In this episode of the Paranoids podcast, our hosts — Shawn and Steven — explore their colleagues’ work to secure the software supply chain. Starting with the one question you’re all asking: What does that even mean in a world of open-source software?!  Join us in conversation to hear discussion on:  Defining Supply Chain Security (2:36) The Prolific Nature of Open Source  (4:38)Improving The Developer Experience (6:36)Explaining Common Supply Chain Security Attacks  (7:30)  The Different...

Summer is one of our favorite times of the year — and not just because of the beach days. Every year, we host (and learn from) interns from colleges and universities worldwide.  In this episode of the podcast, former intern — and current Paranoid — Alden Schmidt and GRC Security analyst Chris Faulkner, who leads the internship program, talk about: Defining the Program (2:20) Alden’s Internship Presentation (7:44) Discovering the Program, Applying (10:40) Last Summer’s Projects, High Lights...

The nature of leadership has changed as we’ve all moved from our offices to our living rooms. For the Paranoids, that means adjusting how we all grow together. Join this conversation to hear about: Our Approach (2:18)Squads, Organizing and Leading Remote Teams (6:12)Tea Time, Fostering Relationships  (11:11)Defcon, Getting Together (13:30)Remote Culture Requires an All-In Approach (18:47)Host: Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance) Guests: Will Chilcutt...

The podcast welcomes its first outside guest: Jason Haddix, a bug bounty veteran who has participated in hundreds of programs over his career. He joins the Paranoids’ team — Arjun Govindaraju and Jonathon Robin — who run our program’s strategy and operations.   Over the course of roughly 45 minutes or so, they discuss:  ‘What makes the Paranoids’ program COOL?!’ (3:43)The Importance of Scope (5:50)Live Hacking Events (15:27)The Art of Recon  (24:04)The Bug Bounty Lifecycle (32:20)Advice for...

Addressing cyber risk within the business is a challenging task for any security team to manage on their own. This places a premium on the Paranoids' relationship with engineering teams.  An especially necessary one when conducting an expedited patch across the organization for an internet-wide weakness. Namely,  Log4Shell. In this episode of the  podcast,  join Yahoo CTO Aengus McClean and Chief Paranoid Sean Zadig in conversation about:  The Working Relationship (1:00) Security...

In our second podcast covering the Paranoids’ approach to remediating the Log4Shell vulnerability, Steven Asifo talks to Sadiah Choudhry and Lisa Hulen — who work inside Yahoo’s Vulnerability Management team responsible for handling newly disclosed security vulnerabilities.  They discuss:  The Elements of Vulnerability Management (2:46)Defining a NewVuln (4:40)What’s an S-Bug?! (12:15)Responding to an Unprecedented Event (15:31)A Companywide Culture of Collaboration (19:03)Big Takeaways...

Arguably among the most consequential – and widespread – security vulnerabilities of the past decade, Log4Shell impacted nearly every company doing business on the Internet Yahoo was no different.  Listen to this episode, as the Paranoids explore how FIRE (the Forensics, Incident Response, Engineering Team) responded to a widespread vulnerability at scale:  The Role of Incident Response (2:20)Hunting for Log4Shell… with Arkime (6:37) Trust in Running Large-Scale Investigations (11:50)Incident...

Have you ever just wondered why so many security teams are shrouded in opacity?! Us, too.  That’s why we’re launching a podcast. So you can get the opportunity to know the Paranoids more deeply. And learn what we’re about, what our mission is, and why we love doing what we do. Listen in to this inaugural episode to:  Meet our CISO, Sean Zadig: 1:22 Hear about our seven operating, principles: 6:27   Learn more about the Paranoids history and our organizational pillars: 13:42Discover why...

Security teams tend to be black boxes. From the outside-in, it isn't easy to discern their culture. Or what makes them unique.  So, to ensure the Paranoids can be more transparent, both to the security industry community — and those thinking about joining us in our mission! — we're launching a podcast.  Throughout our episodes, we plan on surfacing the expertise of our team by introducing our colleagues. Mostly, so you can hear what makes them Paranoid.  We'll publish our first episode will...