Three Buddy Problem

Cybersecurity industry veteran Chad Loder talks about his time as co-founder of Rapid7, the decision to acquire Metasploit, lessons learned from moving to the CISO chair and why the industry still struggles with security awareness training.Links:About Habitu8Chad Loder on TwitterRapid7 Acquires Metasploit

Chris Castaldo, senior director of cybersecurity at 2U, Inc., joins Ryan on the podcast to talk about building a threat model for digitizing the education sector, his top priorities as a defender, new solutions that impress him, and why it's important to get independent third-party security assessments.Links:Uptycsosquery | Easily ask questions about your Linux, Windows, and macOS infrastructure

Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.Links:Wim Remes on GitHubWim Remes on Twitter

Lacework Chief Security Architect Dan Hubbard joins the podcast to discuss his new research on container security, the challenges of securing cloud deployments, and why technological advancements have widened attack surfaces.Links:Containers at risk (PDF direct download)Dan Hubbard on Twitter

David Weston manages the Windows Device and Offensive Security Research teams at Microsoft. He joins the podcast to talk about how proactive red-team exercises push major mitigations to Microsoft's products and the current state of security in the Windows ecosystem.Links:Dave Weston on TwitterDavid Weston: Hardening with Hardware — In this talk, we will review the metamorphosis and fundamental re-architecture of Windows to take advantage of emerging hardware security capabilities. Windows 10 in S mode

SVP and Chief Information Security Officer (CISO) at Lending Club, Rich Seiersen, digs into the nuts and bolts of defending a financial services firm, his approach to finding quality cybersecurity talent, and the importance of confronting security with data. (Recorded during fireside chat at SecurityWeek’s CISO Forum).   https://securityconversations.com/wp-content/uploads/2018/06/rich_seierson.mp3Links:Book: How to Measure Anything in Cybersecurity Risk — How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security.

Founder and CEO of GreyNoise Intelligence Andrew Morris (andrew___morris) talks about his “anti threat-intelligence” company, the ways SOCs are using it to filter through scanning noise and the trials and tribulations of bootstrapping a start-up.   https://securityconversations.com/wp-content/uploads/2018/05/andrew_morris.mp3Links:What is GreyNoise?

Managing Partner at YL Ventures, Yoav Leitersdorf (ylventures), explains the surge in cybersecurity investments in Israel, the priorities for his $75 million fund and which sectors are ripe for the picking.   https://securityconversations.com/wp-content/uploads/2018/05/ep30-yoav_leitersdorf.mp3Links:Ask A VC: Yoav Leitersdorf On The Cyber Security Opportunity — In this week’s episode of Ask A VC, we hosted YL Ventures’ Yoav Leitersdorf in the studio to talk about cyber security, innovations in Israel and more.

Principal Security Researcher at Recorded Future’s Insikt Group, Juan Andrés Guerrero-Saade (juanandres_gs), explains the nuances of good threat intelligence, sheds light on nation-state hacker activity and warns that adversaries don’t have to be “sophisticated” to launch successful attacks.   https://securityconversations.com/wp-content/uploads/2018/05/juan_andres_guerrero_saade.mp3

The founder and CEO of Dragos, Inc. Robert M. Lee (RobertMLee) cuts through the hype around threats to critical infrastructure and offers a matter-of-fact take on active defense, “hacking-back,” and nation-state espionage operations.   https://securityconversations.com/wp-content/uploads/2018/05/ep28-robert-m-lee.mp3