Undocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy

#Tech #Mackenzie Jackson & Dwayne McDaniel #Dwayne McDaniel #Mackenzie Jackson

50:30

Episode Notes [00:00] The Importance of Questioning [01:21] Introduction to Curated Questions [02:20] Meet Kevin Kelly [03:56] Kevin Kelly's Mentor: Stewart Brand [05:33] The Role of Questions in Intellectual Traditions [06:47] Disequilibrium and Growth [10:21] Embodied Questions and Exploration [11:11] Balancing Exploration and Exploitation [11:50] The Inefficiency of Questioning [15:53] The Abundance Mindset [18:39] The Inevitable and Quality Questions [19:26] Hill Climbing vs. Hill Making [22:28] The Challenge of Innovation [24:13] The Beauty of Engineering and Innovation [24:34] Navigating the Frontier of New Technologies [25:33] The Role of AI in Question Formulation [26:43] Challenges in Advancing AI Capabilities [29:11] The Long Now Foundation and the 10,000 Year Clock [29:56] Transmitting Values Over Time [31:03] Ethics in AI and Self-Driving Cars [33:26] The Art of Questioning [34:04] Photography: Capturing vs. Creating [36:12] The Inefficiency of Exploration [38:36] Daily Practice and Long-Term Success [40:17] The Importance of Quantity for Quality [43:22] Final Thoughts and Encouragement on Questioning [46:24] Summary Takeaways Resources Mentioned Wired Magazine Whole Earth Review WELL Hackers Conference What Technology Wants by Kevin Kelly The Inevitable by Kevin Kelly Cool Tools Project Long Now Foundation Stewart Brand Socratic Method Koan René Descartes Conde Nast Vouge Olivetti Typewriter Trolley Problem Terry Gross Lex Friedman Tim Ferriss KK.org Kevin2Kelly on Instagram Recomendo Newsletter Excellent Advice for Living Beauty Pill Producer Ben Ford Questions Asked When did you first understand the power of questions? Can I do that? Can that be something that you can learn? How did questions function differently between Eastern versus Western intellectual traditions? What role do you think embodied questions those we explore through doing rather than thinking play in developing wisdom? What's on the other side of the hill? What happens if you go to the end? What's the origin of this? How should one think about the exploratory in one's life? Is there anything that you would add to your list of 15 statements that define what makes a quality question? Is there a qualitative difference between the questions humans are asking and the questions our AI systems are beginning to formulate? What do you think would help them get there? Any idea on a forcing function on how we get them [LLMs] to ask the better questions so that they might improve in that direction? What were some novel questions that broke your brain at the time in thinking about this 10,000-year clock or beyond? What's it good for? What would you use it for? What else could you do over the long term for 10,000 years? How do you transmit values over time? How do you evolve values that need to change, and how do you make a difference? How do even know what you don't want to change? What do you want to continue? What's the most essential aspects of our civilization that we don't want to go away? What are the rules? What is the system? How do you pass things along in time and not change the ones you don't wanna change, and make sure you change the ones that are more adaptable so they can adapt? What do you think about questioning itself as an art form? How has being a photographer influenced the way you question reality, visually compared to verbally? Are you a photographer that takes photos or makes photos? What will happen? What will happen next? What are your right now questions that you are wrestling with or working with in your life? Can someone else do what I'm trying to do here? Am I more me in doing my art or more me in doing the writing? Do you have any other thoughts or encouragement about questions that we haven't explored? What makes a good question? How do you ask a good question? What questions do you dwell on to be in purposeful imbalance? What is your practice in embracing the inefficient nature of questions to achieve breakthroughs? What are the new hills you can build and frontiers you can explore? How can you use your curiosity and humanity to pursue questions that trend toward the fringes?…

The Security Repo « »
Undocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy - José Martinez

about a year ago 27:13

MP3•Episode home

In this week's episode of the Security Repo Podcast, we dive into an unusual topic for the program, navigating the US immigration system and the challenges that many security professionals working in the US face. Join us as we discuss how to apply lessons from the world of pentesting to succeeding in the face of bureaucracy. We are joined by José A. Martinez. José is the owner of too many Pokemon games which he still hasn’t played. Born in Mexico but raised in Chicago, José loves guitars, books, cameras, and trying out new food. José worked in retail before transitioning to information security as an apprentice in a consulting firm, where he currently focuses on web application pentesting as a senior delivery analyst. Links mentioned in this episode: https://www.linkedin.com/in/jose-martinez-castro/

93 episodes

Undocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy - José Martinez

The Security Repo

published about a year ago

MP3•Episode home

93 episodes

#Tech #Mackenzie Jackson & Dwayne McDaniel #Dwayne McDaniel #Mackenzie Jackson

All episodes

1
Visualizing Data Poisoning and Rethinking Threat Detection Through Graphs – Maria Khodak 21:05

3 days ago21:05

21:05

In this episode of the Security Repo Podcast, Maria Khodak explores how graph theory and data visualization can be used to uncover machine learning vulnerabilities like data poisoning. She explains how her work as a penetration tester intersects with research on threat detection and the importance of making abstract security concepts more human-readable. The conversation also covers her journey into cybersecurity, the value of visualization tools like Gephi, and her call to make the field more inclusive and curious-driven.Maria Khodak is a security engineer and penetration tester at a large company focusing on web application, API, and network testing. She also researches machine learning vulnerabilities, threat detection, and graph theory in her free time. https://www.linkedin.com/in/maria-khodak-10b26a192/https://gephi.org/…

1
Building Human-Centric Security and Hacker Communities in Argentina - Ailin Castellucci 23:04

17 days ago23:04

23:04

In this episode of the Security Repo Podcast, Ailin Castellucci shares her inspiring journey from selling shoes to building cybersecurity teams and leading human-centric education projects. She discusses the unique challenges and perspectives of cybersecurity education in Argentina, emphasizing the importance of empathy, communication, and passion in the industry. Ailin also delves into her current work fostering hacker communities and promoting accessible security education across South America. https://www.linkedin.com/in/acastellucci/ Ailin is an Information Security specialist and Hacking Community Builder at Strike. She previously worked at Mercado Libre, Lemon, and Galicia bank, and now leads Hécate, a project that combines creative solutions with human-centered education.…

1
From SOCs to Threat Detection Engineering: Crafting Better Security Responses - Chris Kulakowski 20:03

24 days ago20:03

20:03

In this episode of the Security Repo Podcast, Chris Kulakowski, a seasoned detection engineer from IBM, delves into the complexities of threat detection, from writing detection rules to collaborating with red teams for proactive security strategies. He shares insights on prioritizing security risks, the evolving role of AI in cybersecurity, and the importance of adaptability in the ever-changing threat landscape. Chris also offers advice for aspiring security professionals and reflects on the positive trends in global cybersecurity efforts. https://www.linkedin.com/in/ckulakowski/ Chris Kulakowski is a driven technologist, innovator, and tinkerer of all things. His career spans across 15 years of Digital Media, Information Technology, Security Operations, Threat Intelligence and Digital Forensics roles. He is currently a senior technical staff member specializing in threat detection at IBM, supporting IBM internal businesses. Prior to IBM he held various roles at General Motors and Optiv. He is seasoned in responding to incidents, developing new threat detection content, and an expert in EDR technology. Chris holds a Computer Criminology degree from Florida State University and several industry leading cyber security and digital forensics certifications including CISSP, EnCE, GCFE, GREM, and Security+. Chris is also accredited with a Stanford University Advanced Computer Security Certificate.…

1
Quarantine Policies and Cloud Security Strategies for AWS – Bleon Proko 23:06

4 weeks ago23:06

23:06

In this episode of the Security Repo Podcast, Bleon Proko dives into the intricacies of AWS security, focusing on the role and impact of quarantine policies in mitigating the risks of compromised credentials. He explains how AWS policies prioritize denial to prevent privilege escalation, lateral movement, and financial fraud, offering practical strategies for securing sensitive identities. Additionally, Bleon shares insights on essential tools for penetration testing and gives candid advice about navigating cloud security challenges.Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented topics related to Cloud Penetration Testing and Security in conferences like BlackHat USA, Europe and Sector, DEF CON, SANS Pentest Hackfest Hollywood and Amsterdam, as well as several BSides on USA and Europe.His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of YetiHunter and DetentionDodger (https://github.com/Permiso-io-tools/[DetentionDodger | YetiHunter]).He is also the author of the upcoming book "Deep Dive into Clouded Waters: An overview in Digital Ocean's Pentest and Security" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)…

1
Helping Developers Use Open Source Security Tools & Improving Defense With AI - Mackenzie Jackson 24:19

5 weeks ago24:19

24:19

In this episode of the Security Repo Podcast, we welcome back Mackenzie Jackson, security researcher and founder of this very show, to discuss the evolving landscape of AI in cybersecurity. Mackenzie dives deep into how AI is reshaping open-source security, revealing research that uncovered 600 unreported vulnerabilities in popular packages. We also explore the growing risks of AI-generated package hallucinations, how attackers might exploit them, and why security tools must be made more accessible to developers.https://www.linkedin.com/in/advocatemack/https://www.aikido.dev/Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems.…

1
How Digital Forensics Supports Incident Response And Who Should Own IAM - Gerard Johansen 22:20

6 weeks ago22:20

22:20

In this episode of the Security Repo Podcast, we sit down with cybersecurity expert Gerard Johansen to dive deep into identity and access management (IAM) challenges in the enterprise space. We explore the explosion of data and identities, the ongoing debate over who "owns" IAM in organizations, and how threat actors are evolving their tactics to exploit identity-based vulnerabilities. Gerard also shares insights from his experience in digital forensics and incident response, offering advice on how security professionals can sharpen their skills and make an impact in the field.https://www.linkedin.com/in/gerardjohansen/Gerard Johansen is a cyber security professional with over a decade of experience specializing in Incident Response, Digital Forensics, and Threat Intelligence. Gerard has been fortunate to work with a wide range of organizations from enterprise environments, industrial, boutique consulting and international security providers. He is a frequent speaker at various conferences and also an author, currently working on the fourth edition of Digital Forensics and Incident Response. Gerard is currently employed with an MDR firm based out of Denver, CO.…

1
Navigating And Defining The Evolving Role Of The CISO In Government Security - Josh Kuntz 22:53

7 weeks ago22:53

22:53

In this episode of the Security Repo Podcast, we sit down with Josh Kuntz, Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation, to explore the unique challenges of securing state agencies. With nearly three decades in public service, Josh shares his insights on navigating government cybersecurity, hiring the next generation of security professionals, and the evolving role of CISOs. We also discuss how AI and social engineering are reshaping the threat landscape and why patching remains the top security concern after 25 years. https://www.linkedin.com/in/joshua-kuntz-cissp-35a825176/ Josh serves as the Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation (TDLR), where he is recognized as a leading expert in cybersecurity across the state. With nearly three decades of public service, including six years in the Marine Corps and 24 years with various state agencies, he has cultivated a wealth of experience in physical and information security, IT management, major information resource project procurement, project management, contract management, and risk management. His career highlights include eight years at the Texas Department of Public Safety (TXDPS), where he oversaw the statewide Texas Law Enforcement Telecommunications System (TLETS) satellite network, and three years at the Texas Youth Commission (TYC) as their first Information Security Officer (ISO), leading the security program during its merger with the Juvenile Probation Department. He also served seven years at the Texas Department of Motor Vehicles (TXDMV) as their inaugural ISO, where he took on additional roles as interim Chief Information Officer and interim Project Management Office Director. A passionate advocate for cybersecurity training, Josh established a public-private partnership that provided cybersecurity training and certification for 90 state employees. As CISO of the Texas Workforce Commission (TWC), he built a robust cybersecurity team and launched an apprenticeship program, while also offering cybersecurity guidance to the 28 workforce boards across Texas. In 2023, Josh initiated a 12-month CISO Mentorship Program designed to cultivate the next generation of cybersecurity leaders within the state. He holds a degree in criminal justice, achieved CISSP certification in 2012, and was honored as the Austin ISSA CISO of the Year in 2024. With his extensive background and commitment to excellence, Josh continues to shape the future of cybersecurity in Texas.…

