Shows
The Security RepoA Special Holiday Message from The Security Repo PodcastHi everyone, It's Dwayne, host of the security repo podcast. The show is taking a 2-week break over the holidays to give you a chance to catch up on our backlog of security conversations. Our next new episode premieres January 7th, 2026. It's one to look forward to. And I wanted to say a huge thank you to each and every one of our listeners and subscribers. Thanks to you, in 2025, we gained 1300 new subscribers and crossed the 3500 mark on YouTube. Thank you. And I honestly hope you all are learning as much as I am from the amazing guests...
2025-12-1900 minThe Security RepoIdentity Risks in Email: Your Inbox Might Be Lying About You – Amy DevineIn this episode of the Security Repo Podcast, Dwayne McDaniel sits down with Amy Devine, a systems architect who transitioned from embedded wireless systems to cybersecurity. Amy shares the eye-opening story behind her Blue Team Con talk on how misdirected emails exposed sensitive personal data and what that means for digital identity. The conversation dives deep into privacy, data brokers, and what we sacrifice when companies prioritize convenience over security.https://github.com/bitsdanceforme/email_scrubbinghttps://bitsdanceforme.blog/https://www.linkedin.com/in...
2025-11-1924 minThe Security RepoBeyond Controls: Building Trust and Communication in Security – Featuring AriaDearIn this episode of the Security Repo Podcast, Aria Langer returns to share deep insights from her work in privileged access management and the challenges of implementing security controls without alienating coworkers. She and Dwayne dive into the often-overlooked importance of empathy in cybersecurity, exploring how human connection can make security efforts more effective. The conversation touches on the cultural shifts needed in security teams, how storytelling can foster understanding, and the risks of relying too heavily on tools like AI without understanding their underlying mechanics.What you need to know...
2025-10-0119 minThe Security RepoTackling Deepfakes - Battling Ai-Generated Faces, Scams, Detection, And Security – Sankalp KumarIn this episode of the Security Repo Podcast, Dwayne McDaniel and Sankalp Kumar dive into the world of deepfakes, how they are created using transformer models and GANs, and the real-world scams they enable. They discuss current detection techniques, including physiological analysis, iris scanning, and PKI-based authentication. Sankalp also shares actionable advice for security teams to adopt existing tools and prepare for the evolving deepfake threat landscape.With over 7 years of experience working with industry giants like McAfee, Juniper, and Fraunhofer, Sankalp Kumar has consistently been at the forefront of security innovation. He has...
2025-08-2019 minThe Security RepoReducing Developer Toil, Shifting Security Left, And Using Caution With AI – Andy DennisIn this episode of the Security Repo Podcast, Andy Dennis, VP at Modus Create, joins Dwayne McDaniel to unpack what "shifting left" really means for security and engineering teams. They explore the impact of hands-on security training at B-Sides events, the concept of developer toil, and the role AI tools like GitHub Copilot AutoFix are starting to play in secure coding workflows. Andy also shares candid advice for aspiring security engineers and insights on measuring the true value of AI in developer environments.https://docs.horusec.io/docs/overview/moduscreate.comhttps://www.linkedin.com/in/andy-d-b43a17b/Andy...
2025-06-1120 minThe Security RepoWhat Tools Miss and Why Humans Matter in AppSec - Yash ShahaniIn this episode of the Security Repo Podcast, Dwayne McDaniel sits down with Yash Shahani, a seasoned AppSec engineer and vulnerability hunter, to dive into the nuances of manual code review and the limitations of automated security tools. They explore the evolving role of AI in AppSec, its promise and pitfalls, and why human intuition still plays a vital role in catching complex logic flaws. Yash also shares practical tips for exploring unfamiliar codebases and emphasizes the importance of treating security as a shared responsibility across teams.Yash Shahani is a security researcher and AppSec engineer with a background...
2025-05-2118 minThe Security RepoVisualizing Data Poisoning and Rethinking Threat Detection Through Graphs – Maria KhodakIn this episode of the Security Repo Podcast, Maria Khodak explores how graph theory and data visualization can be used to uncover machine learning vulnerabilities like data poisoning. She explains how her work as a penetration tester intersects with research on threat detection and the importance of making abstract security concepts more human-readable. The conversation also covers her journey into cybersecurity, the value of visualization tools like Gephi, and her call to make the field more inclusive and curious-driven.Maria Khodak is a security engineer and penetration tester at a large company focusing on web application, API, and network...
2025-05-1421 minThe Security RepoBuilding Human-Centric Security and Hacker Communities in Argentina - Ailin CastellucciIn this episode of the Security Repo Podcast, Ailin Castellucci shares her inspiring journey from selling shoes to building cybersecurity teams and leading human-centric education projects. She discusses the unique challenges and perspectives of cybersecurity education in Argentina, emphasizing the importance of empathy, communication, and passion in the industry. Ailin also delves into her current work fostering hacker communities and promoting accessible security education across South America.https://www.linkedin.com/in/acastellucci/Ailin is an Information Security specialist and Hacking Community Builder at Strike. She previously worked at Mercado Libre, Lemon...
2025-04-3023 minThe Security RepoFrom SOCs to Threat Detection Engineering: Crafting Better Security Responses - Chris KulakowskiIn this episode of the Security Repo Podcast, Chris Kulakowski, a seasoned detection engineer from IBM, delves into the complexities of threat detection, from writing detection rules to collaborating with red teams for proactive security strategies. He shares insights on prioritizing security risks, the evolving role of AI in cybersecurity, and the importance of adaptability in the ever-changing threat landscape. Chris also offers advice for aspiring security professionals and reflects on the positive trends in global cybersecurity efforts.https://www.linkedin.com/in/ckulakowski/Chris Kulakowski is a driven technologist, innovator, and...
2025-04-2320 minThe Security RepoQuarantine Policies and Cloud Security Strategies for AWS – Bleon ProkoIn this episode of the Security Repo Podcast, Bleon Proko dives into the intricacies of AWS security, focusing on the role and impact of quarantine policies in mitigating the risks of compromised credentials. He explains how AWS policies prioritize denial to prevent privilege escalation, lateral movement, and financial fraud, offering practical strategies for securing sensitive identities. Additionally, Bleon shares insights on essential tools for penetration testing and gives candid advice about navigating cloud security challenges.Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well...
2025-04-1623 minThe Security RepoHelping Developers Use Open Source Security Tools & Improving Defense With AI - Mackenzie JacksonIn this episode of the Security Repo Podcast, we welcome back Mackenzie Jackson, security researcher and founder of this very show, to discuss the evolving landscape of AI in cybersecurity. Mackenzie dives deep into how AI is reshaping open-source security, revealing research that uncovered 600 unreported vulnerabilities in popular packages. We also explore the growing risks of AI-generated package hallucinations, how attackers might exploit them, and why security tools must be made more accessible to developers.https://www.linkedin.com/in/advocatemack/https://www.aikido.dev/Mackenzie is a security researcher and advocate with a passion for code security. He...
