Breakpoint Security Podcast

Vulnerability Management &  RemediationGuest: Vishal Kalro, CISO & DPO, QuatiphiIn this episode of Breakpoint, Neelu and Vishal discuss the complexities of #vulnerabilitymanagement and #remediation in #cybersecurity. They explore the challenges faced by #security teams in identifying and prioritizing vulnerabilities, the importance of collaboration with development teams, and how to tie #vulnerabilities to business #risks. Vishal emphasizes the need for actionable insights and effective communication between teams to ensure vulnerabilities are addressed efficiently. In this conversation, they explore the friction between security and engineering teams, emphasizing the importance of empathy and communication. The discussion highlights the need for partnerships in vulnerability management, accountability for fixing issues, and the power of storytelling in articulating security risks. Ultimately, they advocate for a people-first mindset to foster collaboration and effective remediation strategies.---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Vulnerability Management &  RemediationGuest: Vishal Kalro, CISO & DPO, QuatiphiThe real security flaw isn't the vulnerability itself, it's the failure to execute remediation. Security teams are drowning in thousands of alerts and treating every bug like a Critical emergency. This "Alert Fatigue" guarantees that the actual high-risk exposures get missed, leaving the door wide open for the successful breach.---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guests: Mohini Sharma, TMT Technology Consultant, EY.Jaydeep Katariya, AMI Technology Consultant, EY.The metaverse seamlessly integrates physical and digital spaces, enabling AI-driven innovations in virtual interactions, autonomous avatars, and real-time experiences. However, increased reliance on AI brings sweeping cybersecurity challenges, such as adversarial attacks, deep fake impersonation, and AI-driven phishing campaigns. The security of the metaverse is vital for the sustainability of user trust and system integrity. As AI assumes a larger role in virtual environments, proactive cybersecurity measures must be taken to counter emerging threats. This paper introduces DAI-TIRS, a holistic security framework designed to proactively secure the metaverse. DAI-TIRS is the integration of machine learning-based anomaly detection, dynamic honeypots, and predictive threat modelling that detect, classify, and mitigate AI-driven threats in real time. By utilising MITRE ATT&CK and the PyTM framework, it constantly learns new emerging threats through advanced behavioural analytics and keeps pace with the adversarial AI model’s evolution. The experimental results from a simulated metaverse environment demonstrate that DAI-TIRS achieves 93% accuracy in threat detection, 90% precision in classifying the severity, and a 36.9% faster threat mitigation response time than the average performance of baseline models, as detailed in the paper. Recommended reading/viewing, Paper(in this topic) for practitionersTheir Research Paper which got published in the J.UCS: DAI-TIRS: An AI-Powered Threat Intelligence and Response System for Securing the Metaverse---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

As organisations and users increasingly move into the metaverse, AI-powered threats are evolving faster than traditional defences.  The primary challenge for today’s security teams is that conventional detection and manual response are too slow for the millisecond-scale attacks of immersive environments. Their work on DAI-TIRS addresses this problem by integrating anomaly detection, adversarial AI defence, dynamic honeypots, and predictive threat modelling into a unified system for metaverse.Guests: Mohini Sharma, TMT Technology Consultant, EY.Jaydeep Katariya, AMI Technology Consultant, EY.Mohini Sharma:Mohini Sharma is a dedicated researcher, consultant, and professional with interests in cybersecurity, artificial intelligence, and emerging technologies such as the metaverse and blockchain. Her work focuses on developing innovative solutions that bridge security challenges with advanced AI-driven approaches, ensuring safe and resilient digital environments. Alongside her research, she actively provides consultancy to organisations, helping them strengthen their security posture, adopt emerging technologies responsibly, and align with industry best practices. With a strong academic background and strong industry experience, she strives to contribute towards value-driven insights in the field of cybersecurity.Jaydeep Katariya:  Jaydeep Katariya is a cybersecurity consultant and researcher working at the intersection of technology, business, and policy. An alumnus of IIM Ahmedabad and Symbiosis International University (SIU), where he completed his MBA in Information Technology Business Management, he has contributed to projects spanning SOC automation, deception systems, and public-sector digital transformation initiatives. He also represented SIU in an international research collaboration with Hochschule Mainz, Germany, and has published impactful research, including an IEEE conference paper on transforming carbon markets using blockchain, AI, and IoT, as well as his award-winning work on an adaptive AI-based cybersecurity suite for the metaverse in reputed journals. Currently with EY, Jaydeep combines hands-on consulting exposure with academic research while actively contributing to the cybersecurity communityIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt LtdIn this Rapidfire Anant shares insights from his experiences in the field of both Supply Chain Security and his professional journey in Cybersecurity.Checkout the full episode where we discuss these practical nuances of SBOMs, so you get the best out of your 'bill of materials'.https://youtu.be/PwuJoABJfmc------Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt LtdIt's not your code that gets breached, it's the code you inherit. We expose the hidden dangers lurking in your Software Supply Chain and reveal the single document that can save you: the SBOM .This episode breaks down why relying on Open Source components creates major risk. Learn how the Software Bill of Materials tracks every transitive dependency, allowing instant mapping of a new CVE to your production assets. Recommended reading/viewing, Paper for practitionershttps://www.cisa.gov/sites/default/files/2025-08/2025_CISA_SBOM_Minimum_Elements.pdfhttps://knightcolumbia.org/content/ai-as-normal-technologyhttps://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/https://github.com/cyfinoid/sbomplayhttps://cyfinoid.com/introducing-sbom-play-a-privacy-first-sbom-explorer-with-vulnerability-license-insights/----Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt LtdImplementing Software Bill of Materials (SBOMs) is a complex process riddled with challenges that can undermine their security benefits. The primary issue is data quality and accuracy, as many tools fail to list all components, especially hidden transitive dependencies, creating a false sense of security. Furthermore, organizations are often overwhelmed by the sheer volume of data an SBOM produces, lacking the context and tooling to turn it into actionable intelligence. Finally, SBOMs are static snapshots in a dynamic world, becoming quickly outdated as new vulnerabilities are discovered, making it difficult to maintain their relevance without a continuous, automated workflow.Checkout the full episode where we discuss these practical nuances, so you get the best out of your 'bill of materials'.If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

