app_store_button

google_play_button

Device Banner Block-copy 894x1036

Astu lugude lõputusse maailma

Loe ja kuula

Mackenzie Jackson & Dwayne McDaniel

The security repo is a podcast that focuses on real world security issues we are all facing today. We will take deep dives into news events and have exclusive interviews with security leaders on the ground.

The Security Repo

In this episode of the Security Repo Podcast, Douglas Brush, digital forensics expert and self-proclaimed "CISO Whisperer," shares his journey from early IT consulting to guiding CISOs and boards through complex security decisions. He breaks down his “Dad Bod Security” framework, connecting personal health metrics to meaningful cybersecurity goals, and highlights the need to move beyond vanity KPIs to focus on sustainable security programs. With candid insights on executive communication, legal challenges, and cultural resistance, Douglas offers a blueprint for building trust and progress in modern security leadership.

https://www.linkedin.com/in/douglasabrush/

https://brushcyber.com/

Douglas Brush, the founder of Brush Cyber, excels in data privacy, cybersecurity, litigation, and information governance. His unique combination of technical skills and business insight has earned him the respect and admiration of clients and colleagues.What truly sets Douglas apart is his unwavering dedication to his clients. He understands that protecting data in today’s digital age is a technical challenge and a business imperative. Whether testifying as an expert witness or providing virtual CISO services, Douglas always brings his A-game with an engaging yet intelligent approach. He translates bits and bytes to dollars and cents like no other professional in his field.In fact, he’s so good at what he does that he is a federally court-appointed Court Appointed Neutral (formally known as a “Special Master”) and neutral expert in high-profile litigation matters. 

Douglas Brush is a beacon of light in a world where data breaches and cyberattacks are becoming increasingly common. He is always ahead of what is coming next, and you’d think he’s got his crystal ball. He’s a leader who inspires confidence and empowers organizations to embrace the digital age without fear. With Douglas at the helm, organizations can rest assured that their data is safe, allowing them to focus on their core business objectives and drive growth in the digital economy. Douglas is a heavyweight in his field, with over three decades of experience in information governance, data privacy, cybersecurity, and dispute consulting is second to none. His unique approach, blending technical expertise with a light-hearted touch, sets him apart, making the complex world of cybersecurity and privacy more accessible and engaging. His unique ability to break down complex technical concepts into easy-to-understand language has made him a sought-after speaker at industry events and conferences.

The CISO Whisperer Approach: Security Leadership, Empathy, and ‘Dad Bod’ Metrics – Douglas Brush

Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press

In this episode of the Security Repo Podcast, Avi Press, founder and CEO of Scarf, dives deep into the evolving world of open source observability and its intersection with security. He unpacks how better visibility into software usage can inform both defensive strategies and smarter commercialization, while raising concerns over the concentrated risk in critical open source dependencies. Avi also shares his thoughts on dependency management, security tooling, and the importance of nuanced data collection in a privacy-conscious world.

https://about.scarf.sh/

Avi Press is the Founder and CEO of Scarf, a company focused on open source usage analytics. We process over 2 billion open source package downloads every day. Open source maintainer and advocate. Functional programming enthusiast. Avi serves on the Haskell Foundation board, as well as the Haskell.org committee. Avi is a former engineer at Pandora and is based in Oakland, California

Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press

In this episode of the Security Repo Podcast, Jeffrey Bell, Principal Security Engineer and founder of CatchingPhish.com, discusses the confusion surrounding the naming conventions of threat actor groups across different security vendors. He explains how companies like CrowdStrike, Palo Alto, and Mandiant label the same adversaries with different names due to marketing and commercialization pressures, creating challenges for threat intelligence. Jeffrey also introduces MITRE ATT&CK Groups as a reliable, centralized resource to demystify these aliases and strengthen defenses based on shared TTPs.

https://catchingphish.com

https://attack.mitre.org/groups/

https://github.com/mcdwayne/mitre-gang-lookup

Jeffrey Bell is a Principal Information Security Engineer and Threat Intelligence Lead at a Pharmaceutical Intelligence company. He graduated from UNC-Charlotte with a B.S. in Computer Science, specializing in Cybersecurity. Jeffrey has over 6 years of experience in Threat Intelligence, Incident Response, and Security Engineering. When not working, he writes for his blog, catchingphish.com, and loves to ski! He currently live near the beach in North Carolina.

