Security Conversations

Episode sponsors: Binarly (https://binarly.io/) and FwHunt (https://fwhunt.run/) - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence. Dan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps that will never go away, the decision to raise an unusually large early-stage funding round, and how the U.S. government's efforts will speed up technology innovation.

A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...

Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.

Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.

Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need for transparency among affected vendors.

Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's biggest problems.

Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...

Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.

Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.

Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.

Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.

Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).

Episode sponsored by SecurityWeek.com JupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.

Episode sponsored by MongoDB.com. Algirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.

Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity. (Episode sponsored by Eclypsium (https://eclypsium.com))

Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to "do security better." We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecurity.

Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting. Sponsored by Eclypsium: Eclypsium ships an enterprise device platform that provides visibility and mitigation for malicious activity all the way down to the firmware and hardware level. Think of it as one platform to discover, inventory, assess risk, patch, and detect compromises and supply chain breaches across your entire fleet of devices. Request a demo at Eclypsium.com (https://eclypsium.com).

Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.