2025-04-0924 minThe Security RepoHow Digital Forensics Supports Incident Response And Who Should Own IAM - Gerard JohansenIn this episode of the Security Repo Podcast, we sit down with cybersecurity expert Gerard Johansen to dive deep into identity and access management (IAM) challenges in the enterprise space. We explore the explosion of data and identities, the ongoing debate over who "owns" IAM in organizations, and how threat actors are evolving their tactics to exploit identity-based vulnerabilities. Gerard also shares insights from his experience in digital forensics and incident response, offering advice on how security professionals can sharpen their skills and make an impact in the field.https://www.linkedin.com/in/gerardjohansen/Gerard Johansen is a...
2025-04-0222 minThe Security RepoNavigating And Defining The Evolving Role Of The CISO In Government Security - Josh KuntzIn this episode of the Security Repo Podcast, we sit down with Josh Kuntz, Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation, to explore the unique challenges of securing state agencies. With nearly three decades in public service, Josh shares his insights on navigating government cybersecurity, hiring the next generation of security professionals, and the evolving role of CISOs. We also discuss how AI and social engineering are reshaping the threat landscape and why patching remains the top security concern after 25 years.https://www.linkedin.com/in/joshua-kuntz-cissp-35a825176/
2025-03-2622 minThe Security RepoThe State And Future Of Cybersecurity Training and AIShaping The Role - Zach HillIn this episode of the Security Repo Podcast, we sit down with Zach Hill from Antisyphon Training to discuss affordable cybersecurity education and the evolving landscape of IT training. Zach shares insights on the importance of hands-on learning, the challenges of misinformation in online education, and how AI is reshaping entry-level IT roles. We also dive into unconventional career paths into security and the critical need for foundational knowledge like networking and version control.https://www.linkedin.com/in/iamnerdy/https://antisyphontraining.comZach Hill is a dad, mental health advocate, creator, hacker, and self-described nerd.In 1999, Zach dropped out...
2025-03-1922 minThe Security RepoSecrets Management With The OpenPao Project And Open Source Security - Alex ScheelIn this episode of the Security Repo Podcast, we sit down with Alex Scheel, staff back-end engineer at GitLab and chair of the OpenBao Technical Steering Committee, to discuss the origins and future of OpenBao, a fork of HashiCorp Vault. Alex explains the implications of HashiCorp's licensing change, the technical advantages OpenBao brings to the table, and the importance of open-source governance under the Linux Foundation. We also dive into interoperability in security tooling, secrets management best practices, and how developers can get involved in contributing to OpenBao.Alex Scheel is a Staff Backend...
2025-03-1222 minThe Security RepoPlaying (And Winning) CTFs To Advance Your Cybersecurity Career - Edna JonssenIn this episode of the Security Repo Podcast, we sit down with Edna Jonnson, a cybersecurity engineer and SOC analyst, to discuss their journey from web development to security operations. Edna shares insights on the value of Capture the Flag (CTF) competitions for skill development, recounting their recent victory at Wild West Hacking Fest. We also dive into their day-to-day work in a SOC, the importance of credit freezes for personal security, and their involvement in cybersecurity communities like DEF CON and B-Sides Orlando.Edna Jonsson (they/them) is a cybersecurity engineer and SOC analyst with a strong foundation...
2025-03-0522 minThe Security RepoDefense In Depth Means Writing More Tests To Make Sure You Don't Regress - John PoulinIn this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security posture, and the challenges of implementing robust audit logging. Plus, John recounts the day GitHub logged out all users due to a security bug and offers advice on avoiding over-reliance on web application firewalls.John Poulin leads Cloud Security Partners' technology and platform development. He...
2025-02-2641 minThe Security RepoWhat Does It Mean To Be A Security Lead - A Conversion With Kayssar DaherIn this episode of the Security Repo Podcast, Dwayne and Kayssar dive into Kayssar's role as a security leader at GitGuardian, exploring his responsibilities, challenges, and the balance between proactive and reactive security work. They also discuss the evolution of security tools, the importance of relationship-building in security roles, and share insights on vulnerability management and security awareness training. Kayssar offers a unique perspective on what the security industry is getting right, as well as areas that need improvement, especially regarding VPNs and vulnerability prioritization.
Kayssar Daher is a systems security & data privacy enthusiast specializing in securing SaaS platforms.
...
2025-02-1942 minThe Security RepoUnderstanding Security Champions and Making Human Connections - Dustin LehrIn this episode of the Security Repo Podcast, Dwayne and Kayssar sit down with Dustin Lehr, co-founder and chief product and tech officer at Katilyst , to explore the power of Security Champions programs. Dustin shares insights from his journey as a software engineer turned cybersecurity leader and explains how security champions can bridge the gap between security teams and developers. The conversation covers trust-building, best practices for implementing a successful champions program, and how to measure its impact in ways that resonate with executives.
Dustin Lehr is an accomplished software engineer turned executive cybersecurity leader who designs security programs...
2025-02-1248 minThe Security RepoLeveraging Hermeneutics In Cyber Threat Intelligence at The MM-ISAC - Cherie BurgettIn this episode of the Security Repo Podcast, we dive into the world of ISACs (Information Sharing Analysis Centers) with Cherie Burgett. Cherie shares insights into the nuanced field of cyber threat intelligence, discussing how interpretation techniques like hermeneutics can enhance understanding of threat actor behavior. The conversation also explores practical approaches to information sharing, intelligence delivery, and the importance of balancing concise communication with actionable insights.
Since its inception, Cherie Burgett has worked with the Mining and Metals ISAC. As the Director of Cyber Intelligence Operations. Cherie is responsible for researching and analyzing the ever-changing threat landscape affecting...
2025-02-0537 minThe Security RepoObservability ownership, monitoring apps at scale, and learning DevOps like a language- Josh LeeIn this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry.
We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how databases like ClickHouse® compare to Snowflake for monitoring applications at scale. Josh also shares insights on DevOps culture as a "foreign language" and how to bridge gaps between developers and operators in adopting modern practices.
Josh is a seasoned software developer w...
2025-01-2930 minThe Security RepoThe Freedom Of Information Act, Ethical AI, And NerdCore Music - Stephanie HonoreIn this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the intersection of security and legal frameworks. We also explore her creative side as a "spycore" musician blending cybersecurity themes with nerdcore music.
Stephanie Honore, also known as Scarlett Danger, is a professional programmer, building applications by day, and...
2025-01-2236 minThe Security RepoSecuring Workload Identities And Working On Conjure - Jody HuntIn this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, Jody shares his journey through a tech acquisition and the enduring importance of thinking like an attacker in cybersecurity.
