Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Player FM - Internet Radio Done Right
Checked 3d ago
Added two years ago
Content provided by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to The Security Repo
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
W
We Have The Receipts
1 Battle Camp S1: Reality Rivalries with Dana Moon & QT 1:00:36
1:00:36 
Play Later 
Play Later 
Lists 
Like 
Liked1:00:36
Play Later
Play Later
Lists
Like
LikedDo you have fond childhood memories of summer camp? For a chance at $250,000, campers must compete in a series of summer camp-themed challenges to prove that they are unbeatable, unhateable, and unbreakable. Host Chris Burns is joined by the multi-talented comedian Dana Moon to recap the first five episodes of season one of Battle Camp . Plus, Quori-Tyler (aka QT) joins the podcast to dish on the camp gossip, team dynamics, and the Watson to her Sherlock Holmes. Leave us a voice message at www.speakpipe.com/WeHaveTheReceipts Text us at (929) 487-3621 DM Chris @FatCarrieBradshaw on Instagram Follow We Have The Receipts wherever you listen, so you never miss an episode. Listen to more from Netflix Podcasts.…
Rotating Secrets At Scale, Automatically, and With High Availability - Kenton McDonough
Manage episode 444419296 series 3516169
Content provided by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably.
We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems.
We walk through the tech stack that Kent works with, which includes a little of everything. We revisit his talk topic at BSides as Vegas 2024 with a discussion of 'blue/green' secrets rotation. By the end, we uncover some best practices to keep in mind when architecting a scalable, highly available application with regard to secrets management.
Links shared in the episode:
kent07[at]bt.edu
"Zero downtime credential rotation" at BSides Las Vegas 2024
https://www.youtube.com/live/b22uT4pYpk8?feature=shared&t=17092
93 episodes
ShareManage episode 444419296 series 3516169
Content provided by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Mackenzie Jackson & Dwayne McDaniel, Mackenzie Jackson, and Dwayne McDaniel or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably.
We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems.
We walk through the tech stack that Kent works with, which includes a little of everything. We revisit his talk topic at BSides as Vegas 2024 with a discussion of 'blue/green' secrets rotation. By the end, we uncover some best practices to keep in mind when architecting a scalable, highly available application with regard to secrets management.
Links shared in the episode:
kent07[at]bt.edu
"Zero downtime credential rotation" at BSides Las Vegas 2024
https://www.youtube.com/live/b22uT4pYpk8?feature=shared&t=17092
93 episodes
All episodes
×
T
The Security Repo
1 Visualizing Data Poisoning and Rethinking Threat Detection Through Graphs – Maria Khodak 21:05
21:05 Play Later Play Later Lists Like Liked21:05
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Maria Khodak explores how graph theory and data visualization can be used to uncover machine learning vulnerabilities like data poisoning. She explains how her work as a penetration tester intersects with research on threat detection and the importance of making abstract security concepts more human-readable. The conversation also covers her journey into cybersecurity, the value of visualization tools like Gephi, and her call to make the field more inclusive and curious-driven.Maria Khodak is a security engineer and penetration tester at a large company focusing on web application, API, and network testing. She also researches machine learning vulnerabilities, threat detection, and graph theory in her free time. https://www.linkedin.com/in/maria-khodak-10b26a192/https://gephi.org/…
T
The Security Repo
1 Building Human-Centric Security and Hacker Communities in Argentina - Ailin Castellucci 23:04
23:04 Play Later Play Later Lists Like Liked23:04
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Ailin Castellucci shares her inspiring journey from selling shoes to building cybersecurity teams and leading human-centric education projects. She discusses the unique challenges and perspectives of cybersecurity education in Argentina, emphasizing the importance of empathy, communication, and passion in the industry. Ailin also delves into her current work fostering hacker communities and promoting accessible security education across South America. https://www.linkedin.com/in/acastellucci/ Ailin is an Information Security specialist and Hacking Community Builder at Strike. She previously worked at Mercado Libre, Lemon, and Galicia bank, and now leads Hécate, a project that combines creative solutions with human-centered education.…
T
The Security Repo
1 From SOCs to Threat Detection Engineering: Crafting Better Security Responses - Chris Kulakowski 20:03
20:03 Play Later Play Later Lists Like Liked20:03
