Resilient Cyber

In this episode, we sit down with the Co-Founder and CPO of Seemplicity, Ravid Circus, to discuss tackling the prioritization crisis in cybersecurity and how AI is changing vulnerability management.

We dove into a lot of great topics, including:

In this episode, we sit down with Varun Badhwar, Founder and CEO of Endor Labs, to discuss the state of AI for AppSec and move beyond the buzzwords. 

We discussed the rapid adoption of AI-driven development, its implications for AppSec, and how AppSec can leverage AI to address longstanding challenges and mitigate organizational risks at scale.

Varun and I dove into a lot of great topics, such as:

In this episode, we sit down with David Melamed and Shai Horovitz of the Jit team. 

We discussed Agentic AI for AppSec and how security teams use it to get real work done.

We covered a lot of key topics, including:

In this episode, we sit down with Piyush Sharrma, CEO and co-founder of the Tuskira team. They're an AI-powered defense optimization platform innovating around leveraging an Agentic Security Mesh.

We will dive into topics such as Platform vs. Point Solutions, Security Tool Sprawl, Alert Fatigue, and how AI can create "intelligent" layers to unify and enhance security tooling ROI.

We discussed:

We sit with Lasso Security CEO and Co-Founder Elad Schulman in this episode.

Lasso focuses on secure enterprise LLM/GenAI adoption, from LLM Applications, GenAI Chatbots, Code Protection, Model Red Teaming, and more. Check them out at https://lasso.security

We dove into a lot of great topics, such as:

In this episode, we sit with security leader and venture investor Sergej Epp to discuss the Cloud-native Security Landscape. Sergej currently serves as the Global CISO and Executive at Cloud Security leader Sysdig and is a Venture Partner at Picus Capital. We will dive into some insights from Sysdig's recent "2025 Cloud-native Security and Usage Report."

Big shout out to our episode sponsor, Yubico!

Passwords aren’t enough. Cyber threats are evolving, and attackers bypass weak authentication every day. YubiKeys provides phishing-resistant security for individuals and businesses—fast, frictionless, and pass...

In this episode, we sit down with Lior Div and Nate Burke of 7AI to discuss Agentic AI, Service-as-Software, and the future of Cybersecurity. Lior is the CEO/Co-Founder of 7AI and a former CEO/Co-Founder of Cybereason, while Nate brings a background as a CMO with firms such as Axonius, Nagomi, and now 7AI.

Lior and Nate bring a wealth of experience and expertise from various startups and industry-leading firms, which made for an excellent conversation.

We discussed:

In this episode, we sit down with Investor, Advisor, Board Member, and Cybersecurity Leader Chenxi Wang to discuss the interaction of AI and Cybersecurity, what Agentic AI means for Services-as-a-Software, as well as security in the boardroom

Chenxi and I covered a lot of ground, including:

In this episode, we sit down with Rob Shavell, CEO and Co-Founder of DeleteMe, an organization focused on safeguarding exposed personal data on the public web and addressing user privacy challenges.

We dove into a lot of great topics, such as:

In this episode of Resilient Cyber, we sit down with Steve Martano, Partner in the cyber Security Practice at Artico Search, to discuss the recent IANS & Artico Search Publications on the 2025 State of the CISO, security budgets, and broader security career dynamics.

Steve and I touched on some great topics, including:

In this episode of Resilient Cyber, we catch up with Katie Norton, an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions.

Katie and I discussed:

In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency.

We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks.

Ed and I dove into a lot of interesting GenAI Security topics, including:

In this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.

Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.

Sounil and I dug into a lot of interesting topics, such as:

SecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI.

In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational risks.

Grant and I dug into a lot of great topics, such as:

While cybercriminals can (and do) infiltrate organizations by exploiting software vulnerabilities and launching brute force attacks, the most direct—and often the most effective—route is via the inbox. As the front door of an enterprise and the gateway upon which employees rely to do their jobs, the inbox represents an ideal access point for attackers.

And it seems that, unfortunately, cybercriminals aren’t lacking when it comes to identifying new ways to sneak in. Abnormal Security’s Field CISO, Mick Leach, will discuss some of the sophisticated threats we anticipate escalating in the coming year—including cryptocurr...

In this episode, we sit down with Rajan Kapoor, Field CISO of Material Security, to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management.

Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered:

We’ve heard a ton of excitement about AI Agents, Agentic AI, and its potential for Cybersecurity. This ranges in areas such as GRC, SecOps, and Application Security (AppSec).

That is why I was excited to sit down with Ghost Security Co-Founder/CEO Greg Martin.

