Latio: On the Record

Cloud and Application Security Deep Dives
  • 5.0 (1)
  • TECHNOLOGY
  • UPDATED MONTHLY

Deep dives into relevant cybersecurity topics, focusing especially on cloud and application security pulse.latio.tech

Episodes

  1. LotR Episode 9: The SOC Data Breakdown

    09/09/2025

    LotR Episode 9: The SOC Data Breakdown

    In this conversation, we discuss the evolving landscape of security operations, focusing on the challenges and innovations in data management, particularly in relation to Security Information and Event Management (SIEM) systems, data lakes, and the role of data pipelines. They explore the concept of cybersecurity mesh, the importance of data governance, and the need for data engineers within security teams. The discussion also touches on the impact of AI on security operations and the complexities of navigating various security tools and technologies. Guests: * Jonathan Rau - VP and Distinguished Engineer at Query.ai Summary Points: * The traditional SIEM model is being challenged by new data management approaches. * Data lakes are becoming essential for effective security data management. * Cybersecurity mesh offers a new way to access and utilize data across platforms. * Data hygiene is crucial for effective security operations. * Security teams often lack the necessary data management skills. * The role of data engineers is increasingly important in security teams. * Organizations need to be proactive in their data governance strategies. * AI is transforming how security operations are conducted. * Understanding the complexities of security tools is vital for effective management. * The future of cybersecurity standards is still evolving and requires adaptation. Chapters 00:00 Introduction to Cybersecurity and Data Management 02:21 The Evolution of Security Information and Event Management (SIEM) 05:39 Challenges with Traditional SIEMs and Data Centralization 08:16 The Shift Towards Data Lakes and Pipelines 10:44 Understanding Data Mesh and Federated Search 13:28 Navigating the Complexity of Modern Data Architectures 16:22 The Role of Data Normalization and Processing 19:21 Future Trends in Cybersecurity Data Management 26:26 Making Security Analysts' Jobs Easier 27:45 The Distinction Between Vulnerability Management and Incident Response 29:16 The Role of Data Engineers in Security 34:26 Data Hygiene and Security Hygiene 36:49 The Need for Data Engineers in Security Teams 39:41 Challenges in Tool Selection and Integration 43:56 Understanding OCSF and Apache Iceberg Get full access to Latio Pulse at pulse.latio.tech/subscribe

    45 min
  2. LotR Episode 8: What is Reachability?

    08/12/2025

    LotR Episode 8: What is Reachability?

    Featuring: * Omer Yair - Co-founder of Raven.io * Martin Torp - Co-founder of Coana (Now part of Socket.dev) Summary In this conversation, the hosts explore how reachability technologies help in vulnerability management, the challenges faced in implementation, and the best practices for choosing the right approach. The discussion also highlights the significance of network reachability and function execution in assessing risks, as well as the importance of vendor comparisons in the cybersecurity landscape. Takeaways Reachability is about determining if a vulnerability is relevant to an application. The goal of reachability is to assess exploitability. Static analysis is simpler and does not require a running application. Runtime reachability provides real-time insights into application behavior. Network reachability helps prioritize vulnerabilities based on actual risk. Function execution during runtime indicates the highest priority vulnerabilities. Choosing between static and runtime reachability depends on organizational constraints. The volume of CVEs is increasing, making effective prioritization essential. Understanding vendor capabilities is crucial for effective reachability analysis. Performance monitoring tools like Grafana can help assess the impact of security sensors. Chapters 00:00 Introduction to Reachability Technologies 01:39 Defining Reachability and Its Importance 04:38 Exploring Static vs. Runtime Reachability 10:23 Diving Deeper into Static Reachability 19:02 Understanding Runtime Reachability and Its Types 26:19 Understanding Runtime Function Execution 28:33 Static vs. Runtime Analysis: A Complementary Approach 34:23 Choosing the Right Reachability Method 37:32 Challenges in In-House Vulnerability Management 39:47 The Importance of Effective CVE Management 42:45 Navigating Reachability Analysis Challenges 45:45 Optimizing Scan Times and Performance 50:47 Performance Insights and Attack Path Considerations Get full access to Latio Pulse at pulse.latio.tech/subscribe

