Initially led by software as a service (SaaS), the transition to the public cloud is one of the most important changes we’ve witnessed in information technology to date. From the early days of SaaS to the current stage where adoption of infrastructure, platform and function as a service (IaaS, PaaS, FaaS) are catching on like wildfire, there’s an increasing awareness that the end state of this shift few aspects of how we do our jobs will be unchanged. This Security Voices episode is the first of...
Sep 05, 2020•1 hr 6 min
If you’ve been laid off, furloughed or are just plain tired of everything, this episode is for you. Kathleen Smith, the longstanding cyber career expert at B-Sides (and beyond) joins us for a dialogue on what’s happening in the security job landscape. Lost your job? Kathleen explains a tried and true process for recovery, reflection and finding your next gig. Not to mention a few surprising options for those who aren’t afraid of a little adventure, such as the military reserves or a job in one o...
Jul 29, 2020•1 hr 20 min
Discussing cryptography is usually a surefire way to end a dinner conversation. It combines two things that intimidate (and bore) many people: hard tech and complex math. In spite of this, cryptography is on center stage today as it is the very foundation of defending our privacy and perhaps unlocking how we can safely share health information in the midst of the pandemic. There are few people who both understand and can explain cryptography in plain English better than Dr. Zulfikar Ramzan, CTO ...
Jul 05, 2020•1 hr 12 min
The average tenure of a CISO is 26 months due to high stress and burnout, according to a recent survey. In stark contrast, Andy Ellis has now been CSO at industry titan Akamai for over 20 years. Jack & Dave explore Andy’s longevity formula in a 70 minute interview that spans everything from his advice to young security leaders to the death of live events and why it’s perfectly fine if your favorite wine is a $16 malbec. While most of our episodes gradually ease into a more focussed conversat...
May 30, 2020•1 hr 24 min
The misinformation spread during the COVID-19 pandemic has made what happened with the 2016 U.S. elections look like the “good old days.” Epidemiologists are on center stage trying to explain complex topics to billions of people concerned for their lives-- and sometimes politicians are aiming to do the same. The multiplier effect is how hopelessly entangled challenging technical issues like end to end encryption and contact tracing via bluetooth on mobile phones are now also being publicly debat...
May 09, 2020•1 hr 3 min
In the midst of the COVID-19 pandemic, it’s easy for thoughts to stray to the apocalypse. Nowhere is this tendency more common than when we talk about robots. Decades of books, movies and television have explored the topic of “when robots attack” and the calamity that follows. Today, domestic robots struggle to make it up the stairs and Siri can’t reliably order take-out… or even take notes. It all feels very far-fetched. And it is. However, if we move past the science fiction and look more clos...
Apr 18, 2020•1 hr 4 min
In this episode we step far beyond the hype cycle and dive into the details of scaling a data science team in the security industry with Dr. Sven Krasser. Sven joined CrowdStrike in the early days and the initial part of the conversation with Dave is an incredibly timely conversation covering how to structure and work with remote teams effectively. The interview was recorded a week before the 2020 RSA Conference in San Francisco when the early impact of COVID19 in the U.S. was just starting to b...
Mar 22, 2020•1 hr 12 min
The second half of our Day Jobs series is the very first Security Voices episode we recorded: Dave interviewing Jack on the origins, shenanigans and future of BSides. Jack charts the history of the conference from its inception at a rental house in Las Vegas with a couple hundred people to today where Security BSides is a global movement that has eclipsed 500 events (and growing). One of the most unique aspects of Security BSides is that anyone can create their own event. It is a nonprofit organ...
Mar 01, 2020•1 hr 3 min
Our February Security Voices episodes are a 2 part series where Jack and I focus on our “day jobs”, starting with the current episode on Open Raven. Part 2 will be the very first podcast we recorded, but never released where Dave interviews Jack on the origins and escapades of B-Sides. This is close as we intend to come to promoting anything explicitly on Security Voices and if you’re completely allergic to even the scent of such things, join us back in March where we’ll pick back up with an int...
Feb 11, 2020•1 hr 4 min
Could you create a fake cyber security company and rack up industry awards overnight? How about fabricating a founder and scoring them impressive job offers? Haroon Meer did both of these recently for a presentation titled “The Products We Deserve” as an exploration and commentary on the state of the industry. Jack, Dave & Haroon take on snake oil in security during an hour long conversation to determine exactly how someone could create a great company amidst the pressures that threaten to p...
