
The Security Table
The Security Table brings together four cybersecurity industry veterans from diverse backgrounds to discuss building secure software and the challenges that arise. The podcast covers a range of topics related to software security, drawing on the hosts' extensive experience.
Episodes
Don't Bury the Model T: Why STRIDE Still Drives in an AI World
In this episode, we dig into two things the security community loves to argue about: npm finally doing the right thing and whether STRIDE has any business being called dead. The npm v12 changes gate dangerous install script behavior by default, which is a good step forward and also about a decade overdue. Then we wade into a hot take claiming that STRIDE was built for a world that no longer exists
Mostly Dead or Mostly Back: The Zombie Resurrection of DAST in an AI World
In this episode, we dig into whether DAST is dead, mostly dead, or quietly making a comeback dressed in an AI trench coat. The conversation traces the origins of dynamic application security testing from nmap scans and open source hacker tools to a market now valued at nearly four billion dollars and growing. We debate where DAST ends, and AI pen testing begins, whether AI can find a vulnerability
Realists At The Table: How To See Through The Hype
In this episode, we dig into how the cybersecurity personality has shifted from the ego-driven, hoodie-up archetype to the paycheck-chasing newcomer. The conversation covers hype cycles from mainframes to AI to quantum, whether passion or profit is driving the next generation into the field, and why we think the threat modeling problem is already solved. At the same time, everyone else keeps getti
The Agentic Access Problem: When AI Becomes Its Own Administrator
In this episode, we explore what happens when AI agents meet the security principle of least privilege. As agents gain the ability to request permissions, make decisions, and interact with systems on our behalf, the line between human and machine responsibility starts to blur. The discussion covers prompt fatigue, over-permissioned agents, and why "because the agent told me to" may becom
The Tool Creep Problem: When More Security Means Less Security
In this episode, we break down why security budgets keep growing while organizations keep falling further behind. We explore how tool creep has quietly shifted from a nuisance into an active attack surface, and why agentic AI is becoming the insider threat no one planned for. Izar shares a firsthand account of watching an AI agent attempt increasingly creative workarounds to escape a sandbox, reve
The Human In The Loop Illusion: Why AI Approvals Are Failing Security
In this episode, a debate about hacker movies turns into a deeper conversation about AI, security, and the human-in-the-loop illusion. We explore how approval fatigue and AI-generated code can create a false sense of security and why fundamentals still matter.🚀 Join the Conversation Are we improving security, or just automating bad decisions faster?FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcas
The Mythos Problem: When AI Finds Every Vulnerability
In this episode, we break down the “AI Vulnerability Storm” and what happens when AI can find—and exploit—vulnerabilities faster than humans can fix them.We explore how compressed OODA loops are shifting the balance toward attackers, why traditional scoring like CVSS may start to break down, and whether “just patch faster” is even realistic anymore. The team also questions the push toward AI agent
What If AI Never Happened? The AppSec Reality Check
In this episode, we explore a simple but surprisingly deep question: what would application security look like if generative AI never existed? We break down how AppSec might still rely on deterministic, rule-based approaches, what we might gain in structure and rigor, and what we’d lose in speed, scale, and accessibility. Along the way, we debate whether AI is truly improving security or just acce
The Evolution Problem: After 100 Episodes, What’s Changed… and What Hasn’t?
We made it to 100 episodes, so naturally, we decided to look back and see how wrong we’ve been. In this episode, we revisit some of our past topics, predictions, and hot takes to figure out what still holds up and what didn’t quite land. From “we don’t know what we don’t know” to the evolution of security tools, we reflect on what’s changed, what hasn’t, and why some problems never seem to go away
The Agent Access Problem: When AI Has the Keys, Who’s Really in Control?
In this episode, we dive into the messy reality of AI agents acting inside your systems and what that means for modern security. We explore the idea of agents as actors with real access—credentials, APIs, and permissions—and why this isn’t as new as it sounds (hint: it’s just applications all over again). We unpack where things actually get risky, from over-permissioned agents to unpredictable beh
The Invisible Code Problem: When You Can’t See the Attack, Can You Stop It?
