Security Conversations

[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ] Walmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try.

Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries.

AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning.

Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool.

Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions.

Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a "one team, one parking lot" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami.

Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing "cattle vs pets," the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses.

In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team.

Veteran malware hunter Costin Raiu talks about writing his own an anti-virus program as a teenager in Romania, his work tracking advanced threat actors globally, and why he assumes his computer is compromised by at least three APT groups.

Flashpoint chief executive Josh Lefkowitz talks about how his previous work as a counter-terrorism analyst underscored the value of contextual threat-intelligence, his company's approach to gathering and analyzing data, and his mission to be an extension of a client's security team.

BlackBerry security response executive Christine Gadsby joins the podcast to talk about tough decisions around shipping secure software, the challenges of securing supply chain dependencies, BlackBerry's new ransomware recovery feature, and her upcoming Black Hat 2018 presentation.

Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.

Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.

Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.

Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.

David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.

SVP and Chief Information Security Officer (CISO) at Lending Club, Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data. (Recorded during fireside chat at SecurityWeek’s CISO Forum).   https://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3

Founder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.   https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3

Managing Partner at YL Ventures, Yoav Leitersdorf (ylventures), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.   https://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3

Principal Security Researcher at Recorded Future’s Insikt Group, Juan Andrés Guerrero-Saade (juanandres_gs), explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don’t have to be “sophisticated” to launch successful attacks.   https://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3

The founder and CEO of Dragos, Inc. Robert M. Lee (RobertMLee) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.   https://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3

VP of Product at RiskIQ Brandon Dixon (@9bplus) delves into nation-state cyber operations, explains why it’s dangerous to underestimate North Korea’s capabilities, and his passion for roasting the perfect coffee bean. https://securityconversations.com/wp-content/uploads/2018/05/ep27-brandon-dixon.mp3

Slack security architect Ryan Huber talks about the gargantuan task of defending an organization with 8 million daily active users, burnout, and fatigue in security teams and a range of issues around bug bounties and penetration testing.

Chief Technology Officer at Quarkslab Ivan Arce (@4dgifts) tells stories about the birth of penetration testing platforms, the concentration of hacking talent in Argentina, and his focus on security problems in the Android ecosystem. https://securityconversations.com/wp-content/uploads/2018/05/ivan_arce_01.mp3

Founder and CEO of Fyde (@FydeApp) Sinan Eren discusses the “iOS-ification” of platforms and the security ramifications, the dangers of running AV software, the iOS vs. Android security argument, and his new venture to address mobile phishing attacks. https://securityconversations.com/wp-content/uploads/2018/05/Ep-24-sinan_eren.mp3

Founder and CTO at Senrio Stephen Ridley (@s7ephen) talks about the abysmal state of IoT security, his recent exploitation of an IP camera, and router to exfiltrate corporate data and his experience as a minority in the security industry. https://securityconversations.com/wp-content/uploads/2018/04/Ep23-stephen-ridley.mp3

Founder and CEO at MKACyber Mischel Kwon joins the podcast to address the state of the SOC (Security Operations Center) and how businesses should deal with issues around excessive alerts, incident response times, and outdated metrics.

CISO and VP of Strategy at Digital Shadows Rick Holland discusses his path in the information security industry, advancements in the threat intel space, and his passion for good bar-b-que.

Latacora Security founder Thomas Ptacek joins the podcast to weigh in on the cybersecurity skills shortage, his approach to recruiting and hiring, and what needs to be done to address diversity in the industry.

Co-founder and Chief Security Officer at Signal Sciences Zane Lackey riffs on DevOps, the almost impossible task of defending organizations from intruders, bug bounties versus penetration testing, and the pros and cons of launching a company with venture capital investment.

Thinkst founder Haroon Meer talks about building a security company from scratch without VC funding, using Canaries to pinpoint signs of intruder activity, advancements in security research, and the state of the bug bounty market.

Red teamer and security researcher by day, nerdcore rapper by night, ‘int eighty’ joins the podcast to talk about his work breaking into computer systems, common security mistakes that people make, and his double life as a musician in Dual Core.

Veteran cybersecurity writer Dennis Fisher joins the podcast to talk about his new journalism venture at decipher.sc, his preference for long-form writing, and the trends worth following in the security space.

Tim Maurer, a scholar at the Carnegie Endowment for International Peace, talks about nation state-backed hacking activity and the dangers of breaking trust in the global financial system.

Principal and founding investor at ForgePoint Capital Cybersecurity William Lin talks about venture capital activity in the security space, sectors that are ripe for investment, missed bets on successful companies, and the cybersecurity talent shortage.

Chief Information Security Officer at Turner Broadcasting Pete Chronis discusses his new book on solving the cybersecurity conundrum, the day-to-day grind of securing a global media organization, and the role of the CISO in the modern world.

Adobe’s Chief Security Officer Brad Arkin talks about setting and managing risk management priorities, protecting company infrastructure, the challenges of securing software, and the looming death of Adobe Flash Player.

Director of Security at Facebook Aanchal Gupta joins the podcast to share her story and provide guidance for young women struggling to overcome societal obstacles.

Senior Director of Security and Compliance at Vera Security Tom Conklin talks about the pros and cons of using bug bounty programs, the challenges of managing risk in smaller companies, and why user awareness training is an ongoing headache for security administrators.

Chief Information Security Officer at Fox News, Fox Business, and Fox Television John Terrill joins the podcast to talk about life in the CISO trenches and makes a bold prediction that could significantly change the cybersecurity narrative.

Co-founder and CEO of Recorded Future Christopher Ahlberg discusses the emergence of threat intelligence as a valuable security tool, the morals and ethics surrounding disclosure of nation-state attacks and the importance of tracking adversaries beyond the wall.

As businesses struggle with security awareness training for employees, Elevate Security co-founder Masha Sedova argues that the focus should be on “behavior change” and recommends the use of positive motivation and available tools to get employees to make better security decisions.

Veteran security journalist Paul Roberts talks about the creation of Security Ledger, his work covering cybersecurity, the democratization of media, and hiccups with IoT legislation.

Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.

Sharon Anolik, President and Founder of Privacy Panacea, talks about her work advising corporate clients on privacy and data protection issues, the looming chaos surrounding the European Union’s GDPR (General Data Protection Regulation) and the role she plays on ‘Silicon Valley.’

Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.

Dark Reading executive editor Kelly Jackson Higgins joins the podcast to tell security journalism war stories, talk about her new WiFi-enabled refrigerator and some trends worth following closely.

Computer security researcher and CEO of Luta Security, Katie Moussouris. talks about her life in the penetration testing trenches, advocating responsible security research, building bug bounty programs and the challenges of succeeding as a woman in the industry.