Join us for an engaging episode as we welcome James Berthoty, a seasoned cybersecurity professional with a diverse background spanning sysadmin, DevOps, and security engineering roles. James takes us through his journey across different organizations, including his current role at PagerDuty, where he tackles the intricate challenges of FedRAMP compliance. Listen in as James shares insights on the rapid evolution of the Application Security (AppSec) industry, driven by the need for infrastructure professionals to interact with application code in today’s API-driven cloud environment. We also explore the disparity in innovation recognition among security solution providers and the difficulties of staying current in this fast-paced industry. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We also discuss the complex challenges of managing visibility and actionability within cybersecurity, particularly in handling software vulnerabilities. Learn about the evolution of patch management and the inefficiencies of the Common Vulnerabilities and Exposures (CVE) system, which often leads to false positives. This conversation sheds light on the market's tendency to prioritize quantity over quality in vulnerability detection tools and the potential shift towards more precise, less noisy solutions. Effective testing and benchmarking tools, like insecure testing repositories and OWASP projects, are also highlighted as a means to enhance the reliability of security tools. Finally, we explore the broader landscape of security tools and frameworks, including the stringent requirements of FedRAMP and the balance between flexible and opinionated tools. Through case studies and real-world examples, we discuss the significance of asset management, the evolving landscape of security tools, and the importance of transparency in marketing. The episode wraps up with a look at managing open-source supply chain risks and the crucial role of entities like Tidelift in providing paid maintenance services, reflecting the industry's shift towards better security practices. Don't miss this comprehensive exploration of the current state and future trends in the cybersecurity and software security industry.   Episode Highlights:   •Application Security and ASPM: We delve into the complex challenges of Application Security Posture Management (ASPM), focusing on managing visibility and actionability within cybersecurity, particularly in handling software vulnerabilities. •Vulnerability Management: Learn about the evolution of patch management and the inefficiencies of the Common Vulnerabilities and Exposures (CVE) system, which often leads to false positives. •Effective Testing Tools: This conversation sheds light on effective testing and benchmarking tools, like insecure testing repositories and OWASP projects, to enhance the reliability of security tools. •FedRAMP and Security Tools: Explore the stringent requirements of FedRAMP and the balance between flexible and opinionated tools in the broader landscape of security frameworks. •Asset Management: Through case studies and real-world examples, we discuss the significance of asset management in vulnerability management and the evolving landscape of security tools. •Open Source Supply Chain Risks: The episode wraps up with a look at managing open-source supply chain risks and the crucial role of entities like Tidelift in providing paid maintenance services, reflecting the industry’s shift towards better security practices. What's Inside This Episode: 00:54 - Host Introduction: Francesco Cipollone introduces the episode and guest James Berthoty.01:27 - Guest Introduction: James Berthoty shares his background and journey in cybersecurity.02:07 - Managed Detection Response Insights: James discusses his experience and insights from working in managed detection response.05:16 - AppSec Industry Evolution: Discussion on the rapid changes in AppSec and the impact of new technologies.09:28 - The Challenge of Vulnerability Management: Francesco and James delve into the complexities of modern vulnerability management.12:32 - Tool Integration and Market Trends: The conversation shifts to the integration of various security tools and market trends.20:21 - Security Operations Challenges: The struggle of handling CSPM alerts and the role of security operations.27:01 - Asset Management Importance: The critical role of asset management in vulnerability management and its implications.31:48 - Market Evolution and Tool Adaptation: Discussion on how security tools need to adapt to evolving market demands.35:50 - Reachability Analysis and SBOM: The importance of reachability analysis and the challenges of maintaining secure software supply chains.44:50 - Positive Outlook on Security Discussions: Concluding thoughts on the positive impact of increased security discussions and market involvement.46:09 - Closing Remarks: Francesco wraps up the episode and provides information on how to follow James Berthoty. Connect with James Berhoty Website: LatiotechLinkedIn: James Berthoty   James Berthoty is a passionate security professional writer and creator of Latio Tech, dedicated to transforming security teams into integral contributors to product development, embodying the true essence of DevSecOps. As a former Security Engineer at PagerDuty, James leverages his extensive experience in sysadmin, DevOps, and cloud security to drive innovative security practices and ensure robust application security. Driven by his mission to connect people with the right products, James founded Lacio Tech, a platform that provides insights and reviews on emerging security technologies and startups. His hands-on experience in both startup environments and large enterprises equips him with a unique perspective on the challenges and solutions in the cybersecurity landscape. Residing in Tampa, Florida, James balances his professional life with his personal passions. He lives with his wife, Alexxus, and their three children. By day, he leads DevSecOps initiatives at ReliaQuest, and by night, he pursues a PhD in Philosophy and indulges in video gaming. His commitment to continuous learning and his multifaceted interests make him a dynamic and influential figure in the cybersecurity community.   Connect with James: Follow Cyber Security and Cloud Podcast Website: Cyber Security and Cloud PodcastLinkedIn: Cyber Security and Cloud Podcast LinkedInTwitter: @podcast_cyberYouTube: Cyber Security and Cloud Podcast YouTubeiTunes: Cyber Security and Cloud Podcast on iTunesSpotify: Cyber Security and Cloud Podcast on Spotify Hashtags #Cybersecurity #AppSec #ProductSecurity #ProdSec #ASPM

