All Episodes

January 17, 2019 (64 mins)

Our conversation with Wendy traces her incredibly diverse career, hitting the wayback machine to responding to war dialing attacks at a bank in Switzerland to her current time at Duo/Cisco trying to make authentication easy & safe... or at least suck less. Wendy has found the magic formula of having "seen it all" but keeps an open mind and fresh perspective.


January 17, 2019 (51 mins)

We take a dive into the state of application security to explore what happens to security when developers run the infrastructure. Zane shifts left back to his days in the pastures of Central California to his time in NY helping to shape DevSecOps for Etsy. This is the 1st of a series where we explore what's happening in the red hot app sec market. 


February 14, 2019 (68 mins)

Dave's interview of Carey is for anyone who ever thought they might want to write a book, be a professor, know what it was like in the early days of antivirus when the days samples arrived by Fedex... or was simply curious as to what Google X has cooking in security. We also explore Carey's super power: an uncanny ability to make tech topics approachable to anyone.


February 21, 2019 (38 mins)

Jack's conversation with John is another episode in our app sec series exploring John's unique perspective from his time advising companies at the Denim Group to his work with the Air Force and the State of Texas.  Jack and John riff on software security trends, the security industry in general and John's famous "no purchase authority" t-shirt.


March 15, 2019 (62 mins)

Mark's interview is the 3rd episode in our application security series where we discuss OWASP's origins & present state, the complicated relationship between security teams and developers, open source and a bunch more. Mark shares what worked (and didn't) while building SourceClear and what he sees happening to security when software finally eats the world.


March 22, 2019 (61 mins)

Recently "retired" software security legend Gary McGraw joins us for an unfiltered conversation.  Gary's walks us through the history of software security with his characteristic sharp humor and insights, sparing no "poser or pretender" along the path to today. Any conversation with Gary uncovers his diverse interests from his life as a musician to gardening, from reading fiction to writing textbooks; Jack's interview of Gary is no exception.

07/ PING LI 

March 29, 2019 (65 mins)

We kick off our investor series with Ping Li of Accel Partners who was recently named the #2 investor in the Silicon Valley and is one of the most prominent investors in the security industry. We cover the biggest mistakes security companies make, how to successfully pitch your company to a veteran investor like Ping and we play an inaugural game of buzzword bingo to see if there's truly a market for that AI-powered blockchain idea you've been kicking around.


April 12, 2019 (60 mins)

Our latest episode features an 1 hour interview with iconic Silicon Valley CISO Justin Somaini.  He explains common mistakes made by investors and vendors, what it feels like to be a global CSO of a 90,000 person company, who the CISO should report to and how the CISO can win in the boardroom. Sales people, this is one if for you: Justin explains how you can avoid stepping on CISOs' toes and what you can do to stand out from the crowd.  For aspiring or young security leaders, Justin shares generously from his playbook including what should be your focus in the critical first weeks of a new job.


May 3, 2019 (64 mins)

Noah is the smart guy you sat next to at an industry dinner whose perspective on network forensics and GDPR were as interesting as his weeklong isolated "vacation" on the tundra of Baffin Island.  An understated yet up and coming security investor currently at Point72, Noah’s take on the security market is insightful and raw: he explains why there are too many security companies and why it matters. He details why the mid-market is underserved by security vendors. The 2nd in our investor series exploring how security companies are funded and how it impacts the industry.


May 17, 2019 (64 mins)

Our guest in this episode, Justin Dolly, stands apart as a no-nonsense CISO who has covered a truly broad spectrum of problems such as negotiating consumer privacy trade-offs for fitness wearables while at Jawbone or diving headlong into the ransomware problem at MalwareBytes. During this episode, Justin weighs in on the future of identity, the death of passwords and whether moving to a ZeroTrust model is more aspirational than practical. Justin’s fiercely pragmatic approach and gift for storytelling make this one of our favorite episodes so far.


May 31, 2019 (53 mins)

Part 3 of our investor series offers a unique perspective on the security market as Jack and I interview Kara Nortman, partner at Los Angeles-based Upfront Ventures who balances investments in enterprise and consumer without an explicit focus on cyber. Our conversation covers a number of big questions: Will Silicon Valley continue as the heart of tech in the future? Is it better to have a killer insight or to know how to build a product? Kara also reveals her “full family” approach to helping her portfolio companies, explaining why the key to unlocking product marketing success might actually be a curious 8 year old.


