Resilient Cyber brings listeners discussions from a variety of Cybersecurity and Information Technology (IT) Subject Matter Experts (SME) across the Public and Private domains from a variety of industries. As we watch the increased digitalization of our society, striving for a secure and resilient ecosystem is paramount.
In this episode, we sit down with Rob Shavell, CEO and Co-Founder of DeleteMe , an organization focused on safeguarding exposed personal data on the public web and addressing user privacy challenges. We dove into a lot of great topics, such as: The rapidly growing problem of personal data ending up on the public web and some of the major risks many may not think about or realize Trends contributing to personal data exposure, from the Internet itself to social media, mobile phones/apps, IoT devic...
In this episode of Resilient Cyber, we sit down with Steve Martano, Partner in the cyber Security Practice at Artico Search, to discuss the recent IANS & Artico Search Publications on the 2025 State of the CISO, security budgets, and broader security career dynamics. Steve and I touched on some great topics, including: The 2025 State of the CISO report and key findings Board reporting cadences for CISO’s and the importance of Boardroom involvement in Cybersecurity The three archetypes of CIS...
Katie Norton discusses her role at IDC, key AppSec trends observed in 2024, and predictions for 2025, including application security posture management (ASPM), platform engineering, SBOM management, and securing AI applications. The conversation covers the platform versus point product debate, the impact of developer tax, and the role of storytelling in cybersecurity, offering insights into the evolving landscape of application security.
In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency. We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks. Ed and I dove into a lot of interesting GenAI Security topics, including: Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information,...
In this episode, we sit down with Sounil Yu , Co-Founder and CTO at Knostic , a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI. Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix. Sounil and I dug into a lot of interesting topics, such as: The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S. Th...
SecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI. In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational r...
In this episode, we sit down with Rajan Kapoor , Field CISO of Material Security , to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management. Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered: Why email and cloud workspaces are some o...
While cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers. And it seems that, unfortunately, cybercriminals aren’t lacking when it comes to identifying new ways to sneak in. Abnormal Security’s Field CISO...
We’ve heard a ton of excitement about AI Agents, Agentic AI, and its potential for Cybersecurity. This ranges in areas such as GRC, SecOps, and Application Security (AppSec). That is why I was excited to sit down with Ghost Security Co-Founder/CEO Greg Martin. In this episode, we sit down with Ghost Security CEO and Co-Founder Greg Martin to chat about Agentic AI and AppSec. Agentic AI is one of the hottest trends going into 2025, and we will discuss what it is, its role in AppSec, and what syst...
In this episode, we will be sitting down with Filip Stojkovski and Dylan Williams to dive into AI, Agentic AI, and the intersection with cybersecurity, specifically Security Operations (SecOps). I’ve been following Filip and Dylan for a bit via LinkedIn and really impressed with their perspective on AI and its intersection with Cyber, especially SecOps. We dove into that in this episode including: What exactly Agentic AI and AI Agents are, and how they work What a Blueprint for AI Agents in Cybe...
In this episode, we sit down with StackAware Founder and AI Governance Expert Walter Haydock. Walter specializes in helping companies navigate AI governance and security certifications, frameworks, and risks. We will dive into key frameworks, risks, lessons learned from working directly with organizations on AI Governance, and more. We discussed Walter’s pivot with his company StackAware from AppSec and Supply Chain to a focus on AI Governance and from a product-based approach to a services-orie...
In this episode, we sit with the return guest, Jim Dempsey. Jim is the Managing Director of the Cybersecurity Law Center at IAPP, Senior Policy Advisory at Stanford, and Lecturer at UC Berkeley. We will discuss the complex cyber regulatory landscape, where it stands now, and implications for the future based on the recent U.S. Presidential election outcome. We dove into a lot of topics including: The potential impact of the latest U.S. Presidential election, including the fact that while there a...
In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left". This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine. We dive into a lot of topics such as: Tyler and Jame’s high-level thoughts on shift left and where it may have went wrong or run into challenges Tyler’s thoughts on the evoluti...
In this episode we sit down Shyam Sankar, Chief Technology Officer (CTO) of Palantir Technologies. We will dive into a wide range of topics, from cyber regulation, software liability, navigating Federal/Defense cyber compliance and the need for digital defense of the modern national security ecosystem. - First off, for those unfamiliar with you and your background, can you tell us a bit about yourself, as well as Palantir? You're a big proponent on the role that software plays now, and will...
In this episode we sit down with Mark Simos to dive into his RSA Conference talk "You're Doing It Wrong - Common Security AntiPatterns" to dig into several painfully true anti-patterns in cybersecurity and how we often are our own worst enemy. - - First off, for those not familiar with you or your background, can you tell us a bit about that. - So you delivered this talk at RSA, focused on Cybersecurity "Anti-Patterns". How did the talk come about and how was it received...
- First off, for folks not familiar with your background, can you tell us a bit about that and how you got to the role you're in now? - We see rapid adoption of AI and security inevitably trying to keep up, where should folks start? - There are some really interesting intersections when it comes to AI and supply chain, what are some of them? - We see a thriving OSS ecosystem around AI, including communities and platforms like Hugging Face. What are some key things to keep in mind here? - AI...
