Below the Surface (Audio) - The Supply Chain Security Podcast
Episodes
Exploring AI in Firmware Analysis - BTS #65
15 Dec 2025
Contributed by Lukas
Summary In this episode, special guest Matt Brown joins us to discuss the integration of AI in firmware analysis, exploring its benefits and challenge...
Patching, Evil AI, Supply Chain Breaches - BTS #64
24 Nov 2025
Contributed by Lukas
Summary In this episode, the hosts discuss various cybersecurity topics, including recent vulnerabilities in Fortinet products, the implications of su...
F5 Breach, Linux Malware, and Hacking Banks - BTS #63
30 Oct 2025
Contributed by Lukas
Summary In this episode of Below the Surface, Paul Asadoorian and Chase Snyder delve into various cybersecurity topics, including the use of Raspbe...
Unpacking the F5 Breach, Framework UEFI Shells - BTS #62
21 Oct 2025
Contributed by Lukas
In this episode, the hosts discuss the recent F5 breach, exploring the implications of the attack, the tactics used by threat actors, and the importan...
Red November, Cisco Vulnerabilities, and Supply Chain Security - BTS #61
08 Oct 2025
Contributed by Lukas
In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the Red November campaign targeting network edge devic...
HybridPetya and UEFI Threats - BTS #60
22 Sep 2025
Contributed by Lukas
In this episode of Below the Surface, the hosts discuss various cybersecurity topics, including the evolution of malware with a focus on Hybrid Petya,...
Exploit Marketplaces - BTS #59
10 Sep 2025
Contributed by Lukas
In this episode of Below the Surface, host Paul Asadoorian speaks with Evan Dornbush, CEO of Desired Effect, about the evolving landscape of exploit m...
UEFI Vulnerabilities and Hardware Risks - BTS #58
04 Sep 2025
Contributed by Lukas
In this episode, the hosts discuss various cybersecurity topics, focusing on hardware vulnerabilities, UEFI attack vectors, and the implications of ne...
Interview with Brian Mullen from AMI - BTS #57
15 Aug 2025
Contributed by Lukas
In this episode of Below the Surface, host Paul Asadoorian is joined by Brian Mullen, head of SSDLC at AMI, to discuss the complexities of supply chai...
BTS #56 - Vulnerabilities & Backdoors In IT Infrastructure
08 Aug 2025
Contributed by Lukas
In this episode, the hosts discuss various cybersecurity topics, focusing on Nvidia vulnerabilities, the implications of backdoors in technology, and ...
Netgear, Gigabyte, and Rowhammer Vulnerabilities - BTS #55
24 Jul 2025
Contributed by Lukas
In this episode of Below the Surface, the hosts discuss critical cybersecurity topics including vulnerabilities in Netgear and Gigabyte devices, the i...
CVE-2024-54085: The First of Its Kind - BTS #54
08 Jul 2025
Contributed by Lukas
In this episode, the hosts delve into the critical vulnerabilities associated with Baseboard Management Controllers (BMCs), with a particular focus on...
Exploring the Evolution of Zero Trust - BTS #53
07 Jul 2025
Contributed by Lukas
In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI d...
Securing the Future of AI Infrastructure - BTS #52
01 Jul 2025
Contributed by Lukas
In this episode, the hosts discuss the evolving landscape of AI infrastructure security, focusing on the complexities of building and maintaining AI d...
When Windows 10 Expires - BTS #51
30 May 2025
Contributed by Lukas
In this episode, the hosts discuss the impending end of life for Windows 10 and the necessary preparations for upgrading to Windows 11. They explore t...
SBOMs, HBOMs, and Supply Chain Visibility - BTS #50
15 May 2025
Contributed by Lukas
Summary In this episode, Paul Asadoorian and Joshua Marpet delve into the complexities of compliance, inventory management, and the emerging concepts ...
