Эпизоды
-
Is AI really coming for your red teaming job? What does it actually take to build a team that thinks like the adversary, and what happens when that team stops caring? And what do you do when you've been in this field long enough that the job that once fired you up has started to feel hollow?
In this episode, Ron catches up with Johnny Xmas, Head of Offensive Security at a Fortune 150 Global Food Manufacturer, and one of the most candid voices in offensive security, for a conversation that covers a lot of ground fast.
They go deep on where AI actually fits into offensive security workflows, what Johnny really looks for when building elite teams, and why the career advice everyone gives early practitioners might be setting them up for burnout down the road. The conversation takes a turn that doesn't come up enough in this industry, and it's the part you won't want to miss. If you've ever felt your tank running low, this episode was made for you.
Impactful Moments00:00 - Introduction02:10 - Busting the myth: AI is not replacing red teamers04:30 - Guest introduction: Johnny Xmas06:15 - How the offensive security job has changed with AI 09:35 - The SEC 8-K IoC parser tool Johnny just published11:40 - Building elite teams: what skills Johnny actually hires for12:45 - Soft skills over technical gaps, and why the fire has to come with you15:40 - Why "where do you see yourself in five years?" is a garbage question17:30 - Has Johnny ever crossed the line when it comes to hacking? 20:20 - What to do when you've stopped caring about the job26:25 - Outro: The AI myth, revisited
LinksJohnny Christmas on LinkedIn: https://www.linkedin.com/in/johnnyxmas/
Johnny's SEC 8-K IoC parser tool: https://github.com/johnnyxmas/its-over-8k
—
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show: https://hackervalley.com/work-with-us/
-
What does a calf kick have to do with vulnerability management? What can a fighter's mindset teach a security practitioner about operating against an adversary they've never faced?
Ron Eddings brings back fan-favorite combat sports analyst and commentator Robin Black for a conversation that was never meant to be about cybersecurity, and ends up being one of the most insightful episodes on the human side of the field. They dig into how underdogs actually win (hint: we're usually wrong about who the underdog is), what it really means to maintain control in a fight, and why the highest level of mastery might actually look like letting go of control entirely.
The conversation closes with a look at how the cybersecurity landscape is mutating alongside AI, and whether an arms race that trains itself is heading somewhere catastrophic, or whether it's simply the next evolution of the fight. The answer, like most things in this episode, is more nuanced than you'd expect.
Impactful Moments00:00 - Introduction02:10 - The Rewind: The Calf Kick and the Peroneal Nerve04:05 - Welcome back, Robin Black05:30 - Can smaller still beat bigger?07:00 - Why underdogs don't win (And why we were wrong)08:25 - Fighting is about exploiting belief systems09:30 - Maintaining control against an unknown adversary10:25 - Adapting vs. anticipating: be water13:00 - Failure is mandatory17:25 - How Robin’s thoughts have changed about being attacked online19:00 - AI and the mutating threat landscape22:15 - Ron's closing thoughts
LinksConnect with Robin Black on LinkedIn: https://www.linkedin.com/in/robin-black-31b6bb39/
Check out Robin Black on YouTube: https://www.youtube.com/RobinBlack
–
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show: https://hackervalley.com/work-with-us/
-
Пропущенные эпизоды?
-
What happens when AI writes all the code and nobody reads it? What if the security prompt you trusted still produced software designed to leak your secrets? And who exactly is on the hook when an AI-generated application takes down your company?
In this episode, Ron sits down with returning guest Tanya Janca, Secure Coding Trainer at SheHacksPurple Consulting, to dig into one of the most underestimated risks in software development today: vibe coding.
Tanya breaks down what vibe coding actually means, why AI trained on the internet's worst repositories is quietly baking the OWASP Top 10 into every app being built, and what her AI-powered secure coding prompt library can do to help. This is a candid, practical, and community-driven episode, the kind that'll make you want to audit your vibe code-a-thon project before it ever touches production.