Join us as we explore the evolving application security landscape with Marius Poskus, VP of Glow Financial Services and a seasoned cybersecurity professional. In this episode, we delve into the increasing adoption of open-source code and AI in startup development, examining the potential impacts on code security amid rapid innovation pressures. Marius shares his insights on the cultural shifts required for effective DevSecOps practices, the prolonged timelines for meaningful change, and the disruptions caused by changing CISOs. We also touch on the challenges of maintaining consistent application security programs in a dynamic leadership environment, the proliferation of tools, and the importance of measuring their effectiveness. Listen in as we unravel the complexities of managing application security within development environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We highlight the significance of providing contextual insight and effective communication to address security issues meaningfully. By prioritizing critical issues that offer the most significant risk reduction, we advocate for a strategic approach to security management. Marius also emphasizes understanding the root causes of vulnerabilities to enhance overall practices and mitigate future risks. Finally, we discuss translating risk into business language, emphasizing temporality and criticality to align security efforts with business priorities. What's Inside This Episode: 00:00 - Introduction: Francesco Cipollone introduces the podcast and guest, Marius Poskus, VP at Glow Financial Services.00:50 - Marius's Introduction: Marius discusses his background and roles, including his YouTube channel and upcoming consultancy.02:04 - Industry Overview: Marius talks about the evolving landscape of application security and the impact of AI.03:25 - Secure Code Development: The challenges of rushing code to market and understanding governance and risks.04:19 - Application Security Programs: The cultural shift needed for DevSecOps and the impact of CISO tenure on security programs.06:15 - Tooling and Measurement: The prevalence and challenges of security tools in organizations.07:00 - Compliance and Standardization: The role of emerging standards and frameworks in driving security practices.09:01 - Asset Management and Application Security: Tracking code across different environments and the complexity of asset management.10:48 - Ownership and Attribution: Identifying ownership and responsibility for code and vulnerabilities.13:00 - Contextual Insight: Providing rich information and context to development teams for better security understanding.15:18 - Measuring Security Tooling: The need for better measurement and understanding the root cause of issues.17:00 - Risk Management: Prioritizing issues based on risk and translating security issues into business risks.18:45 - Advice for CISOs: Building business expectations, creating positive narratives, and transforming security from a cost center to a revenue generator.21:57 - ROI of Security: Measuring the ROI of security through risk reduction and effective communication.23:38 - Positive Industry Outlook: Marius's optimistic view on the industry's trajectory towards better security practices.25:19 - Closing Remarks: Final thoughts on staying updated with industry changes and innovations. Where to find more about Marius and his work.26:09 - Outro: Francesco thanks Marius and encourages listeners to build security programs with insight. Connect with Marius Poskus LinkedIn: Marius PoskusPodcast: Cyber Diaries Episode About Marius With over a decade of cybersecurity experience, I am the Global Vice President and Chief Information Security Officer at Glow Financial Services Limited, a leading fintech company that offers innovative and customer-centric solutions. My mission is to build and execute a comprehensive cybersecurity strategy that aligns with the business goals and enterprise risk management of Glow, while ensuring compliance with ISO27001 and other relevant standards. I lead a high-performing team of cybersecurity professionals who deliver cutting-edge solutions across various domains, such as cloud security, DevSecOps, AppSec, threat hunting, penetration testing, and red and purple teaming. I have successfully implemented a 24/7 Security Operations Centre, a cloud adoption model, and an AppSec program that enhance the security posture and resilience of Glow's global operations. I am also passionate about sharing my knowledge and insights on cybersecurity topics as a public speaker, a non-executive director, and a mentor. Follow Cyber Security and Cloud Podcast Website: Cyber Security and Cloud PodcastLinkedIn: Cyber Security and Cloud Podcast LinkedInTwitter: @podcast_cyberYouTube: Cyber Security and Cloud Podcast YouTubeiTunes: Cyber Security and Cloud Podcast on iTunesSpotify: Cyber Security and Cloud Podcast on Spotify Hashtags #Cybersecurity #AppSec #ProductSecurity #ProdSec #ASPM

Join us in this insightful episode of the Cybersecurity and Cloud Podcast, where host Francesco Cipollone sits down with the pioneer of threat modeling, Adam Shostack. Dive into the intricacies of Application Security Posture Management (ASPM), effective threat modeling practices, and the innovative solutions offered by Phoenix Security. Gain valuable knowledge on how to improve your organization's security posture and stay ahead of evolving threats. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We delve into threat modeling and software security, touching on the profound implications of the White House's recent report on memory-safe programming languages. We also dissect the systemic challenges of self-regulation in the cybersecurity market, especially in the aftermath of significant incidents like the SolarWinds attack. Adam shares his valuable insights on CISA's latest strategies to tackle vulnerabilities at their origin, emphasizing the critical need for proactive and systemic solutions in bolstering cybersecurity practices. In another segment, we examine the complexities surrounding software security regulation and self-regulation in both the US and Europe. Drawing parallels to the automotive industry, we discuss how software companies are held accountable for the components they use, similar to how car manufacturers are responsible for their parts. The conversation highlights the Biden administration's executive order requiring vendors to self-attest to software security when selling to the US government and compares this to established regulatory frameworks like SEC regulations. We also address the balance between proactive and reactive regulatory measures, referencing historical efforts such as Microsoft's Trustworthy Computing initiative and discussing the unique challenges faced by sectors like medical devices, where security and functionality must be meticulously balanced.   Key Discussion Points: Threat Modeling and Application Security: An in-depth look at threat modeling and its crucial role in enhancing application security.White House Report on Memory-Safe Programming Languages: Exploring the implications of the recent White House report and its impact on software security practices.Self-Regulation vs. Government Regulation: Analysis of the challenges and benefits of self-regulation in the cybersecurity market, particularly post-SolarWinds.CISA’s Strategies on Vulnerability Management: Insights into CISA's proactive approaches to tackling vulnerabilities at their origin.US and European Software Security Regulations: Comparing US and European approaches to software security regulation and the accountability of software companies.Biden Administration’s Executive Order: The requirement for vendors to self-attest to software security and its broader implications.Historical Context: Reflecting on past efforts like Microsoft's Trustworthy Computing initiative and their relevance today.Balancing Security and Functionality: The unique challenges faced by sectors like medical devices in maintaining both security and functionality. What's Inside This Episode: 00:01 - Introduction: Francesco Cipollone introduces the podcast and guest, Adam Shostack, a leader in threat modeling and application security.00:22 - Role in Threat Modeling: Adam discusses his contributions to the field of threat modeling and the importance of simplifying and organizing the process.02:00 - Background and Career: Adam shares his extensive experience in application security, including his work at Microsoft and current role at Shostack and Associates.03:00 - State of Application Security and Threat Modeling: Discussion on the current state of application security and the significance of the White House report on memory-safe programming languages.04:00 - Regulatory Influences and Vulnerability Management: Insights into how government regulations are influencing application security and the challenges in managing vulnerabilities.06:00 - Historical Context of Software Security: Reflection on historical security practices and the evolution of software security.08:00 - SolarWinds SEC Lawsuit: Detailed discussion on the SEC lawsuit against SolarWinds and the importance of accurate security statements.10:00 - Challenges in Implementing Security Measures: The difficulties organizations face in implementing effective security measures and the necessity of having a comprehensive asset inventory.12:00 - Government Regulations and Market Self-Regulation: Debate on the effectiveness of market self-regulation versus government mandates in shaping the future of application security.14:00 - Balancing Profit and Security: The conflict between maintaining profit margins and investing in security, and the role of commercial support in sustaining open-source software security.16:00 - Open Source Software and Commercial Support: Discussion on the need for commercial support for open-source software and the impact of regulations on the open-source community.18:00 - Self-Regulation in Software Security: The role of self-attestation in software security and the thin line between self-regulation and government mandates.20:00 - Responsibilities of CISOs and Corporate Accountability: The critical responsibilities of CISOs in communicating security risks and how regulatory measures push for better accountability.22:00 - Microsoft's Security Evolution: Reflection on Microsoft's journey in improving software security and the importance of initiatives like the Security Development Lifecycle (SDL).24:00 - EU AI Act and Its Implications: Brief overview of the EU AI Act and its impact on high-risk applications.26:00 - Dark Gemini and Modern Threats: Teaser for a future episode on Dark Gemini, an advanced AI used for nefarious purposes, and its implications for threat modeling and vulnerability management.28:00 - Weaponization of Vulnerabilities: Discussion on the rapid weaponization of vulnerabilities and the need for systemic fixes in software security.30:00 - Closing Thoughts: Summary of the discussion on ASPM, threat modeling, and Phoenix Security, emphasizing the positive impact of ongoing changes in security practices.33:00 - Positive Message and Conclusion: Adam’s positive message about the future of software security and Francesco’s emphasis on the importance of proactive measures. Information on where to find more about Adam Shostack and his work. Connect with Adam Adam Shostack Adam is the author of Threat Modeling: Designing for Security and Threats: What Every Engineer Should Learn from Star Wars. He’s a leading expert on threat modeling, a consultant, expert witness, and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft. His accomplishments include: Helped create the CVE. Now an Emeritus member of the Advisory Board.Fixed Autorun for hundreds of millions of systems.Led the design and delivery of the Microsoft SDL Threat Modeling Tool (v3).Created the Elevation of Privilege threat modeling game.Co-authored The New School of Information Security. Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Resources and Links: Adam Shostack's About PageElevation of Privilege GameThe New School of Information SecurityThreat Modeling: Designing for Security (Amazon UK)Threats: What Every Engineer Should Learn from Star Wars (Amazon UK)The New School of Information Security (Amazon UK)Phoenix SecurityCybersecurity and Cloud Podcast #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

