Security Conversations
Ryan Naraine
Security Conversations covers the business of cybersecurity, from the lens of veteran journalist and storyteller Ryan Naraine. Thoughtful conversations with security practitioners on threat intelligence, zero trust, securing cloud deployments, penetration testing, bug bounties, advancements in offensive research and targeted malware espionage activity. Connect with Ryan on Twitter (Open DMs).
Catégories: Technologie
Écoutez le dernier épisode:
Episode sponsors:
- Binarly, the supply chain security experts (https://binarly.io)
- XZ.fail backdoor detector (https://xz.fail)
Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium, and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.
Links:
- Unedited transcript (AI-generated)
- Cris Neckar on LinkedIn
- Cris Neckar Bio (Two Bear Capital)
- Teenager hacks Google Chrome with three 0days
- Research on Trident zero-day flaws
- Cris Neckar podcast transcript (Unedited)
Épisodes précédents
-
117 - Cris Neckar on the early days of securing Chrome, chasing browser exploits Thu, 11 Apr 2024 - 0h
-
116 - Costin Raiu joins the XZ Utils backdoor investigation Fri, 05 Apr 2024 - 0h
-
115 - Katie Moussouris on building a different cybersecurity businesses Fri, 19 Jan 2024 - 0h
-
114 - Costin Raiu: The GReAT exit interview Mon, 15 Jan 2024
-
113 - Danny Adamitis on an 'unkillable' router botnet used by Chinese .gov hackers Fri, 05 Jan 2024 - 0h
-
112 - Allison Miller talks about CISO life, protecting identities at scale Thu, 21 Dec 2023 - 0h
-
111 - Rob Ragan on the excitement of AI solving security problems Thu, 07 Dec 2023 - 0h
-
110 - Seth Spergel on venture capital bets in cybersecurity Tue, 21 Nov 2023 - 0h
-
109 - Dan Lorenc on fixing the 'crappy' CVE ecosystem Tue, 14 Nov 2023 - 0h
-
108 - Cisco Talos researcher Nick Biasini on chasing APTs, mercenary hackers Tue, 07 Nov 2023 - 0h
-
107 - Allison Nixon on disturbing elements in cybercriminal ecosystem Wed, 01 Nov 2023 - 0h
-
106 - Dakota Cary on China's weaponization of software vulnerabilities Fri, 15 Sep 2023 - 0h
-
105 - Abhishek Arya on Google's AI cybersecurity experiments Tue, 12 Sep 2023 - 0h
-
104 - Dr Sergey Bratus on the 'citizen science' of hacking Thu, 31 Aug 2023 - 0h
-
103 - DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge Sun, 20 Aug 2023 - 0h
-
102 - Ryan Hurst on tech innovation and unsolved problems in security Wed, 16 Aug 2023 - 0h
-
101 - Jason Chan on Microsoft's security problems, layoffs and startups Mon, 07 Aug 2023 - 0h
-
100 - GitHub security chief Mike Hanley on secure coding, AI and SBOMs Wed, 02 Aug 2023 - 0h
-
99 - Jason Shockey, Chief Information Security Officer, Cenlar FSB Wed, 26 Jul 2023 - 0h
-
98 - Federico Kirschbaum on a life in the Argentina hacking scene Wed, 19 Jul 2023 - 0h
-
97 - Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties Wed, 12 Jul 2023 - 0h
-
96 - OpenSSF GM Omkhar Arasaratnam on open-source software security Wed, 05 Jul 2023 - 0h
-
95 - Serial entrepreneur Rishi Bhargava on building another cybersecurity company Mon, 10 Apr 2023 - 0h
-
94 - Claude Mandy on CISO priorities, data security principles Mon, 06 Mar 2023 - 0h
-
93 - Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties Wed, 15 Feb 2023 - 0h
-
92 - Paul Roberts on wins and losses in the 'right to repair' battle Thu, 19 Jan 2023 - 0h
-
91 - Katie Moussouris on where bug bounties went wrong Thu, 08 Dec 2022 - 0h
-
90 - Robinhood CSO Caleb Sima on a career in the security trenches Tue, 08 Nov 2022 - 0h
-
89 - Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars Tue, 18 Oct 2022 - 0h
-
88 - JAG-S on big-game malware hunting and a very mysterious APT Mon, 17 Oct 2022 - 0h
-
87 - Chainguard's Dan Lorenc gets real on software supply chain problems Thu, 13 Oct 2022 - 0h
-
86 - Vinnie Liu discusses a life in the offensive security trenches Sun, 07 Aug 2022
-
85 - Down memory lane with Snort and Sourcefire creator Marty Roesch Mon, 25 Jul 2022
-
84 - Subbu Rama, co-founder and CEO, BalkanID Wed, 01 Jun 2022 - 0h
-
83 - Project Zero's Maddie Stone on the surge in zero-day discoveries Tue, 10 May 2022 - 0h
-
82 - Prof. Mohit Tiwari on the future of securing data at scale Fri, 06 May 2022 - 0h
-
81 - Google's Shane Huntley on zero-days and the nation-state threat landscape Mon, 04 Apr 2022 - 0h
-
80 - Lamont Orange, CISO, Netskope Mon, 21 Mar 2022 - 0h
-
79 - Haroon Meer on the business of cybersecurity Sat, 19 Mar 2022
-
78 - Tony Pepper, co-founder and CEO, Egress Tue, 22 Feb 2022 - 0h
-
77 - Microsoft's Justin Campbell on offensive security research Sat, 08 Jan 2022 - 0h
-
76 - Costin Raiu on the .gov mobile exploitation business Thu, 23 Dec 2021 - 0h
-
75 - Amanda Gorton, co-founder and CEO, Corellium Mon, 20 Dec 2021 - 0h
-
74 - Intel's Venky Venkateswaran on hardware-enabled security Thu, 09 Sep 2021 - 0h
-
73 - Sounil Yu on SBOMs, software supply chain security Tue, 13 Jul 2021 - 0h
-
72 - Algirde Pipikaite, Centre for Cybersecurity, World Economic Forum Tue, 06 Jul 2021 - 0h
-
71 - Josh Schwartz on red-teaming and proactive security engineering Fri, 18 Jun 2021 - 0h
-
70 - Michael Laventure, threat detection and response, Netflix Thu, 10 Jun 2021 - 0h
-
69 - Google's Heather Adkins on defenders playing the long game Wed, 26 May 2021 - 0h
-
68 - Collin Greene, head of product security, Facebook Tue, 25 May 2021