Hacker Valley Studio

AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, breaks down what it really takes to build trust in AI systems before things go sideways.  Guru lays out a simple but powerful 3 P’s Framework: policies, process, and people, connecting it to what teams are actually dealing with right now, from shadow AI to security threats that don’t look like anything we’ve seen before. If 2026 is the year AI moves from experiments to real operations, this conversation is your blueprint for keeping it under control. Impactful Moments 00:00 - Introduction 02:25 - What does Optro do? Helping companies with the AI governance journey.  03:10 - Why AI governance is really about trust, not control 05:15 - The moment AI went mainstream, and why that changed everything 05:50 - The three real business risks: performance, security, and transparency 07:30 - Human accountability in an AI-driven world  08:48 - What’s actually happening with AI regulation, EU, US, and standards 10:28 - Where Optro fits, orchestration vs monitoring in AI governance 13:05 - The 3 Ps framework: policies, process, and people 14:47 - Governance 101, why AI inventory is the first move every team misses 16:12 - The reality check, AI adoption is outpacing governance everywhere 17:45 - Shadow AI explained, what your team is doing that you can’t see 19:45 - Optro’s top use cases: visibility, compliance, and operationalizing governance 20:43 - Who owns AI governance, and why it’s becoming a team sport 22:20 - Final advice, start now or play catch-up later Links Connect with our guest, Guru Sethupathy, on LinkedIn: https://www.linkedin.com/in/guru-sethupathy/ Learn more about Optro: https://optro.ai/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

What happens when attackers collaborate better than defenders?  Recorded live from RSAC 2026, this solo episode with Ron breaks down the biggest themes shaping cybersecurity right now, from organized threat groups and massive data breaches to the growing tension between productivity and control inside modern organizations. This conversation highlights a hard truth. The threat landscape is evolving through collaboration. From phishing-as-a-service platforms like Tycoon 2FA to supply chain breaches impacting entire ecosystems, attackers are sharing tools and moving faster than ever. But there’s another side to the story. As AI becomes embedded in how work gets done, security teams are being pushed to rethink their role. Blocking tools is no longer enough. The real challenge is enabling the business while managing risk, and that requires trust, alignment, and a stronger sense of community across the industry. This episode is a call to rethink how we approach security. Not as isolated teams enforcing policy, but as a connected community working together to adapt, respond, and move forward. Impactful Moments 00:00 - Introduction, live from RSAC 2026 02:50 - Tycoon2FA and the rise of phishing-as-a-service 04:45 - The TELUS breach and what a petabyte-scale attack looks like 06:21 - Why you need strict controls … everywhere 07:30 - Are AI agents the new Shadow IT?  09:00 - The balance between productivity and security controls 09:27 - Boards’ demands for their teams to use AI  11:53 - Why leading security teams is more like parenting than policing 12:42 - Community is the foundation for the future of cybersecurity   Links Connect with Ron Eddings on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com    Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

What does it mean when your smart doorbell becomes an entry point for surveillance? What happens when a single hacker can jailbreak every major AI model within hours of its release? And why are the same tools being used by both nation-state attackers and the defenders trying to stop them? In this solo episode, Ron Eddings breaks down the urgent case for practitioner unity in cybersecurity, from AI-powered jailbreaking and IoT surveillance creep to geopolitical cyber operations. With RSAC 2026 just around the corner, this episode is a rallying cry for the community to come together, share intelligence, and build the defenses that no single team can build alone.  The episode also tackles one of the biggest misconceptions in the industry right now. AI already came for your job, but now it is changing how we define responsibility, decision-making, and trust. Add in rising pressure across the workforce, new legislation pushing for human oversight, and real-world examples of AI being used in global conflict, and the stakes become hard to ignore. Impactful Moments 00:00 - Introduction 02:00 - Pliny the Elder, God Mode and AI Jailbreaks 03:30 - Cyber in US-Israeli Operations in Iran and Anthropic Tensions 06:00 - Cyber threats that are hitting normal people 07:30 - Is my Ring Doorbell a surveillance risk? 10:05 - Attackers are collaborating and sharing more than defenders today 11:30 - RSAC: the cyber Super Bowl 14:30 - AI has already replaced your job 14:30 - Why mental health is cybersecurity's hidden crisis 17:00 - Governance in AI and what Texas is doing about it 19:00 - Was Claude used in state-level ops? Links Connect with Ron Eddings on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com    Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

