Episode sponsors:
\n\nCris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium, and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.
Links:
Episode sponsors:
\n\nMalware paleontologist Costin Raiu returns for an emergency episode on the XZ Utils software supply chain backdoor. We dig into the timeline of the attack, the characteristics of the backdoor, affected Linux distributions, and the reasons why 'Tia Jan' is the handiwork of a cunning nation-state.
\n\nBased on all the clues available, Costin pinpoints three main suspects -- North Korea's Lazarus, China's APT41 or Russia's APT29 -- and warns that there are more of these backdoors lurking in modern software supply chains.
Links:
Episode sponsors:
\n\nKatie Moussouris founded Luta Security in 2016 and bootstrapped it into a profitable business with a culture of equity and healthy boundaries. She is a pioneer in the world of bug bounties and vulnerability disclosure and serves in multiple advisory roles for the U.S. government, including the new CISA Cyber Safety Review Board (CSRB).
\n\nIn this episode, Moussouris discusses Luta Security's new Workforce Platform profit-sharing initiative, the changing face of the job market, criticisms of the CSRB's lack of enforcement authority, and looming regulations around zero-day vulnerability data.
Links:
Episode sponsors:
\n\nCostin Raiu has spent a lifetime in anti-malware research, working on some of the biggest nation-state APT cases in history, including Stuxnet, Duqu, Equation Group, Red October, Turla and Lazarus.
\n\nIn this exit interview, Costin digs into why he left the GReAT team after 13 years at the helm, ethical questions on exposing certain APT operations, changes in the nation-state malware attribution game, technically impressive APT attacks, and the 'dark spots' where future-thinking APTs are living.
Links:
Episode sponsors:
\n\nDanny Adamitis is a principal information security engineer at Black Lotus Labs, the threat research division within Lumen Technologies. On this episode of the show, we discuss his team's recent discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure.
\n\nDanny digs into the inner workings of the botnet, the global problem end-of-life devices becoming useful tools for malicious actors, and the things network defenders can do today to mitigate threats at this layer.
Links:
Episode sponsors:
\n\nAllison Miller is founder and CEO of Cartomancy Labs and former CISO and VP of Trust at Reddit. She has spent the past 20 years scaling teams and technology at Bank of America, Google, Electronic Arts, PayPal/eBay, and Visa International.
\n\nIn this conversation, we discuss the convergence of security with fraud prevention and anti-abuse, the challenges and complexities in IAM implementations, the post-pandemic labor market, the evolving role of CISOs and new realities around CISO exposure to personal liability, thoughts on the 'build vs buy' debate and the nuance and dilemma of paying ransomware demands.
Links:
Episode sponsors:
\n\nRob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the potential of AI models and their impact on various aspects of technology and society and digs into the importance of improving model interaction by allowing more thoughtful and refined responses.
\n\nWe also discuss how AI can be a superpower, enabling rapid prototyping and idea generation. The discussion concludes with considerations for safeguarding AI models, including transparency, explainability, and potential regulations.
\n\nTakeaways:
\n\nLinks:
Episode sponsors:
\n\nSeth Spergel is managing partner at Merlin Ventures, where he is responsible for identifying cutting-edge companies for Merlin to partner with and invest in. In this episode, Seth talks about helping startups target US federal markets, the current state of deal sizes and valuations, and the red-hot sectors in cybersecurity ripe for venture investment.
Links:
Episode sponsors:
\n\nDan Lorenc is CEO and co-founder of Chainguard, a company that raised $116 million in less than two years to tackle open source supply chain security problems. In this episode, Dan joins Ryan to chat about the demands of building a "growth mode" startup, massive funding rounds and VC expectations, fixing the "crappy" CVE and CVSS ecosystems, managing expectations around SBOMs, and how politicians and lobbyists are framing cybersecurity issues in strange ways.
Links:
Episode sponsors:
\n\nNick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.
Links:
Episode sponsors:
\n\nAllison Nixon is Chief Researcher at Unit 221B and a trailblazer in the world of cybercrime research. In this episode, we deep-drive into the shadowy dynamics of underground criminal communities, high-profile ransomware attacks, teenage hacking groups breaking into big companies, and the challenges of attribution and law enforcement. Allison sheds light on why companies continue to be vulnerable targets and what they're often missing in their cybersecurity strategies.
Links:
Episode sponsors:
\n\nDakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and new policies to improve China’s cybersecurity-talent pipeline.
\n\nIn this episode, Cary expands on a new report -- 'Sleight of Hand' -- that delves into the changing legal landscape for vulnerability disclosure in China, the PRC's weaponization of software vulnerabilities, advanced threat actors in China and that infamous Bloomberg 'rice grain' spy chip story.
Links:
Episode sponsors:
\n\nAbhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB.
\n\nIn this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, regulations and liability for software vendors, and the long road ahead for securing software supply chains.
Links:
Episode sponsors:
\n\nDr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love "citizen science" of hacking all the things.
Links:
","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nDr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love \"citizen science\" of hacking all the things.","date_published":"2023-08-31T06:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/22e99482-8572-494f-9416-25773647d809.mp3","mime_type":"audio/mpeg","size_in_bytes":34605660,"duration_in_seconds":2402}]},{"id":"7a6ea79b-20e5-402f-b50e-f2c1305e8569","title":"DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge","url":"https://securityconversations.fireside.fm/perri-adams-darpa-ai-cyber-challenge","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nDARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.Links:DARPA AI Cyber Challenge Aims to Secure Nation’s Most Critical SoftwareAIxCC - AI Cyber ChallengeFollow Perri Adams on Twitter Google Brings AI Magic to Fuzz TestingAI-Powered Fuzzing: Breaking the Bug Hunting Barrier","content_html":"Episode sponsors:
\n\nDARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driven systems to automatically secure critical code.