In this episode, we dive into the strange world of invisible Unicode attacks and what they could mean for modern software security. We explore how hidden characters can be used to conceal malicious code within packages, why this isn’t entirely a new problem, and whether current tools, such as linters and SAST, are equipped to detect it. We also question the role of LLMs in both enabling and detect
The Moltbook Dilemma: What Happens When AI Agents Start Networking
In this episode, we discuss the implications of AI technologies like OpenClaw and Moltbot, exploring the potential threats and societal changes that may arise from their integration into daily life. We talk about the nature of AI communication, the concept of agentic AI, and the philosophical questions surrounding the future of human and machine interaction. Per usual our conversation is laced wit
The Walking Dead of Security: When AI Resurrects the Build vs. Buy Debate
Are cybersecurity technologies really dead, or are reports of their demise greatly exaggerated? Today’s episode is a discussion on how AI is reshaping the classic build vs. buy debate, empowering non-engineers to create working prototypes and potentially reviving the DIY coding culture of pre-open-source days. We also talk about how developers trained on open source are now leveraging AI built fro
Crystal Penguins and AI Chaos: What Could Go Wrong in 2026?
We’re predicting what 2026 has in store for AI and cybersecurity. We explore the wild possibilities of AI integration gone wrong, from people accidentally connecting their AI to sensitive file systems to blaming their AI agents for losing critical data. The conversation takes a thoughtful turn as they debate which jobs might fall to AI automation and if the human touch is still irreplaceable? Exam
The Cost of Knowing: How Cybersecurity Professionals View Innovation Differently
We’re pulling back the curtain on the technology industry to reveal what life looks like when you're constantly aware of what can go wrong. From the loss of childlike wonder when encountering new tech to the ethical dilemmas posed by autonomous vehicles, we discuss the unique burden of seeing technology's darker possibilities. We’re examining how years of witnessing security breaches and
The Roller Coaster of Risk: A Threat Modeler's Perspective
What do roller coasters and threat modeling have in common? More than you'd think. In this episode, we explore how security professionals view risk differently than everyone else—and why that matters. From roller coaster anxiety to the ethics of identifying danger, we dive into the unique mindset that comes with being a threat modeler. Because once you learn to see threats everywhere, there&a
Can AI Replace Security Teams? The Software Quality Debate
Is the cybersecurity industry facing a security problem or a software quality problem? In this episode, we’re tackling the controversial claim that AI advancements could make security teams obsolete—and uncover the deeper issues plaguing software development. The conversation reveals an uncomfortable truth: software companies often transfer the risk of vulnerabilities to customers, creating a syst
The Debate: Is the CIA Triad Truly Dead?
We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role
Don’t Forget the Beauty of Simplicity: Exploring Shifts in Software Development
We’re debating the concepts of 'Shift Left' and 'Shift Down' in the world of cybersecurity. We explore the intricacies of developer responsibility, the impact of modern AI on code security, and the delicate balance between innovation and secure coding practices. Join us for a thought-provoking discussion that ranges from keeping our digital world secure, efficient and, most imp
More Cowbell: Security and Speed in Agile
We’re diving into the relevance and execution of threat modeling within agile development environments. We dissect the claims, explore the true integration of agile practices with threat modeling, and address the misconceptions and challenges commonly faced. Check out the episode to find out if threat modeling is indeed slowing down agile processes or if it can be seamlessly integrated for better
Privateering the Cyber Seas: New Legislation on Cybercrime
We’re discussing the intriguing world of cyber privateers and the concept of 'hacking back' against cyber criminals. The discussion centers around a proposed bill in the U.S. Congress, H.R. 4988, that aims to authorize private individuals to pursue cyber criminals with the full backing of government-issued letters of marque. We explore the historical context of privateers, the potential
Making Privacy Less Cringey
Dr. Kim Wuyts and Avi Douglen join us in today's episode. Both guests are fresh from their training sessions at Black Hat and DEF CON in Las Vegas and share a quick overview of their experiences. We discuss a newly developed privacy awareness card game called 'Context and Cringe,' which aims to educate participants about privacy issues in a fun and interactive way. We also cover an
Decoding Mastro: AI Threat Modeling
We’re discussing the article, “Agentic AI Threat Modeling Framework: Maestro published back in February of this year on the Cloud Security Alliance blog. We discuss the various layers, patterns, and threats outlined in the framework, comparing it to existing methodologies like STRIDE and PASTA, and evaluate Maestro's structure, its potential complexity for developers, and its overall practica
