Welcome to Episode 19 of the DTF Cyber Podcast, where Damian, Troy, and Fern dive into the wild world of cybersecurity with our special guest, Lester Godsey, CISO at Arizona State University! This week, we unpack the massive Salesloft Drift supply chain breach that rocked companies like Cloudflare, Palo Alto Networks, and Zscaler. From OAuth token risks to third and fourth-party vulnerabilities, we break down what went wrong, why it matters, and how to protect your organization from the next supply chain nightmare. Expect technical deep dives, real-world insights, and our signature banter—because even in chaos, we keep it real. Subscribe, like, and join us every Monday for more cyber talk!Follow us on X: @DTFCyberPodcastWatch on YouTube: https://www.youtube.com/@DTFCyberPodcastTimestamps00:00 - Intro: Welcome to the DTF Cyber Podcast00:33 - Guest Introduction: Meet Lester Godsey, ASU’s CISO01:41 - Lester’s 8-Hour Retirement & Transition to Private Sector03:12 - Talk Track 1: The Breach Breakdown – Salesloft Drift Incident04:49 - Why Third-Party Risk Management (TPRM) Needs More Hype06:26 - The Skills Gap in Governance, Risk, and Compliance (GRC)09:57 - Do CISOs Need to Be Super Technical? The Debate13:22 - Talk Track 2: OAuth Token Risks – The Double-Edged Sword18:04 - Analogies: Amazon Garage Access vs. OAuth Token Exposure23:20 - Talk Track 3: Third and Fourth-Party Risks – Hidden Layers26:30 - Vendor Transparency and Proactive Disclosure29:01 - Shadow IT and the Challenges of Vendor Visibility31:20 - Talk Track 4: Mitigation Strategies – Auditing and Non-Human Identities36:02 - Managing Up: Communicating Risks to Leadership39:15 - Gen Z Slang and Workplace Communication Challenges43:32 - Recap: Key Takeaways on OAuth, Audits, and Risk47:46 - Future Topics: Non-Human Identities and Agentic AI51:02 - Actionable Advice: Audit Your OAuth Tokens Now54:41 - Closing Thoughts from Troy, Damian, Fern, and LesterWhat You’ll Learn- How attackers exploited OAuth tokens in the Salesloft Drift breach- The cascading risks of third and fourth-party vendors- Practical steps to audit and secure OAuth tokens and APIs- Why non-human identity management is critical for modern cybersecurityHave you audited your OAuth tokens lately? Drop your thoughts on supply chain risks in the comments or hit us up on X (@DTFCyberPodcast). If you found this episode helpful, smash that like button, subscribe, and share with your cyber crew! Let’s stay one step ahead of the hackers. #Cybersecurity #SupplyChainSecurity #OAuthRisks #DTFCyberPodcastLinkedin:Damian: https://www.linkedin.com/in/damianchung/Troy: https://www.linkedin.com/in/kosovotroy/Fern: https://www.linkedin.com/in/fernrojasaz/Business Inquiries: dtf at cyberpodcast dot net

Ver todos los episodios