In this episode of the Security Repo Podcast, Andy Dennis, VP at Modus Create, joins Dwayne McDaniel to unpack what "shifting left" really means for security and engineering teams. They explore the impact of hands-on security training at B-Sides events, the concept of developer toil, and the role AI tools like GitHub Copilot AutoFix are starting to…

In this episode of the Security Repo Podcast, we sit down with Rebekah Skeete, COO of BlackGirlsHack, to explore how her organization is increasing diversity and accessibility in cybersecurity through hands-on training, mentorship, and inclusive community building. Rebekah shares the origin story of BlackGirlsHack, their evolving programs including…

In this episode of the Security Repo Podcast, Thomas Jost shares his journey from software development to becoming a Senior Application Security Engineer, offering insights into the value of diverse tech backgrounds in AppSec. He discusses the real-world friction between security practices and developer workflows, especially around static analysis …

In this episode of the Security Repo Podcast, Dwayne McDaniel sits down with Yash Shahani, a seasoned AppSec engineer and vulnerability hunter, to dive into the nuances of manual code review and the limitations of automated security tools. They explore the evolving role of AI in AppSec, its promise and pitfalls, and why human intuition still plays …

In this episode of the Security Repo Podcast, Maria Khodak explores how graph theory and data visualization can be used to uncover machine learning vulnerabilities like data poisoning. She explains how her work as a penetration tester intersects with research on threat detection and the importance of making abstract security concepts more human-rea…

In this episode of the Security Repo Podcast, Ailin Castellucci shares her inspiring journey from selling shoes to building cybersecurity teams and leading human-centric education projects. She discusses the unique challenges and perspectives of cybersecurity education in Argentina, emphasizing the importance of empathy, communication, and passion …

In this episode of the Security Repo Podcast, Chris Kulakowski, a seasoned detection engineer from IBM, delves into the complexities of threat detection, from writing detection rules to collaborating with red teams for proactive security strategies. He shares insights on prioritizing security risks, the evolving role of AI in cybersecurity, and the…

In this episode of the Security Repo Podcast, Bleon Proko dives into the intricacies of AWS security, focusing on the role and impact of quarantine policies in mitigating the risks of compromised credentials. He explains how AWS policies prioritize denial to prevent privilege escalation, lateral movement, and financial fraud, offering practical str…

In this episode of the Security Repo Podcast, we welcome back Mackenzie Jackson, security researcher and founder of this very show, to discuss the evolving landscape of AI in cybersecurity. Mackenzie dives deep into how AI is reshaping open-source security, revealing research that uncovered 600 unreported vulnerabilities in popular packages. We als…

In this episode of the Security Repo Podcast, we sit down with cybersecurity expert Gerard Johansen to dive deep into identity and access management (IAM) challenges in the enterprise space. We explore the explosion of data and identities, the ongoing debate over who "owns" IAM in organizations, and how threat actors are evolving their tactics to e…

In this episode of the Security Repo Podcast, we sit down with Josh Kuntz, Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation, to explore the unique challenges of securing state agencies. With nearly three decades in public service, Josh shares his insights on navigating government cybersecurity, hiring t…

In this episode of the Security Repo Podcast, we sit down with Zach Hill from Antisyphon Training to discuss affordable cybersecurity education and the evolving landscape of IT training. Zach shares insights on the importance of hands-on learning, the challenges of misinformation in online education, and how AI is reshaping entry-level IT roles. We…

In this episode of the Security Repo Podcast, we sit down with Alex Scheel, staff back-end engineer at GitLab and chair of the OpenBao Technical Steering Committee, to discuss the origins and future of OpenBao, a fork of HashiCorp Vault. Alex explains the implications of HashiCorp's licensing change, the technical advantages OpenBao brings to the t…

In this episode of the Security Repo Podcast, we sit down with Edna Jonnson, a cybersecurity engineer and SOC analyst, to discuss their journey from web development to security operations. Edna shares insights on the value of Capture the Flag (CTF) competitions for skill development, recounting their recent victory at Wild West Hacking Fest. We als…

In this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security po…

In this episode of the Security Repo Podcast, Dwayne and Kayssar dive into Kayssar's role as a security leader at GitGuardian, exploring his responsibilities, challenges, and the balance between proactive and reactive security work. They also discuss the evolution of security tools, the importance of relationship-building in security roles, and sha…

