The Security Table

EXPLORE

Society & Culture

Health & Fitness

© 2024 PodJoint

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/6d/d3/09/6dd30922-62b1-d32a-5879-02da32ab3eef/mza_17278746116602364752.jpg/600x600bb.jpg

The Security Table

Izar Tarandach, Matt Coles, and Chris Romeo

91 episodes

1 week ago

We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybersecurity. Listen along to our discussion on whether the foundat...

Show more...

All content for The Security Table is the property of Izar Tarandach, Matt Coles, and Chris Romeo and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybersecurity. Listen along to our discussion on whether the foundat...

Show more...

Episodes (20/91)

The Security Table

The Debate: Is the CIA Triad Truly Dead?

We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybersecurity. Listen along to our discussion on whether the foundat...

1 week ago

29 minutes

The Security Table

Don’t Forget the Beauty of Simplicity: Exploring Shifts in Software Development

We’re debating the concepts of 'Shift Left' and 'Shift Down' in the world of cybersecurity. We explore the intricacies of developer responsibility, the impact of modern AI on code security, and the delicate balance between innovation and secure coding practices. Join us for a thought-provoking discussion that ranges from keeping our digital world secure, efficient and, most importantly, simple. The Modernization Imperative: Shifting Left is for Suckers. Shift Down Instead. FOLLOW ...

3 weeks ago

33 minutes

The Security Table

More Cowbell: Security and Speed in Agile

We’re diving into the relevance and execution of threat modeling within agile development environments. We dissect the claims, explore the true integration of agile practices with threat modeling, and address the misconceptions and challenges commonly faced. Check out the episode to find out if threat modeling is indeed slowing down agile processes or if it can be seamlessly integrated for better security outcomes. The Problem With Threat Modeling in Application Security: Too Slow, Too Theore...

1 month ago

48 minutes

The Security Table

Privateering the Cyber Seas: New Legislation on Cybercrime

We’re discussing the intriguing world of cyber privateers and the concept of 'hacking back' against cyber criminals. The discussion centers around a proposed bill in the U.S. Congress, H.R. 4988, that aims to authorize private individuals to pursue cyber criminals with the full backing of government-issued letters of marque. We explore the historical context of privateers, the potential legal and ethical implications, and the modern-day ramifications of such measures. And debate whether bring...

1 month ago

35 minutes

The Security Table

Making Privacy Less Cringey

Dr. Kim Wuyts and Avi Douglen join us in today's episode. Both guests are fresh from their training sessions at Black Hat and DEF CON in Las Vegas and share a quick overview of their experiences. We discuss a newly developed privacy awareness card game called 'Context and Cringe,' which aims to educate participants about privacy issues in a fun and interactive way. We also cover an upcoming training session at Global AppSec DC in November, where attendees will learn practical privacy strategi...

1 month ago

28 minutes

The Security Table

Decoding Mastro: AI Threat Modeling

We’re discussing the article, “Agentic AI Threat Modeling Framework: Maestro published back in February of this year on the Cloud Security Alliance blog. We discuss the various layers, patterns, and threats outlined in the framework, comparing it to existing methodologies like STRIDE and PASTA, and evaluate Maestro's structure, its potential complexity for developers, and its overall practicality and usefulness in the threat modeling arena. Listen along as we unravel the intricacies of the fr...

1 month ago

49 minutes

The Security Table

Vibe Startups, AI Problems, and Matt’s Precious Computer

We’re talking about the rise of "vibe startups" - entrepreneurs hunting for problems to solve rather than building solutions from personal experience. We chat about AI security challenges, questioning whether these are truly new problems or just old security concepts repackaged for the AI era. From prompt injection and guardrails to the scary reality of AI agents acting as humans, we examine whether the industry's obsession with AI is leaving traditional security gaps exposed. FOLLOW OUR SOCI...

2 months ago

42 minutes

The Security Table

AI, AppSec and the Meaning of Life: The Answer is 42

What are the core competencies that matter most for modern application security teams? Today we discuss understanding code and systems thinking and the crucial ability to assess risk in context - plus why your AppSec team might eventually get absorbed into engineering (and why it could be a good thing). We debate the role of developer mindset in security, the importance of technical depth over tool knowledge, and how to build teams that truly enable rather than gate development. FOLL...

3 months ago

45 minutes

The Security Table

Building the World's Largest Threat Model Library

Today we’re joined by Petra Vukmirovic. Petra, is the head of information security at Numan and co-leader of the Threat Model Library Project. Petra shares her vision for creating a massive, structured dataset of crowdsourced threat models that could revolutionize how the cybersecurity community learns and shares threat modeling knowledge. We explore the complex challenges of convincing companies to share their threat models publicly, diving into concerns about legal liability, competitive ad...

3 months ago

49 minutes

The Security Table

Vibe Coding: Can You Put Your Trust in the Machine?

