Hacker Valley Studio

When your firewall forgets to buckle up, the crash doesn’t happen in the network first, it happens in your blindspots. In this episode, Ron is joined by returning guest Chris Hughes, Co-Founder of Aquia and host of the Resilient Cyber podcast. Chris helps reframe vulnerability work as exposure management, connect technical risk to human resilience, and break down the scoring and runtime tools security teams actually need today. Expect clear takeaways on EPSS, reachability analysis, ADR, AI’s double-edged role, and the one habit Chris swears by as a CEO. This episode fuses attack-surface reality with mental-attack-surface strategy so you walk away with both tactical moves and daily practices that protect systems and people. Impactful Moments: 00:00 - Intro 02:00 - Breaking: Fortinet WAF zero-day & visibility lesson 05:00 - Meet Chris Hughes: CEO, author, Resilient Cyber host 08:00 - Mental attack surface explained and why it matters 18:00 - From CVSS to EPSS, reachability, and ADR realities 21:00 - AI as force-multiplier for attackers and defenders 24:30 - Exposure vs vulnerability naming, market trends 26:00 - Chris’s book & how to follow his work 30:00 - Ron’s solo: 3 pillars to patch your mindset 34:00 - Closing takeaways and subscribe reminder Links: Connect with our guest, Chris Hughes, on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out the article on the Fortinet exploit here: https://www.helpnetsecurity.com/2025/11/14/fortinet-fortiweb-zero-day-exploited/  Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

In this conversation, Daniel Miessler, a cybersecurity and AI expert and founder of Unsupervised Learning, explores the evolving landscape of work in an AI-dominated era. He argues that human labor itself may be an economic bubble, highlighting how businesses are thriving with fewer workers. Daniel discusses his experiences at Apple and the importance of building careers around problem-solving. He emphasizes context management in AI's potential and shares inspiring stories of youthful innovation, pointing toward a future where adaptation is key.

AI agents aren't just reacting anymore, they're thinking, learning, and sometimes deleting your entire production database without asking. The real question isn't if your AI agent will be hacked, it's when, and whether you'll have the right hooks in place to stop it before it happens. In this episode, Ron breaks down the ChatGPT Atlas vulnerability that shocked researchers, revealing how malicious prompts can turn AI assistants against their own users by bypassing safeguards and accessing file systems. He presents his new talk "Hooking Before Hacking," introducing a framework for applying EDR principles, prevention, detection, and response, to AI agents before they execute unauthorized commands. From pre-tool use hooks that catch malicious intent to one-time passwords that put humans back in the loop, this episode shares practical security controls you can implement today to prevent your AI agents from going rogue.   Impactful Moments: 00:00 - Introduction 02:00 - ChatGPT Atlas vulnerability exposed 04:00 - AI technology outpacing security guardrails 05:00 - Guardrail jailbreaks and prompt injection 06:00 - AI agents deleting production databases 07:00 - EDR principles for AI agents 09:00 - Pre-tool use hooks catch intention 11:00 - User prompt sanitization prevents leaks 14:00 - One-time passwords for agent workflows 16:00 - Automation mistakes across 10 years   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the entire article here: https://www.yahoo.com/news/articles/cybersecurity-experts-warn-openai-chatgpt-101658986.html  GitHub Repository: https://hackervalley.com/hooking-before-hacking  See Ron's "Hooking Before Hacking" presentation slides here: http://hackervalley.com/hooking-before-hacking-presentation Check out our website: https://hackervalley.com/ Upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio    