Links:
Episode sponsors:
\n\nPeculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.
Links:
","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nPeculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.","date_published":"2023-08-16T07:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6fb48532-6cea-4136-b891-de4095a5f1fd.mp3","mime_type":"audio/mpeg","size_in_bytes":35217292,"duration_in_seconds":2544}]},{"id":"c38cc994-c217-4b50-b5bb-07900a1bee04","title":"Jason Chan on Microsoft's security problems, layoffs and startups","url":"https://securityconversations.fireside.fm/jason-chan-bessemer-venture-partners","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nBessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.Links:Jason Chan, VP, Information Security, NetflixJason Chan on LinkedInFollow Jason on Twitter / XJason Chan - Bessemer Venture Partners — Jason Chan is an operating advisor at Bessemer where he brings over twenty years of experience in cybersecurity and is especially passionate about large-scale systems, cloud security, and improving security in modern software development practices. Most recently, Jason built and led the information security team at Netflix for over a decade. His team at Netflix was known for its contributions to the security community, including over 30 open-source security releases and dozens of conference presentations. He also previously led the security team at VMware and spent most of his earlier career in security consulting. ","content_html":"Episode sponsors:
\n\nBessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.
Links:
Episode sponsors:
\n\nGitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.
Links:
Episode sponsors:
\n\nCenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.
Links:
","summary":"Episode sponsors: \r\n\r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nCenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.","date_published":"2023-07-26T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1c4c139f-1d8a-4f40-9cd2-f317b02723e3.mp3","mime_type":"audio/mpeg","size_in_bytes":29816428,"duration_in_seconds":2027}]},{"id":"b66102f9-41e2-40e3-981c-48d2187a490d","title":"Federico Kirschbaum on a life in the Argentina hacking scene","url":"https://securityconversations.fireside.fm/federico-kirschbaum-faraday-argentina-hacking","content_text":"Episode sponsors:\n\n\nBinarly (https://binarly.io)\nFwHunt (https://fwhunt.run)\n\n\nFaraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.Links:Faraday at Black Hat 2023Fede on LinkedInFederico Kirschbaum on TwitterEkopartyPadding Oracles Everywhere (Rizzo/Duong)","content_html":"Episode sponsors:
\n\nFaraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.
Links:
Episode sponsors:
\n\nProduct security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.
Links:
Episode sponsors:
\n\nNew General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.
Links:
Episode sponsors:
\n\nRishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.
\n\nOn this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.
Links:
Episode sponsors:
\n\nSymmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.
Links:
Episode sponsors:
\n\nMunich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the places in security still ripe for innovation.
Links:
Episode sponsors:
\n\nSecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.
Links:
Episode sponsors:
\n\nLuta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.
Links:
Episode sponsors:
\n\nCaleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...
Links:
Episode sponsors:
\n\nFamed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet. Plus, an interesting take on iOS Lockdown Mode.
","summary":"Episode sponsors: \r\n- Binarly (https://binarly.io)\r\n- FwHunt (https://fwhunt.run)\r\n\r\nFamed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet.","date_published":"2022-10-18T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/c59b2c9f-f374-403d-b8dc-684cac518d43.mp3","mime_type":"audio/mpeg","size_in_bytes":52629491,"duration_in_seconds":3540}]},{"id":"eefa9c91-fd32-43f6-bd09-7ddedda38914","title":"JAG-S on big-game malware hunting and a very mysterious APT","url":"https://securityconversations.fireside.fm/juan-andres-guerrero-saade","content_text":"\nEpisode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.\n\n\nSentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.Links:Report: The Mystery of MetadorJ. A. Guerrero-Saade on TwitterLABScon - Security Research in Real TimeResearchers Crowdsourcing Effort to Identify Mysterious Metador APT","content_html":"SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.
Links:
Dan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation.
Links:
A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...
Links:
Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.
Links:
Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.
Links:
","summary":"Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.","date_published":"2022-06-01T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a7042944-dfc0-4106-81b0-ded42d786570.mp3","mime_type":"audio/mpeg","size_in_bytes":19120903,"duration_in_seconds":2057}]},{"id":"97c47b7c-f218-4b1b-a4ae-1322852da212","title":"Project Zero's Maddie Stone on the surge in zero-day discoveries","url":"https://securityconversations.fireside.fm/maddie-stone-project-zero","content_text":"Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.Links:A Year in Review of 0-days Used In-the-Wild in 2021Maddie Stone on LinkedIn0day \"In the Wild\" Spreadsheet\r\nMaddie Stone on Twitter","content_html":"Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.
Links:
Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.
Links:
Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...
Links:
Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.
Links:
Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.
Links:
Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.
Links:
","summary":"Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.","date_published":"2022-02-22T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d26fa37e-4956-44ec-922d-de42c4ebf58f.mp3","mime_type":"audio/mpeg","size_in_bytes":22890355,"duration_in_seconds":1177}]},{"id":"367c5dd6-8956-42a5-b804-887991a31ff3","title":"Microsoft's Justin Campbell on offensive security research","url":"https://securityconversations.fireside.fm/justin-campbell-microsoft","content_text":"Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.Links:Microsoft Flags SolarWinds Serv-U 0-day exploitSolarWinds Serv-U RCE advisoryIn-the-wild zero-day counterHacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation","content_html":"Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.
