About the show
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks.
Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers.
Connect with Ryan on Twitter (Open DMs).
Three Buddy Problem on social media
Episodes
-
Down memory lane with Snort and Sourcefire creator Marty Roesch
July 25th, 2022 | 1 hr 7 mins
netography, network security, snort, sourcefire
Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.
-
Subbu Rama, co-founder and CEO, BalkanID
June 1st, 2022 | 34 mins 17 secs
balkanid, funding, iga, public cloud, saas
Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.
-
Project Zero's Maddie Stone on the surge in zero-day discoveries
May 10th, 2022 | 42 mins 10 secs
disclosure, exploits, google, memory safety, project zero, transparency, zero-day
Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.
-
Prof. Mohit Tiwari on the future of securing data at scale
May 6th, 2022 | 46 mins 1 sec
data security, data security posture management, privacy
Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.
-
Google's Shane Huntley on zero-days and the nation-state threat landscape
April 4th, 2022 | 40 mins 44 secs
exploits, google, project zero, pwn2own, zero-day
Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...
-
Lamont Orange, CISO, Netskope
March 21st, 2022 | 26 mins 2 secs
Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.
-
Haroon Meer on the business of cybersecurity
March 19th, 2022 | 1 hr 15 mins
breach detection, canaries, startup, thinkst, venture capital
Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.
-
Tony Pepper, co-founder and CEO, Egress
February 22nd, 2022 | 19 mins 37 secs
email security, entrepreneurship, messaging
Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.
-
Microsoft's Justin Campbell on offensive security research
January 8th, 2022 | 27 mins 16 secs
memory safety, microsoft, secure coding, shift-left, windows, zero-days
Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.
-
Costin Raiu on the .gov mobile exploitation business
December 23rd, 2021 | 41 mins 18 secs
android, apple, exploits, ios malware, nso pegasus, psoas, zero-day
Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.
-
Amanda Gorton, co-founder and CEO, Corellium
December 20th, 2021 | 46 mins 20 secs
apple, corellium, emulation, ios, virtualization
Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.
-
Intel's Venky Venkateswaran on hardware-enabled security
September 9th, 2021 | 35 mins 20 secs
Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).