Hacker Valley Studio

Hacker Valley Media
  • 4.7 (60)
  • TECHNOLOGY
  • UPDATED WEEKLY

Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.

  1. 22H AGO

    Beating “Checkbox Security” With Continuous Offense with Sonali Shah

    Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure. Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies. Impactful Moments 00:00 - Introduction 02:21- Sonali’s unexpected CEO path 06:10 - Compliance isn’t real security 10:19 - PTaaS: start in 24 hours 12:33- 5,000 pentests yearly scale 17:01 - Humans beat automation limits 20:16 - AI behavior vulnerabilities emerge 27:54 - Indirect prompt injection explained 30:51 - Why juniors + AI is risky 38:27 - 2026 becomes AI battleground Links Connect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/ Check out Cobalt: https://www.cobalt.io   ____ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    42 min

  2. 2D AGO

    Turning Agent Chaos into a Command Center with Pedram Amini

    Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track. In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down. Impactful Moments 00:00 - Intro 02:05 - Codex desktop sparks agent shift 06:40 - Harness beats model iteration 08:10 - Context window: the hidden limiter 12:10 - Terminal sprawl creates agent chaos 14:05 - Maestro panels: agents, tabs, history 17:25 - Auto Run: fresh context per task 26:15 - “Donate tokens” via Symphony PRs 28:20 - AI tax debate gets spicy 33:05 - Start simple: download and run   Links Connect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/ Check out Maestro for yourself: https://runmaestro.ai/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    38 min

  3. JAN 29

    Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

    Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    33 min

  4. JAN 25

    When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

    Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today. Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations. Impactful Moments 00:00 - Introduction 04:16 - Malware before money existed 07:30 - Cheesy biscuits changed cybersecurity 13:10 - When documents became dangerous 14:33 - Crime replaced curiosity 15:23 - Sony proved no one was safe 20:15 - Reporting hacks without causing harm 24:01 - AI replacing penetration testers 29:18 - Agentic AI shifts the threat model 36:30 - Why rushing AI breaks trust Links Connect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    37 min

  5. JAN 18

    When Automation Outruns Control with Joshua Bregler

    AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and catastrophe. In this episode, Ron sits down with Joshua Bregler, Senior Security Manager at McKinsey’s QuantumBlack, to dissect how AI agents, pipelines, and dynamic permissions are reshaping application security. From prompt chaining attacks and MCP server sprawl to why static IAM is officially obsolete, this conversation gets brutally honest about what works, what doesn’t, and where security teams are fooling themselves. Impactful Moments 00:00 – Introduction 02:15 – AI agents create identity chaos 04:00 – Static permissions officially dead 07:05 – AI security is still AppSec 09:30 – Prompt chaining becomes invisible attack 12:23 – Solving problems vs solving AI 15:03 – Ethics becomes an AI blind spot 17:47 – Identity is the next security failure 20:07 – Frameworks no longer enough alone 26:38– AI fixing insecure code in real time 32:15 – Secure pipelines before production Connect with our Guest Joshua Bregler on LinkedIn: https://www.linkedin.com/in/breglercissp/   Our Links Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    37 min