From Vulnerability to Value: Harnessing Bug Bounties for Continuous Security ImprovementGuest: Shobhit Gautam, HackerOne, Staff Security Solutions Architect, HackerOneThis short clip is fun, fast, and full of great personal insights on #cybersecurity . It’s a great reminder that behind every strong security defense is a brilliant, interesting human. #bugbountytips --Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

TOPIC:From Vulnerability to Value: Harnessing Bug Bounties for Continuous Security ImprovementStop viewing bug bounties as just a headache! We're talking about turning #vulnerabilities into measurable #security value.My guest dives deep into how organizations can strategically shift their perspective: using #crowdsourced security intelligence as a core engine for #continuous improvement. It’s about leveraging these programs to generate critical #threatintelligence and #risk  data. Every reported flaw isn't a failure, but a data point that actively strengthens your #defence-in-depth strategy over time. We'll show you how to move from reactive flaw-finding to proactive security harnessing the power of the crowd.Recommended reading/viewing for practitioners:Shobhit’s interview with Pulse2: https://pulse2.com/hackerone-profile-shobhit-gautam-interview/Return on Mitigation: https://www.hackerone.com/info/return-mitigation-calculatorBug Bounty Podcast: https://www.criticalthinkingpodcast.io/about/Getting Started: https://www.bugbountyhunter.com/getting-started/ --Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

TOPICFrom Vulnerability to Value: Harnessing Bug Bounties for Continuous Security ImprovementGuest: Shobhit Gautam, HackerOne, Staff Security Solutions Architect, HackerOneShobhit is a Staff Solutions Architect at HackerOne. He has 15+ years of security experience, with extensive expertise in application, cloud, and infrastructure security. He is passionate about building secure solutions and fostering a security-conscious culture. He has experience leading security awareness initiatives, mentoring security teams, and responsibly disclosing vulnerabilities and is an active contributor to the security community.This discussion will explore how organizations can strategically leverage bug bounty programs, shifting the perspective from simply finding flaws to actively harnessing crowdsourced security intelligence as a core engine for continuous improvement and measurable security value. We aim to demonstrate how vulnerabilities, when identified and managed effectively through these programs, become critical data points that strengthen defenses over time.--Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Saakshar Duggal, Artificial Intelligence Law Expert I Training Corporates on Cyber laws and Cyber HygieneWe talked serious **DPDP Act** compliance in the full episode, but now it's time for the fun stuff! 🚀 I put our expert through the wringer with our rapid-fire round.---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Saakshar Duggal, Artificial Intelligence Law Expert I Training Corporates on Cyber laws and Cyber HygieneThe DPDP Act is here, redefining digital privacy in India. But how does this new law stack up against global standards like GDPR? We're diving deep into the toughest differences and the biggest headache for every business: Consent Management.Beyond specific, informed consent and the constant right to withdraw, we tackle Data Minimization and the ambiguity of Data Retention rules. Is the Breach Reporting norm too lenient? Our expert breaks down the key areas, contrasts them with global laws, and shares an example of an organization that got DPDP compliance right. This is your essential guide to navigating this crucial regulation!---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