1
The State And Future Of Cybersecurity Training and AIShaping The Role - Zach Hill 22:36

8 weeks ago22:36

22:36

In this episode of the Security Repo Podcast, we sit down with Zach Hill from Antisyphon Training to discuss affordable cybersecurity education and the evolving landscape of IT training. Zach shares insights on the importance of hands-on learning, the challenges of misinformation in online education, and how AI is reshaping entry-level IT roles. We also dive into unconventional career paths into security and the critical need for foundational knowledge like networking and version control. https://www.linkedin.com/in/iamnerdy/ https://antisyphontraining.com Zach Hill is a dad, mental health advocate, creator, hacker, and self-described nerd.In 1999, Zach dropped out of high school of freshman year due to severe depression and anxiety issues. What he thought for a long time was a curse was in all reality a blessing. While everyone he knew was in school, Zach was at home on the internet learning everything that he could about websites, search engine optimization, internet marketing, and eventually social media. In 2008, Zach was burnt out from web development and discovered that he had an interest in the infrastructure side of technology and quickly transitioned his career into technical support for school districts, by 2018 Zach was in charge of security awareness training and MDM administration for a hospital.In 2018, he quit his full-time position to focus on a YouTube channel that he had created in 2014 called IT Career Questions. This channel was built to help people find their way into the growing world of IT and has grown with a reach of over 20 million people, and a fan base of over 280,000 subscribers.In 2021, Zach joined forces with TCM Security to continue the mission of helping others in their journey through IT.As of 2024, Zach is proudly with Antisyphon Training, a company Powered by Black Hills Information Security, where he continues to help people find their path into the world of IT and cybersecurity.…

1
Secrets Management With The OpenPao Project And Open Source Security - Alex Scheel 22:15

9 weeks ago22:15

22:15

In this episode of the Security Repo Podcast, we sit down with Alex Scheel, staff back-end engineer at GitLab and chair of the OpenBao Technical Steering Committee, to discuss the origins and future of OpenBao, a fork of HashiCorp Vault. Alex explains the implications of HashiCorp's licensing change, the technical advantages OpenBao brings to the table, and the importance of open-source governance under the Linux Foundation. We also dive into interoperability in security tooling, secrets management best practices, and how developers can get involved in contributing to OpenBao. Alex Scheel is a Staff Backend Engineer at GitLab and the Chair of the OpenBao Technical Steering Committee. He has built a career on open source contributions, previously working at Keyfactor on Bouncy Castle, at HashiCorp on Vault, and at Canonical and Red Hat. You can find him under the nickname cipherboy most places. In his free time, he likes playing the violin and taking photography trips. https://www.linkedin.com/in/alexander-scheel-807514105/ https://openbao.org/ https://openbao.org/blog/vision-for-namespaces/…

1
Playing (And Winning) CTFs To Advance Your Cybersecurity Career - Edna Jonssen 22:45

10 weeks ago22:45

22:45

In this episode of the Security Repo Podcast, we sit down with Edna Jonnson, a cybersecurity engineer and SOC analyst, to discuss their journey from web development to security operations. Edna shares insights on the value of Capture the Flag (CTF) competitions for skill development, recounting their recent victory at Wild West Hacking Fest. We also dive into their day-to-day work in a SOC, the importance of credit freezes for personal security, and their involvement in cybersecurity communities like DEF CON and B-Sides Orlando.Edna Jonsson (they/them) is a cybersecurity engineer and SOC analyst with a strong foundation in web development and technical education. Their journey began as a web developer and coding bootcamp instructor, equipping them with a unique blend of technical expertise and a passion for mentorship.Edna is an active leader in the cybersecurity community, serving as the Volunteer Coordinator for BSides Orlando and an organizer for Career Village and Social Engineering Adventure Village. They also play a pivotal role in DEATHCon, both as the main conference organizer and Orlando site lead. They also help organize meetings for the local DC407 chapter.Previously, Edna hosted Security Chipmunks, a podcast dedicated to guiding early-career cybersecurity professionals. They were also instrumental in the launch and rapid growth of the WGU Cybersecurity Club, helping expand its membership to over 8,000 students. Edna coined the club’s motto, “No Owl Left Behind,” emphasizing their commitment to ensuring every student—whether in academics or competitions—received the support they needed to succeed.With a deep passion for cybersecurity, education, and community building, Edna continues to empower the next generation of security professionals.https://www.linkedin.com/in/ednajonsson/https://bsky.app/profile/ednas.bsky.social https://x.com/ednashttps://dc407.com/https://deathcon.io/https://bsidesorlando.org/…

1
Defense In Depth Means Writing More Tests To Make Sure You Don't Regress - John Poulin 41:51

11 weeks ago41:51

41:51

In this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security posture, and the challenges of implementing robust audit logging. Plus, John recounts the day GitHub logged out all users due to a security bug and offers advice on avoiding over-reliance on web application firewalls.John Poulin leads Cloud Security Partners' technology and platform development. He is an experienced application security practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups to perform secure code review, architecture, and design discussions, as well as threat modeling.Previously, John served as a staff manager of product security engineering, a role in which he and his team focused on performing secure code review of features and services, performing threat modeling, and helping to ensure that Cloud Security Partners' software ecosystem moves toward security maturity. John has also served as the director of engineering, where he focused on leading engineering teams through multiple stages of security-focused product development.John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, and Source, as well as various Ruby and OWASP events about practical application security.In his free time, John enjoys spending time with his family, traveling, playing adult league softball, and making hot sauce.https://www.linkedin.com/in/johnmpoulinLogs wall of shame https://Audit-logs.taxSSO wall of shame https://sso.tax/…

1
What Does It Mean To Be A Security Lead - A Conversion With Kayssar Daher 42:21

12 weeks ago42:21

42:21

In this episode of the Security Repo Podcast, Dwayne and Kayssar dive into Kayssar's role as a security leader at GitGuardian, exploring his responsibilities, challenges, and the balance between proactive and reactive security work. They also discuss the evolution of security tools, the importance of relationship-building in security roles, and share insights on vulnerability management and security awareness training. Kayssar offers a unique perspective on what the security industry is getting right, as well as areas that need improvement, especially regarding VPNs and vulnerability prioritization. Kayssar Daher is a systems security & data privacy enthusiast specializing in securing SaaS platforms. If you'd like to know more about what he do, check out his blog: https://the.secure.engineer https://www.linkedin.com/in/daherk/…

1
Understanding Security Champions and Making Human Connections - Dustin Lehr 48:29

13 weeks ago48:29

48:29

In this episode of the Security Repo Podcast, Dwayne and Kayssar sit down with Dustin Lehr, co-founder and chief product and tech officer at Katilyst , to explore the power of Security Champions programs. Dustin shares insights from his journey as a software engineer turned cybersecurity leader and explains how security champions can bridge the gap between security teams and developers. The conversation covers trust-building, best practices for implementing a successful champions program, and how to measure its impact in ways that resonate with executives. Dustin Lehr is an accomplished software engineer turned executive cybersecurity leader who designs security programs that reinforce proactive behavior to avoid security incidents. He is the Co-founder / Chief Product and Technology Officer at Katilyst, a company dedicated to helping organizations enhance their culture by building engaging security champion programs. Dustin is also the driving force behind the Security Champion Program Success Guide and possesses a wealth of experience in application security, providing innovative coaching and consulting services. In addition, he is a prominent community thought leader, speaker, and founder of the "Let's Talk Software Security" monthly open discussion meetup group. https://www.linkedin.com/in/dustinlehr/ Katilyst - https://www.katilyst.com/ Security Champion Program Success Guide - https://securitychampionsuccessguide.org/ "Let's Talk Software Security" - https://www.meetup.com/lets-talk-software-security/…

1
Leveraging Hermeneutics In Cyber Threat Intelligence at The MM-ISAC - Cherie Burgett 37:54

14 weeks ago37:54

37:54

In this episode of the Security Repo Podcast, we dive into the world of ISACs (Information Sharing Analysis Centers) with Cherie Burgett. Cherie shares insights into the nuanced field of cyber threat intelligence, discussing how interpretation techniques like hermeneutics can enhance understanding of threat actor behavior. The conversation also explores practical approaches to information sharing, intelligence delivery, and the importance of balancing concise communication with actionable insights. Since its inception, Cherie Burgett has worked with the Mining and Metals ISAC. As the Director of Cyber Intelligence Operations. Cherie is responsible for researching and analyzing the ever-changing threat landscape affecting the mining and metals sectors. With a unique philosophy and approach to cyber threat intelligence incorporating lessons learned from studies in the arts and humanities, she brings a nuanced perspective to the ethics and human condition relating to both threat actor groups and the people defending our critical infrastructure. Recent Articles about Hermeneutics Applied to Cyber Threat Intelligence - https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-1-tactical-cherie-burgett-x8ime/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-2-why-cherie-burgett-8xmfe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D https://www.linkedin.com/pulse/hermeneutics-cyber-threat-intelligence-part-3-planning-cherie-burgett-xgzwe/?trackingId=n33uyXThS%2FCcMkPYyNMCVQ%3D%3D…

1
Observability ownership, monitoring apps at scale, and learning DevOps like a language- Josh Lee 30:59

15 weeks ago30:59

30:59

In this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry. We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how databases like ClickHouse® compare to Snowflake for monitoring applications at scale. Josh also shares insights on DevOps culture as a "foreign language" and how to bridge gaps between developers and operators in adopting modern practices. Josh is a seasoned software developer with over a decade of experience, specializing in a broad range of topics including operations, observability, and cloud-native databases. His passion for technology is matched by his enthusiasm for sharing knowledge through public speaking. Currently, Josh serves as a Developer Advocate for Altinity, where he creates educational content on ClickHouse® and OpenTelemetry. Find Josh at https://www.linkedin.com/in/joshuamlee/ @joshleecreates@hachyderm.io @joshleecreates.bsky.social and on the Altinity Slack https://altinity.com/…

The Security Repo

1
The Freedom Of Information Act, Ethical AI, And NerdCore Music - Stephanie Honore 36:39

16 weeks ago36:39

36:39

In this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the intersection of security and legal frameworks. We also explore her creative side as a "spycore" musician blending cybersecurity themes with nerdcore music. Stephanie Honore, also known as Scarlett Danger, is a professional programmer, building applications by day, and a volunteer OSINT investigator by night for NGOs that combat human trafficking. She has been a member of WiCyS (Woman of Cybersecurity) since 2016 and attended Hacker On The Hill in Jan 2024. She began by attending the local hacker meetups and frequently attends cybersecurity conferences such as BSides and Texas Cybersecurity Summit. She recently started joining online chat communities on Discord and IRC where she is getting a lot of exposure to a different side of the security field. Outside of work she likes making nerdcore music about security and intelligence ( a genre she has dubbed spycore) inspired greatly by performers like YTCracker, MC Frontalot, and Yung Innanet. You can listen to one of my songs here. https://soundcloud.com/scarlett_danger/hack-the-planet-v2?in=scarlett_danger/sets/internet-feels https://www.linkedin.com/in/smhonore/ https://smhonore.deno.dev/ https://www.wicys.org/ https://www.muckrock.com/news/archives/2024/aug/26/with-a-little-help-from-the-national-archives-nsa-finally-releases-grace-hopper-lecture-watch-it-here/…