Join us for an in-depth discussion on the challenges and strategies of Application Security Program Management (ASPM) in today's fast-evolving tech landscape. Francesco Cipollone welcomes guest Akira Brand, a seasoned application security engineer and cybersecurity consultant, to explore practical insights into securing applications in the cloud and beyond. We also examine the shift in terminology from AppSec to product security and delve into Akira's unique background in opera singing, which empowers her to convey complex technical subjects with remarkable clarity.  Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. In this engaging session, curiosity takes center stage as a catalyst for teaching and learning within the tech world. I share my personal experiences and the joy found in the creative struggle of technical writing and documentation. Akira and I discuss the importance of a systematic approach, whether in threat modeling or honing educational techniques. We celebrate the power of curiosity-driven engagement and invite you to reflect on your learning processes. Wrapping up with a focus on threat modeling, we emphasize its significance in application security programs and the importance of business engagement in the risk assessment process. We debate the effectiveness of various motivational strategies, from incentives to potential legal implications for security professionals. As we close, we challenge you to incorporate threat modeling practices into your security measures and participate in our social media challenge. Stay vigilant and join us for a discussion that blends practical insights with forward-thinking perspectives in the ever-evolving landscape of cybersecurity. What's Inside This Episode: 00:04 - Sponsor Message: Phoenix Security Limited00:54 - Introduction by Host, Francesco Cipollone01:29 - Akira Brand discusses her background and transition to application security07:40 - Deep dive into application security program fundamentals and threat modeling25:20 - Discussion on fostering a positive security culture within organizations Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. Don't Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing landscape of cybersecurity. Whether you're a professional in the field, a business leader, or just keen on enhancing your cybersecurity awareness, this episode is packed with valuable information to help you understand the nuances of securing applications and infrastructures in a digitally-driven world.   Resources Mentioned CIS Security ControlsNIST FrameworkOWASP Guidelines Connect with Akira Brand LinkedIn: https://www.linkedin.com/in/akirabrand/ Personal Website: www.akirabrand.com   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

Listen in as we navigate the crucial role of threat modeling in the landscape of application security with our esteemed guest, Irene Michlin, the application security lead at Neo4j. Together, we peel back the layers of integrating a developer's insight into the security process and how it fortifies the software development lifecycle. Irene's journey from coding to consulting paints a vivid picture of the security challenges and triumphs faced in today's agile environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. We also dissect the often misunderstood concept of security theater and the varying impact of regulatory demands across businesses of different scales, all while highlighting the need for a risk-based approach to vulnerability management. During our conversation, we touch upon the symbiotic relationship between threat modeling and agile development, sharing anecdotes that demystify the practice and affirm its teachable nature. With Irene's rich background, we discuss how embedding security prompts into daily engineering tasks can make threat modeling more actionable, seamlessly blending it with development workflows. Our chat is a testament to the evolution of generational AI, where its jack-of-all-trades persona is on the cusp of becoming a specialized force with proper data training—showcasing the multifaceted potential of AI in cybersecurity and beyond. Wrapping up the episode, we share our admiration for an innovative Neo4j blog post that elegantly combines general AI with knowledge graphs, a read we highly recommend to those intrigued by the intersection of technology and security. The discussion reaffirms the importance of balancing agility with thoroughness in threat modeling to ensure robust cybersecurity postures. As we conclude, we remind our listeners of the power of staying informed and proactive in the digital age, inviting them to engage with our community through our social media giveaway and to stay tuned for more insights on navigating the ever-evolving world of cybersecurity. What's Inside This Episode: 00:01 - Introduction: Francesco Cipollone introduces the podcast and guest, Irene Michlin, application security lead at Neo4j.00:22 - Sponsorship Mention: Acknowledgment of Phoenix Security's sponsorship.00:25 - Episode Topic Introduction: Francesco and Irene dive into the importance of threat modeling in application security.01:07 - Guest Introduction: Irene Michlin shares her journey from software development to application security leadership.02:59 - Impact of Developer Background on Security: Discussion on how Irene's developer experience enhances her approach to security.03:54 - Challenges in Security Implementation: Insights into the real-world challenges of integrating security into agile development projects.05:42 - State of the Industry: Irene's perspective on the current state and future of application security.07:40 - Security Theater and Compliance: Addressing the pitfalls of security theater and the role of regulatory demands.09:40 - Reachability Analysis Debate: Pros and cons of reachability analysis in application security.11:44 - Generative AI in Security: Exploring the potential and challenges of AI in enhancing application security practices.13:53 - AI-based Threat Modeling: How AI can be leveraged for effective threat modeling while reducing errors.15:36 - Practical Application of Threat Modeling: Making threat modeling actionable through daily engineering tasks.20:20 - Security Prompts: Introduction of security prompts to integrate threat modeling into development workflows.23:15 - Comprehensive vs. Incremental Threat Modeling: Balancing detailed and incremental approaches for robust security.29:01 - PR Change and Code Scanning: Importance of both PR change scans and full scans in maintaining security.32:34 - Integrating Vulnerability Management and Threat Modeling: Bridging the gap between these two critical aspects of application security.36:00 - Closing Message: Encouragement for security professionals to stay positive and seek mentorship.37:31 - Resources and Contacts: How to connect with Irene and access additional resources. Connect with Irene Michlin Connect with Irene Michlin: LinkedIn | Twitter (Legacy: X)Neo4j Blog: Explore insights on using AI and knowledge graphs for security.Threat Modeling Manifesto: Discover principles and practices in threat modeling. Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