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Chris Kulakowski, a seasoned detection engineer from IBM, delves into the complexities of threat detection, from writing detection rules to collaborating with red teams for proactive security strategies. He shares insights on prioritizing security risks, the evolving role of AI in cybersecurity, and the importance of adaptability in the ever-changing threat landscape. Chris also offers advice for aspiring security professionals and reflects on the positive trends in global cybersecurity efforts. https://www.linkedin.com/in/ckulakowski/ Chris Kulakowski is a driven technologist, innovator, and tinkerer of all things. His career spans across 15 years of Digital Media, Information Technology, Security Operations, Threat Intelligence and Digital Forensics roles. He is currently a senior technical staff member specializing in threat detection at IBM, supporting IBM internal businesses. Prior to IBM he held various roles at General Motors and Optiv. He is seasoned in responding to incidents, developing new threat detection content, and an expert in EDR technology. Chris holds a Computer Criminology degree from Florida State University and several industry leading cyber security and digital forensics certifications including CISSP, EnCE, GCFE, GREM, and Security+. Chris is also accredited with a Stanford University Advanced Computer Security Certificate.…
T
The Security Repo
1 Quarantine Policies and Cloud Security Strategies for AWS – Bleon Proko 23:06
23:06 Play Later Play Later Lists Like Liked23:06
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Bleon Proko dives into the intricacies of AWS security, focusing on the role and impact of quarantine policies in mitigating the risks of compromised credentials. He explains how AWS policies prioritize denial to prevent privilege escalation, lateral movement, and financial fraud, offering practical strategies for securing sensitive identities. Additionally, Bleon shares insights on essential tools for penetration testing and gives candid advice about navigating cloud security challenges.Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented topics related to Cloud Penetration Testing and Security in conferences like BlackHat USA, Europe and Sector, DEF CON, SANS Pentest Hackfest Hollywood and Amsterdam, as well as several BSides on USA and Europe.His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of YetiHunter and DetentionDodger (https://github.com/Permiso-io-tools/[DetentionDodger | YetiHunter]).He is also the author of the upcoming book "Deep Dive into Clouded Waters: An overview in Digital Ocean's Pentest and Security" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)…
T
The Security Repo
1 Helping Developers Use Open Source Security Tools & Improving Defense With AI - Mackenzie Jackson 24:19
24:19 Play Later Play Later Lists Like Liked24:19
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we welcome back Mackenzie Jackson, security researcher and founder of this very show, to discuss the evolving landscape of AI in cybersecurity. Mackenzie dives deep into how AI is reshaping open-source security, revealing research that uncovered 600 unreported vulnerabilities in popular packages. We also explore the growing risks of AI-generated package hallucinations, how attackers might exploit them, and why security tools must be made more accessible to developers.https://www.linkedin.com/in/advocatemack/https://www.aikido.dev/Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems.…
T
The Security Repo
1 How Digital Forensics Supports Incident Response And Who Should Own IAM - Gerard Johansen 22:20
22:20 Play Later Play Later Lists Like Liked22:20
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we sit down with cybersecurity expert Gerard Johansen to dive deep into identity and access management (IAM) challenges in the enterprise space. We explore the explosion of data and identities, the ongoing debate over who "owns" IAM in organizations, and how threat actors are evolving their tactics to exploit identity-based vulnerabilities. Gerard also shares insights from his experience in digital forensics and incident response, offering advice on how security professionals can sharpen their skills and make an impact in the field.https://www.linkedin.com/in/gerardjohansen/Gerard Johansen is a cyber security professional with over a decade of experience specializing in Incident Response, Digital Forensics, and Threat Intelligence. Gerard has been fortunate to work with a wide range of organizations from enterprise environments, industrial, boutique consulting and international security providers. He is a frequent speaker at various conferences and also an author, currently working on the fourth edition of Digital Forensics and Incident Response. Gerard is currently employed with an MDR firm based out of Denver, CO.…
T
The Security Repo
1 Navigating And Defining The Evolving Role Of The CISO In Government Security - Josh Kuntz 22:53
22:53 Play Later Play Later Lists Like Liked22:53
