The Security Podcast of Silicon Valley

A hacker who got kicked out of college for finding their vulnerabilities, became a national hacking champion, and is now building what he calls a sovereign-level cyber weapon. Alexis Lingad, founder of Kinosec, built an autonomous AI system that chains exploits across web, IoT, and physical infrastructure the same way a real attacker would, and he's already using it to sell AI pen testing to enterprise security teams. Tune in to hear how he's building the weapon before the bad guys do. 

Alexis: www.linkedin.com/in/alexis-lingad
Kinosec: www.kinosec.ai
Jon: www.linkedin.com/in/jon-mclachlan
Sasha: www.linkedin.com/in/aliaksandr-sinkevich
YSecurity: www.ysecurity.io

🔒 Sponsored by YSecurity

Closing a big deal and getting hit with a vendor questionnaire, SOC 2 request, or pen test requirement? That's exactly what we handle.

YSecurity embeds a team of security engineers with backgrounds from Apple, Uber, Microsoft, Robinhood, and Brex directly into your company. No full-time hire, no bloated retainer. You set a monthly cap and we handle everything.

Book a free strategy call and we'll tell you exactly where you stand.

👉 Book your free call: 30 Min Meeting | YSecurity.io | Cal.com

👉 Learn more: YSecurity | On-Demand Cybersecurity Team for Startups — SOC 2 in 5 Months

Google has said to be concerned about quantum computing by 2029. Kevin Kane, Co-Founder and CEO of American Binary, argues that timeline is already too relaxed and that companies treating post-quantum as a future problem are the ones most exposed right now. He breaks down what a real quantum-resilient architecture takes, why formal verification matters, and what harvest attacks mean for every encrypted message sent today.

Kevin Kane: www.linkedin.com/in/iamkevinpkane
American Binary: https://www.ambit.inc
Jon: www.linkedin.com/in/jon-mclachlan
Sasha: www.linkedin.com/in/aliaksandr-sinkevich
YSecurity: www.ysecurity.io

🔒 Sponsored by YSecurity

Closing a big deal and getting hit with a vendor questionnaire, SOC 2 request, or pen test requirement? That's exactly what we handle.

YSecurity embeds a team of security engineers with backgrounds from Apple, Uber, Microsoft, Robinhood, and Brex directly into your company. No full-time hire, no bloated retainer. You set a monthly cap and we handle everything.

Book a free strategy call and we'll tell you exactly where you stand.

👉 Book your free call: 30 Min Meeting | YSecurity.io | Cal.com

👉 Learn more: YSecurity | On-Demand Cybersecurity Team for Startups — SOC 2 in 5 Months

Security incidents don't end when the threat is contained. They end when you can confirm no sensitive data left the building and most teams can't confirm that. Pranava Adduri and George Gerchow of Bedrock Data joined the show to talk through what data visibility actually looks like at enterprise scale, why the office of no is dead, and what a DBOM has to do with AI compliance. Together they make the case that data-first security isn't just a better posture, it's the only posture that survives an AI-driven enterprise.

Pranava Adduri: www.linkedin.com/in/padduri

George Gerchow: www.linkedin.com/in/georgegerchow

Bedrock Data: www.bedrockdata.ai

Jon: www.linkedin.com/in/jon-mclachlan

Sasha: www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: www.ysecurity.io

🔒 Sponsored by YSecurity

Closing a big deal and getting hit with a vendor questionnaire, SOC 2 request, or pen test requirement? That's exactly what we handle.

YSecurity embeds a team of security engineers with backgrounds from Apple, Uber, Microsoft, Robinhood, and Brex directly into your company. No full-time hire, no bloated retainer. You set a monthly cap and we handle everything.

Book a free strategy call and we'll tell you exactly where you stand.

👉 Book your free call: 30 Min Meeting | YSecurity.io | Cal.com

👉 Learn more: YSecurity | On-Demand Cybersecurity Team for Startups — SOC 2 in 5 Months

Your printers know your passwords. They store credentials for your email server, your file shares, and your LDAP. Jim LaRoe, founder of Symphion, explains why 99% of enterprise printers sit at factory defaults, and what a single forgotten device actually costs you.