Jody has held diverse roles in software development, sales, and marketing. He has been an enthusiastic promoter of DevOps principles since 2010. He became aware of the growing...
2025-01-1543 minThe Security RepoThe Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh SeeparsanIn this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms.
With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise...
2025-01-0842 minThe Security RepoSecuring Flight Simulators And Other Operational Technology - Coburn SlayIn this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also explore broader themes like the need for simplicity in cybersecurity tooling and combating misconceptions about age in the industry.
Coburn Slay is a passionate and driven young cybersecurity professional based in Tulsa, Oklahoma. His love for technology began at...
2024-12-1845 minThe Security RepoGetting Out Of Walled Gardens By Running Your Own Email - Michael HarrisonIn this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his pivotal role in bringing internet access to Chattanooga in the 1990s and shares practical advice on navigating walled gardens and enhancing system security.
Michael describes himself as "A geek tweaking that status quo." He is the co-founder of Ring-U.
https://www.linkedin.com...
2024-12-1136 minThe Security RepoUnderstanding Psychological Safety And Asking Questions To Stay Relevant - Deanna StanleyGot psychological safety?
In this episode of the Security Repo Podcast we sit down with Deanna Stanley to learn about psychological safety and the framework she has coauthored on building the layers of trust within organizations. We also dig into a few interesting stories from her time at MITRE and end up with some very encouraging words on how to stay relevant in a constantly shifting field.
Deanna started her career as an embedded programmer in the telecommunications industry, and was a significant contributor to Northern California having no internet for 2 days back in the late 90s. She now...
2024-12-0437 minThe Security RepoPhone Phreaking, The History Of The Security Community, And Social Engineering - Matt ScheurerIn this episode of the Security Repo podcast, we are joined by the legendary DFIR Matt to get a history of phone phreaking and how that community of hackers inspired an entire community, including DEF CON. We also talk about how social engineering attackers are carried out, including QR code phishing, aka "quishing." Matt gives some rok solid advice as well on how to approach a successful security career.
About our guest:
Matt Scheurer is a show host for the ThreatReel Podcast and Vice President of Computer Security and Incident Response in a large enterprise environment. He...
2024-11-2741 minThe Security RepoGetting Started In Offensive Security: A Journey Into Tech - Alexis DiedikerIn this week's episode of the Security Repo Podcast, we ask a pentester who is one year into her cybersecurity career how she got started. Along the way, we learn about her favorite security tools, what it was like making the leap into security, and how to get started with your own journey, no matter what path you want to take.
We are joined by Alexis Diediker, who brings a fresh perspective to her OCO Consultant role, where she uses the social engineering skills acquired from her non-tech service industry background to deliver practical insights and technical expertise in...
2024-11-2033 minThe Security RepoSecuring Human Access Through Privileged Access Management and Just In Time Access - Aria LangerIn this episode of the Security Repo Podcast, we take a look at the concepts around securing human identities in the enterprise. We talk about why passwords alone are not enough, why it is important to use multifactor authentication, and the dream 'golden path' of ephemeral just-in-time account creation and use. As always, we find out the best and worst advice our guest has ever heard.
Aria Langer joins the program this week. She is a Senior Security Engineer for KraftHeinz, specializing in PKI & privileged access management. In her personal life, Aria will talk your ear off about long-distance...
2024-11-1333 minThe Security RepoUndocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy - José MartinezIn this week's episode of the Security Repo Podcast, we dive into an unusual topic for the program, navigating the US immigration system and the challenges that many security professionals working in the US face. Join us as we discuss how to apply lessons from the world of pentesting to succeeding in the face of bureaucracy.
We are joined by José A. Martinez. José is the owner of too many Pokemon games which he still hasn’t played. Born in Mexico but raised in Chicago, José loves guitars, books, cameras, and trying out new food. José worked in retail before...
2024-11-0627 minThe Security RepoSTIR/SHAKEN and Password Policies- Per ThorsheimIn this week's episode of the Security Repo Podcast, we turn our attention to STIR/SHAKEN, a requirement for US cell phone carriers that has been implemented to stop SPAM robocalls. We also look at password policies and research into how to make better passwords.
We are joined by Per Thorsheim. Per is the founder and main organizer of PasswordsCon, the first conference dedicated to passwords, pins and anything related to digital authentication. He has been working in infosec for 30 years, and claims to know your next password. His bio on Linkedin has more...
2024-10-3034 minThe Security RepoBeing a Lifeguard Instead of a Police Officer and Compliance Is NOT Security - David HawthorneIn this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.We...
2024-10-2331 minThe Security RepoFrom The Theory Of Constraints to Scorecard Patterns for Better Compliance - Justin ReockIn this episode of The Security Repo Podcast, we broach a wide variety of topics, ranging from The Theory of Constraints, source control horror stories, and using scorecards to drive cross-team success.
We are joined by Justin Reock, the Head of Developer Relations for Cortex.io.
He is an outspoken speaker, writer, and software practice evangelist. He has over 20 years of experience working in various software roles and has delivered enterprise solutions, technical leadership, and community education on a range of topics.
We start by talking about how the work of Ed Deming translates into modern software workflow and w...
2024-10-1644 minThe Security RepoRotating Secrets At Scale, Automatically, and With High Availability - Kenton McDonoughIn this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably.
We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems.
We walk through the tech stack that Kent works with, which includes a little of everything. We revisit...
2024-10-0935 minThe Security RepoCountering Shadow IT Through Nudging Intervention - Garret GrossIn this episode of The Security Repo Podcast, let's talk about the largest IT threat outside of IT, and maybe out of the line of site of Security teams, Shadow IT.
We are joined by Garrett Gross, a seasoned cybersecurity professional with over twenty years of experience. Garrett currently holds the position of Head of Product Success at Nudge Security. His primary focus is on implementing innovative strategies to address SaaS sprawl and mitigate the risks associated with shadow IT. With a strong background in security operations, incident response, and threat research, Garrett's expertise...
2024-10-0228 minThe Security RepoWhat Does The Future Hold For The Security Repo Podcast? Some Changes & Introducing Our New Co-HostWe have had so much fun making The Security Repo Podcast, and we hope you have learned as much as we have along the way.
The tides of change have finally reached our shore, and we are sad to announce the departure of Mackenzie Jackson, our original founder, producer, and co-host of the podcast, from our regular episodes. We wish him much success in his new adventures.
We are also announcing a brand new chapter in the history of the program. Dwayne McDaniel will now be joined weekly by
Kayssar Daher, the head of security at GitGuardian.
As an...
2024-09-2600 minThe Security RepoData Loss Prevention and Stopping Breaches Before They StartIn this episode of The Security Repo Podcast, we explore all things Data Loss Prevention (DLP).
We are joined by Daniel Jay, Senior Director of Product Management at GTB Technologies.