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we sit down with Josh Kuntz, Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation, to explore the unique challenges of securing state agencies. With nearly three decades in public service, Josh shares his insights on navigating government cybersecurity, hiring the next generation of security professionals, and the evolving role of CISOs. We also discuss how AI and social engineering are reshaping the threat landscape and why patching remains the top security concern after 25 years. https://www.linkedin.com/in/joshua-kuntz-cissp-35a825176/ Josh serves as the Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation (TDLR), where he is recognized as a leading expert in cybersecurity across the state. With nearly three decades of public service, including six years in the Marine Corps and 24 years with various state agencies, he has cultivated a wealth of experience in physical and information security, IT management, major information resource project procurement, project management, contract management, and risk management. His career highlights include eight years at the Texas Department of Public Safety (TXDPS), where he oversaw the statewide Texas Law Enforcement Telecommunications System (TLETS) satellite network, and three years at the Texas Youth Commission (TYC) as their first Information Security Officer (ISO), leading the security program during its merger with the Juvenile Probation Department. He also served seven years at the Texas Department of Motor Vehicles (TXDMV) as their inaugural ISO, where he took on additional roles as interim Chief Information Officer and interim Project Management Office Director. A passionate advocate for cybersecurity training, Josh established a public-private partnership that provided cybersecurity training and certification for 90 state employees. As CISO of the Texas Workforce Commission (TWC), he built a robust cybersecurity team and launched an apprenticeship program, while also offering cybersecurity guidance to the 28 workforce boards across Texas. In 2023, Josh initiated a 12-month CISO Mentorship Program designed to cultivate the next generation of cybersecurity leaders within the state. He holds a degree in criminal justice, achieved CISSP certification in 2012, and was honored as the Austin ISSA CISO of the Year in 2024. With his extensive background and commitment to excellence, Josh continues to shape the future of cybersecurity in Texas.…
T
The Security Repo
1 The State And Future Of Cybersecurity Training and AIShaping The Role - Zach Hill 22:36
22:36 Play Later Play Later Lists Like Liked22:36
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we sit down with Zach Hill from Antisyphon Training to discuss affordable cybersecurity education and the evolving landscape of IT training. Zach shares insights on the importance of hands-on learning, the challenges of misinformation in online education, and how AI is reshaping entry-level IT roles. We also dive into unconventional career paths into security and the critical need for foundational knowledge like networking and version control. https://www.linkedin.com/in/iamnerdy/ https://antisyphontraining.com Zach Hill is a dad, mental health advocate, creator, hacker, and self-described nerd.In 1999, Zach dropped out of high school of freshman year due to severe depression and anxiety issues. What he thought for a long time was a curse was in all reality a blessing. While everyone he knew was in school, Zach was at home on the internet learning everything that he could about websites, search engine optimization, internet marketing, and eventually social media. In 2008, Zach was burnt out from web development and discovered that he had an interest in the infrastructure side of technology and quickly transitioned his career into technical support for school districts, by 2018 Zach was in charge of security awareness training and MDM administration for a hospital.In 2018, he quit his full-time position to focus on a YouTube channel that he had created in 2014 called IT Career Questions. This channel was built to help people find their way into the growing world of IT and has grown with a reach of over 20 million people, and a fan base of over 280,000 subscribers.In 2021, Zach joined forces with TCM Security to continue the mission of helping others in their journey through IT.As of 2024, Zach is proudly with Antisyphon Training, a company Powered by Black Hills Information Security, where he continues to help people find their path into the world of IT and cybersecurity.…
T
The Security Repo
1 Secrets Management With The OpenPao Project And Open Source Security - Alex Scheel 22:15
22:15 Play Later Play Later Lists Like Liked22:15
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we sit down with Alex Scheel, staff back-end engineer at GitLab and chair of the OpenBao Technical Steering Committee, to discuss the origins and future of OpenBao, a fork of HashiCorp Vault. Alex explains the implications of HashiCorp's licensing change, the technical advantages OpenBao brings to the table, and the importance of open-source governance under the Linux Foundation. We also dive into interoperability in security tooling, secrets management best practices, and how developers can get involved in contributing to OpenBao. Alex Scheel is a Staff Backend Engineer at GitLab and the Chair of the OpenBao Technical Steering Committee. He has built a career on open source contributions, previously working at Keyfactor on Bouncy Castle, at HashiCorp on Vault, and at Canonical and Red Hat. You can find him under the nickname cipherboy most places. In his free time, he likes playing the violin and taking photography trips. https://www.linkedin.com/in/alexander-scheel-807514105/ https://openbao.org/ https://openbao.org/blog/vision-for-namespaces/…
