The Silver Bullet Security Podcast with Gary McGraw

Listen as Taylor Armerding and Gary discuss the early years and evolution of Cigital and software security, Gary’s software security touchpoints, the BSIMM, the CISO report, the Silver Bullet podcast, and what the future holds.

Listen as Gary and Elias discuss the progress we’ve made in software security over the last 25 years, programming languages, full disclosure, the relationship between technology inventory and software security, and more.

Listen as Gary and Meera discuss how to deal with design flaws; touchpoints such as architecture risk analysis and threat modeling; CI/CD, DevOps, automation, and orchestration; the importance of mentorship; and more.

Listen as Gary and Filippo discuss programming languages and the role they play in software security, getting started in cryptography, open source security, blockchain and cryptocurrency, and more.

Listen as Gary and Brittany discuss robotics, maker culture, the hands-on nature of learning, the security and privacy problems that robots introduce, robot vulnerability, and more.

Listen as Gary and Gøran discuss what it’s like to work for a city government and how to align the city’s goals with software security. They also examine how to get the city to pay attention to security along with all other focus areas, including GDPR, the challenges of digitalization, and how to work with the city to set a budget as you address security and privacy goals and concerns.

Listen as Gary and Kathleen discuss scientific research versus hacking "research," programming languages and software security, hacking (or not hacking) autonomous helicopters at DARPA, why machine learning looks pretty similar to how it looked 25 years ago, and more.

Listen as Gary and Nicholas discuss the Spectre vulnerability, botnet attacks, research tech transfer, cryptocurrencies and blockchain technology, and more.

Listen as Gary and Ron discuss government and commercial security solutions, the NIST framework, tech transfer, technical advisory boards, and more.

Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.

Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the newly released 2018 CISO Report.

Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.

Listen as Gary and Adrienne discuss usable security, web and mobile security indicators, browser warnings, permission models, and more.

Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.

Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.

Listen as Gary and Wafaa cover cultural differences in technology management, CISO education, organizational hierarchy, and more.

Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.

Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.

Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more.

Listen as Gary and Cheryl discuss aligning security to work as a service for the business rather than an imposition for employees, trending cyber security political topics, work-life balance, and more.