The Hidden Risks of Open Source Components - BTS #49
06 May 2025
Contributed by Lukas
In this episode, Paul Asadorian and Josh Bressers delve into the complexities of open source supply chain security, discussing the prevalence of open ...
Hardware Hacking Tips & Tricks - BTS #48
07 Apr 2025
Contributed by Lukas
In this episode, Paul and Chase delve into the world of hardware hacking, focusing on devices like the Flipper Zero and ESP32. They discuss the variou...
BMC&C Part 3 - BTS #47
19 Mar 2025
Contributed by Lukas
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the latest vulnerability disclosures related to Baseboard Management Contro...
Black Basta - Threat Intelligence Insights - BTS #46
05 Mar 2025
Contributed by Lukas
In this episode, Paul Asadoorian, Vlad Babkin, and Chase Snyder delve into the recent leaks from the Black Basta ransomware group, exploring the impli...
Understanding Firmware Vulnerabilities in Network Appliances - BTS #45
06 Feb 2025
Contributed by Lukas
In this episode, Paul, Vlad, and Chase discuss the security challenges of Palo Alto devices and network appliances. They explore the vulnerabilities p...
Network Appliances: A Growing Concern - BTS #44
27 Jan 2025
Contributed by Lukas
In this episode, Paul Asadorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly fo...
CVE Turns 25 - BTS #43
09 Dec 2024
Contributed by Lukas
In this episode, Paul Asidorian, Alec Summers, and Lisa Olson discuss the 25th anniversary of the CVE program, its evolution, and the importance of tr...
The China Threat - BTS #42
21 Nov 2024
Contributed by Lukas
In this episode, Paul Asadoorian, Allan Alford, and Josh Corman discuss the growing threat posed by China, particularly in the context of cyber operat...
Pacific Rim - BTS #41
06 Nov 2024
Contributed by Lukas
In this episode, Paul Asadorian, Larry Pesce, and Evan Dornbusch delve into the recent Sophos reports on threat actors, particularly focusing on the P...
Backdoors in Backdoors
23 Oct 2024
Contributed by Lukas
In this episode, Paul Ascidorian and Matt Johansen discuss the recent targeted attacks by Chinese threat actors, particularly focusing on the Volt Typ...
The Art of Firmware Scraping - BTS #39
08 Oct 2024
Contributed by Lukas
In this episode, Edwin Shuttleworth from Finite State discusses firmware security, insights from the GRRCON Security Conference, and the challenges of...
Vulnerability Tracking & Scoring - Patrick Garrity - BTS #38
27 Sep 2024
Contributed by Lukas
In this episode of Below the Surface, host Paul Ascadorian and guest Patrick Garrity discuss the complexities of vulnerability tracking and prioritiza...
Firmware Reverse Engineering - Matt Brown - BTS #37
11 Sep 2024
Contributed by Lukas
In this episode, Matt Brown joins the podcast to talk about firmware reverse engineering and supply chains. They discuss Matt's start in information s...
Supply Chain Policies - Trey Herr, Stewart Scott - BTS #36
14 Aug 2024
Contributed by Lukas
Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain ...
The Known Exploited Vulnerability catalogue, aka the KEV - Tod Beardsley - BTS #35
31 Jul 2024
Contributed by Lukas
Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how y...
EPSS - The Exploit Prediction Scoring System - Jay Jacobs, Wade Baker - BTS #34
17 Jul 2024
Contributed by Lukas
Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exp...
Securing OT Environments - Dr. Ed Harris - BTS #33
03 Jul 2024
Contributed by Lukas
Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit htt...
Mitre ATT&CK - Adam Pennington - BTS #32
19 Jun 2024
Contributed by Lukas
We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. V...
Managing Complex Digital Supply Chains - Cassie Crossley - BTS #31
05 Jun 2024
Contributed by Lukas
Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product comp...
Systems Of Trust - Robert Martin - BTS #30
22 May 2024
Contributed by Lukas
Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securi...
Supply Chains, Firmware, And Patching - Jason Kikta - BTS #29
08 May 2024
Contributed by Lukas
Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current ch...