T
The Security Repo
1 Playing (And Winning) CTFs To Advance Your Cybersecurity Career - Edna Jonssen 22:45
22:45 Play Later Play Later Lists Like Liked22:45
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we sit down with Edna Jonnson, a cybersecurity engineer and SOC analyst, to discuss their journey from web development to security operations. Edna shares insights on the value of Capture the Flag (CTF) competitions for skill development, recounting their recent victory at Wild West Hacking Fest. We also dive into their day-to-day work in a SOC, the importance of credit freezes for personal security, and their involvement in cybersecurity communities like DEF CON and B-Sides Orlando.Edna Jonsson (they/them) is a cybersecurity engineer and SOC analyst with a strong foundation in web development and technical education. Their journey began as a web developer and coding bootcamp instructor, equipping them with a unique blend of technical expertise and a passion for mentorship.Edna is an active leader in the cybersecurity community, serving as the Volunteer Coordinator for BSides Orlando and an organizer for Career Village and Social Engineering Adventure Village. They also play a pivotal role in DEATHCon, both as the main conference organizer and Orlando site lead. They also help organize meetings for the local DC407 chapter.Previously, Edna hosted Security Chipmunks, a podcast dedicated to guiding early-career cybersecurity professionals. They were also instrumental in the launch and rapid growth of the WGU Cybersecurity Club, helping expand its membership to over 8,000 students. Edna coined the club’s motto, “No Owl Left Behind,” emphasizing their commitment to ensuring every student—whether in academics or competitions—received the support they needed to succeed.With a deep passion for cybersecurity, education, and community building, Edna continues to empower the next generation of security professionals.https://www.linkedin.com/in/ednajonsson/https://bsky.app/profile/ednas.bsky.social https://x.com/ednashttps://dc407.com/https://deathcon.io/https://bsidesorlando.org/…
T
The Security Repo
1 Defense In Depth Means Writing More Tests To Make Sure You Don't Regress - John Poulin 41:51
41:51 Play Later Play Later Lists Like Liked41:51
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security posture, and the challenges of implementing robust audit logging. Plus, John recounts the day GitHub logged out all users due to a security bug and offers advice on avoiding over-reliance on web application firewalls.John Poulin leads Cloud Security Partners' technology and platform development. He is an experienced application security practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups to perform secure code review, architecture, and design discussions, as well as threat modeling.Previously, John served as a staff manager of product security engineering, a role in which he and his team focused on performing secure code review of features and services, performing threat modeling, and helping to ensure that Cloud Security Partners' software ecosystem moves toward security maturity. John has also served as the director of engineering, where he focused on leading engineering teams through multiple stages of security-focused product development.John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, and Source, as well as various Ruby and OWASP events about practical application security.In his free time, John enjoys spending time with his family, traveling, playing adult league softball, and making hot sauce.https://www.linkedin.com/in/johnmpoulinLogs wall of shame https://Audit-logs.taxSSO wall of shame https://sso.tax/…
T
The Security Repo
1 What Does It Mean To Be A Security Lead - A Conversion With Kayssar Daher 42:21
42:21 Play Later Play Later Lists Like Liked42:21
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Dwayne and Kayssar dive into Kayssar's role as a security leader at GitGuardian, exploring his responsibilities, challenges, and the balance between proactive and reactive security work. They also discuss the evolution of security tools, the importance of relationship-building in security roles, and share insights on vulnerability management and security awareness training. Kayssar offers a unique perspective on what the security industry is getting right, as well as areas that need improvement, especially regarding VPNs and vulnerability prioritization. Kayssar Daher is a systems security & data privacy enthusiast specializing in securing SaaS platforms. If you'd like to know more about what he do, check out his blog: https://the.secure.engineer https://www.linkedin.com/in/daherk/…
T
The Security Repo
1 Understanding Security Champions and Making Human Connections - Dustin Lehr 48:29
48:29 Play Later Play Later Lists Like Liked48:29
