About the show

Security Conversations covers the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. Thoughtful conversations with security practitioners on threat intelligence, zero trust, securing cloud deployments, penetration testing, bug bounties, advancements in offensive research and targeted malware espionage activity.

Connect with Ryan on Twitter (Open DMs).

Security Conversations on social media

Episodes

  • Ryan Hurst on tech innovation and unsolved problems in security

    August 16th, 2023  |  42 mins 24 secs
    ai, bgp, encryption, google, key management, microsoft, startups

    Episode sponsors:

    Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.

  •

    Jason Chan on Microsoft's security problems, layoffs and startups

    August 7th, 2023  |  27 mins 7 secs
    ciso, entrepreneurship, generative ai, layoffs, microsoft, open source software, transparency, vc funding

    Episode sponsors:

    Bessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about merging of the IT and security functions and the importance of cybersecurity proving its value to the business.

  •

    GitHub security chief Mike Hanley on secure coding, AI and SBOMs

    August 2nd, 2023  |  40 mins 29 secs
    github, open source, sbom, shift-left, supply chain

    Episode sponsors:

    GitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.

  •

    Jason Shockey, Chief Information Security Officer, Cenlar FSB

    July 26th, 2023  |  33 mins 47 secs

    Episode sponsors:

    Cenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.

  •

    Federico Kirschbaum on a life in the Argentina hacking scene

    July 19th, 2023  |  42 mins 1 sec
    argentina, core security, ekoparty, exploits, zero-day

    Episode sponsors:

    Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.

  •

    Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties

    July 12th, 2023  |  48 mins 38 secs
    appsec, bug bounties, microsoft, msrc, pen-testing

    Episode sponsors:

    Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.

  •

    OpenSSF GM Omkhar Arasaratnam on open-source software security

    July 5th, 2023  |  36 mins 11 secs
    log4j, open source, supply chain

    Episode sponsors:

    New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins the podcast for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.

  •

    Serial entrepreneur Rishi Bhargava on building another cybersecurity company

    April 10th, 2023  |  32 mins 32 secs

    Episode sponsors:

    Rishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in the customer identity and authentication space.

    On this episode of the podcast, Bhargava joins Ryan to talk about the VC funding landscape, the confusing 'identity' category, the responsibilities of vendors in the identity ecosystem, the emergence of Microsoft and Google as big security players, and some thoughts on the Israeli startup scene.

  •

    Claude Mandy on CISO priorities, data security principles

    March 6th, 2023  |  35 mins 2 secs
    cloud security, data guard, data security, dspm

    Episode sponsors:

    Symmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.

  •

    Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties

    February 15th, 2023  |  31 mins
    data security, investments, venture capital

    Episode sponsors:

    Munich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming fall?) of 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the areas in security still ripe for innovation.

  •

    Paul Roberts on wins and losses in the 'right to repair' battle

    January 19th, 2023  |  47 mins 32 secs

    Episode sponsors:

    SecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.

  • Katie Moussouris on where bug bounties went wrong

    December 8th, 2022  |  33 mins 18 secs

    Episode sponsors:

    Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.