The Security Repo

1
Securing Workload Identities And Working On Conjure - Jody Hunt 43:31

17 weeks ago43:31

43:31

In this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, Jody shares his journey through a tech acquisition and the enduring importance of thinking like an attacker in cybersecurity. Jody has held diverse roles in software development, sales, and marketing. He has been an enthusiastic promoter of DevOps principles since 2010. He became aware of the growing security gap introduced by automation which led him to join Conjur in 2017. Four months later, CyberArk acquired Conjur to extend secrets management and machine identity solutions to DevOps, Cloud and Kubernetes workloads. https://www.linkedin.com/in/jodyhuntatx/ https://spiffe.io/book/ https://blog.gitguardian.com/protect-secrets-with-cyberark-and-gitguardian-integration/…

The Security Repo

1
The Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh Seeparsan 42:37

18 weeks ago42:37

42:37

In this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms. With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise applications. He has collaborated with the U.S. DoD, developed Appsec training for Adobe, and secured identities for multibillion-dollar firms. Today, he guides companies in building secure, trustworthy, generative AI and LLM applications and volunteers with the OWASP Foundation team working on the OWASP Top Ten for LLMs. His north star is the safe, performant adoption of frontier AI. https://www.linkedin.com/in/talesh https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://owasp.org/www-project-top-10-for-large-language-model-applications/…

The Security Repo

1
Securing Flight Simulators And Other Operational Technology - Coburn Slay 45:02

21 weeks ago45:02

45:02

In this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also explore broader themes like the need for simplicity in cybersecurity tooling and combating misconceptions about age in the industry. Coburn Slay is a passionate and driven young cybersecurity professional based in Tulsa, Oklahoma. His love for technology began at a young age, fueled by knowledgeable mentors and a natural curiosity to understand how things work. This drive has led Coburn to explore unique fields within cybersecurity, where he’s been able to gain hands-on experience and contribute to innovative research in the ever-evolving tech landscape. / coburn-slay-aa759a164 https://openssf.org/ https://openssf.org/projects/zarf/…

The Security Repo

1
Getting Out Of Walled Gardens By Running Your Own Email - Michael Harrison 36:03

22 weeks ago36:03

36:03

In this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his pivotal role in bringing internet access to Chattanooga in the 1990s and shares practical advice on navigating walled gardens and enhancing system security. Michael describes himself as "A geek tweaking that status quo." He is the co-founder of Ring-U. https://www.linkedin.com/in/mike-harrison-1985b21/…

The Security Repo

1
Understanding Psychological Safety And Asking Questions To Stay Relevant - Deanna Stanley 37:37

23 weeks ago37:37

37:37

Got psychological safety? In this episode of the Security Repo Podcast we sit down with Deanna Stanley to learn about psychological safety and the framework she has coauthored on building the layers of trust within organizations. We also dig into a few interesting stories from her time at MITRE and end up with some very encouraging words on how to stay relevant in a constantly shifting field. Deanna started her career as an embedded programmer in the telecommunications industry, and was a significant contributor to Northern California having no internet for 2 days back in the late 90s. She now helps sponsor transition to Agile and DevOps and spends her days screaming “it’s the people, not the tools!” Deanna’s love of her life is her dog Grimbal, which is why she’s always covered in fur. Learn more about psychological safety and the framework Deanna has helped establish at https://gotps.org/ https://www.linkedin.com/in/djstanley/…

The Security Repo

1
Phone Phreaking, The History Of The Security Community, And Social Engineering - Matt Scheurer 41:39

24 weeks ago41:39

41:39

In this episode of the Security Repo podcast, we are joined by the legendary DFIR Matt to get a history of phone phreaking and how that community of hackers inspired an entire community, including DEF CON. We also talk about how social engineering attackers are carried out, including QR code phishing, aka "quishing." Matt gives some rok solid advice as well on how to approach a successful security career. About our guest: Matt Scheurer is a show host for the ThreatReel Podcast and Vice President of Computer Security and Incident Response in a large enterprise environment. He has many years of hands-on technical experience. Matt is an official "Hacking is NOT a Crime" Advocate, serves on the Advisory Board for the Warren County Career Center "Information Technology and Cybersecurity" program, and also volunteers as a technical mentor for the Women's Security Alliance (WomSA). He has presented numerous Information Security topics at countless technology meetup groups and prominent Information Security conferences, including keynotes at the Cybersecurity Collaboration Forum Cincinnati Leadership Exchange, the Information Security Summit in Cleveland, Queen City Con in Cincinnati, where he just got a black badge and a lifetime keynote spot. Matt is also a 2019 comSpark "Rising Tech Stars Award" winner and was named a "Top 12 Hacking Influencer" by Bishop Fox in 2023. Matt can be found online at:https://www.linkedin.com/in/mattscheurer/ and https://x.com/c3rkah…

The Security Repo

1
Getting Started In Offensive Security: A Journey Into Tech - Alexis Diediker 33:14

25 weeks ago33:14

33:14

In this week's episode of the Security Repo Podcast, we ask a pentester who is one year into her cybersecurity career how she got started. Along the way, we learn about her favorite security tools, what it was like making the leap into security, and how to get started with your own journey, no matter what path you want to take. We are joined by Alexis Diediker, who brings a fresh perspective to her OCO Consultant role, where she uses the social engineering skills acquired from her non-tech service industry background to deliver practical insights and technical expertise in network penetration and advanced social engineering assessments. Known for her unique approach, Alexis holds certifications including Security+, PenTest+, PNPT, CRTO, and is a recipient of the Women of Cyber Academy scholarship from The SANS Institute (Certifying her in GFACT, GSEC, and GCIH). Alexis is currently obtaining her Bachelors and Masters degrees in Cybersecurity/IT at Western Governors University. In her free time she indulges in whiskey, riding motorcycles, and fantasy lore. https://eicc.edu/news/2024-student-story-alexis-diediker.aspx https://www.linkedin.com/in/adiediker1088/…

The Security Repo

1
Securing Human Access Through Privileged Access Management and Just In Time Access - Aria Langer 33:58

26 weeks ago33:58

33:58

In this episode of the Security Repo Podcast, we take a look at the concepts around securing human identities in the enterprise. We talk about why passwords alone are not enough, why it is important to use multifactor authentication, and the dream 'golden path' of ephemeral just-in-time account creation and use. As always, we find out the best and worst advice our guest has ever heard. Aria Langer joins the program this week. She is a Senior Security Engineer for KraftHeinz, specializing in PKI & privileged access management. In her personal life, Aria will talk your ear off about long-distance running, sewing, music-gaming, and RPGs from the good ol’ days. And Uncle Scrooge from DuckTales comics and media.…

The Security Repo

1
Undocumented Hacking - Applying Pentesting Skills To Navigating Bureaucracy - José Martinez 27:13

27 weeks ago27:13

27:13

The Security Repo

1
STIR/SHAKEN and Password Policies- Per Thorsheim 34:14

28 weeks ago34:14

34:14

In this week's episode of the Security Repo Podcast, we turn our attention to STIR/SHAKEN, a requirement for US cell phone carriers that has been implemented to stop SPAM robocalls. We also look at password policies and research into how to make better passwords. We are joined by Per Thorsheim. Per is the founder and main organizer of PasswordsCon, the first conference dedicated to passwords, pins and anything related to digital authentication. He has been working in infosec for 30 years, and claims to know your next password. His bio on Linkedin has more information if you’re interested. Links mentioned in this episode: https://www.linkedin.com/in/thorsheim/ https://mastodon.social/@thorsheim https://www.fcc.gov/call-authentication…

The Security Repo

1
Being a Lifeguard Instead of a Police Officer and Compliance Is NOT Security - David Hawthorne 31:05

29 weeks ago31:05

31:05

In this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the Director of Cloud Engineering at O3 Solutions, David successfully led SOC 2 and GRC initiatives. He is dedicated to delivering business value through automation and analytics and actively contributes to the DevSecOps and data communities as a speaker and mentor.We will discuss the role of the compliance audit and what frameworks like SOC2 were supposed to solve. We dive into the approach of supporting and empowering teams as a lifeguard as opposed to being a police officer yelling "no" all the time. By the end, David shares some practical advice for growing your team and staying safe as you scale.Links mentioned in this episode:http://davidhawthorne.comhttps://github.com/shellninja…

The Security Repo

1
From The Theory Of Constraints to Scorecard Patterns for Better Compliance - Justin Reock 44:36

30 weeks ago44:36

44:36

In this episode of The Security Repo Podcast, we broach a wide variety of topics, ranging from The Theory of Constraints, source control horror stories, and using scorecards to drive cross-team success. We are joined by Justin Reock, the Head of Developer Relations for Cortex.io. He is an outspoken speaker, writer, and software practice evangelist. He has over 20 years of experience working in various software roles and has delivered enterprise solutions, technical leadership, and community education on a range of topics. We start by talking about how the work of Ed Deming translates into modern software workflow and what that means for security. Branching from there, we dip into how developer and build tooling can and should include security. The one thing all developers have in common is source control, and Justin's background lets him share a few stories that are not to be missed. We end with a new twist on Best Advice/Worst Advice that gives us deeper insight into our guest. Thanks for tuning into this episode. Links mentioned in this episode: https://www.linkedin.com/in/justinreock/ OpenRewrite and Modern https://www.moderne.ai/blog/overview-... Pre-frontal cortex podcast - https://podcasts.apple.com/us/podcast... IDPcon.com - https://idpcon.com/…

The Security Repo

1
Rotating Secrets At Scale, Automatically, and With High Availability - Kenton McDonough 35:29

31 weeks ago35:29

35:29

In this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably. We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet service provider, with an emphasis on credential management and RBAC systems. We walk through the tech stack that Kent works with, which includes a little of everything. We revisit his talk topic at BSides as Vegas 2024 with a discussion of 'blue/green' secrets rotation. By the end, we uncover some best practices to keep in mind when architecting a scalable, highly available application with regard to secrets management. Links shared in the episode: kent07[at]bt.edu "Zero downtime credential rotation" at BSides Las Vegas 2024 https://www.youtube.com/live/b22uT4pYpk8?feature=shared&t=17092…

The Security Repo

1
Countering Shadow IT Through Nudging Intervention - Garret Gross 28:35

32 weeks ago28:35

28:35

In this episode of The Security Repo Podcast, let's talk about the largest IT threat outside of IT, and maybe out of the line of site of Security teams, Shadow IT. We are joined by Garrett Gross, a seasoned cybersecurity professional with over twenty years of experience. Garrett currently holds the position of Head of Product Success at Nudge Security. His primary focus is on implementing innovative strategies to address SaaS sprawl and mitigate the risks associated with shadow IT. With a strong background in security operations, incident response, and threat research, Garrett's expertise and dedication to the field are evident. He actively contributes to the cybersecurity community by collaborating with organizations such as OWASP and ISSA, aiming to elevate industry standards and best practices. We start with a look at how bad the issue of shadow IT really is today and what it is potentially costing companies. From there, we talk about how blocking people from working is a less-than-optimal way to implement security since people will often bypass those restrictions. By the end, we discuss the idea of nudging people, using guardrails, and some clever automation, to do the right thing and improve security for us all. Links from this episode: https://www.linkedin.com/in/garretthgross/ https://nudgesecurity.com https://www.nudgesecurity.com/our-approach…