Decoding Threat Actor Names: Marketing, Confusion & the MITRE Solution – Jeffrey Bell

In this episode of the Security Repo Podcast, David Cross, CISO at Atlassian and former Microsoft, Google, and Oracle security leader, shares his journey from Navy electronic warfare to global cybersecurity leadership. He offers hard-won insights on breaking into the industry, the evolving demands of the CISO role, and the practical impacts of AI on security operations. David also delivers candid advice for aspiring professionals and emphasizes the value of veterans in the cybersecurity workforce.

https://www.linkedin.com/in/david-b-cross-b856657/

David started his work in security with his five years’ active-duty service with the aviation electronic warfare community of the United States Navy. David was awarded with numerous honors including a Navy Achievement Medal, Southwest Asia Service Medal, Armed Forces Service Medal and NATO medal for his combat-based tours. David is now the CISO for Atlassian after 6.5 years as the CISO for the Oracle SaaS Cloud Security organization. Previously, David was a Director and built the Google Cloud Security Engineering organization for 3 years with his preceding 18 years spent with Microsoft in numerous security platform, cloud, product and engineering leadership roles. David is also a Venture Partner with Rain Capital VC. David holds a B.S. in CIS as well as an MBA with a MIS concentration along with 30+ issued patents with all in security technology related areas.

Why Technical CISOs Matter and How AI Is Shaping Security Ops - David Cross on Leading Security

In this episode of the Security Repo Podcast, Dwayne McDaniel sits down with Amy Devine, a systems architect who transitioned from embedded wireless systems to cybersecurity. Amy shares the eye-opening story behind her Blue Team Con talk on how misdirected emails exposed sensitive personal data and what that means for digital identity. The conversation dives deep into privacy, data brokers, and what we sacrifice when companies prioritize convenience over security.

https://github.com/bitsdanceforme/email_scrubbing

https://bitsdanceforme.blog/

https://www.linkedin.com/in/bitsdanceforme/

Amy Devine worked in embedded systems development of wireless protocols before switching over to cybersecurity. She currently works as a Systems Architect for AV while also contributing to her cybersecurity community. Her talks to the local community include securing your email and how to avoid online scams. When she’s not sitting at a keyboard, you can find her working out in her other happy place - her home gym. Or running errands. Or trying to keep up with her kid. Or sleeping. You can find her online at her somewhat out of date website https://bitsdanceforme.blog/

She has a bachelors in Computer Engineering from the University of Illinois and a masters in cybersecurity from DePaul University.

Identity Risks in Email: Your Inbox Might Be Lying About You – Amy Devine

In this episode of the Security Repo Podcast, we sit down with Darren Desmond, a seasoned CISO with a background in UK military intelligence, to unpack his unconventional journey from fish and chips to threat intelligence. He shares how his military forensics experience shaped his InfoSec leadership and dives deep into the evolving role of the CISO in a world increasingly driven by AI. Darren also gives candid insights into AI governance, red flags in hiring, and why the basics of cybersecurity still matter most.https://www.linkedin.com/in/desmondo/Darren Desmond is an information security leader and Certified Information Systems Security Professional with diverse experience in security risk management within the UK Defence sector, global online gambling industry, a major UK telecommunications & media company, a ‘Big Four’ managed services company and latterly as the CISO at one of the UK’s most recognizable brands.

From Military Intel to CISO: Navigating Security Leadership in the Age of AI – Darren Desmond

In this episode of the Security Repo Podcast, we sit down with Martín Villalba, founder of InfoSecMap, to explore how his platform is transforming the way InfoSec professionals discover global events, communities, and CFPs. We dive into the origin story of InfoSecMap, its recent growth surge, and its strategic partnerships with organizations like OWASP. Martín also shares practical advice on building strong security cultures and the importance of addressing root causes over chasing vulnerabilities.https://infosecmap.com/LinkedIn: https://www.linkedin.com/in/wmvillalba/Twitter:https://twitter.com/act1vand0W. Martín VillalbaFounder & Principal, C13 SecurityFounder & Principal, InfoSecMapMartín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.

Mapping the InfoSec Community: Building InfoSecMap & Global Security Events – Martín Villalba

Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx

In this episode of the Security Repo Podcast, François Proulx, VP of Security Research at Boost Security, discusses the evolving threats in software supply chain security, particularly focusing on attacks targeting CI/CD pipelines. He explains how open source tools like "Poutine" are being used both defensively and offensively in the ongoing battle to secure build systems. François also shares his journey into security, lessons from working at Intel, and practical advice on dependency pinning, short-lived credentials, and password best practices.

https://www.linkedin.com/in/francoisp/

https://boostsecurity.io/blog/unveiling-poutine-an-open-source-build-pipelines-security-scanner

[https://nsec.io /](https://nsec.io/)

François is VP of Security Research at BoostSecurity, where he leads the Supply Chain research team. With over 10 years of experience in building AppSec programs for large corporations (such as Intel) and small startups he has been in the heat of the action as the DevSecOps movement took shape. François is one of founders of NorthSec and was a challenge designer for the NorthSec CTF.