In this episode of the Security Repo Podcast, Dwayne and Kayssar sit down with Dustin Lehr, co-founder and chief product and tech officer at Katilyst , to explore the power of Security Champions programs. Dustin shares insights from his journey as a software engineer turned cybersecurity leader and explains how security champions can bridge the gap…

In this episode of the Security Repo Podcast, we dive into the world of ISACs (Information Sharing Analysis Centers) with Cherie Burgett. Cherie shares insights into the nuanced field of cyber threat intelligence, discussing how interpretation techniques like hermeneutics can enhance understanding of threat actor behavior. The conversation also exp…

In this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry. We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how data…

In this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the inte…

In this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, …

In this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage an…

In this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also exp…

In this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his p…

Got psychological safety? In this episode of the Security Repo Podcast we sit down with Deanna Stanley to learn about psychological safety and the framework she has coauthored on building the layers of trust within organizations. We also dig into a few interesting stories from her time at MITRE and end up with some very encouraging words on how to …

In this episode of the Security Repo podcast, we are joined by the legendary DFIR Matt to get a history of phone phreaking and how that community of hackers inspired an entire community, including DEF CON. We also talk about how social engineering attackers are carried out, including QR code phishing, aka "quishing." Matt gives some rok solid advic…

In this week's episode of the Security Repo Podcast, we ask a pentester who is one year into her cybersecurity career how she got started. Along the way, we learn about her favorite security tools, what it was like making the leap into security, and how to get started with your own journey, no matter what path you want to take. We are joined by Ale…

In this episode of the Security Repo Podcast, we take a look at the concepts around securing human identities in the enterprise. We talk about why passwords alone are not enough, why it is important to use multifactor authentication, and the dream 'golden path' of ephemeral just-in-time account creation and use. As always, we find out the best and …

In this week's episode of the Security Repo Podcast, we dive into an unusual topic for the program, navigating the US immigration system and the challenges that many security professionals working in the US face. Join us as we discuss how to apply lessons from the world of pentesting to succeeding in the face of bureaucracy. We are joined by José A…

In this week's episode of the Security Repo Podcast, we turn our attention to STIR/SHAKEN, a requirement for US cell phone carriers that has been implemented to stop SPAM robocalls. We also look at password policies and research into how to make better passwords. We are joined by Per Thorsheim. Per is the founder and main organizer of PasswordsCon,…

In this episode of The Security Repo Podcast, we look at how we satisfy the goals of compliance and security, which might seem like they would be the same thing, yet are not. We are joined by David Hawthorne. David is a technology factotum with 20 years of experience across system administration, data and software architecture, and DevOps. As the D…

In this episode of The Security Repo Podcast, we broach a wide variety of topics, ranging from The Theory of Constraints, source control horror stories, and using scorecards to drive cross-team success. We are joined by Justin Reock, the Head of Developer Relations for Cortex.io. He is an outspoken speaker, writer, and software practice evangelist.…

In this episode of The Security Repo Podcast, we take a look at how to do secrets rotation in a highly available systems reliably. We are joined by Kenton McDonough. Kent got his MS in Computer Science from Virginia Tech in 2021 with a focus on systems and networking. He currently does security automation for Viasat Inc, a global Satellite internet…

In this episode of The Security Repo Podcast, let's talk about the largest IT threat outside of IT, and maybe out of the line of site of Security teams, Shadow IT. We are joined by Garrett Gross, a seasoned cybersecurity professional with over twenty years of experience. Garrett currently holds the position of Head of Product Success at Nudge Secur…

We have had so much fun making The Security Repo Podcast, and we hope you have learned as much as we have along the way. The tides of change have finally reached our shore, and we are sad to announce the departure of Mackenzie Jackson, our original founder, producer, and co-host of the podcast, from our regular episodes. We wish him much success in…

In this episode of The Security Repo Podcast, we explore all things Data Loss Prevention (DLP). We are joined by Daniel Jay, Senior Director of Product Management at GTB Technologies. We start with a quick high-level of the topic of Data Loss Prevention and how we met at the RSA Conference 2024. By the end, we turn the conversation to AI and balanc…

