Be Fearless Podcast by SquareX

Mandy Andress brings over two decades of cybersecurity leadership experience to this conversation, including her current role as CISO at Elastic and her 13-year tenure at MassMutual where she led a $50 million strategic security investment initiative. In this episode, Mandy shares candid insights about prioritizing security gaps by focusing on core risks and security fundamentals, the challenges of browser-based threats, and why curiosity and adaptability matter more than technical certifications. 0:00 Why a cybersecurity lead studied law and accounting first7:00 How going out of your comfort zone pays off in your career11:04 Understanding core risks when setting priorities20:58 Browser security and the security poverty line30:08 How Mandy got involved with advising and investing in startups35:03 Building high performing security teams39:46 Career advice for cybersecurity professionals🎙️ Listen On:Apple Podcasts: https://podcasts.apple.com/us/podcast/be-fearless-podcast-by-squarex/id1750854064Spotify: https://podcasters.spotify.com/pod/show/getsquarex🔔 Follow Mandy and Aleksandra on:https://www.linkedin.com/in/mandyandress/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Cybersecurity Co-Founder and ex-Venture Capitalist Zain Rizavi breaks down what really happens behind closed doors in cybersecurity investing. From his unconventional journey from political science  to backing the next generation of security companies, Zain reveals why most founders get product-market fit completely wrong and what it really takes to build a security company that VCs actually want to fund. 0:00 Introduction and Zain's journey from political science to tech VC10:32 Zain Rizavi’s “Surfer Analogy" to decoding startup potential14:50 Upcoming cybersecurity investment trends20:56 The browser as the new endpoint & data leakage risks in the era of AI27:08 Spotting poor Product-Market Fit (PMF)31:47 Good vs. bad pivots44:42 Advice for cybersecurity founders breaking into enterprise48:45 Closing and Zain's favourite books🔔 Follow Zain and Aleksandra on:https://www.linkedin.com/in/zainrizavi/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

If you’re in the cybersecurity field, HD Moore, runZero founder and creator of Metasploit, needs no introduction — his work has fundamentally changed how the security industry thinks about vulnerabilities. In this candid conversation, HD shares the story behind building the world's most widely used penetration testing framework, war stories from the early days of cybersecurity, and how his Month of Browser Bugs Project (which inspired our own Year of Browser Bugs Initiative) spelled the end of ActiveX.0:00 Introduction, the story behind creating Metasploit6:42 Transitioning from researcher to founding runZero, trends in exposure management18:09 HD’s Month of Browser Bugs Project and browser security today26:51 AI’s soaring valuations and other market trends35:39 Fundraising from the right investors40:08 Biases in AI-generated code and baked-in vulnerabilities 🔔 Follow HD and Vivek on:https://www.linkedin.com/in/hdmoore/https://www.linkedin.com/in/vivekramachandran/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Sangram Dash has spent over two decades in cybersecurity, from witnessing the massive eBay breach response to leading security at companies like PayPal and Square. In this episode, he breaks down his practical "3 buckets" framework that every security team should follow, shares lessons from previous incidents and why the human element of incident response will never be fully automated.0:00 Introduction to Sangram and his work5:51 Sangram’s playbook to building security culture16:46 The 3 Buckets of Cybersecurity Framework26:43 On securing the browser39:42 War Story: Lessons from eBay’s Breach45:02 Common mistakes in browser security and SaaS protection48:52 Advice for Aspiring Security Leaders: “you’re not ready till the point you think you’re ready”53:16 Closing thoughts: the human element of security🔔 Follow Sangram and Aleksandra on:https://www.linkedin.com/in/dashucla/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