The new DPDP Act is officially rewriting the rules for handling personal data in India. It sounds like simple compliance, but the implementation challenges for every data fiduciary are tricky—and getting it wrong could lead to massive fines.Today, we dive into the biggest hurdles, from consent management to fulfilling data principal rights. We guide you through the precise techniques you need to roll out DPDP successfully. Don't risk your organization's future—check out the full episode!Guest: Saakshar Duggal, Artificial Intelligence Law Expert I Training Corporates on Cyber laws and Cyber HygieneSaakshar Duggal is a practicing Advocate in the Delhi High Court and is regarded as an AI law Expert. He is a 19 times TEDx speaker and has been a guest speaker at prominent organizations like the United Nations main office (UN) , Harvard University’s ( (HPAIRx), Defence Research and Development Organisation (DRDO) , All India Institute of Medical Sciences ( AIIMS) , Indian Institute of Technology, Delhi ( IIT) etc. He is dedicated to promoting awareness of legal issues in cyberspace and of upcoming technologies like Artificial Intelligence.---Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastSubscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Jay Thoden van VelzenTechnical Advisor, Office of the Chief Security OfficerSAP Global Security & Cloud ComplianceAt Breakpoint, we tend to get real about cybersecurity. We often say security's job is to be an enabler for the business. After the myth breaking full episode, here's a light Rapid Fire where Jay shares some of his experiments on chaos engineering and other interesting adventures.--Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Jay Thoden van VelzenTechnical Advisor, Office of the Chief Security OfficerSAP Global Security & Cloud ComplianceIn this segment, we’re unpacking the biggest myth in security: that strategy is enough. Our guest argues that culture eats strategy for breakfast, and effective security isn’t about more policies, but about deep negotiation and understanding. We’ll discuss how to use tools like security risk management and security engineering not as blockers, but as instruments for genuine collaboration. This is about convincing teams we understand their needs, and together, building a security culture where everyone wins. This is how we move from being a cost center to a true business partner.Recommended reading/viewing, Paper(in this topic) for practitionersSecurity Chaos Engineering: Sustaining Resilience in Software and Systems, Kelly Shortridge and Aaron Rinehart (2023)Cybersecurity for SAP, Gaurav Singh and Juan Perez-Etchegoyen (2025)--Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest:  Dennis Giese, Independent Security ResearcherYou've seen the headlines, heard the wild stories, and maybe even panicked about the devices in your own home. "Hackers take control of robot vacuums, yell racial slurs." It sounds insane, but what really happened? Our guest today is one of the researchers who exposed the vulnerabilities behind these shocking incidents.In this segment, we're diving deep into the world of smart home robotics and cyber-physical security. Our guest will walk us through their research into popular devices, revealing the types of vulnerabilities that often go undetected for extended periods. We'll get a first-hand account of the timeline of the incidents, clarifying what happened and why. This isn't just about the sensational headlines; it’s a critical look at how to prevent these problems, how to ensure researchers' work isn't misused for malicious purposes, and what unreleased vulnerabilities still exist. This discussion is for anyone who has ever worried about the privacy of their home in an age of constant connectivity.--Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastVideo on YouTube: https://youtu.be/i1AvJm2wYx8If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Have you ever thought about how an attacker might reverse-engineer an AI model? Our guest today is doing just that, going beyond passwords and keys to unpack the very DNA of deep learning!In this segment, we're diving into the groundbreaking work of reversing large deep learning models. Our guest reveals how it's possible to reverse an AI model's entire mathematical structure, exposing its architecture, critical hyperparameters, and even the internal weights and biases that define its behavior. We'll explore this new frontier of security research in the context of different model formats and major models like GoogleNet and Llama. This isn't just about finding vulnerabilities; it's about understanding how a malicious actor could exploit the sparsity of a tensor or reverse a tokenizer, fundamentally subverting an AI's core logic. This is next-level threat intelligence, showing us how to defend AI by understanding its deepest secrets.Guest: Yashodhan Mandke, Research Scholar MIT-WPUYashodhan is a Security Researcher with over 13 years of cutting-edge experience at the intersection of IoT and AI innovation. A tech visionary currently pursuing a doctorate in Satellite and Security, Yashodhan’s academic journey spans M.Tech in Satellite Communication, M.Tech in Signal Processing, and a B.E. in Electronics & Telecommunication.Recommended reading/viewing, Paper(in this topic) for practitionershttps://goa2025.nullcon.net/doc/goa-2025/nullcon_2025_rev_dl.pdf--Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Ever wonder how zero-day vulnerabilities in your favorite websites get uncovered? Our guest today is diving into a game-changing technique: coverage-guided fuzzing for PHP web apps! Forget slow scanners; we're talking about finding critical bugs before the bad guys do.Guest: Sebastian Neef, PhD at the Technical University of Berlin, at the Chair for Security in TelecommunicationsIn this segment, we explore PHUZZ, an open-source tool that's shaking up web application security testing. Our guest explains how this innovative approach outperforms traditional vulnerability scanners like BurpSuite, ZAP, and WFuzz in pinpointing crucial flaws like SQLi, RCE, XXE, and XSS. We'll delve into the technical hurdles of applying coverage-guided fuzzing to the dynamic nature of web applications and how PHUZZ's clever function hooking and vulnerability detection uncovered over 20 potential security issues and even 2 CVEs in popular WordPress plugins. This is the future of proactive web security, finding those elusive zero-day exploits with the power of intelligent automation.Recommended reading/viewing for practitioners:https://www.sebastian-neef.de/Coverage guided FuzzingIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Dr Angelina GokhaleSenior Data Scientist, NetmonasteryAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Khushbu JainManaging Partner, Data Privacy | Ark LegalAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe! https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Abhishek DattaCo-Founder | SafeDepAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Thiruraghavan MadhugiriDirector, Security Engg | AdobeAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Effective Paper Submission for Beginners Part 03You've seen the good researchers on stage at the best conferences or your favorite local security conference, dropping knowledge bombs and getting that well-deserved applause. Ever wondered how they got there? It all starts with a killer paper submission!In this brand new video, part of our "CFP series", I'm pulling back the curtain on 'Effective Paper Submission' for security conferences. This isn't just about having a great idea/research; but also about packaging it, pitching it, and making sure it lands with the review board.In this third part: We'll dive into the critical call outs such key takeaways for audience, submitting to various tracks and other nuances of paper submissions.  We'll cover everything from structuring your paper, showcasing your methodology, and highlighting the real-world relevance of your findings.Whether you're a seasoned researcher looking to refine your game or just starting out and dreaming of presenting your first big discovery, this video is packed with actionable insights. Ready to get your research seen and heard?👉 Hit play and let's get your paper ready for the big stage!Don't forget to like this video, subscribe to the Breakpoint channel for more deep dives into security research and insights, and hit that notification bell so you don't miss our next installment in CFP Series!If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their AI Agents to do for them' :) Guest: Krishna PandeySenior Director, Cybersecurity | XeroxAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Kunal AggarwalCTO @ RedHunt LabsAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Effective Paper Submission for Beginners Part 02You've seen the good researchers on stage at the best conferences or your favorite local security conference, dropping knowledge bombs and getting that well-deserved applause. Ever wondered how they got there? It all starts with a killer paper submission!In this second episode, part of our "CFP series", I'll share some fun facts about what really makes a submission stand out, what needs to be explained, what depth to go to. In this instalment- I will discuss a sample presentation and trace it back to their research thinking and what ends up getting into the paper. We'll cover everything from structuring your paper, showcasing your methodology, and highlighting the real-world relevance of your findings and more..Whether you're a seasoned researcher looking to refine your game or just starting out and dreaming of presenting your first big discovery, this video is packed with actionable insights. NOTE: Later in the series we will give you a sneak peak of actual submissions and see the thought process up close. Stay Tuned!Ready to get your research seen and heard?👉 Hit play and let's get your paper ready for the big stage!Don't forget to like this video, subscribe to the Breakpoint channel for more deep dives into security research and insights, and hit that notification bell so you don't miss our next installment in CFP Series!If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.In this video from  this fun series, we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Devesh BhattCyber Security Leader | Co-Founder BSides GoaAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Imagine an AI agent managing your life. Sounds cool, right? But what if it gets hacked? We're exploring the future of AI agents and the critical need for their security.As the first installment, we share this fun series where we ask our guests to share 'What they would like their Agents to do for them' :) Guest: Anant Shrivastava Founder & Chief Researcher | Cyfinoid Research Private LimitedAgents have the potential for handling finances, travel, even critical health data. But with that power comes immense risk. But that also extends the attack surface for **data breaches**, **access control** vulnerabilities, and the terrifying possibility of **AI manipulation**. It’s about building a future where convenience doesn’t mean sacrificing security. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Effective Paper Submission for Beginners Part 01Note: There will be tons of illustrations in this series. Checkout the Breakpoint YouTube Episode to access all that.You've seen the good researchers on stage at the best conferences or your favorite local security conference, dropping knowledge bombs and getting that well-deserved applause. Ever wondered how they got there? It all starts with a killer paper submission!In this brand new video, part of our "CFP series", I'm pulling back the curtain on 'Effective Paper Submission' for security conferences. This isn't just about having a great idea/research; but also about packaging it, pitching it, and making sure it lands with the review board.We'll dive into the critical steps, from refining your initial ideation – how do you spot that truly novel vulnerability or unique research angle? – to crafting an abstract that grabs attention. Learn about the common pitfalls that sink even brilliant research, like not clearly defining your impact or burying the lede. I'll share some fun facts about what really makes a submission stand out (hint: it's not always about the most complex tech) and common mistakes that lead to rejection. We'll cover everything from structuring your paper, showcasing your methodology, and highlighting the real-world relevance of your findings.Whether you're a seasoned researcher looking to refine your game or just starting out and dreaming of presenting your first big discovery, this video is packed with actionable insights. Don't forget to like this video, subscribe to the Breakpoint channel for more deep dives into security research and insights, and hit that notification bell so you don't miss our next installment in CFP Series!If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