Vibe Startups, AI Problems, and Matt’s Precious Computer
We’re talking about the rise of "vibe startups" - entrepreneurs hunting for problems to solve rather than building solutions from personal experience. We chat about AI security challenges, questioning whether these are truly new problems or just old security concepts repackaged for the AI era. From prompt injection and guardrails to the scary reality of AI agents acting as humans, we exa
AI, AppSec and the Meaning of Life: The Answer is 42
What are the core competencies that matter most for modern application security teams? Today we discuss understanding code and systems thinking and the crucial ability to assess risk in context - plus why your AppSec team might eventually get absorbed into engineering (and why it could be a good thing). We debate the role of developer mindset in security, the importance of technical depth over too
Building the World's Largest Threat Model Library
Today we’re joined by Petra Vukmirovic. Petra, is the head of information security at Numan and co-leader of the Threat Model Library Project. Petra shares her vision for creating a massive, structured dataset of crowdsourced threat models that could revolutionize how the cybersecurity community learns and shares threat modeling knowledge. We explore the complex challenges of convincing companies
Vibe Coding: Can You Put Your Trust in the Machine?
We’re discussing vibe coding again and how AI-generated code is reshaping software development. We discuss the trustworthiness and maintainability of AI-generated code, examining the challenges of reviewing and integrating automated changes at scale. The conversation spans from practical concerns about code quality to broader implications for open-source projects in an AI-augmented world. We talk
Traversing the Conference Circuit: Highlights and Insights
It’s security conference season and we’re discussing the importance of networking, the value of in-person connections, and sharing insightful tips for delivering effective presentations. From recapping our conference experiences, debating the significance of keynotes, to reminiscing about the impact of classic rock bands like Def Leppard. Listen now to hear about conference experiences, mentoring
MCP…Something Could Go Wrong
We’re discussing the complexities of the Model Context Protocol (MCP) and its application in AI systems. Join us for an in-depth discussion about MCP, agent-to-agent communication, and potential security vulnerabilities. We wrap up with a thought-provoking conversation on the future of AI safety and the challenges it presents. FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Securi
Threat Modeling or Threat Intelligence, Are they the Same?
Listen in as we debate the differences between threat intelligence and threat modeling. What distinguishes these two concepts in cybersecurity, and how do they inform each other? The conversation explores definitions, real-world examples, and the interconnected relationship between proactive threat modeling and reactive threat intelligence.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedI
Skillset Over Experience: Rethinking Qualifications in Cybersecurity
Today we delve into the evolving landscape of cybersecurity hiring, debating the merits of prioritizing skills over degrees and experience. From discussing the value of critical thinking and hands-on skills to the potential role of AI in the workforce, the conversation navigates the complexities of hiring practices. We share personal anecdotes, insights from industry articles, and our experiences
Vibe Coding: What Could Possibly Go Wrong?
Vibe coding, or using AI to generate code by describing what you want. We critically examine the concerns surrounding AI-generated code, including code quality, security risks, and the potential for creating numerous low-quality applications. Our discussion explores whether AI can truly provide foolproof, production-ready code, or if it should be limited to idea generation and prototyping. Catch o
The Department of No
We’re discussing the complexities of saying 'yes' or 'no' in the context of security decisions in today’s episode and the enduring challenge of integrating security into software development. The conversation swerves into the intriguing idea of a trade-like progression for developers, contrasting it with current knowledge work. The episode culminates in a hit parade of pop cult
The Cyber Trust Mark Debate
The Cyber Trust Mark, a new FCC program aimed at assuring the security of IoT devices is the topic of discussion today. We discuss various aspects of the Cyber Trust Mark, the history of similar initiatives like UL certification, and the challenges faced by consumers in determining the security of their devices. They also debate the merits and drawbacks of regulations like the EU's Cyber Resi
Hovercrafts and the Evolution of AppSec in 2025
Hovercrafts and application security in the new year. We revisit last year's predictions on Quantum LLM, SBOMs, and whether DAST tools will make a comeback. With humor and forward-thinking, we explore what the future might hold for application security, the rise of new technologies, and even the outlandish idea of AppSec being dead. Episode mentioned:AppSec Resolutions - January 9, 2024FOLLOW
Find Your Conferences and watch Die Hard. And the Princess Bride.