    55 min
  3. LotR Episode 7: Securing AI Applications

    07/22/2025

    LotR Episode 7: Securing AI Applications

    Featuring: * Dor Sarig - Co-Founder of Pillar Security * Vrajesh Bhavsar - Co-Founder of Operant AI In this episode, the hosts discuss the critical aspects of AI security with industry experts. They explore the unique challenges posed by AI technologies, the role of CISOs in navigating these challenges, and the emerging threats that organizations face. The conversation emphasizes the importance of data control, compliance, and the need for robust testing and red teaming strategies. The experts also highlight industry-specific concerns and the future of AI security tools, providing valuable insights for organizations looking to secure their AI applications. Takeaways * AI fundamentally changes how we approach security. * Protecting sensitive data and models is crucial. * Security must enable innovation, not hinder it. * Data is now executable, increasing risks. * CISOs need to focus on compliance and data control. * Emerging threats require new security strategies. * Testing AI systems is complex and requires new methods. * Industry-specific regulations impact AI security needs. * Collaboration between security and data teams is essential. * The future of AI security tools is evolving rapidly. Chapters 00:00 Introduction to AI Security 02:29 Understanding the Shift in Security Paradigms 05:18 The Rapid Evolution of AI Technologies 07:45 CISO Perspectives on AI Security 10:13 Top Concerns in AI Security 11:59 Emerging Threats and Attack Vectors 14:27 Data Governance and Compliance Challenges 17:21 The Role of Security Teams in AI Programs 22:30 Collaboration Between Security and Data Science 23:39 The Importance of Data Control in AI Security 25:00 Understanding Risks in AI Security 29:02 Identifying Malicious vs. Benign Activities 31:26 The Role of Testing Infrastructure in AI Security 33:45 Industry-Specific Security Concerns 35:52 Red Teaming and AI Security Testing 39:10 The Need for Comprehensive Threat Modeling 41:21 Data Security in the Age of AI Get full access to Latio Pulse at pulse.latio.tech/subscribe

    45 min
  4. Lotr Episode 6 - What is a SOC in 2025?

    06/26/2025

    Lotr Episode 6 - What is a SOC in 2025?

    Summary In this conversation, James Berthoty, Kyle Polley from Perplexity, and Ariful Huq from Exaforce explore the complexities of security operations, focusing on the role of Security Operations Centers (SOCs), the integration of AI, and the evolving landscape of cloud security. They discuss the motivations behind purchasing SOCs, the importance of compliance, and the challenges faced by security teams in managing alerts and incidents. The conversation highlights the potential of AI to enhance SOC functions, reduce alert fatigue, and improve detection engineering, while also addressing the need for context in security operations. The discussion concludes with insights on the future of security data and the operationalization of detection engineering. Takeaways * The initial push for SOCs often stems from compliance needs. * Understanding the budget is crucial when considering SOC options. * AI can significantly enhance the efficiency of SOC operations. * The integration of CNAPP and SOC is becoming increasingly important. * Contextual information is vital for effective incident response. * MDR solutions can be beneficial but may lack the necessary context. * Detection engineering requires a blend of security and software engineering skills. * Alert fatigue is a significant challenge for SOC teams. * The future of security data will encompass more than just logs. * AI has the potential to democratize security operations and improve analyst capabilities. Chapters 00:00 Introduction to Security Operations 01:31 Understanding the Need for SOCs 05:42 The Role of CNAP in Security 08:34 Balancing SOC and CNAP Solutions 10:08 Traditional SOC Roles and Responsibilities 11:45 The Evolving Nature of SOC Teams 13:49 Contextualizing Alerts in Security 15:32 Integrating AI into SOC Operations 20:52 Enhancing Analyst Efficiency with AI 25:39 Learning from Past Investigations 27:06 The Importance of Threat Hunting in SOCs 29:43 Leveraging AI for Threat Intelligence and Detection 31:02 Modernizing SOC Skills and Detection Engineering 35:00 Reimagining Detection Engineering with AI 38:43 The Role of Data Normalization in AI Models 40:48 The Future of AI in Security Operations 43:12 The Evolution of SIEM and Security Data Lakes Get full access to Latio Pulse at pulse.latio.tech/subscribe