What if your security team never missed a single alert and actually had time to think strategically? In this episode, Ahmed Achchak, CEO and Co-Founder of Qevlar AI, reveals how autonomous SOCs are reshaping security operations worldwide. From tackling alert fatigue to empowering analysts with intelligent AI-driven investigations, Ahmed shares the inside story of building a system that can act on threats faster than any human alone. Learn how Qevlar’s innovative approach is giving organizations clarity, control, and measurable ROI while freeing security teams to focus on what truly matters. Impactful Moments 00:00 - Introduction 01:30 - Founding Qevlar AI by chance 03:30 - Inefficiency of current SOCs 05:00 - Augmenting analysts, not replacing them 08:00 - AI investigating alerts at scale 11:30 - How autonomous agents handle phishing 14:30 - Why tackling all alerts maximizes ROI 17:30 - Graph technology as investigation backbone 25:00 - Limitations and randomness of LLMs 30:30 - Advice for testing AI in SOCs Links Connect with our guest Ahmed on LinkedIn: https://www.linkedin.com/in/ahmed-achchak-872554109/   Check out Qevlar’s website: https://www.qevlar.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Who said cybersecurity had to be serious? The future of cyber is creative, human, and even a little sexy. In this special 400th episode, Ron Eddings celebrates six incredible years of Hacker Valley Studio with one of cyber’s most creative voices, Maria Velasquez, Co-Founder of the Cybersecurity Marketing Society and Co-Host of Breaking Through in Cybersecurity Marketing. Together, they discuss how bold storytelling, authentic community, and a touch of fun are reshaping the way we connect in cybersecurity. Maria opens up about turning burnout into purpose, building a 4,000-strong global movement, and why the next frontier in cyber might just be entertainment.   Impactful Moments: 00:00 - Introduction 02:00 - CISA layoffs and collaboration fragility 04:00 - Welcoming Maria Velasquez 06:00 - How loneliness sparked a global community 08:00 - Why collaboration fuels cybersecurity growth 10:00 - When cybersecurity marketing was “boring” 12:00 - The rise of creativity and brand power 14:00 - Story behind Torque’s “Kill the S.O.A.R” campaign 15:00 - Making cybersecurity emotional and human 17:00 - Maria’s advice for bold marketing leaders 18:00 - The next big thing: experiential marketing 20:00 - Inside Cyber Marketing Con 2025 24:00 - Final reflections on community and creativity 27:00 - Ron’s takeaways: connection drives innovation Links: Connect with Maria on LinkedIn: https://www.linkedin.com/in/maria-vepa/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

To defend like a human, you first have to think like a hacker. In this episode, Ron Eddings sits down with Chris Dale, Co-Founder and Chief Hacking Officer at River Security, to explore the human side of hacking, where curiosity, persistence, and vigilance meet defense. Chris shares how the traditional idea of penetration testing has evolved into a continuous journey of discovery, and why reconnaissance and storytelling are critical tools for modern defenders. From real-world breach stories to lessons on trust and responsibility, this episode reveals how thinking like a hacker, and acting like a human can transform the way we approach cybersecurity.   Impactful Moments 00:00 - Introduction and massive breach overview 03:00 - Trusted systems become exposure points 05:00 - Meet Chris Dale of River Security 07:00 - The problem with traditional pen testing 08:30 - Continuous reconnaissance and real-world risk 10:00 - Knowing yourself as a security principle 13:00 - The meaning of continuous vigilance 15:00 - Turning cybersecurity lessons into stories 18:00 - Storytelling and mindset in defense 19:30 - Final takeaways on fundamentals and vigilance   Links: Connect with our Chris on LinkedIn: https://www.linkedin.com/in/chrisad/ Read the Tech Radar article here: https://www.techradar.com/pro/security/f5-breach-fallout-over-266-000-instances-exposed-to-remote-attacks Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/      

