JAG-S on big-game malware hunting and a very mysterious APT

October 17th, 2022  |  52 mins 40 secs

apts, cyberespionage, exploits, zero-day

• Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.

SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.

Chainguard's Dan Lorenc gets real on software supply chain problems

October 13th, 2022  |  47 mins 7 secs

entrepreneurship, open source software, supply chain security

• Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.

Dan Lorenc and team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation.

Vinnie Liu discusses a life in the offensive security trenches

August 7th, 2022  |  1 hr 7 mins

bug bounties, continuous testing, h2c smuggling, pen-testing, security assessments, web app security

A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...

Down memory lane with Snort and Sourcefire creator Marty Roesch

July 25th, 2022  |  1 hr 7 mins

netography, network security, snort, sourcefire

Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.

Subbu Rama, co-founder and CEO, BalkanID

June 1st, 2022  |  34 mins 17 secs

balkanid, funding, iga, public cloud, saas

Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.

Project Zero's Maddie Stone on the surge in zero-day discoveries

May 10th, 2022  |  42 mins 10 secs

disclosure, exploits, google, memory safety, project zero, transparency, zero-day

Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.

Prof. Mohit Tiwari on the future of securing data at scale

May 6th, 2022  |  46 mins 1 sec

data security, data security posture management, privacy

Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.

Google's Shane Huntley on zero-days and the nation-state threat landscape

April 4th, 2022  |  40 mins 44 secs

exploits, google, project zero, pwn2own, zero-day

Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...

Lamont Orange, CISO, Netskope

March 21st, 2022  |  26 mins 2 secs

Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.

Haroon Meer on the business of cybersecurity

March 19th, 2022  |  1 hr 15 mins

breach detection, canaries, startup, thinkst, venture capital

Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.

Tony Pepper, co-founder and CEO, Egress

February 22nd, 2022  |  19 mins 37 secs

email security, entrepreneurship, messaging

Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.

Microsoft's Justin Campbell on offensive security research

January 8th, 2022  |  27 mins 16 secs

memory safety, microsoft, secure coding, shift-left, windows, zero-days

Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.