Impactful Moments00:00 - Introduction01:40 - The Rewind: Margaret Hamilton and Apollo 1105:00 - Knight Capital and the $460M software failure07:00 - Guest introduction: Tanya Janca 08:15 - What vibe coding actually means in 202610:00 - Real story: Claude leaked secrets in a live training11:30 - Securemyvibe.ca and Tanya’s secure coding prompt library15:00 - OWASP Top 10 vs OWASP Top 10 for LLMs 22:45 - Tanya's petition for the world's first secure coding law24:55 - Device flow authentication and reducing security friction28:00 - What the internet would look like in five years without change
LinksConnect with our guest, Tanya Janca, on LinkedIn: https://www.linkedin.com/in/tanya-janca
Get Tanya's free secure coding guideline: https://securecodingguideline.com
Subscribe to Tanya’s AI Secure Coding Prompt Library: https://securemyvibe.ca
Access Tanya's Newsletter & Free Monthly Training: https://newsletter.shehackspurple.ca
Connect with Tanya across all social channels: @shehackspurple
–
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show: https://hackervalley.com/work-with-us/
-
What if the most sophisticated attack has nothing to do with your firewall? In a world where AI can clone voices, re-lip-sync politicians, and spread a fake newscast to 200,000 people in days, the real target has always been your brain.
Ron sits down with Perry Carpenter, Chief Deception Strategist at KnowBe4, to unpack why we're still getting fooled in 2026 and what we can actually do about it. Perry gets into the neuroscience behind why our brains are wired the way they are, how attackers exploit that, and what it really takes to build better instincts in a world full of AI-generated content. You'll also want to stick around for the live demos, where Perry breaks down why they worked and how to spot the tells.
Impactful Moments00:00 - Introduction02:15 - The myth: smart people don't get fooled05:20 - Flashback segment: the Ireland deepfake and why it went viral06:15 - Guest introduction: Perry Carpenter 09:50 - Exploiting cultural bias and tribal instincts13:45 - Live deepfake demo: face and body replacement in real time15:30 - Synthetic media vs. deepfake: what's the difference?20:40 - Breaking down a deepfake: what made it convincing23:00 - Overproof: why bad deepfakes try too hard27:15 - System 1 vs. System 2 thinking in cybersecurity29:45 - The FAIK framework: freeze, analyze, investigate, know32:40 - Ron's closing reflection
LinksConnect with our guest, Perry Carpenter, on LinkedIn: https://www.linkedin.com/in/perrycarpenter
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show: https://hackervalley.com/work-with-us/
-
Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question?
Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions.
They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between.
Impactful Moments00:00 - Introduction
03:00 - Chris Cochran: from Co-Founder to SANS Field CISO
04:20 - Your board is pushing AI before security is ready
06:00 - Tiers of AI uses: summarization to full automation
07:50 - When AI shouldn't make the final call
10:10 - Bite-sized AI: starting small in the enterprise
11:45 - Introducing the SANS AI Security Maturity Model
13:20 - You can no longer afford to be an AI skeptic
16:30 - Three buckets: utilize, protect, and govern AI
18:50 - Fact or Cap: what level of maturity is your enterprise?
21:00 - Retroactive vendor risk and the AI explosion
23:05 - Agentic Identity: workforce, non-human, and beyond
25:00 - What works in the agentic identity space?
27:05 - Blockchain for agent identity: promising or hype?
29:00 - A Message for the next generation of practitioners
31:30 - Ron's closing take: who owns your AI policy?
LinksConnect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/
Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Mythos just found 30,000 new vulnerabilities, and now every security team is asking the same question: what actually matters?
In this episode, Ron Eddings sits down with Dan Pagel, CEO at Brinqa, and Brad Hibbert COO & CSO at Brinqa, to break down the Anthropic Mythos moment that rattled the security industry. From the panic of millions of new findings dropping overnight to the strategy of narrowing them down to the 50 that actually matter in YOUR environment, this episode is a masterclass in exposure management at machine speed.
Dan and Brad share how Brinqa helps organizations make sense of massive volumes of findings, correlating data across 260+ connectors, enriching vulnerability context, and delivering clear, explainable actions to IT operations teams.
They also tackle the bigger question: how do you build enough trust in AI to let it take autonomous action on your behalf? The answer starts with better data, better explainability, and knowing when to keep humans in (or on) the loop.