Links:
Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.
Links:
Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.
Links:
Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).
Links:
Episode sponsored by SecurityWeek.com
\n\nJupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.
","summary":"Episode sponsored by SecurityWeek.com\r\n\r\nJupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.","date_published":"2021-07-13T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ca890116-c6d7-4107-8c9d-b4b64ed28927.mp3","mime_type":"audio/mpeg","size_in_bytes":58362999,"duration_in_seconds":2906}]},{"id":"af2bae60-6a2d-49d3-856d-5cabb850cfc1","title":"Algirde Pipikaite, Centre for Cybersecurity, World Economic Forum","url":"https://securityconversations.fireside.fm/algirde-pipikaite-world-economic-forum","content_text":"Episode sponsored by MongoDB.com.\n\nAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.Links:Algirde Pipikaite ProfileDeveloping the Future of Policy for CybersecurityCNBC: Cyberattacks on the rise amid coronavirus crisis, WEF expert says","content_html":"Episode sponsored by MongoDB.com.
\n\nAlgirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.
Links:
Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity.
\n\n(Episode sponsored by Eclypsium)
","summary":"Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the \"feeling\" of being secure, and why there's a need for more empathy in cybersecurity. \r\n\r\n(Episode sponsored by Eclypsium)","date_published":"2021-06-18T10:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1aefd66d-be45-405a-a030-d0e2d9a9e51e.mp3","mime_type":"audio/mpeg","size_in_bytes":30521046,"duration_in_seconds":2277}]},{"id":"96f77b2a-f94c-4b25-9870-8652ddaffaa0","title":"Michael Laventure, threat detection and response, Netflix","url":"https://securityconversations.fireside.fm/michael-laventure-netflix-threat-intel","content_text":"Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to \"do security better.\" We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.","content_html":"Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to "do security better." We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.
","summary":"Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to \"do security better.\" We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.","date_published":"2021-06-10T08:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/96f77b2a-f94c-4b25-9870-8652ddaffaa0.mp3","mime_type":"audio/mpeg","size_in_bytes":23563004,"duration_in_seconds":1832}]},{"id":"97a0eeb7-c6f6-4757-9cf5-bbd21380223f","title":"Google's Heather Adkins on defenders playing the long game","url":"https://securityconversations.fireside.fm/heather-adkins-google-security","content_text":"Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the \"long-game,\" the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.\n\nSponsored by Eclypsium:\nEclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of devices. Request a demo at Eclypsium.com.","content_html":"Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting.
\n\nSponsored by Eclypsium:
\nEclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of devices. Request a demo at Eclypsium.com.
Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.
Links:
","summary":"Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why \"shift-left\" should be the priority for every defender.","date_published":"2021-05-25T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5ca053c8-a041-4288-add6-49c3c7f84bbd.mp3","mime_type":"audio/mpeg","size_in_bytes":55918822,"duration_in_seconds":3692}]},{"id":"b93843f4-0c2b-4482-b8aa-c39e2fb7c02a","title":"Alex Matrosov on the state of security at the firmware layer","url":"https://securityconversations.fireside.fm/alex-matrosov-firmware-security","content_text":"Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.Links:Alex Matrosov on LinkedInModern Bootkit Trends: Bypassing Kernel-Mode Signing PolicyBootkit threats: In-depth reverse engineering & defense","content_html":"Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.
Links:
Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance & Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.
Links:
Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.
Links:
Chris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected.
\n\nCastaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.
","summary":"Chris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected. \r\n\r\nCastaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare CISO that loves security vendor briefings and demos, and his vision of the CISO's top priorities.","date_published":"2021-04-23T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/36c84816-ee62-408e-a68d-a928e4fb720c.mp3","mime_type":"audio/mpeg","size_in_bytes":28911630,"duration_in_seconds":1930}]},{"id":"8ca9fe4a-f12f-401f-80d8-f42f8c1e7504","title":"Shubs Shah on finding riches (and lessons) from bug bounty hacking","url":"https://securityconversations.fireside.fm/shuhbam-shah-assetnote","content_text":"Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.Links:AssetnoteShubs Shah: Hacking on Bug Bounties for Four YearsHigh frequency security: 120 days, 120 bugsh2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)H2C Smuggling in the Wild","content_html":"Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.
Links:
Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.
Links:
","summary":"Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.","date_published":"2021-04-09T10:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e3d22755-cc83-43aa-b67d-8003ad468a6b.mp3","mime_type":"audio/mpeg","size_in_bytes":31693302,"duration_in_seconds":2222}]},{"id":"9589ad97-fc83-458f-8781-44ce8eb8bbf3","title":"Microsoft's David Weston on the surge in firmware attacks","url":"https://securityconversations.fireside.fm/david-weston-microsoft-windows","content_text":"Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. \n\nAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.","content_html":"Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years.
\n\nAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.
","summary":"Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. \r\n\r\nAs businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, the nightmare of navigating the patching treadmill, and exciting tech innovation in the space.","date_published":"2021-04-06T11:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9589ad97-fc83-458f-8781-44ce8eb8bbf3.mp3","mime_type":"audio/mpeg","size_in_bytes":35474013,"duration_in_seconds":1986}]},{"id":"ccdec073-caf0-49bc-80f3-42edab3a1c04","title":"Lena Smart, CISO, MongoDB","url":"https://securityconversations.fireside.fm/lena-smart-ciso-mongodb","content_text":"At age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity.\n\nLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.","content_html":"At age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity.
