Hacker Valley Studio

What’s the key to mitigating unseen cyber risks? In this episode, Wes Wright, Chief Healthcare Officer at Ordr and Jerich Beason, CISO at WM uncover the complexities of attack surface management (ASM) and its impact on cybersecurity.  Together with Ron, they explain what constitutes an attack surface and introduce practical frameworks like See-Know-Secure, emphasizing the need for complete visibility and data-driven risk mitigation.  Impactful Moment: 00:00 - Introduction 03:00 - Defining attack surface management 06:13 - See-Know-Secure framework  09:05 - Analogies for explaining ASM to stakeholders 15:33 - Building an inventory for asset visibility 20:42 - Convincing leadership: Budget strategies 25:00 - Tools and methodologies for ASM 36:57 - Managed services vs. in-house approaches 43:00 - Starting your ASM journey   Links: Connect with our guests – Wes Wright: https://www.linkedin.com/in/4kidwes/ Jerich Beason: https://www.linkedin.com/in/jerich-beason/ Learn more about Ordr: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/  

How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI systems and integrations take a central role.  In this special New Year bonus episode, Ron sits down with Marco to discuss the transformative role of AI in solving cybersecurity challenges. Marco breaks down AI jailbreak techniques, the impact of bug bounty programs on securing AI systems, and why 2025’s fast-evolving tech landscape demands creative thinking. Learn how tools like ChatGPT and Gemini 2.0 are reshaping the industry and why staying adaptable is essential.   Impactful Moments: 00:00 - Introduction 02:14 - Speed vs. safety: AI system challenges 05:30 - Why experience matters more than information 07:45 - Legal stakes for deepfakes and AI 18:36 - Marco’s creative journey in cybersecurity 28:00 - Jailbreaks: Risks and surprising AI findings 37:13 - 2025 predictions: The rise of agents 41:00 - Closing thoughts and the power of community Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Chuck Brooks' 2025 Cybersecurity Predictions article: https://www.forbes.com/sites/chuckbrooks/2024/12/24/cybersecurity-trends-and-priorities-to-watch-for-2025/ Focus Areas for the FaccT Conference News: https://facctconference.org/2025/focusareas “Unreasonable Hospitality” by Will Guidara Book Link: https://www.amazon.com/Unreasonable-Hospitality-Remarkable-Giving-People/dp/0593418573 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley’s journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals’ evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from landscaping to becoming the Cortex Team Manager at Palo Alto Networks.  Joined by his bestie Cole, Ron weaves the conversation through their history of friendship with laughs and lessons learned along the way. Discussing career pivots, unexpected opportunities, and the impact of mentorship, this conversation offers relatable motivation and a candid look at the power of meaningful connections.   Impactful Moments: 00:00 - Introduction 03:00 - Cole’s first exposure to cybersecurity 06:30 - Pivotal moment: a call for mentorship 11:40 - Breaking into cleared work 18:30 - Lessons learned at Booz Allen 22:00 - The art of work-life compartmentalization 27:45 - Leadership insights from landscaping days 32:50 - What’s next for Cole at Palo Alto Networks Links: Connect with our guest, Cole Lisko: https://www.linkedin.com/in/matthewlisko/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, curiosity, creativity, and nonconformity to rethink cybersecurity and life itself. From hacking the first iPhone to disrupting misconceptions about security testing, Ted shows why the hacker mindset matters more now than ever. Join Ron and Ted as they discuss strategies for using the hacker mindset to solve problems, address risks like AI-driven deepfakes, and uncover unconventional opportunities in both business and personal growth.   Impactful Moments: 00:00 - Intro 03:15 - The four traits of a hacker mindset 07:40 - Hacking the first iPhone and Tesla 11:50 - Why penetration testing is misunderstood 16:30 - Risks and realities of AI deepfakes 21:20 - Applying hacker traits to entrepreneurship 28:45 - Ted’s upcoming book: Inner Hacker 33:00 - Why mindset matters most   Links: Connect with our guest, Ted Harrington: https://www.linkedin.com/in/securityted/ Order Ted Harrington’s book “Hackable” here: https://www.amazon.com/Hackable-How-Application-Security-Right-ebook/dp/B08MFTQ7Q4 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic voices and AI in cybersecurity.  Together, Ron and Iain discuss how adversaries are using AI to bypass human intuition. From synthetic voice calls to automating phishing attacks at scale, this episode explores how hackers leverage technology using these tactics and what you can do to stay one step ahead.    Impactful Moments: 00:00 - Introduction 01:56 - Iain shares his journey with AI 03:29 - Demonstrating voice cloning in real-time 06:31 - Risks of automated synthetic voice attacks 09:46 - Impact of AI on social engineering tactics 11:00 - Importance of "vibe checks" in cybersecurity 15:17 - Real-world phishing and HR scam example 20:00 - Uncanny Valley: Defense against AI deception 23:37 - The future of AI in adversary emulation   Links: Connect with our guest, Iain Jackson: https://www.linkedin.com/in/iain-j-98578a238/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater adoption, reduced frustration, and stronger protection. In this episode, Julie discusses how to improve user adoption by simplifying complex security processes, why empathy is a game-changer for effective security, and strategies for empowering people to feel confident and secure online. This conversation will inspire you to rethink how we protect people in the digital age and shares a fresh perspective on making cybersecurity work for all. Impactful Moments: 00:00 - Introduction 07:15 - Breaking down barriers in user design 15:40 - Why empathy matters in cybersecurity solutions 21:05 - Challenges in bridging tech and humanity 28:30 - Designing systems with people, not just for them 35:10 - Practical steps to empower users in security 42:45 - Final reflections on human-centered innovation   Links: Connect with our guest, Julie Haney here: https://www.linkedin.com/in/julie-haney-037449119 Check out NIST’s Online Community of Interest here: https://csrc.nist.gov/Projects/human-centered-cybersecurity/hcc-coi Learn more about Human-Centered Cybersecurity on NIST’s website here: https://csrc.nist.gov/projects/human-centered-cybersecurity   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how organizations can prepare for adversaries in the wild. Recorded at Black Hat 2024, Ron is joined by Ilan Fehler, US Sales Lead at CovertSwarm, and Dahvid Schloss, Hive Leader at CovertSwarm to explore the world of adversary emulation. From physical breaches to API exploits, this conversation covers the human, digital, and physical elements of cybersecurity. Impactful Moments: 00:00 - Introduction 01:25 - You Deserve To Be Hacked 03:05 - Emulating criminal behavior: The hive structure 07:55 - Social engineering tactics that really work 20:16 - Physical breaches: Pentesting in action 24:09 - Past the firewall: Second- and third-layer testing 29:14 - Digital exploits and real-world vulnerabilities 35:24 - Why organizations hesitate to invest in red teams 37:33 - Building muscle memory for security   Links: Connect with our guests, Ilan Fehler https://www.linkedin.com/in/fehler/ and Dahvid Schloss https://www.linkedin.com/in/dahvidschloss/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Roy Halevi, Co-Founder and CTO of Intezer, discusses the rapid transformation of cybersecurity through AI. He shares how AI automates SOC operations, enhancing speed and accuracy while enabling teams to tackle critical threats. The conversation dives into the challenges of adopting AI technologies, the impact on SOC roles, and integration tactics that streamline alert investigations. Halevi emphasizes the importance of balancing automation with human oversight to optimize security and effectively respond to evolving cyber threats.

Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take control of their digital assets. In this episode, Ron and Wes discuss the importance of asset visibility in cybersecurity, outlining the potential of CAASM (Cyber Asset and Attack Surface Management) and how it empowers teams to expose hidden vulnerabilities, streamline operations, and stay ahead of security threats, vulnerabilities, and exposures.   Impactful Moments: 00:00 - Introduction 01:35 - Asset visibility and blind spots 03:47 - What keeps CTOs and CISOs up at night 08:45 - Bridging IT and OT: CAASM explained 12:10 - Real-world use cases for CAASM 18:37 - The power of automated asset management 25:00 - Why continuous inventory is a game-changer 35:59 - Wes’s advice for getting started with Ordr Links: Connect with our guest, Wes Wright: https://www.linkedin.com/in/4kidwes/ Learn more about Ordr here: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/