In this Spotlight Podcast, In this Spotlight episode of the Security Ledger podcast, I interview Chris Walcutt of DirectDefense about the rising cyber threats facing operational technology (OT). Chris and I talk about how organizations that manage OT – including critical infrastructure owners – are being targeted by sophisticated cyber actors and the strategies best suited to manage increased cyber risks to OT environments. [Video Podcast] | [MP3] |...

In this Spotlight episode of the Security Ledger podcast, I interview Jim Broome, the President and CTO of the managed security service provider DirectDefense. Jim and I talk about the findings of DirectDefense’s latest Security Operations Threat Report and dig into the intriguing ways artificial intelligence (AI) is shaping both cyberattack and defense automation strategies. [Video Podcast] | [MP3] | [Transcript] One of the things I’ve noticed is that the growth and...

In this episode of The Security Ledger Podcast (#257) Paul speaks with Dennis Kengo Oka, a senior principal automotive security strategist at the firm Synopsys about the growing cyber risks to automobiles as connected vehicle features proliferate in the absence of strong cybersecurity protections. [Video Podcast] | [MP3] | [Transcript] Almost from the get-go, automobiles symbolized a kind of dynamic and restless American identity. The auto industry epitomized U.S.’s...

In this episode of The Security Ledger Podcast (#256) Paul speaks with Gary McGraw of the Berryville Institute of Machine Learning (BIML), about that group’s latest report: an Architectural Risk Analysis of Large Language Models. Gary and Paul talk about the many security and integrity risks facing large language model machine learning and artificial intelligence, and how organizations looking to leverage artificial intelligence and LLMs can insulate themselves from those risks....

In this episode of The Security Ledger Podcast (#255) Paul speaks with Niels Provos – a cybersecurity luminary who helped build Google’s security team from the ground up. Paul and Niels talk about his latest project: the Cyberhouse-Collective, which hopes to inspire new generations of cybersecurity professionals by fusing infosec themes with Electronic Dance Music (EDM), and we check out some of his own music, released under the moniker Activ8te [Video Podcast] | [MP3] |...

In this Security Ledger Podcast (#254), I speak with Dennis Giese, an independent security researcher and world-renowned IoT device hacker. Dennis is famous for his investigations into the workings of robot vacuum cleaners made by firms like iRobot, Roborock, Dreame and Shark. In this conversation, Dennis and I talk about the evolution of vacuums into smart, autonomous robots bristling with cameras and microphones and capable of collecting reams of data about you and your surroundings. He...

In this Spotlight episode of the Security Ledger podcast, I interview Chris Petersen, the CEO and founder of RADICL, about his company’s mission to protect small and midsized businesses serving the defense industrial base, which are increasingly in the cross-hairs of sophisticated, nation-state actors.  [MP3] [Video] [Transcript] The companies that serve the U.S. and other militaries have always been at the top of the target list for so-called “advanced persistent threat” cyber...

In this Security Ledger Podcast interview from earlier this year, Tanya Janca of the group We Hack Purple (now SemGrep), talks with Security Ledger host Paul Roberts about the biggest security mistakes that DevSecOps teams make, and application development’s “tragedy of the commons,” as more and more development teams lean on open source code. [Video Podcast] | [MP3] | [Transcript] Editor’s note: since recording this conversation with Tanya, We Hack Purple was acquired...

In this episode of the podcast, host Paul Roberts speaks with Colin O’Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home’s electric oven – and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff. [Video Podcast] | [MP3] | [Transcript] There is no shortage of interesting talks at this year’s Black Hat Briefings in Las Vegas – with everything from an address by the...

In this Spotlight episode of the Security Ledger podcast, I interview David Monnier, the CIO and Chief Evangelist at the firm Team Cymru (pron. kum–ree) about the evolution of the threat intelligence space and the growing need for what Team Cymru calls “Threat Reconnaissance,” a process for leveraging organization-specific threat intel to help root out and neutralize malicious campaigns targeting an organization. [MP3] [Video] [Transcript] “Cyber threat intelligence” is...

In this episode of the podcast, host Paul Roberts speaks with Boyd Multerer, CEO of the firm Kry10 about the firm’s technology: a secure operating system for the Internet of Things and about how the challenges of managing modern, connected devices demands new tools and platforms for securing those devices. [Video Podcast] | [MP3] | [Transcript] The Internet of Things is growing – and fast. Data from the firm IoT Analytics  shows that the number of global IoT connections...