Impactful Moments00:00 - Introduction
02:00 - What just happened? Breaking down the Anthropic Mythos moment
04:10 - Why most new findings don’t apply to your environment
07:12 - What Mythos means to the broader market
09:09 - Why AI-driven discovery isn’t slowing down
11:00 - The gap between security and IT ops: how explainability closes it
13:38 - How fast you should go through findings
15:53 - Why MTTR is the wrong metric and what businesses actually care about
18:03 - Why real-time visibility is replacing scheduled scanning
19:50 - Human IN the loop vs. human ON the loop
22:14 - What happens when AI hallucinates?
27:20 - Why we’re over and under-estimating the impact of AI
29:54 - The immediate win Brinqa achieves for its customers
31:50 - What CISOs are really asking now: "What does good look like?"
LinksConnect with our guest, Dan Pagel, on LinkedIn: https://www.linkedin.com/in/dpagel/
Connect with our guest, Brad Hibbert, on LinkedIn: https://www.linkedin.com/in/bradhibbert/
Learn more about Brinqa: https://www.brinqa.com/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
SOAR promised to close the loop in the SOC and fell flat. Agentic AI is finally delivering what a decade of playbooks couldn’t.
In this episode, Ron sits down with Allan Alford, SVP at NTT Global Data Centers, and Tom Findling, co-founder and CEO of Conifers.ai. They cover why static playbooks broke under real-world conditions and how agentic systems are flipping the SOC operating model. They get into hallucination guardrails, human-on-the-loop versus human-in-the-loop, and the QR-code phishing investigation an agent solved on its own without being told how. The conversation closes on trust thresholds, the speed of enterprise adoption, and Allan's blunt warning to any CISO trying to slow this train down… you're already on the tracks.
Impactful Moments00:00 - Intro02:30 - Why the lazy sysadmin always wins05:15 - Why SOAR fell flat08:00 - Guardrails, hallucinations, and showing the work13:00 - The SOC AI holy grail15:30 - The moment you start saying we17:30 - QR-code phishing the agent solved alone19:00 - Why playbooks were never going to scale28:00 - Earning trust at enterprise scale33:30 - Stand in front of this revolution and lose35:40 - Risk quantification on business steroids
LinksConnect with our guest, Tom Findling, on LinkedIn: https://www.linkedin.com/in/tomfindling/
Learn more about Conifers.ai at https://www.conifers.ai
Connect with our guest, Allan Alford, on LinkedIn: https://www.linkedin.com/in/allanalford/
___Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth.
In this episode, Ron sits down with Don to discuss what Torq is actually doing in a category packed with 60 near-identical vendors, and why "the epidemic of sameness" is the real threat to every cybersecurity brand right now. Don explains why Torq builds everything in-house, why he starts every strategy by listening instead of pitching the product, and why the only differentiator left in cyber marketing is how much you genuinely care. It's a conversation about brand, but it's really a conversation about trust, community, and what it takes to make a CISO text you back.
Impactful Moments00:00 - Introduction03:50 - How Don landed at Torq06:09 - What the Torq brand stands for07:41 - Giving cybersecurity pros their flowers09:09 - Cookie-cutter booths, cookie-cutter brands12:00 - Why Torq built everything in-house15:34 - Start with listening, not the product18:13 - "We have to out-care the other teams"21:45 - Nobody buys because of a monster truck24:06 - Welcome to the experience age28:30 - Entertain them or lose them
LinksConnect with our guest, Don Jeter, on LinkedIn: https://www.linkedin.com/in/donjeter/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Most organizations are prepping for disaster recovery when they should be building for cyber recovery, and those are not the same thing.
Recorded live at RSAC Conference 2026, Ron sat down with Chris Bevil, Principal Security AI Strategist at Commvault, to break down what actually happens after a breach hits and why most teams are caught flat-footed.
Chris walks us through Commvault's Minutes to Meltdown tabletop exercise, why isolated recovery environments matter, and how clean data determines whether you get your company back in hours or in 200+ days.
This episode will tell you what separates a team that recovers from a team that unravels.
Impactful Moments01:16 - Live at RSAC 2026 with Chris Bevil, Principal, Security AI Strategist at Commvault01:40 - Minutes to Meltdown origin story03:00 - What goes into a Meltdown? 04:48 - What happens in the first 30 minutes of chaos07:00 - What Commvault actually does08:21 - What is IRE? Isolated recovery environment breakdown10:40 - What is Disaster Recovery in 2026? 13:00 - How cyber recovery differs from disaster recovery 14:20 - Where attackers go in the first 30 minutes15:40 - The 3-2-1 rule and where teams fail21:45 - What successful recovery looks like25:14 - AI strategy at Commvault
LinksConnect with our guest, Chris Bevil, on LinkedIn: https://www.linkedin.com/in/chris-b-211998a/
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, breaks down what it really takes to build trust in AI systems before things go sideways.
Guru lays out a simple but powerful 3 P’s Framework: policies, process, and people, connecting it to what teams are actually dealing with right now, from shadow AI to security threats that don’t look like anything we’ve seen before.
If 2026 is the year AI moves from experiments to real operations, this conversation is your blueprint for keeping it under control.
Impactful Moments00:00 - Introduction02:25 - What does Optro do? Helping companies with the AI governance journey. 03:10 - Why AI governance is really about trust, not control05:15 - The moment AI went mainstream, and why that changed everything05:50 - The three real business risks: performance, security, and transparency07:30 - Human accountability in an AI-driven world 08:48 - What’s actually happening with AI regulation, EU, US, and standards10:28 - Where Optro fits, orchestration vs monitoring in AI governance13:05 - The 3 Ps framework: policies, process, and people14:47 - Governance 101, why AI inventory is the first move every team misses16:12 - The reality check, AI adoption is outpacing governance everywhere17:45 - Shadow AI explained, what your team is doing that you can’t see19:45 - Optro’s top use cases: visibility, compliance, and operationalizing governance20:43 - Who owns AI governance, and why it’s becoming a team sport22:20 - Final advice, start now or play catch-up later
LinksConnect with our guest, Guru Sethupathy, on LinkedIn: https://www.linkedin.com/in/guru-sethupathy/
Learn more about Optro: https://optro.ai/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
What happens when attackers collaborate better than defenders?
Recorded live from RSAC 2026, this solo episode with Ron breaks down the biggest themes shaping cybersecurity right now, from organized threat groups and massive data breaches to the growing tension between productivity and control inside modern organizations.
This conversation highlights a hard truth. The threat landscape is evolving through collaboration. From phishing-as-a-service platforms like Tycoon 2FA to supply chain breaches impacting entire ecosystems, attackers are sharing tools and moving faster than ever.
But there’s another side to the story. As AI becomes embedded in how work gets done, security teams are being pushed to rethink their role. Blocking tools is no longer enough. The real challenge is enabling the business while managing risk, and that requires trust, alignment, and a stronger sense of community across the industry.
This episode is a call to rethink how we approach security. Not as isolated teams enforcing policy, but as a connected community working together to adapt, respond, and move forward.
Impactful Moments00:00 - Introduction, live from RSAC 202602:50 - Tycoon2FA and the rise of phishing-as-a-service04:45 - The TELUS breach and what a petabyte-scale attack looks like06:21 - Why you need strict controls … everywhere07:30 - Are AI agents the new Shadow IT? 09:00 - The balance between productivity and security controls09:27 - Boards’ demands for their teams to use AI 11:53 - Why leading security teams is more like parenting than policing12:42 - Community is the foundation for the future of cybersecurity
LinksConnect with Ron Eddings on LinkedIn: https://www.linkedin.com/in/ronaldeddings/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
What does it mean when your smart doorbell becomes an entry point for surveillance? What happens when a single hacker can jailbreak every major AI model within hours of its release? And why are the same tools being used by both nation-state attackers and the defenders trying to stop them?
In this solo episode, Ron Eddings breaks down the urgent case for practitioner unity in cybersecurity, from AI-powered jailbreaking and IoT surveillance creep to geopolitical cyber operations. With RSAC 2026 just around the corner, this episode is a rallying cry for the community to come together, share intelligence, and build the defenses that no single team can build alone.