What does it look like when a cybersecurity founder who built a $2.5 billion company decides to level up, again? Dean Sysman, co-founder of Axonius, sits down with Ron Eddings to pull back the curtain on what it really took to go from zero to $100M ARR in four and a half years, and what came next. Dean breaks down the founder mindset, the emotional weight of tying your identity to your company, and why he stepped into the Executive Chairman role while simultaneously pursuing a PhD in AI systems at Columbia University. He gets into how boxing taught him what solo performance reveals about leadership, why vulnerability is a non-negotiable skill at scale, and what it means to care about something bigger than yourself. This one hits differently if you're building, leading, or figuring out what your next chapter looks like. Impactful Moments 00:00 – Introduction 05:00 – Boxing for charity: raising $55K 08:00 – Competitive by nature, born to build 10:00 – Solo performance sharpens team leadership 13:00 – Axonius: zero to $100M ARR in 4.5 years 15:00 – Founder identity tied to company success 21:00 – Purpose bigger than yourself fuels resilience 25:00 – Self-awareness as the #1 growth tool 28:00 – Executive Chairman + Columbia PhD pursuit 33:00 – Ron's personal reflection on founder identity Links Connect with our guest, Dean Sysman, on LinkedIn: https://www.linkedin.com/in/deansysman/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Last episode, Ron and Marcus made predictions. This episode, they brought the receipts. A journalist built an app with vibe coding and got hacked on live television.  A social network built entirely by AI (not a single line of human code!) exposed 1.5 million authentication tokens and private messages between agents.  And 88% of organizations have already had an AI security incident, while barely 14% of deployed agents ever saw a security review.  The warnings from last episode aged fast. Marcus J. Carey is back to talk about what that actually means for the people building right now, not the people theorizing about it. Ron and Marcus are in the code themselves, and this conversation is what that experience actually looks like: OpenClaw running loose on your machine, agents racking up API bills, and why guidance, not prompts, not tools, is the real skill that separates builders who thrive from builders who ship disasters. Impactful Moments 00:00 - Introduction 02:00 - Vibe coding hack on live TV 03:30 - Mo Book leaks 1.5M auth tokens 06:00 - Marcus' origin story: War Games, 1983 08:00 - OpenClaw escapes the lab 13:30 - AT&T cuts help desk spend 90% 17:00 - Context is king, guidance is everything 19:00 - Can AI do your job rec right now? 24:00 - The first cybersecurity jobs agents will replace 27:00 - Expertise + AI = 1000x yourself 30:00 - Focus on outcomes, not new tools   Links Connect with our guest, Marcus J. Carey, on LinkedIn: https://www.linkedin.com/in/marcuscarey/   Read the articles we referenced in this episode: The vibe coding hack that aired on live TV, ICAEW breaks down exactly how it happened and what it means for anyone building with AI: https://www.icaew.com/insights/viewpoints-on-the-news/2026/feb-2026/cyber-dangers-of-agents-and-vibe-coding 88% of organizations have already had an AI security incident. See the full data from the Cisco State of AI Security 2026 report: https://www.helpnetsecurity.com/2026/02/23/ai-agent-security-risks-enterprise/   Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

The CISO role isn’t the finish line, it’s a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger. Anthony Johnson, former Global CISO at JP Morgan and Fannie Mae, now founder and managing partner at Delve Risk, breaks down what really happens when a security leader stops buying tools and starts building companies. From the trap of unpaid advisory boards to why AI is eliminating the entry-level pipeline, Anthony delivers a no-nonsense look at career strategy, the future of fractional work, and why understanding how your company makes money is the most underrated skill in cybersecurity. If you’re a security practitioner at any level, this episode will change how you think about your next move. Impactful Moments 00:00 - Introduction 01:00 - Meet Anthony Johnson 02:00 - 69% of CISOs want out 06:00 - Why Anthony left the CISO seat 09:00 - Revenue changes your security priorities 11:00 - Career paths after the CISO role 13:00 - The advisory board compensation trap 17:00 - AI’s threat to the talent pipeline 22:00 - Hiring for aptitude over competency 24:00 - Soft skills win in the AI era 29:00 - Corporate loyalty is dead—now what 31:00 - Networking that actually lands roles 34:00 - Know how your company makes money 36:00 - Ron’s personal reflection on freedom Links Connect with our guest, Anthony Johnson, on LinkedIn: https://www.linkedin.com/in/anthony-johnson-delverisk/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover.  In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough. Impactful Moments 00:00 – Introduction 03:30 – The current state of phishing 05:30 – Outbound email compromise risk 09:30 – OAuth apps as attack vectors 15:00 – AI agents accessing your workspace 16:00 – Prompt injection is the new SQL injection 18:00 – Allow listing apps immediately 24:30 – Google Workspace vs Microsoft 365 security 27:30 – Custom detections require API expertise 28:00 – Why passkeys matter right now 32:00 – Data lifecycle management for shared docs Links Connect with our guest, Rajan Kapoor, on LinkedIn: https://www.linkedin.com/in/rajankkapoor/ Learn more about Material Security: https://material.security  ___ Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Check out our upcoming events: https://www.hackervalley.com/livestreams  Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com   

Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure. Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies. Impactful Moments 00:00 - Introduction 02:21- Sonali’s unexpected CEO path 06:10 - Compliance isn’t real security 10:19 - PTaaS: start in 24 hours 12:33- 5,000 pentests yearly scale 17:01 - Humans beat automation limits 20:16 - AI behavior vulnerabilities emerge 27:54 - Indirect prompt injection explained 30:51 - Why juniors + AI is risky 38:27 - 2026 becomes AI battleground Links Connect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/ Check out Cobalt: https://www.cobalt.io   ____ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track. In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down. Impactful Moments 00:00 - Intro 02:05 - Codex desktop sparks agent shift 06:40 - Harness beats model iteration 08:10 - Context window: the hidden limiter 12:10 - Terminal sprawl creates agent chaos 14:05 - Maestro panels: agents, tabs, history 17:25 - Auto Run: fresh context per task 26:15 - “Donate tokens” via Symphony PRs 28:20 - AI tax debate gets spicy 33:05 - Start simple: download and run   Links Connect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/ Check out Maestro for yourself: https://runmaestro.ai/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/