In this episode of The Security Repo, Dwyane McDaniel and Marc Boorshtein delve into the intricacies of Kubernetes dashboard security. Marc, the CTO of Tremolo Security, brings his extensive experience in identity and access management to the table, discussing the challenges and best practices for securing Kubernetes dashboards. The conversation ex…

Join us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code…

Today we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for im…

This week, we dive deep into the world of Kubernetes with John Dietz, co-founder of Kubefirst and a seasoned IT professional with over two decades of experience. John shares his extensive insights into the transformative power of Kubernetes and infrastructure as code (IaC) in modern cloud environments. Reflecting on his personal journey from skepti…

In this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's c…

In this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solut…

In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software dev…

This week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity.From his early days attending DefC…

This episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into prac…

In this episode of the Security Repo podcast, listeners will dive into the intriguing world of hacking the hackers with Vangelis Stykas. Stykas, a notable figure in cybersecurity, shares his experiences and methodologies for compromising C2 servers—central nodes used by hackers to control malware-infected computers. He reveals how simple web applic…

In this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importanc…

In this episode of The Security Repo, Jayson E. Street delves into his unconventional journey into cybersecurity, emphasizing the essence of hacking as a manifestation of curiosity rather than mere technical skill. He shares anecdotes from his extensive experience in ethical hacking, including bank heists and corporate security breaches, to undersc…

In this episode of "The Security Repo," hosts Dwayne McDaniel and Mackenzie Jackson delve into the intricate world of cybersecurity with Buck Bundhund, an expert from Centripetal Networks. The conversation kicks off with an exploration of the pervasive issue of data noise – the influx of non-intended data into organizational networks, posing signif…

In security you have likely heard the expression turtles all the way down, the concept the world is held up on the back of a turtle who is standing on the back other another turtle, and so on.. This can be used to describe the current state of security, where everything can dramatically fall over if the bottom turtle fails. In this episode, we disc…

In this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for s…

In this episode, Mackenzie and Dwayne dive into a discussion on API security with special guest Isabelle Mauny, co-founder and CTO of 42Crunch. We walk through the differences API security has compared with traditional application security, and its growing importance in today's technology landscape. We also have a discussion about the challenges an…

In this episode of The Security Repo, Mackenzie Jackson sits down with Nipun Gupta, the Chief Operating Officer of Bearer, a leading security company at the forefront of innovation in the cybersecurity landscape. Join us as we delve deep into the world of Static Application Security Testing (SAST) and explore why traditional SAST tools are struggli…

In this episode of "The Security Repo," your hosts Mackenzie Jackson and Dwayne McDaniel are joined by a distinguished guest, Dan Barahona, as they embark on an eye-opening exploration of API security. As the digital landscape evolves at breakneck speed, APIs (Application Programming Interfaces) have become the backbone of modern applications, maki…

In this episode of The Security Repo, your hosts Mackenzie Jackson and Dwyane McDaniel are joined by the brilliant Reanna Schultz, a seasoned expert in the field of cybersecurity. Together, they delve deep into the world of social engineering, exploring what it is, how to detect it, and crucially, how to arm your staff against its deceptive tactics…

In this eye-opening episode of The Security Repo, we welcome James Wickett, the CEO and co-founder of DryRun Security, a visionary in the realm of cybersecurity. James unveils a groundbreaking concept known as "Contextual Security," a game-changer that empowers developers with unprecedented security insights while they write code.As our hosts and c…

In this captivating episode of The Secuerity Repo, we delve into the world of physical security with our esteemed guest, Brice Self. With over a decade of experience in the field, Brice brings a wealth of knowledge and real-world insights to the table.This episode takes a deep dive into the intricate aspects of physical security, particularly in hi…

In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi. Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some researc…

With the rapid development of AI we are often left wondering if AI is our friend or foe in security. In this episode, I sit down with Simon Maple from Snyk to discuss just that. We explore the different applications of AI in security and where the future is going. It's an interesting discussion so you don't want to miss it!Show Links: Snyk.io Blog:…

Application security can be a difficult task at all levels of a company. But as a start-up grows into an enterprise, or existing companies evolve. How do you effectively scale your security program? We have an amazing guest, Jeevan Sinhg who is the director of product security at Twilio and he is here to talk about how to scale an application secur…

One of the many advantages of the cloud revolution is that SaaS products are continuously updated, security issues are patched quickly, and it's something the consumers are less concerned about. But what about enterprise products, how do you get that same level of update efficiency and security on large on-premise products. This is one of the topic…

Many companies are banning AI systems like ChatGPT to prevent data from being leaked, but is that a viable solution? We sit down with Jeremiah Jeschke, the CEO at OfficeAutomata, to discuss the future of security in a world of ChatGPT and other AI systems. Links: Office Automata: https://officeautomata.com/ Linkedin https://www.linkedin.com/in/jere…

Getting funding to build effective security programs is challenging and often it fails because security leaders are not telling the boardroom the right 'story'. In this episode with Walt Powell we discuss exactly how to overcome these challenges by understanding how to effectively communicate with the board by expressing security challenges into a …

