it involves at-sea cocaine drops, social media influencers of the criminal underworld, and a global network of criminals who unknowingly invited law enforcement in their most secure chats. 

Journalist Joseph Cox breaks down the story in episode 13.1: Doughnut Panic Sting Operation.

15. AI has the ability to help both hackers and security professionals.

The same AI that can help attackers find and exploit a bug in code can also help defenders catch that bug and fix it faster. Tools like ChatGPT have the potential to identify security flaws in seconds. Now, imagine if those same capabilities were built  into developer workflows – AI-powered code reviews and automated security checks, anyone? AI is shaking things up for both sides, and it might soon become every hacker and every security team’s new BFF. 

The host of security podcast Darknet Diaries shares more in episode 10.4, Unlock Darknet Data Doom with Jack Rhysider.

Here’s to the next 150!

Please join us in celebrating this milestone by listening to the 150th episode and chatting in our episode discussion thread! And if you’ve just discovered us now, welcome aboard! There’s no better time to start securing your digital life (and having a few laughs along the way).