Jim: www.linkedin.com/in/jim-laroe

Symphion: www.symphion.com

Jon: www.linkedin.com/in/jon-mclachlan

Sasha: www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: www.ysecurity.io

🔒 Sponsored by YSecurity

Closing a big deal and getting hit with a vendor questionnaire, SOC 2 request, or pen test requirement? That's exactly what we handle.

YSecurity embeds a team of security engineers  with backgrounds from Apple, Uber, Microsoft, Robinhood, and Brex directly into your company. No full-time hire, no bloated retainer. You set a monthly cap and we handle everything.

Book a free strategy call and we'll tell you exactly where you stand.

👉 Book your free call: 30 Min Meeting | YSecurity.io | Cal.com

👉 Learn more: YSecurity | On-Demand Cybersecurity Team for Startups — SOC 2 in 5 Months

The biggest AI mistake companies make isn't picking the wrong tool,  it's not understanding the dependencies underneath it. Jacob and Stephen from Talbot West share how they map entire organizations to find the right AI entry point, why LLMs are overhyped, and what technologies are actually underrated right now.

Jacob: www.linkedin.com/in/jacobandra
Stephen: www.linkedin.com/in/stephenkarafiath
Talbot West: www.talbotwest.com
Jon: www.linkedin.com/in/jon-mclachlan
Sasha: www.linkedin.com/in/aliaksandr-sinkevich
YSecurity: www.ysecurity.io

You can have perfect infrastructure—and still be talking to the wrong person.

In this episode, Jasson Casey (Beyond Identity) breaks down why identity—not infrastructure—is the real security boundary, how passwords created today’s vulnerabilities, and what a future without “moving secrets” looks like. If you’re building or scaling a company, this is a shift you can’t ignore. Listen now.

Jasson: www.linkedin.com/in/jassoncasey
Beyond Identity: www.beyondidentity.com
Jon: www.linkedin.com/in/jon-mclachlan
Sasha: www.linkedin.com/in/aliaksandr-sinkevich
YSecurity: www.ysecurity.io

Is your security team drowning in noise while your developers struggle to keep up? Neatsun Ziv, CEO of Ox Security, explains why traditional "Shift Left" strategies have failed and how applying business context can help your team focus on the vulnerabilities that actually matter. Listen to the full episode to learn how to turn security into a competitive advantage.

Neatsun: https://www.linkedin.com/in/neatsun-ziv-ab7394/

Ox Security: http://www.ox.security/

Jon: https://www.linkedin.com/in/jon-mclachlan

Sasha: https://www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: https://www.ysecurity.io 

Most security decisions fail when the people doing the work don’t have the information they need. Garrett Smith, Founder and CEO of Reveal Technology and a Marine Corps Reserve Lieutenant Colonel, explains how bottom-up product design changes defense outcomes—and what business leaders can learn about building technology people actually adopt. Listen to learn how compliance, procurement, and mission pressure shape what ships and what stalls.

Garrett: https://www.linkedin.com/in/wgarrettsmith/

Reveal Technology: https://www.revealtech.ai

Jon: https://www.linkedin.com/in/jon-mclachlan

Sasha: https://www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: https://www.ysecurity.io

AI agents can delete your production database and tell you everything is fine. Graham Neray, Co-Founder and CEO of Oso, breaks down why AI agents introduce a new level of risk for growing SaaS companies. If you’re adding AI to your product, moving upmarket, or selling into regulated industries, your authorization model is no longer a backend detail—it’s a growth dependency. Listen in to learn how automating least privilege protects your product, your customers, and your revenue.

Graham: https://www.linkedin.com/in/grahamneray/

Oso: http://www.osohq.com

Jon: https://www.linkedin.com/in/jon-mclachlan

Sasha: https://www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: https://www.ysecurity.io 

The perimeter will fail. What matters is whether your business turns one incident into a disaster. Andrew Rubin, Founder and CEO of Illumio, explains how breach containment reduces blast radius, why category timing is “luck,” and what leaders must do as AI speeds up attackers and defenders. Listen for a founder-level playbook on building security that scales with growth.

Andrew: https://www.linkedin.com/in/andrewsrubin

Illumio: https://www.illumio.com

Jon: https://www.linkedin.com/in/jon-mclachlan

Sasha: https://www.linkedin.com/in/aliaksandr-sinkevich

YSecurity: https://www.ysecurity.io