In this episode of the podcast, I speak with Window Snyder (@window), the founder and CEO of Thistle Technologies about the (many) security challenges facing Internet of Things (IoT) devices and her idea for making things better: Thistle’s platform for secure development and deployment of IoT devices. [Video Podcast] | [MP3] | [Transcript] The growth of the Internet of Things is one of the most significant developments in information technology over the last two...

In this Spotlight episode of the Security Ledger podcast, I interview Richard Bird, the CSO of the firm Traceable AI about the challenge of securing application programming interfaces (APIs), which are increasingly being abused to steal sensitive data. [MP3] [Transcript] The term “API economy” has been given to the emergence of business models and business practices designed and built around the use of APIs – or Application Programming Interfaces. APIs, today, are...

In this episode of the Security Ledger Podcast, Paul speaks with Steve Orrin, the Federal CTO at Intel Corp. Steve talks about his work representing Intel and its technologies to the Federal Government and the impact of the recent passage of the CHIPS Act, a huge federal investment in promoting domestic manufacturing of semiconductors. We also talk about the growing focus within the federal space on software supply chain security and how firms like Intel are responding to calls for greater...

In this Spotlight episode of the Security Ledger podcast, I interview Itsik Kesler, the CTO of the threat intelligence firm Kela about the evolution of threat intelligence and findings from the company’s latest State of Cybercrime Threat Intelligence report. [MP3] | [Transcript] In the last decade, so-called “cybercrime threat intelligence” has gone from being the specialty of three letter intelligence agencies to a standard part of many enterprise security portfolios....

In this episode of the Security Ledger Podcast, Paul speaks with Jill Moné-Corallo, the Director of Product Security Engineering Response at GitHub. Jill talks about her journey from a college stint working at Apple’s Genius bar, to the information security space – first at product security at Apple and now at GitHub, a massive development platform that is increasingly in the crosshairs of sophisticated cyber criminals and nation-state actors. [MP3]...

In this episode of the Security Ledger Podcast, Paul speaks with Caleb Sima, the CSO of the online trading platform Robinhood, about his journey from teenage cybersecurity phenom and web security pioneer, to successful entrepreneur to an executive in the trenches of protecting high value financial services firms from cyberattacks. [MP3] | [Transcript] These days, every business is online and a huge – and growing – chunk of business activity is transacted online. The...

In this Spotlight episode of the Security Ledger podcast, I interview Jack Naglieri, the CEO and founder of Panther, about the evolution of incident response, the failures of the current generation of SIEM technology and the growing need for what Naglieri terms “detection engineers” – security analysts who can use their coding skills to create fine grained detections. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen...

In this episode of the Security Ledger podcast, we interview Josh McCarthy, the co-founder of Revelstoke Security, about the challenge of launching a start-up just as the COVID pandemic was breaking across the globe and forcing society – and the economy – into lockdown. We also talk about the growing demand for Security Orchestration, Automation and Response (or SOAR) technology to make sense of the storm of security data and feeds, and Revelstoke’s unique approach to managing security...

In this episode of the Security Ledger podcast, we interview Matt Salisbury of Honey Badger HQ, about his anti-fraud startup and how AI and machine learning are breathing new life (and potency) into knowledge-based authentication. If you find it interesting, check out the rest of our Life After the Password series of podcasts. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us...

In this episode of the Security Ledger podcast, brought to you by ReversingLabs, we interview Danny Adamitis (@dadamitis) of Black Lotus Labs about the discovery of ZuoRAT, malware that targets SOHO routers – and is outfitted with APT-style tools for attacking the devices connected to home networks. As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and Spotify. Or, check us out on Google...

In our latest podcast, Paul caught up with Chris Hoff (@Beaker) on the sidelines of the Black Hat Briefings to talk about his new role as Chief Secure Technology Officer (CSTO?) at the password management firm LastPass, what the CSTO role entails and how companies need to do more to confront the security implications of “software eating the world.” You can listen to our podcast using the player below, or check it out on iTunes, Spotify, Stitcher, Radio Public and [name your favorite podcast...

In our latest podcast, Paul caught up with Sick Codes (@sickcodes) to talk about his now-legendary presentation at the DEF CON Conference in Las Vegas, in which he demonstrated a hack that ran the Doom first person shooter on a John Deere 4240 touch-screen monitor. Software security often operates in a zone that is well removed from the understanding and awareness of the general public. DEF CON, the annual DEF CON hacking conference, makes a point to bridge that divide in...

We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable."