Shows
A culpa é de Sec!#17 - Saiu o Latio Cloud Security Report!Analisando novas ferramentas e relatórios de mercadoAnalisar novas ferramentas não se resume apenas em quadrantes, ondas ou guias de mercado. Novos analistas de mercado vêm surgindo, ouvindo clientes e escrevendo relatórios com uma abordagem nova. Neste episódio, comentamos sobre o relatório de James Berthoty, o Latio Cloud Security Market Report.🔗 Links & Recomendações 📘 2025 Latio Cloud Security Market Report 👤 James Berthoty 🧠 WIZDOM - Product Launches 2025 📊 2025 Gartner® Magic Quadrant™ for Security Information and Event Management 💰 Ransomware payments hit record low: only 23% Pay in Q3 2025 🐶 Datadog Threat Roundup: Top Insights for Q3 2025🎵 Music by Karl Casey @ White Bat Audio...
2025-11-1159 min
The Secure DisclosureSecrets in the Open: The NX Breach and Cloud Security’s Future - The Secure Disclosure PodcastIn this episode of Secure Disclosure, host Mackenzie Jackson unpacks the NX breach with malware researcher Charlie Ericson and GitGuardian’s Guillaume Valadon, revealing how stolen tokens exposed thousands of secrets on GitHub. Analyst James Berthoty then offers an exclusive preview of Lacio Tech’s Cloud Security Report, cutting through the AI hype to highlight real trends. Finally, Ashish Rajan joins the Cyber & Saki segment to share his vision for the future of cloud security.00:00 – Introduction01:15 – The NX Breach Explained06:25 – Secrets in Public Repos20:47 – Cloud Security Report Sneak Peek with James Berthoty36:25 – Cyber & Saki with Ashish Rajan
2025-09-0556 min
The Cyber PMM PodcastCyber Markets Brief #35 - Labor Day weekend editionIDC crowns IR leaders. Forrester’s AEGIS frames agentic-AI security. Okta adds Axiom for PAM. Cloudflare ships AI guardrails. Netskope S-1, Seemplicity $50M, VirtueAI MCPGuard. Plus content plugs, events, gigs, and a PMM impact tip.Cyber Markets Brief #35 is live. Read or listen on Substack.📰 Industry• IDC names IR leaders• Forrester AEGIS lands for agentic-AI security• Okta to buy Axiom Security for PAM• Cloudflare rolls out Zero Trust controls for AI• CyberMarketingCon kicks off🎧 Content• Elena Verna on the end of pure managers (Marketing Against the Grain)• PMM × customer...
2025-08-2906 min
The Elephant in AppSecAI Security: Do You Need a Dedicated Vendor? | Insights with James BerthotyWelcome to Season 4 of The Elephant in AppSec! Get ready for a season packed with even spicier takes! Today's episode features none other than James Berthoty, a security engineer turned founder and CEO of Latio. James is always ready to share his unfiltered opinions, and I’ve had the pleasure of chatting with him for last couple of years. Over the past few months, there were a lot of discussions around AI security, and I invited him on the show before his new report even hit the public to discuss hi...
2025-07-1045 min
Latio: On the RecordLotr Episode 6 - What is a SOC in 2025?SummaryIn this conversation, James Berthoty, Kyle Polley from Perplexity, and Ariful Huq from Exaforce explore the complexities of security operations, focusing on the role of Security Operations Centers (SOCs), the integration of AI, and the evolving landscape of cloud security. They discuss the motivations behind purchasing SOCs, the importance of compliance, and the challenges faced by security teams in managing alerts and incidents. The conversation highlights the potential of AI to enhance SOC functions, reduce alert fatigue, and improve detection engineering, while also addressing the need for context in security operations. The discussion concludes with insights...
2025-06-2649 min
Latio: On the RecordLotR Episode 5 - Lessons from Shutting Down a StartupLatio On The Record — Episode 5Guest: Yoad Fekete (ex-Co-Founder & CEO, Mirror Security; now leads Security & Infrastructure at Lynx Security)Hosts: James Berthoty & CharrahRecorded: Wednesday, June 4Why we wanted Yoad onMirror Security caught our eye back in 2022 for one reason: it tackled SolarWinds-style software-supply-chain attacks head-on, instead of stopping at familiar SCA vulnerability scans. Myrror had the rare combination of genuinely differentiated and useful technology. Two years (and one graceful shutdown) later, Yoad has a rare 360-degree view of what happens when brilliant tech meets a market that ju...
2025-06-1753 min
Latio: On the RecordLatio on the Record Episode 4 - What's the Deal with Hardened ContainersIn this conversation, James Berthoty, Charrah Hardamon, Alex Zenla, and Ariadne Conill discuss the complexities of container security, focusing on low CVE images, the evolution of software distribution, and the importance of runtime protection. They explore the challenges security teams face with vulnerabilities in container images and the need for a holistic approach to security. Edera's unique approach to runtime security is highlighted, emphasizing the importance of reducing the blast radius of potential exploits and the role of AI in shaping the future of security.Takeaways* Container security is crucial in today's software development.