June 14, 2019 (61 mins)

Mike Reavey has quietly left his fingerprints on some of the biggest moments in security. He began as a Captain in the Air Force, locking down networks from attack by adversaries back when APT was still shorthand for “apartment”. Mike recounts his time spent battling the most destructive malware the industry has ever seen (Blaster, Slammer, Code Red, etc.) while leading Microsoft Security Response and how he later kept Azure out of the headlines while heading up cloud security in Redmond. He recently made a hard turn into gaming security at Electronic Arts where he’s been learning the many nuances of protecting a fast-moving entertainment company where creativity and speed are king. 


June 28, 2019 (60 mins)

What happens when you take a longtime security pro and turn her into a venture capitalist? We find out in the 4th installment of our investor series when we interview Dr. Chenxi Wang, fresh off her 1 year anniversary starting Rain Capital. The start of our interview showcases the grasp of our market that makes Chenxi such a sought-after partner-- we go deep into the transformation of app sec, poking at fuzzing vs. static analysis, package vs. code level analysis and more. We do a brief retrospective on Kubecon before diving into her reflections on being a full-time investor, starting with what separates an angel from a true venture capitalist.  Before hitting our usual hype-o-meter and speed round questions, we discuss exactly how she ended up on the board of directors for a logistics company based out of North Dakota.


July 12, 2019 (78 mins)

Few topics capture our imagination like the Internet of Things (IoT)-- our concerns swing from how much that Alexa in the kitchen is really listening to us all the way to doomsday scenarios orchestrated by a violent robot takeover.  Our conversation with Shaun Cooley lays the foundation for a rational understanding of IoT risks, starting with its role in stopping rhino poaching in an African game preserve. After explaining the full IoT landscape, we explore how it is fundamentally different from “normal” IT security and how the coming IT/OT convergence could result in an epic clash of cultures-- not to mention a few breaches. No IoT conversation is complete without covering 5G and satellite internet, and nor do we spare you the required musings on how it could all go quite wrong when no one is looking. 


July 26, 2019 (61 mins)

Robocalls have plagued our phones in recent years, prompting many of us to no longer answer calls if we don’t immediately recognize the number. Ballpark estimates put the number of calls in 2018 at 48 Billion-- a 50% increase from the previous year. Ever wondered who was behind the flood of phone spam? How much they make? Where they’re from? How they got your number? We dig deep into the robocall epidemic with telecom expert TProphet, answering all of these questions and more before breaking down what telcos and legislators are doing to try and improve the situation. After comparing the North American robocall problem to the one in China, we take a look ahead at what the future holds for phone spam.

August 16, 2019 (15 mins)

Dark clouds seem to hang over the security industry, especially after Black Hat and DEF CON. Playing constant defense can be disheartening, especially after hearing about every new type of possible attack in Las Vegas.  We felt everyone could use a little post conference pick-me up so we pulled together this short (~15 min) episode which focuses on all the positive things that are happening in the industry from past interviews. We’ve often reflected on how interesting and encouraging it is that every guest we’ve interviewed has always had something they thought was much improved from the past— and how every one of these industry luminaries called out something different than the others.

August 30, 2019 (44 mins)

Seemingly everyday a security company announces that it has raised a new, big round of funding. As we close out our investor series, Jack and I wanted to highlight the bootstrappers— those brave people who kickstart their businesses using solely their own resources. Our conversation with Zack Schuler of Ninjio illustrates the experience security awareness training company that began with no funding but a loan from his bank account. While Zack had the benefit of a previous exit (he bootstrapped his 1st company at the age of 21), his mentality and practices are that of someone who hustles for every deal, obsesses over each hire and makes painstaking decisions about how he uses his time and money.

September 13, 2019 (52 mins)

Seemingly everyday a security company announces that it has raised a new, big round of funding. As we close out our investor series, Jack and I wanted to highlight the bootstrappers— those brave people who kickstart their businesses using solely their own resources. Our conversation with Zack Schuler of Ninjio illustrates the experience security awareness training company that began with no funding but a loan from his bank account. While Zack had the benefit of a previous exit (he bootstrapped his 1st company at the age of 21), his mentality and practices are that of someone who hustles for every deal, obsesses over each hire and makes painstaking decisions about how he uses his time and money.