We’re discussing vibe coding again and how AI-generated code is reshaping software development. We discuss the trustworthiness and maintainability of AI-generated code, examining the challenges of reviewing and integrating automated changes at scale. The conversation spans from practical concerns about code quality to broader implications for open-source projects in an AI-augmented world. We talk about identifying telltale patterns in AI-generated code and why context and traceability are bec...

4 months ago

43 minutes

The Security Table

Traversing the Conference Circuit: Highlights and Insights

It’s security conference season and we’re discussing the importance of networking, the value of in-person connections, and sharing insightful tips for delivering effective presentations. From recapping our conference experiences, debating the significance of keynotes, to reminiscing about the impact of classic rock bands like Def Leppard. Listen now to hear about conference experiences, mentoring sessions, and the evolving industry landscape. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodca...

4 months ago

43 minutes

The Security Table

MCP…Something Could Go Wrong

We’re discussing the complexities of the Model Context Protocol (MCP) and its application in AI systems. Join us for an in-depth discussion about MCP, agent-to-agent communication, and potential security vulnerabilities. We wrap up with a thought-provoking conversation on the future of AI safety and the challenges it presents. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

5 months ago

45 minutes

The Security Table

Threat Modeling or Threat Intelligence, Are they the Same?

Listen in as we debate the differences between threat intelligence and threat modeling. What distinguishes these two concepts in cybersecurity, and how do they inform each other? The conversation explores definitions, real-world examples, and the interconnected relationship between proactive threat modeling and reactive threat intelligence. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listen...

5 months ago

29 minutes

The Security Table

Skillset Over Experience: Rethinking Qualifications in Cybersecurity

Today we delve into the evolving landscape of cybersecurity hiring, debating the merits of prioritizing skills over degrees and experience. From discussing the value of critical thinking and hands-on skills to the potential role of AI in the workforce, the conversation navigates the complexities of hiring practices. We share personal anecdotes, insights from industry articles, and our experiences as hiring managers. Tune in for a humorous and thought-provoking discussion on what really matter...

6 months ago

39 minutes

The Security Table

Vibe Coding: What Could Possibly Go Wrong?

Vibe coding, or using AI to generate code by describing what you want. We critically examine the concerns surrounding AI-generated code, including code quality, security risks, and the potential for creating numerous low-quality applications. Our discussion explores whether AI can truly provide foolproof, production-ready code, or if it should be limited to idea generation and prototyping. Catch our candid take on the dangers of relying on AI for software development and the importance of mai...

7 months ago

36 minutes

The Security Table

The Department of No

We’re discussing the complexities of saying 'yes' or 'no' in the context of security decisions in today’s episode and the enduring challenge of integrating security into software development. The conversation swerves into the intriguing idea of a trade-like progression for developers, contrasting it with current knowledge work. The episode culminates in a hit parade of pop culture references, including Star Wars, Star Trek, Firefly, and more. Tune in for a thought-provoking and fun conversati...

8 months ago

45 minutes

The Security Table

The Cyber Trust Mark Debate

The Cyber Trust Mark, a new FCC program aimed at assuring the security of IoT devices is the topic of discussion today. We discuss various aspects of the Cyber Trust Mark, the history of similar initiatives like UL certification, and the challenges faced by consumers in determining the security of their devices. They also debate the merits and drawbacks of regulations like the EU's Cyber Resilience Act, the importance of secure-by-default design, and the limitations of relying solely on consu...

9 months ago

47 minutes

The Security Table

Hovercrafts and the Evolution of AppSec in 2025

Hovercrafts and application security in the new year. We revisit last year's predictions on Quantum LLM, SBOMs, and whether DAST tools will make a comeback. With humor and forward-thinking, we explore what the future might hold for application security, the rise of new technologies, and even the outlandish idea of AppSec being dead. Episode mentioned: AppSec Resolutions - January 9, 2024 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTub...

9 months ago

35 minutes

The Security Table

Find Your Conferences and watch Die Hard. And the Princess Bride.

What makes a conference truly valuable? Is it the unexpected connections and serendipitous meetings of minds, or the chance to break free from the "security echo chamber" by exploring diverse conference experiences? We discuss the considerations that make conferences worth attending and examine whether they are compelling enough to warrant personal investment. Whether large or intimate, each conference provides a distinct journey of learning and interaction. FOLLOW OUR SOCIAL MEDIA: ➜Twit...

10 months ago

29 minutes

The Security Table

Is it Necessary? Not everything requires an LLM

We debate the necessity and efficiency of LLMs in finding code vulnerabilities in a C library compared to traditional static code analyzers and fuzzing techniques. The conversation explores broader topics in application security testing, including the evolving landscape of Dynamic Application Security Testing (DAST), fuzzing, and the potential of emerging technologies like Application Detection and Response (ADR). FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Ta...

10 months ago

42 minutes