We start with a quick high-level of the topic of Data Loss Prevention and how we met at the RSA Conference 2024. By the end, we turn the conversation to AI and balance the risks of using LLMs with faster output.
Links mentioned in this episode:
https://www.linkedin.com/in/daniel-jay-a683b635/
2024-09-2536 minThe Security RepoSecurity Automation And Leveraging AI To Deal With Security At Scale - Huxley BarbeeIn this episode of The Security Repo Podcast, we look at security automation and how we can engineer our way to better security overall.
We are joined, once again by Huxley Barbee, who has been a fixture of the security community for over 20 years. Professionally, he was a security consultant working with customers in finance, insurance, manufacturing, and higher education. Currently, he leads the security engineering group at a fintech company. Beyond the day job, he is also active in the security and hacker community. He started attending DEF CON in the late 90s...
2024-09-1839 minThe Security RepoDeveloper Awareness Training and AI Assisted Tooling for Improving Security - Chris LindseyIn this episode of The Security Repo Podcast, we take a look at the role developer training and awareness have in improving security.
We are joined by Chris Lindsey, Application Security Evangelist at Mend.io. He is a seasoned speaker who has appeared at conferences, webinars, and private events. Chris draws on expertise from more than 15 years of direct security experience leading and building security programs and over 35 years of experience leading teams in programming software, solutions, and security architecture.
We start with how training and awareness are the start of the process but not all that is needed. F...
2024-09-1136 minThe Security RepoImproving Your Security by Leveraging AI: The Arcanum Cyber Security Bot - Jason HaddixIn this episode of The Security Repo Podcast, we dive deep into how AI is helping the Red, Blue, and Purple teams and how we can leverage ChatGPT to stay ahead of attackers.
We are joined once again by Jason Haddix Founder, CEO and Head of Training at Arcanum Information Security. He is also the creator of the Arcanum Cyber Security Bot:
https://chatgpt.com/g/g-HTsfg2w2z-arcanum-cyber-security-bot
Listen in to find out what you have been missing about AI.
https://www.linkedin.com/in/jhaddix/
2024-09-0446 minThe Security RepoDeepCover & DART Academy: Fighting Scammers Through Educating SeniorsIn this episode of The Security Repo Podcast, we dive deep into a rather troubling phenomenon: scammers who target senior citizens.
We are joined by Anita Nikolich, a speaker and a university-based cybersecurity researcher specializing in network security and cryptocurrency analytics. She joins us as the founder and co-principal Investigator of DART, a collective of researchers, security experts, game designers, and community-based organizations who have come together to combine their expertise and passion to develop the Deception Awareness and Resilience Training (DART) platform.
We discuss real-world examples, the realities of scammers and cybercrime, and why they target the people...
2024-08-2831 minThe Security RepoMining for Vulnerabilities: Hidden Dangers of Open BucketsIn this episode of The Security Repo Podcast, we dive deep into a pervasive cybersecurity issue: open data buckets. Joined by Glen Helton, Director of Information Security at a major multinational and founder of the Sky Witness Project, we explore how improperly secured cloud storage—commonly known as "open buckets"—can expose sensitive data to the world. Glen shares insights on the scale of the problem, revealing that billions of files are currently accessible to anyone with the right tools. We discuss real-world examples, the challenges of responsible disclosure, and practical advice for organizations to secure their data. Whether you...
2024-08-2342 minThe Security RepoThe Frontline of Cybersecurity: Defending Against Supply Chain Intrusions - Jossef Harush KadouriIn this episode of The Security Repo, we sit down with Jossef Harush Kadouri, a pioneer in software supply chain security and founder of Dustico, now part of Checkmarx. Jossef shares his journey from startup to acquisition, detailing the ever-evolving landscape of supply chain attacks. We explore how malicious actors are exploiting open-source ecosystems, the challenges of maintaining secure software, and practical steps developers and organizations can take to protect themselves. Whether you're a seasoned security professional or new to the field, this episode offers valuable insights into safeguarding your software's supply chain.
Show...
2024-08-1444 min
The Security RepoEnhancing Security Through Community and Innovation - A Conversation with Avi DouglenThis episode we are joined by Avi Douglen, Founder and CEO of Bounce Security. Avi, a key figure in the security community and former OWASP chapter chair. The discussion covers the significance of OWASP, its resources, threat modeling and Avi's personal journey within the organization.
Listeners will gain insights into the concept of value-driven threat modeling and how it can enhance security measures by focusing on what truly matters for a product. Avi also shares his views on the unique challenges and risks the security community faces, the necessity of inclusivity, and the pivotal role of threat modeling in...
2024-08-0741 minThe Security RepoBehind the Scenes of Offensive Security with Bobby KuzmaToday we sit down with Bobby Kuzma, Director of Offensive Cyber Operations at Pro Circular and adjunct professor at the University of Washington. Bobby shares his unique journey into the world of penetration testing, including how he accidentally acquired his CISSP certification. We delve into the fascinating world of offensive security, discussing the highs and lows of pen testing, the importance of creativity in cybersecurity, and Bobby’s current work on leveraging AI to enhance security testing. Tune in for an insightful conversation filled with real-world stories, expert advice, and a look at the future of cybersecurity.Show NotesBobby’s Li...
2024-07-3133 minThe Security RepoFrameworks and Relationships: J Wolfgang Goerlich on Security StrategyToday we welcome J Wolfgang Goerlich, an advisory CISO, mentor, and strategist. We delve into the intricacies of security design frameworks and the importance of building and maintaining relationships in the cybersecurity field. Wolfgang shares his expertise on creating effective security programs, fostering trust within teams, and navigating the challenges of the CISO role. Tune in to gain valuable insights on cybersecurity strategy and the significance of collaborative relationships in achieving security goals.
Show Notes:
Linkedin: https://www.linkedin.com/in/jwgoerlich/
X / Twitter: https://x.com...
2024-07-2436 minThe Security RepoNuclear Security & Cyber Resilience: Insights from KPMG's Andrew ElliotToday we dive into the fascinating world of nuclear energy and cybersecurity with Andrew Elliot, a senior manager at KPMG's cybersecurity team. Andrew shares his journey from a nuclear engineer to a cybersecurity expert, providing unique insights into the importance of security culture, the resurgence of nuclear energy, and the critical role of cybersecurity in protecting critical infrastructure. Tune in to explore the complexities of nuclear security, the significance of cybersecurity training, and the future of energy security.
Show Notes:
Linkedin - https://www.linkedin.com/in/andrew-elliot-3a25b95b/
2024-07-1737 minThe Security RepoSecuring the Future - The Art of Threat Modeling with Paul McCartyIn this episode of The Security Repo, we dive deep into the world of threat modelling with Paul McCarty, a veteran in the field of DevSecOps and founder of SecureStack. Paul shares his journey from being a Unix admin to working with high-profile organizations like NASA and GitLab. We explore the essentials of threat modeling, the significance of cloud-native security, and frameworks he has developed for threat modeling like TVPO. Tune in to learn how to stay ahead in the ever-evolving landscape of cybersecurity.
