Three Buddy Problem

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) GitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.Links:Michael Hanley on LinkedInGitHub SecurityGitHub Copilot AI pair programmerBig Tech Vendors Object to US Gov SBOM Mandate

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Cenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.Links:Jason Shockey on LinkedInMy CyberpathJason Shockey joins Cenlar FSBNIST Cybersecurity Framework

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.Links:Faraday at Black Hat 2023Fede on LinkedInFederico Kirschbaum on TwitterEkopartyPadding Oracles Everywhere (Rizzo/Duong)

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.Links:Kymberlee Price on LinkedInBlueHat Seattle Closing Remarks - YouTubeKeynote: Defenders Assemble - Kymberlee PriceBlueHat | Microsoft

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.Links:OpenSSF Welcomes New General ManagerOpenSSF Alpha-OmegaCSRB report on Log4jBig Tech Object to US Gov SBOM MandateOmkhar Arasaratnam on LinkedIn

Rishi Bhargava, a serial entrepreneur and co-founder of Descope, dives into the exciting world of cybersecurity and passwordless authentication. He discusses the $53 million seed funding that Descope secured and sheds light on the complexities of customer identity management. Rishi shares insights about emerging identity solutions like biometrics, the security challenges faced by startups, and the strategic importance of building trust in a competitive market. He also touches on the unique advantages of Israeli tech talent in cybersecurity.

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Symmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud data stores.Links:Claude Mandy on LinkedInWhat is Data Security Posture Management (DSPM)?The DataGuard SolutionFollow Claude Mandy on Twitter

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Munich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the places in security still ripe for innovation.Links:Sidra Ahmed Lefort on LinkedInPortfolio | Munich Re VenturesWhat's Going on With Cybersecurity VC Investments?Video: VC View - Trends in Cybersecurity Innovation

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) SecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.Links:SecuRepairs MissionPaul Roberts, Editor-in-Chief, Security Ledger — Paul Roberts, Editor-in-Chief, Security LedgerPaul Roberts on TwitterFight to Repair SubstackTesla is a Vocal Opponent of the Right to Repair. Now we know why. — Tesla is a Vocal Opponent of the Right to Repair. Now we know why.

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a heavy focus on reducing duplicate vulnerability submissions.Links:Katie Moussouris - WikipediaKatie Moussouris on TwitterLuta Security's Vulnerability Coordination Maturity ModelReferral Bounty | Luta Security