The Security Table

Are cybersecurity technologies really dead, or are reports of their demise greatly exaggerated? Today’s episode is a discussion on how AI is reshaping the classic build vs. buy debate, empowering non-engineers to create working prototypes and potentially reviving the DIY coding culture of pre-open-source days. We also talk about how developers trained on open source are now leveraging AI built from that same foundation, raising questions about innovation and originality in modern programming. Build vs Buy is Dead - AI Just Killed It Traditional Code Review is Dead FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re predicting what 2026 has in store for AI and cybersecurity. We explore the wild possibilities of AI integration gone wrong, from people accidentally connecting their AI to sensitive file systems to blaming their AI agents for losing critical data. The conversation takes a thoughtful turn as they debate which jobs might fall to AI automation and if the human touch is still irreplaceable? Examining real examples like the "Y'allbot" weather monitoring system and photorealistic AI actress Tilly Norwood to illustrate how rapidly AI is transforming industries.Tune in and learn how to navigate the AI-powered future responsibly. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re pulling back the curtain on the technology industry to reveal what life looks like when you're constantly aware of what can go wrong. From the loss of childlike wonder when encountering new tech to the ethical dilemmas posed by autonomous vehicles, we discuss the unique burden of seeing technology's darker possibilities. We’re examining how years of witnessing security breaches and system failures shape a professional outlook that balances innovation with caution. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

What do roller coasters and threat modeling have in common? More than you'd think. In this episode, we explore how security professionals view risk differently than everyone else—and why that matters. From roller coaster anxiety to the ethics of identifying danger, we dive into the unique mindset that comes with being a threat modeler. Because once you learn to see threats everywhere, there's no going back. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Is the cybersecurity industry facing a security problem or a software quality problem? In this episode, we’re tackling the controversial claim that AI advancements could make security teams obsolete—and uncover the deeper issues plaguing software development. The conversation reveals an uncomfortable truth: software companies often transfer the risk of vulnerabilities to customers, creating a system where there's little incentive to invest in security by design. Can AI bridge this gap, or do we need fundamental changes in how we approach software development and regulation? Article: Ex-CISA head thinks AI might fix code so fast we won't need security teams FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybersecurity. Listen along to our discussion on whether the foundational elements of security need a refresh. The CIA Triad is Dead FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re debating the concepts of 'Shift Left' and 'Shift Down' in the world of cybersecurity. We explore the intricacies of developer responsibility, the impact of modern AI on code security, and the delicate balance between innovation and secure coding practices. Join us for a thought-provoking discussion that ranges from keeping our digital world secure, efficient and, most importantly, simple. The Modernization Imperative: Shifting Left is for Suckers. Shift Down Instead. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re diving into the relevance and execution of threat modeling within agile development environments. We dissect the claims, explore the true integration of agile practices with threat modeling, and address the misconceptions and challenges commonly faced. Check out the episode to find out if threat modeling is indeed slowing down agile processes or if it can be seamlessly integrated for better security outcomes. The Problem With Threat Modeling in Application Security: Too Slow, Too Theoretical, Not Agile FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re discussing the intriguing world of cyber privateers and the concept of 'hacking back' against cyber criminals. The discussion centers around a proposed bill in the U.S. Congress, H.R. 4988, that aims to authorize private individuals to pursue cyber criminals with the full backing of government-issued letters of marque. We explore the historical context of privateers, the potential legal and ethical implications, and the modern-day ramifications of such measures. And debate whether bringing back this old concept could be a solution to modern cyber threats or if it opens the door to more significant risks and unintended consequences. US bill proposes 21st-century privateers to take on cybercrime H.R. 4988 - Scam Farms Marque and Reprisal Authorization Act of 2025 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Dr. Kim Wuyts and Avi Douglen join us in today's episode. Both guests are fresh from their training sessions at Black Hat and DEF CON in Las Vegas and share a quick overview of their experiences. We discuss a newly developed privacy awareness card game called 'Context and Cringe,' which aims to educate participants about privacy issues in a fun and interactive way. We also cover an upcoming training session at Global AppSec DC in November, where attendees will learn practical privacy strategies and get hands-on experience with the card game. Join us as we explore how privacy differs from traditional security concerns in being less precise and more subjective. OWASP Authoritative Privacy Reference Project FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re discussing the article, “Agentic AI Threat Modeling Framework: Maestro published back in February of this year on the Cloud Security Alliance blog. We discuss the various layers, patterns, and threats outlined in the framework, comparing it to existing methodologies like STRIDE and PASTA, and evaluate Maestro's structure, its potential complexity for developers, and its overall practicality and usefulness in the threat modeling arena. Listen along as we unravel the intricacies of the framework and share our candid thoughts on its strengths and weaknesses. Agentic AI Threat Modeling Framework Maestro FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re talking about the rise of "vibe startups" - entrepreneurs hunting for problems to solve rather than building solutions from personal experience. We chat about AI security challenges, questioning whether these are truly new problems or just old security concepts repackaged for the AI era. From prompt injection and guardrails to the scary reality of AI agents acting as humans, we examine whether the industry's obsession with AI is leaving traditional security gaps exposed. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