Show Notes
Paul’s GitHub https://github.com/6mi...
2024-07-1232 minThe Security RepoPen Testing in Academia - University Cybersecurity Challenges with JR JohnsonIn this episode of The Security Repo, we dive into the fascinating world of cybersecurity with JR Johnson, a seasoned information security professional with over 14 years of experience. JR shares his journey from web development to penetration testing and cybersecurity consulting, highlighting the unique challenges faced by higher education institutions. Tune in to learn about the complexities of securing university networks, the importance of foundational security practices, and JR's expert advice for both IT professionals and students. Whether you're interested in cybersecurity or work in academia, this episode offers valuable insights into protecting educational environments in the digital age.
...
2024-06-2840 minThe Security RepoFrom Desktop Support to Red Team: Brendan Hohenadel Journey in CybersecurityJoin us in this episode of The Security Repo Podcast as we dive into the world of cybersecurity with Brendan Honadle. From his humble beginnings in desktop support to becoming a skilled red teamer, Brendan shares his inspiring journey and fascinating stories from the field. Discover the strategies, tools, and techniques used in offensive security, and gain insights into the challenges and triumphs of penetration testing. Whether you're a cybersecurity enthusiast or a seasoned professional, this episode is packed with valuable lessons and real-world exploits you won't want to miss.
2024-06-1440 minThe Security RepoNavigating AI in Cybersecurity: Insights from Sonya MoissetIn this episode of The Security Repo, we are thrilled to welcome Sonya Moisset, a Senior Advocate at Snyk and a renowned expert in DevSecOps, cybersecurity, and AI. With a wealth of experience as a public speaker, mentor, and top contributor to the tech community, Sonya shares her deep insights into the evolving landscape of AI in cybersecurity.
Join us as we dive into the pressing issues surrounding generative AI and large language models (LLMs), including the concept of shadow AI, the risks of using AI tools without proper oversight, and real-world examples of security breaches involving...
2024-06-0736 minThe Security RepoSecuring Kubernetes Dashboards: Insights from Tremolo Security's CTOIn this episode of The Security Repo, Dwyane McDaniel and Marc Boorshtein delve into the intricacies of Kubernetes dashboard security. Marc, the CTO of Tremolo Security, brings his extensive experience in identity and access management to the table, discussing the challenges and best practices for securing Kubernetes dashboards. The conversation explores the importance of dashboards, common security pitfalls, and innovative solutions to enhance user access and safety. Tune in for valuable insights on navigating the complex landscape of Kubernetes security.
Show Notes
Learn more about Tremolo - https://www.tremolosecurity.com/
Follow Marc
Linkedin - https://www.linkedin.com...
2024-05-2739 minThe Security RepoThe Secrets behind GitGuardian: Building a security platform with Eric FourrierJoin us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code security in our digital world.
Show Notes:
GitGuardian https://gitguardian.com
State of Secrets Sprawl Report https://www.gitguardian.com/state-of-secrets-sprawl-report-2024
GitGuardian Blog https://blog.gitguardian.com
Eric Fourrier Socials
Linkedin: https://www.linkedin.com/in/ericfourrier/
inro: 0:00
Origin of GitGuardian: 0:55
...
2024-05-1545 minThe Security RepoSolving Secret Zero: The Future of Machine Identities & SPIFFE with Mattias GeesToday we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for implementing SPIFFE to enhance digital security across cloud environments. Join us for a comprehensive look at evolving cybersecurity measures and the future of identity management.
Show Notes:
Mattias Social Links
Linkedin - https://www.linkedin.com/in/mattiasgees/
Twitter...
2024-05-0842 minThe Security RepoBuilding secure platforms with Kubernetes: Bridging the DevOps-Security Divide with John DietzThis week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepticism about containerization to embracing Kubernetes. John discusses the critical role of governance and security in successfully deploying and managing cloud-native technologies. We also explore challenges and strategies for integrating security practices into DevOps, ensuring robust governance, and leveraging IaC for efficient and secure infrastructure management...
2024-04-3056 minThe Security RepoAuthorization vs. Authentication: Decoding the Layers of Security with Emre BaranIn this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's cloud-based and development environments.
In this discussion, Emre explains why many organizations still grapple with these issues in 2024, highlighting common pitfalls in security practices and offering insights into the sophisticated challenges of implementing fine-grained access control. He also shares his views on the evolving landscape of...
2024-04-2634 minThe Security RepoUnpacking ASPM: Trends, Truths, and the Future of Security ToolsIn this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solutions, offering listeners a clear-eyed view of what ASPM means for developers, security professionals, and the tech industry at large. Through a candid and enlightening conversation, they explore the history and potential future of security practices, the push towards simplification and consolidation of tools, and the real challenges of...
2024-04-1228 minThe Security RepoDecoding Security: An Analyst's Perspective on Trends and ToolsIn this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into...
2024-04-0931 minThe Security RepoBuilding Conferences and Communities in Cybersecurity with Huxley BarbeeThis week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity.
From his early days attending DefCon in 1999 to spearheading B-Sides conferences that champion technical excellence, community engagement, and accessibility, Huxley's story is one of passion, dedication, and innovation. He offers a fresh perspective on the recent shift of DefCon to the Las Vegas Convention Center and recounts memorable...
2024-03-1442 minThe Security RepoThe Evolution of DevSecOps: Strategies for Integrating Security into DevOps with Gregory ZagrabaThis episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into practical advice on automation, the significance of backups, and fostering a security-conscious mindset. Through real-world examples and expert insights, the episode sheds light on creating robust, secure systems in the fast-paced world of software development and data protection.
Show Notes:
Git Protect...
2024-03-0836 minThe Security RepoHacking the Hackers: The Art of Compromising C2 Servers with Vangelis StykasIn this episode of the Security Repo podcast, listeners will dive into the intriguing world of hacking the hackers with Vangelis Stykas. Stykas, a notable figure in cybersecurity, shares his experiences and methodologies for compromising C2 servers—central nodes used by hackers to control malware-infected computers. He reveals how simple web application vulnerabilities can lead to significant breaches in the security of these servers. The discussion also covers the ethical and legal nuances of Stykas' work, including the challenges and risks involved in targeting these digital underworld operatives. Additionally, Stykas touches on his professional journey, including his role as th...
2024-03-0434 minThe Security RepoThe Evolution of Offensive Security with Erik CabetasIn this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importance of ethical hacking in today's digital world, and offers some advice for aspiring hackers. Join us to explore the fascinating intersection of technology, ethics, and security through Erik's expert lens.
