Josh Schwartz on red-teaming and proactive security engineering

June 18th, 2021  |  37 mins 57 secs

blue team, red-team, verizon yahoo

Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity.

(Episode sponsored by Eclypsium)

Michael Laventure, threat detection and response, Netflix

June 10th, 2021  |  30 mins 32 secs

supply chain, threat-hunting, threat-intel

Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to "do security better." We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.

Google's Heather Adkins on defenders playing the long game

May 26th, 2021  |  38 mins 47 secs

chrome, google, zero-trust

Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.

Collin Greene, head of product security, Facebook

May 25th, 2021  |  1 hr 1 min

bug bounties, facebook, pen-testing, product security, security assessments, web app security

Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.

Alex Matrosov on the state of security at the firmware layer

May 23rd, 2021  |  58 mins 32 secs

Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.

Charles Nwatu, Security Technology & Risk, Netflix

May 11th, 2021  |  30 mins 25 secs

compliance, privacy, risk management, security

Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance & Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.

Doug Madory on the mysterious AS8003 global routing story

April 29th, 2021  |  29 mins 20 secs

as8003, bgp hijacking, global routing, internet backbone, ipv4

Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.

Crossbeam CISO Chris Castaldo on securing the start-up

April 23rd, 2021  |  32 mins 10 secs

career guidance, compliance, privacy, security, startup

Chris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected.

Castaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.

Shubs Shah on finding riches (and lessons) from bug bounty hacking

April 20th, 2021  |  52 mins 49 secs

bug bounties, continuous testing, h2c smuggling, pen-testing, security assessments, web app security

Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.

Fahmida Rashid, Executive Editor, VentureBeat

April 9th, 2021  |  37 mins 2 secs

investments, journalism, news gathering, story-telling, venture capital, writing

Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.

Microsoft's David Weston on the surge in firmware attacks

April 6th, 2021  |  33 mins 6 secs

bios, eclypsium, firmware, iot, microsoft, security updates, uefi, windows os

Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years.

As businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.

Lena Smart, CISO, MongoDB

April 2nd, 2021  |  54 mins 21 secs

At age16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education was not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and is leading the discussion on education and talent-identification in cybersecurity.

Lena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.