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, Dwayne and Kayssar sit down with Dustin Lehr, co-founder and chief product and tech officer at Katilyst , to explore the power of Security Champions programs. Dustin shares insights from his journey as a software engineer turned cybersecurity leader and explains how security champions can bridge the gap between security teams and developers. The conversation covers trust-building, best practices for implementing a successful champions program, and how to measure its impact in ways that resonate with executives. Dustin Lehr is an accomplished software engineer turned executive cybersecurity leader who designs security programs that reinforce proactive behavior to avoid security incidents. He is the Co-founder / Chief Product and Technology Officer at Katilyst, a company dedicated to helping organizations enhance their culture by building engaging security champion programs. Dustin is also the driving force behind the Security Champion Program Success Guide and possesses a wealth of experience in application security, providing innovative coaching and consulting services. In addition, he is a prominent community thought leader, speaker, and founder of the "Let's Talk Software Security" monthly open discussion meetup group. https://www.linkedin.com/in/dustinlehr/ Katilyst - https://www.katilyst.com/ Security Champion Program Success Guide - https://securitychampionsuccessguide.org/ "Let's Talk Software Security" - https://www.meetup.com/lets-talk-software-security/…
T
The Security Repo
1 Leveraging Hermeneutics In Cyber Threat Intelligence at The MM-ISAC - Cherie Burgett 37:54
37:54 Play Later Play Later Lists Like Liked37:54
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we dive into the world of ISACs (Information Sharing Analysis Centers) with Cherie Burgett. Cherie shares insights into the nuanced field of cyber threat intelligence, discussing how interpretation techniques like hermeneutics can enhance understanding of threat actor behavior. The conversation also explores practical approaches to information sharing, intelligence delivery, and the importance of balancing concise communication with actionable insights. Since its inception, Cherie Burgett has worked with the Mining and Metals ISAC. As the Director of Cyber Intelligence Operations. Cherie is responsible for researching and analyzing the ever-changing threat landscape affecting the mining and metals sectors. With a unique philosophy and approach to cyber threat intelligence incorporating lessons learned from studies in the arts and humanities, she brings a nuanced perspective to the ethics and human condition relating to both threat actor groups and the people defending our critical infrastructure. Recent Articles about Hermeneutics Applied to Cyber Threat Intelligence - https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-1-tactical-cherie-burgett-x8ime/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-2-why-cherie-burgett-8xmfe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-3-planning-cherie-burgett-xgzwe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D…
T
The Security Repo
1 Observability ownership, monitoring apps at scale, and learning DevOps like a language- Josh Lee 30:59
30:59 Play Later Play Later Lists Like Liked30:59
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry. We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how databases like ClickHouse® compare to Snowflake for monitoring applications at scale. Josh also shares insights on DevOps culture as a "foreign language" and how to bridge gaps between developers and operators in adopting modern practices. Josh is a seasoned software developer with over a decade of experience, specializing in a broad range of topics including operations, observability, and cloud-native databases. His passion for technology is matched by his enthusiasm for sharing knowledge through public speaking. Currently, Josh serves as a Developer Advocate for Altinity, where he creates educational content on ClickHouse® and OpenTelemetry. Find Josh at https://www.linkedin.com/in/joshuamlee/ @joshleecreates@hachyderm.io @joshleecreates.bsky.social and on the Altinity Slack https://altinity.com/…
T
The Security Repo
1 The Freedom Of Information Act, Ethical AI, And NerdCore Music - Stephanie Honore 36:39
36:39 Play Later Play Later Lists Like Liked36:39
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the intersection of security and legal frameworks. We also explore her creative side as a "spycore" musician blending cybersecurity themes with nerdcore music. Stephanie Honore, also known as Scarlett Danger, is a professional programmer, building applications by day, and a volunteer OSINT investigator by night for NGOs that combat human trafficking. She has been a member of WiCyS (Woman of Cybersecurity) since 2016 and attended Hacker On The Hill in Jan 2024. She began by attending the local hacker meetups and frequently attends cybersecurity conferences such as BSides and Texas Cybersecurity Summit. She recently started joining online chat communities on Discord and IRC where she is getting a lot of exposure to a different side of the security field. Outside of work she likes making nerdcore music about security and intelligence ( a genre she has dubbed spycore) inspired greatly by performers like YTCracker, MC Frontalot, and Yung Innanet. You can listen to one of my songs here. https://soundcloud.com/scarlett_danger/hack-the-planet-v2?in=scarlett_danger/sets/internet-feels https://www.linkedin.com/in/smhonore/ https://smhonore.deno.dev/ https://www.wicys.org/ https://www.muckrock.com/news/archives/2024/aug/26/with-a-little-help-from-the-national-archives-nsa-finally-releases-grace-hopper-lecture-watch-it-here/…