What makes a conference truly valuable? Is it the unexpected connections and serendipitous meetings of minds, or the chance to break free from the "security echo chamber" by exploring diverse conference experiences? We discuss the considerations that make conferences worth attending and examine whether they are compelling enough to warrant personal investment. Whether large or intimate,
Is it Necessary? Not everything requires an LLM
We debate the necessity and efficiency of LLMs in finding code vulnerabilities in a C library compared to traditional static code analyzers and fuzzing techniques. The conversation explores broader topics in application security testing, including the evolving landscape of Dynamic Application Security Testing (DAST), fuzzing, and the potential of emerging technologies like Application Detection an
The STRIDE Controversy: Evolution vs. Extinction in Security Models
We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We discuss how STRIDE serves as a useful categorization system, emphasize that dogmatic approaches to threat modeling are problematic, and argu
Why 100X Isn't the Answer
A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about Shift Left. The group debates whether it is truly more expensive to fix design flaws versus implementation bugs, noting the difficulty of qua
We'll Be Here Until We Become Obsolete
This week we explore the multifaceted concept of obsolescence in technology, detailing its planned, unplanned, and forced forms. We delve into the security implications of outdated or unsupported devices and software, with a spotlight on cloud-connected vehicles and their vulnerabilities. We discuss architectural decisions, regulatory requirements, and real-world incidents like the OnStar hack, re
Everything is Boring
Is everything boring? Chris, Izar and Matt discuss why nothing seems interesting enough lately. Is the excitement of vulnerabilities and ransomware waning? The guys touch on Governance, Risk, and Compliance (GRC) in corporate auditing, the impact of ransomware and the contentious role of cyber insurance, the fading novelty of AI and its influence on security, and examine why essential security tas
Experts Want to Excel
What constitutes an expert in the field of threat modeling? Today Matt, Chris and Izar explore cultural references, the intricacies of threat modeling practices, and the criteria that define an expert. The discussion touches on the evolution of threat modeling, the roles of facilitators, and the importance of experience and recognition in the field. The guys humorously debate the challenge of scal
Numb to Data Breaches, and How it Impacts Security of the Average Feature
In this episode of the Security Table with Chris Romeo, Izar Tarandach, and Matt Coles, the team dives into the evolving landscape of modern security approaches. They discuss the shift from strategy to tactics, the impact of data breaches, and why people are becoming numb to such incidents. The episode also touches on the importance of understanding the business side of security and the role of pr
Philosophizing Cloud Security
In this episode of the Security Table, our hosts discuss the concept of the 'Shared Fate Model' in cloud security. The conversation explores how this model builds on the shared responsibility model and the implications for cloud service providers and consumers. From robust default security measures to the historical evolution of ISPs, the discussion covers technical and philosophical asp
Innovations in Threat Modeling?