What an incredible season it’s been on the Breakpoint Security Podcast! From decoding API security with Bucchi Reddy to diving into SOC (un)automation with Dr. Anton Chuvakin, this season was packed with insights, stories, and actionable advice from some of the brightest minds in cybersecurity.This video shares some interesting highlights from the Season. Which was your favourite episode of the season? Mention in the comments below :)If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

In this episode of the Breakpoint Security Podcast, we dive into the evolving world of Security Operations Centers (SOC) with Dr. Anton Chuvakin, Security Advisor at the Office of the CISO, Google Cloud.Key discussion points include:Event Correlation: Exploring the automation of correlating security events in real-time and at scale. When should we rely on automation, and where does human expertise still play a vital role?Threat Detection & Response: A deep dive into machine learning (ML) and behavior-based analytics for threat detection, including insider threats and the impact of UBA/UEBA on SOC operations.Automated Response: Insights & limits of leveraging SOAR platforms to streamline incident response, the boundaries of automated remediation, and real-world use cases like quarantining devices or resetting accounts.Threat Hunting: How organizations can fine-tune automation to enhance predictive accuracy and overcome the limitations of AI in identifying potential threats.Dr. Chuvakin shares technical insights, real-world examples, and practical advice, making this a must-watch for anyone looking to optimize their SOC operations.Recommended reading/viewing for practitioners:https://cloud.withgoogle.com/cloudsecurity/podcast/ https://medium.com/anton-on-security/security-correlation-then-and-now-a-sad-truth-about-siem-fc5a1afb1001 https://medium.com/anton-on-security/stop-trying-to-take-humans-out-of-soc-except-wait-wait-wait-e19c5887ef2f https://medium.com/anton-on-security/crosspost-a-simple-soar-adoption-maturity-model-dacf61ae857b https://medium.com/anton-on-security/about-threat-intel-retro-matching-5d94f2cc1991 https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis https://medium.com/anton-on-security/stop-trying-to-take-humans-out-of-soc-except-wait-wait-wait-e19c5887ef2f If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