In this episode, we sit down with Ghost Security CEO and Co-Founder Greg Martin to chat about Agentic AI and AppSec. Agentic AI is one of the hottest trends going into 2025, and we will discuss what it is, its role in AppSec, and what system industry challenges it may help ta...

In this episode, we will be sitting down with Filip Stojkovski and Dylan Williams to dive into AI, Agentic AI, and the intersection with cybersecurity, specifically Security Operations (SecOps).

I’ve been following Filip and Dylan for a bit via LinkedIn and really impressed with their perspective on AI and its intersection with Cyber, especially SecOps. We dove into that in this episode including:

In this episode, we sit down with StackAware Founder and AI Governance Expert Walter Haydock. Walter specializes in helping companies navigate AI governance and security certifications, frameworks, and risks. We will dive into key frameworks, risks, lessons learned from working directly with organizations on AI Governance, and more.

In this episode, we sit with the return guest, Jim Dempsey. Jim is the Managing Director of the Cybersecurity Law Center at IAPP, Senior Policy Advisory at Stanford, and Lecturer at UC Berkeley. We will discuss the complex cyber regulatory landscape, where it stands now, and implications for the future based on the recent U.S. Presidential election outcome.

We dove into a lot of topics including:

In this episode of Resilient Cyber I will be chatting with industry leaders Tyler Shields and James Berthoty on the topic of "Shift Left".

This includes the origins and early days of the shift left movement, as well as some of the current challenges, complaints and if the shift left movement is losing its shine.

We dive into a lot of topics such as:

In this episode we sit down Shyam Sankar, Chief Technology Officer (CTO) of Palantir Technologies. We will dive into a wide range of topics, from cyber regulation, software liability, navigating Federal/Defense cyber compliance and the need for digital defense of the modern national security ecosystem.

- First off, for those unfamiliar with you and your background, can you tell us a bit about yourself, as well as Palantir?

You're a big proponent on the role that software plays now, and will play in the future when it comes the fifth domain of warfare, cybersecurity...

In this episode we sit down with Mark Simos to dive into his RSA Conference talk "You're Doing It Wrong - Common Security AntiPatterns" to dig into several painfully true anti-patterns in cybersecurity and how we often are our own worst enemy.

-

- First off, for those not familiar with you or your background, can you tell us a bit about that.

- So you delivered this talk at RSA, focused on Cybersecurity "Anti-Patterns". How did the talk come about and how was it received by the audience?

We won't...

- First off, for those who don't know you, can you tell us a bit about your background?

- You've been providing a deep dive talk into how to become a CISO. I'm curious, what made you put together the presentation, and how has it been received so far when you've had a chance to deliver it?

- You have broken down what you call "four stages of the journey" that encompasses skills in areas such as Technical, Management, Leadership and Political. This to me comes across as CISO's need to be multidisciplinary professionals with...

- First off, for folks not familiar with your background, can you tell us a bit about that and how you got to the role you're in now?

- We see rapid adoption of AI and security inevitably trying to keep up, where should folks start?

- There are some really interesting intersections when it comes to AI and supply chain, what are some of them?

- We see a thriving OSS ecosystem around AI, including communities and platforms like Hugging Face. What are some key things to keep in mind here?
<...

In this episode we sit down with Amir Kessler and Aviram Shmueli of AppSec innovator Jit to dive into the complexities of the modern AppSec landscape and explore the emerging Application Security Posture Management (ASPM) ecosystem.

- First off, for folks not familiar with your backgrounds, can you tell us a bit about both of your backgrounds and how you got to the roles you're in now?

- We're seeing a ton of interest in the topic of ASPM in the AppSec space. What do you think has led...

- For those that don't know you, can you tell us a bit about your background and your current role?

- I know you help lead the ATLAS project for MITRE, what exactly is ATLAS and how did it come about?

- The AI threat landscape is evolving quickly, as organizations are rapidly adopting GenAI, LLM's and AI more broadly. We are still flushing out some fundamental risks, threats and vulnerabilities to consider. Why is it so important to have a way to characterize it all?

- When it comes to AI Security...

In this episode we sit down with GenAI and Security Leader Steve Wilson to discuss securing the explosive adoption of GenAI and LLM's. Steve is the leader of the OWASP Top 10 for LLM's and the upcoming book The Developer's Playbook for LLM Security: Building Secure AI Applications

-

- First off, for those not familiar with your background, can you tell us a bit about yourself and what brought you to focusing on AI Security as you have currently?

- Many may not be familiar with the OWASP LLM Top 10, can you tell...

In this episode we sit down with the Founder/CEO of Horizon3.ai to discuss disrupting the Pen Testing and Offensive Security ecosystem, and building and scaling a security startup - from a founders perspective.