In this episode of The Security Table, hosts Chris Romeo, Izar Tarandach, and Matt Coles dive into the evolving concept of threat models, stepping beyond traditional boundaries. They explore 'Rethinking Threat Models for the Modern Age,' an article by author Evan Oslick. Focusing on user behavior, alert fatigue, and the role of psychological acceptability, they debate whether broader hum
The Illusion of Secure Software
In this episode of The Security Table Podcast, hosts ChriS, Izar and Matt dive into the recent statement by CISA's Jen Easterly on the cybersecurity industry's software quality problem. They discuss the implications of her statement, explore the recurring themes in security guidelines, and debate whether the core issue is with people or technology. Join the conversation as they analyze t
The Intersection of Hardware and Software Security
In this episode of The Security Table, Chris, Izar, and Matt discuss an article that discusses threat modeling in the context of hardware. They explore the intersection of hardware and software security, the importance of understanding attack surfaces, and the challenges posed by vulnerabilities in hardware components, such as speculative execution faults and the impact of supply chain security. J
Computing Has Trust Issues
Join us in this episode of The Security Table as we dive into the world of cybersecurity, starting with a nostalgic discussion about our favorite security-themed movies like 'Sneakers,' 'War Games,' and 'The Matrix.' We then shift gears to explore a critical topic in modern computing: the vulnerabilities and implementation issues of Secure Boot. Discover the intricate
The Stages of Grief in Incident Response
Join Chris, Izar, and Matt as they sit around the Security Table to dissect and discuss the different stages of dealing with security incidents. In this episode, they explore the developer's stages of grief during an incident, and discuss a recent large-scale IT incident. They share insights from their multi-decade experience in security, analyze the fragility of current systems, and discuss
To SSH or Not?
In this episode of 'The Security Table,' we are back from our midsummer break to discuss OpenSSH regression vulnerability. We dig into the nuances of this race condition leading to remote code execution, explore the chain of security updates, and the role of QA in preventing such regressions. We debate the necessity of SSH in modern cloud-native environments and its alternatives. Plus, w
Rethinking Security Conferences: Engagement and Innovation
In this episode Chris, Matt, and Izar discuss the current state of security conferences and gatherings for professionals in the field. They discuss the value and viability of different types of gatherings, the importance of networking and community-building at events, innovative approaches to conference formats and the need for something more engaging and participatory that caters to both introver
Privacy vs. Security: Complexity at the Crossroads
In this episode of the Security Table, Chris, Izar, and Matt delve into the evolving landscape of cybersecurity. The episode has a humorous start involving t-shirts and Frogger as a metaphor for the cybersecurity journey, the conversation shifts to the significant topic of cybersecurity being at a crossroads as suggested by a CSO Online article. They explore the concept of moving from a product-ce
Security, Stories, Jazz and Stage Presence with Brook Schoenfield
In this episode of 'The Security Table,' hosts Chris Romeo, Izar Tarandach, and Matt Coles are joined by Brook Schoenfield, a seasoned security professional, to share insights and stories from his extensive career. The conversation covers Brook's experience in writing books on security, lessons learned from his 40-year career, and personal anecdotes about his life as a musician, inc
Debating the CISA Secure by Design Pledge
In this episode of 'The Security Table,' hosts Chris Romeo, Matt Coles, and Izar Tarandach discuss the CISA Secure by Design Pledge, a recent initiative where various companies commit to improving software security practices. The hosts critique the pledge, arguing that many of the signatory companies have long been focused on software security, making the pledge redundant for them. They
Why Developers Will Take Charge of Security, Tests in Prod
The script delves into a multifaceted discussion encompassing critiques and praises of book-to-movie adaptations like 'Hitchhiker's Guide to the Galaxy', 'Good Omens', and 'The Chronicles of Narnia'. It then transitions to a serious examination of developers' evolving role in security, advocating for 'shift left' and DevSecOps approaches. The conve
12 Factors of Threat Modeling
Chris, Matt and Izar share their thoughts on an article published by Carnegie Mellon University’s Software Engineering Institute. The list from the article covers various threat modeling methodologies such as STRIDE, PASTA, LinDoN, and OCTAVE methodology for risk management. They emphasize the importance of critical thinking in the field, provide insights into strengths, applications, and limitati
XZ and the Trouble with Covert Identities in Open Source
Matt, Izar, and Chris delve into the complexities of open source security. They explore the topics of trust, vulnerabilities, and the potential infiltration by malicious actors. They emphasize the importance of proactive security measures, the challenges faced by maintainers, and propose solutions like improved funding models and behavior analysis for enhancing security within the open source ecos
Nobody's Going To Mess with Our STRIDE
Matt, Izar, and Chris take issue with a controversial blog post that criticizes STRIDE as being outdated, time-consuming, and does not help the right people do threat modeling. The post goes on to recommend that LLMs should handle the task. The trio counters these points by highlighting STRIDE's origin, utility, and adaptability. Like any good instrument, it is important to use the right tool
SQLi All Over Again?