5G Hackathons - Casey Ellis - BTS #28
24 Apr 2024
Contributed by Lukas
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bou...
Governance, Compliance, and The Digital Supply Chain - Josh Marpet - BTS #27
10 Apr 2024
Contributed by Lukas
In this episode, we disccuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadorian and Ala...
What We Don’t Know Will Hurt Us - Cheryl Biswas - BTS #26
27 Mar 2024
Contributed by Lukas
Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the...
Supply Chain Threats and Regulations - BTS #25
13 Mar 2024
Contributed by Lukas
Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we'...
Managing Supply Chain Risk - Saša Zdjelar - BTS #24
21 Feb 2024
Contributed by Lukas
Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how b...
Closing The Supply Chain Visibility Gap - Dr. Olga Livingston - BTS #23
07 Feb 2024
Contributed by Lukas
Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility ...
SBOMs and Supply Chains - Allan Friedman - BTS #22
24 Jan 2024
Contributed by Lukas
We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to id...
Supply Chain Risk Management - David Vaughn - BTS #21
10 Jan 2024
Contributed by Lukas
We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclyp...
Network Device Supply Chains and Lateral Movement - Joe Hall - BTS #20
27 Dec 2023
Contributed by Lukas
In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity...
A Year in Review on Offensive Security, Defensive Landscapes, and Global Implications - Tyler Robinson - BTS #19
13 Dec 2023
Contributed by Lukas
In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we expl...
Defending Against Supply Chain Attacks - Bri Rolston - BTS #18
29 Nov 2023
Contributed by Lukas
Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply ch...
Protecting The Digital Supply Chain - Yuriy Bulygin - BTS #17
15 Nov 2023
Contributed by Lukas
Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researche...
UEFI & The Digital Supply Chain - Dick Wilkins - BTS #16
01 Nov 2023
Contributed by Lukas
Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain t...
Reverse Engineering BMCs and Other Firmware - Vladyslav Babkin - BTS #15
18 Oct 2023
Contributed by Lukas
Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cov...
Protecting The Federal Supply Chain - John Loucaides - BTS #14
04 Oct 2023
Contributed by Lukas
John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium...
Network Device Supply Chain Security - Nate Warfield - BTS #13
20 Sep 2023
Contributed by Lukas
We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ran...
Dealing with The Digital Supply Chain - Ramy Houssaini - BTS #12
14 Jun 2023
Contributed by Lukas
Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore ho...
SCRM and Supply Chain Security Up and Down the Stack - Steve Orrin - BTS #11
31 May 2023
Contributed by Lukas
Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying sup...
Learning About Firmware Security - Xeno Kovah - BTS #10
17 May 2023
Contributed by Lukas
Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and...
Accidentally Learning about Security: From Firmware to the Cloud, Brian Richardson - BTS #9
03 May 2023
Contributed by Lukas
Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and f...
BTS #8 - Richard Hughes
19 Apr 2023
Contributed by Lukas
The LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware ...
Nicholas Starke - BTS #7
05 Apr 2023
Contributed by Lukas
Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities. Seg...
BTS #6 - Vincent Zimmer
22 Mar 2023
Contributed by Lukas
This session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It w...
BTS #5 - Community Insights: Supply Chain Threats, Critical Firmware Attacks, and more!
08 Mar 2023
Contributed by Lukas
In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, ...
BTS #4 - Supply Chain Threats, Vulnerable Drivers, OpenSSL Vulnerabilities, and more!
22 Feb 2023
Contributed by Lukas
Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerab...
BTS #3 - Inevitable Attacks, UEFI Vulnerabilities, and more!
08 Feb 2023
Contributed by Lukas
This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full ...
BTS #2 - Root Of Trust (Rot)
26 Jan 2023
Contributed by Lukas
Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/202...
BTS #1 - Firmware & Supply Chain Security
25 Jan 2023
Contributed by Lukas
Paul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest...