Genealogy of Cybersecurity - Startup Podcast

Ep 16. Varun Badhwar on Pioneering Security Posture Management, and the Story of RedLock

Mon, 23 Oct 2023 02:00:00 -0700

Founder spotlight interview with Varun Badhwar. Varun is the current CEO of EndorLabs, a three-time Innovation Sandbox finalist, and known for founding cloud security posture management startup RedLock, which became Palo Alto Networks PRISMA Cloud.

Varun tells stories about evangelizing the new ways of cloud posture management with RedLock’s Cloud Security Intelligence (CSI) unit that quietly presenting vulnerabilities to potential customers. He contrasts the differences with running startups like EndorLabs, which is in an established Software Composition Analysis (SCA) category with customer budgets vs. establishing new ground with RedLock and CipherCloud.

Throughout the interview Varun weaves in his philosophy of discipline, team building, culture, sticking to the basics, and, well, getting shit done.

You can find Varun Badhwar on Twitter @varun__badhwar or at LinkedIn.com/in/vbadhwar.

Visit EndorLabs, or find them on Twitter @EndorLabs, or at LinkedIn.com/company/endorlabs.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep. 15 Founder Mike Fey on Incubating Startups, AI and the Future of Web Browsing

Tue, 10 Oct 2023 02:00:00 -0700

CEO and Founder of Enterprise Browser startup Island, Mike Fey, talks about entrepreneurship, innovation, and the future of web browsing. Paul explores Mike's experiences working with venture capitalists like CyberStarts and Sequoia, and startup-advising CISOs, getting early customer feedback during the ideation, seed, and early growth stages. Mike describes the origin story behind Insland and Enterprise Browsers.

Mike and Paul discuss AI, ChatGPT, and what new applications we may see AI used for. Mike explains the issue with miseducating neural networks, and how AI will change building technology, along with its dangers. Mike also riffs on a myriad of technology topics from ChatGPT to quantum computing, Web3, robotic process automation (RPA), and more.

Check out Island.io to learn more about their enterprise browser, or reach them on Twitter @island_io.

Mike Fey can be found on LinkedIn.com/in/michaelfey.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 14. Privacy is in the Code: Relyance AI's Solution for DevOps Data Flows

Mon, 25 Sep 2023 02:00:00 -0700

Innovation Sandbox finalist and Relyance AI Founder Abhi Sharma discuss privacy and compliance in a world where every company is a software company, and DevOps code produces so many data flows with your private and regulated data. Abhi points out a privacy solution must govern DevOps, “privacy is in the code.”

Abhi discusses NLP, LLMs, OpenAI, and Chat GPT, and how Relyance AI’s intelligence understands privacy clauses in compliance documents, contracts, SLAs, etc., and having shifted left into static code analysis, understands if code is violating these privacy responsibilities. Paul and Abhi discuss how generative AI and NLP have sped up Relyance’s delivery of functionality. Paul pushes back on how they’ve built a product with so much functionality in such a short time. Abhi has an interesting response as they discuss AI and the future of software development.

You can find Relyance AI at Relyance.ai, on Linkedin.com/company/relyanceai, or Twitter @relyanceai.

Founder Abhi Sharma can be found on Linkedin.com/in/abhisharmab or Twitter @abhisharma_b.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 13. Zama on the Holy Grail of AI Privacy, Fully Homomorphic Encryption

Tue, 12 Sep 2023 02:00:00 -0700

Innovation Sandbox finalist, Cryptographer, and Zama VP Benoit Chevallier-Mames discuss Zama’s efforts to bring fully homomorphic encryption (FHE) into commercial use. How FHE would allow application developers and customers to benefit from the insights obtained by sharing data with AI providers, like OpenAI or ChatGPT, but without exposing private data.

Benoit goes through some of the mathematical magic behind FHE, what ML approaches it enables, and some of its history. Benoit explains why fully homomorphic encryption has been such a performance challenge, and discusses Zama’s quantization approach.

Finally, Benoit unveils Zama’s announced strategy to focus on securing blockchain smart contracts until cloud computing allows them to wield fully homomorphic encryption for the broader spectrum of AI use cases.

Zama can be found online at Zama.ai, on LinkedIn.com/company/zama-ai, or on Twitter @zama_fhe.

Benoit Chevallier-Mames can be found at Linkedin.com/in/benoitchevalliermames.

You can also watch this episode on using fully homomorphic encryption (FHE) to preserve privacy with OpenAI, ChatGPT on YouTube.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 12. Astrix Security on Threat of 3rd Party API Connections and Non-Human Identities

Mon, 28 Aug 2023 02:00:00 -0700

Innovation Sandbox finalist and Astrix Security Founder Idan Gour discuss the rising attack surface created by API-to-API connections and non-human identities. How no-code orchestration tools, low code tools, and generative AI, like ChatGPT, are causing non-technical business users to build integration apps that access and sometimes share sensitive data.

Idan discusses mapping this web of API-to-API connections, which traffic sensitive data from SaaS apps like Google Workspace, 365, Calendly, and SalesForce. The Circus.AI breach is explored. Idan and Paul also discuss the rising problem of non-human identities which access APIs and data, with Astrix citing their study which found 45X more non-humans than human employees.

You can find Astrix online at Astrix.security, on LinkedIn.com/company/astrix-security, or Twitter at @AstrixSecurity

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 11. Valence Security on SaaS-to-SaaS Mesh, Shadow Integrations and Generative AI

Tue, 08 Aug 2023 02:00:00 -0700

Innovation Sandbox finalist and Valence Security Founder Yoni Shohet discuss the new SaaS-to-Saas attack surface produced by the proliferation of shadow integrations between SaaS apps. Today users are typically SaaS admins and often okay SaaS App requests to access other apps like their Calendar, Email, or SalesForce.

Yoni explains how automation tools for non-developers are expanding the problem, with no-code orchestration, ChatGPT, and Generative AI-producing integration apps, not to mention the explosion of developers and CI/CD pipelines.

Yoni explains the magnitude of the problem with so many exposed APIs, allowing common SaaS apps, identity providers (IDP), and shadow connections in your SaaS software supply chain. Valence Security’s approach to mapping the SaaS-to-SaaS mesh is discussed as well as their brand of remediation which includes an education step for the user.

Yoni Shohet can be found on LinkedIn.com/in/yonishohet or Twitter @yonishohet.

Valence Security can be found at Valencesecurity.com on LinkedIn.com/company/valence-security or on Twitter @Valencesecurity.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 10. Endor Labs on Code Vulnerabilities, Sketchy Open Source Developers, and Software Supply Chain

Mon, 24 Jul 2023 02:00:00 -0700

Innovation Sandbox finalist and Endor Labs Founder Varun Badhwar discuss the magnitude of open-source vulnerabilities, highlighting the developers behind vulnerabilities like CoreJS and Log4shell, and why strategic pieces of the internet depend on libraries that sometimes rest on a single part-time open-source developer, even developers with prison records.

Varun talks about his past pioneering cloud security posture management (CSPM) with RedLock and Palo Alto Network’s PRISMA cloud, and Endor Lab’s mission to build a software composition analysis solution that truly enables developers and solves the problems of open source vulnerabilities. Including how Endor Labs is going further than simply shifting left.

You can find Varun Badhwar on Twitter @varun__badhwar or at LinkedIn.com/in/vbadhwar.

Visit EndorLabs, or find them on Twitter @EndorLabs, or at LinkedIn.com/company/endorlabs.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 9. Concentric AI on NLP, ChatGPT, and Data Security Posture Management

Tue, 11 Jul 2023 02:00:00 -0700

Concentric AI Founder Karthik Krishnan discusses the new Data Security Posture Management market and answers the age-old questions of what data you have, where is it, and who’s accessing it. Karthik discusses advances in AI, natural language processing (NLP), Open AI ChatGPT, Large Language Models (LLMs), and what it all means to data classification and society.

Karthik Krishnan explains the incredible expenses and human power required to classify and govern data, and how Concentric AI’s DSPM product reduces costs. Paul and Karthik discuss why the cloud native and AI DSPM products differ from data security products of the past, and Paul grills Karthik to see if there are any hidden costs in the cloud.

Concentric AI can be found at Concentric.ai, on LinkedIn.com/company/concentricinc, or Twitter @IncConcentric.

Concentric Founder Karthik Krishnan can be found on LinkedIn.com/in/kkrishnan/.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep. 8 CISO Sebastian Goodwin on Advising DSPM and Automation Startups

Mon, 26 Jun 2023 02:00:00 -0700

Chief Trust Officer Autodesk and recent CISO of Nutanix Sebastian Goodwin discusses advising startup, Concentric AI, in the new data security posture management (DSPM) space, and the importance of locating your data as a prerequisite for security. Sebastian and Paul discuss the recent maturity of natural language processing (NLP), and how ChatGPT and large language models (LLMs) are impacting the startup world. Also discussed are key questions, like how to wade through the AI hype and setting expectations in this new generation of AI.

Sebastian discusses what it’s like on the Night Dragon Startup Advisory Board, advising startups during ideation and early stage, including tales of brainstorming key product categories over coffee years before anyone heard of them. Paul and Sebastian discuss his work with StrikeReady and the AI virtual assistant space, as well as several other automation startups.

Sebastian discusses the future of automation and highlights a couple more startups, like Reach Security, which automates and enables optimal configuration and usage of cybersecurity products. Sebastian also discusses Hadrian which auto-maps attack surfaces and automates finding exploits and vulnerabilities.

Sebastian explains the benefits of a non-traditional career path and spanning fields, and Paul and Sebastian discuss the downsides of hyperspecialization.

Sebastian Goodwin can be found on LinkedIn.com/in/sebgood

Concentric AI can be found at Concentric.ai, on LinkedIn.com/company/concentricinc, or Twitter @IncConcentric.

Hadrian Security is at Hadrian.io on Twitter @hadriansecurity or LinkedIn.com/company/hadriansecurity.

Reach Security is at Reach.security on Twitter @ReachSecurity or LinkedIn.com/company/reach-security.

Find StrikeReady.com on Twitter @strike_ready or LinkedIn.com/company/strikeready.

NightDragon is at NightDragon.com, on Twitter @nightdragon or

LinkedIn.com/company/nightdragon-security.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 7. Security Practitioner Trends from 2,400 RSA Conference Submissions

Tue, 13 Jun 2023 02:00:00 -0700

Join the podcast as we dive into a fascinating conversation with Britta Glade, the Vice President of Content and Curation at RSA Conference. Discover the world of "people's trends" as Britta sheds light on her team's meticulous analysis of 2,400 speaker submissions from influential practitioners in the industry. Get an insider's perspective on RSA's technical session selection process, where industry experts and data science come together to uncover valuable insights and emerging trends.

Host Paul Shomo raises an interesting point about the scarcity of industry reports capturing these practitioner trends. The discussion takes an exciting turn as Glade and Shomo geek out over the submission trends for 2023. From the Russia-Ukraine conflict and the vulnerabilities lurking in open source software to the intriguing concepts of shift left and shift right, quantum computing advancements, and the evolving landscape of SBOMs driven by the recent White House executive order, this episode covers it all.

Connect with Britta Glade on Twitter @brittaglade or find her on LinkedIn at linkedIn.com/in/britta-glade-5251003. Share your feedback and join the conversation with host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn at linkedIn.com/in/paulshomo. Don't miss out on this informative podcast episode that offers deep insights into the ever-evolving world of cybersecurity.

Ep 6. RSAC Innovation Sandbox 2023 Emerging Trends: AI and Automation Attack Surfaces

Mon, 29 May 2023 16:00:00 -0700

Paul Shomo’s 7th annual coverage of the RSAC’s startup competition, Innovation Sandbox, is out in DarkReading. In this episode, Paul recaps the show, tells you things you didn’t know about the finalists, some private thoughts from the judges, and highlights a very interesting trend in 2023: automation, ML and software-building tools are creating dangerous attack surfaces, that preoccupy 8 or 9 of this year’s 10 finalists.

Paul discusses Hugh Thompson and Paul Kocher’s quirky humor, how the judges felt about Zama pivoting from broad use of homomorphic encryption to a blockchain focus, and whether the judges meant to make a statement by choosing mostly startups which secure applications built by developers, data scientists or non-technical software builders, as opposed to cybersecurity’s traditional role in defending off-the-shelf software and hardware.

We are entering the 4th industrial revolution of AI and automation, hear how HiddenLayer and Zama secure ML systems. How Pangea, EndorLabs, Relyance AI, and Dazz ensure your software developers are writing secure code. And explore this new world of non-technical business users building API and SaaS integrations with orchestration, generative AI, and how Valence Security and Astrix secure them.

Finally take a look at SafeBase which enables the 3rd party risk process of SBOMs and questionnaires, and AnChain whose Web3 SOC secures blockchain contracts.

Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.

Ep 5. Pangea - State of AppSec, DevSecOps, Enabling Developers to Code Securely

Tue, 09 May 2023 20:00:00 -0700

Interview with Innovation Sandbox 2nd place winner, Pangea. Pangea CEO Oliver Friedrichs, a former Founder of orchestration phenom Phantom, discusses the state of AppSec and what is wrong with the shift-left movement.

Pangea discusses how shifting-left-of-left can bypass both arguments between SecDevOps and app developers, and false positives in code analysis. Paul forgets he’s met Oliver before and then wonders how many security products could be eliminated if developers wrote secure code on the first place.

Finally Oliver lays out how Pangea’s Security Platform as a Service (SPaaS) hands developers authentication, security logging, export restrictions, personally identifiable information (PII), IOC scans, and more.

Find Pangea on the web at Pangea.cloud, on Twitter @pangeacyber, or LinkedIn.
Founder and CEO Oliver Friedrichs can be found on Linkedin.com/in/oliverfriedrichs.

Paul Shomo can be found at LinkedIn.com/in/paulshomo. Send Paul Shomo feedback on Twitter @ShomoBits.

Follow us on Apple, Spotify, Google, YouTube, or your favorite podcast app. Give us a review and I'll give my early adopters a shout-out on the show.

Ep 4. Innovation Sandbox Winner, Hidden Layer, on ML System Attacks and MITRE Atlas

Mon, 24 Apr 2023 18:00:00 -0700

Hidden Layer Founder Chris Sestito of RSAC Innovation Sandbox winner Hidden Layer, discusses AI adversarial attacks on ML systems, the ease of stealing intellectual property with ML, Chris Sestito’s history at Cylance building next-gen ML systems, and a historic 2019 attack on Cylance using adversarial ML.

Hidden Layer brings us up to speed on this new important attack surface. Paul and Chris discuss MITRE’s new framework for attacks on ML systems, MITRE Atlas, and if the media is under covering adversarial machine learning attacks.

Find Hidden Layer on the web at HiddenLayer.com, or on Twitter @hiddenlayersec.

Checkout MITRE Atlas, a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems.

Hidden Layer CEO and Founder Chris Sestito can be reached on LinkedIn: https://www.linkedin.com/in/ctito/

RSAC Innovation Sandbox startup competition can be found here, and RSAC is on Twitter @RSAConference.

Paul Shomo can be found at LinkedIn.com/in/paulshomo. Send Paul Shomo feedback on Twitter @ShomoBits.

Ep 3. Island on Enterprise Browsers Solving Data Loss and Unmanaged Devices

Mon, 10 Apr 2023 20:00:00 -0700

Island CEO Mike Fey discusses unmanaged devices and the enterprise browser as the cloud’s successor to Data Loss Prevention (DLP). Paul and Mike discuss how Island’s browser is disrupting the Virtual Desktop Infrastructure (VDI), and the Cloud Access Security Broker (CASB) industries. Paul and Mike debate whether these new browsers can create a secure edge to the cloud by themselves, or not.

Mike explains how Microsoft and Google teaming up on the Chromium open source code base allows Island to easily deploy across any device, and how the web browser can be seen as its own operating system. Mike also explains the central controls Island customers get, including redacting sensitive data onscreen, and geographic regulatory controls.

Check out Island.io to learn more about their enterprise browser, or reach them on Twitter @island_io. Mike Fey can be found on LinkedIn.com/in/michaelfey.

Don’t forget to also watch Episode 2 where startup advisor and Ashland CISO Bob Schuetter discuss hearing Island’s initial startup pitch in 2020, and his experience as a customer.

Send feedback to host Paul Shomo @ShomoBits or LinkedIn.com/in/paulshomo.

Ep 2. CISO Bob Schuetter on Data Loss, Startup Advising, and Cloud’s Secure Edge

Mon, 20 Mar 2023 18:00:00 -0700

Ashland CISO Bob Schuetter on brainstorming secure enterprise browsers in their startup's incubation period. Bob discusses building the cloud’s secure edge, and how new web browsers like Island’s (@island_io) will disrupt Data Loss Prevention (DLP), and the Virtual Desktop Infrastructure (VDI) industries. Bob and Paul explore exactly why DLP failed and if there should be optimism for the SASE vision. They wrap up by discussing automation with the suddenly emerging AI virtual assistant startups, and Robotic Process Automation (RPA). Lastly, Bob gives us insight into what it’s like to incubate startup tech for Cyberstarts and YL Ventures (@ylventures).

Find CISO Bob Schuetter at Linkedin.com/bob-schuetter. The other startups mentioned were Talon Cyber Security (@TalonCyber) and Cado Security (@CadoSecurity). Send feedback to host Paul Shomo @ShomoBits or at LinkedIn.com/paulshomo.

Ep 1. StrikeReady on AI Virtual Assistants and Incident Response

Tue, 14 Mar 2023 12:00:00 -0700

StrikeReady’s Chief Product Officer, Anurag Gurtu, discusses AI virtual assistants, the younger generation’s AI optimism, the problems of incident response, and the automation possibilities of artificial intelligence. Anurag and Paul explore how virtual assistants will disrupt cybersecurity, orchestration, SIEM, SOAR, and managed services. Building and training virtual assistants is more complex than it appears, emerging products may need to deliver an ecosystem of familiar tools for bots to affect their environment.

Find StrikeReady.com on Twitter @strike_ready. Anurag Gurtu can be found @AnuragGurtu and on LinkedIn.com/in/gurtu. Send feedback to host, Paul Shomo @ShomoBits or LinkedIn.com/in/paulshomo. Read Paul’s end-of-year startup wrapup at DarkReading.

Sneak Peek

Tue, 07 Mar 2023 19:00:00 -0800

The Genealogy of Innovation is a new kind of cybersecurity podcast, focusing on interviewing the people involved in emerging tech. Here we’ll interview top entrepreneurs, startup-advising CISOs, and analysts. Our topic? What’s wrong with cybersecurity.

Security is an arms race full of hype. But when you focus on the inception point of innovation, you meet fascinating people who simply have better access to information. That’s how they outflank the competition.