Lancaster Connects brings together local charities, local heroes, and local businesses to showcase the best of what Lancaster, PA has to offer so that in 2021 and beyond – our local neighbors and friends may thrive, be more productive, and live happily and generously. The Lancaster Connects Podcast is hosted weekly by Gardner's Mattress & More co-owners Ben McClure & Jeff Giagnocavo, and can be viewed on numerous streaming services as well as listed to on your favorite podcast platforms.
…
continue reading
The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
…
continue reading
![Artwork](/static/images/128pixel.png)
1
A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293
45:18
45:18
Play later
Play later
Lists
Like
Liked
45:18
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Bringing Magic and Wonder to Lancaster Featuring Brett Myers: Episode 152
58:33
58:33
Play later
Play later
Lists
Like
Liked
58:33
In this episode, join Ben & Jeff as they explore the enchanting world of Magic & Wonder Dinner Theater with founder and owner, Brett Myers. Brett and his team's dedication to innovation and creativity have propelled Magic & Wonder to new heights, establishing it as a premier destination for magic enthusiasts. Discover how Brett transformed a simple…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
1:05:00
1:05:00
Play later
Play later
Lists
Like
Liked
1:05:00
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Invigorating Lives Through the Performing Arts in Lancaster Featuring Mitch Nugent: Episode 151
48:00
48:00
Play later
Play later
Lists
Like
Liked
48:00
In this episode, we explore the inspiring journey of Mitch Nugent, a visionary leader dedicated to transforming Lancaster's cultural landscape through Prima, a non-profit he co-founded with his wife Diana. With a background steeped in professional theatre, Mitch has directed and produced for millions, shaping Prima into a beacon of creativity and i…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
1:09:02
1:09:02
Play later
Play later
Lists
Like
Liked
1:09:02
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
A "Golden Gateway" for Pet Adoption Featuring John Plummer: Episode 150
56:10
56:10
Play later
Play later
Lists
Like
Liked
56:10
In this episode, we spotlight Delaware Valley Golden Retriever Rescue (DVGRR), a 501(c)(3) non-profit that has rescued and rehomed over 6,700 dogs in its 30-year history. Based in Reinholds, PA, DVGRR operates a 6.5-acre kennel facility and is one of just four kennel-based Golden Retriever rescues in the US. DVGRR rescues 275-300 dogs annually, ran…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
1:12:41
1:12:41
Play later
Play later
Lists
Like
Liked
1:12:41
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous sp…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Helping Our Most Vulnerable Children Featuring William Zee: Episode 149
1:00:34
1:00:34
Play later
Play later
Lists
Like
Liked
1:00:34
In this episode, we sit down with William J. Zee, a distinguished attorney who has dedicated the past 18 years to advocating for public and private schools, higher education institutions, and community benefit organizations across Pennsylvania and New Jersey. Bill is not only a sought-after public speaker, delivering lectures nationwide on various …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Design with a (Re)Purpose Featuring Amy Geib & Lisa Hofmann: Episode 148
49:19
49:19
Play later
Play later
Lists
Like
Liked
49:19
In this episode, join us as we explore the world of repurposed furniture and home decor with Amy Geib and Lisa Hoffman from Always Never Done. Their shop specializes in revitalizing old pieces, blending vintage charm with contemporary flair. Discover their unique design aesthetic that seamlessly merges the past with the present. Learn about their s…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
1:01:09
1:01:09
Play later
Play later
Lists
Like
Liked
1:01:09
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.n…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Changing the World Together Featuring Alisha Fitzwater: Episode 147
56:42
56:42
Play later
Play later
Lists
Like
Liked
56:42
In this episode, we explore the heartwarming mission of GiGi's Playhouse Lancaster, the first and only Down syndrome achievement center in Pennsylvania. Since opening in 2020, they've provided free purposeful programming to individuals of all ages with Down syndrome and their families in Lancaster County and beyond. Join us as we delve into their t…
…
continue reading
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
From Incarceration to Workforce Reentry Featuring Reinaldo Rivera: Episode 146
54:14
54:14
Play later
Play later
Lists
Like
Liked
54:14
In this episode, we meet Reinaldo Rivera Hernández, Associate Director of Tec Centro at The Spanish American Civic Association (SACA) in Lancaster, PA. With over 16 years at SACA, Reinaldo's passion lies in supporting at-risk populations. Originally from Puerto Rico, he's made Lancaster his home for 35+ years. With degrees in Human Services and Spa…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
38:36
38:36
Play later
Play later
Lists
Like
Liked
38:36
Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-288…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Steps to Success Featuring Michelle Harbaugh & Adriana Witman: Episode 145
58:09
58:09
Play later
Play later
Lists
Like
Liked
58:09