In this episode of The Security Repo Podcast, we look at security automation and how we can engineer our way to better security overall. We are joined, once again by Huxley Barbee, who has been a fixture of the security community for over 20 years. Professionally, he was a security consultant working with customers in finance, insurance, manufactur…

In this episode of The Security Repo Podcast, we take a look at the role developer training and awareness have in improving security.We are joined by Chris Lindsey, Application Security Evangelist at Mend.io. He is a seasoned speaker who has appeared at conferences, webinars, and private events. Chris draws on expertise from more than 15 years of d…

In this episode of The Security Repo Podcast, we dive deep into how AI is helping the Red, Blue, and Purple teams and how we can leverage ChatGPT to stay ahead of attackers. We are joined once again by Jason Haddix Founder, CEO and Head of Training at Arcanum Information Security. He is also the creator of the Arcanum Cyber Security Bot:https://cha…

In this episode of The Security Repo Podcast, we dive deep into a rather troubling phenomenon: scammers who target senior citizens. We are joined by Anita Nikolich, a speaker and a university-based cybersecurity researcher specializing in network security and cryptocurrency analytics. She joins us as the founder and co-principal Investigator of DAR…

In this episode of The Security Repo Podcast, we dive deep into a pervasive cybersecurity issue: open data buckets. Joined by Glen Helton, Director of Information Security at a major multinational and founder of the Sky Witness Project, we explore how improperly secured cloud storage—commonly known as "open buckets"—can expose sensitive data to the…

In this episode of The Security Repo, we sit down with Jossef Harush Kadouri, a pioneer in software supply chain security and founder of Dustico, now part of Checkmarx. Jossef shares his journey from startup to acquisition, detailing the ever-evolving landscape of supply chain attacks. We explore how malicious actors are exploiting open-source ecos…

This episode we are joined by Avi Douglen, Founder and CEO of Bounce Security. Avi, a key figure in the security community and former OWASP chapter chair. The discussion covers the significance of OWASP, its resources, threat modeling and Avi's personal journey within the organization.Listeners will gain insights into the concept of value-driven th…

Today we sit down with Bobby Kuzma, Director of Offensive Cyber Operations at Pro Circular and adjunct professor at the University of Washington. Bobby shares his unique journey into the world of penetration testing, including how he accidentally acquired his CISSP certification. We delve into the fascinating world of offensive security, discussing…

Today we welcome J Wolfgang Goerlich, an advisory CISO, mentor, and strategist. We delve into the intricacies of security design frameworks and the importance of building and maintaining relationships in the cybersecurity field. Wolfgang shares his expertise on creating effective security programs, fostering trust within teams, and navigating the c…

Today we dive into the fascinating world of nuclear energy and cybersecurity with Andrew Elliot, a senior manager at KPMG's cybersecurity team. Andrew shares his journey from a nuclear engineer to a cybersecurity expert, providing unique insights into the importance of security culture, the resurgence of nuclear energy, and the critical role of cyb…

In this episode of The Security Repo, we dive deep into the world of threat modelling with Paul McCarty, a veteran in the field of DevSecOps and founder of SecureStack. Paul shares his journey from being a Unix admin to working with high-profile organizations like NASA and GitLab. We explore the essentials of threat modeling, the significance of cl…

In this episode of The Security Repo, we dive into the fascinating world of cybersecurity with JR Johnson, a seasoned information security professional with over 14 years of experience. JR shares his journey from web development to penetration testing and cybersecurity consulting, highlighting the unique challenges faced by higher education institu…

Join us in this episode of The Security Repo Podcast as we dive into the world of cybersecurity with Brendan Honadle. From his humble beginnings in desktop support to becoming a skilled red teamer, Brendan shares his inspiring journey and fascinating stories from the field. Discover the strategies, tools, and techniques used in offensive security, …

In this episode of The Security Repo, we are thrilled to welcome Sonya Moisset, a Senior Advocate at Snyk and a renowned expert in DevSecOps, cybersecurity, and AI. With a wealth of experience as a public speaker, mentor, and top contributor to the tech community, Sonya shares her deep insights into the evolving landscape of AI in cybersecurity. Jo…