About the show

Security Conversations covers the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. Thoughtful conversations with security practitioners on threat intelligence, zero trust, securing cloud deployments, penetration testing, bug bounties, advancements in offensive research and targeted malware espionage activity.

Connect with Ryan on Twitter (Open DMs).

Episodes

  • Fahmida Rashid, Executive Editor, VentureBeat

    April 9th, 2021  |  37 mins 2 secs
    investments, journalism, news gathering, story-telling, venture capital, writing

    Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.

  • Microsoft's David Weston on the surge in firmware attacks

    April 6th, 2021  |  33 mins 6 secs
    bios, eclypsium, firmware, iot, microsoft, security updates, uefi, windows os

    Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years.

    As businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.

  • Lena Smart, CISO, MongoDB

    April 2nd, 2021  |  54 mins 21 secs

    At age16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education was not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and is leading the discussion on education and talent-identification in cybersecurity.

    Lena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.

  • Patrick Howell O'Neill, Cybersecurity Editor, MIT Technology Review

    March 30th, 2021  |  25 mins 52 secs
    apt, attribution, google, journalism, nation-state malware, project zero, story-telling

    Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter.

  • Nico Waisman, Head of Privacy & Security, Lyft

    March 26th, 2021  |  56 mins 18 secs
    ciso, offensive security, risk management, third-party risk, zero-days

    After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...

  • Ron Brash on the water plant hacks and the state of ICS security

    March 11th, 2021  |  50 mins 6 secs
    critical infrastructure, ics, nation-state hacks, ransomware, scada

    Ron Brash joins Ryan on the show talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defender, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management.

  • Throwback: Zero-day exploit broker Chaouki Bekrar

    March 3rd, 2021  |  24 mins 42 secs
    exploit brokers, exploits, pwn2own, vupen, zero-day, zerodium

    This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes.

    The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest.

    Please excuse the audio quality and background noise.

  • Selena Larson, Intelligence Analyst, Dragos

    September 16th, 2020  |  52 mins 17 secs
    blue team, ics, journalism, ransomware, red team, scada

    Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.

  • Fredrick Lee, Chief Security Officer, Gusto

    September 10th, 2020  |  41 mins 37 secs
    business continuity, compliance, corona virus, covid, crisis management, cybersecurity, pandemic, privacy, security

    Gusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.

  • Zack Whittaker, Security Editor, TechCrunch

    September 1st, 2020  |  25 mins 45 secs
    journalism, news gathering, story-telling, writing

    TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome.

  • Jason Chan, VP, Information Security, Netflix

    August 18th, 2020  |  31 mins 4 secs
    ciso, leadership, serverless, zero-trust

    Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.

  • Matt Honea, Senior Director, Cybersecurity, Guidewire

    August 11th, 2020  |  46 mins 36 secs
    cyber-insurance, data recovery, insurance, ransomware

    After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.