In this episode, SquareX Field CISO John Carse sits down with Jayesh, founder of Cloud Village and CEO of Cloudurance Security, to explore the growing threat of browser-based attacks in cloud environments. Jayesh shares practical insights on product security, the importance of "enrollment conversations" with stakeholders, and why browsers have become the primary attack surface for modern threats.0:00 Introduction to Jayesh and Cloud Village14:12 Ensuring that security doesn’t become an afterthought in development29:30 How security leaders can influence cloud adoption decisions38:13 Approaching browser-based attack surfaces in organizations55:06 Challenges of implementing auto remediation in the cloud1:06:03 The impact of AI/ML on cloud security1:17:57 Closing and what to expect at Cloud Village at RSA🔔 Follow Jayesh and John on:https://www.linkedin.com/in/jayeshsch/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Join us as we welcome Sid Trivedi (Partner at Foundation Capital) and Ross Haleliuk (Founder of a Stealth Security Startup and Author of Cyber for Builders), co-hosts of the "Inside the Network" podcast! In this conversation, they share investor and operator perspectives on cybersecurity trends and its evolution from technical obscurity to mainstream concern. Sid and Ross also explore how major incidents have changed public perception, why browsers are becoming critical battlegrounds, and what separates lasting innovation from opportunistic ventures in the security landscape.0:00 About Sid and Ross4:07 How cybersecurity awareness has evolved over 5 years8:42 What the Wiz acquisition means for startups and investment12:45 Navigating the crowded cybersecurity landscape20:50 Sid’s experience investing in deception security and the importance of pivoting29:01 How attackers drive market forces33:23 The difficulty of changing stakeholder behavior42:45 How the security mindset helps your personal life54:13 Overlooked opportunities in the cybersecurity market57:33 Closing: building security culture through storytelling🔔 Follow Sid, Ross and Aleksandra on:https://www.linkedin.com/in/siddhanttrivedi/https://www.linkedin.com/in/rosshaleliuk/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Jeff Moss, founder of the famed DEF CON and Black Hat conferences,  joins Vivek Ramachandran for another episode of the Be Fearless Podcast. Jeff reveals how DEF CON’s new one-roof strategy at the Las Vegas Convention Center has transformed the conference experience, while preserving its unique hacker culture that has endured for decades. He explains why browsers have become the prime battleground for attackers - with everyone using browsers, it's a numbers game where “somebody somewhere is going to click on something.”The conversation covers everything from mesh networks connecting the hacker community year-round to the emerging threat of browser-native ransomware that targets cloud storage through identity theft. Jeff also dives into the privacy renaissance driving people toward distributed platforms like Mastodon, where monetization and algorithmic amplification take a backseat to community-driven content.0:00 DEF CON's emergency venue move and its unexpected benefits8:20 Preserving hacker culture as DEF CON has grown22:39 This year's DEF CON physical badge and mesh network initiatives26:42 How 500+ volunteer "goons" make DEF CON happen38:30 Browser security as the new attack frontier48:50 AI agents, Browser-Native Ransomware and Deepfakes1:00:09 On peer-to-peer communication and decentralized alternatives1:06:51 Angel investing in cybersecurity startups 🔔 Follow Jeff and Vivek on:https://www.linkedin.com/in/jeffmoss/https://www.linkedin.com/in/vivekramachandran/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

In this episode of the Be Fearless Podcast, Yu Long (Tyler) Tang, Director of Enterprise Information Security Strategy at softScheck APAC, joins us to share his journey from martial arts to cybersecurity and how the protection mindset carried over.A highly qualified speaker and Secretary and Certified Mentor with the ISC2 Singapore Chapter, Yu Long (Tyler) covers browser security, his work as a volunteer and mentor, and why past security performance can't predict future threats. 0:00 Yu Long (Tyler)'s journey from martial arts to cybersecurity7:22 Yu Long (Tyler)'s work in security by design21:49 The browser as an overlooked attack surface28:31 The zero-day prediction problem36:01 How granularity of security controls depends on different factors39:51 Making security relevant to business stakeholders48:17 Critical qualities for cybersecurity career growth🔔 Follow Yu Long (Tyler) and Aleksandra on:https://www.linkedin.com/in/yulongtang/https://www.linkedin.com/in/aleksandra-melnikova-1012/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

Ever wondered how professional hackers think? SquareX Field CISO John Carse sits down with Abhijith B R, Founder/Head of security consulting at BreachSimRange, and Adversary Village at DEF CON, who also has a wealth of ethical hacking experience. In this episode, Abhijith pulls back the curtain on the hacker mindset, shares his war stories from previous engagements, thoughts on browser security and why basic security hygiene still matters more than fancy products. This conversation is packed with practical advice for strengthening your security posture by thinking like the attackers who are targeting your organization.0:00 Introduction and how attacker techniques have evolved9:12 How attackers target enterprises today14:15 War stories from security assessments18:40 Abhijith's cybersecurity journey and founding Adversary Village25:10 Abhijith’s conference experience and how Red Teaming is like martial arts school32:17 Red team vs. purple team approaches39:37 Browser security challenges and attack vectors47:12 Top recommendations for browser security57:34 Collaborative approaches to purple teaming1:04:02 Closing: Advice for new security professionals at DEF CON🔔 Follow Abhijith and John on:https://www.linkedin.com/in/abhijith-b-rhttps://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0

In this episode, SquareX field CISO John Carse speaks with Mike Cunningham, R&D Program Manager at MITRE's Center for Threat-Informed Defense. Mike brings his unique background from the Navy and NSA to discuss how organizations can better defend against cyber threats by understanding adversary behaviors, browser security challenges and more. If you ever wanted to know more about MITRE, its ATT&CK framework and the good work they do — this is an episode you won’t want to miss.0:00 Introduction and Mike's cybersecurity journey5:33 The MITRE ATT&CK framework and threat-informed defense15:01 On the threatscape, social engineering vs. infrastructure vulnerabilities20:49 Browser (extensions) and SaaS app security challenges27:36 On patch management and security trends34:53 Common mistakes in organizational security approaches38:24 The Center for Threat-Informed Defense’s research on AI42:09 Closing remarks and what people don't know about MITRE🔔 Follow Mike and John on:https://www.linkedin.com/in/mticunningham/https://www.linkedin.com/in/johncarse/🔥 Powered by SquareXDeployed as a lightweight extension, SquareX turns any browser, on any device, into a secure enterprise browser. Find out more about SquareX at https://hubs.la/Q03rPcbf0