This episode features guest Izar Tarandach, a seasoned security architect with extensive experience in application security, cloud security, and the development of comprehensive security frameworks. Our discussion navigates through the latest trends in application security, the pivotal role of DevSecOps, and the strategic integration of security practices within modern business environments. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. As our conversation progresses, we turn our focus to the critical issue of third-party risk in software development. Aizhar and I examine how high-profile cases have shone a light on the vulnerabilities in the software supply chain and the urgent need for developers to embrace secure coding practices. We discuss the shift toward a security-centric development culture and the importance of establishing business-driven security objectives and realistic service level agreements. Tune in to hear our insights on how the industry is moving beyond the quest for a silver bullet in security tools to a more robust approach that ingrains security into the core responsibilities of developers. In our final chapter, Aizhar and I tackle the delicate balance between ethics, regulation, and business imperatives in cybersecurity. We delve into how regulations can drive security priorities, the risk of a false sense of security, and the vital role of threat modeling in the software development lifecycle. Our discussion highlights the need for a holistic approach that merges the foresight provided by threat modeling with adherence to regulations, fostering a security-conscious culture across all industries. Don't miss this engaging episode where we dissect the evolution of threat modeling and its integral role in protecting our digital world. What's Inside This Episode: 00:02 - Introduction to Cybersecurity and Cloud Podcast: Francesco introduces the series and outlines what listeners can expect from this enlightening episode.00:53 - Greetings and New Developments in Threat Modeling: Discover the latest advancements in threat modeling and their implications for cybersecurity.01:35 - Introducing Izar Tarandach: Learn about Izar's journey and his significant contributions to the field of security architecture.02:09 - Recent Trends in Application Security: A detailed discussion on the transformation in application security spurred by innovations in cloud technology.02:54 - Challenges Facing Today's CISOs: Insight into the pressures and challenges CISOs face with rising security stakes.03:30 - Reevaluating Security Protocols: We analyze how traditional security protocols are being reshaped in today's tech landscape.04:49 - The Role of DevSecOps: Understanding the integration of security into DevOps practices and its impact on software development.05:47 - Concept of "Shift Everywhere": Izar critiques the broad application of the "shift everywhere" concept within security strategies.06:56 - The Evolution of Security Integration: Discussion on how security is becoming embedded in all phases of product development.08:13 - The Dilemma of Security Buzzwords: Evaluating how new security terminologies affect industry focus and policy development.09:28 - The Realistic View of Security Practice: A candid look at the progression from idealistic to pragmatic approaches in security practices.11:25 - Addressing Third-Party Risks: Examination of third-party risks and their impact on the software supply chain.13:28 - Third-Party Risk Management: A Case Study: Insights from high-profile cases highlighting the importance of managing third-party vulnerabilities.15:23 - Integrating Security into Business Objectives: How organizations are embedding security objectives into business strategies.16:47 - Seeking Solutions in Security: A shift from seeking singular security solutions to adopting comprehensive, integrated approaches.18:18 - Advocating for Risk-Based Approaches: The importance of adopting risk-based strategies over traditional security measures.19:44 - Educating Developers on Security Importance: The critical role of educating developers on security as a fundamental aspect of software development. Sponsored by Phoenix Security: This episode is brought to you by Phoenix Security, leaders in vulnerability management from code to cloud. Take control of your security with Phoenix and see firsthand how to prioritize and act on critical vulnerabilities with a free 14-day license available at Phoenix Security - Request a Demo. Don't Miss This Engaging Discussion on Cybersecurity Trends and Strategies: Tune into this enlightening episode to equip yourself with the knowledge and insights needed to navigate the ever-changing landscape of cybersecurity. Whether you're a professional in the field, a business leader, or just keen on enhancing your cybersecurity awareness, this episode is packed with valuable information to help you understand the nuances of securing applications and infrastructures in a digitally-driven world. Izar Tarandach Linkedin: https://www.linkedin.com/in/izartarandach/ Twitter: https://twitter.com/izar_t?lang=en-GB Books: https://www.oreilly.com/pub/au/7898 Github: https://github.com/izar Threat Modelling Con: https://www.threatmodelingconnect.com/general-discussion-32/i-m-izar-tarandach-and-if-you-have-questions-i-may-have-answers-148 Speaker profile: https://conferences.oreilly.com/software-architecture/sa-ny-2019/public/schedule/speaker/324717.html    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

A dev perspective on application security: Dive deep into the pivotal nexus of cybersecurity, application security, and software development in our latest podcast episode featuring Josh Goldberg, a renowned figure in the TypeScript ecosystem. This episode sheds light on the evolving realm of secure coding practices, acknowledging the progress achieved while recognizing the challenges that lie ahead. Join us as we unravel the nuanced role of artificial intelligence in software development, moving beyond the hype to establish grounded expectations for this sophisticated tool. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   Our discussion ventures into the dynamic landscape of the tech job market, sparking a thought-provoking debate on the value of junior versus senior developers in building a resilient digital future. We also underscore the critical role of checklists in enhancing product development, inspired by insights from "The Checklist Manifesto." By integrating accessibility audits and security consultations, we reveal how checklists can transform development processes, ensuring products are secure and accessible from the start. The conversation extends to the cutting-edge application of AI in threat modeling, highlighting the importance of strategic objectives that place security and accessibility at the forefront. We further explore the essential art of communication within organizations and its pivotal role in seamless security integration. This dialogue emphasizes the significance of leadership in cultivating an environment where trust and verification coalesce, promoting a culture of thorough security checks and balances. As we dissect the concept of Service Level Agreements (SLAs), our discussion illuminates their dual function as both security mechanisms and corporate assurances, advocating for the early adoption of security measures in business strategies. Experience firsthand how security features, like multi-factor authentication, can serve not just as protective measures but as compelling marketing and product differentiators. Don't miss this enriching conversation that bridges the gap between cybersecurity practices and software development, offering invaluable insights for professionals navigating the intricate landscape of tech innovation.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction and sponsorship message from Phoenix Security Limited.00:53: Welcoming Josh Goldberg, an open source advocate in the TypeScript ecosystem, to the podcast.01:37: Josh shares his journey into enhancing software quality and security through open-source contributions.02:01: Analyzing the current landscape of application security and the ongoing challenges for developers.03:20: The potential of artificial intelligence in revolutionizing secure code practices and its limitations.04:28: Addressing the scarcity of developer resources and the impact on application security.07:21: Strategies for integrating essential security practices into development teams with constrained resources.10:13: Emphasizing the importance of establishing measurable success metrics in secure software development.13:02: The imperative of fostering effective communication between security and development teams for a robust security posture.18:08: Discussing the evolution of security tools and the significance of early integration in the development process (Shift Left).21:32: The role of risk management in aligning business objectives with security imperatives.25:04: Expressing optimism for the future of tech with advancements in tools and platforms facilitating better security integration.32:35: Josh's parting thoughts on leveraging ESLint plugins for vulnerability detection and the hopeful reduction of common security flaws.36:00: Conclusion of the conversation with a focus on the collective progress in cybersecurity and application development.38:10: Final words from Francesco Cipollone, encouraging listeners to engage with security within their development practices. Josh Goldberg Hi, I’m Josh! I’m an independent full time open source developer. I work on projects in the TypeScript ecosystem, most notably typescript-eslint: the tooling that enables ESLint and Prettier to run on TypeScript code. I’m also the author of the O’Reilly Learning TypeScript book, a Microsoft MVP for developer technologies, and an active conference speaker. My personal projects range from static analysis to meta-languages to recreating retro games in the browser. Also cats. Connect with Josh [bsky / GitHub / Mastodon / Twitter / Twitch / www] Josh is an independent open source developer and so have no company logos. If you really need one, the main project I help maintain is https://typescript-eslint.    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