2025-06-0347 min
Latio: On the RecordLotR Episode 3 - Digging into eBPF for SecurityDate: May 12, 2025Guest: Daniel Pacak (Software Engineer, Miggo)Hosts: James Berthoty, Charrah HardamonTopic: Building Real Runtime Security with eBPFIn this episode, we go deep on eBPF and what it actually takes to build reliable, performant runtime detection, beyond the buzzwords. James and Charrah are joined by Daniel Pacak, a longtime engineer in the cloud security space whose work spans Aqua Security, Cycode, RAD Security, and now Miggo. Daniel brings years of firsthand experience building eBPF sensors and walking the line between kernel-level complexity and practical detection coverage.We open with Daniel’s journey into ru...
2025-05-1238 min
Cloud Security PodcastRSA Conference 2025 Recap: Top Themes, Actionable Insights & Future TrendsDive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events.In this episode, we cover:Initial reactions and the sheer scale of RSA Conference 2025.Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more.The rise of AI-native applications and how they're reshaping the landscape.Deep dives into Application Security (AppSec), secure coding with AI, and...
2025-05-0953 min
O3C - Cyber Security PodcastS05E04 - Cloud Threat Landscape with James BerthotyIn this episode, James Berthoty, Karim El-Melhaoui and Håkon Sørum discuss the evolving landscape of cloud security. The necessity of specialized tools like CNAPP and CADR for effective monitoring and defense against threats is a hot topic these days, and the guys go in depth on the topic. They explore the challenges posed by hybrid environments and the future of exploits, emphasizing the importance of runtime protection and the integration of security tools. he discussion also highlights the need for organizations to adapt to the changing threat landscape with threat actors learning cloud native attack techniques. ...
2025-05-0844 min
Latio: On the RecordLotR - Episode 2: tj-actions and the Supply Chain ScariesFeaturing:* Rami McCarthy @ Wiz* Shay Berkovich @ Wiz * Charrah Hardamon @ Miggo* James Berthoty @ LatioIn this conversation, we discuss the TJ Actions incident, a significant supply chain vulnerability affecting GitHub Actions. They explore the implications of a single maintainer's code being widely used, the community's response to the incident, and the challenges of disclosure and communication. The discussion also delves into the broader impact of such vulnerabilities on the open-source ecosystem and the responsibilities of platforms like GitHub in ensuring security. In this conversation, the speakers discuss the complexities of...
2025-04-0250 minCloud Security PodcastThe New Future of Cloud Security: Vendor Lock-In, Runtime, and SOC ReadinessThe cloud security landscape may have just shifted — and we're here to break it down.In this special panel episode, host Ashish Rajan is joined by an all-star group of cloud and cybersecurity experts to discuss one of the most important conversations in cloud security today: the changing nature of security architecture, SOC readiness, and how teams must evolve in a multi-cloud world.Guests include:Chris Hughes – CEO at Acqui & host of Resilient CyberJames Berthoty – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and Latio TechMike Privette – Founder of Return on Secur...
2025-03-2651 min
Latio: On the RecordLatio: On the Record, Episode 1In this episode of Latio: on the Record, experts discuss the critical aspects of cloud security, focusing on runtime security, its challenges, and the evolving threat landscape. The conversation highlights the importance of collaboration between security and DevOps teams, the need for effective incident response strategies, and the integration of AI in security practices. The panelists share insights on prioritizing security measures, addressing supply chain vulnerabilities, and the necessity of building trust in security tools and processes.Featuring:* Gal Elbaz from Oligo Security* Sergej Epp from Sysdig* Casey Lems from PagerDuty
2025-03-2547 min
The Elephant in AppSecHyped or Helpful? The Truth About Reachability & Developer Buy-In ⎢ Nir ValtmanWelcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.Today, I’m joined by Nir Valtman, CEO & co-founder of Arnicaan ASPM platform with a pipelineless approach. Before founding Arnica, Nir led product and data security at Finastra, established security at Kabbage as CISO, and headed application security at NCR. He’s also a well-known speaker at top security conferences, including Black Hat, Defcon, RSA, BSides, and OWASP.In this episode, we unpack the reachability hype-why every vend...
2025-03-0642 min
The Elephant in AppSecDevSecOps vs. Reality: What You REALLY Need to Succeed!Welcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.Today, I’m joined by Iman Ilbag, a DevSecOps Engineer at KPN, one of the leading telecom providers in the Netherlands.Previously, as the sole DevSecOps Engineer at Snappfood, he secured 70+ projects and trained hundreds of security champions. Iman transitioned from engineering to DevOps and Application Security, and has also worked on penetration testing and infrastructure security for both startups and larger enterprises.He’s passionate about security automation and open-source security, always look...