T
The Security Repo
1 Securing Workload Identities And Working On Conjure - Jody Hunt 43:31
43:31 Play Later Play Later Lists Like Liked43:31
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, Jody shares his journey through a tech acquisition and the enduring importance of thinking like an attacker in cybersecurity. Jody has held diverse roles in software development, sales, and marketing. He has been an enthusiastic promoter of DevOps principles since 2010. He became aware of the growing security gap introduced by automation which led him to join Conjur in 2017. Four months later, CyberArk acquired Conjur to extend secrets management and machine identity solutions to DevOps, Cloud and Kubernetes workloads. https://www.linkedin.com/in/jodyhuntatx/ https://spiffe.io/book/ https://blog.gitguardian.com/protect-secrets-with-cyberark-and-gitguardian-integration/…
T
The Security Repo
1 The Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh Seeparsan 42:37
42:37 Play Later Play Later Lists Like Liked42:37
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms. With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise applications. He has collaborated with the U.S. DoD, developed Appsec training for Adobe, and secured identities for multibillion-dollar firms. Today, he guides companies in building secure, trustworthy, generative AI and LLM applications and volunteers with the OWASP Foundation team working on the OWASP Top Ten for LLMs. His north star is the safe, performant adoption of frontier AI. https://www.linkedin.com/in/talesh https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://owasp.org/www-project-top-10-for-large-language-model-applications/…
T
The Security Repo
1 Securing Flight Simulators And Other Operational Technology - Coburn Slay 45:02
45:02 Play Later Play Later Lists Like Liked45:02
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also explore broader themes like the need for simplicity in cybersecurity tooling and combating misconceptions about age in the industry. Coburn Slay is a passionate and driven young cybersecurity professional based in Tulsa, Oklahoma. His love for technology began at a young age, fueled by knowledgeable mentors and a natural curiosity to understand how things work. This drive has led Coburn to explore unique fields within cybersecurity, where he’s been able to gain hands-on experience and contribute to innovative research in the ever-evolving tech landscape. / coburn-slay-aa759a164 https://openssf.org/ https://openssf.org/projects/zarf/…
T
The Security Repo
1 Getting Out Of Walled Gardens By Running Your Own Email - Michael Harrison 36:03
36:03 Play Later Play Later Lists Like Liked36:03
Play Later Play Later Lists Like LikedIn this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his pivotal role in bringing internet access to Chattanooga in the 1990s and shares practical advice on navigating walled gardens and enhancing system security. Michael describes himself as "A geek tweaking that status quo." He is the co-founder of Ring-U. https://www.linkedin.com/in/mike-harrison-1985b21/…
T
The Security Repo
1 Understanding Psychological Safety And Asking Questions To Stay Relevant - Deanna Stanley 37:37
37:37 Play Later Play Later Lists Like Liked37:37
Play Later Play Later Lists Like LikedGot psychological safety? In this episode of the Security Repo Podcast we sit down with Deanna Stanley to learn about psychological safety and the framework she has coauthored on building the layers of trust within organizations. We also dig into a few interesting stories from her time at MITRE and end up with some very encouraging words on how to stay relevant in a constantly shifting field. Deanna started her career as an embedded programmer in the telecommunications industry, and was a significant contributor to Northern California having no internet for 2 days back in the late 90s. She now helps sponsor transition to Agile and DevOps and spends her days screaming “it’s the people, not the tools!” Deanna’s love of her life is her dog Grimbal, which is why she’s always covered in fur. Learn more about psychological safety and the framework Deanna has helped establish at https://gotps.org/ https://www.linkedin.com/in/djstanley/…
T
The Security Repo
1 Phone Phreaking, The History Of The Security Community, And Social Engineering - Matt Scheurer 41:39
41:39 Play Later Play Later Lists Like Liked41:39
