Podcast
Genealogy of Cybersecurity - Startup Podcast
Hosted by Paul Shomo · EN
Interviews with founders, startup-advising CISOs, venture capitalists, and analysts discussing the issues of cybersecurity, new threats, and emerging technology. The Genealogy of Cyber Security brings listeners into forward-thinking conversations with industry visionaries, to explore big ideas, and discuss out-innovating the competition.
10episodes
Episodes
Newest firstAll episodes
Ep 16. Varun Badhwar on Pioneering Security Posture Management, and the Story of RedLock
Oct 23, 202300:28:29Tap to summarizeFounder spotlight interview with Varun Badhwar. Varun is the current CEO of EndorLabs, a three-time Innovation Sandbox finalist, and known for founding cloud security posture management startup RedLock, which became Palo Alto Networks PRISMA Cloud.Varun tells stories about evangelizing the new ways of cloud posture management with RedLock’s Cloud Security Intelligence (CSI) unit that quietly presenting vulnerabilities to potential customers. He contrasts the differences with running startups like EndorLabs, which is in an established Software Composition Analysis (SCA) category with customer budgets vs. establishing new ground with RedLock and CipherCloud.Throughout the interview Varun weaves in his philosophy of discipline, team building, culture, sticking to the basics, and, well, getting shit done.You can find Varun Badhwar on Twitter @varun__badhwar or at LinkedIn.com/in/vbadhwar.Visit EndorLabs, or find them on Twitter @EndorLabs, or at LinkedIn.com/company/endorlabs.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep. 15 Founder Mike Fey on Incubating Startups, AI and the Future of Web Browsing
Oct 10, 202300:24:10Tap to summarizeCEO and Founder of Enterprise Browser startup Island, Mike Fey, talks about entrepreneurship, innovation, and the future of web browsing. Paul explores Mike's experiences working with venture capitalists like CyberStarts and Sequoia, and startup-advising CISOs, getting early customer feedback during the ideation, seed, and early growth stages. Mike describes the origin story behind Insland and Enterprise Browsers.Mike and Paul discuss AI, ChatGPT, and what new applications we may see AI used for. Mike explains the issue with miseducating neural networks, and how AI will change building technology, along with its dangers. Mike also riffs on a myriad of technology topics from ChatGPT to quantum computing, Web3, robotic process automation (RPA), and more.Check out Island.io to learn more about their enterprise browser, or reach them on Twitter @island_io. Mike Fey can be found on LinkedIn.com/in/michaelfey.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 14. Privacy is in the Code: Relyance AI's Solution for DevOps Data Flows
Sep 25, 202300:29:15Tap to summarizeInnovation Sandbox finalist and Relyance AI Founder Abhi Sharma discuss privacy and compliance in a world where every company is a software company, and DevOps code produces so many data flows with your private and regulated data. Abhi points out a privacy solution must govern DevOps, “privacy is in the code.” Abhi discusses NLP, LLMs, OpenAI, and Chat GPT, and how Relyance AI’s intelligence understands privacy clauses in compliance documents, contracts, SLAs, etc., and having shifted left into static code analysis, understands if code is violating these privacy responsibilities. Paul and Abhi discuss how generative AI and NLP have sped up Relyance’s delivery of functionality. Paul pushes back on how they’ve built a product with so much functionality in such a short time. Abhi has an interesting response as they discuss AI and the future of software development.You can find Relyance AI at Relyance.ai, on Linkedin.com/company/relyanceai, or Twitter @relyanceai. Founder Abhi Sharma can be found on Linkedin.com/in/abhisharmab or Twitter @abhisharma_b.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 13. Zama on the Holy Grail of AI Privacy, Fully Homomorphic Encryption