- First off, for those who don't know you, can you tell us a bit about your background? - You've been providing a deep dive talk into how to become a CISO. I'm curious, what made you put together the presentation, and how has it been received so far when you've had a chance to deliver it? - You have broken down what you call "four stages of the journey" that encompasses skills in areas such as Technical, Management, Leadership and Political. This to me comes across ...
In this episode we sit down with Amir Kessler and Aviram Shmueli of AppSec innovator Jit to dive into the complexities of the modern AppSec landscape and explore the emerging Application Security Posture Management (ASPM) ecosystem. - First off, for folks not familiar with your backgrounds, can you tell us a bit about both of your backgrounds and how you got to the roles you're in now? - We're seeing a ton of interest in the topic of ASPM in the AppSec space. What do you think has led ...
- For those that don't know you, can you tell us a bit about your background and your current role? - I know you help lead the ATLAS project for MITRE, what exactly is ATLAS and how did it come about? - The AI threat landscape is evolving quickly, as organizations are rapidly adopting GenAI, LLM's and AI more broadly. We are still flushing out some fundamental risks, threats and vulnerabilities to consider. Why is it so important to have a way to characterize it all? - When it comes to...
In this episode we sit down with GenAI and Security Leader Steve Wilson to discuss securing the explosive adoption of GenAI and LLM's. Steve is the leader of the OWASP Top 10 for LLM's and the upcoming book The Developer's Playbook for LLM Security: Building Secure AI Applications - - First off, for those not familiar with your background, can you tell us a bit about yourself and what brought you to focusing on AI Security as you have currently? - Many may not be familiar with the...
In this episode we sit down with the Founder/CEO of Horizon3.ai to discuss disrupting the Pen Testing and Offensive Security ecosystem, and building and scaling a security startup - from a founders perspective. From HP, to Splunk to JSOC - all leading to founding Horizon3, Snehal brings a unique perspective of business acumen and technical depth and puts on a masterclass around venture, founding and scaling a team and disrupting the industry! --- - For those not familiar with your background who...
In this episode we sit down with Chloe Messdaghi, Head of Threat Intelligence at HiddenLayer, an AI Security startup focused on securing the quickly evolving AI security landscape. HiddenLayer was the 2023 RSAC Innovation Sandbox Winner and offers a robust platform including AI Security, Detection & Response and Model Scanning. - For folks now familiar with you or the HiddenLayer team, can you tell us a bit about your background, as well as that of HiddenLayer? - When you look at the AI land...
- For those not familiar with you and ThreatLocker, can you tell us a bit about yourself and the ThreatLocker team? - When we look out at the endpoint protection landscape, what do you feel some of the most pressing threats and risks are? - There of course has been a big push for Zero Trust in the industry being led by CISA, NIST, and industry. How does ThreatLocker approach Zero Trust when it comes to the Endpoint Protection Platform? - Another thing that caught my eye is the ThreatLocker Allow...
- For folks not familiar with you and your background, can you tell us a bit about that? - How about Resourcely, how did it come about and what problem did you set out to tackle? - Why do you think Cloud Misconfigurations are still so pervasive, despite being fairly well into the Cloud adoption lifecycle? - How have organizations traditionally tried to handle secure configurations, in terms of establishing them, maintaining them, monitoring for drift and so on? - Where do you think we're he...
- First off, for folks now familiar with your background, can you tell us a bit about yourself? - You made the leap from working for a firm to founding your own talent and recruiting company. Can you tell us about that decisions and experience? - Before we dive into specific topics, what are some of the biggest workforce trends you are seeing in cyber currently? I have seen you talk about the pendulum shift from workers to employers on aspects like remote roles, and so on. What is the current dy...
- For folks not familiar with you or the Miggo team, can you tell us a bit about your background? - How do you define ADR and why do you think we have seen the need for this new category of security tooling to come about? - Most organizations are struggling with vulnerability overload, with massive vulnerability backlogs and struggles around vulnerability prioritization. Can you share some insights on how you all tackle this problem? - We're increasingly seeing the AppSec space become more ...
- First off, for those that don't know you or your work, would you mind telling us a bit about your background? - You recently published a paper titled "Secure-by-Design at Google" which got a lot of attention. Can you tell us about the paper and some of the key themes it emphasizes? - In the paper you discuss some of the unique aspects of software that are different from mass-produced physical systems. Such as their dynamic and iterative nature. On one hand you mention how the ri...
- First off, for folks that don't know you, can you tell us a bit about your current role and background? - On that same note, can you tell the audience a bit about Anduril, the mission of the organization and some of the current initiatives it is working on? - What are some of the biggest challenges of being a new entrant in a space such as the DoD, which has longstanding system integrators and large prime contractors who have deep relationships, industry expertise/experience and so on? - ...
- For those that don't know you or haven't come across you quite yet, can you tell us a bit about your background in tech/cyber and your role with GitHub? - What exactly is the GitHub Advisory Database and what is the mission of the team there? - There's been a big focus on vulnerability databases, especially lately with some of the challenges of the NVD. What role do you see among the other vulnerability databases in the ecosystem, including GHAD and how it fits into the ecosyste...
- For those don't know your background or Nucleus Security, can you start by telling us a bit about both? - You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process? - When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help? - Going broader, we have seen a re...
