Security Conversations

At age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity. Lena joins Ryan on the show to tell stories from her childhood, the decisions that carved a path for a successful career in security, the anguish of imposter syndrome, the joys of building a modern security program, and impressive tech innovation moving the security needle.

Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop (https://securityconversations.com/on-disrupting-gov-malware-attacks/) on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surrounding all of these conversations. Follow Patrick on Twitter (https://twitter.com/howelloneill).

After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...

Ron Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells services and products that work across IT and OT environments for effective cyber security, controls and management.

This is the republication of an interview first conducted in March 2013 with then-VUPEN chief executive Chauki Bekrar. The audio file was lost in several podcast platform transfers and I'm glad to be able to retain this interview for historical purposes. The recording was conducted in the hallways of the CanSecWest Pwn2Own hacking contest in 2013 where Bekrar's team of hackers demo'd a zero-day attack against Microsoft Internet Explorer 10 on Windows 8, an exploit that bypassed all mitigations including the browser sandbox. We chat about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Own hacker contest. (Please excuse the audio quality and background chatter, this was recorded with a small handheld device in a noisy room).

Journalist-turned-intel analyst Selena Larson joins the podcast to discuss the nuances of cybersecurity journalism, making the shift to analyzing intelligence and writing for a private audience, the ransomware epidemic, and the state of critical infrastructure security. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Gusto chief security officer Frederick 'Flee' Lee talks about his passion for democratizing security, solving problems for small businesses, the responsibilities of being a black security leader, and the people and experiences that influenced him along the way. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

TechCrunch security writer Zack Whittaker stumbled into journalism while in college and has carved a successful career covering cybersecurity the last decade. He joins the podcast to talk about landing at ZDNet out of university and some lucky breaks along the way. Zack also talks about the trials of living and working with Tourette syndrome. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Netflix security leader Jason Chan talks about the connections between ultra-marathons and running a robust security program, his view of the defender's top priorities, the talent shortage in cybersecurity, and the shifting patterns that drive secure code delivery. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

After a career in government that included physical security work for the U.S. State Department, Matt Honea transitioned to Silicon Valley and turned his attention to the cyber-insurance space. He joins the podcast for a frank discussion on cyber-insurance, ransomware payments and trends, and his opinions on innovation in security. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

After a career in diplomacy at the U.S. State Department, Uber's Brooke Pearson headed to Silicon Valley to find a new path in cybersecurity. We chat about her early interest in Russia and international relations, a life-changing chance encounter during an airport layover, using non-traditional skills to find success in tech, and her passion for helping minorities find meaningful careers in security. Disclosure: Ryan produces this podcast in his personal capacity. Opinions expressed are personal and do not construe an official endorsement or business relationship of his employer with any product or service.

[ DISCLAIMER: These are the personal opinions of Tim MalcomVetter and do not construe an official endorsement or business relationship of his employer with any product or service. ] Walmart Red Team lead Tim MalcomVetter joins the podcast to talk about red-team/blue team dynamics, the adversarial relationship between the two sides, the mentality of a determined attacker, and why everyone in cybersecurity should give jiu-jitsu a try. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Hacker-turned-entrepreneur Matt Suiche reminisces about the hacking scene in France, his introduction to memory forensics and how his research led to presenting at Microsoft's Blue Hat, the grind of building and selling a company, and his passion for supporting young security researchers in developing countries. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Mobile security pioneer Collin Mulliner talks about the early days of hacking PalmOS devices, the current state of smartphone platforms, his work on securing self driving cars, and why he built and open-sourced a firmware analyzer tool. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Hitch Partners principal Michael Piacente dishes on the cybersecurity job market during an economic crisis, the intricacies of recruiting top-flight security talent, the high rate of turnover among CISOs, and why companies should spend more time on writing better job descriptions. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Security industry pioneer Dave Aitel dishes on entrepreneurship, fostering a "one team, one parking lot" culture, how lessons from his time at the NSA still guides his decisions, and his approach to blunt, honest marketing. We also discuss a shared passion for Brazilian Jiu-Jitsu and his work supporting Project Grapple in Miami. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

Former Chief Security Scientist at Bank of America, Sounil Yu, explains why he created the Cyber Defense Matrix framework and how organizations are using it to drive visibility and security decisions in multiple places. We discuss securing "cattle vs pets," the next era of security innovation, and the increasing security poverty line that hurts small- and medium-sized businesses. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.

In an industry where 10-15% of staff are women, Akamai's security team is 40% women and growing. Chief security officer Andy Ellis joins the podcast to share lessons on practical things -- some subtle, some major -- that pushed real diversity on Akamai's security team. Disclosure: Ryan Naraine is a security strategist at Intel Corp. Ryan produces this podcast in his personal capacity and the views and opinions expressed in these recordings do not necessarily reflect the positions and views of Intel Corp. or any of its subsidiaries.