Resilient Cyber

• Resilient Cyber w Phil Venables Security Leadership: Vulnerabilities to VC

  In this episode, I sit down with longtime industry leader and visionary Phil Venables to discuss the evolution of cybersecurity leadership, including Phil's own journey from CISO to Venture Capitalist. We chatted about: A recent interview Phil gave about CISOs transforming into business-critical digital risk leaders and some of the key themes and areas CISOs need to focus on the most when making that transition Some of the key attributes CISOs need to be the most effective in terms of technical, soft skills, financial acumen, and more, leaning on Phil's 30 years of experience in the field and as a multiple-time CISO Phil's transition to Venture Capital with Ballistic Ventures and what drew him to this space from being a security practitioner Some of the product areas and categories Phil is most excited about from an investment perspectiveThe double-edged sword is AI, which is used for security and needs security. Phil's past five years blogging and sharing his practical, hard-earned wisdom at www.philvenables.com, and how that has helped him organize his thinking and contribute to the community.Some specific tactics and strategies Phil finds the most valuable when it comes to maintaining deep domain expertise, but also broader strategic skillsets, and the importance of being in the right environment around the right people to learn and grow

  --------  

  30:37
• Resilient Cyber w/ Vineeth Sai Narajala: Model Context Protocol (MCP) - Potential & Pitfalls

  In this episode, I discuss the Model Context Protocol (MCP) with the OWASP GenAI Co-Lead for Agentic Application Security, Vineeth Sai Narajala. We will discuss MCP's potential and pitfalls, its role in the emerging Agentic AI ecosystem, and how security practitioners should consider secure MCP enablement.We discussed: MCP 101, what it is and why it mattersThe role of MCP as a double-edged sword, offering opportunities but additional risks and considerations from a security perspectiveVineeth's work on the "Vulnerable MCP" project is a repository of MCP risks, vulnerabilities, and corresponding mitigations.How MCP is also offering tremendous opportunities on the security-enabling side, extending security capabilities into AI-native platforms such as Claude and Cursor, and security vendors releasing their own MCP serversWhere we see MCP heading from a research and implementation perspectiveAdditional Resources:Anthropic - Introducing the Model Context Protocol (MCP)Enhanced Tool Definition Interface (ETDI): A Security Fortification for the Model Context ProtocolEnterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation StrategiesVulnerable MCP Project

  --------  

  18:32
• Resilient Cyber w/ Jay Jacobs & Michael Roytman - VulnMgt Modernization & Localized Modeling

  In this episode, I sit with long-time vulnerability management and data science experts Jay Jacobs and Michael Roytman, who recently co-founded Empirical Security.We dive into the state of vulnerability management, including:How it is difficult to quantify and evaluate the effectiveness of vulnerability prioritization and scoring schemes, such as CVSS, EPSS, KEV, and proprietary vendor prioritization frameworks, and what can be done betterSystemic challenges include setbacks in the NIST National Vulnerability Database (NVD) program, the MITRE CVE funding fiasco, and the need for a more resilient vulnerability database and reporting ecosystem.Domain-specific considerations when it comes to vulnerability identifiers and vulnerability management, in areas such as AppSec, Cloud, and Configuration Management, and using data to make more effective decisionsThe overuse of the term “single pane of glass” and some alternativesEmpirical’s innovative approach to “localized” models when it comes to vulnerability management, which takes unique organizational and environmental considerations into play, such as mitigating controls, threats, tooling, and more, and how they are experimenting with this new approach for the industry

  --------  

  33:53
• Resilient Cyber: Ravid Circus - Tackling the Prioritization Crisis in Cyber

  In this episode, we sit down with the Co-Founder and CPO of Seemplicity, Ravid Circus, to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management.We dove into a lot of great topics, including:The massive challenge of not just finding and managing vulnerabilities but also remediation, with Seemplicity’s Year in Review report finding organizations face 48.6 million vulnerabilities annually and only 1.7% of them are critical. That still means hundreds of thousands to millions of vulnerabilities need to be remedied - and organizations struggle with this, even with the context of what to prioritize.There’s a lot of excitement around AI in Cyber, including in GRC, SecOps, and, of course, AppSec and vulnerability management. How do you discern between what is hype and what can provide real outcomes?What practical steps can teams take to bridge the gap between AI’s ability to find problems and security teams’ ability to fix them?One of the major issues is determining who is responsible for fixing findings in the space of Remediation Operations, where Seemplicity specializes. Ravid talks about how, both technically and culturally, Seemplicity addresses this challenge of finding the fixer.What lies ahead for Seemplicity this year with RSA and beyond

  --------  

  23:02
• Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords

  In this episode, we sit down with Varun Badhwar, Founder and CEO of Endor Labs, to discuss the state of AI for AppSec and move beyond the buzzwords. We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale.Varun and I dove into a lot of great topics, such as:The rise of GenAI and LLMs and their broad implications on CybersecurityThe dominant use case of AI-driven development with Copilots and LLM written code, leading to a Developer productivity boost. AppSec has struggled to keep up historically, with vulnerability backlogs getting out of control. What will the future look like now?Studies show that AI-driven development and Copilots don’t inherently produce secure code, and frontier models are primarily trained on open source software, which has vulnerabilities and other risks. What are the implications of this for AppSec?How can AppSec and Cyber leverage AI and agentic workflows to address systemic security challenges? Developers and attackers are both early adopters of this technology.Navigating vulnerability prioritization, dealing with insecure design decisions and addressing factors such as transitive dependencies.The importance of integrating with developer workflows, reducing cognitive disruption and avoiding imposing a “Developer Tax” with legacy processes and tooling from security.

  --------  

  26:44

More Technology podcasts

Trending Technology podcasts

About Resilient Cyber

Resilient Cyber: Podcasts in Family