When even a seasoned security professional thinks about cryptography, the obvious areas are encryption at rest and in transit. But modern cryptography has penetrated our lives - in the areas we don’t even think about.  It works its magic in  IoT devices, in the cloud, while we shop, and even in the car we drive! Guest: Sandip Dholakia, Principal Security architect and co-chair of Cryptography CoE at SAP Global Security & Compliance.GlossaryECM = Engine Control ModuleBCM = Body Control ModuleRFM = Radio Frequency ModuleRecommended reading/viewing, Paper(in this topic) for practitionersModern Cryptography - The Practical GuideFor India: https://www.shroffpublishers.com/books/9789355426079/For other countries: https://bit.ly/3X36gelPatent Link: https://patents.google.com/patent/US8056538B2/enWhere Things Fall Apart, Matthew GreenCybersecurity in Automotive: Mastering the Challengehttps://www.metabaseq.com/threat/car-hacking-current-trend-in-car-theft/ Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Guest: Prashant Mahajan, Director for Payatu Australia Pty Ltd and OzHackThe Cybersecurity landscape is driven by the increasing complexity and integration of systems. One major challenge is the proliferation of interconnected devices and platforms, which expand the attack surface and create numerous entry points for malicious actors. Additionally, the rapid adoption of cloud services and virtualization technologies introduces new vulnerabilities and requires robust security measures that are often inadequately implemented.Furthermore, the rise of sophisticated attack techniques, such as advanced persistent threats (APTs) and zero-day exploits, further complicates the defense mechanisms needed to protect infrastructure. Addressing these challenges requires a multi-faceted approach, including advanced threat detection, continuous monitoring, and enhanced collaboration across the cybersecurity community.In this episode we explore this through some very interesting stories from Prashant M. What can really go wrong in our IT infra and how attackers can leverage our assumptions.Recommended reading/viewing for practitioners:ADRecon:https://github.com/adrecon/ADReconhttps://github.com/adrecon/AzureADReconhttps://www.defcon.org/html/defcon-26/dc-26-demolabs.htmlhttps://www.blackhat.com/us-18/arsenal/schedule/index.html#adrecon-active-directory-recon-11912A few recommended books for getting into Pen Testing:The Web Application Hacker's Handbook: Finding and Exploiting Security FlawsThe Art of Software Security Assessment: Identifying and Preventing Software VulnerabilitiesNetwork Security Assessment: Know Your NetworkSilence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks by Michal ZalewskiTangled Web: A Guide to Securing Modern Web Applications by Michal ZalewskiBlack Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters by Justin Seitz and Tim ArnoldThe Hacker Playbook 3: Practical Guide To Penetration TestingFollow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.This is none other than our Guest- Jayson E. Street, Chief Adversarial Officer at Secure Yeti.In today's highly digitized world, organizations are increasingly susceptible to social engineering attacks, where malicious actors manipulate individuals/employees into divulging confidential information. Despite advanced technical defenses, attackers exploit human psychology to breach security perimeters. Techniques such as phishing emails, pretexting, and baiting continue to trick employees into revealing passwords, granting access to sensitive systems, or clicking on malicious links. As digital enterprises expand their online footprints, the potential attack surface grows, making it imperative for organizations to adopt robust social engineering defenses. Failure to address this threat can lead to significant financial losses, reputational damage, and operational disruptions.This is a big one and loaded with fun stories by Jayson. Stay tuned for this next one- the Rapid Fire with Jayson Street.Episode recommendations/Links:His Book- Dissecting the Hack: The F0rb1dd3n Network (Jayson Street)His website: https://jaysonestreet.com/Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastYouTube: https://youtube.com/@breakpointsecuritypodcastIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

In this episode, we're diving deep into "Gamification for Hacking Humans" with Jayson E. Street, Chief Adversarial Officer at Secure Yeti. We discuss how attackers are exploiting human psychology through techniques like #phishing and pretexting and how #AI is making #socialengineering attacks even more sophisticated. With the rise of remote work, these #threats are more real than ever!Want to know how your organization can defend against these tactics? Check out the follow up full video for valuable insights into protecting your team from manipulation. #cybersecurity Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcastYouTube: https://youtube.com/@breakpointsecuritypodcastIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Interested in Cyber Reporting? Check out this episode where we discuss - Interpreting Security Metrics to understand real business Risk.Guest: Runa Desai Dalal, Cyber Risk Leader at AccentureCyber Strategy| CISO Dashboard| Cyber KPI| Cyber Analytics| Business Continuity |Enterprise Risk|Mentor| Coach| Guide|Understanding security data within an organization involves synthesizing data from various domains such as risk management, DevSecOps, and SOC operations to create meaningful correlations. By interpreting these security metrics, businesses can transform raw data into actionable insights that highlight potential risks and inform strategic decisions, ultimately enhancing their overall security posture and reducing business risk.Recommended reading/viewing for practitioners:Cybersecurity measurementhttps://www.nist.gov/cybersecurity-measurementReporting Cyber Risk to the Board: Real Life Exampleshttps://youtu.be/cwvwvzMo44I?si=HNxXqppzVvInH4vpReporting Cyber Risk to the Board by Omar Khwajahttps://youtu.be/1CLG0bJLqFo?si=h8yIGMrcS5I9G7y8---Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

TOPIC: Mastering Application Threat Modeling at ScaleGuest: Tony UV, CEO & Founder of VerSprite Security, and the Author of Risk Centric Threat Modeling & PASTA MethodologyWe dive deep into everything from effective threat modeling techniques for Agile and waterfall applications to scaling threat modeling across large application ecosystems. Tony shares his insights on automating this critical process, handling technical and cultural dependencies, and ensuring security practices keep up with rapid development velocity.If you're looking to understand what a robust threat modeling program looks like and how to measure its success, you're at the right place!Recommended reading/viewing for practitioners:https://www.linkedin.com/posts/tonyuv_technology-cybersecurity-threatmodeling-activity-7136353298416107520-DOxu?utm_source=share&utm_medium=member_ios- https://versprite.com/blog/organizational-threat-model-enterprise-risk-assessment/https://versprite.com/blog/threat-modeling-against-supply-chains/https://www.amazon.com/Risk-Centric-Threat-Modeling-Simulation/dp/0470500964?dplnkId=35a18e4f-f9bb-48cc-b747-46fae78757f4&nodl=1If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

