Adventures of Alice & Bob

In this episode, James Maude sits down with Jeffrey Wheatman, SVP and Cyber Risk Strategist at Black Kite and former 16-year Gartner VP, whose career started not in a SOC, but behind the counter of a hardware store in New York City. A stack of 2,600 magazines and a Novell NetWare training course later, he found himself in IT but quickly realized there was more than technology involved in security, there was a story to be told.

In his career Jeffrey has coached nearly 500 CISOs on how to walk into a boardroom and actually be heard. Jeffrey explains why Hans Christian Andersen fairy tales make better security training tools than most vendor decks, why your choice of words might be quietly killing your credibility. He also discusses why AI isn't just a threat, it's an imperfect storm that is already tearing through your supply chain whether you're watching it or not.

In this special milestone episode of Adventures of Alice & Bob, hosts James Maude and Marc Maiffret take a rare step back from interviews and headlines to celebrate reaching 100 episodes! From the accidental move that launched the podcast before Marc had even agreed to do it, to the guests whose stories stopped them cold - this episode is a love letter to the human side of cybersecurity and all of the great guests who have come on to share their stories.

Marc and James are also joined for the first time on camera by the man who has silently made every episode possible: super producer Jesse Shirley. Expect honest reflections, genuine laughs, podcast highlights, and what's next for Adventures of Alice & Bob.

In this episode, James Maude sits down with Rob Black, founder and CEO of Fractional CISO, who started his career at RSA Security and had a front-row seat to one of the most consequential breaches in cybersecurity history, all while his wife was going into labor with their first child.

From inventing patents at RSA to starting a one-man LinkedIn crusade against "SOC 2 in two weeks" scams, Rob's stories are equal parts entertaining and infuriating. He explains why compliance theater is actively making companies less secure, why your CEO needs to hear things with a dollar value, and why you should think about cybersecurity less like an asteroid and more like a roulette wheel. Plus, why the "Lexus of Fractional CISOs" doesn't own a single IoT device.

In this episode, James Maude sits down with Dahvid Schloss, CEO of Emulated Criminals who started his career in special operations comms and pivoted into “not defense” cyber operations for the U.S. military. From painting rocks green for the military to accidentally becoming "APT Big Daddy" in industry when his red team tools were detected triggered a security alert Dahvid’s stories are both entertaining and educational.

He explains why cybersecurity is "the wedding industry of IT ", why red teams are failing their clients by not actually emulating real threats, and how that inspired him to become an (emulated) mob boss. Hear how shoveling snow can provide elevated access privileges, why you should write your own malware and reasons to rethink what’s in an ICMP packet.

In this episode, James sits down with Pete Herzog, co-founder of ISACOM and creator of the OSSTMM — a comprehensive security control testing framework. He shares stories from his early days: hacking cigarettes vending machines to trade for access to computers, building a fake ID operation out of a college gerontology department, and social engineering his way onto the internet before most people knew it existed. But Pete isn't just telling war stories. He reveals how he helps unmask cybercriminals for law firms using metadata and fake account networks, explains why platforms and domain registrars are financially incentivized to protect scammers, and explains why people need help because the FBI won't touch a fraud case under $20 million anymore. From romance scam victims left with no recourse to rethinking where you place resources to secure systems, Pete shares why he thinks security isn't something we build — it's something written into the fabric of the universe, waiting to be discovered.