Play Later Play Later Lists Like LikedIn this episode of the Security Repo podcast, we are joined by the legendary DFIR Matt to get a history of phone phreaking and how that community of hackers inspired an entire community, including DEF CON. We also talk about how social engineering attackers are carried out, including QR code phishing, aka "quishing." Matt gives some rok solid advice as well on how to approach a successful security career. About our guest: Matt Scheurer is a show host for the ThreatReel Podcast and Vice President of Computer Security and Incident Response in a large enterprise environment. He has many years of hands-on technical experience. Matt is an official "Hacking is NOT a Crime" Advocate, serves on the Advisory Board for the Warren County Career Center "Information Technology and Cybersecurity" program, and also volunteers as a technical mentor for the Women's Security Alliance (WomSA). He has presented numerous Information Security topics at countless technology meetup groups and prominent Information Security conferences, including keynotes at the Cybersecurity Collaboration Forum Cincinnati Leadership Exchange, the Information Security Summit in Cleveland, Queen City Con in Cincinnati, where he just got a black badge and a lifetime keynote spot. Matt is also a 2019 comSpark "Rising Tech Stars Award" winner and was named a "Top 12 Hacking Influencer" by Bishop Fox in 2023. Matt can be found online at:https://www.linkedin.com/in/mattscheurer/ and https://x.com/c3rkah…
T
The Security Repo
1 Getting Started In Offensive Security: A Journey Into Tech - Alexis Diediker 33:14
33:14 Play Later Play Later Lists Like Liked33:14
Play Later Play Later Lists Like LikedIn this week's episode of the Security Repo Podcast, we ask a pentester who is one year into her cybersecurity career how she got started. Along the way, we learn about her favorite security tools, what it was like making the leap into security, and how to get started with your own journey, no matter what path you want to take. We are joined by Alexis Diediker, who brings a fresh perspective to her OCO Consultant role, where she uses the social engineering skills acquired from her non-tech service industry background to deliver practical insights and technical expertise in network penetration and advanced social engineering assessments. Known for her unique approach, Alexis holds certifications including Security+, PenTest+, PNPT, CRTO, and is a recipient of the Women of Cyber Academy scholarship from The SANS Institute (Certifying her in GFACT, GSEC, and GCIH). Alexis is currently obtaining her Bachelors and Masters degrees in Cybersecurity/IT at Western Governors University. In her free time she indulges in whiskey, riding motorcycles, and fantasy lore. https://eicc.edu/news/2024-student-story-alexis-diediker.aspx https://www.linkedin.com/in/adiediker1088/…
T
The Security Repo
1 Securing Human Access Through Privileged Access Management and Just In Time Access - Aria Langer 33:58
33:58 Play Later Play Later Lists Like Liked33:58
Play Later Play Later Lists Like LikedIn this episode of the Security Repo Podcast, we take a look at the concepts around securing human identities in the enterprise. We talk about why passwords alone are not enough, why it is important to use multifactor authentication, and the dream 'golden path' of ephemeral just-in-time account creation and use. As always, we find out the best and worst advice our guest has ever heard. Aria Langer joins the program this week. She is a Senior Security Engineer for KraftHeinz, specializing in PKI & privileged access management. In her personal life, Aria will talk your ear off about long-distance running, sewing, music-gaming, and RPGs from the good ol’ days. And Uncle Scrooge from DuckTales comics and media.…
T
The Security Repo
1 Undocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy - José Martinez 27:13
27:13 Play Later Play Later Lists Like Liked27:13
Play Later Play Later Lists Like LikedIn this week's episode of the Security Repo Podcast, we dive into an unusual topic for the program, navigating the US immigration system and the challenges that many security professionals working in the US face. Join us as we discuss how to apply lessons from the world of pentesting to succeeding in the face of bureaucracy. We are joined by José A. Martinez. José is the owner of too many Pokemon games which he still hasn’t played. Born in Mexico but raised in Chicago, José loves guitars, books, cameras, and trying out new food. José worked in retail before transitioning to information security as an apprentice in a consulting firm, where he currently focuses on web application pentesting as a senior delivery analyst. Links mentioned in this episode: https://www.linkedin.com/in/jose-martinez-castro/…
T
The Security Repo
1 STIR/SHAKEN and Password Policies- Per Thorsheim 34:14
34:14 Play Later Play Later Lists Like Liked34:14
Play Later Play Later Lists Like LikedIn this week's episode of the Security Repo Podcast, we turn our attention to STIR/SHAKEN, a requirement for US cell phone carriers that has been implemented to stop SPAM robocalls. We also look at password policies and research into how to make better passwords. We are joined by Per Thorsheim. Per is the founder and main organizer of PasswordsCon, the first conference dedicated to passwords, pins and anything related to digital authentication. He has been working in infosec for 30 years, and claims to know your next password. His bio on Linkedin has more information if you’re interested. Links mentioned in this episode: https://www.linkedin.com/in/thorsheim/ https://mastodon.social/@thorsheim https://www.fcc.gov/call-authentication…
T
The Security Repo
1 Being a Lifeguard Instead of a Police Officer and Compliance Is NOT Security - David Hawthorne 31:05
31:05 Play Later Play Later Lists Like Liked31:05
Play Later Play Later Lists Like LikedIn this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.We will discuss the role of the compliance audit and what frameworks like SOC2 were supposed to solve. We dive into the approach of supporting and empowering teams as a lifeguard as opposed to being a police officer yelling "no" all the time. By the end, David shares some practical advice for growing your team and staying safe as you scale.Links mentioned in this episode:http://davidhawthorne.comhttps://github.com/shellninja…
T
The Security Repo
1 From The Theory Of Constraints to Scorecard Patterns for Better Compliance - Justin Reock 44:36
44:36 Play Later Play Later Lists Like Liked44:36
Play Later Play Later Lists Like LikedIn this episode of The Security Repo Podcast, we broach a wide variety of topics, ranging from The Theory of Constraints, source control horror stories, and using scorecards to drive cross-team success. We are joined by Justin Reock, the Head of Developer Relations for Cortex.io. He is an outspoken speaker, writer, and software practice evangelist. He has over 20 years of experience working in various software roles and has delivered enterprise solutions, technical leadership, and community education on a range of topics. We start by talking about how the work of Ed Deming translates into modern software workflow and what that means for security. Branching from there, we dip into how developer and build tooling can and should include security. The one thing all developers have in common is source control, and Justin's background lets him share a few stories that are not to be missed. We end with a new twist on Best Advice/Worst Advice that gives us deeper insight into our guest. Thanks for tuning into this episode. Links mentioned in this episode: https://www.linkedin.com/in/justinreock/ OpenRewrite and Modern https://www.moderne.ai/blog/overview-... Pre-frontal cortex podcast - https://podcasts.apple.com/us/podcast... IDPcon.com - https://idpcon.com/…
T
The Security Repo
1 Rotating Secrets At Scale, Automatically, and With High Availability - Kenton McDonough 35:29
35:29 Play Later Play Later Lists Like Liked35:29
Play Later Play Later Lists Like LikedIn this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably. We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems. We walk through the tech stack that Kent works with, which includes a little of everything. We revisit his talk topic at BSides as Vegas 2024 with a discussion of 'blue/green' secrets rotation. By the end, we uncover some best practices to keep in mind when architecting a scalable, highly available application with regard to secrets management. Links shared in the episode: kent07[at]bt.edu "Zero downtime credential rotation" at BSides Las Vegas 2024 https://www.youtube.com/live/b22uT4pYpk8?feature=shared&t=17092…
T
The Security Repo
1 Countering Shadow IT Through Nudging Intervention - Garret Gross 28:35
28:35 Play Later Play Later Lists Like Liked28:35
Play Later Play Later Lists Like LikedIn this episode of The Security Repo Podcast, let's talk about the largest IT threat outside of IT, and maybe out of the line of site of Security teams, Shadow IT. We are joined by Garrett Gross, a seasoned cybersecurity professional with over twenty years of experience. Garrett currently holds the position of Head of Product Success at Nudge Security. His primary focus is on implementing innovative strategies to address SaaS sprawl and mitigate the risks associated with shadow IT. With a strong background in security operations, incident response, and threat research, Garrett's expertise and dedication to the field are evident. He actively contributes to the cybersecurity community by collaborating with organizations such as OWASP and ISSA, aiming to elevate industry standards and best practices. We start with a look at how bad the issue of shadow IT really is today and what it is potentially costing companies. From there, we talk about how blocking people from working is a less-than-optimal way to implement security since people will often bypass those restrictions. By the end, we discuss the idea of nudging people, using guardrails, and some clever automation, to do the right thing and improve security for us all. Links from this episode: https://www.linkedin.com/in/garretthgross/ https://nudgesecurity.com https://www.nudgesecurity.com/our-approach…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to The Security Repo
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Big tech is transforming every aspect of our world. But how, and at what cost? This season of Land of the Giants – The Disney Dilemma – focuses on Disney’s ability to weather the ups and downs of the business cycle and changing tastes and explores what has kept it successful for over 100 years. The entertainment giant has leveraged nostalgia and its intellectual property to build a beloved brand, but after an acquisition spree that included Marvel, Lucasfilm, and 20th Century Fox, can it sus ...
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
We help founders make something people want.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