2024-02-2441 minThe Security RepoFrom Bank Heists to Security Insights: The Jayson E. Street StoryIn this episode of The Security Repo, Jayson E. Street delves into his unconventional journey into cybersecurity, emphasizing the essence of hacking as a manifestation of curiosity rather than mere technical skill. He shares anecdotes from his extensive experience in ethical hacking, including bank heists and corporate security breaches, to underscore the importance of creative problem-solving in security. Street also critiques the narrow perceptions of hacking, advocates for diversity in the security field, and offers unconventional advice for enhancing corporate security awareness. His stories, ranging from audacious exploits to thoughtful reflections on personal and professional growth, provide a compelling...
2024-02-1655 minThe Security RepoReducing the noise: Cutting through the data in security Buck BundhundIn this episode of "The Security Repo," hosts Dwayne McDaniel and Mackenzie Jackson delve into the intricate world of cybersecurity with Buck Bundhund, an expert from Centripetal Networks. The conversation kicks off with an exploration of the pervasive issue of data noise – the influx of non-intended data into organizational networks, posing significant challenges for security operations.
Buck sheds light on the complexities of distinguishing between legitimate and illegitimate traffic and the detrimental effects of alert fatigue within security teams. Through real-world examples and insights, the discussion unfolds to reveal the limitations of traditional security tools in handling the massive vo...
2024-02-0840 minThe Security RepoSolving the bottom turtle: Fixing the authentication problem with Ethan HeilmanIn security you have likely heard the expression turtles all the way down, the concept the world is held up on the back of a turtle who is standing on the back other another turtle, and so on.. This can be used to describe the current state of security, where everything can dramatically fall over if the bottom turtle fails. In this episode, we discuss solving the bottom turtle, solving authentication.
Our guest Ethan Heilman has a PhD in Computer Science and the current CTO of BastionZero where he is currently working on Open PubKey, a protocol...
2024-01-3134 minThe Security RepoThe right tool for the job: Finding and evaluating security tools with James BerthotyIn this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for smaller teams or organizations with limited budgets seeking effective security solutions. This episode is perfect for anyone looking into purchasing new security tools or wanting to understand the purchasing process.
Show Links:
Latio Tech - https://www.latio.tech/
James Linkedin - https://www.linkedin.com...
2024-01-2441 minThe Security RepoSecuring our APIs - Thinking differently about API Security with Isabelle MaunyIn this episode, Mackenzie and Dwayne dive into a discussion on API security with special guest Isabelle Mauny, co-founder and CTO of 42Crunch. We walk through the differences API security has compared with traditional application security, and its growing importance in today's technology landscape. We also have a discussion about the challenges and risks associated with API security, the need for developers to be actively involved in securing APIs, and the tools and practices that can help integrate security into the development workflow.
Show Links
42Crunch website - https://42crunch.com/
42 Crunch Blog - https://42crunch.com/blog/
Isabelle...
2024-01-1743 minThe Security RepoRevolutionizing SAST: Bridging the Gap for Modern Developers with Nipun GuptaIn this episode of The Security Repo, Mackenzie Jackson sits down with Nipun Gupta, the Chief Operating Officer of Bearer, a leading security company at the forefront of innovation in the cybersecurity landscape. Join us as we delve deep into the world of Static Application Security Testing (SAST) and explore why traditional SAST tools are struggling to keep pace with the demands of modern development environments.
In today's fast-paced software development ecosystem, developers are continuously seeking ways to improve code quality, enhance security, and accelerate their workflows. However, traditional SAST tools often fall short, failing to meet the specific...
2024-01-1028 minThe Security RepoAPI Security Unveiled: Safeguarding the Heart of Modern ApplicationsIn this episode of "The Security Repo," your hosts Mackenzie Jackson and Dwayne McDaniel are joined by a distinguished guest, Dan Barahona, as they embark on an eye-opening exploration of API security. As the digital landscape evolves at breakneck speed, APIs (Application Programming Interfaces) have become the backbone of modern applications, making them an attractive target for cyber threats.
Join the conversation as Mackenzie, Dwayne, and Dan delve into the fundamentals of API security and why it has emerged as an integral aspect of both application security and the broader realm of cybersecurity. Discover the ins and outs of...
2023-12-2030 minThe Security RepoGuarding Against Deception: The Art of Detecting and Defending Against Social EngineeringIn this episode of The Security Repo, your hosts Mackenzie Jackson and Dwyane McDaniel are joined by the brilliant Reanna Schultz, a seasoned expert in the field of cybersecurity. Together, they delve deep into the world of social engineering, exploring what it is, how to detect it, and crucially, how to arm your staff against its deceptive tactics.
Social engineering is a crafty, manipulative art used by cybercriminals to exploit human psychology. Our trio dissects the various techniques employed by malicious actors, shedding light on the ever-evolving landscape of digital deception. Learn how to recognize the red flags and...
2023-12-1532 minThe Security RepoContextual Security: Revolutionizing Developer-Focused Cybersecurity with James WickettIn this eye-opening episode of The Security Repo, we welcome James Wickett, the CEO and co-founder of DryRun Security, a visionary in the realm of cybersecurity. James unveils a groundbreaking concept known as "Contextual Security," a game-changer that empowers developers with unprecedented security insights while they write code.
As our hosts and cybersecurity enthusiasts Mackenzie and Dwaybne guide the conversation, James delves into the heart of Contextual Security, offering listeners an inside look at how this innovative approach is transforming the way developers view and implement cybersecurity in their projects. Discover how Contextual Security is redefining the role of...
2023-12-0833 minThe Security RepoMastering Physical Security: Unveiling the Secrets with Brice SelfIn this captivating episode of The Secuerity Repo, we delve into the world of physical security with our esteemed guest, Brice Self. With over a decade of experience in the field, Brice brings a wealth of knowledge and real-world insights to the table.This episode takes a deep dive into the intricate aspects of physical security, particularly in high-stakes environments like banking institutions. Brice shares his experiences and the strategies that have led him to a remarkable 100% success rate in penetrating security measures at various banks - a testament to his expertise and the critical vulnerabilities in existing security...
2023-12-0435 minThe Security RepoSecrets inside packages, scanning Python PyPi for credentials with Tom ForbesIn this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started...
2023-11-0335 min
The Security RepoArtificial intelligence, a friend or foe in cyber security - with Simon Maple from SnykWith the rapid development of AI we are often left wondering if AI is our friend or foe in security. In this episode, I sit down with Simon Maple from Snyk to discuss just that. We explore the different applications of AI in security and where the future is going. It's an interesting discussion so you don't want to miss it!
Show Links: Snyk.io Blog: https://snyk.io/de/blog/ Featured article: https://snyk.io/blog/10-best-practices-for-securely-developing-with-ai/
x.com (Formally twitter) https://twitter.com/sjmaple
Simon BIo:
Simon has a long and impressive record working in technology from...
