Episodios
-
We have had so much fun making The Security Repo Podcast, and we hope you have learned as much as we have along the way. The tides of change have finally reached our shore, and we are sad to announce the departure of Mackenzie Jackson, our original founder, producer, and co-host of the podcast, from our regular episodes. We wish him much success in his new adventures. We are also announcing a brand new chapter in the history of the program. Dwayne McDaniel will now be joined weekly by Kayssar Daher, the head of security at GitGuardian. As an active security practitioner, Kayssar asks different kinds of questions that we know you will most find insightful and engaging. We have some amazing things planned for the future of the show. Thank you for listening and being part of the Security Repo Podcast community.
-
In this episode of The Security Repo Podcast, we explore all things Data Loss Prevention (DLP).
We are joined by Daniel Jay, Senior Director of Product Management at GTB Technologies.
We start with a quick high-level of the topic of Data Loss Prevention and how we met at the RSA Conference 2024. By the end, we turn the conversation to AI and balance the risks of using LLMs with faster output.
Links mentioned in this episode:
https://www.linkedin.com/in/daniel-jay-a683b635/
GTTB.com
-
¿Faltan episodios?
-
In this episode of The Security Repo Podcast, we look at security automation and how we can engineer our way to better security overall.
We are joined, once again by Huxley Barbee, who has been a fixture of the security community for over 20 years. Professionally, he was a security consultant working with customers in finance, insurance, manufacturing, and higher education. Currently, he leads the security engineering group at a fintech company. Beyond the day job, he is also active in the security and hacker community. He started attending DEF CON in the late 90s, has spoken at many conferences throughout the US, and is the lead organizer for BSidesNYC. He lives in New York. You should connect with him on social media, buy him a drink, or both.
We start with a great discussion of what to automate and what not to automate when thinking about security. From there, we explore the role of AI in the security tool belt and how we can best leverage it to improve our posture. By the end, we get some updates about BSides NYC and elsewhere.
Links from this episode:
Previous Appearance:
https://youtu.be/vDNPsAPnSDc
Socials:
https://www.linkedin.com/in/jhbarbee/
BSides NYC:
https://bsidesnyc.org/
-
In this episode of The Security Repo Podcast, we take a look at the role developer training and awareness have in improving security.We are joined by Chris Lindsey, Application Security Evangelist at Mend.io. He is a seasoned speaker who has appeared at conferences, webinars, and private events. Chris draws on expertise from more than 15 years of direct security experience leading and building security programs and over 35 years of experience leading teams in programming software, solutions, and security architecture.We start with how training and awareness are the start of the process but not all that is needed. From there, we discuss developer tooling vs security tooling and what gaps exist. By the end, we get into AI and how to think about a future with auto-remediation. Links from this episode:https://www.linkedin.com/in/chris-lindsey-39b3915/
-
In this episode of The Security Repo Podcast, we dive deep into how AI is helping the Red, Blue, and Purple teams and how we can leverage ChatGPT to stay ahead of attackers. We are joined once again by Jason Haddix Founder, CEO and Head of Training at Arcanum Information Security. He is also the creator of the Arcanum Cyber Security Bot:https://chatgpt.com/g/g-HTsfg2w2z-arcanum-cyber-security-botListen in to find out what you have been missing about AI. https://www.linkedin.com/in/jhaddix/
-
In this episode of The Security Repo Podcast, we dive deep into a rather troubling phenomenon: scammers who target senior citizens. We are joined by Anita Nikolich, a speaker and a university-based cybersecurity researcher specializing in network security and cryptocurrency analytics. She joins us as the founder and co-principal Investigator of DART, a collective of researchers, security experts, game designers, and community-based organizations who have come together to combine their expertise and passion to develop the Deception Awareness and Resilience Training (DART) platform. We discuss real-world examples, the realities of scammers and cybercrime, and why they target the people they attack. We also get into how the DART collective is working to ensure we raise awareness in a way that affects the most people without being too heavy-handed. Anita shares some free resources to help protect the people you love and tells us how we can get involved to help.
