Latio: On the Record

In this conversation, we discuss the evolving landscape of security operations, focusing on the challenges and innovations in data management, particularly in relation to Security Information and Event Management (SIEM) systems, data lakes, and the role of data pipelines. They explore the concept of cybersecurity mesh, the importance of data governance, and the need for data engineers within security teams. The discussion also touches on the impact of AI on security operations and the complexities of navigating various security tools and technologies.Guests:* Jonathan Rau - VP and Distinguished Engineer at Query.aiSummary Points:* The traditional SIEM model is being challenged by new data management approaches.* Data lakes are becoming essential for effective security data management.* Cybersecurity mesh offers a new way to access and utilize data across platforms.* Data hygiene is crucial for effective security operations.* Security teams often lack the necessary data management skills.* The role of data engineers is increasingly important in security teams.* Organizations need to be proactive in their data governance strategies.* AI is transforming how security operations are conducted.* Understanding the complexities of security tools is vital for effective management.* The future of cybersecurity standards is still evolving and requires adaptation.Chapters00:00 Introduction to Cybersecurity and Data Management02:21 The Evolution of Security Information and Event Management (SIEM)05:39 Challenges with Traditional SIEMs and Data Centralization08:16 The Shift Towards Data Lakes and Pipelines10:44 Understanding Data Mesh and Federated Search13:28 Navigating the Complexity of Modern Data Architectures16:22 The Role of Data Normalization and Processing19:21 Future Trends in Cybersecurity Data Management26:26 Making Security Analysts' Jobs Easier27:45 The Distinction Between Vulnerability Management and Incident Response29:16 The Role of Data Engineers in Security34:26 Data Hygiene and Security Hygiene36:49 The Need for Data Engineers in Security Teams39:41 Challenges in Tool Selection and Integration43:56 Understanding OCSF and Apache Iceberg Get full access to Latio Pulse at pulse.latio.tech/subscribe

Featuring:* Omer Yair - Co-founder of Raven.io* Martin Torp - Co-founder of Coana (Now part of Socket.dev)SummaryIn this conversation, the hosts explore how reachability technologies help in vulnerability management, the challenges faced in implementation, and the best practices for choosing the right approach. The discussion also highlights the significance of network reachability and function execution in assessing risks, as well as the importance of vendor comparisons in the cybersecurity landscape.TakeawaysReachability is about determining if a vulnerability is relevant to an application.The goal of reachability is to assess exploitability.Static analysis is simpler and does not require a running application.Runtime reachability provides real-time insights into application behavior.Network reachability helps prioritize vulnerabilities based on actual risk.Function execution during runtime indicates the highest priority vulnerabilities.Choosing between static and runtime reachability depends on organizational constraints.The volume of CVEs is increasing, making effective prioritization essential.Understanding vendor capabilities is crucial for effective reachability analysis.Performance monitoring tools like Grafana can help assess the impact of security sensors.Chapters00:00 Introduction to Reachability Technologies01:39 Defining Reachability and Its Importance04:38 Exploring Static vs. Runtime Reachability10:23 Diving Deeper into Static Reachability19:02 Understanding Runtime Reachability and Its Types26:19 Understanding Runtime Function Execution28:33 Static vs. Runtime Analysis: A Complementary Approach34:23 Choosing the Right Reachability Method37:32 Challenges in In-House Vulnerability Management39:47 The Importance of Effective CVE Management42:45 Navigating Reachability Analysis Challenges45:45 Optimizing Scan Times and Performance50:47 Performance Insights and Attack Path Considerations Get full access to Latio Pulse at pulse.latio.tech/subscribe