Supply Chain Warfare: CI/CD Threats and Open Source Security with François Proulx

In this episode of the Security Repo Podcast, we welcome Srajan Gupta, a security engineer exploring the evolving security implications of Model Context Protocol (MCP) servers. Shrojan breaks down how MCPs act as AI connectors to external systems and the alarming rise in attack surfaces, including tool squatting and indirect prompt injections. The conversation dives into emerging threats, authorization challenges, and how securing MCPs mirrors early API and cloud security lessons.

Srajan Gupta is a security engineer and builder focused on uncovering how systems fail — not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.

Srajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.

Blog - https://srajangupta.substack.com/

BSides LV talk - https://www.youtube.com/watch?v=Wld0VVRMN4c&t=21977s

https://www.linkedin.com/in/srajan-gupta/

Their research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls — and how defenders can close those gaps without slowing down delivery.

Fighting Tool Squatting And Prompt Injection & The Security Gaps In MCP – Srajan Gupta

In this episode of the Security Repo Podcast, we sit down with Matt Torbin to explore his inspiring journey from jazz musician to cybersecurity advocate and leader. We dive deep into the origins and impact of Day of Shecurity, a one-day conference aimed at increasing representation and mentorship for women and non-binary individuals in infosec. Matt also shares innovative ideas around fixing the broken technical interview process, mentorship, and his passion for building inclusive, opportunity-rich communities in cybersecurity.Day of Shecurity:https://securediversity.org/dos/Matt's talk from BSidesLV: “Your Interview Game is Weak: Gamifying Technical Interviews through Role-Playing” https://www.youtube.com/watch?v=3Ih-ul9qe3E&t=14985sLearn more about Fabric: https://github.com/danielmiessler/fabricMatt Torbin has been a driving force in secure software development for over 20 years, influencing all aspects of the software development lifecycle. He began his career as a full-stack engineer with a focus on UI/UX, creating user experiences for renowned brands including the Philadelphia Inquirer, Anthropologie, and VEVO, engaging millions of users.In the last several years, Matt has shifted his focus to information security. In his current role as the Manager of Application Security at Quanata, he collaborates closely with product and engineering teams to advance product security best practices and deliver comprehensive security training. His industry contributions span public speaking, authorship, and community involvement. He has presented at conferences such as DEF CON, BSidesLV, and Day of Shecurity (DoS), authored privacy articles for 2600 Magazine: The Hacker Quarterly, and held key volunteer roles in initiatives including the Packet Hacking Village, Day of Shecurity, and BSidesSF. Among his achievements, he co-founded the DoS conference, realizing his vision for a more inclusive event.Outside of work, Matt mentors emerging professionals in the DoS community. A passionate skateboarder and longboarder, he often spends time with his son at skate parks throughout the San Francisco Bay Area.

Fixing Hiring, Fostering Diversity, and Finding Your Place in Security – Matt Torbin

In this episode of the Security Repo we dive into intent-based access control. This is the concept of limiting access to just what is intended, it sounds simple enough, But how does one understand and define the intent? And more importantly, how to we enforce our intentions with access control? This week's guest is Uri Sarid, he is a man with a long list of credentials and walks us through exactly what is intent-based control and how we can implement it in our organizations. 

About the guest - Uri Sarid 
Uri is responsible for products at Otterize. He is a recovering particle physicist with a 24-year career in high tech. He has co-founded or joined 6 early-stage software companies in the enterprise, consumer, and developer spaces, ran the Nook Cloud for Barnes & Noble, and most recently served as CTO for MuleSoft, where he led the vision, strategy, and architecture for the company. He is the co-creator of the RAML language for API specifications, a member of the OpenAPI Technical Steering Committee, and the holder of 26 patents, as well as a PhD in Theoretical Physics and Astrophysics from Harvard University.

Show Notes
Website: https://otterize.com/
Blog Posts: https://otterize.com/blog
About Otterize: https://tcrn.ch/3KXV4Im

Understanding intent based access control with Uri Sarid

Loe ja kuula

Muud podcastid, mis võivad sulle meeldida ...