\n\nLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.
","summary":"At age16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education was not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and is leading the discussion on education and talent-identification in cybersecurity.\r\n\r\nLena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.","date_published":"2021-04-02T04:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ccdec073-caf0-49bc-80f3-42edab3a1c04.mp3","mime_type":"audio/mpeg","size_in_bytes":44804932,"duration_in_seconds":3261}]},{"id":"02fc5a7f-d41b-434f-a25d-5f6c0a046dbc","title":"Patrick Howell O'Neill, Cybersecurity Editor, MIT Technology Review","url":"https://securityconversations.fireside.fm/patrick-howell-oneill-mit-tech-review","content_text":"Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter.","content_html":"Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter.
","summary":" \r\nPatrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. [Follow Patrick on Twitter](https://twitter.com/howelloneill).","date_published":"2021-03-30T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/02fc5a7f-d41b-434f-a25d-5f6c0a046dbc.mp3","mime_type":"audio/mpeg","size_in_bytes":24838523,"duration_in_seconds":1552}]},{"id":"85a47563-94ed-43f9-964c-fed6c6e20eff","title":"Nico Waisman, Head of Privacy & Security, Lyft","url":"https://securityconversations.fireside.fm/nico-waisman-lyft","content_text":"After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...","content_html":"After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...
","summary":"After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...","date_published":"2021-03-26T12:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/85a47563-94ed-43f9-964c-fed6c6e20eff.mp3","mime_type":"audio/mpeg","size_in_bytes":42763209,"duration_in_seconds":3378}]},{"id":"68388f69-fd95-4df0-9083-00587ea8f41c","title":"Ron Brash on the water plant hacks and the state of ICS security","url":"https://securityconversations.fireside.fm/ron-brash-verve-industrial-protection","content_text":"Ron Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about. \n\nRon is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management. ","content_html":"Ron Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about.
\n\nRon is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management.
","summary":" Ron Brash joins Ryan on the show talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defender, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management. ","date_published":"2021-03-11T13:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/68388f69-fd95-4df0-9083-00587ea8f41c.mp3","mime_type":"audio/mpeg","size_in_bytes":45472533,"duration_in_seconds":3006}]},{"id":"6cc88aa8-eacc-4bb0-a992-c0172b5915ea","title":"Throwback: Zero-day exploit broker Chaouki Bekrar","url":"https://securityconversations.fireside.fm/chaouki-bekrar","content_text":"This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. \n\nThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. \n\n(Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).","content_html":"This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes.
\n\nThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest.
\n\n(Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).
","summary":"This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. \r\n\r\nThe recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. \r\n\r\nPlease excuse the audio quality and background noise.","date_published":"2021-03-03T01:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6cc88aa8-eacc-4bb0-a992-c0172b5915ea.mp3","mime_type":"audio/mpeg","size_in_bytes":21298595,"duration_in_seconds":1482}]},{"id":"9a9c9bf0-2463-42f6-9e4c-823c9a7763d8","title":"Selena Larson, Intelligence Analyst, Dragos","url":"https://securityconversations.fireside.fm/selena-larson-dragos","content_text":"Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.Links:Selena Larson PresentationsFollow Selena on TwitterSelena Larson on Bringing New & Diverse People into the ICS Security CommunityICS OSINT: An Attacker’s PerspectiveSelena Larson profile","content_html":"Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security.
Links:
Gusto chief security officer Fredrick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way.
Links:
TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome.
","summary":"TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome.","date_published":"2020-09-01T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/cb83913c-2556-48c1-aff3-aa2f7b7db8c8.mp3","mime_type":"audio/mpeg","size_in_bytes":19170998,"duration_in_seconds":1545}]},{"id":"c238448d-c5c4-411a-b256-d6afae1ec31b","title":"Jason Chan, VP, Information Security, Netflix","url":"https://securityconversations.fireside.fm/jason-chan-netflix","content_text":"Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.Links:Jason's ultra-marathon photosKeynote: Keeping Developers and Security Teams HappyDeveloper Empathy with Jason Chan of Netflix (Podcast)Hacktivity 2014: Jason Chan -- Building a Glass HouseI Want Your Job: Jason Chan, Netflix","content_html":"Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery.
Links:
After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.
Links:
","summary":"After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security.","date_published":"2020-08-11T12:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6430e0f1-7e1a-4003-853b-8f19d9a34d6b.mp3","mime_type":"audio/mpeg","size_in_bytes":30677958,"duration_in_seconds":2796}]},{"id":"1a7b0cc6-4405-4f53-81c3-653964fd377d","title":"Andy Greenberg, Senior Writer, Wired","url":"https://securityconversations.fireside.fm/andy-greenberg-wired","content_text":"Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.Links:Follow Andy Greenberg on TwitterAndy Greenberg's Wired bioSandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers","content_html":"Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.
Links:
After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security.
","summary":"After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security. ","date_published":"2020-06-17T21:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/e2e90b4c-d2d7-4cf8-abb8-691432172793.mp3","mime_type":"audio/mpeg","size_in_bytes":44092719,"duration_in_seconds":3671}]},{"id":"768dab87-a2a6-4fa9-9a41-b74bd83665a3","title":"Tim MalcomVetter, Red Team Lead, Walmart","url":"https://securityconversations.fireside.fm/tim-malcomvetter-walmart","content_text":"[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ]\n\nWalmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.Links:TIm's Articles on MediumFollow Tim MalcomVetter on TwitterLinkedIn Profile","content_html":"[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ]
\n\nWalmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.