What does it take to get into application security from pentesting? Will AI replace the role of product security? How do you start an application security program and write a book about it?    Join us on the Cybersecurity and Cloud Podcast as we welcome the insightful Raj Umadas, head of InfoSec at Ackblue, for a vibrant discussion on the varied pathways into the field of application security. Listen in as Raj shares his unique journey from networking to the realms of software and hardware design, ultimately leading to his passion for security. We debate whether a background in pentesting is a must for app sec success or if one can climb the ranks from the blue team, all while emphasizing the significance of team diversity over homogeneity. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Venture into the world of risk assessment and pen testing with us, where we unpack the complexities of cybersecurity through the lens of protective controls and real-world testing experiences. Hear about my time at leading companies like Etsy, Squarespace, and Spotify, where I tackled the balancing act of risk, remediation, and resource allocation. This chapter casts a spotlight on the intricate dance between security leaders and CISOs, underlining the necessity of clear communication and the advantage of technical savvy in these pivotal roles. Finally, tune in as we discuss the ever-evolving role of the CISO and the rise of the DevSecOps culture within the tech industry. Reflect with us on the historical context of software development and how it's transformed into an ongoing nurturing process, necessitating a fusion of development, operations, and security expertise. We also navigate the challenges of regulatory frameworks in the wake of monumental security breaches, fostering a conversation on how industry leaders and regulatory bodies can work together towards safer development practices. Don't miss out on these captivating insights with Raj Umadas as we navigate the ever-changing cybersecurity landscape.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction and sponsorship message from Phoenix Security Limited.00:53: Welcoming Rajendra Umadas to the show; background introduction.01:25: Rajendra's journey into cybersecurity.04:12: Discussion on application security and team building.07:33: Exploring product security and its impact.13:32: Navigating the challenges of risk management and pen testing.18:00: The evolving landscape of software and hardware security.25:21: DevSecOps and the future of cybersecurity.36:01: Closing thoughts on the progression of cybersecurity and its positive outlook.38:10: Final advertisement and call to action for listeners.   Raj Umadas Linkedin: https://www.linkedin.com/in/rajumadas/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec  #aspm

Will AI replace the role of product security? How do you start an application security program and write a book about it? One of the best Application Security mind Derek Fisher is with us today.   Join us on a captivating journey as Derek, a mastermind in product security and a prolific author, shares his expertise on setting up a fortified application security program. We start by unraveling the critical first steps, emphasizing the value of understanding your organization's current cybersecurity landscape and the unique risks it faces. Listen in as we discuss the significance of collaboration between security and engineering teams to pinpoint vulnerabilities and fortify our digital defenses. The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. In our thought-provoking conversation, we tackle the concept of product ownership and the dynamic nature of risk assessment. Derek enlightens us on the challenges of aligning business acumen with technological realities in the context of application security. We also engage in a spirited debate about the various forms of code analysis and the significance of exploitability in the management of risk. It's a discussion that balances the technical intricacies with strategic insights, essential for anyone invested in securing their products. Shifting gears, we explore the innovative realm of 'shifting smart' in application security, moving beyond the traditional 'shift left' paradigm. Discover the benefits and limitations of integrating security tools early in the development cycle and the vital role dynamic environments play in unearthing actionable vulnerabilities. Wrapping up, we delve into the exciting and complex intersection of AI and cybersecurity, pondering the dual-edged sword of advanced technologies like generative AI. Derek offers a nuanced perspective on the future of secure coding and vulnerability management, a must-listen for anyone navigating the evolving cybersecurity landscape.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction to Cybersecurity and Cloud Podcast00:55: The Essence of Application Security Programs02:19: Journey to Authoring on Application Security02:38: Building a Robust Application Security Program03:36: Application Security: A Collaborative Effort04:22: Assessment and Direction in Application Security Programs06:52: The Role of Software Bill of Materials (SBOM) in Cybersecurity09:32: Defining a Product in the Context of Application Security13:23: Enhancing Software Security Supply Chain Visibility15:35: Understanding Product Risks and Vulnerability Management18:31: Evolving Application Security Techniques: SAST, DAST, RASP27:32: AI's Role in Application Security and Beyond25:07: Encouraging Secure Online Practices Among Young Users30:33: The Future of AI in Cybersecurity32:33: Closing Thoughts and Positive Outlook for Cybersecurity Professionals   Derek Fisher Linkedin: https://www.linkedin.com/in/derek-fisher-sec-arch/  Application Security Program Handbook: A Guide for Software Engineers and Team Leadershttps://www.amazon.co.uk/Application-Security-Program-Handbook-Engineers/dp/163343981X   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec

Will AI replace the role of product security? This is an enlightening conversation with David Matousek exploring the intersection between automation and product security in application security. Join us on this enlightening journey with David Matousek, as we explore the intriguing world of product security within the cybersecurity realm. Listen in as David, with his wealth of experience transitioning from a technical developer to a product director, unveils the significance of perceiving application security as an enterprise-level product.    The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Discover how this approach not only streamlines the development process but also cultivates a customer-centric mindset towards developers, leading to a more cohesive and less cumbersome compliance environment. David's insights provide a fascinating perspective on the symbiotic relationship between security and platform teams, paving the way for a more secure and efficient path to application production. Venture further into the cybersecurity landscape as we tackle the complexities of vulnerability prioritization and the evolution of network security. Our discussion with David delves into the nuanced balance of automated and manual processes in identifying and managing security risks, highlighting the irreplaceable value of human expertise amidst the rise of machine learning and AI. Emphasizing the importance of multi-faceted developer skills, including communication and collaboration, we shed light on how these abilities can significantly enhance an organization's security posture. So, gear up for a session that not only broadens your understanding of cybersecurity but also inspires professional growth in this dynamic field.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction to Cybersecurity and Cloud Podcast00:57: Unraveling Product vs. Application Concepts01:43: David Matousek's Journey in Cybersecurity04:04: Transition to Product Security07:02: Embedding Security in Development Tools09:14: Evolution from Application to Product Security11:53: Managing Vulnerabilities at Scale14:43: Promoting a Culture of Shareable Code17:00: Balancing Automation and Manual Security Practices19:51: Dependency Management and Security Context22:53: Communicating Cybersecurity Value to Business   David Matousek Linkedin: https://www.linkedin.com/in/davidmatousek/   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #productsecurity #prodsec