2025-02-2838 minCloud Security PodcastThe Truth About CNAPP and Kubernetes SecurityIn this episode of the Cloud Security Podcast, host Ashish Rajan speaks to James Berthoty, founder of Latio.Tech and an engineer-driven analyst, for a discussion on cloud security tools. In this episode James breaks down CNAPP and what it really means for engineers, if kubernetes secuity is the new baseline for cloud security and runtime security vs vulnerability management.
Guest Socials: James's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security Podcast- Youtube
- Cloud Security Newsletter
- Cloud Security BootCamp
If you are interested in AI Cybersecurity, you can check out our sister podcast - AI Cybersecurity Podcast
2025-01-1440 min
PromptCast: The Voice of AI and SecurityState of AI Security: 2024 Year in Review with James Berthoty from Latio TechIn this special season finale of PromptCast, James Berthoty, founder of Latio Tech, joins host Itamar for a comprehensive review of AI security in 2024.
The episode examines the year's developments in AI security, from the widespread enterprise adoption of generative AI to the emergence of new security frameworks and governance models.
The conversation explores both technical and strategic perspectives, providing listeners with a thorough understanding of how the AI security landscape has transformed and what lies ahead for 2025.
--------------------------------------------------------
Learn more about Prompt Security: https://prompt.security
2024-12-1937 min
Resilient CyberResilient Cyber w/ Tyler Shields and James Berthoty - Is "Shift Left" Losing its Shine?In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left".This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine.We dive into a lot of topics such as:Tyler and Jame’s high-level thoughts on shift left and where it may have went wrong or run into challengesTyler’s thoughts on the evolution of shift left over the last...
2024-11-0125 min
Phoenix SecurityCSCP S4EP18 – James Berthoty – What The heck is ASPM and the evolution of Product securityJoin us for an engaging episode as we welcome James Berthoty, a seasoned cybersecurity professional with a diverse background spanning sysadmin, DevOps, and security engineering roles. James takes us through his journey across different organizations, including his current role at PagerDuty, where he tackles the intricate challenges of FedRAMP compliance. Listen in as James shares […]
2024-07-2800 min
Phoenix SecurityCSCP S4EP19 – James Berthoty – What The heck is ASPM and the evolution of Product SecurityJoin us as we dive into the future of Application Security (AppSec) and Vulnerability Management with James Berthoty. Discover insights on the evolution of AppSec, challenges in managing software vulnerabilities, and the role of Application Security Posture Management (ASPM) in today’s API-driven cloud environment. Listen now for expert analysis and practical solutions in cybersecurity.
2024-07-2800 min
Hacker Valley StudioWhat We All Should Be Talking About When It Comes to AI and SecurityIn this episode, Host Ron Eddings is joined by guests Anirban Banerjee, CEO and Co-Founder at Riscosity, and James Berthoty, Founder and Analyst at Latio Tech. Together they focus on data security, AI-driven product development, and the challenges of implementing AI solutions responsibly.
Anirban discusses the importance of organizational buy-in and well-defined policies, while James underscores the need for visibility and a cautious approach in integrating AI models. Be sure to tune in to the end to hear their unique advice at being more productive.
Impactful Moments:
00:00 - Welcome
01:20 - Introducing...
2024-07-1033 min
The Application Security PodcastJames Berthoty -- Is DAST Dead? And the future of API securityJames Berthoty, a cloud security engineer with a diverse IT background, discusses his journey into application and product security. James highlights his career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. James Berthoty’s LinkedIn post: AppSec Koo...
2024-06-0144 min
The Security RepoThe right tool for the job: Finding and evaluating security tools with James BerthotyIn this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for smaller teams or organizations with limited budgets seeking effective security solutions. This episode is perfect for anyone looking into purchasing new security tools or wanting to understand the purchasing process.
Show Links:
Latio Tech - https://www.latio.tech/
James Linkedin - https://www.linkedin.com...
2024-01-2441 min
The Elephant in AppSecWhat is ASPM: A breakdown of the current state and its futureWelcome to the Elephant in AppSec, the podcast to explore, challenge, and boldly face the AppSec Elephants in the room.
Today, we're joined by an amazing guest, James Berthoty. James has been in technology for over 10 years across engineering and security. An early advocate for DevSecOps, he has a passion for driving security teams as contributors to products. With all his experience, he's currently building latio.tech, a platform helping organizations find the best security tools.
In our latest episode with Tristan Kalos, we challenged James about his recent article on ASPM. We discussed what's right and wrong with...
2024-01-1140 min
The Security TableThreat Modeling ConferenceThe Security Table gathers to discuss the upcoming ThreatModCon 2023 (https://www.threatmodelingconnect.com), the inaugural and only conference dedicated entirely to threat modeling.ThreatModCon 2023 Sunday, October 29, 2023Marriott Marquis Washington, DCThe Threat Modeling Conference will cover various aspects of threat modeling, from AI integration to privacy concerns, from a brief history of threat modeling to hands-on workshops. The sessions will emphasize learning, interaction, and applying knowledge in real-world scenarios. ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~...
2023-09-1932 min
2023-04-2337 min2023-01-0133 min