Links:
","summary":"Tim joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.","date_published":"2020-05-04T18:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/768dab87-a2a6-4fa9-9a41-b74bd83665a3.mp3","mime_type":"audio/mpeg","size_in_bytes":43661751,"duration_in_seconds":3574}]},{"id":"9a77e22d-d2e8-4f91-a79b-f6edb4f69eaa","title":"Matt Suiche, Comae Technologies","url":"https://securityconversations.fireside.fm/matt-suiche-comae","content_text":"Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries. Links:OPCDE OnlineComae TechnologiesFollow Matt Suiche on Twitter","content_html":"Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries.
Links:
","summary":"Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics, building a selling a company, and his passion for spreading security research in developing countries.","date_published":"2020-04-17T06:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/9a77e22d-d2e8-4f91-a79b-f6edb4f69eaa.mp3","mime_type":"audio/mpeg","size_in_bytes":35719975,"duration_in_seconds":2556}]},{"id":"3ea2877d-d3a0-44e1-98b4-e9536f831b77","title":"Jaime Blasco, AT&T Cybersecurity","url":"https://securityconversations.fireside.fm/jaime-blasco-att-cybersecurity","content_text":"AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning. Links:AT&T AlienLabsFollow Jaime on TwitterOpen Threat Exchange (OTX)","content_html":"AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning.
Links:
","summary":"AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning.","date_published":"2020-04-14T15:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/3ea2877d-d3a0-44e1-98b4-e9536f831b77.mp3","mime_type":"audio/mpeg","size_in_bytes":30063613,"duration_in_seconds":1867}]},{"id":"1762300e-32da-4a5b-b925-44680cc367e6","title":"Collin Mulliner, Security Engineer, Cruise","url":"https://securityconversations.fireside.fm/collin-mulliner-cruise","content_text":"Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool. Links:Firmware Analyzer — FwAnalyzer is a tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules. Collin's blogPDF: Continuous Automated Firmware Security Analysis","content_html":"Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool.
Links:
Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.
Links:
Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a "one team, one parking lot" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami.
Links:
Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing "cattle vs pets," the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses.
Links:
In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.
Links:
Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.
Links:
Flashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.
Links:
BlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.
Links:
Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.
Links:
","summary":"Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.","date_published":"2018-07-31T09:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d2f343f6-c9ae-4e29-a5be-bf8f746446b6.mp3","mime_type":"audio/mpeg","size_in_bytes":45359306,"duration_in_seconds":3208}]},{"id":"a936371f-8a20-4865-9932-a916fd16a2da","title":"Chris Castaldo, Senior Director of Cybersecurity, 2U ","url":"https://securityconversations.fireside.fm/chris-castaldo-2u","content_text":"Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.Links:Uptycsosquery | Easily ask questions about your Linux, Windows, and macOS infrastructure","content_html":"Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.
Links:
","summary":"Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.","date_published":"2018-07-26T09:45:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a936371f-8a20-4865-9932-a916fd16a2da.mp3","mime_type":"audio/mpeg","size_in_bytes":37191493,"duration_in_seconds":2384}]},{"id":"2eee789f-5d35-4620-bef5-79a98b867ffb","title":"Wim Remes, CEO and Principal Researcher, Wire Security","url":"https://securityconversations.fireside.fm/wim-remes-wire-security","content_text":"Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.Links:Wim Remes on GitHubWim Remes on Twitter","content_html":"Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.
Links:
","summary":"Founder and CEO of Wire Security Wim Remes discusses the intricacies of penetration testing, red-teaming, bug bounties, and calls for defenders to embrace continuous pen-testing.","date_published":"2018-07-23T12:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2eee789f-5d35-4620-bef5-79a98b867ffb.mp3","mime_type":"audio/mpeg","size_in_bytes":29368681,"duration_in_seconds":2442}]},{"id":"d7db6dd9-a8d4-42ec-a94d-b51821f8e4e3","title":"Dan Hubbard, Chief Security Architect, Lacework","url":"https://securityconversations.fireside.fm/dan-hubbard-lacework","content_text":"Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.Links:Containers at risk (PDF direct download)Dan Hubbard on Twitter","content_html":"Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.
Links:
","summary":"Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.","date_published":"2018-07-16T14:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/d7db6dd9-a8d4-42ec-a94d-b51821f8e4e3.mp3","mime_type":"audio/mpeg","size_in_bytes":33852535,"duration_in_seconds":2292}]},{"id":"904ca3fd-d3eb-481f-8a0e-819e0bfd87c4","title":"David Weston, Principal Security Engineering Manager, Microsoft","url":"https://securityconversations.fireside.fm/david-weston-microsoft","content_text":"David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.Links:Dave Weston on TwitterDavid Weston: Hardening with Hardware — In this talk, we will review the metamorphosis and fundamental re-architecture of Windows to take advantage of emerging hardware security capabilities. Windows 10 in S mode","content_html":"David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.
Links:
SVP and Chief Information Security Officer (CISO) at Lending Club, Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data. (Recorded during fireside chat at SecurityWeek’s CISO Forum).
\n\n\n\n\n\n
Links:
Founder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.
