Rob Ragan on the excitement of AI solving security problems

December 7th, 2023  |  51 mins 16 secs

artificial intelligence, automation, bug bounties, generative-ai, llms

Episode sponsors:

• Binarly, the firmware security experts (https://binarly.io)
• FwHunt (https://fwhunt.run)

Rob Ragan, principal architect and security strategist at Bishop Fox, joins the show to share insights on scaling pen testing, the emergence of bug bounty programs, the value of attack surface management, and the role of AI in cybersecurity. We dig into the importance of proactive defense, the challenges of consolidating security tools, and the potential of AI in augmenting human intelligence. The conversation explores the leapfrog potential of AI models and their impact on various aspects of technology and society.

Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties

July 12th, 2023  |  48 mins 38 secs

appsec, bug bounties, microsoft, msrc, pen-testing

Episode sponsors:

• Binarly (https://binarly.io)
• FwHunt (https://fwhunt.run)

Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.

Vinnie Liu discusses a life in the offensive security trenches

August 7th, 2022  |  1 hr 7 mins

bug bounties, continuous testing, h2c smuggling, pen-testing, security assessments, web app security

A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...

Collin Greene, head of product security, Facebook

May 25th, 2021  |  1 hr 1 min

bug bounties, facebook, pen-testing, product security, security assessments, web app security

Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.

Shubs Shah on finding riches (and lessons) from bug bounty hacking

April 20th, 2021  |  52 mins 49 secs

bug bounties, continuous testing, h2c smuggling, pen-testing, security assessments, web app security

Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.