Learn more at https://dartcollective.net/https://dartcollective.net/deepcover/
-
In this episode of The Security Repo Podcast, we dive deep into a pervasive cybersecurity issue: open data buckets. Joined by Glen Helton, Director of Information Security at a major multinational and founder of the Sky Witness Project, we explore how improperly secured cloud storage—commonly known as "open buckets"—can expose sensitive data to the world. Glen shares insights on the scale of the problem, revealing that billions of files are currently accessible to anyone with the right tools. We discuss real-world examples, the challenges of responsible disclosure, and practical advice for organizations to secure their data. Whether you're a seasoned security professional or a curious listener, this episode will make you rethink how you handle and protect data in the cloud.
-
In this episode of The Security Repo, we sit down with Jossef Harush Kadouri, a pioneer in software supply chain security and founder of Dustico, now part of Checkmarx. Jossef shares his journey from startup to acquisition, detailing the ever-evolving landscape of supply chain attacks. We explore how malicious actors are exploiting open-source ecosystems, the challenges of maintaining secure software, and practical steps developers and organizations can take to protect themselves. Whether you're a seasoned security professional or new to the field, this episode offers valuable insights into safeguarding your software's supply chain.
Show Notes: Linkedin - https://linkedin.com/in/jossef
-
This episode we are joined by Avi Douglen, Founder and CEO of Bounce Security. Avi, a key figure in the security community and former OWASP chapter chair. The discussion covers the significance of OWASP, its resources, threat modeling and Avi's personal journey within the organization.Listeners will gain insights into the concept of value-driven threat modeling and how it can enhance security measures by focusing on what truly matters for a product. Avi also shares his views on the unique challenges and risks the security community faces, the necessity of inclusivity, and the pivotal role of threat modeling in security processes.Avi also gives us his insights into the best and worst security advice they’ve encountered, providing both humorous and thought-provoking anecdotes. Whether you're a seasoned security professional or new to the field, this episode is packed with valuable takeaways on building and maintaining robust security practices. Tune in to learn from Avi’s extensive experience and his innovative approaches to securing products effectively.Show Notes: Social Media for Avi Linkedin - https://www.linkedin.com/in/avidouglenTwitter (X) - https://twAvi Douglen - Bounce Security | LinkedInitter.com/sec_tiggerBounce Security - https://www.bouncesecurity.com/Avi on OWASP - https://owasp.org/www-board-candidates/2023/avi_douglen OWASP Global Lisbon - https://owaspglobalappseclisbon2024.sched.com/avid2
-
Today we sit down with Bobby Kuzma, Director of Offensive Cyber Operations at Pro Circular and adjunct professor at the University of Washington. Bobby shares his unique journey into the world of penetration testing, including how he accidentally acquired his CISSP certification. We delve into the fascinating world of offensive security, discussing the highs and lows of pen testing, the importance of creativity in cybersecurity, and Bobby’s current work on leveraging AI to enhance security testing. Tune in for an insightful conversation filled with real-world stories, expert advice, and a look at the future of cybersecurity.Show NotesBobby’s Linkedin - https://www.linkedin.com/in/bobbykuzma/ Introduction - 0:00 Accidentally getting CISSP - 1:09Talking about failures in pen-testing - 6:33 Stories when things go wrong - 9:30 Legal issues with pen-testing - 17:30 Have you been arrested? 21:00What advice would you give to your younger self - 23:00 Best and Worst - 28:16
-
Today we welcome J Wolfgang Goerlich, an advisory CISO, mentor, and strategist. We delve into the intricacies of security design frameworks and the importance of building and maintaining relationships in the cybersecurity field. Wolfgang shares his expertise on creating effective security programs, fostering trust within teams, and navigating the challenges of the CISO role. Tune in to gain valuable insights on cybersecurity strategy and the significance of collaborative relationships in achieving security goals.
