Best Ben McClure Podcasts (2024)

1
A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293 45:18

8h ago45:18

45:18

Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the…

1
Bringing Magic and Wonder to Lancaster Featuring Brett Myers: Episode 152 58:33

4d ago58:33

58:33

In this episode, join Ben & Jeff as they explore the enchanting world of Magic & Wonder Dinner Theater with founder and owner, Brett Myers. Brett and his team's dedication to innovation and creativity have propelled Magic & Wonder to new heights, establishing it as a premier destination for magic enthusiasts. Discover how Brett transformed a simple…

1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292 1:05:00

2h ago1:05:00

1:05:00

Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…

1
Invigorating Lives Through the Performing Arts in Lancaster Featuring Mitch Nugent: Episode 151 48:00

8d ago48:00

48:00

In this episode, we explore the inspiring journey of Mitch Nugent, a visionary leader dedicated to transforming Lancaster's cultural landscape through Prima, a non-profit he co-founded with his wife Diana. With a background steeped in professional theatre, Mitch has directed and produced for millions, shaping Prima into a beacon of creativity and i…

1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291 1:09:02

16d ago1:09:02

1:09:02

How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…

1
A "Golden Gateway" for Pet Adoption Featuring John Plummer: Episode 150 56:10

12h ago56:10

56:10

In this episode, we spotlight Delaware Valley Golden Retriever Rescue (DVGRR), a 501(c)(3) non-profit that has rescued and rehomed over 6,700 dogs in its 30-year history. Based in Reinholds, PA, DVGRR operates a 6.5-acre kennel facility and is one of just four kennel-based Golden Retriever rescues in the US. DVGRR rescues 275-300 dogs annually, ran…

1
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290 1:12:41

21d ago1:12:41

1:12:41

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous sp…

1
Helping Our Most Vulnerable Children Featuring William Zee: Episode 149 1:00:34

6d ago1:00:34

1:00:34

In this episode, we sit down with William J. Zee, a distinguished attorney who has dedicated the past 18 years to advocating for public and private schools, higher education institutions, and community benefit organizations across Pennsylvania and New Jersey. Bill is not only a sought-after public speaker, delivering lectures nationwide on various …

1
Design with a (Re)Purpose Featuring Amy Geib & Lisa Hofmann: Episode 148 49:19

13d ago49:19

49:19

In this episode, join us as we explore the world of repurposed furniture and home decor with Amy Geib and Lisa Hoffman from Always Never Done. Their shop specializes in revitalizing old pieces, blending vintage charm with contemporary flair. Discover their unique design aesthetic that seamlessly merges the past with the present. Learn about their s…

1
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289 1:01:09

18d ago1:01:09

1:01:09

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.n…

1
Changing the World Together Featuring Alisha Fitzwater: Episode 147 56:42

20d ago56:42

56:42

In this episode, we explore the heartwarming mission of GiGi's Playhouse Lancaster, the first and only Down syndrome achievement center in Pennsylvania. Since opening in 2020, they've provided free purposeful programming to individuals of all ages with Down syndrome and their families in Lancaster County and beyond. Join us as we delve into their t…

1
Learning EBPF - Liz Rice - ASW Vault 37:16

26d ago37:16

37:16

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of …

1
From Incarceration to Workforce Reentry Featuring Reinaldo Rivera: Episode 146 54:14

27d ago54:14

54:14

In this episode, we meet Reinaldo Rivera Hernández, Associate Director of Tec Centro at The Spanish American Civic Association (SACA) in Lancaster, PA. With over 16 years at SACA, Reinaldo's passion lies in supporting at-risk populations. Originally from Puerto Rico, he's made Lancaster his home for 35+ years. With degrees in Human Services and Spa…

1
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288 38:36

1M ago38:36

38:36

Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-288…

1
Steps to Success Featuring Michelle Harbaugh & Adriana Witman: Episode 145 58:09

1M ago58:09

58:09

In this episode, we uncover the remarkable journeys of Michelle Harbaugh and Adriana Witman, whose dedication to early education has shaped Steps to Success. Michelle Harbaugh, Executive Director: With a BSE in Elementary Education, Michelle's teaching career led her from Lancaster to Philadelphia before founding Steps to Success. Her vision merges…