Jan 20, 2020•1 hr 9 min
Our 1st episode of 2020 is a story in three parts, beginning with hard fought wisdom of a veteran security practitioner, then diving deep into machine learning (ML) before wrapping up with how both security and AI apply to connected vehicles. The first part of our 74 minute conversation with Josh Lemos is the backstory of how he started his career in cybersecurity as a consultant... and left services to join ServiceNow as a practitioner. His time at ServiceNow lays out a solid formula for fixing...
Jan 04, 2020•1 hr 15 min
While visions of sugar plums might be dancing in children’s heads as we close out 2019, the 2020 elections are occupying the head space of many adults in the U.S. In 2016, the importance of election security was made crystal clear. What’s happened since then? Are we ready for 2020? How do experts believe our defenses will hold up when tested by foreign and even domestic attacks? We spent an hour exploring election security (and more) with Camille Stewart, a cyber security attorney with experienc...
Dec 21, 2019•1 hr 18 min
It all changed one day while Nand was sitting in traffic on the 101 freeway. Why am I doing this? Nand had experienced no less than 4 successful exits of cyber security companies where he was founder or CEO. He was one of the most accomplished cyber security entrepreneurs in the Silicon Valley. At that moment, Nand decided to leave corporate life and set course to start a new phase of his career in the government. His first step was to uproot his family and move them into graduate housing at Sta...
Dec 07, 2019•58 min
The 2nd half of our conversation with Niloo focuses on her recent work in Washington DC where she holds several positions and recently (October 22nd, 2019) testified to Congress on the United State’s cyber security readiness. We begin with the topic of retaliation: What’s the proper response to a cyber attack if you want to discourage future aggression? Is cyber retaliation necessary to defend a country? With the 2020 elections on the horizon, Niloo explains her perspective on influence campaign...
Nov 24, 2019•39 min
There are stories, and then there are “epics”: tales of a journey so full of unexpected twists and excitement that you’re left wondering how all that could happen to a single person. Niloo Razi Howe’s life is such an epic. Whereas most epics feature men with swords, this one focuses on a woman with heels and a hockey stick. While Niloo’s story as an Iranian exile is well-documented, our primary focus is on her career which began as an author and quickly moved to becoming a McKinsey consultant an...
Nov 11, 2019•57 min
The Silicon Valley legend is the college dropout who made billions… but what if instead they stayed in the dorm room? This is the intriguing story of Marcin Kleczynski and MalwareBytes, told in a candid ~1-hour interview where he explains how his company was built in vivid detail. Marcin takes us through his formative moments as a Polish immigrant in Illinois helping his family’s cleaning business to his choice to remain in school at his mother’s insistence while MalwareBytes was making millions...
Oct 14, 2019•1 hr 3 min
Joel Fulton’s journey began in Alaska as a free range kid with dreams of becoming a fireman to ultimately find him in one of the most prestigious CISO roles in cyber security at Splunk. Our conversation twists through his time as a computer auditor, MMA fighter, an author, a salesman, a PhD student and a few other positions in between. Our dialogue with Joel showcases the breadth of his interests as well as his gift for taking seemingly unrelated concepts and connecting them to illustrate a poin...
Sep 27, 2019•1 hr 19 min
Since this Spring, Security Voices have been “following the money trail” to explore all angles of how security companies are funded and run. In our final 2 episodes of the series, we’re shining a light on lesser known companies and individuals whom have avoided traditional funding and taken a more unique approach to starting their businesses. This episode showcases Tozny, an encryption company with its longstanding roots in government contracts. Isaac, the founder and CEO, explains how he’s buil...
Sep 13, 2019•52 min
Seemingly everyday a security company announces that it has raised a new, big round of funding. As we close out our investor series, Jack and I wanted to highlight the bootstrappers— those brave people who kickstart their businesses using solely their own resources. Our interview with Zack Schuler of Ninjio illustrates the experience of a company with a big mission to reinvent security awareness that began with no funding but a loan from his bank account. While Zack had the benefit of a previous...
Aug 30, 2019•44 min
Dark clouds seem to hang over the security industry, especially after Black Hat and DEF CON. Playing constant defense can be disheartening, especially after hearing about every new type of possible attack in Las Vegas. We felt everyone could use a little post conference pick-me up so we pulled together this short (~15 min) episode which focuses on all the positive things that are happening in the industry from past interviews. We’ve often reflected on how interesting and encouraging it is that e...