The Security Repo

1
What Does The Future Hold For The Security Repo Podcast? Some Changes & Introducing Our New Co-Host 0:59

33 weeks ago0:59

0:59

We have had so much fun making The Security Repo Podcast, and we hope you have learned as much as we have along the way. The tides of change have finally reached our shore, and we are sad to announce the departure of Mackenzie Jackson, our original founder, producer, and co-host of the podcast, from our regular episodes. We wish him much success in his new adventures. We are also announcing a brand new chapter in the history of the program. Dwayne McDaniel will now be joined weekly by Kayssar Daher, the head of security at GitGuardian. As an active security practitioner, Kayssar asks different kinds of questions that we know you will most find insightful and engaging. We have some amazing things planned for the future of the show. Thank you for listening and being part of the Security Repo Podcast community.…

The Security Repo

1
Data Loss Prevention and Stopping Breaches Before They Start 36:09

33 weeks ago36:09

36:09

In this episode of The Security Repo Podcast, we explore all things Data Loss Prevention (DLP). We are joined by Daniel Jay, Senior Director of Product Management at GTB Technologies. We start with a quick high-level of the topic of Data Loss Prevention and how we met at the RSA Conference 2024. By the end, we turn the conversation to AI and balance the risks of using LLMs with faster output. Links mentioned in this episode: https://www.linkedin.com/in/daniel-jay-a683b635/ GTTB.com…

The Security Repo

1
Security Automation And Leveraging AI To Deal With Security At Scale - Huxley Barbee 39:32

34 weeks ago39:32

39:32

In this episode of The Security Repo Podcast, we look at security automation and how we can engineer our way to better security overall. We are joined, once again by Huxley Barbee, who has been a fixture of the security community for over 20 years. Professionally, he was a security consultant working with customers in finance, insurance, manufacturing, and higher education. Currently, he leads the security engineering group at a fintech company. Beyond the day job, he is also active in the security and hacker community. He started attending DEF CON in the late 90s, has spoken at many conferences throughout the US, and is the lead organizer for BSidesNYC. He lives in New York. You should connect with him on social media, buy him a drink, or both. We start with a great discussion of what to automate and what not to automate when thinking about security. From there, we explore the role of AI in the security tool belt and how we can best leverage it to improve our posture. By the end, we get some updates about BSides NYC and elsewhere. Links from this episode: Previous Appearance: https://youtu.be/vDNPsAPnSDc Socials: https://www.linkedin.com/in/jhbarbee/ @huxley@infosec.exchang BSides NYC: https://bsidesnyc.org/…

The Security Repo

1
Developer Awareness Training and AI Assisted Tooling for Improving Security - Chris Lindsey 36:14

35 weeks ago36:14

36:14

In this episode of The Security Repo Podcast, we take a look at the role developer training and awareness have in improving security. We are joined by Chris Lindsey, Application Security Evangelist at Mend.io. He is a seasoned speaker who has appeared at conferences, webinars, and private events. Chris draws on expertise from more than 15 years of direct security experience leading and building security programs and over 35 years of experience leading teams in programming software, solutions, and security architecture. We start with how training and awareness are the start of the process but not all that is needed. From there, we discuss developer tooling vs security tooling and what gaps exist. By the end, we get into AI and how to think about a future with auto-remediation. Links from this episode: https://www.linkedin.com/in/chris-lindsey-39b3915/…

The Security Repo

1
Improving Your Security by Leveraging AI: The Arcanum Cyber Security Bot - Jason Haddix 46:40

36 weeks ago46:40

46:40

In this episode of The Security Repo Podcast, we dive deep into how AI is helping the Red, Blue, and Purple teams and how we can leverage ChatGPT to stay ahead of attackers. We are joined once again by Jason Haddix Founder, CEO and Head of Training at Arcanum Information Security. He is also the creator of the Arcanum Cyber Security Bot: https://chatgpt.com/g/g-HTsfg2w2z-arcanum-cyber-security-bot Listen in to find out what you have been missing about AI. https://www.linkedin.com/in/jhaddix/…

The Security Repo

1
DeepCover & DART Academy: Fighting Scammers Through Educating Seniors 31:17

37 weeks ago31:17

31:17

In this episode of The Security Repo Podcast, we dive deep into a rather troubling phenomenon: scammers who target senior citizens. We are joined by Anita Nikolich, a speaker and a university-based cybersecurity researcher specializing in network security and cryptocurrency analytics. She joins us as the founder and co-principal Investigator of DART, a collective of researchers, security experts, game designers, and community-based organizations who have come together to combine their expertise and passion to develop the Deception Awareness and Resilience Training (DART) platform. We discuss real-world examples, the realities of scammers and cybercrime, and why they target the people they attack. We also get into how the DART collective is working to ensure we raise awareness in a way that affects the most people without being too heavy-handed. Anita shares some free resources to help protect the people you love and tells us how we can get involved to help. Learn more at https://dartcollective.net/ https://dartcollective.net/deepcover/…

The Security Repo

1
Mining for Vulnerabilities: Hidden Dangers of Open Buckets 42:48

38 weeks ago42:48

42:48

In this episode of The Security Repo Podcast, we dive deep into a pervasive cybersecurity issue: open data buckets. Joined by Glen Helton, Director of Information Security at a major multinational and founder of the Sky Witness Project, we explore how improperly secured cloud storage—commonly known as "open buckets"—can expose sensitive data to the world. Glen shares insights on the scale of the problem, revealing that billions of files are currently accessible to anyone with the right tools. We discuss real-world examples, the challenges of responsible disclosure, and practical advice for organizations to secure their data. Whether you're a seasoned security professional or a curious listener, this episode will make you rethink how you handle and protect data in the cloud.…

The Security Repo

1
The Frontline of Cybersecurity: Defending Against Supply Chain Intrusions - Jossef Harush Kadouri 44:38

39 weeks ago44:38

44:38

In this episode of The Security Repo, we sit down with Jossef Harush Kadouri, a pioneer in software supply chain security and founder of Dustico, now part of Checkmarx. Jossef shares his journey from startup to acquisition, detailing the ever-evolving landscape of supply chain attacks. We explore how malicious actors are exploiting open-source ecosystems, the challenges of maintaining secure software, and practical steps developers and organizations can take to protect themselves. Whether you're a seasoned security professional or new to the field, this episode offers valuable insights into safeguarding your software's supply chain. Show Notes: Linkedin - https://linkedin.com/in/jossef…

The Security Repo

1
Enhancing Security Through Community and Innovation - A Conversation with Avi Douglen 41:00

40 weeks ago41:00

41:00

This episode we are joined by Avi Douglen, Founder and CEO of Bounce Security. Avi, a key figure in the security community and former OWASP chapter chair. The discussion covers the significance of OWASP, its resources, threat modeling and Avi's personal journey within the organization. Listeners will gain insights into the concept of value-driven threat modeling and how it can enhance security measures by focusing on what truly matters for a product. Avi also shares his views on the unique challenges and risks the security community faces, the necessity of inclusivity, and the pivotal role of threat modeling in security processes. Avi also gives us his insights into the best and worst security advice they’ve encountered, providing both humorous and thought-provoking anecdotes. Whether you're a seasoned security professional or new to the field, this episode is packed with valuable takeaways on building and maintaining robust security practices. Tune in to learn from Avi’s extensive experience and his innovative approaches to securing products effectively. Show Notes: Social Media for Avi Linkedin - https://www.linkedin.com/in/avidouglen Twitter (X) - https://twAvi Douglen - Bounce Security | LinkedInitter.com/sec_tigger Bounce Security - https://www.bouncesecurity.com/ Avi on OWASP - https://owasp.org/www-board-candidates/2023/avi_douglen OWASP Global Lisbon - https://owaspglobalappseclisbon2024.sched.com/avid2…

The Security Repo

1
Behind the Scenes of Offensive Security with Bobby Kuzma 33:56

41 weeks ago33:56

33:56

Today we sit down with Bobby Kuzma, Director of Offensive Cyber Operations at Pro Circular and adjunct professor at the University of Washington. Bobby shares his unique journey into the world of penetration testing, including how he accidentally acquired his CISSP certification. We delve into the fascinating world of offensive security, discussing the highs and lows of pen testing, the importance of creativity in cybersecurity, and Bobby’s current work on leveraging AI to enhance security testing. Tune in for an insightful conversation filled with real-world stories, expert advice, and a look at the future of cybersecurity.Show NotesBobby’s Linkedin - https://www.linkedin.com/in/bobbykuzma/ Introduction - 0:00 Accidentally getting CISSP - 1:09Talking about failures in pen-testing - 6:33 Stories when things go wrong - 9:30 Legal issues with pen-testing - 17:30 Have you been arrested? 21:00What advice would you give to your younger self - 23:00 Best and Worst - 28:16…

The Security Repo

1
Frameworks and Relationships: J Wolfgang Goerlich on Security Strategy 36:32

42 weeks ago36:32

36:32

Today we welcome J Wolfgang Goerlich, an advisory CISO, mentor, and strategist. We delve into the intricacies of security design frameworks and the importance of building and maintaining relationships in the cybersecurity field. Wolfgang shares his expertise on creating effective security programs, fostering trust within teams, and navigating the challenges of the CISO role. Tune in to gain valuable insights on cybersecurity strategy and the significance of collaborative relationships in achieving security goals. Show Notes: Linkedin: https://www.linkedin.com/in/jwgoerlich/ X / Twitter: https://x.com/jwgoerlich Website: https://jwgoerlich.com/ Securing Sexuality: https://www.securingsexuality.com/ Introduction - 0:00 Security Design Framework - 1:00 Security obstacles & user experience - 6:50 Become a CISO - 9:05 Wolfgang's journey to CISO - 12:50 Managing relationships in security - 17:10 Building effective teams - 28:30 Best and Worst - 29:40…

The Security Repo

1
Nuclear Security & Cyber Resilience: Insights from KPMG's Andrew Elliot 37:02

43 weeks ago37:02

37:02

Today we dive into the fascinating world of nuclear energy and cybersecurity with Andrew Elliot, a senior manager at KPMG's cybersecurity team. Andrew shares his journey from a nuclear engineer to a cybersecurity expert, providing unique insights into the importance of security culture, the resurgence of nuclear energy, and the critical role of cybersecurity in protecting critical infrastructure. Tune in to explore the complexities of nuclear security, the significance of cybersecurity training, and the future of energy security. Show Notes: Linkedin - https://www.linkedin.com/in/andrew-elliot-3a25b95b/ 0:00 - Introduction 1:07 - Getting started in nuclear energy 3:35 - Resurgence in nuclear 9:55 - Nuclear security to KPMG 12:15 - Effective security exercises 16:20 - Lessons from nuclear security 19:45 - The goal of security in companies 21:50 - Opinion on Cyber Insurance 26:50 - Where /when to invest in security 32:02 - Best and Worst…

The Security Repo

1
Securing the Future - The Art of Threat Modeling with Paul McCarty 32:50

44 weeks ago32:50

32:50

In this episode of The Security Repo, we dive deep into the world of threat modelling with Paul McCarty, a veteran in the field of DevSecOps and founder of SecureStack. Paul shares his journey from being a Unix admin to working with high-profile organizations like NASA and GitLab. We explore the essentials of threat modeling, the significance of cloud-native security, and frameworks he has developed for threat modeling like TVPO. Tune in to learn how to stay ahead in the ever-evolving landscape of cybersecurity. Show Notes Paul’s GitHub https://github.com/6mile DevSecOps Playbook - https://github.com/6mile/DevSecOps-Playbook Secure Code Red training - https://sourcecodered.com/Linkedin - https://www.linkedin.com/in/mccartypaul/ Introduction: 0:00 Pauls Journey: 1:10 the Cloud Native Mission: 2:55 Pauls History with Threat Modeling: 4:00 TVPO Framework for Threat Modeling 6:52 When Should Companies Start Threat Modeling 10:15 When to Threat Model: 12:00 Unique Risks of Threat Modelling Open-Source 13:50 Red Team Code Puppets: 21:48 Best and Worst: 28:00…

