Best Izar Tarandach Podcasts (2024)

1
Innovations in Threat Modeling? 31:36

6d ago31:36

31:36

In this episode of The Security Table, hosts Chris Romeo, Izar Tarandach, and Matt Coles dive into the evolving concept of threat models, stepping beyond traditional boundaries. They explore 'Rethinking Threat Models for the Modern Age,' an article by author Evan Oslick. Focusing on user behavior, alert fatigue, and the role of psychological accept…

1
The Illusion of Secure Software 40:18

6d ago40:18

40:18

In this episode of The Security Table Podcast, hosts ChriS, Izar and Matt dive into the recent statement by CISA's Jen Easterly on the cybersecurity industry's software quality problem. They discuss the implications of her statement, explore the recurring themes in security guidelines, and debate whether the core issue is with people or technology.…

1
The Intersection of Hardware and Software Security 30:25

1M ago30:25

30:25

In this episode of The Security Table, Chris, Izar, and Matt discuss an article that discusses threat modeling in the context of hardware. They explore the intersection of hardware and software security, the importance of understanding attack surfaces, and the challenges posed by vulnerabilities in hardware components, such as speculative execution…

1
Computing Has Trust Issues 46:09

13d ago46:09

46:09

Join us in this episode of The Security Table as we dive into the world of cybersecurity, starting with a nostalgic discussion about our favorite security-themed movies like 'Sneakers,' 'War Games,' and 'The Matrix.' We then shift gears to explore a critical topic in modern computing: the vulnerabilities and implementation issues of Secure Boot. Di…

1
CSCP S4EP18 - James Berthoty - What The heck is ASPM and the evolution of Product security 46:09

26d ago46:09

46:09

Join us for an engaging episode as we welcome James Berthoty, a seasoned cybersecurity professional with a diverse background spanning sysadmin, DevOps, and security engineering roles. James takes us through his journey across different organizations, including his current role at PagerDuty, where he tackles the intricate challenges of FedRAMP comp…

1
The Stages of Grief in Incident Response 24:05

2M ago24:05

24:05

Join Chris, Izar, and Matt as they sit around the Security Table to dissect and discuss the different stages of dealing with security incidents. In this episode, they explore the developer's stages of grief during an incident, and discuss a recent large-scale IT incident. They share insights from their multi-decade experience in security, analyze t…

1
To SSH or Not? 28:08

2M ago28:08

28:08

In this episode of 'The Security Table,' we are back from our midsummer break to discuss OpenSSH regression vulnerability. We dig into the nuances of this race condition leading to remote code execution, explore the chain of security updates, and the role of QA in preventing such regressions. We debate the necessity of SSH in modern cloud-native en…

1
CSCP S4EP18 - Marius Poskus - Who mention about non technical CISO - ASPM and Running application security programs from CISO perspective 32:09

1M ago32:09

32:09

Join us as we explore the evolving application security landscape with Marius Poskus, VP of Glow Financial Services and a seasoned cybersecurity professional. In this episode, we delve into the increasing adoption of open-source code and AI in startup development, examining the potential impacts on code security amid rapid innovation pressures. Mar…

1
Rethinking Security Conferences: Engagement and Innovation 26:04

2M ago26:04

26:04

In this episode Chris, Matt, and Izar discuss the current state of security conferences and gatherings for professionals in the field. They discuss the value and viability of different types of gatherings, the importance of networking and community-building at events, innovative approaches to conference formats and the need for something more engag…

1
Privacy vs. Security: Complexity at the Crossroads 35:48

3M ago35:48

35:48

In this episode of the Security Table, Chris, Izar, and Matt delve into the evolving landscape of cybersecurity. The episode has a humorous start involving t-shirts and Frogger as a metaphor for the cybersecurity journey, the conversation shifts to the significant topic of cybersecurity being at a crossroads as suggested by a CSO Online article. Th…

1
CSCP S4EP17 - Adam Shostack - Threat modelling in past and future with Adam Shostack from vulnerability to ASPM and modern application security 33:00

3M ago33:00

33:00

Join us in this insightful episode of the Cybersecurity and Cloud Podcast, where host Francesco Cipollone sits down with the pioneer of threat modeling, Adam Shostack. Dive into the intricacies of Application Security Posture Management (ASPM), effective threat modeling practices, and the innovative solutions offered by Phoenix Security. Gain valua…

1
Security, Stories, Jazz and Stage Presence with Brook Schoenfield 52:04

3M ago52:04

52:04

In this episode of 'The Security Table,' hosts Chris Romeo, Izar Tarandach, and Matt Coles are joined by Brook Schoenfield, a seasoned security professional, to share insights and stories from his extensive career. The conversation covers Brook's experience in writing books on security, lessons learned from his 40-year career, and personal anecdote…