Aug 16, 2019•16 min
Robocalls have plagued our phones in recent years, prompting many of us to no longer answer calls if we don’t immediately recognize the number. Ballpark estimates put the number of calls in 2018 at 48 Billion-- a 50% increase from the previous year. Ever wondered who was behind the flood of phone spam? How much they make? Where they’re from? How they got your number? We dig deep into the robocall epidemic with telecom expert TProphet, answering all of these questions and more before breaking dow...
Jul 26, 2019•1 hr 1 min
Few topics capture our imagination like the Internet of Things (IoT); our concerns swing from how much Alexa is really listening to us all the way to doomsday scenarios orchestrated by a violent robot takeover. Our conversation with Shaun Cooley lays the foundation for a rational understanding of IoT risks, starting with its role in stopping rhino poaching in an African game preserve. After explaining the full IoT landscape, we explore how it is fundamentally different from “normal” IT security ...
Jul 12, 2019•1 hr 18 min
What happens when you take a longtime security pro and turn her into a venture capitalist? We find out in the 4th installment of our investor series when we interview Dr. Chenxi Wang, fresh off her 1 year anniversary starting Rain Capital. The beginning of our interview showcases the grasp of our market that makes Chenxi such a sought-after partner-- we go deep into the transformation of app sec, poking at fuzzing vs. static analysis, package vs. code level analysis and how the network-centric r...
Jun 28, 2019•1 hr 2 min
Mike Reavey has quietly left his fingerprints on some of the biggest moments in security. He began as a Captain in the Air Force, locking down networks from attack by adversaries back when APT was still shorthand for “apartment”. Mike recounts his time spent battling the most destructive malware the industry has ever seen (Blaster, Slammer, Code Red, etc.) while leading Microsoft Security Response and how he later kept Azure out of the headlines while heading up cloud security in Redmond. He rec...
Jun 14, 2019•1 hr 1 min
Part 3 of our investor series offers a unique perspective on the security market as Jack and I interview Kara Nortman, partner at Los Angeles-based Upfront Ventures who balances investments in enterprise and consumer companies without an explicit focus on cyber. Kara traces her roots back to a long ago meeting with the @Stake team when she was with Battery Ventures and we chart how security moved from an arcane art to a topic relevant to every startup no matter the industry. Our conversation cov...
May 31, 2019•53 min
In a world not-so-long-ago, CISO’s fought for people to understand what they did and why it mattered. Fast forward to today, and the modern CISO faces a dizzying variety of challenges everywhere from the boardroom to explain 3rd party risk management to product design sessions where they might be debating anything from data anonymization to SOC2 compliance. Our guest in this episode, Justin Dolly, stands apart as a no-nonsense CISO who has covered a truly broad spectrum of problems such as negot...
May 17, 2019•1 hr 4 min
A goal of our podcast is to highlight people who don’t highlight themselves— but are every bit as deserving of the spotlight as those on the big stage. Noah fits this profile perfectly- he’s the smart guy you sat next to at an industry dinner whose perspective on network forensics and GDPR were as interesting as his weeklong isolated "vacation" on the tundra of Baffin Island. An understated yet up and coming security investor currently at Point72, Noah’s take on the security market is insightful...
May 03, 2019•1 hr 4 min
Our latest episode features an 1 hour interview with iconic Silicon Valley CISO Justin Somaini. He explains common mistakes made by investors and vendors, what it feels like to be a global CSO of a 90,000 person company, who the CISO should report to and how the CISO can win in the boardroom (often by staying out of it!) Sales people, this is one if for you: Justin explains how you can avoid stepping on CISOs' toes and what you can do to stand out from the crowd. For aspiring or young security l...
Apr 12, 2019•1 hr
We kick off our investor series with Ping Li of Accel who was recently named the #2 investor in the Silicon Valley and is one of the most prominent investors in the security industry. We cover the biggest mistakes security companies make, how to successfully pitch your company to a veteran investor like Ping and we play an inaugural game of buzzword bingo to see if there's truly a market for that AI-powered blockchain idea you've been kicking around.
Mar 29, 2019•1 hr 5 min
Recently "retired" software security legend Gary McGraw joins us for an unfiltered conversation with Jack at his farmhouse in rural Virginia. Gary's walks us through the history of software security with his characteristic sharp humor and insights, sparing no "poser or pretender" along the path to today (including the term "app sec" itself). Beyond his impressive career in security, any conversation with Gary uncovers his diverse interests from his life as a musician to his travels, from reading...
Mar 22, 2019•1 hr 2 min