What are the core competencies that matter most for modern application security teams? Today we discuss understanding code and systems thinking and the crucial ability to assess risk in context - plus why your AppSec team might eventually get absorbed into engineering (and why it could be a good thing). We debate the role of developer mindset in security, the importance of technical depth over tool knowledge, and how to build teams that truly enable rather than gate development. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Today we’re joined by Petra Vukmirovic. Petra, is the head of information security at Numan and co-leader of the Threat Model Library Project. Petra shares her vision for creating a massive, structured dataset of crowdsourced threat models that could revolutionize how the cybersecurity community learns and shares threat modeling knowledge. We explore the complex challenges of convincing companies to share their threat models publicly, diving into concerns about legal liability, competitive advantage, and the fundamental tension between transparency and security risk. Listen along to learn more about this exciting project and its potential impact on the cybersecurity field. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re discussing vibe coding again and how AI-generated code is reshaping software development. We discuss the trustworthiness and maintainability of AI-generated code, examining the challenges of reviewing and integrating automated changes at scale. The conversation spans from practical concerns about code quality to broader implications for open-source projects in an AI-augmented world. We talk about identifying telltale patterns in AI-generated code and why context and traceability are becoming essential for trusting automated systems. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

It’s security conference season and we’re discussing the importance of networking, the value of in-person connections, and sharing insightful tips for delivering effective presentations. From recapping our conference experiences, debating the significance of keynotes, to reminiscing about the impact of classic rock bands like Def Leppard. Listen now to hear about conference experiences, mentoring sessions, and the evolving industry landscape. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

We’re discussing the complexities of the Model Context Protocol (MCP) and its application in AI systems. Join us for an in-depth discussion about MCP, agent-to-agent communication, and potential security vulnerabilities. We wrap up with a thought-provoking conversation on the future of AI safety and the challenges it presents. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Listen in as we debate the differences between threat intelligence and threat modeling. What distinguishes these two concepts in cybersecurity, and how do they inform each other? The conversation explores definitions, real-world examples, and the interconnected relationship between proactive threat modeling and reactive threat intelligence. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Today we delve into the evolving landscape of cybersecurity hiring, debating the merits of prioritizing skills over degrees and experience. From discussing the value of critical thinking and hands-on skills to the potential role of AI in the workforce, the conversation navigates the complexities of hiring practices. We share personal anecdotes, insights from industry articles, and our experiences as hiring managers. Tune in for a humorous and thought-provoking discussion on what really matters when building a successful cybersecurity team. CISOs Rethink Hiring to Emphasize Skills Over Degrees and Experience article FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!

Vibe coding, or using AI to generate code by describing what you want. We critically examine the concerns surrounding AI-generated code, including code quality, security risks, and the potential for creating numerous low-quality applications. Our discussion explores whether AI can truly provide foolproof, production-ready code, or if it should be limited to idea generation and prototyping. Catch our candid take on the dangers of relying on AI for software development and the importance of maintaining human expertise in the coding process. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel Thanks for Listening!