There’s a certain kind of security content that feels built for compliance checklists. It’s important, but easy to mentally file away and forget.
Then there’s The Art of Security, which doesn’t really let you do that.
If you haven’t tuned in yet to Fortra’s new podcast, you’re missing a different way of talking about cybersecurity. With co-hosts Josh Davies and Tyler Reguly bringing distinct but complementary perspectives, the conversations stay grounded in real-world security practice rather than abstract theory. Together, they unpack how decisions actually get made under pressure, where assumptions quietly break down, and why the “right answer” in security is often far less obvious when you’re the one responsible for choosing it.
So rather than a straightforward recap, think of this as a look at the moments, ideas, and conversations from the first episodes that linger long after you’ve finished listening.
Who Watches the Watchmen?
In this episode, Tyler and Josh dig into a tough but necessary question: who’s keeping an eye on the people who keep us secure?
Across security vendors, internal teams, and third-party providers, they examine what can go wrong when the people trusted to protect systems become a source of risk themselves. From vendor breaches to insider threats and unchecked access, the conversation explores the tension between trust and oversight, while also touching on what makes a security partner truly trustworthy and how AI is reshaping security operations. The core message is simple: in cybersecurity, trust matters, but verification matters more. Listen to the full episode.
The Art of Cyber Hygiene: Building Security from the Ground Up
Josh and Tyler discuss the core idea of cyber hygiene and what it really means to get the basics right. What actually counts as the “basics of the basics?” Is it vulnerability management and secure configurations, integrity monitoring as an early warning system, or modern identity controls and layered visibility from day one?
Through practical debate and relatable analogies — from building strong foundations with Lego bricks to preventing kitchen fires — they break down what organizations need to prioritize before layering on more complexity. Listen to the full episode.
The Art of the Adversary: Scripted Sparrow
Business email compromise is getting smarter, and Scripted Sparrow is proving it.
In this episode, Fortra cybersecurity researcher John Wilson joins the conversation to break down how Scripted Sparrow executes highly targeted social engineering attacks that trick organizations into paying fraudulent invoices. Instead of traditional phishing, this group uses spoofed email conversations, fake executive coaching invoices, and carefully crafted tactics to bypass security controls and manipulate employees. Listen to the full episode.
Stop Patching Everything: Rethinking Vulnerability Management with RSnake
We’re taking a closer look at vulnerability management and asking a pointed question: are we approaching it the right way?
Joined by cybersecurity legend Robert "RSnake" Hansen, the conversation unpacks the often-blurred line between vulnerability management and patch management and why treating them as the same discipline can create blind spots. If vulnerability backlogs feel overwhelming — or your VM program isn’t delivering clear value — this episode offers a fresh way to rethink what “good” actually looks like. Listen to the full episode.
The Art of Collective Defense
Cybersecurity isn’t a solo fight, but a shared one. And when defenders collaborate, everyone gets stronger.
Josh and Tyler are joined by Jennifer Quaid and Bob Gordon from the Canadian Cyber Threat Exchange (CCTX) to break down what effective collaboration really looks like in practice. If you think cybersecurity is just about tools and technology, this conversation will challenge that assumption — because in today’s threat landscape, defense is a team sport. Listen to the full episode.
Supply Chain Compromise: Trust is the Target
We’re encouraged to patch quickly, trust updates, and rely on the software ecosystems that power modern business — but what happens when that trust becomes the attack path?
In this episode, Josh and Tyler explore the growing threat of software supply chain compromise. From malicious open-source packages and poisoned dependencies to long-dormant “sleeper” attacks, they examine how trusted code can be quietly turned against its users at scale. The conversation also looks at how attackers are leveraging automation and AI-assisted development to amplify reach, and why traditional “patch immediately” thinking doesn’t always hold up in this environment. Listen to the full episode.
Challenge Your Thinking on Cybersecurity
The Art of Security isn’t a checklist for cybersecurity strategy, but a series of discussions and debates about the imperfect decisions made under pressure, often faster than attackers expect. The conversations are meant to challenge how you think about risk, responsibility, and the tradeoffs built into modern security work.
Subscribe to The Art of Security on YouTube, Spotify, or Apple Podcasts and stay ahead of what’s shaping cybersecurity today.