This is an enlightening conversation with Michael Smith exploring the intersection between vulnerabilities, DDoS and WAF technologies.  Join us as we reconvene with cybersecurity virtuoso Michael Smith, Field CTO at Verkara, for a rerecording further to explore the fascinating intersection of cybersecurity and cloud technology. Listen in as Michael brings his wealth of experience from military intelligence to web application development to the table, shedding light on how engineering and integration teams navigate regulations and government sector compliance.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence. Our conversation ventures into the complexities of application security and the strategic utilization of vulnerabilities. Venture into the murky waters of cyberattacks with us as we discuss how vulnerabilities can be harnessed for DDoS attacks, causing chaos at both the network and application layers. Hear about Phoenix Security Limited's role in software security and how unvalidated pagination can be exploited to strain databases and servers. We wrap up this segment by contrasting the precision of these attacks with broader network-level DDoS strategies, offering insight into crafting robust cybersecurity defenses. Cap off this episode with a crucial discussion on the ethical dimensions of technology. Discover the challenges of differentiating between benign and malicious bot activity, and how technologies like domain fronting have dual purposes. We stress the importance of vigilance and responsibility in the tech sphere, where the same tools can secure or compromise systems. Remember to stay engaged with the content by checking your logs for anomalies and sharing your thoughts for a chance to win an Amazon gift card. Michael's insights are a reminder of the persistent evolution and nuanced nature of cybersecurity in our interconnected world.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity. 00:02: Introduction to Cybersecurity and Cloud Podcast00:53: Host and Guest Introduction01:40: Michael Smith's Journey in Cybersecurity03:23: Shift Towards Security04:22: The Evolution of Cybersecurity Roles06:58: Challenges in IoT and Hardware Security08:22: Insights from Akamai and Handling Major Incidents09:58: The Evolution of Cybersecurity Threats11:35: The Current State of Cybersecurity14:49: The Future of Cybersecurity and Emerging Threats17:22: Leveraging Vulnerabilities for DDoS Attacks22:51: Addressing Sophisticated Cybersecurity Threats26:27: Advanced Cybersecurity Techniques and Challenges29:00: The Importance of Collaboration in Cybersecurity33:58: Closing Thoughts and Positive Takeaways39:01: Outro and Acknowledgments   Micahel SmithLinkedin: https://www.linkedin.com/in/rybolov/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #appsec #waf

This is an enlighting conversation with Jay Jacobs  - Exploring the Future of Vulnerability Management and Data Science Unlock the secrets of cybersecurity's intricate dance with data science as I, Francesco Cipollone, sit down with tech wizard J Jacobs, co-founder of Cyanthia. Prepare to be captivated by J's inspiring tech odyssey, from his youthful fascination with computing to his trailblazing efforts in quantifying cyber risk. We navigate his professional voyage, spanning IT, pen testing and cryptography, revealing how his deep dive into data science has revolutionized our approach to cyber threats. J also imparts his wisdom on the crucial role of statistics and key management in cryptography, offering priceless insights for anyone invested in fortifying their digital defenses.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   The journey of vulnerability assessment tools takes center stage as I recount the sophisticated evolution of the Exploit Prediction Scoring System (EPSS). From its humble beginnings as a logistic regression to becoming a powerful API, EPSS serves as a beacon for security professionals looking to quantify the once nebulous concept of risk. The discussion illuminates the delicate dance between utility and data privacy, the quest for a universal risk score, and the aspirational future of EPSS, incorporating additional variables to refine its predictive precision. Finally, J and I tackle the real-world implications of vulnerability management through the lens of EPSS. We dissect the interplay between EPSS scores and CVSS ratings, using the Log4Shell incident to emphasize the critical need for broader threat intelligence. By acknowledging the system's limitations and the nuances within open-source vulnerability analysis, we champion the importance of narrative in data interpretation. With a call to action, we invite the cybersecurity community to join forces, enhancing our collective defense through dialogue and open-source innovation.   Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.   (03:41 - 04:47) Exploring Cryptography and Managing Key Security (66 Seconds) (07:41 - 08:52) Epss (71 Seconds) (11:46 - 12:56) The Beauty of EPSS and Application Security Angle (70 Seconds) (18:02 - 19:16) Exploring EPSS Scores and Vulnerabilities (74 Seconds) (25:27 - 27:09) EPSS and Its Challenges in AppSec (102 Seconds) (31:03 - 32:04) Improving Scanning Tools and Analyzing Vulnerabilities (62 Seconds)   Jay JacobsLinkedin: https://www.linkedin.com/in/jayjacobs1/ Twitter: https://twitter.com/jayjacobs Cyentia: https://twitter.com/cyentiainst EPSS: https://www.first.org/epss/#:~:text=The%20Exploit%20Prediction%20Scoring%20System,be%20exploited%20in%20the%20wild. YL Profile: https://www.ylventures.com/people/caleb-sima/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #ai, #cloud, #appsec