Show Notes:
Linkedin: https://www.linkedin.com/in/jwgoerlich/
X / Twitter: https://x.com/jwgoerlich
Website: https://jwgoerlich.com/
Securing Sexuality: https://www.securingsexuality.com/
Introduction - 0:00
Security Design Framework - 1:00
Security obstacles & user experience - 6:50
Become a CISO - 9:05
Wolfgang's journey to CISO - 12:50
Managing relationships in security - 17:10
Building effective teams - 28:30
Best and Worst - 29:40
-
Today we dive into the fascinating world of nuclear energy and cybersecurity with Andrew Elliot, a senior manager at KPMG's cybersecurity team. Andrew shares his journey from a nuclear engineer to a cybersecurity expert, providing unique insights into the importance of security culture, the resurgence of nuclear energy, and the critical role of cybersecurity in protecting critical infrastructure. Tune in to explore the complexities of nuclear security, the significance of cybersecurity training, and the future of energy security.
Show Notes:
Linkedin - https://www.linkedin.com/in/andrew-elliot-3a25b95b/
0:00 - Introduction
1:07 - Getting started in nuclear energy
3:35 - Resurgence in nuclear
9:55 - Nuclear security to KPMG
12:15 - Effective security exercises
16:20 - Lessons from nuclear security
19:45 - The goal of security in companies
21:50 - Opinion on Cyber Insurance
26:50 - Where /when to invest in security
32:02 - Best and Worst
-
In this episode of The Security Repo, we dive deep into the world of threat modelling with Paul McCarty, a veteran in the field of DevSecOps and founder of SecureStack. Paul shares his journey from being a Unix admin to working with high-profile organizations like NASA and GitLab. We explore the essentials of threat modeling, the significance of cloud-native security, and frameworks he has developed for threat modeling like TVPO. Tune in to learn how to stay ahead in the ever-evolving landscape of cybersecurity.
Show Notes
Paul’s GitHub https://github.com/6mile
DevSecOps Playbook - https://github.com/6mile/DevSecOps-Playbook
Secure Code Red training - https://sourcecodered.com/Linkedin - https://www.linkedin.com/in/mccartypaul/
Introduction: 0:00
Pauls Journey: 1:10
the Cloud Native Mission: 2:55
Pauls History with Threat Modeling: 4:00
TVPO Framework for Threat Modeling 6:52
When Should Companies Start Threat Modeling 10:15
When to Threat Model: 12:00
Unique Risks of Threat Modelling Open-Source 13:50
Red Team Code Puppets: 21:48
Best and Worst: 28:00
-
In this episode of The Security Repo, we dive into the fascinating world of cybersecurity with JR Johnson, a seasoned information security professional with over 14 years of experience. JR shares his journey from web development to penetration testing and cybersecurity consulting, highlighting the unique challenges faced by higher education institutions. Tune in to learn about the complexities of securing university networks, the importance of foundational security practices, and JR's expert advice for both IT professionals and students. Whether you're interested in cybersecurity or work in academia, this episode offers valuable insights into protecting educational environments in the digital age.Social Media for JR X (Twitter): https://x.com/infosecjr Linkedin: https://www.linkedin.com/in/jr-johnson-853952203/
-
Join us in this episode of The Security Repo Podcast as we dive into the world of cybersecurity with Brendan Honadle. From his humble beginnings in desktop support to becoming a skilled red teamer, Brendan shares his inspiring journey and fascinating stories from the field. Discover the strategies, tools, and techniques used in offensive security, and gain insights into the challenges and triumphs of penetration testing. Whether you're a cybersecurity enthusiast or a seasoned professional, this episode is packed with valuable lessons and real-world exploits you won't want to miss.
-
In this episode of The Security Repo, we are thrilled to welcome Sonya Moisset, a Senior Advocate at Snyk and a renowned expert in DevSecOps, cybersecurity, and AI. With a wealth of experience as a public speaker, mentor, and top contributor to the tech community, Sonya shares her deep insights into the evolving landscape of AI in cybersecurity.
Join us as we dive into the pressing issues surrounding generative AI and large language models (LLMs), including the concept of shadow AI, the risks of using AI tools without proper oversight, and real-world examples of security breaches involving AI. Sonya discusses the importance of implementing robust security policies and fostering an open dialogue within organizations to mitigate these risks.
We also explore fascinating topics such as prompt injection attacks, the role of AI in both offensive and defensive cybersecurity strategies, and the emerging frameworks guiding ethical AI use. Whether you're a security professional, a developer, or simply curious about the intersection of AI and cybersecurity, this episode offers valuable knowledge and practical advice.
