Episode Archive

117 episodes of Security Conversations since the first episode, which aired on December 6th, 2017.

  • Abhishek Arya on Google's AI cybersecurity experiments

    September 12th, 2023  |  33 mins 27 secs
    google, open source software, openssf, oss-fuzz, supply chain

    Episode sponsors:

    Abhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB.

    In this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, regulations and liability for software vendors, and the long road ahead for securing software supply chains.

  •

    Dr Sergey Bratus on the 'citizen science' of hacking

    August 31st, 2023  |  40 mins 2 secs
    amp, darpa, dartmouth, parsers, pdf, safedocs

    Episode sponsors:

    Dr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love "citizen science" of hacking all the things.

  •

    DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge

    August 20th, 2023  |  26 mins 47 secs
    ai cyber challenge, aixcc, darpa, def con ctf, rpisec

    Episode sponsors:

    DARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.

  •

    Ryan Hurst on tech innovation and unsolved problems in security

    August 16th, 2023  |  42 mins 24 secs
    ai, bgp, encryption, google, key management, microsoft, startups

    Episode sponsors:

    Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.

  •

    Jason Chan on Microsoft's security problems, layoffs and startups

    August 7th, 2023  |  27 mins 7 secs
    ciso, entrepreneurship, generative ai, layoffs, microsoft, open source software, transparency, vc funding

    Episode sponsors:

    Bessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.

  •

    GitHub security chief Mike Hanley on secure coding, AI and SBOMs

    August 2nd, 2023  |  40 mins 29 secs
    github, open source, sbom, shift-left, supply chain

    Episode sponsors:

    GitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.

  •

    Jason Shockey, Chief Information Security Officer, Cenlar FSB

    July 26th, 2023  |  33 mins 47 secs

    Episode sponsors:

    Cenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.

  •

    Federico Kirschbaum on a life in the Argentina hacking scene

    July 19th, 2023  |  42 mins 1 sec
    argentina, core security, ekoparty, exploits, zero-day

    Episode sponsors:

    Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.

  •

    Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties

    July 12th, 2023  |  48 mins 38 secs
    appsec, bug bounties, microsoft, msrc, pen-testing

    Episode sponsors:

    Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.

  •

    OpenSSF GM Omkhar Arasaratnam on open-source software security

    July 5th, 2023  |  36 mins 11 secs
    log4j, open source, supply chain

    Episode sponsors:

    New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins the podcast for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.

  •

    Serial entrepreneur Rishi Bhargava on building another cybersecurity company

    April 10th, 2023  |  32 mins 32 secs

    Episode sponsors:

    Rishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.

    On this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.

  •

    Claude Mandy on CISO priorities, data security principles

    March 6th, 2023  |  35 mins 2 secs
    cloud security, data guard, data security, dspm

    Episode sponsors:

    Symmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.