2023-10-1938 minThe Security RepoScaling security and AppSec in fast moving enterprises with Jeevan SinghApplication security can be a difficult task at all levels of a company. But as a start-up grows into an enterprise, or existing companies evolve. How do you effectively scale your security program? We have an amazing guest, Jeevan Sinhg who is the director of product security at Twilio and he is here to talk about how to scale an application security program.
BIO Jeevan Sinhg
Jeevan's lifelong fascination with defensive security began at a young age when I played the center-back position on my youth soccer team. I loved the thrill of preventing opponents from scoring and was...
2023-10-1138 minThe Security RepoEnterprise Software Distribution - Managing updates and security in enterprise software at scaleOne of the many advantages of the cloud revolution is that SaaS products are continuously updated, security issues are patched quickly, and it's something the consumers are less concerned about. But what about enterprise products, how do you get that same level of update efficiency and security on large on-premise products. This is one of the topics we cover in this episode with the crew from replicated as Andrew Storms VP of security and Ian Zink senior developer advocated diving into this complex and vital topic.
Links
Replicated - https://www.replicated.com/
Replicon - https://www.replicated.com...
2023-10-0937 minThe Security RepoSecuring data in a world of AI with Jeremiah JeschkeMany companies are banning AI systems like ChatGPT to prevent data from being leaked, but is that a viable solution? We sit down with Jeremiah Jeschke, the CEO at OfficeAutomata, to discuss the future of security in a world of ChatGPT and other AI systems.
Links:
Office Automata: https://officeautomata.com/
Linkedin https://www.linkedin.com/in/jeremiah-jeschke/
Jeremiah has over 10 years of AI Development/Programming and 10 years of CEO experience. Previously, in both private work and Active Duty as USAF Captain, he supported large-scale...
2023-09-1729 minThe Security RepoGetting boardroom buy-in for security - CISO conversations with Walt PowellGetting funding to build effective security programs is challenging and often it fails because security leaders are not telling the boardroom the right 'story'. In this episode with Walt Powell we discuss exactly how to overcome these challenges by understanding how to effectively communicate with the board by expressing security challenges into a language they will relate to. We also discuss the journey to becoming a security leader and the exact skill you need to develop to get there.
BIO: Walt is a cybersecurity thought-leader that specializes in providing executive guidance around risk, governance, compliance and IT security strategies...
2023-09-0437 minThe Security RepoSocial engineering, phishing and building grass roots communities with Dan and KenIn this episode, we sit down with Daniel Niefeld and Kenneth Nevers to talk about their journey into security, creating security conferences and building grass roots cyber communities.
Get your tickets to RedHackCon free (save $200) as a Security Repo Listener use the code HRCGGuardian23 when purchasing tickets https://www.hackredcon.com/ (First 5 tickets only).
Daniel and Ken are two of the founders of RedSeer Security, a penetration testing company based in Florida. Both however have deep roots in the cyber community including organizing and founding many conferences and events but also are the founders of BuildCyber non-profits to help...
2023-08-0348 minThe Security RepoCode signing and securing the software supply chain with Billy LynchIn this episode, we go on a deep dive with Billy Lynch from Chainguard into application and code signing and how it can be used to ensure the supply chain is legitimate. Billy has an impressive background including spending 8 years at Google before joining Chainguard and not only helps us understand how signing can be used in security but also what is the latest developments and technology in this field.
Links:
https://www.chainguard.dev/
https://www.linkedin.com/in/wflynch/
BIO
Billy...
2023-07-2734 minThe Security RepoGetting started in AppSec with Tanya Janca SheHacksPurpleIn this episode, we sit down with Tnaya Janca and discuss her journey from being a developer for government agencies to becoming one of the most recognizable faces in application security and cyber security in general. This episode is especially great for anyone thinking about starting a career in cyber security and wants to know how to get started but also contains amazing insights for anyone already in the field wanting to level up.
Show Links:
Personal Website / Blog : https://shehackspurple.ca/
We hack purple community https://wehackpurple.com/
[Book] Alice and Bob learn Application Security https://tinyurl.com/7...
2023-07-1048 minThe Security RepoSecuring the remote workforce, the future of cloud development environmentsIn this episode, we sit down with Vedran Jukic, co-founder and CTO of Code Anywhere and Tomma Pulljak Senior Developer at Code Anywhere to talk about the future of development environments. We go into detail on exactly what cloud development environments are and how they can help keep the remote workforce of today secure.
Links:
https://codeanywhere.com/
Bios:
Vedran Jukic is the CTO and Co-Founder of Codeanywhere. He started the company alongside the CEO Ivan Burazin with the vision of enabling all developers to work in the cloud. They were one of the first to enter the CDE...
2023-06-1426 min
The Security RepoUnderstanding digital forensics with Desi - A deep dive post breach investigationsIn this episode we sit down with Desi who is an expert in digital forensics. We explore exactly what digital forensics is, how it can be used to catch cyber criminals and what can we do in a breach to preserve evidence. It is a fascinating conversation and full of great information from the inner workings of forensics to the crazy world of deep fakes.
Guest Bio: Desi has a strong background in IT incident response but also has spent time in industry doing insider threat management and industrial incident response. He is currently...
2023-05-2329 min
The Security RepoThe hacker in the board room: The journey from hacker to CISO with Jason HaddixHave you ever wanted to know how to hack a bank? If so this is the episode for you (disclaimer, please don't hack banks).
Jason Haddix is someone that needs little introduction in the security world. In this Podcast, we were fortunate enough to sit down and discuss Jason's beginnings as a hacker through to how he made it all the way to the board room in some massive and truly awesome companies. We talk about how to hack banks, what happens when your a CISO during a security breach and what is the best advice for fellow and...
2023-05-0955 minThe Security RepoSecurity landscape in 2023 : Insights from the ground at RSA (Special Edition Episode)In this special edition episode, we tracked down a few of the key thought leaders in cyber security around the RSA conference to ask them what they thought were the biggest security concerns for 2023 as well as some key recommendations for organizations to combat them. Their insights were fascinating.
This episode features:
Feross Aboukhadijeh - Founder and CEO of Socket
Steve Giguere - Organization London DevSecOps Community / Developer Advocate Bridge Crew
Joseph Carson -Chief Security Scientist (CSS) & Advisory CISO
Tony Loehr - Senior Product Manager
Joshua Kamdjou...
2023-05-0615 minThe Security RepoModern ransomware: How hackers are targeting your organization with Adriel Disatel and Noah TongateIn this episode we sit down with legendary pen tester Adriel Disatel and Noah Tongate to discuss how modern cyber criminals are operating to deploy modern ransomware attacks. The conversation is full of real life hacking stories and to the point information on how you can protect yourselves against modern threats.
