September 7, 2021
Dylan Ayrey, Founder and CEO of Truffle Secure, joins for thought-provoking on how open-source projects, and Tuffle Hog in particular, are helping everyone build a more secure, resilient, transparent future.
How do you find secrets in a GitHub repo, including your Git history? Are you skeptical that open-source projects can be used to build a real company, or, secure software? What's the difference between Community and Open-Source? Why should engineers care about Open-Source projects, but especially engineers early in their careers? How do you make the case to build an Open-Source in a big company?
August 24, 2021
Fredrick Lee ("Flee"), the CSO of Gusto, joins for a thought-provoking, bold, and honest discussion on the importance of diversity when building engineering teams in general and security teams in particular.
Flee shares humble childhood stories growing up, attending a boarding school in the deep south where he helped teachers with the school's computers and discovered the hacker magazine 2600. He took inspiration from John Lee (aka, John Threat), the first Black Hacker Flee knew and one of the participants in the 90's "Great Hacker War." Flee learned a special appreciation for the purity of the challenging puzzles behind security problems, soaking in everything he could from a diverse community of outcasts, with computers acting as the great equalizer.
But also, what is it about diversity that produces resiliency in teams and products? Building diverse teams is the right thing to do socially, but is it also the correct thing to do technically? Absolutely, but why? Further, what roles do collaborations and open-source play in the security community? Finally, Flee describes some of the best days he's had as the CSO at Gusto, one of them going back to Gusto's internal response to George Floyd's murder.
August 10, 2021
Michael Brooks, CISO at Trava, joins for a thought-provoking discussion of cyber risk, ransomware attacks, business preparedness, and risk management.
The fundamental core issue behind all cybersecurity initiatives is data security. If we don't understand the value of our data, then what do we have? The question we might need to be asking ourselves: Can your business function without it? If not, then it's business-critical, and should be protected.
July 26, 2021
Join me for an interview with Prakash Darji, General Manager of Digital Experience Business Unit at Pure Storage, for a lively discussion on the future of storage and security.
Everything from Pure Storage's recent Portworx acquisition to recovering quickly from ransomware, take a sneak peek into the future of storage and security as Prakash sees it.
July 1, 2021
Join me for an interview with Leigh Honeywell. As founder and CEO of Tall Poppy, she's building tools and services to help companies protect their employees from online harassment and abuse.
Together, we share many vulnerable and authentic moments as we explore online harassment, abuse, and how Tall Poppy helps humans navigate difficult situations while still building a thriving business that makes the web better for all of us.
June 17, 2021
An interview with Wesley Belleman, Cyber Warfare Operator at the California Air National Guard and System Engineer at Palo Alto Networks, and his journey through Security Operations in the United Space Space Force.
In this episode, we dive into what a SOC is, how new technology changes our ability to respond to threats, and what the open problems are still open. We explore the cultural differences between civilian and military security operations and discuss various open-source projects such as Security Onion or MITRE Att&ck that can be used to build your own SOC.
So what will the future of SOC's look like? Wes echo's Anton Chuvakin predictions that SOC's will be entirely automated, likely within our lifetimes, but not soon.
June 3, 2021
An interview with Daniel Feldman, Cloud Security Architect at HPE (formerly Scytale.io), as we discuss his journey through service authentication with the open standard SPIFFE and the implementation SPIRE.
In this episode, Daniel tells the story of how he came across this problem of authentication at Veritas Technologies, why he joined a small startup Scytale.io to continue focusing on his security journey, and touch on what it's like at Hewlett Packard Enterprise. We end on a forward-looking note on what the future of cloud security might look like, with many challenging and open cloud security problems out there.
Daniel is happy to meet others with similar interests and experiences, so in that spirit, he is open to connecting and sharing stories and ideas. He can be reached on LinkedIn or Twitter as d_feldman.
May 17, 2021
An interview with Andrew Gontarczyk, Chief Information Security Officer at Pure Storage, on the challenges of building a security team.
When is the right time for a company to build a security team? What types of Security Teams are there (Product Security, Infrastructure Security, DevSecOps, Red Team, Blue Team, Purple Teams), and what do they do? As a security leader, how do you influence the rest of a company towards a more secure posture? What are your favorite interview questions, and why? What role does diversity play in your team building? What's your leadership style? Even with a security team in place, what still keeps you up at night?
May 6, 2021
Join me for an interview with Anand Ganesh, Founding Software Architect at Hammerspace, to discuss how storageless data solves traditional B2B storage security problems.
What is storageless data? How does Hammerspace encrypt data at rest? How do disaster recovery, backup, and snapshot data protection mechanisms work in Hammerspace? Why does data-as-a-service eliminate the need for fail-overs (passive-to-active transitions)? How do permissions work? How does intelligent data classification work in Hammerspace? How does Hammerspace help a customer recover from a ransomware attack? Do we have to trust our storage vendors such as AWS, Google, Azure, or even on-prem data centers? How do you securely delete data in a globally distributed system, like Hammerspace?