From HP, to Splunk to JSOC - all leading to founding Horizon3, Snehal brings a unique perspective of business acumen and technical depth and puts on a masterclass around venture, founding and scaling a team and disrupting the industry!

---

- For those not familiar with your background who Horizon3AI, can you tell us a bit about...

- For those not familiar with you and ThreatLocker, can you tell us a bit about yourself and the ThreatLocker team?

- When we look out at the endpoint protection landscape, what do you feel some of the most pressing threats and risks are?

- There of course has been a big push for Zero Trust in the industry being led by CISA, NIST, and industry. How does ThreatLocker approach Zero Trust when it comes to the Endpoint Protection Platform?

- Another thing that caught my eye is the ThreatLocker Allowlisting capability. We...

In this episode we sit down with Chloe Messdaghi, Head of Threat Intelligence at HiddenLayer, an AI Security startup focused on securing the quickly evolving AI security landscape. HiddenLayer was the 2023 RSAC Innovation Sandbox Winner and offers a robust platform including AI Security, Detection & Response and Model Scanning.

- For folks now familiar with you or the HiddenLayer team, can you tell us a bit about your background, as well as that of HiddenLayer?

- When you look at the AI landscape, and discussions around securing AI, what is the current state of things as...

- For folks not familiar with you and your background, can you tell us a bit about that?

- How about Resourcely, how did it come about and what problem did you set out to tackle?

- Why do you think Cloud Misconfigurations are still so pervasive, despite being fairly well into the Cloud adoption lifecycle?

- How have organizations traditionally tried to handle secure configurations, in terms of establishing them, maintaining them, monitoring for drift and so on?

- Where do you think we're headed, I know you all recently...

- First off, for folks now familiar with your background, can you tell us a bit about yourself?

- You made the leap from working for a firm to founding your own talent and recruiting company. Can you tell us about that decisions and experience?

- Before we dive into specific topics, what are some of the biggest workforce trends you are seeing in cyber currently? I have seen you talk about the pendulum shift from workers to employers on aspects like remote roles, and so on. What is the current dynamic across the cyber...

- For folks not familiar with you or the Miggo team, can you tell us a bit about your background?

- How do you define ADR and why do you think we have seen the need for this new category of security tooling to come about?

- Most organizations are struggling with vulnerability overload, with massive vulnerability backlogs and struggles around vulnerability prioritization. Can you share some insights on how you all tackle this problem?

- We're increasingly seeing the AppSec space become more complex, with Cloud, API's, Microservices, IaC and more. What...

- First off, for those that don't know you or your work, would you mind telling us a bit about your background?

- You recently published a paper titled "Secure-by-Design at Google" which got a lot of attention. Can you tell us about the paper and some of the key themes it emphasizes?

- In the paper you discuss some of the unique aspects of software that are different from mass-produced physical systems. Such as their dynamic and iterative nature. On one hand you mention how the risk of introducing a new defect over time...

- First off, for folks that don't know you, can you tell us a bit about your current role and background?

- On that same note, can you tell the audience a bit about Anduril, the mission of the organization and some of the current initiatives it is working on?

- What are some of the biggest challenges of being a new entrant in a space such as the DoD, which has longstanding system integrators and large prime contractors who have deep relationships, industry expertise/experience and so on?

- I know you're...

- For those that don't know you or haven't come across you quite yet, can you tell us a bit about your background in tech/cyber and your role with GitHub?

- What exactly is the GitHub Advisory Database and what is the mission of the team there?

- There's been a big focus on vulnerability databases, especially lately with some of the challenges of the NVD. What role do you see among the other vulnerability databases in the ecosystem, including GHAD and how it fits into the ecosystem?

- GitHub has a...

- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?

- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?

- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?

- Going broader, we have seen a recent uptick in the interest around VulnMgt...

- For those unfamiliar, please tell us a bit about your background, as well as about RAD Security. What do you all focus on and specialize in?

- Your team recently was part of the RSAC Innovation Sandbox. Can you tell us a bit about that experience, and being able to highlight the innovative capabilities of RAD to such a key audience?

- You recently published a comprehensive resource on Kubernetes Security Posture Management (KSPM), what are some of the key items in there folks need to be focusing on?

- The RAD...

- For those don't know your background or Nucleus Security, can you start by telling us a bit about both?

- You have experience and a background in the Federal environment, and Nucleus recently achieved their FedRAMP authorization, can you tell us a bit about that process?

- When you look at the Federal/Defense/IC VulnMgt landscape, what are some of the biggest problems from your experience and where do you think innovative products and solutions can help?

- Going broader, we have seen a recent uptick in the interest around VulnMgt...