The Security Table Izar Tarandach, Matt Coles, and Chris Romeo
-
- Technology
The Security Table is four cybersecurity industry veterans from diverse backgrounds discussing how to build secure software and all the issues that arise!
-
Security, Stories, Jazz and Stage Presence with Brook Schoenfield
In this episode of 'The Security Table,' hosts Chris Romeo, Izar Tarandach, and Matt Coles are joined by Brook Schoenfield, a seasoned security professional, to share insights and stories from his extensive career. The conversation covers Brook's experience in writing books on security, lessons learned from his 40-year career, and personal anecdotes about his life as a musician, including playing with legends like Bo Diddley and Chuck Berry. Brook highlights the importance of ensemble wo...
-
Debating the CISA Secure by Design Pledge
In this episode of 'The Security Table,' hosts Chris Romeo, Matt Coles, and Izar Tarandach discuss the CISA Secure by Design Pledge, a recent initiative where various companies commit to improving software security practices. The hosts critique the pledge, arguing that many of the signatory companies have long been focused on software security, making the pledge redundant for them. They dissect specific goals of the pledge, such as increasing multi-factor authentication (MFA) and reducing def...
-
Why Developers Will Take Charge of Security, Tests in Prod
The script delves into a multifaceted discussion encompassing critiques and praises of book-to-movie adaptations like 'Hitchhiker's Guide to the Galaxy', 'Good Omens', and 'The Chronicles of Narnia'. It then transitions to a serious examination of developers' evolving role in security, advocating for 'shift left' and DevSecOps approaches. The conversation navigates through challenges developers encounter in security practices, stressing the necessity of a DevSecOps framework, secure coding la...
-
12 Factors of Threat Modeling
Chris, Matt and Izar share their thoughts on an article published by Carnegie Mellon University’s Software Engineering Institute. The list from the article covers various threat modeling methodologies such as STRIDE, PASTA, LinDoN, and OCTAVE methodology for risk management. They emphasize the importance of critical thinking in the field, provide insights into strengths, applications, and limitations of each method, and highlight the significance of annotated threat models for application sec...
-
XZ and the Trouble with Covert Identities in Open Source
Matt, Izar, and Chris delve into the complexities of open source security. They explore the topics of trust, vulnerabilities, and the potential infiltration by malicious actors. They emphasize the importance of proactive security measures, the challenges faced by maintainers, and propose solutions like improved funding models and behavior analysis for enhancing security within the open source ecosystem.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast➜LinkedIn: The Security Table Podcast➜Yo...
-
Nobody's Going To Mess with Our STRIDE
Matt, Izar, and Chris take issue with a controversial blog post that criticizes STRIDE as being outdated, time-consuming, and does not help the right people do threat modeling. The post goes on to recommend that LLMs should handle the task. The trio counters these points by highlighting STRIDE's origin, utility, and adaptability. Like any good instrument, it is important to use the right tools in the right context. They also touch upon the common misconceptions about threat modeling, the...