1
Debating the CISA Secure by Design Pledge 39:41

3M ago39:41

39:41

In this episode of 'The Security Table,' hosts Chris Romeo, Matt Coles, and Izar Tarandach discuss the CISA Secure by Design Pledge, a recent initiative where various companies commit to improving software security practices. The hosts critique the pledge, arguing that many of the signatory companies have long been focused on software security, mak…

1
CSCP S4EP15 - Akira Brand - Singing the Tune of Application Security with Akira Brand 32:34

3M ago32:34

32:34

Join us for an in-depth discussion on the challenges and strategies of Application Security Program Management (ASPM) in today's fast-evolving tech landscape. Francesco Cipollone welcomes guest Akira Brand, a seasoned application security engineer and cybersecurity consultant, to explore practical insights into securing applications in the cloud an…

1
CSCP S4EP16 - Irene Michlin - Threat Modelling in the age of AI 37:31

3M ago37:31

37:31

Listen in as we navigate the crucial role of threat modeling in the landscape of application security with our esteemed guest, Irene Michlin, the application security lead at Neo4j. Together, we peel back the layers of integrating a developer's insight into the security process and how it fortifies the software development lifecycle. Irene's journe…

1
Why Developers Will Take Charge of Security, Tests in Prod 48:10

4M ago48:10

48:10

The script delves into a multifaceted discussion encompassing critiques and praises of book-to-movie adaptations like 'Hitchhiker's Guide to the Galaxy', 'Good Omens', and 'The Chronicles of Narnia'. It then transitions to a serious examination of developers' evolving role in security, advocating for 'shift left' and DevSecOps approaches. The conve…

1
12 Factors of Threat Modeling 45:39

4M ago45:39

45:39

Chris, Matt and Izar share their thoughts on an article published by Carnegie Mellon University’s Software Engineering Institute. The list from the article covers various threat modeling methodologies such as STRIDE, PASTA, LinDoN, and OCTAVE methodology for risk management. They emphasize the importance of critical thinking in the field, provide i…

1
XZ and the Trouble with Covert Identities in Open Source 43:54

4M ago43:54

43:54

Matt, Izar, and Chris delve into the complexities of open source security. They explore the topics of trust, vulnerabilities, and the potential infiltration by malicious actors. They emphasize the importance of proactive security measures, the challenges faced by maintainers, and propose solutions like improved funding models and behavior analysis …

1
CSCP S4EP14 - Izar Tarandach - The Future of Threat Modeling and Product Security, with Izar Tarandach 39:00

4M ago39:00

39:00

This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security pr…

1
Nobody's Going To Mess with Our STRIDE 39:31

5M ago39:31

39:31

Matt, Izar, and Chris take issue with a controversial blog post that criticizes STRIDE as being outdated, time-consuming, and does not help the right people do threat modeling. The post goes on to recommend that LLMs should handle the task. The trio counters these points by highlighting STRIDE's origin, utility, and adaptability. Like any good inst…

1
CSCP S4EP13 - Josh Goldberg - Crafting Secure Applications in the Age of AI with Josh Goldberg 38:10

5M ago38:10

38:10

A dev perspective on application security: Dive deep into the pivotal nexus of cybersecurity, application security, and software development in our latest podcast episode featuring Josh Goldberg, a renowned figure in the TypeScript ecosystem. This episode sheds light on the evolving realm of secure coding practices, acknowledging the progress achie…

1
SQLi All Over Again? 37:55

5M ago37:55

37:55

Chris, Matt, and Izar discuss a recent Secure by Design Alert from CISA on eliminating SQL injection (SQLi) vulnerabilities. The trio critiques the alert's lack of actionable guidance for software manufacturers, and they discuss various strategies that could effectively mitigate such vulnerabilities, including ORMs, communicating the why, and the i…

1
How I Learned to Stop Worrying and Love the AI 42:19

6M ago42:19

42:19

Dive into the contentious world of AI in software development, where artificial intelligence reshapes coding and application security. We spotlight the surge of AI-generated code and the incorporation of copy-pasted snippets from popular forums, focusing on their impact on code quality, security, and maintainability. The conversation critically exa…

1
CSCP S4EP12 - Raj Umadas - Diving Deep into Cybersecurity and Application Security Journey exploring Frontiers with Maestro Raj Umadas 38:10

6M ago38:10

38:10

What does it take to get into application security from pentesting? Will AI replace the role of product security? How do you start an application security program and write a book about it? Join us on the Cybersecurity and Cloud Podcast as we welcome the insightful Raj Umadas, head of InfoSec at Ackblue, for a vibrant discussion on the varied pathw…