    50 min
  5. LotR Episode 5 - Lessons from Shutting Down a Startup

    06/17/2025

    LotR Episode 5 - Lessons from Shutting Down a Startup

    Latio On The Record — Episode 5 Guest: Yoad Fekete (ex-Co-Founder & CEO, Mirror Security; now leads Security & Infrastructure at Lynx Security) Hosts: James Berthoty & Charrah Recorded: Wednesday, June 4 Why we wanted Yoad on Mirror Security caught our eye back in 2022 for one reason: it tackled SolarWinds-style software-supply-chain attacks head-on, instead of stopping at familiar SCA vulnerability scans. Myrror had the rare combination of genuinely differentiated and useful technology. Two years (and one graceful shutdown) later, Yoad has a rare 360-degree view of what happens when brilliant tech meets a market that just isn’t ready. Conversation highlights 0:17 Yoad’s background: Microsoft IR after SolarWinds → co-founding Mirror to catch supply-chain intrusions early 4:14 Why “traditional” SCA tools don’t flag injected build artifacts—and how Mirror’s binary-to-source matching tried to fix that 9:18 Early market signals vs. real product-market fit: the danger of mistaking enthusiasm for intent 15:35 Founder-led sales lessons: when a two-week POC needs to end at two weeks 26:20 How to judge pivots: technical edge, ecosystem partnerships, and the “three-year-contract” wall 51:45 Recognizing shutdown flags: stagnant pipeline, long sales cycles, and repeated VC “no’s” 56:23 Yoad’s three red lights before closing: 1) zero VC appetite, 2) no pipeline growth, 3) POCs that don’t convert Five takeaways you can use today * “Cool” isn’t a buying signalIf the prospect understands your tech and still won’t sign, it’s time to revisit the problem you solve. * Own the first sales yourselfHiring reps won’t save a product the founder can’t sell; use outside experts only to tighten the motion. * Two-week POC ruleValue uncovered after week two rarely tips a deal—set a stop date and stick to it. * Plan for the acquisition auditIf a big-box buyer mainly wants your team, a fully remote, distributed headcount can complicate the offer. * Graceful shutdowns take cashBudget early for vendor obligations and employee support; you owe the team a soft landing before worrying about yourself. What’s next for Yoad He’s publishing weekly LinkedIn essays on founder lessons, cybersecurity GTM strategy, and supply-chain security—worth a follow if you’re iterating on a security startup or wrestling with product-market fit. 🎧 Listen to the full episode wherever you get your podcasts, and let us know which insight resonated most. Get full access to Latio Pulse at pulse.latio.tech/subscribe

    53 min
  6. Latio on the Record Episode 4 - What's the Deal with Hardened Containers

    06/03/2025

    Latio on the Record Episode 4 - What's the Deal with Hardened Containers

    In this conversation, James Berthoty, Charrah Hardamon, Alex Zenla, and Ariadne Conill discuss the complexities of container security, focusing on low CVE images, the evolution of software distribution, and the importance of runtime protection. They explore the challenges security teams face with vulnerabilities in container images and the need for a holistic approach to security. Edera's unique approach to runtime security is highlighted, emphasizing the importance of reducing the blast radius of potential exploits and the role of AI in shaping the future of security. Takeaways * Container security is crucial in today's software development. * Low CVE images help reduce known vulnerabilities. * Docker's ease of use contributed to its widespread adoption. * Runtime protection is essential for securing containers. * Understanding the architecture of containers is key to security. * Compliance frameworks often drive security practices. * AI poses new challenges for security teams. * Holistic security approaches are necessary for effective protection. * Regularly rebuilding and redeploying images is vital for security. Chapters 00:00 Introduction to Container Security 01:45 Understanding Containers and Their Functionality 07:05 The Evolution of Software Appliances 08:49 The Rise of Docker and Its Impact 12:45 Addressing Vulnerabilities in Container Images 16:00 Runtime Security and Unknown Vulnerabilities 18:26 The Need for Coupling Security Solutions 21:31 The Misconception of Containers as VMs 24:56 The Importance of Regular Redeployment 26:52 Building Secure Software Components 28:37 Tools for Software Composition 30:42 The Role of Base Images in Security 31:17 Runtime Protection with Adara 36:38 Micro-VMs and Container Security 40:27 The Impact of AI on Security 45:23 The Future of Secure Computing Get full access to Latio Pulse at pulse.latio.tech/subscribe

