Guest: Vishwas Manral , CEO at Precize.ai Topic: Why is agent security so different from "just" LLM security? Why now? Agents are coming, sure, but they are - to put it mildly - not in wide use. Why create a top 10 list now and not wait for people to make the mistakes? It sounds like "agents + IAM" is a disaster waiting to happen. What should be our approach for solving this? Do we have one? Which one agentic AI risk keeps you up at night? Is there an interesting AI shared responsibility angle h...
Jan 26, 2026•30 min•Season 1Ep. 260
Guest: Elie Burstein , Distinguished Scientist, Google Deepmind Topics: What is Sec-Gemini, why are we building it? How does DeepMind decide when to create something like Sec-Gemini? What motivates a decision to focus on something like this vs anything else we might build as a dedicated set of regular Gemini capabilities? What is Sec-Gemini good at? How do we know it's good at those things? Where and how is it better than a general LLM? Are we using Sec-Gemini internally? Resources: Video versio...
Jan 19, 2026•34 min•Season 1Ep. 259
Guest: Royal Hansen , VP of Engineering at Google, former CISO of Alphabet Topics: The "God-Like Designer" Fallacy: You've argued that we need to move away from the "God-like designer" model of security—where we pre-calculate every risk like building a bridge—and towards a biological model. Can you explain why that old engineering mindset is becoming risky in today's cloud and AI environments? Resilience vs. Robustness: In your view, what is the practical difference between a robust system (like...
Jan 12, 2026•32 min•Season 1Ep. 258
Guest: Chris Sistrunk , Technical Leader, OT Consulting, Mandiant Topics: When we hear "attacks on Operational Technology (OT)" some think of Stuxnet targeting PLCs or even backdoored pipeline control software plot in the 1980s. Is this space always so spectacular or are there less "kaboom" style attacks we are more concerned about in practice? Given the old "air-gapped" mindset of many OT environments, what are the most common security gaps or blind spots you see when organizations start to int...
Jan 05, 2026•27 min•Season 1Ep. 257
Guest: Bruce Schneier Topics: Do you believe that AI is going to end up being a net improvement for defenders or attackers? Is short term vs long term different? We're excited about the new book you have coming out with your co-author Nathan Sanders "Rewiring Democracy" . We want to ask the same question, but for society: do you think AI is going to end up helping the forces of liberal democracy, or the forces of corruption, illiberalism, and authoritarianism? If exploitation is always cheaper t...
Dec 15, 2025•33 min•Season 1Ep. 256
Guest: Heather Adkins , VP of Security Engineering, Google Topic: The term "AI Hacking Singularity" sounds like pure sci-fi, yet you and some other very credible folks are using it to describe an imminent threat. How much of this is hyperbole to shock the complacent, and how much is based on actual, observed capabilities today? Can autonomous AI agents really achieve that "exploit - at - machine - velocity" without human intervention for the zero-day discovery phase? On the other hand, why may i...
Dec 08, 2025•30 min•Season 1Ep. 255
Guest: Caleb Hoch , Consulting Manager on Security Transformation Team, Mandiant, Google Cloud Topics: How has vulnerability management (VM) evolved beyond basic scanning and reporting, and what are the biggest gaps between modern practices and what organizations are actually doing? Why are so many organizations stuck with 1990s VM practices? Why mitigation planning is still hard for so many? Why do many organizations, including large ones, still rely on unauthenticated scans despite the known i...
Dec 01, 2025•31 min•Season 1Ep. 254
Guests: Sivanesh Ashok , bug bounty hunter Sreeram KL, bug bounty hunter Topics: We hear from the Cloud VRP team that you write excellent bugbounty reports - is there any advice you'd give to other researchers when they write reports? You are one of Cloud VRP's top researchers and won the MVH (most valuable hacker) award at their event in June - what do you think makes you so successful at finding issues? What is a Bugswat? What do you find most enjoyable and least enjoyable about the VRP? What ...
Nov 24, 2025•28 min
Guests: Alexander Pabst , Deputy Group CISO, Allianz Lars Koenig , Global Head of D&R, Allianz Topics: Moving from traditional SIEM to an agentic SOC model, especially in a heavily regulated insurer, is a massive undertaking. What did the collaboration model with your vendor look like? Agentic AI introduces a new layer of risk - that of unconstrained or unintended autonomous action. In the context of Allianz, how did you establish the governance framework for the SOC alert triage agents? Whe...
Nov 17, 2025•36 min•Season 1Ep. 252
Guest: Ari Herbert-Voss , CEO at RunSybil Topics: The market already has Breach and Attack Simulation (BAS), for testing known TTPs. You're calling this 'AI-powered' red teaming. Is this just a fancy LLM stringing together known attacks, or is there a genuine agent here that can discover a truly novel attack path that a human hasn't scripted for it? Let's talk about the 'so what?' problem. Pentest reports are famous for becoming shelf-ware. How do you turn a complex AI finding into an actionable...