The Security Repo

1
Pen Testing in Academia - University Cybersecurity Challenges with JR Johnson 40:19

46 weeks ago40:19

40:19

In this episode of The Security Repo, we dive into the fascinating world of cybersecurity with JR Johnson, a seasoned information security professional with over 14 years of experience. JR shares his journey from web development to penetration testing and cybersecurity consulting, highlighting the unique challenges faced by higher education institutions. Tune in to learn about the complexities of securing university networks, the importance of foundational security practices, and JR's expert advice for both IT professionals and students. Whether you're interested in cybersecurity or work in academia, this episode offers valuable insights into protecting educational environments in the digital age. Social Media for JR X (Twitter): https://x.com/infosecjr Linkedin: https://www.linkedin.com/in/jr-johnson-853952203/…

The Security Repo

1
From Desktop Support to Red Team: Brendan Hohenadel Journey in Cybersecurity 40:14

48 weeks ago40:14

40:14

Join us in this episode of The Security Repo Podcast as we dive into the world of cybersecurity with Brendan Honadle. From his humble beginnings in desktop support to becoming a skilled red teamer, Brendan shares his inspiring journey and fascinating stories from the field. Discover the strategies, tools, and techniques used in offensive security, and gain insights into the challenges and triumphs of penetration testing. Whether you're a cybersecurity enthusiast or a seasoned professional, this episode is packed with valuable lessons and real-world exploits you won't want to miss.…

The Security Repo

1
Navigating AI in Cybersecurity: Insights from Sonya Moisset 36:58

49 weeks ago36:58

36:58

In this episode of The Security Repo, we are thrilled to welcome Sonya Moisset, a Senior Advocate at Snyk and a renowned expert in DevSecOps, cybersecurity, and AI. With a wealth of experience as a public speaker, mentor, and top contributor to the tech community, Sonya shares her deep insights into the evolving landscape of AI in cybersecurity. Join us as we dive into the pressing issues surrounding generative AI and large language models (LLMs), including the concept of shadow AI, the risks of using AI tools without proper oversight, and real-world examples of security breaches involving AI. Sonya discusses the importance of implementing robust security policies and fostering an open dialogue within organizations to mitigate these risks. We also explore fascinating topics such as prompt injection attacks, the role of AI in both offensive and defensive cybersecurity strategies, and the emerging frameworks guiding ethical AI use. Whether you're a security professional, a developer, or simply curious about the intersection of AI and cybersecurity, this episode offers valuable knowledge and practical advice. .Show Links Sonya Moisset social media links Linkedin: https://www.linkedin.com/in/sonyamoisset/ X (Twitter): https://x.com/SonyaMoisset Introduction: 0:00 What are the security risks with AI and LLMs: 1:10 Prompt Injection Car Dealership: 6:39 Prompt Injection: 8:46 Guardrails for AI: 16:00 Using AI for Red Teaming: 25:19 Regulations for AI security 32:16 Best and Worst: 34:10…

The Security Repo

1
Securing Kubernetes Dashboards: Insights from Tremolo Security's CTO 39:47

51 weeks ago39:47

39:47

In this episode of The Security Repo, Dwyane McDaniel and Marc Boorshtein delve into the intricacies of Kubernetes dashboard security. Marc, the CTO of Tremolo Security, brings his extensive experience in identity and access management to the table, discussing the challenges and best practices for securing Kubernetes dashboards. The conversation explores the importance of dashboards, common security pitfalls, and innovative solutions to enhance user access and safety. Tune in for valuable insights on navigating the complex landscape of Kubernetes security. Show Notes Learn more about Tremolo - https://www.tremolosecurity.com/ Follow Marc Linkedin - https://www.linkedin.com/in/marc-boorshtein-5979a82 Twitter (X) - https://x.com/mlbiam Intro: 0:00 Kubernetes dashboards, why?: 0:45 Why don't we talk about k8 dashboard: 3:50 Security concerns with Dashboards: 10:37 The value of dashboards in k8: 12:37 What is Tremolo: 18:55 Common pitfalls for K8 security: 26:10 Besta and worst: 34:46…

The Security Repo

1
The Secrets behind GitGuardian: Building a security platform with Eric Fourrier 45:39

1 year ago45:39

45:39

Join us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code security in our digital world. Show Notes: GitGuardian https://gitguardian.com State of Secrets Sprawl Report https://www.gitguardian.com/state-of-secrets-sprawl-report-2024 GitGuardian Blog https://blog.gitguardian.com Eric Fourrier Socials Linkedin: https://www.linkedin.com/in/ericfourrier/ inro: 0:00 Origin of GitGuardian: 0:55 Why wasn't secrets detection a big problem: 5:08 State of Secrets Sprawl Report: 09:50 Can we solve secret leakage: 18:08 Finding secrets outside source code: 22:22 The evolution of GitGuardian: 25:18 Single pane of glass: 30:15 The problem of remediation: 32:55 The role of AI in security tools: 36:10 Best and Worst: 42:25…

The Security Repo

1
Solving Secret Zero: The Future of Machine Identities & SPIFFE with Mattias Gees 42:02

1 year ago42:02

42:02

Today we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for implementing SPIFFE to enhance digital security across cloud environments. Join us for a comprehensive look at evolving cybersecurity measures and the future of identity management. Show Notes: Mattias Social Links Linkedin - https://www.linkedin.com/in/mattiasgees/ Twitter (X) - https://twitter.com/MattiasGees You also might like our episode with Uri Sarid - https://www.youtube.com/watch?v=reKbGE1c5Ig Introduction: 0:00 What is secret zero: 1:39 Why is machine identity so hard: 4:15 The machine identifies vs user identities: 11:06 What is SPIFFE? (Secure Production Identity Framework for Everyone): 14:20 SPIFFE fundamentals/architecture: 17:15 GitGuardian: 20:08 How to implement SPIFFE: 21:00 Why we aren't leveraging identify best practices: 26:40 Will SPIFFE be the future? 27:27 Secrets Managers vs SPIFFEE: 31:05 Venify and identify management: 32:38 Best and worst security advice: 38:28 Wrap up: 41:00…

The Security Repo

1
Building secure platforms with Kubernetes: Bridging the DevOps-Security Divide with John Dietz 56:38

1 year ago56:38

56:38

This week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepticism about containerization to embracing Kubernetes. John discusses the critical role of governance and security in successfully deploying and managing cloud-native technologies. We also explore challenges and strategies for integrating security practices into DevOps, ensuring robust governance, and leveraging IaC for efficient and secure infrastructure management. Whether you're an IT veteran or new to the field, join us as we unpack the complexities of Kubernetes, security through governance, and the future of cloud-native platforms. Show Notes: Kubefirst: https://kubefirst.io/ Johns articles on The News Stack https://thenewstack.io/author/john-dietz/ John Dietz sociales X (Twitter): https://twitter.com/vitamindietz Linkedin: https://www.linkedin.com/in/jd-k8s/ Introduction: 0:00 Kubernetes skeptic to advocate: 1:09 Governance in Kubernetes & IaC: 8:30 Who owns security with IaC and K8: 24:36 Common K8 mistakes: 32:16 Why care about Kubernetes: 38:23 Best and worst: 47:15 Links and show notes: 54:22…

The Security Repo

1
Authorization vs. Authentication: Decoding the Layers of Security with Emre Baran 34:25

1 year ago34:25

34:25

In this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's cloud-based and development environments. In this discussion, Emre explains why many organizations still grapple with these issues in 2024, highlighting common pitfalls in security practices and offering insights into the sophisticated challenges of implementing fine-grained access control. He also shares his views on the evolving landscape of regulatory standards and introduces us to "Cerbos," his solution designed to streamline and secure authorization processes efficiently. Show Notes Learn about Corbos: https://www.cerbos.dev/ Cerbos GitHub: https://github.com/cerbos/cerbos Follow Emre Baran X / Twitter - https://twitter.com/emre Linkedin: https://www.linkedin.com/in/emrebaran/ Time Stamps Intro: 0:00 Why are we still struggling with authz: 1:12 Difference Authentication &Authorization: 6:16 What is Cerbos?: 9:35 The auth trap: 11:58 Is it scalable: 13:20: Scaling Auth Who owns auth: 16:31 Regulation and compliance: 20:32 GitGuardian: 22:12 What is ZSP (Zero standing Privileges): 23:00 Best and Worst: 28:00 Links and followup: 32:00…

The Security Repo

1
Unpacking ASPM: Trends, Truths, and the Future of Security Tools 28:34

1 year ago28:34

28:34

In this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solutions, offering listeners a clear-eyed view of what ASPM means for developers, security professionals, and the tech industry at large. Through a candid and enlightening conversation, they explore the history and potential future of security practices, the push towards simplification and consolidation of tools, and the real challenges of effectively managing security risks in today's dynamic digital environments. Join us for a thought-provoking discussion that demystifies ASPM and provides valuable insights into the direction of security tooling and practices. Show Notes: Learn more about ASPM - https://blog.gitguardian.com/good-application-security-posture-requires-good-data/Learn more about RedMonk https://redmonk.com/ Listen on Spotify: https://open.spotify.com/show/2emgX3m3dJSzlmAG3axBGa Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-security-repo/id1634401017…

The Security Repo

1
Decoding Security: An Analyst's Perspective on Trends and Tools 31:05

1 year ago31:05

31:05

In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into the latest trends, challenges, and solutions in securing our software development processes, this episode is a must-listen for anyone interested in the intersection of development, security, and industry analysis. Show Notes https://redmonk.com/ Introduction: 0:00 Analyst Role / RedMonk: 2:18 Shift Lift: 4:27 Dev and Sec in Conflict: 6:20 Shift Left Where?: 9:35 What about micro applications?: 11:08 What is Shift Right?: 15:15 GitGuardian:20:22 How do you Shift Left?: 21:20 Measure what matters: 25:20 Best and Worst Advice: 27:30 RedMonk: 29:39…

The Security Repo

1
Building Conferences and Communities in Cybersecurity with Huxley Barbee 42:40

1 year ago42:40

42:40

This week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity. From his early days attending DefCon in 1999 to spearheading B-Sides conferences that champion technical excellence, community engagement, and accessibility, Huxley's story is one of passion, dedication, and innovation. He offers a fresh perspective on the recent shift of DefCon to the Las Vegas Convention Center and recounts memorable anecdotes that highlight the unique culture of hacker communities. Moreover, Huxley sheds light on the critical topic of exposure management, moving beyond traditional vulnerability scanning to encompass advanced techniques and strategies for securing modern networks. His advice on asset inventory and the importance of understanding your network's vulnerabilities is indispensable for both seasoned professionals and newcomers to the field. So, whether you're a cybersecurity veteran, an aspiring hacker, or simply curious about the digital world's inner workings, this episode is packed with valuable insights, fascinating stories, and practical advice. Don't miss out on this deep dive into the challenges and triumphs of securing our digital future with Huxley Barbee.…

The Security Repo

1
The Evolution of DevSecOps: Strategies for Integrating Security into DevOps with Gregory Zagraba 36:37

1 year ago36:37

36:37

This episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into practical advice on automation, the significance of backups, and fostering a security-conscious mindset. Through real-world examples and expert insights, the episode sheds light on creating robust, secure systems in the fast-paced world of software development and data protection. Show Notes: Git Protect https://gitprotect.io/ Git Protect Blog https://gitprotect.io/blog/…