Chris, Matt, and Izar discuss a recent Secure by Design Alert from CISA on eliminating SQL injection (SQLi) vulnerabilities. The trio critiques the alert's lack of actionable guidance for software manufacturers, and they discuss various strategies that could effectively mitigate such vulnerabilities, including ORMs, communicating the why, and the importance of threat modeling. They also explo
How I Learned to Stop Worrying and Love the AI
Dive into the contentious world of AI in software development, where artificial intelligence reshapes coding and application security. We spotlight the surge of AI-generated code and the incorporation of copy-pasted snippets from popular forums, focusing on their impact on code quality, security, and maintainability. The conversation critically examines the diminishing role of traditional quality
Secure by Default in the Developer Toolset and DevEx
Matt, Chris, and Izar talk about ensuring security within the developer toolset and the developer experience (DevEx). Prompted by a recent LinkedIn post by Matt Johansen, they explore the concept of "secure by default" tools. The conversation highlights the importance of not solely relying on tools but also considering the developer experience, suggesting that even with secure tools, the
Debating the Priority and Value of Memory Safety
Chris, Izar, and Matt tackle the first point of the recent White House report, "Back to the Building Blocks: a Path toward Secure and Measurable Software." They discuss the importance of memory safety in software development, particularly in the context of critical infrastructure. They also explore what memory safety means, citing examples like the dangers of using C over safer alternati
Selling Fear, Uncertainty, and Doubt
Matt, Izar, and Chris discuss the impact of fear, uncertainty, and doubt (FUD) within cybersecurity. FUD is a double-edged sword - while it may drive awareness among consumers, it also leads to decision paralysis or misguided actions due to information overload. The saturation of breach reports and security threats also desensitizes users and blurs the line between vigilant security practices and
Prioritizing AppSec: A Conversation Between a VP of Eng, a Product Manager, and a Security "Pro"
Prompted by fan mail, Chris, Izar, and Matt engage in a role-playing scenario as a VP of engineering, a security person, and a product manager. They explore some of the challenges and competing perspectives involved in prioritizing application security. They highlight the importance of empathy, understanding business needs and language, and building relationships within an organization while deali
Villainy, Open Source, and the Software Supply Chain
Matt, Izar, and Chris have a lively discussion about how security experts perceive open-source software. Referencing a post that described open source as a 'hive of scum and villainy,' the team dissects the misconceptions about open source software and challenges the narrative around its security. They explore the complexities of the software supply chain, the notion of 'inheritance
Adam Shostack -- Thinking like an Attacker and Risk Management in the Capabilities
Threat modeling expert Adam Shostack joins Chris, Izar, and Matt in this episode of the Security Table. They look into threat actors and their place in threat modeling. There's a lively discussion on risk management, drawing the line between 'thinking like an attacker' and using current attacker data to inform a threat model. Adam also suggests that we must evaluate if risk assessme
Bug Bounty Theater and Responsible Bug Bounty
Izar, Matt, and Chris discuss the effectiveness of bug bounty programs and delve into topics such as scoping challenges, the ethical considerations of selling exploits, and whether it is all just bug bounty theater. The hosts share their insights and opinions on the subject, providing a thought-provoking discussion on the current state of bug bounties in the security industry.FOLLOW OUR SOCIAL MED
Threat Modeling Capabilities
This week around the Security Table Matt, Izar and Chris discuss the recently-published Threat Modeling Capabilities document. They explore how capabilities serve as measurable goals that organizations either possess or lack, contrasting the binary nature of capabilities with the continuum of maturity. The team shares insights on the careful definition and measurement of each capability, highlight
Open Source Puppies and Beer
Chris, Izar, and Matt address the complexities of open-source component usage, vulnerability patches, civic responsibility, and licensing issues in this Security Table roundtable. Sparked by a LinkedIn post from Bob Lord, Senior Technical Advisor at CISA, they discuss whether software companies have a civic duty to distribute fixes for vulnerabilities they discover in open-source components. They
AppSec Resolutions