\n\n\n\n
Links:
","summary":"Founder and CEO of GreyNoise Intelligence Andrew Morris talks about his anti threat-intelligence company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.","date_published":"2018-05-31T15:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a441617f-9c5d-49d0-8fd8-d21fc211523a.mp3","mime_type":"audio/mpeg","size_in_bytes":21465394,"duration_in_seconds":2239}]},{"id":"https://securityconversations.com/?post_type=podcast&p=513","title":"Yoav Leitersdorf, Managing Partner , YL Ventures","url":"https://securityconversations.fireside.fm/yoav-leitersdorf-yl-ventures","content_text":"Managing Partner at YL Ventures, Yoav Leitersdorf (ylventures), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3Links:Ask A VC: Yoav Leitersdorf On The Cyber Security Opportunity — In this week’s episode of Ask A VC, we hosted YL Ventures’ Yoav Leitersdorf in the studio to talk about cyber security, innovations in Israel and more.","content_html":"Managing Partner at YL Ventures, Yoav Leitersdorf (ylventures), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.
\n\n\n\n
Links:
Principal Security Researcher at Recorded Future’s Insikt Group, Juan Andrés Guerrero-Saade (juanandres_gs), explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don’t have to be “sophisticated” to launch successful attacks.
\n\n\n\n","summary":"Principal Security Researcher at Recorded Futures Insikt Group, Juan Andrés Guerrero-Saade, explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don't have to be sophisticated to launch successful attacks.","date_published":"2018-05-14T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/f69cb1a6-f5e9-4664-bc82-fc229d5b1de4.mp3","mime_type":"audio/mpeg","size_in_bytes":53015905,"duration_in_seconds":3684}]},{"id":"https://securityconversations.com/?post_type=podcast&p=488","title":"Robert M. Lee, Chief Executive Officer, Dragos Inc.","url":"https://securityconversations.fireside.fm/robert-m-lee-dragos","content_text":"The founder and CEO of Dragos, Inc. Robert M. Lee (RobertMLee) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.\n\n \n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3","content_html":"
The founder and CEO of Dragos, Inc. Robert M. Lee (RobertMLee) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.
\n\n\n\n","summary":"The founder and CEO of Dragos, Inc. Robert M. Lee cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.","date_published":"2018-05-10T12:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/12cf4cec-e81b-4f38-b8ff-956979ab0e93.mp3","mime_type":"audio/mpeg","size_in_bytes":65117301,"duration_in_seconds":3284}]},{"id":"https://securityconversations.com/?post_type=podcast&p=479","title":"Brandon Dixon, Vice President, RiskIQ","url":"https://securityconversations.fireside.fm/brandon-dixon-riskiq","content_text":"VP of Product at RiskIQ Brandon Dixon (@9bplus) delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3Links:Split Key CoffeeSplit Key Coffee on MediumTainted Leaks: Disinformation and Phishing With a Russian Nexus - The Citizen Lab — This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then “leaked” to achieve specific propaganda aims.","content_html":"
VP of Product at RiskIQ Brandon Dixon (@9bplus) delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean.
\n\nLinks:
Slack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.
Links:
","summary":"Slack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.","date_published":"2018-05-08T16:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/356ed2cf-065c-4092-b71b-5ee407b73e26.mp3","mime_type":"audio/mpeg","size_in_bytes":75433009,"duration_in_seconds":3888}]},{"id":"https://securityconversations.com/?post_type=podcast&p=441","title":"Ivan Arce, CTO at Quarkslab","url":"https://securityconversations.fireside.fm/ivan-arce-quarkslab","content_text":"Chief Technology Officer at Quarkslab Ivan Arce (@4dgifts) tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3","content_html":"Chief Technology Officer at Quarkslab Ivan Arce (@4dgifts) tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.
\n\n","summary":"Chief Technology Officer at Quarkslab Ivan Arce tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem.","date_published":"2018-05-04T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/111cab3d-0ff5-4290-8488-07e6149421ce.mp3","mime_type":"audio/mpeg","size_in_bytes":69299416,"duration_in_seconds":3615}]},{"id":"https://securityconversations.com/?post_type=podcast&p=431","title":"Sinan Eren, Founder and CEO, Fyde","url":"https://securityconversations.fireside.fm/sinan-eren-fyde","content_text":"Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.\n\nhttps://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3Links:Security vendors need to stop doing more harm than good","content_html":"Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.
\n\nLinks:
","summary":"Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks.\r\n","date_published":"2018-05-02T08:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1bdc9378-05fb-4cbb-885e-a635b58b2298.mp3","mime_type":"audio/mpeg","size_in_bytes":49914123,"duration_in_seconds":2658}]},{"id":"https://securityconversations.com/?post_type=podcast&p=421","title":"Stephen Ridley, Founder and CTO, Senrio","url":"https://securityconversations.fireside.fm/stephen-ridley-senrio","content_text":"Founder and CTO at Senrio Stephen Ridley (@s7ephen) talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.\n\nhttps://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3Links:Introducing - Senrio Discovery","content_html":"Founder and CTO at Senrio Stephen Ridley (@s7ephen) talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.
\n\nLinks:
","summary":"Founder and CTO at Senrio Stephen Ridley talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry.","date_published":"2018-04-30T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a0478299-5d72-4bd9-8bd0-bc3c553645ba.mp3","mime_type":"audio/mpeg","size_in_bytes":52952645,"duration_in_seconds":2998}]},{"id":"1acf96d7-a561-4f6f-a936-75f92e67ca7b","title":"Mischel Kwon, Founder and CEO, MKA Cyber","url":"https://securityconversations.fireside.fm/mischel-kwon-mka-cyber","content_text":"Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.Links:MKACyberMischel Kwon on LinkedIn","content_html":"Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.