Featuring:* Dor Sarig - Co-Founder of Pillar Security* Vrajesh Bhavsar - Co-Founder of Operant AIIn this episode, the hosts discuss the critical aspects of AI security with industry experts. They explore the unique challenges posed by AI technologies, the role of CISOs in navigating these challenges, and the emerging threats that organizations face. The conversation emphasizes the importance of data control, compliance, and the need for robust testing and red teaming strategies. The experts also highlight industry-specific concerns and the future of AI security tools, providing valuable insights for organizations looking to secure their AI applications.Takeaways* AI fundamentally changes how we approach security.* Protecting sensitive data and models is crucial.* Security must enable innovation, not hinder it.* Data is now executable, increasing risks.* CISOs need to focus on compliance and data control.* Emerging threats require new security strategies.* Testing AI systems is complex and requires new methods.* Industry-specific regulations impact AI security needs.* Collaboration between security and data teams is essential.* The future of AI security tools is evolving rapidly.Chapters00:00 Introduction to AI Security02:29 Understanding the Shift in Security Paradigms05:18 The Rapid Evolution of AI Technologies07:45 CISO Perspectives on AI Security10:13 Top Concerns in AI Security11:59 Emerging Threats and Attack Vectors14:27 Data Governance and Compliance Challenges17:21 The Role of Security Teams in AI Programs22:30 Collaboration Between Security and Data Science23:39 The Importance of Data Control in AI Security25:00 Understanding Risks in AI Security29:02 Identifying Malicious vs. Benign Activities31:26 The Role of Testing Infrastructure in AI Security33:45 Industry-Specific Security Concerns35:52 Red Teaming and AI Security Testing39:10 The Need for Comprehensive Threat Modeling41:21 Data Security in the Age of AI Get full access to Latio Pulse at pulse.latio.tech/subscribe

SummaryIn this conversation, James Berthoty, Kyle Polley from Perplexity, and Ariful Huq from Exaforce explore the complexities of security operations, focusing on the role of Security Operations Centers (SOCs), the integration of AI, and the evolving landscape of cloud security. They discuss the motivations behind purchasing SOCs, the importance of compliance, and the challenges faced by security teams in managing alerts and incidents. The conversation highlights the potential of AI to enhance SOC functions, reduce alert fatigue, and improve detection engineering, while also addressing the need for context in security operations. The discussion concludes with insights on the future of security data and the operationalization of detection engineering.Takeaways* The initial push for SOCs often stems from compliance needs.* Understanding the budget is crucial when considering SOC options.* AI can significantly enhance the efficiency of SOC operations.* The integration of CNAPP and SOC is becoming increasingly important.* Contextual information is vital for effective incident response.* MDR solutions can be beneficial but may lack the necessary context.* Detection engineering requires a blend of security and software engineering skills.* Alert fatigue is a significant challenge for SOC teams.* The future of security data will encompass more than just logs.* AI has the potential to democratize security operations and improve analyst capabilities.Chapters00:00 Introduction to Security Operations01:31 Understanding the Need for SOCs05:42 The Role of CNAP in Security08:34 Balancing SOC and CNAP Solutions10:08 Traditional SOC Roles and Responsibilities11:45 The Evolving Nature of SOC Teams13:49 Contextualizing Alerts in Security15:32 Integrating AI into SOC Operations20:52 Enhancing Analyst Efficiency with AI25:39 Learning from Past Investigations27:06 The Importance of Threat Hunting in SOCs29:43 Leveraging AI for Threat Intelligence and Detection31:02 Modernizing SOC Skills and Detection Engineering35:00 Reimagining Detection Engineering with AI38:43 The Role of Data Normalization in AI Models40:48 The Future of AI in Security Operations43:12 The Evolution of SIEM and Security Data Lakes Get full access to Latio Pulse at pulse.latio.tech/subscribe

Latio On The Record — Episode 5Guest: Yoad Fekete (ex-Co-Founder & CEO, Mirror Security; now leads Security & Infrastructure at Lynx Security)Hosts: James Berthoty & CharrahRecorded: Wednesday, June 4Why we wanted Yoad onMirror Security caught our eye back in 2022 for one reason: it tackled SolarWinds-style software-supply-chain attacks head-on, instead of stopping at familiar SCA vulnerability scans. Myrror had the rare combination of genuinely differentiated and useful technology. Two years (and one graceful shutdown) later, Yoad has a rare 360-degree view of what happens when brilliant tech meets a market that just isn’t ready.Conversation highlights0:17 Yoad’s background: Microsoft IR after SolarWinds → co-founding Mirror to catch supply-chain intrusions early4:14 Why “traditional” SCA tools don’t flag injected build artifacts—and how Mirror’s binary-to-source matching tried to fix that9:18 Early market signals vs. real product-market fit: the danger of mistaking enthusiasm for intent15:35 Founder-led sales lessons: when a two-week POC needs to end at two weeks26:20 How to judge pivots: technical edge, ecosystem partnerships, and the “three-year-contract” wall51:45 Recognizing shutdown flags: stagnant pipeline, long sales cycles, and repeated VC “no’s”56:23 Yoad’s three red lights before closing: 1) zero VC appetite, 2) no pipeline growth, 3) POCs that don’t convertFive takeaways you can use today* “Cool” isn’t a buying signalIf the prospect understands your tech and still won’t sign, it’s time to revisit the problem you solve.* Own the first sales yourselfHiring reps won’t save a product the founder can’t sell; use outside experts only to tighten the motion.* Two-week POC ruleValue uncovered after week two rarely tips a deal—set a stop date and stick to it.* Plan for the acquisition auditIf a big-box buyer mainly wants your team, a fully remote, distributed headcount can complicate the offer.* Graceful shutdowns take cashBudget early for vendor obligations and employee support; you owe the team a soft landing before worrying about yourself.What’s next for YoadHe’s publishing weekly LinkedIn essays on founder lessons, cybersecurity GTM strategy, and supply-chain security—worth a follow if you’re iterating on a security startup or wrestling with product-market fit.🎧 Listen to the full episode wherever you get your podcasts, and let us know which insight resonated most. Get full access to Latio Pulse at pulse.latio.tech/subscribe