In this episode, we delve into the intricate world of AI security, tackling the dual challenge of safeguarding artificial intelligence systems and utilizing AI to enhance cybersecurity. Guest: Tamaghna Basu, Founder & CEO, DeTaSECUREJoin us as we unravel the complexities of AI security and provide valuable insights that can help you stay ahead in the ever-evolving cybersecurity landscape. Whether you're a security professional, an AI enthusiast, or simply curious about the intersection of these fields, this episode offers critical knowledge and practical tips to enhance your understanding and approach to AI security.Glossary for ListenersArtificial Intelligence (AI) is the creation of computer systems that can perform tasks normally requiring human intelligence. This includes recognizing speech, making decisions, and learning from data. Imagine a smart assistant like Siri or Alexa—they use AI to understand and respond to your requests.Machine Learning (ML)A subset of AI focused on developing algorithms that allow computers to learn from and make predictions or decisions based on data.Neural NetworksComputational models inspired by the human brain, consisting of interconnected nodes (neurons) that process information in layers to recognize patterns and make decisions.Natural Language Processing (NLP)A branch of AI that enables machines to understand, interpret, and respond to human language in a natural way, including tasks like translation, sentiment analysis, and chatbots.Deep LearningA type of machine learning involving neural networks with many layers (deep neural networks), which excel at analyzing large datasets and performing complex tasks such as image and speech recognition.Adversarial AttacksTechniques used to deceive AI models by introducing malicious input, causing the model to make incorrect predictions or classifications, highlighting vulnerabilities in AI systems.Recommended reading/viewing for practitioners:Tamaghna’s BackHat Talk- Clone with AI : https://www.youtube.com/watch?v=XafJT7I71yoAdversarial Attacks: https://youtu.be/t5-vMJDFr8ET-Mobile Breach: https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customersSamsung bans ChatGPT: https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/OpenAI Data Breach: https://openai.com/index/march-20-chatgpt-outage/Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Learn to DevOpsify your Threat Detection Development!Guest: Wasim Halani, Director - Detection Engineering at SecuronixSOC teams face a continuous challenge of evolving threats and a difficulty in developing #analytics to detect such #threats. Recent times have seen the Detection Engineering function evolve along the lines of Software Engineering - which means the Agile and DevOps methodologies also apply to new detections being developed and deployed. Continuous development, continuous testing and continuous deployment are part of the game.In this episode, we dive into the challenges faced by traditional #SOC teams in building effective threat detections, explore why threat detection is inherently difficult, and discuss how #DevOps principles can enhance this process. We also cover the groundwork for implementing these principles and the most challenging aspects of developing a #detection #engineering #program.Recommended reading/viewing for practitioners:1. https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc792. https://www.securonix.com/blog/ddlc-detection-development-life-cycle/3. https://medium.com/snowflake/detection-development-lifecycle-af166fffb3bcFollow us on LinkedIn: @breakpoint-security-podcastBreakpoint Youtube: BreakpointSecurityPodcasthttps://youtube.com/@breakpointsecuritypodcastIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Checkout AI for your DevOps pipelines!Guest: Shashank Pramod Dixit, Principal Consultant, Sumeru SolutionsCISO advisory, Product Management, Security leadership, Product Security.There exist many common challenges today for SMBs doing DevSecOps. Organizations are confused among the tools, there are so many options which ones shall we choose.There are so many false positives, and unnecessary noise. There is no in-house expertise in place who can level up the application security.There are cost limitations, the license tools are expensive and open source are difficult to maintain. In this episode, we dive deep into the common challenges faced by SMBs in DevSecOps - from AI enabled tool selection confusion to dealing with false positives, lack of in-house expertise, and financial constraints.We cover the full spectrum for ways and means of using Artificial Intelligence to secure your software supply chain!Recommended reading/viewing for practitioners:https://ventureinsecurity.net/https://tldrsec.com/https://danielmiessler.com/https://yourstory.com/2023/02/bomanai-revolutionising-secure-software-development-tool-devsecops https://pulse.latio.tech/Follow us on LinkedIn: @breakpoint-security-podcastConnect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathyIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

What does Proactive API Security Testing encompass and what all you need to enhance your API Security Posture? We discuss all this with our expert guest Buchi Reddy.Guest: Buchi Reddy B, Founder & CEO of Levo.aiProactive API security testing refers to an approach where security testing activities are conducted preemptively to identify and address potential security vulnerabilities in APIs before they can be exploited by malicious actors. This proactive approach involves systematically assessing the security posture of APIs through various techniques and methodologies, even before they are deployed or exposed to production environments.By proactively testing for various attack scenarios, organizations can identify and remediate security vulnerabilities in their APIs before they are exploited by attackers, thus enhancing the overall security posture of their systems and protecting sensitive data from unauthorized access or manipulation. Guest Intro: After graduating with an engineering degree in India, Buchi began his career in a renowned hedge fund and then immigrated to the US to work in Silicon Valley startups.Since then, he has worked in 4+ Silicon Valley startups, most being seed stage. While working in one such cybersecurity startup, he encountered fundamental inefficiencies in the cybersecurity space. Inefficiencies in the development, integration and testing of API systems in enterprise applications that culminate in data breaches and PR nightmares.To tackle these problems, he founded Levo.ai, a cybersecurity startup. After 1.5 years of rigorous development, Levo is now being deployed in the environments of industry leaders, pioneering a proactive era for application security.Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comConnect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathyIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