1
Secure by Default in the Developer Toolset and DevEx 43:46

6M ago43:46

43:46

Matt, Chris, and Izar talk about ensuring security within the developer toolset and the developer experience (DevEx). Prompted by a recent LinkedIn post by Matt Johansen, they explore the concept of "secure by default" tools. The conversation highlights the importance of not solely relying on tools but also considering the developer experience, sug…

1
Debating the Priority and Value of Memory Safety 34:58

6M ago34:58

34:58

Chris, Izar, and Matt tackle the first point of the recent White House report, "Back to the Building Blocks: a Path toward Secure and Measurable Software." They discuss the importance of memory safety in software development, particularly in the context of critical infrastructure. They also explore what memory safety means, citing examples like the…

1
CSCP S4EP11 - Derek Fisher - Strengthening Digital Defenses Inside Application Security and the Role of AI in Cybersecurity 32:33

6M ago32:33

32:33

Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today. Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified applicati…

1
Selling Fear, Uncertainty, and Doubt 41:09

6M ago41:09

41:09

Matt, Izar, and Chris discuss the impact of fear, uncertainty, and doubt (FUD) within cybersecurity. FUD is a double-edged sword - while it may drive awareness among consumers, it also leads to decision paralysis or misguided actions due to information overload. The saturation of breach reports and security threats also desensitizes users and blurs…

1
Prioritizing AppSec: A Conversation Between a VP of Eng, a Product Manager, and a Security "Pro" 37:09

7M ago37:09

37:09

Prompted by fan mail, Chris, Izar, and Matt engage in a role-playing scenario as a VP of engineering, a security person, and a product manager. They explore some of the challenges and competing perspectives involved in prioritizing application security. They highlight the importance of empathy, understanding business needs and language, and buildin…

1
CSCP S4EP10 - David Matousek - Will Ai replace Product Security? automation vs experteese 23:53

7M ago23:53

23:53

Will AI replace the role of product security? This is an enlightening conversation with David Matousek exploring the intersection between automation and product security in application security. Join us on this enlightening journey with David Matousek, as we explore the intriguing world of product security within the cybersecurity realm. Listen in …

1
Villainy, Open Source, and the Software Supply Chain 32:02

7M ago32:02

32:02

Matt, Izar, and Chris have a lively discussion about how security experts perceive open-source software. Referencing a post that described open source as a 'hive of scum and villainy,' the team dissects the misconceptions about open source software and challenges the narrative around its security. They explore the complexities of the software suppl…

1
Adam Shostack -- Thinking like an Attacker and Risk Management in the Capabilities 46:23

7M ago46:23

46:23

Threat modeling expert Adam Shostack joins Chris, Izar, and Matt in this episode of the Security Table. They look into threat actors and their place in threat modeling. There's a lively discussion on risk management, drawing the line between 'thinking like an attacker' and using current attacker data to inform a threat model. Adam also suggests tha…

1
CSCP S4EP09 - Micheal Smith - Code to Network Reachability how to use WAF to prioritize vulnerabilities 39:00

7M ago39:00

39:00

This is an enlightening conversation with Michael Smith exploring the intersection between vulnerabilities, DDoS and WAF technologies. Join us as we reconvene with cybersecurity virtuoso Michael Smith, Field CTO at Verkara, for a rerecording further to explore the fascinating intersection of cybersecurity and cloud technology. Listen in as Michael …

1
Bug Bounty Theater and Responsible Bug Bounty 27:13

7M ago27:13

27:13

Izar, Matt, and Chris discuss the effectiveness of bug bounty programs and delve into topics such as scoping challenges, the ethical considerations of selling exploits, and whether it is all just bug bounty theater. The hosts share their insights and opinions on the subject, providing a thought-provoking discussion on the current state of bug bount…

1
Threat Modeling Capabilities 41:57

8M ago41:57

41:57

This week around the Security Table Matt, Izar and Chris discuss the recently-published Threat Modeling Capabilities document. They explore how capabilities serve as measurable goals that organizations either possess or lack, contrasting the binary nature of capabilities with the continuum of maturity. The team shares insights on the careful defini…

1
CSCP S4EP08 - Jay Jacobs - A Conversation with Jay Jacobs: Exploring the Future of Vulnerability Management and Data Science 43:09

8M ago43:09

43:09

This is an enlighting conversation with Jay Jacobs - Exploring the Future of Vulnerability Management and Data Science Unlock the secrets of cybersecurity's intricate dance with data science as I, Francesco Cipollone, sit down with tech wizard J Jacobs, co-founder of Cyanthia. Prepare to be captivated by J's inspiring tech odyssey, from his youthfu…