The episode also tackles one of the biggest misconceptions in the industry right now. AI already came for your job, but now it is changing how we define responsibility, decision-making, and trust. Add in rising pressure across the workforce, new legislation pushing for human oversight, and real-world examples of AI being used in global conflict, and the stakes become hard to ignore.
Impactful Moments00:00 - Introduction02:00 - Pliny the Elder, God Mode and AI Jailbreaks03:30 - Cyber in US-Israeli Operations in Iran and Anthropic Tensions06:00 - Cyber threats that are hitting normal people07:30 - Is my Ring Doorbell a surveillance risk?10:05 - Attackers are collaborating and sharing more than defenders today11:30 - RSAC: the cyber Super Bowl14:30 - AI has already replaced your job14:30 - Why mental health is cybersecurity's hidden crisis17:00 - Governance in AI and what Texas is doing about it19:00 - Was Claude used in state-level ops?
LinksConnect with Ron Eddings on LinkedIn: https://www.linkedin.com/in/ronaldeddings/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
What does it look like when a cybersecurity founder who built a $2.5 billion company decides to level up, again? Dean Sysman, co-founder of Axonius, sits down with Ron Eddings to pull back the curtain on what it really took to go from zero to $100M ARR in four and a half years, and what came next.
Dean breaks down the founder mindset, the emotional weight of tying your identity to your company, and why he stepped into the Executive Chairman role while simultaneously pursuing a PhD in AI systems at Columbia University. He gets into how boxing taught him what solo performance reveals about leadership, why vulnerability is a non-negotiable skill at scale, and what it means to care about something bigger than yourself. This one hits differently if you're building, leading, or figuring out what your next chapter looks like.
Impactful Moments00:00 – Introduction05:00 – Boxing for charity: raising $55K08:00 – Competitive by nature, born to build10:00 – Solo performance sharpens team leadership13:00 – Axonius: zero to $100M ARR in 4.5 years15:00 – Founder identity tied to company success21:00 – Purpose bigger than yourself fuels resilience25:00 – Self-awareness as the #1 growth tool28:00 – Executive Chairman + Columbia PhD pursuit33:00 – Ron's personal reflection on founder identityLinksConnect with our guest, Dean Sysman, on LinkedIn: https://www.linkedin.com/in/deansysman/Check out our upcoming events: https://www.hackervalley.com/livestreamsLove Hacker Valley Studio? Pick up some swag: https://store.hackervalley.comBecome a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ -
Last episode, Ron and Marcus made predictions. This episode, they brought the receipts.
A journalist built an app with vibe coding and got hacked on live television.
A social network built entirely by AI (not a single line of human code!) exposed 1.5 million authentication tokens and private messages between agents.
And 88% of organizations have already had an AI security incident, while barely 14% of deployed agents ever saw a security review.
The warnings from last episode aged fast. Marcus J. Carey is back to talk about what that actually means for the people building right now, not the people theorizing about it. Ron and Marcus are in the code themselves, and this conversation is what that experience actually looks like: OpenClaw running loose on your machine, agents racking up API bills, and why guidance, not prompts, not tools, is the real skill that separates builders who thrive from builders who ship disasters.
Impactful Moments00:00 - Introduction02:00 - Vibe coding hack on live TV03:30 - Mo Book leaks 1.5M auth tokens06:00 - Marcus' origin story: War Games, 198308:00 - OpenClaw escapes the lab13:30 - AT&T cuts help desk spend 90%17:00 - Context is king, guidance is everything19:00 - Can AI do your job rec right now?24:00 - The first cybersecurity jobs agents will replace27:00 - Expertise + AI = 1000x yourself30:00 - Focus on outcomes, not new tools
LinksConnect with our guest, Marcus J. Carey, on LinkedIn: https://www.linkedin.com/in/marcuscarey/
Read the articles we referenced in this episode:The vibe coding hack that aired on live TV, ICAEW breaks down exactly how it happened and what it means for anyone building with AI: https://www.icaew.com/insights/viewpoints-on-the-news/2026/feb-2026/cyber-dangers-of-agents-and-vibe-coding
88% of organizations have already had an AI security incident. See the full data from the Cisco State of AI Security 2026 report: https://www.helpnetsecurity.com/2026/02/23/ai-agent-security-risks-enterprise/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
The CISO role isn’t the finish line, it’s a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger.