.Show Links
Sonya Moisset social media links
Linkedin: https://www.linkedin.com/in/sonyamoisset/
X (Twitter): https://x.com/SonyaMoisset
Introduction: 0:00
What are the security risks with AI and LLMs: 1:10
Prompt Injection Car Dealership: 6:39
Prompt Injection: 8:46
Guardrails for AI: 16:00
Using AI for Red Teaming: 25:19
Regulations for AI security 32:16
Best and Worst: 34:10
-
In this episode of The Security Repo, Dwyane McDaniel and Marc Boorshtein delve into the intricacies of Kubernetes dashboard security. Marc, the CTO of Tremolo Security, brings his extensive experience in identity and access management to the table, discussing the challenges and best practices for securing Kubernetes dashboards. The conversation explores the importance of dashboards, common security pitfalls, and innovative solutions to enhance user access and safety. Tune in for valuable insights on navigating the complex landscape of Kubernetes security.Show Notes Learn more about Tremolo - https://www.tremolosecurity.com/Follow Marc Linkedin - https://www.linkedin.com/in/marc-boorshtein-5979a82Twitter (X) - https://x.com/mlbiamIntro: 0:00Kubernetes dashboards, why?: 0:45Why don't we talk about k8 dashboard: 3:50Security concerns with Dashboards: 10:37The value of dashboards in k8: 12:37What is Tremolo: 18:55Common pitfalls for K8 security: 26:10 Besta and worst: 34:46
-
Join us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code security in our digital world.Show Notes:GitGuardian https://gitguardian.comState of Secrets Sprawl Report https://www.gitguardian.com/state-of-secrets-sprawl-report-2024 GitGuardian Blog https://blog.gitguardian.comEric Fourrier Socials Linkedin: https://www.linkedin.com/in/ericfourrier/inro: 0:00 Origin of GitGuardian: 0:55Why wasn't secrets detection a big problem: 5:08State of Secrets Sprawl Report: 09:50 Can we solve secret leakage: 18:08Finding secrets outside source code: 22:22The evolution of GitGuardian: 25:18Single pane of glass: 30:15The problem of remediation: 32:55The role of AI in security tools: 36:10Best and Worst: 42:25
-
Today we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for implementing SPIFFE to enhance digital security across cloud environments. Join us for a comprehensive look at evolving cybersecurity measures and the future of identity management.
Show Notes:
Mattias Social Links
Linkedin - https://www.linkedin.com/in/mattiasgees/
Twitter (X) - https://twitter.com/MattiasGees
You also might like our episode with Uri Sarid - https://www.youtube.com/watch?v=reKbGE1c5IgIntroduction: 0:00 What is secret zero: 1:39 Why is machine identity so hard: 4:15 The machine identifies vs user identities: 11:06 What is SPIFFE? (Secure Production Identity Framework for Everyone): 14:20 SPIFFE fundamentals/architecture: 17:15 GitGuardian: 20:08 How to implement SPIFFE: 21:00Why we aren't leveraging identify best practices: 26:40 Will SPIFFE be the future? 27:27Secrets Managers vs SPIFFEE: 31:05Venify and identify management: 32:38 Best and worst security advice: 38:28 Wrap up: 41:00
-
This week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepticism about containerization to embracing Kubernetes. John discusses the critical role of governance and security in successfully deploying and managing cloud-native technologies. We also explore challenges and strategies for integrating security practices into DevOps, ensuring robust governance, and leveraging IaC for efficient and secure infrastructure management. Whether you're an IT veteran or new to the field, join us as we unpack the complexities of Kubernetes, security through governance, and the future of cloud-native platforms.Show Notes: Kubefirst: https://kubefirst.io/Johns articles on The News Stack https://thenewstack.io/author/john-dietz/John Dietz sociales X (Twitter): https://twitter.com/vitamindietzLinkedin: https://www.linkedin.com/in/jd-k8s/Introduction: 0:00Kubernetes skeptic to advocate: 1:09Governance in Kubernetes & IaC: 8:30Who owns security with IaC and K8: 24:36Common K8 mistakes: 32:16 Why care about Kubernetes: 38:23 Best and worst: 47:15 Links and show notes: 54:22
- Mostrar más