  6. JAN 15

    The Day AI Stopped Asking for Permission with Marcus J. Carey

    AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and consequences became unavoidable. In this episode, Ron sits down with Marcus J. Carey, Principal Research Scientist at ReliaQuest, to examine what happens after AI is given authority: agents running in production, prompt debt replacing technical debt, vibe coding accelerating risk, and maintenance emerging as the true bottleneck. Together, they discuss how cybersecurity, software engineering, and the job market are shifting now that AI operates with autonomy, often faster than organizations can explain what their systems are actually doing. Impactful Moments 00:00 - Introduction 02:26 - AI agents cross into production 03:35 - Trust boundaries become attack surfaces 6:46 - Vibe coding and hidden technical debt 09:22 - Prompt debt changes everything 17:40 - Why junior knowledge disappears 19:00 - AI replaces repetitive cyber workflows 23:43 - Coding becomes human leverage 29:30 - Fall in love with the problem   Connect with our guest, Marcus J. Carey: LinkedIn https://www.linkedin.com/in/marcuscarey/ X https://x.com/marcusjcarey   Articles and Books Mentioned: Article used for discussion:  https://www.techradar.com/pro/security/this-webui-vulnerability-allows-remote-code-execution-heres-how-to-stay-safe   Atomic Habits: https://jamesclear.com/atomic-habits-summary   Fall in Love with the Problem, Not the Solution: https://sobrief.com/books/fall-in-love-with-the-problem-not-the-solution   Our Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    34 min

  7. JAN 8

    When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

    AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t velocity, it’s invisible security debt compounding faster than teams can see it. In this episode, Ron Eddings sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, and Henrik Plate, Principal Security Researcher of Endor Labs, to break down how AI-assisted development is reshaping the software supply chain in real time. From MCP servers exploding across GitHub to agents trained on insecure code patterns, they analyze why traditional AppSec controls fail in an agent-driven world and what must replace them. This conversation pulls directly from Endor Labs’ 2025 State of Dependency Management Report, revealing why most AI-generated code is functionally correct yet fundamentally unsafe, how malicious packages are already exploiting agent workflows, and why security has to exist inside the IDE, not after the pull request. Impactful Moments 00:00 – Introduction 02:00 – Star Wars meets cybersecurity culture 03:00 – Why this report matters now 04:00 – MCP adoption explodes overnight 10:00 – Can you trust MCP servers 12:00 – Malicious packages weaponize agents 14:00 – Code works, security fails 22:00 – Hooks expose agent behavior 28:30 – 2026 means longer lunches 33:00 – How Endor Labs fixes this Links Connect with our Varun on LinkedIn: https://www.linkedin.com/in/vbadhwar/ Connect with our Henrik on LinkedIn: https://www.linkedin.com/in/henrikplate/   Check out Endor Labs State of Dependency Management 2025: https://www.endorlabs.com/lp/state-of-dependency-management-2025   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    35 min

  8. JAN 1

    Think Like a Hacker Before the Hack Happens with John Hammond

    What if the most dangerous hackers are the ones who never touch a keyboard? The real threat isn't just about stolen credentials or ransomware; it's about understanding how attackers think before they even strike. In cybersecurity, defense starts with offense, and the best defenders are those who've walked in the hacker's shoes. In this episode, Ron sits down with John Hammond, principal security researcher at Huntress and one of cybersecurity's most recognizable educators. John shares his journey from Coast Guard enlistee to YouTube creator, building an entire media company around ethical hacking. They dig into the balance between public research and responsible disclosure, the rise of AI-augmented attacks, and why identity is now the biggest attack surface in modern enterprises. Impactful Moments: 00:00 - Introduction 01:00 - AI weaponized in cyber espionage 05:00 - Learning by teaching publicly 09:00 - Balancing curiosity with responsible disclosure 13:00 - Building a creator company 16:00 - Identity as the new frontier 20:00 - AI agents running breach simulations 22:00 - Predictions for cybersecurity in 2026 25:00 - Ron's hacking habit confession   Links: John Hammond LinkedIn: https://www.linkedin.com/in/johnhammond010/ John Hammond Youtube: https://www.youtube.com/@_JohnHammond Article for Discussion: https://www.reuters.com/world/europe/russian-defense-firms-targeted-by-hackers-using-ai-other-tactics-2025-12-19/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

    28 min
See All (412)

4.7
out of 5
60 Ratings

About

Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.

Information

  • Creator
    Hacker Valley Media
  • Years Active
    2019 - 2026
  • Episodes
    412
  • Rating
    Clean
  • Copyright
    © Copyright 2019 All rights reserved.
  • Show Website
    Hacker Valley Studio

You Might Also Like