    48 min

  7. 05/12/2025

    LotR Episode 3 - Digging into eBPF for Security

    Date: May 12, 2025Guest: Daniel Pacak (Software Engineer, Miggo)Hosts: James Berthoty, Charrah HardamonTopic: Building Real Runtime Security with eBPF In this episode, we go deep on eBPF and what it actually takes to build reliable, performant runtime detection, beyond the buzzwords. James and Charrah are joined by Daniel Pacak, a longtime engineer in the cloud security space whose work spans Aqua Security, Cycode, RAD Security, and now Miggo. Daniel brings years of firsthand experience building eBPF sensors and walking the line between kernel-level complexity and practical detection coverage. We open with Daniel’s journey into runtime security, beginning with his early work on Aqua’s Tracee project and continuing through multiple startup roles where he helped shape eBPF-based detection systems. He shares candid insights about the challenges of kernel instrumentation, the tradeoffs of performance versus visibility, and why function-level detection is so difficult but increasingly important. Key discussion points include: * Why runtime protection historically underperformed on Linux * How vendors differ in their approaches to eBPF integration * The technical realities behind stack unwinding, kernel hooks, and symbolization * What ADR (and CADR) really means from a backend detection perspective * Common misconceptions around eBPF and what it can (and can’t) do * Why the industry lacks a common SDK or standard framework for building sensors * Practical advice for evaluating vendors’ claims and assessing impact in real-world clusters Daniel also walks through his thinking on why some tools overload the node with too much local processing, and what a healthier architecture looks like, particularly for teams focused on tuning alerts and scaling reliably. The episode closes with a reminder that learning eBPF is a long road, but one with real payoffs for engineers interested in modern detection systems. And for security teams trying to figure out if eBPF tooling fits into their environment, Daniel gives straightforward guidance: test it in a real cluster, give it time to run, and measure both what it detects and how it performs. Follow Daniel’s work on GitHub or LinkedIn. Get full access to Latio Pulse at pulse.latio.tech/subscribe

