Three Buddy Problem

Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.Links:Lamont Orange: A CISO's Point of View on Log4jFive minutes with Lamont OrangeLamont Orange columns on DarkReading

Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.Links:Haroon Meer on TwitterThinkst: We bootstrapped to $11 million in ARRMemory Corruption and Hacker FolkloreThinkst CanaryPodcast: Haroon Meer, Thinkst Applied Research

Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.Links:About EgressTony Pepper on LinkedInInfoSecurity Interview: Tony Pepper

Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.Links:Microsoft Flags SolarWinds Serv-U 0-day exploitSolarWinds Serv-U RCE advisoryIn-the-wild zero-day counterHacked SolarWinds Software Lacked Basic Anti-Exploit Mitigation

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.Links:Google Says NSO Pegasus Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'Project Zero: A deep dive into an NSO zero-click iMessage exploitThe Million Dollar Dissident: NSO Group's iPhone Zero-DaysPegasus vs. Predator: Doubly-Infected iPhone Reveals Cytrox Mercenary VendorProliferation of Cyber Capabilities in International Arms Markets

Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.Links:Corellium Secures $25M Series A RoundCorellium Lands $25 Million Investment for Virtualization TechCorellium for Journalists

Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).Links:> Extending SBOMs to the firmware layer> Hardware Based Security for Business (Intel)> Alex Matrosov on the state of firmware security> Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment

Episode sponsored by SecurityWeek.com JupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.

Episode sponsored by MongoDB.com. Algirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global private-public collaboration.Links:Algirde Pipikaite ProfileDeveloping the Future of Policy for CybersecurityCNBC: Cyberattacks on the rise amid coronavirus crisis, WEF expert says

Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity. (Episode sponsored by Eclypsium)