This is an enlighting conversation with Caleb Sima a returning guest on the podcast - Bridging Offense and Defense in Cybersecurity and AI Promise for the Future. Join us for the return of an esteemed guest, Caleb, for an engaging conversation with cybersecurity veteran Caleb Sima on our latest podcast episode. Caleb, known for his significant contributions to application security and executive roles in leading tech companies, shares his profound insights into the ever-changing world of cybersecurity. He highlights the importance of mastering offensive skills for effective defence, drawing on his vast experience to advocate for a mindset that aligns with understanding and countering attackers.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   This episode also delves into the critical foundations of cybersecurity, emphasizing the need for a broad spectrum of knowledge, including networking, engineering, and programming. We explore building securely, drawing insightful parallels between everyday safety mechanisms and the integrated security required in organizational infrastructures. Through this discussion, we uncover how intuitive security measures, akin to those in vehicles or smartphones like iPhones, can be mirrored in the seamless security systems within companies. We further discuss the transformational challenges facing security professionals, evolving from defenders to builders, and the vital role of education in this paradigm shift. It's a thought-provoking exploration of proactive and resilient security approaches to enhance user experience without compromising on protection. Tune in to this enlightening episode to equip yourself with the knowledge and insights needed to navigate the evolving landscape of cybersecurity.   01:40 - Caleb Sima: Caleb shares his extensive background in cybersecurity, beginning in the 90s and spanning various roles and accomplishments. 03:34 - Francesco Cipollone: Discussion on the evolving landscape of cybersecurity and its implications for newcomers to the field. 04:19 - Caleb Sima: Caleb's advice to newcomers in cybersecurity emphasises the importance of understanding offensive security and mastering foundational knowledge. 07:44 - Francesco Cipollone: Francesco reflects on Caleb's approach, discussing the potential biases and the importance of a foundational understanding. 08:12 - Caleb Sima: Caleb underscores the necessity of understanding attacks to identify fundamental security problems and prioritize risks. 10:50 - Caleb Sima: Insight into the relationship between effective security foundations, risk management, and compliance. 11:27 - Francesco Cipollone: A discussion on the concepts of security and safety and their interchangeability. 11:39 - Caleb Sima: Caleb's perspective on transitioning from a focus on security to a broader concept of safety. 16:21 - Caleb Sima: The importance of minimizing damage in security incidents and the need for balanced approaches in threat identification, detection, and response. 17:15 - Caleb Sima: The role of security in organizational decision-making and the importance of integrating security from project inception.   21:11 - Francesco Cipollone: Highlighting the shift in security perspectives and the importance of proactive approaches to cybersecurity. 23:04 - Caleb Sima: Caleb discusses the gaps in awareness and knowledge within security teams and the importance of prioritizing security measures. 24:15 - Caleb Sima: Exploring the role of technology in building security foundations and the potential of AI and ML in addressing security challenges. 27:59 - Francesco Cipollone: Reflections on the cultural shift and the growing emphasis on collective responsibility in security. 29:53 - Caleb Sima: Caleb's categorization of AI's role in cybersecurity, focusing on securing AI technologies and utilizing AI to solve cybersecurity challenges. 34:18 - Francesco Cipollone: Discussion on protecting data from AI systems and considerations in data usage and monetization. 36:00 - Caleb Sima: Caleb speculates on the future of data usage restrictions and their potential impact on the internet landscape. 37:13 - Caleb Sima: Caleb concludes with a positive outlook on the growth of talent and knowledge in cybersecurity and the importance of ongoing education and awareness.   Caleb SimaLinkedin: https://www.linkedin.com/in/calebsima/ Twitter: https://twitter.com/csimaOther: https://www.nbcnews.com/id/wbna6713649 Blog: https://medium.com/csima/from-founder-to-ciso-my-unconventional-journey-and-the-road-ahead-2fbc262a59be YL Profile: https://www.ylventures.com/people/caleb-sima/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42Linkedin: linkedin.com/in/fracipo #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes:Website: http://www.cybercloudpodcast.com/Linkedin: https://www.linkedin.com/company/35703565/admin/  
Twitter: https://twitter.com/podcast_cyber   
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/ You can listen to this podcast on your favourite player:Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ    #Cybersecurity, #ai, #cloud, #appsec

Overcoming the Cybersecurity Talent Shortage: Innovation, Culture, and Self-Care with Jitendra Arora Join us for a transformative discussion with Jitendra Arora, the non-South Europe CISO at Deloitte, as we unravel the narrative around the talent shortage in cybersecurity. Jitendra brings a fresh perspective that emphasizes the need for creativity and open-mindedness in talent sourcing. We dissect the "buy versus build" model, where he advocates for nurturing and developing skills in individuals from diverse backgrounds, not just hiring seasoned professionals.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   Our second chapter addresses the art of fostering a positive organizational culture. We share experiences and insights about the daily efforts required to build a values-based culture, especially during challenging times like the pandemic. Our conversation evolved to discuss the role of a supportive work environment in attracting and retaining talent. Lastly, we explore the essence of self-care and personal development in the high-stress world of cybersecurity. Our discourse underscores the need for balance and provides useful tips on handling stress, offering a refreshing look at life in the cybersecurity field. Tune in for a meaningful conversation that goes beyond the usual.   00:02 - Ads and Introduction: Introduction to the podcast, sponsored by Phoenix Security Limited.00:59 - Host Introduction: Host Francesco Cipollone introduces the episode's focus on team and skill growth in cybersecurity.01:38 - Guest Introduction: Jitendra Arora discusses his cybersecurity background and industry insights.02:51 - Industry Challenges: Discussion about the talent shortage in cybersecurity.06:23 - Addressing Talent Shortage: Emphasizing innovative hiring and the value of diverse backgrounds.09:44 - Academia Engagement: Importance of connecting with students and teaching resilience.12:07 - Supportive Work Culture: Developing a nurturing work environment in cybersecurity.16:03 - Advertisement Break: Promotional segment for Phoenix Security Limited.16:44 - Talent Retention: The role of workplace culture in attracting and retaining cybersecurity talent.18:54 - Leader's Role: Leaders fostering a positive and supportive workplace in cybersecurity.   Jitender Arora Linkedin: https://www.linkedin.com/in/jarora/    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/    #Cybersecurity, #TalentShortage, #TalentSourcing, #Organizational Culture, #Pandemic, #Self-Care, #Personal Development, #Leadership, Creativity, #Open-mindedness, #Buy vs Build, #Diversity, #Skills, #Dialogue, #Profession, Virtual Hallway, Feedback, #Strategic Objectives, #Purpose, Belonging, #Stress, #Emotions, Life Skills, #Mentorship, #Speaking Opportunities, #Support Structure, #Personal Balance