Join us for the final episode of The Security Table for 2023. Chris, Izar, and Matt answer fan mail, make fun predictions for the upcoming year, discuss their resolutions for improving cybersecurity, and make a call to action to global listeners. Highlights include the reach of the podcast, explaining Large Language Models (LLMs), Quantum LLMs, Software Bill of Materials (SBOM), and the importance
The Impact of Prompt Injection and HackAPrompt_AI in the Age of Security
Sander Schulhoff of Learn Prompting joins us at The Security Table to discuss prompt injection and AI security. Prompt injection is a technique that manipulates AI models such as ChatGPT to produce undesired or harmful outputs, such as instructions for building a bomb or rewarding refunds on false claims. Sander provides a helpful introduction to this concept and a basic overview of how AIs are st
Looking Back, Looking Forward
Join Izar, Matt, and Chris in a broad discussion covering the dynamics of the security community, the evolving role of technology, and the profound impact of social media on our lives. As the trio considers what they are most thankful for in security, they navigate a series of topics that blend professional insights with personal experiences, offering a unique perspective on how these elements int
CVSS 4.0 Unleashed with Patrick Garrity
Patrick Garrity joins the Security Table to unpack CVSS 4.0, its impact on your program, and whether or not it will change the game, the rules of how the game is played, or maybe the entire game.FOLLOW OUR SOCIAL MEDIA:➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜YouTube: The Security Table YouTube ChannelThanks for Listening!
An SBOM Lifecycle
Aditi Sharma joins Matt, Izar, and Chris around the Security Table to discuss Software Bill of Materials (SBOMs). The team discusses potential advantages as well as challenges of SBOMs in different contexts such as SaaS solutions, physical products, and internal procedures. The episode also explores the importance of knowing what software components a company is consuming and the significance of S
An SBOM Fable
Join Chris, Matt, and Izar for a lively conversation about an article that offers 20 points of "essential details" to look for in a Software Bill of Materials (SBOM). They dissect and debate various points raised in the article, including generating SBOMs, the necessary components, and how to gauge the quality of this digital inventory. Their critique is both insightful and humorously ca
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
Matt, Chris, and Izar discuss the recently published "NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations." They review each point and critically analyze the document's content, pointing out areas where the terminology might be misleading or where the emphasis should be shifted. As they work through the top ten list, several trends and larger conversations
The Future Role of Security and Shifting off the Table
The Security Table gathers to discuss the evolving landscape of application security and its potential integration with development. Chris posits that application or product security will eventually be absorbed by the development sector, eliminating the need for separate teams. One hindrance to this vision is the friction between security and engineering teams in many organizations.Many people thi
A Show About Nothing that Turned into Something
The Security Table gathers this week to discuss expectations about tooling in the Application Security industry. Matt emphasizes that tools should essentially automate tasks that humans can perform but in a faster and more efficient manner. The conversation then shifts to the overwhelming nature of communication platforms like Slack. Izar highlights the challenges of managing attention spans and c
The Hamster Wheel of Scan and Fix
Matt and Izar join in a debate with Chris Romeo as he challenges the paradigm of "scan and fix" in application security. Chris references a LinkedIn post he made, which sparked significant reactions, emphasizing the repetitive nature of the scan and fix process. His post critiqued the tools used in this process, noting that they often produce extensive lists of potential vulnerabilities,
Threat Modeling Conference
The Security Table gathers to discuss the upcoming ThreatModCon 2023 (https://www.threatmodelingconnect.com), the inaugural and only conference dedicated entirely to threat modeling.ThreatModCon 2023 Sunday, October 29, 2023Marriott Marquis Washington, DCThe Threat Modeling Conference will cover various aspects of threat modeling, from AI integration to privacy concerns, from a brief history of th
Recommended

Dad V Girls After Hours

Saints‘ Hill Church Podcast

The Arab Film Club Podcast

AI Fire Daily

The Fifteenth Page Show | AI Systems, Marketing Tips, andContent Marketing Strategy for Busy Teams

Intrigue Outloud

The Daily

Doctor Zhivago Slow Read

Conspiracy Files with Paige Carter

This Past Weekend w/ Theo Von

The Theory of Psychoanalysis - Carl Jung

A Life Engineered