Links: Netragard Publications https://netragard.com/publications/
Adriel Desautels Bio: Adriel is the founder and CTO of Netragard, a company founded on the premise of delivering to its clients high-quality Realistic Threat Penetration Testing™ services, known today as Red Teaming. Adriel has over 20 years of...
2023-05-0344 min
The Security RepoUnderstanding intent based access control with Uri SaridIn this episode of the Security Repo we dive into intent-based access control. This is the concept of limiting access to just what is intended, it sounds simple enough, But how does one understand and define the intent? And more importantly, how to we enforce our intentions with access control? This week's guest is Uri Sarid, he is a man with a long list of credentials and walks us through exactly what is intent-based control and how we can implement it in our organizations.
About the guest - Uri Sarid
Uri is responsible for products at Otterize. He is...
2023-04-2428 minThe Security RepoMulti Factor Authentication for APIs with Anusha IyerAPIs are what run the internet today, modern applications are no long monoliths, they are built upon hundreds of microservices and APIs are the glue that connects them. API security, however, is a massive blind spot for many organizations, from misconfigurations to leaked secrets, APIs give attackers ample opportunity to make intrusions into your systems. In this episode, we discuss how we can fundamentally change API security but add what Anusha Iyer, CEO of Corsha, calls multifactor authentication for APIs. In this episode, we dive deep into this topic with Anusha and discuss how we can make modern applications...
2023-04-1030 min
The Security RepoOffensive security tools with Brendan O'Leary from ProjectDiscoveryIn this episode we are joined by Brendan O'Leary from ProjectDiscover we learn about the tools that hackers, bug bounty hunters, and red teams use to be able to map infrastructure and find vulnerabilities. Brendan is the head of community for ProjectDiscovery which is a company that builds open-source tools to help organizations find and discover their own vulnerabilities. We talk with Brendon about some of ProjectDiscovery's most popular tools but also take a look at their latest project, Chaos.
Please like and subscribe to this podcast it helps a lot for others to...
2023-04-0631 min
The Security RepoThreat modeling in security with Audrey LongHave you ever wanted to threat model the death star from Star Wars? Well this is one of the many topics we discuss in the latest episode of the Security Repo podcast with our special guest Audrey Long. Audrey is a Senior Security Software Engineer at Microsoft in the Commercial Software Engineering team (CSE), which is a global engineering organization that works directly with the largest companies and not-for-profits in the world to tackle their most significant technical challenges.
Show Links:
Audrey on Linkedin - https://www.linkedin.com/in/audrey-long-53153a11b...
2023-03-2938 min
The Security RepoUnderstanding and building the SOC (Security Operations Center) - With Troy SantanaIn this episode of The Security Repo we are joined again by Troy Santana from Critical Start to discuss how organizations can set up a Security Operations center regardless of their size. We explore exactly what a security operations center does and why you need one in the current security climate. For more information on Critical Start please check out their website at https://www.criticalstart.com/
2023-03-1621 min
The Security RepoStaff augmentation in security with Troy SantanaStaff augmentation is the idea of augmenting your internal staff with consultants and tools to give you the collective knowledge of security experts for all teams. We sit down with security consultant Troy Santana to discuss exactly what staff augmentation looks like and how it can be implemented.
Troy Santana joins us as a Sales Engineer for Critical Start. After spending 6 years as part of their 24x7 SOC team in analyst, management, and supporting roles, he moved over to security consulting to provide technical depth and operations experience to the buying process. A veteran of the Marine...
2023-03-0735 minThe Security RepoEpisode 6: Securing the development environment with Laurent BalmelliIn this episode, we sit down with Laurent Balmelli, the CEO of Strong Network, to discuss why development environments are vulnerable to malicious actors and how we can move to a secure cloud IDE (Integrated Development Environment). A cloud IDE isn't entirely new but it also isn't changing how developers are working and more importantly how developers are keeping their environments secure. We ask Laurent what the issue is with cloud IDEs and discuss how we can leverage the concept to build better, more secure environments for our developers.
Breach of the week - This week...
2023-02-2135 minThe Security RepoEpisode 5: Product Lead Growth in Security with Ross HaleliukRoss Haleliuk is a champion for Product Lead Growth (PLG) and in this episode sits down with Mackenzie Jackson to discuss how this concept has changed cyber security products and also how organizations can adopt a product lead growth mindset. Ross is a thought leader in the space and has many interesting publications on the topic, to find out more here are some links. Linkedin - https://www.linkedin.com/in/rosshaleliuk/ Blog - https://ventureinsecurity.com/?gi=af7863463f56
2023-02-1333 minThe Security RepoEpisode 5 PREVIEW! Product Lead Growth in Security with Ross HaleliukComing up on Monday!
Ross Haleliuk is a champion for Product Lead Growth (PLG) and in this episode sits down with Mackenzie Jackson to discuss how this concept has changed cyber security products and also how organizations can adopt a product lead growth mindset. Ross is a thought leader in the space and has many interesting publications on the topic, to find out more here are some links.
Linkedin - https://www.linkedin.com/in/rosshaleliuk/
Blog - https://ventureinsecurity.com/?gi=af7863463f56
2023-02-0902 min
The Security RepoEpisode 4: Understanding confidential computing & web assembly to build secure appsNathaniel McCallum is the former CTO and co-founder of Profian and an expert in web assembly and confidential computing. This week on the security repo Dwayne McDaniel goes on a deep dive with Nathaniel to understand web assembly and how it relates to security but also peels apart the layers that surround the term confidential computing. It is a fascinating conversation with a lot of takeaways.
2023-02-0625 min
The Security RepoEpsiode 3: Implementing a DevSecOps approach to software development with Will KellyIn this episode, we invite Will Kelly to join Mackenzie and Dwyane in a conversation about implementing DevSecOps in software organizations. We tackle what DevSecOps is in reality, how can organizations implement a plan to roll out a DevSecOps approach, and the challenges that surround this.
Will Kelly is a freelance writer focused on DevOps and the cloud. He has worked on teams that introduced DevOps and the cloud to commercial and public sector organizations. Will is a correspondent for Red Hat’s Opensource.com. His work has also been published by TechTarget, Enable Architect, InfoQ, InfoWorld, and...
2023-01-2330 minThe Security RepoEpisode 2: An Interview with a Cyborg Hacker - How are body modfications and changing the threat landscapeLen Noe is both a white hack hacker and a pioneer in the transhuman movement. Current Len has 8 implants which he uses to enhance his offensive security activities. In this episode, I discuss with Len what Biohacking or bio modifications mean as a security threat and what we can do to defend against this new threat.
2022-09-0744 min
The Security RepoEpisode 1 - A deep dive into supply chain riskThis episode takes a deep dive into the issues all companies face with the software supply chain including open-source dependencies and the credentials that attackers are after.
2022-07-0453 min