Costin Raiu on the .gov mobile exploitation business

December 23rd, 2021  |  41 mins 18 secs

android, apple, exploits, ios malware, nso pegasus, psoas, zero-day

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Amanda Gorton, co-founder and CEO, Corellium

December 20th, 2021  |  46 mins 20 secs

apple, corellium, emulation, ios, virtualization

Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.

Intel's Venky Venkateswaran on hardware-enabled security

September 9th, 2021  |  35 mins 20 secs

Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).

Sounil Yu on SBOMs, software supply chain security

July 13th, 2021  |  48 mins 26 secs

open-source, sbom, supply chain

Episode sponsored by SecurityWeek.com

JupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.

Algirde Pipikaite, Centre for Cybersecurity, World Economic Forum

July 6th, 2021  |  40 mins 2 secs

ciso, davos, risk management

Episode sponsored by MongoDB.com.

Algirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.
Algirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Josh Schwartz on red-teaming and proactive security engineering

June 18th, 2021  |  37 mins 57 secs

blue team, red-team, verizon yahoo

Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity.

(Episode sponsored by Eclypsium)

Michael Laventure, threat detection and response, Netflix

June 10th, 2021  |  30 mins 32 secs

supply chain, threat-hunting, threat-intel

Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to "do security better." We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.

Google's Heather Adkins on defenders playing the long game

May 26th, 2021  |  38 mins 47 secs

chrome, google, zero-trust

Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.

Collin Greene, head of product security, Facebook

May 25th, 2021  |  1 hr 1 min

bug bounties, facebook, pen-testing, product security, security assessments, web app security

Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.

Alex Matrosov on the state of security at the firmware layer

May 23rd, 2021  |  58 mins 32 secs

Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.

Charles Nwatu, Security Technology & Risk, Netflix

May 11th, 2021  |  30 mins 25 secs

compliance, privacy, risk management, security

Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance & Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.

Doug Madory on the mysterious AS8003 global routing story

April 29th, 2021  |  29 mins 20 secs

as8003, bgp hijacking, global routing, internet backbone, ipv4

Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.