The Security Repo Mackenzie Jackson & Dwayne McDaniel

In this episode of The Security Repo, we dive into the fascinating world of cybersecurity with JR Johnson, a seasoned information security professional with over 14 years of experience. JR shares his journey from web development to penetration testing and cybersecurity consulting, highlighting the unique challenges faced by higher education institutions. Tune in to learn about the complexities of securing university networks, the importance of foundational security practices, and JR's expert advice for both IT professionals and students. Whether you're interested in cybersecurity or work in academia, this episode offers valuable insights into protecting educational environments in the digital age.

Social Media for JR
X (Twitter): https://x.com/infosecjr
Linkedin: https://www.linkedin.com/in/jr-johnson-853952203/

Join us in this episode of The Security Repo Podcast as we dive into the world of cybersecurity with Brendan Honadle. From his humble beginnings in desktop support to becoming a skilled red teamer, Brendan shares his inspiring journey and fascinating stories from the field. Discover the strategies, tools, and techniques used in offensive security, and gain insights into the challenges and triumphs of penetration testing. Whether you're a cybersecurity enthusiast or a seasoned professional, this episode is packed with valuable lessons and real-world exploits you won't want to miss.

In this episode of The Security Repo, we are thrilled to welcome Sonya Moisset, a Senior Advocate at Snyk and a renowned expert in DevSecOps, cybersecurity, and AI. With a wealth of experience as a public speaker, mentor, and top contributor to the tech community, Sonya shares her deep insights into the evolving landscape of AI in cybersecurity.

Join us as we dive into the pressing issues surrounding generative AI and large language models (LLMs), including the concept of shadow AI, the risks of using AI tools without proper oversight, and real-world examples of security breaches involving AI. Sonya discusses the importance of implementing robust security policies and fostering an open dialogue within organizations to mitigate these risks.

We also explore fascinating topics such as prompt injection attacks, the role of AI in both offensive and defensive cybersecurity strategies, and the emerging frameworks guiding ethical AI use. Whether you're a security professional, a developer, or simply curious about the intersection of AI and cybersecurity, this episode offers valuable knowledge and practical advice.



.Show Links

Sonya Moisset social media links

Linkedin: https://www.linkedin.com/in/sonyamoisset/

X (Twitter): https://x.com/SonyaMoisset

Introduction: 0:00

What are the security risks with AI and LLMs: 1:10

Prompt Injection Car Dealership: 6:39

Prompt Injection: 8:46

Guardrails for AI: 16:00

Using AI for Red Teaming: 25:19

Regulations for AI security 32:16

Best and Worst: 34:10

In this episode of The Security Repo, Dwyane McDaniel and Marc Boorshtein delve into the intricacies of Kubernetes dashboard security. Marc, the CTO of Tremolo Security, brings his extensive experience in identity and access management to the table, discussing the challenges and best practices for securing Kubernetes dashboards. The conversation explores the importance of dashboards, common security pitfalls, and innovative solutions to enhance user access and safety. Tune in for valuable insights on navigating the complex landscape of Kubernetes security.

Show Notes
Learn more about Tremolo - https://www.tremolosecurity.com/
Follow Marc
Linkedin - https://www.linkedin.com/in/marc-boorshtein-5979a82
Twitter (X) - https://x.com/mlbiam

Intro: 0:00
Kubernetes dashboards, why?: 0:45
Why don't we talk about k8 dashboard: 3:50
Security concerns with Dashboards: 10:37
The value of dashboards in k8: 12:37
What is Tremolo: 18:55
Common pitfalls for K8 security: 26:10
Besta and worst: 34:46

Join us this week as we host Eric Fourrier, co-founder and CEO of GitGuardian. Discover the journey of GitGuardian from a side project to a leading code security platform. Eric shares insights on the startup's growth, the integration of AI in security, and the future of protecting digital assets. Tune in for an engaging discussion on advancing code security in our digital world.

Show Notes:
GitGuardian https://gitguardian.com
State of Secrets Sprawl Report https://www.gitguardian.com/state-of-secrets-sprawl-report-2024
GitGuardian Blog https://blog.gitguardian.com

Eric Fourrier Socials
Linkedin: https://www.linkedin.com/in/ericfourrier/

inro: 0:00
Origin of GitGuardian: 0:55
Why wasn't secrets detection a big problem: 5:08
State of Secrets Sprawl Report: 09:50
Can we solve secret leakage: 18:08
Finding secrets outside source code: 22:22
The evolution of GitGuardian: 25:18
Single pane of glass: 30:15
The problem of remediation: 32:55
The role of AI in security tools: 36:10
Best and Worst: 42:25

Today we dive into the challenges of securing modern IT infrastructures, focusing on "Secret Zero" and its implications for authentication practices. Our guest, Mattias Gees of Venify, discusses the SPIFFE framework and its role in transitioning from traditional security methods to dynamic workload identities. We explore practical strategies for implementing SPIFFE to enhance digital security across cloud environments. Join us for a comprehensive look at evolving cybersecurity measures and the future of identity management.



Show Notes:

Mattias Social Links

Linkedin - https://www.linkedin.com/in/mattiasgees/

Twitter (X) - https://twitter.com/MattiasGees



You also might like our episode with Uri Sarid - https://www.youtube.com/watch?v=reKbGE1c5Ig

Introduction: 0:00
What is secret zero: 1:39
Why is machine identity so hard: 4:15
The machine identifies vs user identities: 11:06
What is SPIFFE? (Secure Production Identity Framework for Everyone): 14:20
SPIFFE fundamentals/architecture: 17:15
GitGuardian: 20:08
How to implement SPIFFE: 21:00
Why we aren't leveraging identify best practices: 26:40
Will SPIFFE be the future? 27:27
Secrets Managers vs SPIFFEE: 31:05
Venify and identify management: 32:38
Best and worst security advice: 38:28
Wrap up: 41:00