Nov 10, 2025•25 min•Season 1Ep. 251
Guest: Balazs Scheidler , CEO at Axoflow , original founder of syslog-ng Topics: Are we really coming to "access to security data" and away from "centralizing the data"? How to detect without the same storage for all logs? Is data pipeline a part of SIEM or is it standalone? Will this just collapse into SIEM soon? Tell us about the issues with log pipelines in the past? What about enrichment? Why do it in a pipeline, and not in a SIEM? We are unable to share enough practices between security tea...
Nov 03, 2025•29 min•Season 1Ep. 250
Guest: Monzy Merza , co-founder and CEO at Crogl Topics: We often hear about the aspirational idea of an "IronMan suit" for the SOC—a system that empowers analysts to be faster and more effective. What does this ideal future of security operations look like from your perspective, and what are the primary obstacles preventing SOCs from achieving it today? You've also raised a metaphor of AI in the SOC as a "Dr. Jekyll and Mr. Hyde" situation. Could you walk us through what you see as the "Jekyll"...
Oct 27, 2025•31 min•Season 1Ep. 249
Guest: Jibran Ilyas , Director for Incident Response at Google Cloud Topics: What is this tabletop thing, please tell us about running a good security incident tabletop? Why are tabletops for incident response preparedness so amazingly effective yet rarely done well? This is cheap/easy/useful so why do so many fail to do it? Why are tabletops seen as kind of like elite pursuit? What's your favorite Cloud-centric scenario for tabletop exercises? Ransomware? But there is little ransomware in the c...
Oct 20, 2025•33 min•Season 1Ep. 248
Guest: David Gee , Board Risk Advisor, Non-Executive Director & Author, former CISO Topics: Drawing from the "Aspiring CIO and CISO" book's focus on continuous improvement, how have you seen the necessary skills, knowledge, experience, and behaviors for a CISO evolve, especially when guiding an organization through a transformation? Could you share lessons learned about leadership and organizational resilience during such a critical period, and how does that experience reshape your approach ...
Oct 13, 2025•29 min•Season 1Ep. 247
Guest: Sumedh Thakar , President and CEO, Qualys Topics: How did vulnerability management (VM) change since Qualys was founded in 1999? What is different about VM today? Can we actually remediate vulnerabilities automatically at scale? Why did this work for you even though many expected it would not? Where does cloud fit into modern vulnerability management? How does AI help vulnerability management today? What is real? What is this Risk Operations Center (ROC) concept and how it helps in vulner...
Oct 06, 2025•37 min•Season 1Ep. 246
Guest: Rick Caccia , CEO and Co-Founder, Witness AI Topics: In what ways is the current wave of enterprise AI adoption different from previous technology shifts? If we say "but it is different this time", then why? What is your take on "consumer grade AI for business" vs enterprise AI? A lot of this sounds a bit like the CASB era circa 2014. How is this different with AI? The concept of "routing prompts for risk and cost management" is intriguing. Can you elaborate on the architecture and specif...
Sep 29, 2025•34 min•Season 1Ep. 245
Guest: Jon Oltsik , security researcher, ex-ESG analyst Topics: You invented the concept of SOAPA – Security Operations & Analytics Platform Architecture. As we look towards SOAPA 2025, how do you see the ongoing debate between consolidating security around a single platform versus a more disaggregated, best-of-breed approach playing out? What are the key drivers for either strategy in today's complex environments? How can we have both " decoupling " and platformization going at the same tim...
Sep 22, 2025•28 min•Season 1Ep. 244
Guest: Cy Khormaee , CEO, AegisAI Ryan Luo , CTO, AegisAI Topics: What is the state of email security in 2025? Why start an email security company now? Is it true that there are new and accelerating AI threats to email? It sounds cliche, but do you really have to use good AI to fight bad AI? What did you learn from your time fighting abuse at scale at Google that is helping you now How do you see the future of email security and what role will AI play? Resources: aegisai.ai EP40 2021: Phishing i...
Sep 15, 2025•29 min•Season 1Ep. 243
Guest: Augusto Barros , Principal Product Manager, Prophet Security , ex-Gartner analyst Topics: What is your definition of "AI SOC"? What will AI change in a SOC? What will the post-AI SOC look like? What are the primary mechanisms by which AI SOC tools reduce attacker dwell time, and what challenges do they face in maintaining signal fidelity? Why would this wave of SOC automation (namely, AI SOC) work now, if it did not fully succeed before (SOAR)? How do we measure progress towards AI SOC? W...
Sep 08, 2025•34 min•Season 1Ep. 242
Guest: Rick Correa ,Uber TL Google SecOps, Google Cloud Topics: On the 3rd anniversary of Curated Detections, you've grown from 70 rules to over 4700. Can you walk us through that journey? What were some of the key inflection points and what have been the biggest lessons learned in scaling a detection portfolio so massively? Historically the SecOps Curated Detection content was opaque, which led to, understandably, a bit of customer friction. We've recently made nearly all of that content transp...