In this conversation, James Berthoty, Charrah Hardamon, Alex Zenla, and Ariadne Conill discuss the complexities of container security, focusing on low CVE images, the evolution of software distribution, and the importance of runtime protection. They explore the challenges security teams face with vulnerabilities in container images and the need for a holistic approach to security. Edera's unique approach to runtime security is highlighted, emphasizing the importance of reducing the blast radius of potential exploits and the role of AI in shaping the future of security.Takeaways* Container security is crucial in today's software development.* Low CVE images help reduce known vulnerabilities.* Docker's ease of use contributed to its widespread adoption.* Runtime protection is essential for securing containers.* Understanding the architecture of containers is key to security.* Compliance frameworks often drive security practices.* AI poses new challenges for security teams.* Holistic security approaches are necessary for effective protection.* Regularly rebuilding and redeploying images is vital for security.Chapters00:00 Introduction to Container Security01:45 Understanding Containers and Their Functionality07:05 The Evolution of Software Appliances08:49 The Rise of Docker and Its Impact12:45 Addressing Vulnerabilities in Container Images16:00 Runtime Security and Unknown Vulnerabilities18:26 The Need for Coupling Security Solutions21:31 The Misconception of Containers as VMs24:56 The Importance of Regular Redeployment26:52 Building Secure Software Components28:37 Tools for Software Composition30:42 The Role of Base Images in Security31:17 Runtime Protection with Adara36:38 Micro-VMs and Container Security40:27 The Impact of AI on Security45:23 The Future of Secure Computing Get full access to Latio Pulse at pulse.latio.tech/subscribe

Date: May 12, 2025Guest: Daniel Pacak (Software Engineer, Miggo)Hosts: James Berthoty, Charrah HardamonTopic: Building Real Runtime Security with eBPFIn this episode, we go deep on eBPF and what it actually takes to build reliable, performant runtime detection, beyond the buzzwords. James and Charrah are joined by Daniel Pacak, a longtime engineer in the cloud security space whose work spans Aqua Security, Cycode, RAD Security, and now Miggo. Daniel brings years of firsthand experience building eBPF sensors and walking the line between kernel-level complexity and practical detection coverage.We open with Daniel’s journey into runtime security, beginning with his early work on Aqua’s Tracee project and continuing through multiple startup roles where he helped shape eBPF-based detection systems. He shares candid insights about the challenges of kernel instrumentation, the tradeoffs of performance versus visibility, and why function-level detection is so difficult but increasingly important.Key discussion points include:* Why runtime protection historically underperformed on Linux* How vendors differ in their approaches to eBPF integration* The technical realities behind stack unwinding, kernel hooks, and symbolization* What ADR (and CADR) really means from a backend detection perspective* Common misconceptions around eBPF and what it can (and can’t) do* Why the industry lacks a common SDK or standard framework for building sensors* Practical advice for evaluating vendors’ claims and assessing impact in real-world clustersDaniel also walks through his thinking on why some tools overload the node with too much local processing, and what a healthier architecture looks like, particularly for teams focused on tuning alerts and scaling reliably.The episode closes with a reminder that learning eBPF is a long road, but one with real payoffs for engineers interested in modern detection systems. And for security teams trying to figure out if eBPF tooling fits into their environment, Daniel gives straightforward guidance: test it in a real cluster, give it time to run, and measure both what it detects and how it performs.Follow Daniel’s work on GitHub or LinkedIn. Get full access to Latio Pulse at pulse.latio.tech/subscribe

Featuring:* Rami McCarthy @ Wiz* Shay Berkovich @ Wiz * Charrah Hardamon @ Miggo* James Berthoty @ LatioIn this conversation, we discuss the TJ Actions incident, a significant supply chain vulnerability affecting GitHub Actions. They explore the implications of a single maintainer's code being widely used, the community's response to the incident, and the challenges of disclosure and communication. The discussion also delves into the broader impact of such vulnerabilities on the open-source ecosystem and the responsibilities of platforms like GitHub in ensuring security. In this conversation, the speakers discuss the complexities of incident management and communication strategies in the context of a significant security incident involving GitHub actions, Coinbase, and ReviewDog. They analyze the attack patterns, payloads used, and the importance of supply chain security awareness. The discussion also emphasizes the need for effective remediation strategies and best practices to enhance security in open source projects.Takeaways* TJ Actions is a supply chain issue primarily around GitHub Actions.* The incident highlights the risks of relying on a single maintainer.* Community response was crucial in addressing the vulnerability.* Disclosure practices need to be responsible and timely.* Fear-mongering can lead to misinformation about the impact of vulnerabilities.* The attack surface for open-source projects is vast and complex.* Investigating incidents requires collaboration and sharing of information.* Open-source security practices need to be scrutinized and improved.* Maintainers should be aware of the risks associated with access and contributions.* Platforms like GitHub have a responsibility to enhance security measures. We have been consistently making sure to communicate with GitHub.* It's important to empower maintainers to manage incidents.* This incident spans the shared responsibility model.* GitHub gives people a lot of tools for security.* Hash pinning actions is crucial for security.* There is a balance between usability and security in ecosystems.* The complexity of incidents can confound attempts to tell a clean story.* Proper visibility is needed to understand the attack landscape.* Organizations need to prioritize security measures effectively.* The open source community plays a vital role in security.Chapters* 00:00 Introduction to TJ Actions Incident* 01:53 Understanding the Supply Chain Vulnerability* 05:37 Community Response and Research Efforts* 09:30 Disclosure and Communication Challenges* 13:56 Impact Assessment and Fear-Mongering* 17:35 Digging Deeper: The ReviewDog Connection* 22:24 Open Source Security Concerns* 28:39 The Attack Surface and Future Mitigations* 32:32 Incident Management and Communication Strategies* 35:46 Understanding the Attack: Coinbase and ReviewDog* 38:40 Payload Analysis and Attack Patterns* 44:09 The Need for Supply Chain Security Awareness* 49:13 Remediation Strategies and Best Practices Get full access to Latio Pulse at pulse.latio.tech/subscribe

In this episode of Latio: on the Record, experts discuss the critical aspects of cloud security, focusing on runtime security, its challenges, and the evolving threat landscape. The conversation highlights the importance of collaboration between security and DevOps teams, the need for effective incident response strategies, and the integration of AI in security practices. The panelists share insights on prioritizing security measures, addressing supply chain vulnerabilities, and the necessity of building trust in security tools and processes.Featuring:* Gal Elbaz from Oligo Security* Sergej Epp from Sysdig* Casey Lems from PagerDuty* Crystal Poenisch from Frequency Labs* James Berthoty from Latio TechTakeaways* Runtime security has been historically overlooked in cloud security.* Prioritizing security measures involves balancing guardrails, posture management, and runtime security.* The threat landscape is evolving, with supply chain attacks becoming more prevalent.* Collaboration between security and DevOps teams is essential for effective runtime security.* Operationalizing runtime security presents unique challenges for security teams.* AI can enhance security practices but also introduces new risks.* Building trust in security tools is crucial for adoption and effectiveness.* Security must adapt to the fast-paced changes in technology and threats.* Understanding the motivations of different teams can improve collaboration.* The future of security lies in a collaborative effort across all teams.Chapters* 00:00 Introduction to Cloud Security and Runtime Challenges* 00:04 New Chapter* 02:13 Prioritizing Cloud Security Components* 03:40 Evolution of Cloud Security Practices* 06:28 Application Security and Runtime Defense* 10:15 Communicating the Importance of Runtime Security* 12:27 Integrating Runtime Security into Cloud Programs* 14:31 Operationalizing Runtime Security in SOCs* 18:46 Navigating the Complexities of Cloud Security* 23:10 Future Directions in Cloud Security* 25:44 Understanding Runtime Security Challenges* 27:32 The Evolution of User Roles in Security* 30:10 Collaboration Between Security and Development Teams* 32:55 The Impact of AI on Security Practices* 37:33 Navigating the Complexities of Security in Modern Development* 44:21 The Human Element in Security Collaboration Get full access to Latio Pulse at pulse.latio.tech/subscribe