The Security Repo

1
Hacking the Hackers: The Art of Compromising C2 Servers with Vangelis Stykas 34:39

1 year ago34:39

34:39

In this episode of the Security Repo podcast, listeners will dive into the intriguing world of hacking the hackers with Vangelis Stykas. Stykas, a notable figure in cybersecurity, shares his experiences and methodologies for compromising C2 servers—central nodes used by hackers to control malware-infected computers. He reveals how simple web application vulnerabilities can lead to significant breaches in the security of these servers. The discussion also covers the ethical and legal nuances of Stykas' work, including the challenges and risks involved in targeting these digital underworld operatives. Additionally, Stykas touches on his professional journey, including his role as the CTO of Atropos, a company specializing in web application and API security. This episode promises to uncover key discoveries about the shadowy aspects of cybersecurity and the ongoing battle between hackers and those who hack them. Show Notes: Atropos - https://atropos.ai/ Stalking the Stakers Blog Post - https://atropos.ai/stalking-the-stalkers/ DefCon Talk - https://www.youtube.com/watch?v=fMxSRFYXMV0 Social Media X.com - https://twitter.com/evstykas Linkedin - https://www.linkedin.com/in/vangelis-stykas/…

The Security Repo

1
The Evolution of Offensive Security with Erik Cabetas 41:41

1 year ago41:41

41:41

In this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importance of ethical hacking in today's digital world, and offers some advice for aspiring hackers. Join us to explore the fascinating intersection of technology, ethics, and security through Erik's expert lens.…

The Security Repo

1
From Bank Heists to Security Insights: The Jayson E. Street Story 55:19

1 year ago55:19

55:19

In this episode of The Security Repo, Jayson E. Street delves into his unconventional journey into cybersecurity, emphasizing the essence of hacking as a manifestation of curiosity rather than mere technical skill. He shares anecdotes from his extensive experience in ethical hacking, including bank heists and corporate security breaches, to underscore the importance of creative problem-solving in security. Street also critiques the narrow perceptions of hacking, advocates for diversity in the security field, and offers unconventional advice for enhancing corporate security awareness. His stories, ranging from audacious exploits to thoughtful reflections on personal and professional growth, provide a compelling narrative on the importance of thinking outside the box in cybersecurity. More links on Jayson Hacker Answers Penetration Test Questions From Twitter https://www.youtube.com/watch?v=6i-84wqc_qU Penetration tester Jayson E. Street helps banks by hacking them https://www.youtube.com/watch?v=02Vf3NjTPsI Social Links X - https://twitter.com/jaysonstreet Linkedin - https://www.linkedin.com/in/jstreet/…

The Security Repo

1
Reducing the noise: Cutting through the data in security Buck Bundhund 40:05

1 year ago40:05

40:05

In this episode of "The Security Repo," hosts Dwayne McDaniel and Mackenzie Jackson delve into the intricate world of cybersecurity with Buck Bundhund, an expert from Centripetal Networks. The conversation kicks off with an exploration of the pervasive issue of data noise – the influx of non-intended data into organizational networks, posing significant challenges for security operations. Buck sheds light on the complexities of distinguishing between legitimate and illegitimate traffic and the detrimental effects of alert fatigue within security teams. Through real-world examples and insights, the discussion unfolds to reveal the limitations of traditional security tools in handling the massive volume and dynamic nature of data noise. Listeners gain valuable insights into innovative strategies employed by Centripetal Networks, leveraging comprehensive threat intelligence and AI to filter out illegitimate traffic effectively. Buck underscores the importance of not only technological advancements but also human intuition and analysis in identifying and mitigating security threats. Join "The Security Repo" team as they navigate the ever-evolving landscape of cybersecurity, offering practical perspectives and solutions to combat data noise and enhance security posture in today's digital age. Links: Buck on Linkedin https://www.linkedin.com/in/buck-bundhund-8496862/ Centripetal Networks https://www.centripetal.ai/…

The Security Repo

1
Solving the bottom turtle: Fixing the authentication problem with Ethan Heilman 34:00

1 year ago34:00

34:00

In security you have likely heard the expression turtles all the way down, the concept the world is held up on the back of a turtle who is standing on the back other another turtle, and so on.. This can be used to describe the current state of security, where everything can dramatically fall over if the bottom turtle fails. In this episode, we discuss solving the bottom turtle, solving authentication. Our guest Ethan Heilman has a PhD in Computer Science and the current CTO of BastionZero where he is currently working on Open PubKey, a protocol for leveraging OpenID Providers (OPs) to bind identities to public keys. Links: OpenPubkey - https://github.com/openpubkey/openpubkey BastionZero - https://www.bastionzero.com/ Social Connections for Ethan Masterdon - ethan_heilman@hexagon.space X - @Ethan_Heilman…

The Security Repo

1
The right tool for the job: Finding and evaluating security tools with James Berthoty 41:44

1 year ago41:44

41:44

In this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for smaller teams or organizations with limited budgets seeking effective security solutions. This episode is perfect for anyone looking into purchasing new security tools or wanting to understand the purchasing process. Show Links: Latio Tech - https://www.latio.tech/ James Linkedin - https://www.linkedin.com/in/james-berthoty/…

The Security Repo

1
Securing our APIs - Thinking differently about API Security with Isabelle Mauny 43:52

1 year ago43:52

43:52

In this episode, Mackenzie and Dwayne dive into a discussion on API security with special guest Isabelle Mauny, co-founder and CTO of 42Crunch. We walk through the differences API security has compared with traditional application security, and its growing importance in today's technology landscape. We also have a discussion about the challenges and risks associated with API security, the need for developers to be actively involved in securing APIs, and the tools and practices that can help integrate security into the development workflow. Show Links 42Crunch website - https://42crunch.com/ 42 Crunch Blog - https://42crunch.com/blog/ Isabelle Mauny Linkedin - https://www.linkedin.com/in/isamauny/ Quote's from the episode "It's shift left not shove left" - Isabelle Mauny "The minute you put something on the Internet, it is public." - Isabelle Mauny "Shift left is not about saying to the developers, 'You're responsible for one more thing, which is security.' It's about giving them the tools that fit into their workflow." - Isabelle Mauny…

The Security Repo

1
Revolutionizing SAST: Bridging the Gap for Modern Developers with Nipun Gupta 28:43

1 year ago28:43

28:43

In this episode of The Security Repo, Mackenzie Jackson sits down with Nipun Gupta, the Chief Operating Officer of Bearer, a leading security company at the forefront of innovation in the cybersecurity landscape. Join us as we delve deep into the world of Static Application Security Testing (SAST) and explore why traditional SAST tools are struggling to keep pace with the demands of modern development environments. In today's fast-paced software development ecosystem, developers are continuously seeking ways to improve code quality, enhance security, and accelerate their workflows. However, traditional SAST tools often fall short, failing to meet the specific needs of developers. Nipun Gupta sheds light on these challenges and discusses how Bearer is breaking new ground by redefining SAST for the modern era. Discover the fascinating insights and solutions that Bearer brings to the table, making SAST more accessible and effective for developers. Learn how their innovative approach is not only improving code security but also enabling AI-generated code to be more secure and trustworthy. Uncover the synergy between SAST and AI in this thought-provoking episode and gain valuable insights that can help your organization stay ahead in the ever-evolving cybersecurity landscape. Tune in to "Revolutionizing SAST: Bridging the Gap for Modern Developers with Nipun Gupta" to stay informed and inspired in the realm of cybersecurity and software development. Follow Nipun on Linkedin - https://www.linkedin.com/in/guptanipun/ Learn more about Bearer today at - https://www.bearer.com/…

The Security Repo

1
API Security Unveiled: Safeguarding the Heart of Modern Applications 30:33

1 year ago30:33

30:33

In this episode of "The Security Repo," your hosts Mackenzie Jackson and Dwayne McDaniel are joined by a distinguished guest, Dan Barahona, as they embark on an eye-opening exploration of API security. As the digital landscape evolves at breakneck speed, APIs (Application Programming Interfaces) have become the backbone of modern applications, making them an attractive target for cyber threats. Join the conversation as Mackenzie, Dwayne, and Dan delve into the fundamentals of API security and why it has emerged as an integral aspect of both application security and the broader realm of cybersecurity. Discover the ins and outs of protecting these crucial gateways, learn about the common vulnerabilities that threat actors exploit, and gain insights into best practices and cutting-edge strategies for fortifying your digital fortress. Whether you're a developer, a security professional, or simply curious about the ever-evolving world of cybersecurity, this episode promises to provide you with invaluable knowledge on API security and equip you with the tools to safeguard your digital assets. Tune in to "The Security Repo" for an illuminating discussion that could mean the difference between vulnerability and resilience in our interconnected digital world. AppSec University: https://www.apisecuniversity.com/ Dan Barahona Linkedin: https://www.linkedin.com/in/rdbarahona/…

The Security Repo

1
Guarding Against Deception: The Art of Detecting and Defending Against Social Engineering 32:48

1 year ago32:48

32:48

In this episode of The Security Repo, your hosts Mackenzie Jackson and Dwyane McDaniel are joined by the brilliant Reanna Schultz, a seasoned expert in the field of cybersecurity. Together, they delve deep into the world of social engineering, exploring what it is, how to detect it, and crucially, how to arm your staff against its deceptive tactics. Social engineering is a crafty, manipulative art used by cybercriminals to exploit human psychology. Our trio dissects the various techniques employed by malicious actors, shedding light on the ever-evolving landscape of digital deception. Learn how to recognize the red flags and protect your organization from falling victim to these cunning ploys. But that's not all; in this episode, we also peer into the fascinating intersection of artificial intelligence and cybersecurity. Discover how AI is shaping the cyber landscape and making it harder to detect social engineering activities. Join us for an enlightening conversation that's essential for anyone navigating the complex world of cybersecurity. Tune in to "Unmasking the Shadows: Social Engineering, AI, and Cybersecurity" and fortify your defenses against the lurking dangers of the digital realm. Show Links: Follow Renna on Linkedin - https://www.linkedin.com/in/reanna-schultz/ GitHub Phising Simulation - https://github.com/reannaschultz/PhishingSimulation/wiki…

The Security Repo

1
Contextual Security: Revolutionizing Developer-Focused Cybersecurity with James Wickett 33:28

1 year ago33:28

33:28

In this eye-opening episode of The Security Repo, we welcome James Wickett, the CEO and co-founder of DryRun Security, a visionary in the realm of cybersecurity. James unveils a groundbreaking concept known as "Contextual Security," a game-changer that empowers developers with unprecedented security insights while they write code. As our hosts and cybersecurity enthusiasts Mackenzie and Dwaybne guide the conversation, James delves into the heart of Contextual Security, offering listeners an inside look at how this innovative approach is transforming the way developers view and implement cybersecurity in their projects. Discover how Contextual Security is redefining the role of developers in the fight against cyber threats. James also takes us on a journey through the realm of artificial intelligence, sharing his insights on its pivotal role in the future of cybersecurity. As he paints a vivid picture of the evolving threat landscape, you'll gain valuable perspective on why traditional security measures are falling short, particularly for developers. Don't miss this engaging and thought-provoking episode as we explore the forefront of cybersecurity with James Wickett, a trailblazer whose mission is to equip developers with the tools and knowledge they need to fortify their code against today's evolving threats. Tune in to "The Security Repo" and be prepared to redefine your understanding of cybersecurity in the digital age. Show Links: https://www.dryrun.security/ James personal webiate https://wickett.me Linkedin: https://www.linkedin.com/in/wickett/…

The Security Repo

1
Mastering Physical Security: Unveiling the Secrets with Brice Self 35:13

1 year ago35:13

35:13

In this captivating episode of The Secuerity Repo, we delve into the world of physical security with our esteemed guest, Brice Self. With over a decade of experience in the field, Brice brings a wealth of knowledge and real-world insights to the table.This episode takes a deep dive into the intricate aspects of physical security, particularly in high-stakes environments like banking institutions. Brice shares his experiences and the strategies that have led him to a remarkable 100% success rate in penetrating security measures at various banks - a testament to his expertise and the critical vulnerabilities in existing security systems. Prepare to be enthralled by Brice's recounting of his most challenging break-ins, the creative tactics he employed, and the lessons learned from each successful operation. The discussion also touches upon the evolution of security measures, the importance of continuously adapting strategies, and the future of physical security in an increasingly digital world.…

The Security Repo

1
Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes 35:44

2 years ago35:44

35:44

In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi. Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.…

The Security Repo

1
Artificial intelligence, a friend or foe in cyber security - with Simon Maple from Snyk 38:03

2 years ago38:03

38:03

With the rapid development of AI we are often left wondering if AI is our friend or foe in security. In this episode, I sit down with Simon Maple from Snyk to discuss just that. We explore the different applications of AI in security and where the future is going. It's an interesting discussion so you don't want to miss it! Show Links: Snyk.io Blog: https://snyk.io/de/blog/ Featured article: https://snyk.io/blog/10-best-practices-for-securely-developing-with-ai/ x.com (Formally twitter) https://twitter.com/sjmaple Simon BIo: Simon has a long and impressive record working in technology from working in startups to working for massive companies like IBM and now Snyk. Simon today is the Principle developer advocate at Snyk having previously held many leadership roles as the field CTO (again at Synky) and the Director of developer relations. He is a world-renowned speaker having spoken at many conferences including JavaOne, Devoxx Fr, Devoxx UK, JavaZone, JavaLand, JAX, and many many more. Today he is using his decades of tech experience to uncover many of the mysteries surrounding AI and that is what we have the privilege of discussing with him today. He uses his experience in both AI and security to answer the most difficult and interesting questions I could possibly come up with. Without further delay. Here is Simon Maple for our discussion on the new frontier in security, artificial intelligence.…

The Security Repo

1
Scaling security and AppSec in fast moving enterprises with Jeevan Singh 38:12

2 years ago38:12

38:12

Application security can be a difficult task at all levels of a company. But as a start-up grows into an enterprise, or existing companies evolve. How do you effectively scale your security program? We have an amazing guest, Jeevan Sinhg who is the director of product security at Twilio and he is here to talk about how to scale an application security program. BIO Jeevan Sinhg Jeevan's lifelong fascination with defensive security began at a young age when I played the center-back position on my youth soccer team. I loved the thrill of preventing opponents from scoring and was intrigued by the strategy behind defensive maneuvers. The fascination grew throughout my adolescence and into university when a close friend showed me how malicious users could penetrate systems and taught me how to prevent attacks. For as long as I can remember, I’ve continually examined scenarios from every imaginable angle so I can find weaknesses and penetrate defenses in order to protect myself. As an Information Security Architect, I am still driven by this fascination and apply these same principles as I protect the company and guard customer data. His philosophy is to build security from the ground up and make it as transparent as possible. He does this by collaborating with software architects and senior developers to identify practical options for building secure systems, empowering developers, and working with sysadmins and network engineers to determine effective approaches for operating securely. He also works toward creating a positive security culture, instilling employees with security knowledge, and building defenses against security threats.…

The Security Repo

1
Enterprise Software Distribution - Managing updates and security in enterprise software at scale 37:53

2 years ago37:53

37:53

One of the many advantages of the cloud revolution is that SaaS products are continuously updated, security issues are patched quickly, and it's something the consumers are less concerned about. But what about enterprise products, how do you get that same level of update efficiency and security on large on-premise products. This is one of the topics we cover in this episode with the crew from replicated as Andrew Storms VP of security and Ian Zink senior developer advocated diving into this complex and vital topic. Links Replicated - https://www.replicated.com/ Replicon - https://www.replicated.com/resources/replicon-q2-2023 BIO Andrew Storms Andrew Storms is the VP of Security at Replicated. Previously, Storms was Sr. Director of Security Products for Copado and VP of Security Services and Research at New Context. For 30 years, he has been responsible for defining and enforcing security programs for numerous security companies. Andrew has led initiatives with electrical utilities and the Department of Energy to research methods for automated cybersecurity threat detection and response for industrial control systems. Andrew was heavily involved in creating the STIX (Structured Threat Information Expression) standard. Storms' commentary on IT security issues has appeared in CNBC, Forbes, The New York Times, and many other publications. In addition, he is a CISSP, a member of Infragard, and a graduate of the FBI Citizens' Academy. BIO Ian Zink Full stack developer for 3 advanced neural networks. Ideas by the many, not by the few. Lit a fire with gasoline and lived to regret it. Wrote a program once and it compiled the first time. I dream in yaml. Also, ~20yrs doing infrastructure, performance & availability engineering, app development, ci/cd, software engineering, consulting, and dev advocacy.…

The Security Repo

1
Securing data in a world of AI with Jeremiah Jeschke 29:43

2 years ago29:43

29:43

Many companies are banning AI systems like ChatGPT to prevent data from being leaked, but is that a viable solution? We sit down with Jeremiah Jeschke, the CEO at OfficeAutomata, to discuss the future of security in a world of ChatGPT and other AI systems. Links: Office Automata: https://officeautomata.com/ Linkedin https://www.linkedin.com/in/jeremiah-jeschke/ Jeremiah has over 10 years of AI Development/Programming and 10 years of CEO experience. Previously, in both private work and Active Duty as USAF Captain, he supported large-scale US Air Force development programs as a Program Manager and consultant. His projects included polar satellite development, satellite ground control station development; US Special Operations research and development; and multiple B-2 Stealth Bomber upgrade developments. Today he is the CEO of officeAutomata which is a company that helps businesses know themselves. We enable companies to improve and automate workplaces processes through Enterprise Intelligence and Process Discovery.…

The Security Repo

1
Getting boardroom buy-in for security - CISO conversations with Walt Powell 37:16

2 years ago37:16

37:16

Getting funding to build effective security programs is challenging and often it fails because security leaders are not telling the boardroom the right 'story'. In this episode with Walt Powell we discuss exactly how to overcome these challenges by understanding how to effectively communicate with the board by expressing security challenges into a language they will relate to. We also discuss the journey to becoming a security leader and the exact skill you need to develop to get there. BIO: Walt is a cybersecurity thought-leader that specializes in providing executive guidance around risk, governance, compliance and IT security strategies. He helps IT organizations build strong teams and programs that can securely enable their business goals. He partners with top businesses to help design and deliver solutions that will both lead and ensure the success of their secure digital transformations.…

The Security Repo

1
Social engineering, phishing and building grass roots communities with Dan and Ken 48:34

2 years ago48:34

48:34

In this episode, we sit down with Daniel Niefeld and Kenneth Nevers to talk about their journey into security, creating security conferences and building grass roots cyber communities. Get your tickets to RedHackCon free (save $200) as a Security Repo Listener use the code HRCGGuardian23 when purchasing tickets https://www.hackredcon.com/ (First 5 tickets only). Daniel and Ken are two of the founders of RedSeer Security, a penetration testing company based in Florida. Both however have deep roots in the cyber community including organizing and founding many conferences and events but also are the founders of BuildCyber non-profits to help low-income, veterans, neurodiverse and at-risk communities transition into cyber security. In this episode, we not only dive into Dan and Kens background but take a look at how to become involved in the cyber community and what it takes to make and organize an effective security conference. Show notes: HackRedCon -https://www.hackredcon.com/ Build Cyber non-profit - https://www.buildcyber.org/ RedSeerSecurity - https://www.redseersecurity.com/ BIO: Kenneth Nevers, CSO | Offensive Security Lead at Red Seer Security, Inc. Current Certifications: OSEP, OSCP, CRTO, CRTE, CRTP, PAWASP Bug Bounty Hall of Fames: Oracle, Rackspace, Dell, TripAdvisor Ken holds an associate degree in computer and information science with a major in Cyber and Network Security from ECPI University in addition to several red teaming and penetration testing certifications. In his free time, Ken co-organizes BSides Roanoke, co-leads the Roanoke Information Security Exchange, is a member of the Roanoke Linux Users Group, and volunteers on the security team for DerbyCon, the Red Team Village at DefCon, and several other conferences. He is the co-founder of Hack Space Con, a co-organizer of Hack Red Con, leads the offensive security team at Red Seer Security, Christian, daddy to a daughter, two doggies, a kitty and 4 fish, plays guitar and tells dad jokes. BIO: Daniel Niefeld Daniel is the cofounder of Hack Red Con, Hack Space Con, Build Cyber and Red Seer Security. When not being tasks with keeping the hallways and bathrooms clean as the Chief Janitor, he oversees the Social Engineering program with Red Seer. With 20 years of experience as an entrepreneur, his background includes finance, risk management, underwriting complex transactions in Private Equity and technology development. He studied finance and computer science at Florida Atlantic University and Florida International University and is an advisor/Board member to a variety of organizations including the USPSC, Medical Defense Company and Rotary International Global Impact.…

The Security Repo

1
Code signing and securing the software supply chain with Billy Lynch 34:44

2 years ago34:44

34:44

In this episode, we go on a deep dive with Billy Lynch from Chainguard into application and code signing and how it can be used to ensure the supply chain is legitimate. Billy has an impressive background including spending 8 years at Google before joining Chainguard and not only helps us understand how signing can be used in security but also what is the latest developments and technology in this field. Links: https://www.chainguard.dev/ https://www.linkedin.com/in/wflynch/ BIO Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is an active contributor and maintainer to the Sigstore and Tekton projects, and is the creator of Gitsign. Prior to working at Chainguard, Billy worked on several developer tool teams at Google including Cloud Build, Google Code, and Cloud Source Repositories.…

The Security Repo

1
Getting started in AppSec with Tanya Janca SheHacksPurple 48:22

2 years ago48:22

48:22

In this episode, we sit down with Tnaya Janca and discuss her journey from being a developer for government agencies to becoming one of the most recognizable faces in application security and cyber security in general. This episode is especially great for anyone thinking about starting a career in cyber security and wants to know how to get started but also contains amazing insights for anyone already in the field wanting to level up. Show Links: Personal Website / Blog : https://shehackspurple.ca/ We hack purple community https://wehackpurple.com/ [Book] Alice and Bob learn Application Security https://tinyurl.com/7p9jy9zp Owasp: https://owasp.org/ Find Local Owasp Chapters: https://owasp.org/chapters/ Social Media for Tanya: https://www.linkedin.com/in/tanya-janca/ Twitter: https://twitter.com/shehackspurple BIO: Tanya Janca, also known as SheHacksPurple, is the best-selling author of Alice and Bob Learn Application Security. She is also the founder of We Hack Purple, an online learning community that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty-five years, won countless awards, and has been everywhere from public service to tech giants, writing software, leading communities, founding companies and ‘securing all the things’. She is an award-winning public speaker, active blogger and podcaster, and has delivered hundreds of talks on six continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.…

The Security Repo

1
Securing the remote workforce, the future of cloud development environments 26:15

2 years ago26:15

26:15

In this episode, we sit down with Vedran Jukic, co-founder and CTO of Code Anywhere and Tomma Pulljak Senior Developer at Code Anywhere to talk about the future of development environments. We go into detail on exactly what cloud development environments are and how they can help keep the remote workforce of today secure. Links: https://codeanywhere.com/ Bios: Vedran Jukic is the CTO and Co-Founder of Codeanywhere. He started the company alongside the CEO Ivan Burazin with the vision of enabling all developers to work in the cloud. They were one of the first to enter the CDE space 12 years ago and are still working on making their vision a reality. Toma Pulljak is 22 years old and works as a Software Developer at Codeanywhere and is also a computer science student. He handles all B2B integrations and is the lead developer for IDE customizations.…