Sep 01, 2025•32 min•Season 1Ep. 241
Guest: Errol Weiss , Chief Security Officer (CSO) at Health-ISAC Topics: How adding digital resilience is crucial for enterprises? How to make the leaders shift from "just cybersecurity" to "digital resilience"? How to be the most resilient you can be given the resources? How to be the most resilient with the least amount of money? How to make yourself a smaller target? Smaller target measures fit into what some call "basics." But "Basic" hygiene is actually very hard for many. What are your top...
Aug 25, 2025•29 min•Season 1Ep. 240
Guest: Craig H. Rowland , Founder and CEO, Sandfly Security Topics: When it comes to Linux environments – spanning on-prem, cloud, and even–gasp–hybrid setups – where are you seeing the most significant blind spots for security teams today? There's sometimes a perception that Linux is inherently more secure or less of a malware target than Windows. Could you break down some of the fundamental differences in how malware behaves on Linux versus Windows, and why that matters for defenders in the cl...
Aug 18, 2025•25 min•Season 1Ep. 239
Guest: Dominik Swierad , Senior PM D&R AI and Sec-Gemini Topics: When introducing AI agents to security teams at Google, what was your initial strategy to build trust and overcome the natural skepticism? Can you walk us through the very first conversations and the key concerns that were raised? With a vast array of applications, how did you identify and prioritize the initial use cases for AI agents within Google's enterprise security? What specific criteria made a use case a good candidate ...
Aug 11, 2025•32 min•Season 1Ep. 238
Guest: Kim Albarella , Global Head of Security, TikTok Questions: Security is part of your DNA. In your day to day at TikTok, what are some tips you'd share with users about staying safe online? Many regulations were written with older technologies in mind. How do you bridge the gap between these legacy requirements and the realities of a modern, microservices-based tech stack like TikTok's, ensuring both compliance and agility? You have a background in compliance and risk management. How do you...
Aug 04, 2025•29 min•Season 1Ep. 237
Guest: Manija Poulatova , Director of Security Engineering and Operations at Lloyd's Banking Group Topics: SIEM migration is hard, and it can take ages. Yours was - given the scale and the industry - on a relatively short side of 9 months. What's been your experience so far with that and what could have gone faster? Anton might be a "reformed" analyst but I can't resist asking a three legged stool question: of the people/process/technology aspects, which are the hardest for this transformation? ...
Jul 28, 2025•27 min•Season 1Ep. 236
Guest: Anna Gressel , Partner at Paul, Weiss , one of the AI practice leads Episode co-host: Marina Kaganovich , Office of the CISO, Google Cloud Questions: Agentic AI and AI agents, with its promise of autonomous decision-making and learning capabilities, presents a unique set of risks across various domains. What are some of the key areas of concern for you? What frameworks are most relevant to the deployment of agentic AI, and where are the potential gaps? What are you seeing in terms of how ...
Jul 21, 2025•34 min•Season 1Ep. 235
Guest: Svetla Yankova , Founder and CEO, Citreno Topics: Why do so many organizations still collect logs yet don't detect threats? In other words, why is our industry spending more money than ever on SIEM tooling and still not "winning" against Tier 1 ... or even Tier 5 adversaries? What are the hardest parts about getting the right context into a SOC analyst's face when they're triaging and investigating an alert? Is it integration? SOAR playbook development? Data enrichment? All of the above? ...
Jul 14, 2025•38 min•Season 1Ep. 234
Guest: Cristina Vintila , Product Security Engineering Manager, Google Cloud Topic: Could you share insights into how Product Security Engineering approaches at Google have evolved, particularly in response to emerging threats (like Log4j in 2021)? You mentioned applying SRE best practices in detection and response, and overall in securing the Google Cloud products. How does Google balance high reliability and operational excellence with the needs of detection and response (D&R)? How does Go...
Jul 07, 2025•26 min•Season 1Ep. 233
Guest: Sarah Aoun , Privacy Engineer, Google Topic: You have had a fascinating career since we [Tim] graduated from college together – you mentioned before we met that you've consulted with a literal world leader on his personal digital security footprint. Maybe tell us how you got into this field of helping organizations treat sensitive information securely and how that led to helping keep targeted individuals secure? You also work as a privacy engineer on Fuschia , Google's new operating syste...
Jun 30, 2025•32 min•Season 1Ep. 232
Guest: David French , Staff Adoption Engineer, Google Cloud Topic: Detection as code is one of those meme phrases I hear a lot, but I'm not sure everyone means the same thing when they say it. Could you tell us what you mean by it, and what upside it has for organizations in your model of it? What gets better for security teams and security outcomes when you start managing in a DAC world? What is primary, actual code or using SWE-style process for detection work? Not every SIEM has a good set of...
Jun 23, 2025•31 min•Season 1Ep. 231