The proliferation of digital identities and access points has increased the attack surface, making it difficult to monitor and secure user identities effectively. The rising sophistication of cyber threats, including identity theft and credential-based attacks, demands proactive measures to detect and respond to these threats promptly. Additionally, compliance requirements and data protection regulations necessitate robust identity security to avoid legal and financial repercussions. All the above result in growing the complexity of managing user identities, especially in large enterprises and hence require automation and real-time monitoring capabilities to manage Identity threats, ensuring the organization can effectively safeguard its digital assets and sensitive data.Guest : Sudarshan Pisupati, Principal Research Engineer at Zscaler. He is currently focused on adding  Identity Threat Detection and Response capabilities to Zscaler's cyber threat protection portfolio. If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe  at enterprise level. SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how  your services talk to other SaaS apps.A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues. In this episode, we dive deep into SSP implementations for organisations.Guest: Abhishek Anand, Co-Founder Koala LabAbhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.Recommended reading/viewing for practitioners:SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics38% of companies run almost entirely on SaaSAs of 2021, an average of 110 SaaS apps are used per organization.Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-driveCase: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-futureTL;DR:  https://tldrsec.com/- Good newsletter covering a lot of security researchSSP Coverage Reference: https://www.koalalab.com/saas-securityIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

In today's world of rapidly evolving technology and the increasing complexity of software systems, ensuring the security and compliance of applications across the stack has become paramount. The stack has also gotten to be much more complex with the proliferation of APIs on cloud and cloud-native technologies. Tightly coupled security controls for things like Authorization, Validation and Admission Control is not realistic and is causing a large inconsistency in the implementation of security controls. This episode will provide an in-depth exploration of Policy-as-Code (PaC) and how it can be employed to implement decoupled security practices across the stack. PaC serves as a unified framework that enables organizations to define, manage, and enforce policies in a consistent, transparent, and automated manner. This approach facilitates better security, compliance, and risk management, while also reducing the need for manual intervention.Guest: Abhay Bhargav, Founder of we45,Appsec EngineerAbhay Bhargav is the Founder of the Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for. Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOpsHe has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

From Chaos to Compliance: Navigating the ISMS Implementation MazeIn this episode, we will be talking about the challenges an organization faces when doing an ISMS implementation. We will talk about this in the context of ISO 27001 implementation and see the practical nuances it entails.Guest: Sripati MS, Assistant Vice President, Risk, Utkarsh Small Finance BankHe is an information security risk management professional, 18 years and counting. He has helped create, run, and audit information security programs for customers in the oil/gas, utility, and banking domains. He has also helped provide security assessment services to customers in various industries. He runs a blog (sripati.info) and answers questions on Quora.Recommended reading/viewing for practitioners:- Gary Hinson’s ISO 27001 Google Group (https://iso27001security.com/html/forum.html https://groups.google.com/g/iso27001security)- ISO Certification Process: www.advisera.com- ISO 27001 Standard: https://iso27001security.com/If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

MITRE ATT&CK has been the go-to framework for both offensive & defensive security teams. It’s sophistication and vast coverage makes it quite comprehensive, often not easy to fathom, let alone implement to the fullest. In this episode of br3akp0int, we demystify this through practical scenarios & Shweta’s experience of implementing it in day-to-day activities of Cyber Defenders. Guest: Shweta Kshirsagar, General Manager - Security Assurance, Airtel AfricaShweta is an accomplished information security professional with 18 years of industry experience in various domains of Cyber Security such as Cyber Incident Response, Data Protection and Privacy, Information Security Audit and Compliance. Possess strong leadership skills with a collaborative approach towards driving cross-functional programs. Holds multiple professional certifications and has won awards and recognition in the industry.Recommended reading/viewing for practitioners:Mitre Att&ck Framework & website: https://attack.mitre.org/matrices/enterprise/ https://github.com/mitre-attack https://center-for-threat-informed-defense.github.io/attack-sync/ https://redcanary.com/blog/avoiding-common-attack-pitfalls/https://www.inforisktoday.in/insights-from-dual-vendor-saas-based-siem-implementation-a-22207If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

From Zero to One: Bootstrapping Security for your OrganizationWith the rise in the number of digital start ups, many of us in security and engineering find ourselves in a place where we are the first of the lot. We need to not just define, but start and secure our organization and assets from the ever growing set of breaches & attacks. This episode is dedicated to starting security from scratch and going ground up.Guest Intro: Prajal Kulkarni, Chief Information Security Officer  @ GrowwPrajal Kulkarni brings over 13 years of expertise in securing infrastructure, designing robust security frameworks, and assisting startups in their initial security journey. As the current Chief Information Security Officer at Groww, he leads a team of talented and dynamic security engineers.Before joining Groww, Prajal held the position of Senior Security Architect at Flipkart, where he was responsible for ensuring the security of the entire ecommerce business. He also managed comprehensive security charters for Flipkart's M&A companies, contributing significantly to their secure operations.Furthermore, Prajal led a skilled team at a prominent Fintech company, overseeing offensive and defensive security projects to safeguard their systems and data.Beyond his corporate experience, Prajal actively participates in the Indian security community. He serves as the lead contributor to Code Vigilant, an open security project that promotes responsible disclosures and enhances the security of open source software.If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

The world is getting smarter and the number of IoT devices is growing by the day. Securing such environments presents unique challenges due to the diverse nature of these devices and the complexity of their interactions.Guest: Aseem Jakhar  Co-Founder & Dir. Research at PayatuLinkedin: @aseemjakharX: @aseemjakharAseem Jakhar is a Cybersecurity Entrepreneur and Technologist with two decades of experience in security product development, services, building and scaling teams and communities. He is currently working on solving the IoT Security problem with his latest venture EXPLIoT. He has previously bootstrapped impactful cybersecurity companies to multi-million dollar revenue. He co-founded Payatu, Nullcon, Hardwear.io and null - the open security community.He is an active speaker and trainer at various security conferences like AusCERT, Black Hat, Defcon, Brucon, Hack.lu, Hack in Paris, Hack In The Box, PHDays, Zerocon and many more. He has authored various open source security software including:  - EXPLIoT - IoT Exploitation Framework https://expliot.io  - DIVA Android (Damn Insecure and Vulnerable App for Android)  - Jugaad/Indroid - Linux Thread injection kit for x86 and ARM  - Dexfuzzer - Dex file format fuzzerRecommended reading/viewing,  for practitioners:U.S. Cyber Trust Mark: https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/IoT Profiler research: https://www.usenix.org/conference/usenixsecurity23/presentation/nanEXPLIoT - IoT Security Testing and Exploitation framework: https://gitlab.com/expliot_framework/expliot Docs - https://expliot.readthedocs.io/en/latest/Singapore Cybersecurity Labeling Scheme - https://www.csa.gov.sg/our-programmes/certification-and-labelling-schemes/cybersecurity-labelling-schemeHands-on IoT Hacking Ebook - https://store.expliot.io/products/hands-on-internet-of-things-hackingIf you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

TOPIC: DevSecOps for teams building on Steroids Developers have already adopted public cloud in all tech enabled companies and industry verticals. Security teams are mostly for after the fact testing, signaling that compliance is in place or even as a sales aid when selling to large enterprises. If Continuous Delivery is the goal (as that gets the business money) then the integration and deployment pipelines (CI/CD) are the assembly lines. Far too often under the misguided notions of shift left, security teams come and slow things down by adding security steps to such pipelines and are surprised when no one likes this. This is what he was able to solve for Byjus enterprise business team and they presented this at DevOps Enterprise Summit 2021 Europe as well.Guest: Akash Mahajan, Founder &  CEO Kloudle,AppseccoBefore founding Kloudle, Akash started Appsecco in 2015. At Appsecco, they did security testing of products hosted in the public cloud. They tested 100s of applications. But instead of app bugs, they found most of the time cloud infra was misconfigured.Humans make mistakes. So far most developers are human too. Project after project they hacked into customer's apps due to cloud misconfigurations. Therefore, they built Kloudle. Kloudle automates cloud security to eliminate human errors in setting up and using cloud infrastructure. It answers 3 things. What's running, what's wrong, how to fix it. Automatically in a loop. A CSPM built for devs.Recommended reading/viewing,  for practitioners:The Phoenix Project [https://www.amazon.in/Phoenix-Project-Devops-Helping-Business/dp/1942788290]The Goal [https://amzn.eu/d/ebKsrd6]Accelerate [https://amzn.eu/d/41jhgu6]DORA Metrics [https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance]Turtles All The Way Down Scaling Enterprise BizOps by Automating DevOps Practiceshttps://github.com/devopsenterprise/2021-virtual-europe/blob/main/PPT%20revamp%20-%20DevOps%20Enterprise%20Summit%20v6%20(2).pdf If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy

TOPIC:  Sprinting Securely: Pentesting Keeping Pace with Agile DevelopmentBuilding Actionable Security Champion Programs & Pentest catching up with speed of agilePodcast Guest: Sanoop Thomas (@s4n7h0)Sanoop Thomas (@s4n7h0) is a seasoned security professional with a diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as an information security specialist focusing on application security and secure coding. His field of interest includes fuzzing software vulnerabilities, reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He also moderated null open community chapter in Singapore and Mumbai and organized over hundreds of events and workshops to spread security awareness across the country. Sanoop is the author and maintainer of Halcyon IDE project (https://halcyon-ide.org) and podcast show host at InfoSec Campus (https://infoseccampus.com). He has spoken at multiple international security conferences that includes Nullcon, OWASP India, DevSecCon, HITBGSEC, Rootcon, Defcon (Demo Labs) and Blackhat (Arsenal - Vegas and Singapore). Sanoop is also the founding organizer for BSides Singapore.Recommended reading/viewing, for practitionerstl;dr sec newsletter by Clint Gibler (@clintgibler) https://tldrsec.com/The Backend Engineering Show with Hussein Nasser (podcast) https://www.youtube.com/@hnasrhttps://www.youtube.com/playlist?list=PLQnljOFTspQU0ICDe-cL1EwXC4GDSayKY Listen to Sanoop Thomas’ podcast: Infosec Campushttps://infoseccampus.com/If you like to see more like this, please Subscribe to Breakpoint Youtube! Please Share with others in the community. It always means a lot!Follow us on LinkedIn: @breakpoint-security-podcastAudio on Buzzsprout: https://breakpoint.buzzsprout.comBuzz me on Twitter or LinkedIn Connect with me on -Twitter: @NeeluTripathy LinkedIn: @neelutripathy