Links:
","summary":"Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.","date_published":"2018-04-26T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1acf96d7-a561-4f6f-a936-75f92e67ca7b.mp3","mime_type":"audio/mpeg","size_in_bytes":43253945,"duration_in_seconds":2342}]},{"id":"5714f72d-d6d1-4ec0-9ba7-0b5ffbd297de","title":"Rick Holland, CISO and VP of Strategy, Digital Shadows","url":"https://securityconversations.fireside.fm/rick-holland-digital-shadows","content_text":"CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.Links:Rick Holland on LinkedInDigital Shadows","content_html":"CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.
Links:
","summary":"CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.","date_published":"2018-04-24T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/5714f72d-d6d1-4ec0-9ba7-0b5ffbd297de.mp3","mime_type":"audio/mpeg","size_in_bytes":55915215,"duration_in_seconds":2134}]},{"id":"1a12e545-c1df-485c-b38f-dacd2356366d","title":"Thomas Ptacek, Founder, Latacora","url":"https://securityconversations.fireside.fm/tom-ptacek-latacora","content_text":"Latacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.Links:Latacora -- Security Teams For Startups — Latacora does just one kind of engagement: we join your engineering team virtually and run security, for about a year. Then we help you hire someone full-time to replace us.Thomas H. Ptacek on Twitter","content_html":"Latacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.
Links:
Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.
Links:
","summary":"Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.","date_published":"2018-04-16T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/517fd50b-7794-4b77-a0f5-4c898524b014.mp3","mime_type":"audio/mpeg","size_in_bytes":42101169,"duration_in_seconds":2500}]},{"id":"21e54dc1-246e-4efb-a0dd-9cd1ab69a610","title":"Haroon Meer, CEO, Thinkst Applied Research","url":"https://securityconversations.fireside.fm/haroon-meer-thinkst-applied-research","content_text":"Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.Links:Thinkst Canary - how it worksVideo : Enterprise security - A new hopeHaroon Meer on Twitter","content_html":"Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.
Links:
","summary":"Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.","date_published":"2018-04-12T15:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/21e54dc1-246e-4efb-a0dd-9cd1ab69a610.mp3","mime_type":"audio/mpeg","size_in_bytes":49733509,"duration_in_seconds":3626}]},{"id":"76f82d6c-8983-4786-abaf-d0426dc65a4c","title":"David (int eighty), Dual Core","url":"https://securityconversations.fireside.fm/int-eighty-dual-core","content_text":"Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.Links:Dual Core / International hip hop duo","content_html":"Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.
Links:
","summary":"Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.","date_published":"2018-04-11T15:15:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/76f82d6c-8983-4786-abaf-d0426dc65a4c.mp3","mime_type":"audio/mpeg","size_in_bytes":34938743,"duration_in_seconds":2374}]},{"id":"470c2cbd-ffb9-4df1-aa97-1e70410dcc81","title":"Dennis Fisher, Editor-in-Chief, Decipher","url":"https://securityconversations.fireside.fm/dennis-fisher-decipher","content_text":"Veteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.Links:Dennis Fisher | Decipher — He is one of the co-founders of Threatpost and previously wrote for TechTarget and eWeek, when magazines were still a thing that existed. Dennis enjoys finding the stories behind the headlines and digging into the motivations and thinking of both defenders and attackers. His work has appeared in The Boston Globe, The Improper Bostonian, Harvard Business School’s Working Knowledge, and most of his kids’ English papers.Dennis Fisher on Twitter","content_html":"Veteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.
Links:
Tim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.
Links:
Principal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.
Links:
","summary":"Principal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.","date_published":"2018-03-02T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2f444967-e9fd-4c80-87eb-5ff56aee1ae4.mp3","mime_type":"audio/mpeg","size_in_bytes":43759308,"duration_in_seconds":3311}]},{"id":"2561c251-a654-4949-aefe-33ad83373f80","title":"Pete Chronis, CISO, Turner Broadcasting","url":"https://securityconversations.fireside.fm/pete-chronis-turner-broadcasting","content_text":"Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.Links:The Cyber Conundrum: How Do We Fix Cybersecurity?","content_html":"Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.
Links:
","summary":"Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.","date_published":"2018-02-26T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/2561c251-a654-4949-aefe-33ad83373f80.mp3","mime_type":"audio/mpeg","size_in_bytes":37506970,"duration_in_seconds":2753}]},{"id":"ab9e9c84-15c6-4f9e-b703-71dc40c23baf","title":"Brad Arkin, Chief Security Officer, Adobe","url":"https://securityconversations.fireside.fm/brad-arkin-adobe","content_text":"Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.Links:Brad Arkin on TwitterSecurity at Adobe","content_html":"Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.
Links:
","summary":"Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.","date_published":"2018-02-23T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/ab9e9c84-15c6-4f9e-b703-71dc40c23baf.mp3","mime_type":"audio/mpeg","size_in_bytes":44087043,"duration_in_seconds":2826}]},{"id":"a134ba7a-9727-47e7-8a46-3ba0c5d705ee","title":"Aanchal Gupta, Director of Security, Facebook","url":"https://securityconversations.fireside.fm/aanchal-gupta-facebook","content_text":"Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.Links:Aanchal Gupta on LinkedInFacebook SecurityCybersecurity Needs Diversity","content_html":"Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.