1
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287 1:12:08

2M ago1:12:08

1:12:08

Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and …

1
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault 30:32

2M ago30:32

30:32

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…

1
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault 36:23

2M ago36:23

36:23

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. Show Notes: https://securityweekly.com/vault-asw-9…

1
Honoring Service & Sacrifice With Kristy Orzechowsky Of Vet 21: Episode 144 43:24

2M ago43:24

43:24

Join us as we pay tribute to fallen veterans, learn about flag folding traditions, and understand the importance of Memorial Day versus Veterans Day. Joining Ben and Jeff is Kristy Orzechowsky, a Vet 21 Salue Honor Guard and hero. Discover the significance of Taps, the rifle volley, and the role of Vet 21 Honor Guard in honoring our heroes. Find ou…

1
Gardner's & Tempur-Pedic - A 23 Year History in Lancaster: Episode 143 57:43

2M ago57:43

57:43

By Jeff Giagnocavo, Ben McClure

1
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286 1:09:05

2M ago1:09:05

1:09:05

Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to d…

1
A Story of Best Friends & Books Featuring Julie Ross : Episode 142 57:15

2M ago57:15

57:15

In this episode, we explore the vibrant world of independent bookstores with Julie, one of the owners of Pocket Books Shop in Lancaster, PA. Alongside her friends Austin and Jess, Julie, embarked on a journey to create a haven for book lovers, emphasizing inclusivity and community. From fulfilling dreams of a life surrounded by books to fostering a…

1
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285 1:06:40

3M ago1:06:40

1:06:40

Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn talks about why the list looks so familiar in many wa…

1
The Art of Opera Featuring Scott Drackley: Episode 141 58:50

3M ago58:50

58:50

In this episode, we are thrilled to welcome Scott Drackley, the Founder and Artistic Director of Penn Square Opera and Penn Square Music Conservatory. Scott's passion for nurturing young, professional opera singers and providing exceptional musical education through Penn Square Opera and Penn Square Music Conservatory shines through in his dedicati…

1
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284 1:04:57

3M ago1:04:57

1:04:57

A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explain…

1
Commitment To Customer Experience: Episode 140 54:54

3M ago54:54

54:54

By Jeff Giagnocavo, Ben McClure

1
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283 1:19:42

3M ago1:19:42

1:19:42

Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now th…

1
Earth Day Special: Conserving Lancaster's Resources Featuring Sallie Gregory: Episode 139 56:57

3M ago56:57

56:57

In this episode, we're joined by Sallie Gregory, the Education Coordinator at the Lancaster County Conservation District. With a focus on watersheds and natural resources, Sallie coordinates teacher professional development, classroom lessons, and in-the-field experiences. She also plays a pivotal role in organizing the Lancaster County Envirothons…

1
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282 1:17:57

3M ago1:17:57

1:17:57

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…

1
Caring for Lancaster's Wildlife Featuring Betsy Shanks: Episode 138 37:47

3M ago37:47

37:47

In this episode, we delve into the remarkable journey of Betsy, whose life took a profound turn on a warm Spring day in April 2010 when she stumbled upon her first orphaned baby squirrel. This serendipitous encounter ignited a passion within her, leading her to leave behind her fast-paced corporate career to embark on a mission of wildlife rehabili…

1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281 1:03:23

4M ago1:03:23

1:03:23

There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…

1
Providing Hot Meals and Hope Featuring Sandra Valdez: Episode 137 53:08

3M ago53:08

53:08

Join us for an inspiring episode as we sit down with Sandra Valdez, Chief Human Services Officer at the Spanish American Civic Association (SACA) in Lancaster, PA. With over two decades of dedicated service to SACA, Sandra's leadership shines as she advocates for the interests of the Latina/o/x community in the Lancaster region. Her extensive backg…

1
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280 1:00:18

4M ago1:00:18

1:00:18

We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel…

Podcasts Worth a Listen

Ben McClure Podcasts

Podcasts Worth a Listen

Quick Reference Guide