In this episode, we uncover the remarkable journeys of Michelle Harbaugh and Adriana Witman, whose dedication to early education has shaped Steps to Success. Michelle Harbaugh, Executive Director: With a BSE in Elementary Education, Michelle's teaching career led her from Lancaster to Philadelphia before founding Steps to Success. Her vision merges…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287
1:12:08
1:12:08
Play later
Play later
Lists
Like
Liked
1:12:08
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
30:32
30:32
Play later
Play later
Lists
Like
Liked
30:32
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
36:23
36:23
Play later
Play later
Lists
Like
Liked
36:23
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. Show Notes: https://securityweekly.com/vault-asw-9…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Honoring Service & Sacrifice With Kristy Orzechowsky Of Vet 21: Episode 144
43:24
43:24
Play later
Play later
Lists
Like
Liked
43:24
Join us as we pay tribute to fallen veterans, learn about flag folding traditions, and understand the importance of Memorial Day versus Veterans Day. Joining Ben and Jeff is Kristy Orzechowsky, a Vet 21 Salue Honor Guard and hero. Discover the significance of Taps, the rifle volley, and the role of Vet 21 Honor Guard in honoring our heroes. Find ou…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Gardner's & Tempur-Pedic - A 23 Year History in Lancaster: Episode 143
57:43
57:43
Play later
Play later
Lists
Like
Liked
57:43
By Jeff Giagnocavo, Ben McClure
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
1:09:05
1:09:05
Play later
Play later
Lists
Like
Liked
1:09:05
Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to d…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
A Story of Best Friends & Books Featuring Julie Ross : Episode 142
57:15
57:15
Play later
Play later
Lists
Like
Liked
57:15
In this episode, we explore the vibrant world of independent bookstores with Julie, one of the owners of Pocket Books Shop in Lancaster, PA. Alongside her friends Austin and Jess, Julie, embarked on a journey to create a haven for book lovers, emphasizing inclusivity and community. From fulfilling dreams of a life surrounded by books to fostering a…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
1:06:40
1:06:40
Play later
Play later
Lists
Like
Liked
1:06:40
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many wa…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
The Art of Opera Featuring Scott Drackley: Episode 141
58:50
58:50
Play later
Play later
Lists
Like
Liked
58:50
In this episode, we are thrilled to welcome Scott Drackley, the Founder and Artistic Director of Penn Square Opera and Penn Square Music Conservatory. Scott's passion for nurturing young, professional opera singers and providing exceptional musical education through Penn Square Opera and Penn Square Music Conservatory shines through in his dedicati…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
1:04:57
1:04:57
Play later
Play later
Lists
Like
Liked
1:04:57
A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explain…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Commitment To Customer Experience: Episode 140
54:54
54:54
Play later
Play later
Lists
Like
Liked
54:54
By Jeff Giagnocavo, Ben McClure
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
1:19:42
1:19:42
Play later
Play later
Lists
Like
Liked
1:19:42
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now th…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Earth Day Special: Conserving Lancaster's Resources Featuring Sallie Gregory: Episode 139
56:57
56:57
Play later
Play later
Lists
Like
Liked
56:57
In this episode, we're joined by Sallie Gregory, the Education Coordinator at the Lancaster County Conservation District. With a focus on watersheds and natural resources, Sallie coordinates teacher professional development, classroom lessons, and in-the-field experiences. She also plays a pivotal role in organizing the Lancaster County Envirothons…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
1:17:57
1:17:57
Play later
Play later
Lists
Like
Liked
1:17:57
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Caring for Lancaster's Wildlife Featuring Betsy Shanks: Episode 138
37:47
37:47
Play later
Play later
Lists
Like
Liked
37:47
In this episode, we delve into the remarkable journey of Betsy, whose life took a profound turn on a warm Spring day in April 2010 when she stumbled upon her first orphaned baby squirrel. This serendipitous encounter ignited a passion within her, leading her to leave behind her fast-paced corporate career to embark on a mission of wildlife rehabili…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
1:03:23
1:03:23
Play later
Play later
Lists
Like
Liked
1:03:23
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Providing Hot Meals and Hope Featuring Sandra Valdez: Episode 137
53:08
53:08
Play later
Play later
Lists
Like
Liked
53:08
Join us for an inspiring episode as we sit down with Sandra Valdez, Chief Human Services Officer at the Spanish American Civic Association (SACA) in Lancaster, PA. With over two decades of dedicated service to SACA, Sandra's leadership shines as she advocates for the interests of the Latina/o/x community in the Lancaster region. Her extensive backg…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
1:00:18
1:00:18
Play later
Play later
Lists
Like
Liked
1:00:18
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel…
…
continue reading