It’s nearly impossible to live in San Francisco and not start a podcast. My first audio storytelling work can be found in a one-season, personal project called Death Knell. It is something I still hold dear.

Please find it here: www.deathknellradio.com.

My more recent experience is in the Lock and Code podcast for Malwarebytes.

Created as an extension of the Malwarebytes Labs blog and with an early intention to cover some of the very same stories published there, the Lock and Code podcast has matured into its own storytelling venture. Through Lock and Code, we have uncovered previously reported details to global stories—we were the first podcast to interview the chair of a volunteer vulnerability disclosure outfit that discovered major vulnerabilities in a popular IT tool that would later suffer a ransomware attack felt across multiple nations. Our best stories try to answer a simple question in cybersecurity: Why are things as bad as they are?

Why does everyone continue to re-use passwords? Why do so many businesses fail to patch? Why is so much software produced in such insecure ways? Why haven’t we beat security fatigue?

I am Lock and Code’s creator, host, interviewer, guest scheduler, and script-writer. The show’s audio is edited by Eric Johnson of Lightning Pod. It can be found on Apple Podcasts, Google Podcasts, Spotify, and your preferred podcast app.

Here is a selection of several episodes.

Lock and Code

• November 7, 2022: How student surveillance fails everyone

“In 2021, the Center for Democracy and Technology surveyed teachers in K through 12 schools and asked if their schools used monitoring software: 81 percent said yes.

With numbers like that, it’d be normal to assume that these tools also work. But a wealth of investigative reporting—upon which today’s episode is based—reveals that these tools often vastly over-promise their own results. If those promises only concerned, say, drug use, or bullying, or students ditching classes, these failures would already cause concern. But as we explore in today’s episode, too many of schools buy and use this software because they think it will help solve a uniquely American problem: School shootings.”

• September 26, 2022: Calling in the ransomware negotiator

“Increasingly, companies are seeking the help of ransomware negotiators to handle their response to a ransomware attack. The negotiator, or negotiators, can work closely with a company’s executives, security staff, legal department, and press handlers to accurately and firmly represent the company’s needs during a ransomware attack. Does the company refuse to pay the ransom because of policy? The ransomware negotiator can help communicate that. Is the company open to paying, but not the full amount demanded? The negotiator can help there, too. What if the company wants to delay the attackers, hoping to gain some much-needed time to rebuild systems? The negotiator will help there, too.”

• July 18, 2022: Roe v. Wade: How the cops can use your data

“On June 24, that Constitutional right to choose to have an abortion was removed by the Supreme Court, and immediately, this legal story became one of data privacy. Today, countless individuals ask themselves: What surrounding activity is allowed?”

• August 29, 2021: Hackers, tractors, and a few delayed actors. How hacker Sick Codes learned too much about John Deere

“No one ever wants a group of hackers to say about their company: ‘We had the keys to the kingdom.’

But that’s exactly what the hacker Sick Codes said on this week’s episode of Lock and Code, when talking about his and fellow hackers’ efforts to peer into John Deere’s data operations center, where the company receives a near-endless stream of data from its Internet-connected tractors, combines, and other smart farming equipment.”

• July 18, 2021: “Seven or eight” zero-days: The failed race to save Kaseya VSA

“On April 1, a volunteer researcher for the Dutch Institute for Vulnerability Disclosure (DIVD) began poking around into Kaseya VSA, a popular software tool used to remotely manage and monitor computers. Within minutes, he found a zero-day vulnerability that allowed remote code execution—a serious flaw. Within weeks, his team had found seven or eight more.”

• April 27, 2020: Mythbusting and understanding VPNs with JP Taggart

“[We] talk to JP Taggart, senior security researcher at Malwarebytes, about VPNs—debunking their myths, explaining their actual capabilities, and providing some advice on what makes a strong VPN.”