    39 min
  8. LotR - Episode 2: tj-actions and the Supply Chain Scaries

    04/02/2025

    LotR - Episode 2: tj-actions and the Supply Chain Scaries

    Featuring: * Rami McCarthy @ Wiz * Shay Berkovich @ Wiz * Charrah Hardamon @ Miggo * James Berthoty @ Latio In this conversation, we discuss the TJ Actions incident, a significant supply chain vulnerability affecting GitHub Actions. They explore the implications of a single maintainer's code being widely used, the community's response to the incident, and the challenges of disclosure and communication. The discussion also delves into the broader impact of such vulnerabilities on the open-source ecosystem and the responsibilities of platforms like GitHub in ensuring security. In this conversation, the speakers discuss the complexities of incident management and communication strategies in the context of a significant security incident involving GitHub actions, Coinbase, and ReviewDog. They analyze the attack patterns, payloads used, and the importance of supply chain security awareness. The discussion also emphasizes the need for effective remediation strategies and best practices to enhance security in open source projects. Takeaways * TJ Actions is a supply chain issue primarily around GitHub Actions. * The incident highlights the risks of relying on a single maintainer. * Community response was crucial in addressing the vulnerability. * Disclosure practices need to be responsible and timely. * Fear-mongering can lead to misinformation about the impact of vulnerabilities. * The attack surface for open-source projects is vast and complex. * Investigating incidents requires collaboration and sharing of information. * Open-source security practices need to be scrutinized and improved. * Maintainers should be aware of the risks associated with access and contributions. * Platforms like GitHub have a responsibility to enhance security measures. We have been consistently making sure to communicate with GitHub. * It's important to empower maintainers to manage incidents. * This incident spans the shared responsibility model. * GitHub gives people a lot of tools for security. * Hash pinning actions is crucial for security. * There is a balance between usability and security in ecosystems. * The complexity of incidents can confound attempts to tell a clean story. * Proper visibility is needed to understand the attack landscape. * Organizations need to prioritize security measures effectively. * The open source community plays a vital role in security. Chapters * 00:00 Introduction to TJ Actions Incident * 01:53 Understanding the Supply Chain Vulnerability * 05:37 Community Response and Research Efforts * 09:30 Disclosure and Communication Challenges * 13:56 Impact Assessment and Fear-Mongering * 17:35 Digging Deeper: The ReviewDog Connection * 22:24 Open Source Security Concerns * 28:39 The Attack Surface and Future Mitigations * 32:32 Incident Management and Communication Strategies * 35:46 Understanding the Attack: Coinbase and ReviewDog * 38:40 Payload Analysis and Attack Patterns * 44:09 The Need for Supply Chain Security Awareness * 49:13 Remediation Strategies and Best Practices Get full access to Latio Pulse at pulse.latio.tech/subscribe

    50 min

  9. 03/25/2025

    Latio: On the Record, Episode 1

    In this episode of Latio: on the Record, experts discuss the critical aspects of cloud security, focusing on runtime security, its challenges, and the evolving threat landscape. The conversation highlights the importance of collaboration between security and DevOps teams, the need for effective incident response strategies, and the integration of AI in security practices. The panelists share insights on prioritizing security measures, addressing supply chain vulnerabilities, and the necessity of building trust in security tools and processes. Featuring: * Gal Elbaz from Oligo Security * Sergej Epp from Sysdig * Casey Lems from PagerDuty * Crystal Poenisch from Frequency Labs * James Berthoty from Latio Tech Takeaways * Runtime security has been historically overlooked in cloud security. * Prioritizing security measures involves balancing guardrails, posture management, and runtime security. * The threat landscape is evolving, with supply chain attacks becoming more prevalent. * Collaboration between security and DevOps teams is essential for effective runtime security. * Operationalizing runtime security presents unique challenges for security teams. * AI can enhance security practices but also introduces new risks. * Building trust in security tools is crucial for adoption and effectiveness. * Security must adapt to the fast-paced changes in technology and threats. * Understanding the motivations of different teams can improve collaboration. * The future of security lies in a collaborative effort across all teams. Chapters * 00:00 Introduction to Cloud Security and Runtime Challenges * 00:04 New Chapter * 02:13 Prioritizing Cloud Security Components * 03:40 Evolution of Cloud Security Practices * 06:28 Application Security and Runtime Defense * 10:15 Communicating the Importance of Runtime Security * 12:27 Integrating Runtime Security into Cloud Programs * 14:31 Operationalizing Runtime Security in SOCs * 18:46 Navigating the Complexities of Cloud Security * 23:10 Future Directions in Cloud Security * 25:44 Understanding Runtime Security Challenges * 27:32 The Evolution of User Roles in Security * 30:10 Collaboration Between Security and Development Teams * 32:55 The Impact of AI on Security Practices * 37:33 Navigating the Complexities of Security in Modern Development * 44:21 The Human Element in Security Collaboration Get full access to Latio Pulse at pulse.latio.tech/subscribe

    47 min
  • 9 Episodes

About

Deep dives into relevant cybersecurity topics, focusing especially on cloud and application security pulse.latio.tech

Information

  • Creator
    Cloud and Application Security Deep Dives
  • Years Active
    2K
  • Episodes
    9
  • Rating
    Clean
  • Copyright
    © James Berthoty
  • Show Website
    Latio: On the Record