The Security Repo

1
Understanding digital forensics with Desi - A deep dive post breach investigations 29:23

2 years ago29:23

29:23

In this episode we sit down with Desi who is an expert in digital forensics. We explore exactly what digital forensics is, how it can be used to catch cyber criminals and what can we do in a breach to preserve evidence. It is a fascinating conversation and full of great information from the inner workings of forensics to the crazy world of deep fakes. Guest Bio: Desi has a strong background in IT incident response but also has spent time in industry doing insider threat management and industrial incident response. He is currently one of the cohosts at the Forensic Focus podcast. He has hobbies that revolve around more things cyber including CTFs but does make time for his dogs, gym, and gaming. Show links: International Association of Forensic Sciences (IAFS) 2023 - https://iafs2023.com.au/ Part of that the Sydney Declaration which is the change we were talking about - https://iafs2023.com.au/sydney-declaration/ ICCWS Papers- https://papers.academic-conferences.org/index.php/iccws DFRWS Papers - https://dfrws.org/presentation/ SANS White Papers - https://www.sans.org/white-papers/ Forensic Focus content https://www.forensicfocus.com/ Want to learn some technical skills https://blueteamlabs.online/ is a fun place with free/paid content. I run challenge nights on my discord if people want to come along, always happy to help.…

The Security Repo

1
The hacker in the board room: The journey from hacker to CISO with Jason Haddix 55:40

2 years ago55:40

55:40

Have you ever wanted to know how to hack a bank? If so this is the episode for you (disclaimer, please don't hack banks). Jason Haddix is someone that needs little introduction in the security world. In this Podcast, we were fortunate enough to sit down and discuss Jason's beginnings as a hacker through to how he made it all the way to the board room in some massive and truly awesome companies. We talk about how to hack banks, what happens when your a CISO during a security breach and what is the best advice for fellow and aspiring CISOs out there. Show Notes: Follow Jason on Twitter: https://twitter.com/Jhaddix Check out BuddoBot - Threat emulation testing https://buddobot.com/…

The Security Repo

1
Security landscape in 2023 : Insights from the ground at RSA (Special Edition Episode) 15:25

2 years ago15:25

15:25

In this special edition episode, we tracked down a few of the key thought leaders in cyber security around the RSA conference to ask them what they thought were the biggest security concerns for 2023 as well as some key recommendations for organizations to combat them. Their insights were fascinating. This episode features: Feross Aboukhadijeh - Founder and CEO of Socket Steve Giguere - Organization London DevSecOps Community / Developer Advocate Bridge Crew Joseph Carson -Chief Security Scientist (CSS) & Advisory CISO Tony Loehr - Senior Product Manager Joshua Kamdjou - Founder CEO Sublime Security…

The Security Repo

1
Modern ransomware: How hackers are targeting your organization with Adriel Disatel and Noah Tongate 44:58

2 years ago44:58

44:58

In this episode we sit down with legendary pen tester Adriel Disatel and Noah Tongate to discuss how modern cyber criminals are operating to deploy modern ransomware attacks. The conversation is full of real life hacking stories and to the point information on how you can protect yourselves against modern threats. Links: Netragard Publications https://netragard.com/publications/ Adriel Desautels Bio: Adriel is the founder and CTO of Netragard, a company founded on the premise of delivering to its clients high-quality Realistic Threat Penetration Testing™ services, known today as Red Teaming. Adriel has over 20 years of professional experience with information security. In 1998, Adriel founded Secure Network Operations, Inc. which was home to the SNOsoft Research Team that gained worldwide recognition for its vulnerability research. While running SNOsoft, Adriel created the zeroday Exploit Acquisition Program (“EAP”), which was transferred to, and continued to operate underNetragard. Adriel also provided expert witness and testimony in US Federal court. You may know him from his many contributions to cyber security for companies such as Forbes, The Economist, Bloomberg and even was featured in the VICELAND Cyberwar documentary.…

The Security Repo

1
Understanding intent based access control with Uri Sarid 28:24

2 years ago28:24

28:24

In this episode of the Security Repo we dive into intent-based access control. This is the concept of limiting access to just what is intended, it sounds simple enough, But how does one understand and define the intent? And more importantly, how to we enforce our intentions with access control? This week's guest is Uri Sarid, he is a man with a long list of credentials and walks us through exactly what is intent-based control and how we can implement it in our organizations. About the guest - Uri Sarid Uri is responsible for products at Otterize. He is a recovering particle physicist with a 24-year career in high tech. He has co-founded or joined 6 early-stage software companies in the enterprise, consumer, and developer spaces, ran the Nook Cloud for Barnes & Noble, and most recently served as CTO for MuleSoft, where he led the vision, strategy, and architecture for the company. He is the co-creator of the RAML language for API specifications, a member of the OpenAPI Technical Steering Committee, and the holder of 26 patents, as well as a PhD in Theoretical Physics and Astrophysics from Harvard University. Show Notes Website: https://otterize.com/ Blog Posts: https://otterize.com/blog About Otterize: https://tcrn.ch/3KXV4Im…

The Security Repo

1
Multi Factor Authentication for APIs with Anusha Iyer 30:13

2 years ago30:13

30:13

APIs are what run the internet today, modern applications are no long monoliths, they are built upon hundreds of microservices and APIs are the glue that connects them. API security, however, is a massive blind spot for many organizations, from misconfigurations to leaked secrets, APIs give attackers ample opportunity to make intrusions into your systems. In this episode, we discuss how we can fundamentally change API security but add what Anusha Iyer, CEO of Corsha, calls multifactor authentication for APIs. In this episode, we dive deep into this topic with Anusha and discuss how we can make modern applications more secure. Show links: Corsha Website: https://corsha.com/ Corsha State of API Secrets Management Report, 2023: https://corsha.com/api-security-and-secrets-management-survey-report-2023 GitGuardian State of Secrets Sprawl Report: https://www.gitguardian.com/state-of-secrets-sprawl-report-2023…

The Security Repo

1
Offensive security tools with Brendan O'Leary from ProjectDiscovery 31:55

2 years ago31:55

31:55

In this episode we are joined by Brendan O'Leary from ProjectDiscover we learn about the tools that hackers, bug bounty hunters, and red teams use to be able to map infrastructure and find vulnerabilities. Brendan is the head of community for ProjectDiscovery which is a company that builds open-source tools to help organizations find and discover their own vulnerabilities. We talk with Brendon about some of ProjectDiscovery's most popular tools but also take a look at their latest project, Chaos. Please like and subscribe to this podcast it helps a lot for others to be able to discover us and helps us grow. Show Links: Join the ProjectDiscovery community today https://projectdiscovery.io/#/communityMake sure you see their great articles on their blog at https://blog.projectdiscovery.io/…

The Security Repo

1
Threat modeling in security with Audrey Long 38:56

2 years ago38:56

38:56

Have you ever wanted to threat model the death star from Star Wars? Well this is one of the many topics we discuss in the latest episode of the Security Repo podcast with our special guest Audrey Long. Audrey is a Senior Security Software Engineer at Microsoft in the Commercial Software Engineering team (CSE), which is a global engineering organization that works directly with the largest companies and not-for-profits in the world to tackle their most significant technical challenges. Show Links: Audrey on Linkedin - https://www.linkedin.com/in/audrey-long-53153a11b/ Stride Threat Model Framework - https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model Mitre Att&ck Framework - https://attack.mitre.org/ Threat Modelling at Microsoft - https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats [Article] Why Threat Detection Should Always be Consideredhttps://www.linkedin.com/pulse/why-threat-detection-should-always-considered-audrey-long/?trk=pulse-article_more-articles_related-content-card…

The Security Repo

1
Understanding and building the SOC (Security Operations Center) - With Troy Santana 21:33

2 years ago21:33

21:33

In this episode of The Security Repo we are joined again by Troy Santana from Critical Start to discuss how organizations can set up a Security Operations center regardless of their size. We explore exactly what a security operations center does and why you need one in the current security climate. For more information on Critical Start please check out their website at https://www.criticalstart.com/…

The Security Repo

1
Staff augmentation in security with Troy Santana 35:04

2 years ago35:04

35:04

Staff augmentation is the idea of augmenting your internal staff with consultants and tools to give you the collective knowledge of security experts for all teams. We sit down with security consultant Troy Santana to discuss exactly what staff augmentation looks like and how it can be implemented. Troy Santana joins us as a Sales Engineer for Critical Start. After spending 6 years as part of their 24x7 SOC team in analyst, management, and supporting roles, he moved over to security consulting to provide technical depth and operations experience to the buying process. A veteran of the Marine Corps, he obtained an M.A. in Criminology/Criminal Justice and uses that experience and education to help his team and clients understand the importance of layered security and operational expertise in both tools and personnel. Learn more about critical start at https://criticalstart.com…

The Security Repo

1
Episode 6: Securing the development environment with Laurent Balmelli 35:34

2 years ago35:34

35:34

In this episode, we sit down with Laurent Balmelli, the CEO of Strong Network, to discuss why development environments are vulnerable to malicious actors and how we can move to a secure cloud IDE (Integrated Development Environment). A cloud IDE isn't entirely new but it also isn't changing how developers are working and more importantly how developers are keeping their environments secure. We ask Laurent what the issue is with cloud IDEs and discuss how we can leverage the concept to build better, more secure environments for our developers. Breach of the week - This week we take a look at the Atlassian breach in which attackers were able to obtain employee credentials to gain access to a third-party HR system.…

The Security Repo

1
Episode 5: Product Lead Growth in Security with Ross Haleliuk 33:25

2 years ago33:25

33:25

Ross Haleliuk is a champion for Product Lead Growth (PLG) and in this episode sits down with Mackenzie Jackson to discuss how this concept has changed cyber security products and also how organizations can adopt a product lead growth mindset. Ross is a thought leader in the space and has many interesting publications on the topic, to find out more here are some links. Linkedin - https://www.linkedin.com/in/rosshaleliuk/ Blog - https://ventureinsecurity.com/?gi=af7863463f56…

The Security Repo

1
Episode 4: Understanding confidential computing & web assembly to build secure apps 25:43

2 years ago25:43

25:43

Nathaniel McCallum is the former CTO and co-founder of Profian and an expert in web assembly and confidential computing. This week on the security repo Dwayne McDaniel goes on a deep dive with Nathaniel to understand web assembly and how it relates to security but also peels apart the layers that surround the term confidential computing. It is a fascinating conversation with a lot of takeaways.…

The Security Repo

1
Epsiode 3: Implementing a DevSecOps approach to software development with Will Kelly 30:05

2 years ago30:05

30:05

In this episode, we invite Will Kelly to join Mackenzie and Dwyane in a conversation about implementing DevSecOps in software organizations. We tackle what DevSecOps is in reality, how can organizations implement a plan to roll out a DevSecOps approach, and the challenges that surround this. Will Kelly is a freelance writer focused on DevOps and the cloud. He has worked on teams that introduced DevOps and the cloud to commercial and public sector organizations. Will is a correspondent for Red Hat’s Opensource.com. His work has also been published by TechTarget, Enable Architect, InfoQ, InfoWorld, and others. Follow him on Twitter: @willkelly.…

The Security Repo

1
Episode 2: An Interview with a Cyborg Hacker - How are body modfications and changing the threat landscape 44:10

3 years ago44:10

44:10

Len Noe is both a white hack hacker and a pioneer in the transhuman movement. Current Len has 8 implants which he uses to enhance his offensive security activities. In this episode, I discuss with Len what Biohacking or bio modifications mean as a security threat and what we can do to defend against this new threat.…

The Security Repo

1
Episode 1 - A deep dive into supply chain risk 53:16

3 years ago53:16