Adventures of Alice & Bob

In this special milestone episode of Adventures of Alice & Bob, hosts James Maude and Marc Maiffret take a rare step back from interviews and headlines to celebrate reaching 100 episodes! From the accidental move that launched the podcast before Marc had even agreed to do it, to the guests whose stories stopped them cold - this episode is a love letter to the human side of cybersecurity and all of the great guests who have come on to share their stories.

Marc and James are also joined for the first time on camera by the man who has silently made every episode possible: super producer Jesse Shirley. Expect honest reflections, genuine laughs, podcast highlights, and what's next for Adventures of Alice & Bob.

In this episode, James Maude sits down with Rob Black, founder and CEO of Fractional CISO, who started his career at RSA Security and had a front-row seat to one of the most consequential breaches in cybersecurity history, all while his wife was going into labor with their first child.

From inventing patents at RSA to starting a one-man LinkedIn crusade against "SOC 2 in two weeks" scams, Rob's stories are equal parts entertaining and infuriating. He explains why compliance theater is actively making companies less secure, why your CEO needs to hear things with a dollar value, and why you should think about cybersecurity less like an asteroid and more like a roulette wheel. Plus, why the "Lexus of Fractional CISOs" doesn't own a single IoT device.

In this episode, James Maude sits down with Dahvid Schloss, CEO of Emulated Criminals who started his career in special operations comms and pivoted into “not defense” cyber operations for the U.S. military. From painting rocks green for the military to accidentally becoming "APT Big Daddy" in industry when his red team tools were detected triggered a security alert Dahvid’s stories are both entertaining and educational.

He explains why cybersecurity is "the wedding industry of IT ", why red teams are failing their clients by not actually emulating real threats, and how that inspired him to become an (emulated) mob boss. Hear how shoveling snow can provide elevated access privileges, why you should write your own malware and reasons to rethink what’s in an ICMP packet.

In this episode, James sits down with Pete Herzog, co-founder of ISACOM and creator of the OSSTMM — a comprehensive security control testing framework. He shares stories from his early days: hacking cigarettes vending machines to trade for access to computers, building a fake ID operation out of a college gerontology department, and social engineering his way onto the internet before most people knew it existed. But Pete isn't just telling war stories. He reveals how he helps unmask cybercriminals for law firms using metadata and fake account networks, explains why platforms and domain registrars are financially incentivized to protect scammers, and explains why people need help because the FBI won't touch a fraud case under $20 million anymore. From romance scam victims left with no recourse to rethinking where you place resources to secure systems, Pete shares why he thinks security isn't something we build — it's something written into the fabric of the universe, waiting to be discovered.

In this episode, James sits down with Brandyn Murtagh, founder of MurtaSec and top-ranked bug bounty hunter. He shares stories from his early days: learning exploitation from World of Warcraft at age 9, dropping out of college after three days, and how landing an apprenticeship at 16 led him from blue team analyst to elite penetration tester who's discovered critical flaws in banks, healthcare providers, and AI platforms.

But Brandyn isn't playing it safe. He reveals how he chained public Wi-Fi access into complete bank control through IBM mainframes older than him, explains why a seven-character password limit enabled total financial system takeover, and demonstrates the reality of locking himself in server racks and wading through snow at 3 AM during physical security assessments. From 48-hour incident response marathons to fabricating funds at will, Brandyn shows why with enough time, anything can get popped eventually.