When code meets intuition, innovation gets personal. But what happens when we let AI vibe with our ideas? In this episode, Ron Eddings covers the rise of AI-driven development from Vibe Coding, where natural language shapes real code, to the emerging Model Context Protocols (MCPs) that redefine how apps talk to AI. He breaks down the recent Figma MCP vulnerability to discuss how creativity and security now collide in surprising ways. With hands-on insights using Raycast and practical steps for building responsibly, Ron takes you inside a new era where human intuition and machine intelligence truly build together.     Impactful Moments 00:00 - Introduction 01:00 - The Figma vulnerability explained 03:00 - Why MCP security matters 05:00 - What vibe coding really means 07:00 - Writing with intention and context 08:00 - The power of structured prompting 10:00 - How MCP connects everything 12:00 - Why adoption is skyrocketing 15:00 - Setting up an MCP server 17:00 - Agents, actions, and security trust 19:00 - The real takeaway: curiosity with caution 30:00 - Predictions on OpenAI’s upcoming browser 33:00 - The profit battle between OpenAI and Microsoft 35:00 - Windsurf’s rollercoaster of acquisitions   Links: Connect with our Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out the Hacker News article here:  https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html?m=1   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

The real edge in cybersecurity isn’t found in new tools, it’s built through timeless fundamentals and a mindset that never stops learning. In this episode, Ron sits down with Rich Greene, Senior Solutions Engineer and Instructor at SANS Institute, to uncover how true cyber value starts with skills, curiosity, and mindset. Rich shares his remarkable story of surviving a battlefield injury, retraining his brain, and how that journey shaped his approach to mastering cybersecurity. Together, they connect real-world lessons like the recent Discord breach to the core truth that even advanced systems depend on people who master the basics. Impactful Moments 00:00 - Introduction 02:00 - Discord breach and third-party risk 05:00 - Meet Rich Greene from SANS 06:00 - The power of mastering fundamentals 07:00 - Learning how to learn 08:30 - Rich’s story of rebuilding his memory 11:00 - Forcing the brain to grow stronger 12:00 - Top skills that get you paid 14:00 - Skills that lead to fulfillment 16:00 - Fundamentals that fuel long-term success 17:00 - The OSI model decoded 20:00 - Why operating systems matter 21:00 - Security operations fundamentals 23:00 - Why cloud is the #1 must-learn skill 25:00 - Final advice: sharpen your fundamentals   Links Connect with our Rich on LinkedIn: https://www.linkedin.com/in/secgreene/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

What if protecting your digital twin becomes the new cyber hygiene? In this week's episode, Ron welcomes back cybersecurity leader Jason Rebholz, CEO of Evoke, to discuss how AI is reshaping the fundamentals of cyber hygiene. From data breaches and deepfakes to everyday habits that protect our digital lives, Jason shares how small actions and smarter use of AI can make all the difference. Together, they uncover how our growing digital footprints are giving rise to digital twins, AI replicas that can mirror our behaviors, voices, and even decisions, and what that means for the future of trust, identity, and security. Impactful Moments: 00:00 - Introduction 01:00 - The Neon app data leak story 03:00 - Why our voices are the new passwords 05:00 - How AI can strengthen cyber hygiene 07:00 - Jason’s mission to secure AI systems 09:00 - AI as a force multiplier for defenders 11:00 - Deepfakes and the new social engineering playbook 13:00 - Attackers’ use of AI and what it means for us 15:00 - The rise of digital twins and identity threats 19:00 - How to defend against “yourself” online 20:00 - Final reflection: Trust in the AI age   Links: Connect with Jason on LinkedIn: https://www.linkedin.com/in/jrebholz/ Check out the TechCrunch article on the Neon app data leak story: https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

The biggest security threat isn’t in the cloud, it’s hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.   Impactful Moments: 00:00 - Introduction 02:00 - Varun’s journey from RedLock to Endor Labs 04:00 - Why the software supply chain is broken 07:00 - AI coding assistants and insecure code risks 10:00 - The NPM self-replicating worm discovery 13:00 - Simple controls to enforce Zero Trust in code 16:00 - Pairing AI with security to prevent slop 19:00 - AI-powered security code reviews explained 22:00 - Why 88% of code goes unused 26:00 - Developer efficiency as the new security metric 29:00 - The next wave of AI-driven software threats   Links: Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/