Anthony Johnson, former Global CISO at JP Morgan and Fannie Mae, now founder and managing partner at Delve Risk, breaks down what really happens when a security leader stops buying tools and starts building companies. From the trap of unpaid advisory boards to why AI is eliminating the entry-level pipeline, Anthony delivers a no-nonsense look at career strategy, the future of fractional work, and why understanding how your company makes money is the most underrated skill in cybersecurity. If you’re a security practitioner at any level, this episode will change how you think about your next move.
Impactful Moments00:00 - Introduction01:00 - Meet Anthony Johnson02:00 - 69% of CISOs want out06:00 - Why Anthony left the CISO seat09:00 - Revenue changes your security priorities11:00 - Career paths after the CISO role13:00 - The advisory board compensation trap17:00 - AI’s threat to the talent pipeline22:00 - Hiring for aptitude over competency24:00 - Soft skills win in the AI era29:00 - Corporate loyalty is dead—now what31:00 - Networking that actually lands roles34:00 - Know how your company makes money36:00 - Ron’s personal reflection on freedom
LinksConnect with our guest, Anthony Johnson, on LinkedIn: https://www.linkedin.com/in/anthony-johnson-delverisk/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover.
In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough.
Impactful Moments00:00 – Introduction03:30 – The current state of phishing05:30 – Outbound email compromise risk09:30 – OAuth apps as attack vectors15:00 – AI agents accessing your workspace16:00 – Prompt injection is the new SQL injection18:00 – Allow listing apps immediately24:30 – Google Workspace vs Microsoft 365 security27:30 – Custom detections require API expertise28:00 – Why passkeys matter right now32:00 – Data lifecycle management for shared docs
LinksConnect with our guest, Rajan Kapoor, on LinkedIn: https://www.linkedin.com/in/rajankkapoor/
Learn more about Material Security: https://material.security
___Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
-
Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure.
Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies.
Impactful Moments00:00 - Introduction02:21- Sonali’s unexpected CEO path06:10 - Compliance isn’t real security10:19 - PTaaS: start in 24 hours12:33- 5,000 pentests yearly scale17:01 - Humans beat automation limits20:16 - AI behavior vulnerabilities emerge27:54 - Indirect prompt injection explained30:51 - Why juniors + AI is risky38:27 - 2026 becomes AI battleground
LinksConnect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/
Check out Cobalt: https://www.cobalt.io
____Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track.
In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down.
Impactful Moments00:00 - Intro02:05 - Codex desktop sparks agent shift06:40 - Harness beats model iteration08:10 - Context window: the hidden limiter12:10 - Terminal sprawl creates agent chaos14:05 - Maestro panels: agents, tabs, history17:25 - Auto Run: fresh context per task26:15 - “Donate tokens” via Symphony PRs28:20 - AI tax debate gets spicy33:05 - Start simple: download and run
LinksConnect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/
Check out Maestro for yourself: https://runmaestro.ai/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day.
In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI.
Impactful Moments
00:00 - Introduction02:44 - Cloud infrastructure powering crime at scale07:45 - What phishing 2.0 really means12:10 - How MFA gets bypassed in real attacks15:30 - Why the browser is the final control point18:40 - AI reducing SOC alert fatigue23:07 - Mentorship shaping cybersecurity careers27:00 - Thinking like attackers to defend better31:15 - When trust becomes the attack surface
Links
Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
-
Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today.
Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations.
Impactful Moments00:00 - Introduction04:16 - Malware before money existed07:30 - Cheesy biscuits changed cybersecurity13:10 - When documents became dangerous14:33 - Crime replaced curiosity15:23 - Sony proved no one was safe20:15 - Reporting hacks without causing harm24:01 - AI replacing penetration testers29:18 - Agentic AI shifts the threat model36:30 - Why rushing AI breaks trust
LinksConnect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
- Показать больше