Links:
","summary":"Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.","date_published":"2018-02-14T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/a134ba7a-9727-47e7-8a46-3ba0c5d705ee.mp3","mime_type":"audio/mpeg","size_in_bytes":30922718,"duration_in_seconds":2138}]},{"id":"dcd14ec8-d9f0-4245-9324-6291ad4d10a7","title":"Tom Conklin, Director of Security and Compliance, Vera Security","url":"https://securityconversations.fireside.fm/tom-conklin-vera-security","content_text":"Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.Links:Vera SecurityTom Conklin on LinkedIn","content_html":"Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.
Links:
","summary":"Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.","date_published":"2018-02-08T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/dcd14ec8-d9f0-4245-9324-6291ad4d10a7.mp3","mime_type":"audio/mpeg","size_in_bytes":30629828,"duration_in_seconds":2008}]},{"id":"11a6011e-7ad8-418f-a302-37a700a11d45","title":"John Terrill, CISO, Fox News, Fox Business and Fox Television","url":"https://securityconversations.fireside.fm/john-terrill-fox-news","content_text":"Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.Links:John Terrill on Twitter","content_html":"Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.
Links:
","summary":"Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.","date_published":"2018-02-06T14:30:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/11a6011e-7ad8-418f-a302-37a700a11d45.mp3","mime_type":"audio/mpeg","size_in_bytes":41862607,"duration_in_seconds":2835}]},{"id":"6fc1d3cb-e930-484f-84e6-8c521ddb9e97","title":"Christopher Ahlberg, CEO, Recorded Future","url":"https://securityconversations.fireside.fm/christopher-ahlberg-recorded-future","content_text":"Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.Links:Recorded FutureChristopher Ahlberg on LinkedIn","content_html":"Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.
Links:
","summary":"Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.","date_published":"2018-01-30T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/6fc1d3cb-e930-484f-84e6-8c521ddb9e97.mp3","mime_type":"audio/mpeg","size_in_bytes":33265132,"duration_in_seconds":1743}]},{"id":"fa20320a-7a94-45b5-b054-bbe06d3b723b","title":"Masha Sedova, co-founder, Elevate Security","url":"https://securityconversations.fireside.fm/masha-sedova-elevate-security","content_text":"As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.Links:Masha Sedova on LinkedInHacker's Mind by Elevate SecurityMasha Sedova on Twitter","content_html":"As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.
Links:
","summary":"As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.","date_published":"2018-01-26T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/fa20320a-7a94-45b5-b054-bbe06d3b723b.mp3","mime_type":"audio/mpeg","size_in_bytes":33579206,"duration_in_seconds":1803}]},{"id":"476c43ff-be49-4057-b965-928abc39b9af","title":"Paul Roberts, Editor-in-Chief, Security Ledger","url":"https://securityconversations.fireside.fm/paul-roberts-security-ledger","content_text":"Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.Links:The Security LedgerPaul Roberts on Twitter","content_html":"Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.
Links:
","summary":"Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.","date_published":"2018-01-19T14:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/476c43ff-be49-4057-b965-928abc39b9af.mp3","mime_type":"audio/mpeg","size_in_bytes":47164187,"duration_in_seconds":2459}]},{"id":"25fade91-a24d-4173-9831-ddf30dc0d051","title":"Dino Dai Zovi, co-founder and CTO, Capsule8","url":"https://securityconversations.fireside.fm/dino-dai-zovi-capsule8","content_text":"Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.Links:Part One: Detecting Meltdown using Capsule8Part Two: Detecting Meltdown and Spectre by Detecting Cache Side Channels 10 questions for MacBook hacker Dino Dai ZoviDino Dai Zovi on Twitter","content_html":"Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.
Links:
Sharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’
Links:
","summary":"Sharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’","date_published":"2018-01-04T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/0a1d0429-f768-4175-8f48-9416cb420157.mp3","mime_type":"audio/mpeg","size_in_bytes":48156317,"duration_in_seconds":2631}]},{"id":"bf98d79b-204e-4a5f-9418-75c5b554a26e","title":"Kim Zetter, Journalist and Author","url":"https://securityconversations.fireside.fm/kim-zetter","content_text":"Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.Links:Kim Zetter on TwitterCountdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: BooksWas Georgia’s Election System Hacked in 2016? Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States ","content_html":"Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.
Links:
Dark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.
Links:
","summary":"Dark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.","date_published":"2017-12-20T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/66709e24-8186-4569-921c-d9b48756d089.mp3","mime_type":"audio/mpeg","size_in_bytes":35129760,"duration_in_seconds":2395}]},{"id":"1bdec75a-1efc-454a-ad6b-8f56c2b526b7","title":"Katie Moussouris, co-founder and CEO, Luta Security","url":"https://securityconversations.fireside.fm/katie-moussouris-luta-security","content_text":"Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.Links:Luta SecurityHow I Got Here: Katie MoussourisIt’s dangerous to conflate bug bounties and vulnerability disclosure | CSO OnlineKatie Moussouris (@k8em0) on Twitter","content_html":"Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.
Links:
","summary":"Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.","date_published":"2017-12-06T13:00:00.000-07:00","attachments":[{"url":"https://aphid.fireside.fm/d/1437767933/5f0c01ff-49f1-4c51-a8f8-f14c0d9bc72e/1bdec75a-1efc-454a-ad6b-8f56c2b526b7.mp3","mime_type":"audio/mpeg","size_in_bytes":54354347,"duration_in_seconds":3174}]}]}