September 26, 2019 (80 mins)

Joel Fulton’s journey began in Alaska as a free range kid with dreams of becoming a fireman to ultimately find him in one of the most prestigious CISO roles in cyber security at Splunk. Our conversation twists through his time as a computer auditor, MMA fighter, an author, a salesman, a PhD student and a few other positions in between. Our 1 hour plus dialogue with Joel showcases the breadth of his interests as well as his gift for taking seemingly unrelated concepts and connecting them to illustrate a point, from choke holds to The Philosopher’s Toolkit all the way to systematic dismemberment. Joel’s interview offers plenty of practical examples for aspiring and longtime CISOs, breaking down how he thinks about discovery, orchestration and security training. 

October 14, 2019 (63 mins)

The Silicon Valley legend is the college drop-out who made billions… but what if instead they stayed in the dorm room? This is the intriguing story of Marcin Kleczynski and MalwareBytes, told in a candid ~1-hour interview where he explains how his company was built in vivid detail. Marcin takes us through his formative moments as a Polish immigrant in Illinois helping his family’s cleaning business to his choice to remain in school at his mother’s insistence while MalwareBytes was making millions. Dave and Marcin discuss key product questions such as how much is too much product functionality to give away, how to work with the channel, whether or not you can effectively serve both consumer and enterprise markets and the future of endpoint protection. 

19/ NILOOFAR RAZI-HOWE (Part 1 of 2)

November 10th 2019 (57 mins)

There are stories, and then there are “epics”: tales of a journey so full of unexpected twists and excitement that you’re left wondering how all that could happen to a single person. Niloo Razi Howe’s life is such an epic. Whereas most epics feature men with swords, this one focuses on a woman with heels and a hockey stick. Her career which began as an author and quickly moved to becoming a McKinsey consultant and then attorney… until she founded one of the few modestly successful online pet supply businesses in the 90s.  Moved by 9-11, Niloo found the cyber security market and made it her sole focus as an investor at Paladin Capital Group.  Niloo took subsequent roles transforming a startup and then tried her hand at transforming industry titan RSA. Niloo then left it all to focus on her terminally ill mother. This experience affected her profoundly and we wrap up this first part of our conversation with Niloo by exploring how she now structures her career on 3 pillars of different activities versus 1 job.

19/ NILOOFAR RAZI-HOWE (Part 2 of 2)

November 24th 2019 (39 mins)

The 2nd half of our conversation with Niloo focuses on her recent work in Washington DC where she holds several positions and recently (October 22nd, 2019) testified to Congress on the United State’s cyber security readiness. We begin with the topic of retaliation: What’s the proper response to a cyber attack if you want to discourage future aggression? With the 2020 elections on the horizon, Niloo explains her perspective on influence campaigns such as the highly publicized activities by Russia in the ’16 presidential elections. We end on a hopeful note: there are plenty of reasons to believe things will be better in the future in cyber security, starting with government restructuring from long outdated WW2 norms to a more modern organization design.  

December 7th 2019 (58 mins)

It all changed one day while Nand was sitting in traffic on the 101 freeway. Why am I doing this? Nand had experienced no less than 4 successful exits of cyber security companies where he was founder or CEO. He was one of the most accomplished cyber security entrepreneurs in the Silicon Valley and his origins trace back to writing compilers for Sun Microsystems. At that moment, Nand decided to leave corporate life and set course to start a new phase of his career in the government-- a goal from his youth back in New Delhi. 

December 21st 2019 (78 mins)

We spent an hour exploring election security (and more) with Camille Stewart, a cyber security attorney with experience working inside tech companies as well as considerable time spent on Capitol Hill in both the Department of Homeland Security and as a consultant. Camille breaks down the major aspects of election security and we discuss why it’s seemingly so fractured across municipalities-- and why that may not be such a bad thing after all.  We debate how election defenses might be improved, from the role of open source and private services to “defending forward” by taking out troll farms. While Camille declined to grade our readiness for the attacks in 2020 (which have already begun), Camille does make predictions about what will happen during the ‘20 elections, including the likelihood of domestic influence campaigns.

  • Facebook
  • Twitter

© 2019 Security