About the show

Security Conversations covers the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. Thoughtful conversations with security practitioners on threat intelligence, zero trust, securing cloud deployments, penetration testing, bug bounties, advancements in offensive research and targeted malware espionage activity.

Connect with Ryan on Twitter (Open DMs).

Episodes

  • Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties

    February 15th, 2023  |  31 mins
    data security, investments, venture capital

    Episode sponsors:

    Munich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming fall?) of 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the areas in security still ripe for innovation.

  •

    Paul Roberts on wins and losses in the 'right to repair' battle

    January 19th, 2023  |  47 mins 32 secs

    Episode sponsors:

    SecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.

  • Katie Moussouris on where bug bounties went wrong

    December 8th, 2022  |  33 mins 18 secs

    Episode sponsors:

    Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.

  •

    Robinhood CSO Caleb Sima on a career in the security trenches

    November 8th, 2022  |  30 mins 38 secs
    ciso, mobile stock trading, robinhood, webapp security

    Episode sponsors:

    Caleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...

  •

    Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars

    October 18th, 2022  |  59 mins
    apple, car hacking, iphone, lockdown mode, pwn2own, self driving cars

    Episode sponsors:

    Famed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet.

  •

    JAG-S on big-game malware hunting and a very mysterious APT

    October 17th, 2022  |  52 mins 40 secs
    apts, cyberespionage, exploits, zero-day
    • Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.

    SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.

  •

    Chainguard's Dan Lorenc gets real on software supply chain problems

    October 13th, 2022  |  47 mins 7 secs
    entrepreneurship, open source software, supply chain security
    • Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence.

    Dan Lorenc and team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation.

  •

    Vinnie Liu discusses a life in the offensive security trenches

    August 7th, 2022  |  1 hr 7 mins
    bug bounties, continuous testing, h2c smuggling, pen-testing, security assessments, web app security

    A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...

  •

    Down memory lane with Snort and Sourcefire creator Marty Roesch

    July 25th, 2022  |  1 hr 7 mins
    netography, network security, snort, sourcefire

    Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.

  •

    Subbu Rama, co-founder and CEO, BalkanID

    June 1st, 2022  |  34 mins 17 secs
    balkanid, funding, iga, public cloud, saas

    Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.

  •

    Project Zero's Maddie Stone on the surge in zero-day discoveries

    May 10th, 2022  |  42 mins 10 secs
    disclosure, exploits, google, memory safety, project zero, transparency, zero-day

    Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.

  •

    Prof. Mohit Tiwari on the future of securing data at scale

    May 6th, 2022  |  46 mins 1 sec
    data security, data security posture management, privacy

    Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.