Get ready to embark on a captivating journey into application security with our guest, Chris Ghigliotty, Director of Security Engineering at JustWorks. A man of many talents, Chris hails from a background in teaching and writing, which lends him a unique perspective on the importance of communication within the cybersecurity industry. We promise you this isn't your regular security conversation. We are tearing down the walls of complexity, transforming intricate risk language into digestible business matters.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   As we navigate through the intricacies of building an application security program, we assure you, no stone will be left unturned. Learn how to control the narrative, comprehend your company's current state and engage with your customers in a meaningful manner. This isn't just another industry podcast; we're here to show you how to demonstrate the program's inherent value, approach investment strategically, and champion ROI as the lifeline of your security program. We've got a powerhouse of insights lined up, especially on program effectiveness, measured in terms of training developers to make security decisions. Drawing the curtains on this episode, we shift gears to focus on the impact of developer training on security. We'll help you identify training outcomes and integrate them into your development process. Our discourse deep-dives into the value of security in products, with special attention to user experience and security features as product differentiators. Remember, folks, curiosity is the key that unlocks the door to the security industry for new generations. So, join us, and let's make security not just a necessity, but a narrative that everyone can understand and appreciate.   00:59 - Christian Ghigliotty's Introduction: Francesco introduces Christian Ghigliotty, spotlighting his expertise in application security and transformation. 01:55 - Background in Cybersecurity: Christian shares his journey into cybersecurity, culminating in his current role at JustWorks, where he oversees application security and posture management. 02:22 - Entry into Cybersecurity: Christian's unconventional path into cybersecurity highlights the diverse skill sets valuable in application security. 03:56 - Communication in Application Security: The importance of effective communication in application security, essential for explaining complex security concepts and gaining organizational buy-in. 04:55 - Overcoming Communication Challenges: Addressing the challenge of making technical application security topics accessible and understandable to non-technical stakeholders. 06:14 - Storytelling in Security: The critical role of narrative in application security to justify security measures, investments, and posture management strategies. 08:00 - Establishing an Application Security Program: Key considerations in starting an application security program, including understanding organizational needs and aligning with business strategies. 09:45 - Investment in Application Security: Long-term investment perspective in application security and posture management, emphasizing the need for measurable returns and strategic alignment with business goals. 11:22 - Measuring Program Effectiveness: The challenge of quantifying the effectiveness of application security programs and the role of developer training in enhancing security posture. 14:45 - Sponsor Message: Phoenix Security, focusing on software security and supply chain visibility. 15:27 - Developer Empowerment in Security: Strategies for empowering developers to prioritize application security in their work, highlighting the importance of business support for security initiatives. 17:00 - Building Development Team Relationships: The significance of fostering strong relationships with development teams to create a culture that values application security and good security posture. 19:24 - Tailoring Security to Teams: Customizing application security approaches to meet the unique challenges and needs of different development teams. 21:40 - Business Buy-In for Security: Exploring effective strategies to secure business buy-in for application security programs and discussing relevant metrics for measuring success. 23:05 - Product Metrics in Application Security: Using product metrics to evaluate the impact of security features on application security and posture management. 25:25 - Enhancing User Experience: Improving user experience in security measures to ensure better adherence to security protocols in application development. 27:17 - Security as a Differentiator: Discussing the potential of positioning application security as a unique selling point, enhancing customer trust and product value. 29:01 - Closing Remarks: Christian shares an optimistic outlook on the future of application security and encourages new talent to join the field. 30:14 - Contact Information: How to find more about Christian Ghigliotty's work in application security.   Christian Ghigliotty Linkedin: https://www.linkedin.com/in/ghigliottyc  Github: https://github.com/ghigliottyc    Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Christopher Russell is the CISO at tZERO Group, a Mesh Security advisor, and a NightDragon Advisor. He is currently getting a PhD in Cybersecurity with a focus on Blockchain Security at DSU. His military intel background helps him keep cool under even the most stressful work situations. In this episodes, Francesco and Chris discuss identity and security in relation to blockchain and digital currency. With decades of experience, Chris has an acute sense of risk and threat   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:20 Chris’ background in military 7:40 Military VS cooperate mentality 10:08 Risk management 15:05 MFA and identity 21:00 Zero day 22:00 Social engineering and ransomeware 26:50 Mesh Security 28:48 Identity in blockchain and digital currency 31:50 Public wallets 34:00 Positive message 35:48 Connect with Chris 38:28 Outro   Christopher Russell https://www.linkedin.com/in/christopher-russell-5a9b20a7/ Twitter @cr00ster Github : https://github.com/cr00ster     Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:35 Steve’s background 2:35 State of the industry 7:00 Breach fatigue 10:00 Shift left, shift smart 13:45 How to make asset management sexy again 17:10 Threat modeling 20:00 Regulation 26:00 Security metrics 28:15 OWASP projects—SBOM platform 34:14 Final positive message 36:09 Get connected 37:20 Outro   Steve Springett https://www.linkedin.com/in/stevespringett/ https://infosec.exchange/@stevespringett Twitter @stevespringett https://dependencytrack.org/ https://scvs.owasp.org/ https://cyclonedx.org/   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Christophe Parisel is a Senior Cloud security architect at Société Générale. He has extensively researched risk vulnerability and native cloud security. He specializes in IaaS, PaaS, and devSecOps. Two of his major contributions to the Cloud are Azure Firewall and Azure Policy. When asked, he says he’s is optimistic about the future of Cloud security and is proud of the progress made within the last five years.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:40 Christophe’s background 5:10 Cloud security research 8:40 Adoption VS security 10:07 Cloud shared responsibility model 14:52 CVSS (Common Vulnerability Scoring System) 19:00 Vulnerabilities 20:20 Environmental score 21:30 Measuring vulnerability of cloud provider 25:55 Odds of a cloud breach 29:50 Final positive message 32:10 Get connected 33:00 Outro   Christophe Parisel https://www.linkedin.com/in/parisel/   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Travis McPeak is a security generalist with over a decade of experience working at several companies including Databricks, Netflix, IBM, HP, and Symantec. He’s the Co-Founder and CEO of Resourcely, whose goal is to create a paved road to secure, efficient, and easy to manage cloud infrastructure. In this conversation, Travis shares his biggest takeaway from working at Netflix, the problem with overusing JIRA, and the importance of making security a shared responsibility between developers and security ops.   The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.   0:00 Introduction 1:26 Travis’ background 2:10 View of industry 4:00 Netflix “paved road” 5:20 Lemur 8:00 Security at small orgs 11:36 Reactive security with JIRA 14:35 Measuring security 18:16 Inflection point 20:48 Demystifying the paved road 24:30 DevSecOps 30:40 Unifying the objective, shared responsibility 33:40 Resourcely— Cloud infrastructure 36:20 Get connected 37:00 Positive Message 38:27 Outro   Travis McPeak https://www.linkedin.com/in/travismcpeak/ https://www.resourcely.io/ https://www.resourcely.io/post/guardrails-and-paved-roads   Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/

Nathan is the manager of the application security team at Intuit Mailchimp. He has over 7 years of experience in application security working at both startups and Fortune 500 companies. In that time, Nathan has been both an engineer and a leader. His primary focus has been on building out application security programs by implementing scalable processes and efficient methodologies. Nathan holds a Master’s in Digital Forensics and CyberSecurity from John Jay College of Criminal Justice and a Bachelor’s in Music Composition from University of the Arts.   In this show, Nathan and Francesco discuss the start in application security, how to mentor new interns and bridge the skillgap and how to measure application security progress when deploying shift left methodologies in devsecops    The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence.     2:00 - Nathan's Intro 7:30 – from music to cybersecurity and new generation 11:00 – State of application security 14:00 – Vulnerability – What is a vulnerability in software 18:00 – How do you bring in the business in appsec – Product security 12:00 - Cybersecurity technicalities - Pen-tests  and regulation 16:00 - Cybersecurity and regulation in USA 19:00 - SBOM, Digital Software supply chain 20:00 – Risk for application security and business perspective 22:00 – Business categories of risk for application security 24:00 – Business criticality vs low criticality – how to talk about risk 26:00 – Prioritize work based on risk in application security    27:00 – Avoiding burnout and preventing risk – Mailchimp program of work – SPIDER 31:00 – Doing more with less in application security 33:00 – Measuring shift left effectiveness – Dentist story 37:00 – Positive message and conclusion   Nathan   Blog: https://nathancooke.com/  Linkedin: https://www.linkedin.com/in/nathancooke7/     Cyber Security and Cloud Podcast hosted by Francesco Cipollone Twitter @FrankSEC42 Linkedin: linkedin.com/in/fracipo  #CSCP #cybermentoringmonday cybercloudpodcast.com    Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  
 Twitter: https://twitter.com/podcast_cyber   
 Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/