1
Open Source Puppies and Beer 40:34

8M ago40:34

40:34

Chris, Izar, and Matt address the complexities of open-source component usage, vulnerability patches, civic responsibility, and licensing issues in this Security Table roundtable. Sparked by a LinkedIn post from Bob Lord, Senior Technical Advisor at CISA, they discuss whether software companies have a civic duty to distribute fixes for vulnerabilit…

1
AppSec Resolutions 47:44

8M ago47:44

47:44

Join us for the final episode of The Security Table for 2023. Chris, Izar, and Matt answer fan mail, make fun predictions for the upcoming year, discuss their resolutions for improving cybersecurity, and make a call to action to global listeners. Highlights include the reach of the podcast, explaining Large Language Models (LLMs), Quantum LLMs, Sof…

1
CSCP S4EP07 - Caleb Sima - A Conversation with Caleb Sima - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future 40:08

8M ago40:08

40:08

This is an enlighting conversation with Caleb Sima a returning guest on the podcast - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future. Join us for the return of an esteemed guest, Caleb, for an engaging conversation with cybersecurity veteran Caleb Sima on our latest podcast episode. Caleb, known for his significant cont…

1
The Impact of Prompt Injection and HackAPrompt_AI in the Age of Security 1:04:38

9M ago1:04:38

1:04:38

Sander Schulhoff of Learn Prompting joins us at The Security Table to discuss prompt injection and AI security. Prompt injection is a technique that manipulates AI models such as ChatGPT to produce undesired or harmful outputs, such as instructions for building a bomb or rewarding refunds on false claims. Sander provides a helpful introduction to t…

1
CSCP S4EP06 - Jitender Arora - Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora 31:34

9M ago31:34

31:34

Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra AroraJoin us for a transformative discussion with Jitendra Arora, the non-South Europe CISO at Deloitte, as we unravel the narrative around the talent shortage in cybersecurity. Jitendra brings a fresh perspective that emphasizes the need for creativity a…

1
Looking Back, Looking Forward 46:14

9M ago46:14

46:14

Join Izar, Matt, and Chris in a broad discussion covering the dynamics of the security community, the evolving role of technology, and the profound impact of social media on our lives. As the trio considers what they are most thankful for in security, they navigate a series of topics that blend professional insights with personal experiences, offer…

1
CSCP S4EP05 - Christian Ghigliotty - Product security and effective application security programs 31:14

10M ago31:14

31:14

Get ready to embark on a captivating journey into application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise yo…

1
CVSS 4.0 Unleashed with Patrick Garrity 58:26

10M ago58:26

58:26

Patrick Garrity joins the Security Table to unpack CVSS 4.0, its impact on your program, and whether or not it will change the game, the rules of how the game is played, or maybe the entire game. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listenin…

1
An SBOM Lifecycle 45:39

10M ago45:39

45:39

Aditi Sharma joins Matt, Izar, and Chris around the Security Table to discuss Software Bill of Materials (SBOMs). The team discusses potential advantages as well as challenges of SBOMs in different contexts such as SaaS solutions, physical products, and internal procedures. The episode also explores the importance of knowing what software component…

1
An SBOM Fable 37:17

10M ago37:17

37:17

Join Chris, Matt, and Izar for a lively conversation about an article that offers 20 points of "essential details" to look for in a Software Bill of Materials (SBOM). They dissect and debate various points raised in the article, including generating SBOMs, the necessary components, and how to gauge the quality of this digital inventory. Their criti…

1
CSCP S4EP04 - Christopher Russell - Veteran Resiliency mesh security and blockchain 38:28

10M ago38:28

38:28

Christopher Russell is the CISO at tZERO Group, a Mesh Security advisor, and a NightDragon Advisor. He is currently getting a PhD in Cybersecurity with a focus on Blockchain Security at DSU. His military intel background helps him keep cool under even the most stressful work situations. In this episodes, Francesco and Chris discuss identity and sec…

1
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations 20:09

11M ago20:09

20:09

Matt, Chris, and Izar discuss the recently published "NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations." They review each point and critically analyze the document's content, pointing out areas where the terminology might be misleading or where the emphasis should be shifted. As they work through the top ten list, sever…

1
The Future Role of Security and Shifting off the Table 54:58

11M ago54:58

54:58

The Security Table gathers to discuss the evolving landscape of application security and its potential integration with development. Chris posits that application or product security will eventually be absorbed by the development sector, eliminating the need for separate teams. One hindrance to this vision is the friction between security and engin…

1
CSCP S4EP03 - Steve Springett - To BOM or to SBOM this is the question 37:20

11M ago37:20

37:20

Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and …

Podcasts Worth a Listen

Izar Tarandach Podcasts

Podcasts Worth a Listen

Quick Reference Guide