In this episode, we sit down with Daniel Niefeld and Kenneth Nevers to talk about their journey into security, creating security conferences and building grass roots cyber communities. Get your tickets to RedHackCon free (save $200) as a Security Repo Listener use the code HRCGGuardian23 when purchasing tickets https://www.hackredcon.com/ (First 5 …

In this episode, we go on a deep dive with Billy Lynch from Chainguard into application and code signing and how it can be used to ensure the supply chain is legitimate. Billy has an impressive background including spending 8 years at Google before joining Chainguard and not only helps us understand how signing can be used in security but also what…

In this episode, we sit down with Tnaya Janca and discuss her journey from being a developer for government agencies to becoming one of the most recognizable faces in application security and cyber security in general. This episode is especially great for anyone thinking about starting a career in cyber security and wants to know how to get started…

In this episode, we sit down with Vedran Jukic, co-founder and CTO of Code Anywhere and Tomma Pulljak Senior Developer at Code Anywhere to talk about the future of development environments. We go into detail on exactly what cloud development environments are and how they can help keep the remote workforce of today secure. Links: https://codeanywher…

In this episode we sit down with Desi who is an expert in digital forensics. We explore exactly what digital forensics is, how it can be used to catch cyber criminals and what can we do in a breach to preserve evidence. It is a fascinating conversation and full of great information from the inner workings of forensics to the crazy world of deep fak…

Have you ever wanted to know how to hack a bank? If so this is the episode for you (disclaimer, please don't hack banks). Jason Haddix is someone that needs little introduction in the security world. In this Podcast, we were fortunate enough to sit down and discuss Jason's beginnings as a hacker through to how he made it all the way to the board ro…

In this special edition episode, we tracked down a few of the key thought leaders in cyber security around the RSA conference to ask them what they thought were the biggest security concerns for 2023 as well as some key recommendations for organizations to combat them. Their insights were fascinating. This episode features: Feross Aboukhadijeh - Fo…

In this episode we sit down with legendary pen tester Adriel Disatel and Noah Tongate to discuss how modern cyber criminals are operating to deploy modern ransomware attacks. The conversation is full of real life hacking stories and to the point information on how you can protect yourselves against modern threats. Links: Netragard Publications http…

In this episode of the Security Repo we dive into intent-based access control. This is the concept of limiting access to just what is intended, it sounds simple enough, But how does one understand and define the intent? And more importantly, how to we enforce our intentions with access control? This week's guest is Uri Sarid, he is a man with a lon…

APIs are what run the internet today, modern applications are no long monoliths, they are built upon hundreds of microservices and APIs are the glue that connects them. API security, however, is a massive blind spot for many organizations, from misconfigurations to leaked secrets, APIs give attackers ample opportunity to make intrusions into your s…

In this episode we are joined by Brendan O'Leary from ProjectDiscover we learn about the tools that hackers, bug bounty hunters, and red teams use to be able to map infrastructure and find vulnerabilities. Brendan is the head of community for ProjectDiscovery which is a company that builds open-source tools to help organizations find and discover t…

Have you ever wanted to threat model the death star from Star Wars? Well this is one of the many topics we discuss in the latest episode of the Security Repo podcast with our special guest Audrey Long. Audrey is a Senior Security Software Engineer at Microsoft in the Commercial Software Engineering team (CSE), which is a global engineering organiza…

In this episode of The Security Repo we are joined again by Troy Santana from Critical Start to discuss how organizations can set up a Security Operations center regardless of their size. We explore exactly what a security operations center does and why you need one in the current security climate. For more information on Critical Start please chec…

Staff augmentation is the idea of augmenting your internal staff with consultants and tools to give you the collective knowledge of security experts for all teams. We sit down with security consultant Troy Santana to discuss exactly what staff augmentation looks like and how it can be implemented. Troy Santana joins us as a Sales Engineer for Criti…

In this episode, we sit down with Laurent Balmelli, the CEO of Strong Network, to discuss why development environments are vulnerable to malicious actors and how we can move to a secure cloud IDE (Integrated Development Environment). A cloud IDE isn't entirely new but it also isn't changing how developers are working and more importantly how develo…

Ross Haleliuk is a champion for Product Lead Growth (PLG) and in this episode sits down with Mackenzie Jackson to discuss how this concept has changed cyber security products and also how organizations can adopt a product lead growth mindset. Ross is a thought leader in the space and has many interesting publications on the topic, to find out more …

Nathaniel McCallum is the former CTO and co-founder of Profian and an expert in web assembly and confidential computing. This week on the security repo Dwayne McDaniel goes on a deep dive with Nathaniel to understand web assembly and how it relates to security but also peels apart the layers that surround the term confidential computing. It is a fa…

In this episode, we invite Will Kelly to join Mackenzie and Dwyane in a conversation about implementing DevSecOps in software organizations. We tackle what DevSecOps is in reality, how can organizations implement a plan to roll out a DevSecOps approach, and the challenges that surround this. Will Kelly is a freelance writer focused on DevOps and th…

Len Noe is both a white hack hacker and a pioneer in the transhuman movement. Current Len has 8 implants which he uses to enhance his offensive security activities. In this episode, I discuss with Len what Biohacking or bio modifications mean as a security threat and what we can do to defend against this new threat.…

This episode takes a deep dive into the issues all companies face with the software supply chain including open-source dependencies and the credentials that attackers are after.