Sep 12, 202300:29:22Tap to summarizeInnovation Sandbox finalist, Cryptographer, and Zama VP Benoit Chevallier-Mames discuss Zama’s efforts to bring fully homomorphic encryption (FHE) into commercial use. How FHE would allow application developers and customers to benefit from the insights obtained by sharing data with AI providers, like OpenAI or ChatGPT, but without exposing private data.Benoit goes through some of the mathematical magic behind FHE, what ML approaches it enables, and some of its history. Benoit explains why fully homomorphic encryption has been such a performance challenge, and discusses Zama’s quantization approach. Finally, Benoit unveils Zama’s announced strategy to focus on securing blockchain smart contracts until cloud computing allows them to wield fully homomorphic encryption for the broader spectrum of AI use cases.Zama can be found online at Zama.ai, on LinkedIn.com/company/zama-ai, or on Twitter @zama_fhe.Benoit Chevallier-Mames can be found at Linkedin.com/in/benoitchevalliermames.You can also watch this episode on using fully homomorphic encryption (FHE) to preserve privacy with OpenAI, ChatGPT on YouTube.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 12. Astrix Security on Threat of 3rd Party API Connections and Non-Human Identities
Aug 28, 202300:19:54Tap to summarizeInnovation Sandbox finalist and Astrix Security Founder Idan Gour discuss the rising attack surface created by API-to-API connections and non-human identities. How no-code orchestration tools, low code tools, and generative AI, like ChatGPT, are causing non-technical business users to build integration apps that access and sometimes share sensitive data.Idan discusses mapping this web of API-to-API connections, which traffic sensitive data from SaaS apps like Google Workspace, 365, Calendly, and SalesForce. The Circus.AI breach is explored. Idan and Paul also discuss the rising problem of non-human identities which access APIs and data, with Astrix citing their study which found 45X more non-humans than human employees.You can find Astrix online at Astrix.security, on LinkedIn.com/company/astrix-security, or Twitter at @AstrixSecuritySend feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 11. Valence Security on SaaS-to-SaaS Mesh, Shadow Integrations and Generative AI
Aug 8, 202300:23:35Tap to summarizeInnovation Sandbox finalist and Valence Security Founder Yoni Shohet discuss the new SaaS-to-Saas attack surface produced by the proliferation of shadow integrations between SaaS apps. Today users are typically SaaS admins and often okay SaaS App requests to access other apps like their Calendar, Email, or SalesForce. Yoni explains how automation tools for non-developers are expanding the problem, with no-code orchestration, ChatGPT, and Generative AI-producing integration apps, not to mention the explosion of developers and CI/CD pipelines.Yoni explains the magnitude of the problem with so many exposed APIs, allowing common SaaS apps, identity providers (IDP), and shadow connections in your SaaS software supply chain. Valence Security’s approach to mapping the SaaS-to-SaaS mesh is discussed as well as their brand of remediation which includes an education step for the user.Yoni Shohet can be found on LinkedIn.com/in/yonishohet or Twitter @yonishohet.Valence Security can be found at Valencesecurity.com on LinkedIn.com/company/valence-security or on Twitter @Valencesecurity.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 10. Endor Labs on Code Vulnerabilities, Sketchy Open Source Developers, and Software Supply Chain
Jul 24, 202300:27:10Tap to summarizeInnovation Sandbox finalist and Endor Labs Founder Varun Badhwar discuss the magnitude of open-source vulnerabilities, highlighting the developers behind vulnerabilities like CoreJS and Log4shell, and why strategic pieces of the internet depend on libraries that sometimes rest on a single part-time open-source developer, even developers with prison records.Varun talks about his past pioneering cloud security posture management (CSPM) with RedLock and Palo Alto Network’s PRISMA cloud, and Endor Lab’s mission to build a software composition analysis solution that truly enables developers and solves the problems of open source vulnerabilities. Including how Endor Labs is going further than simply shifting left.You can find Varun Badhwar on Twitter @varun__badhwar or at LinkedIn.com/in/vbadhwar.Visit EndorLabs, or find them on Twitter @EndorLabs, or at LinkedIn.com/company/endorlabs.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 9. Concentric AI on NLP, ChatGPT, and Data Security Posture Management
Jul 11, 202300:21:58Tap to summarizeConcentric AI Founder Karthik Krishnan discusses the new Data Security Posture Management market and answers the age-old questions of what data you have, where is it, and who’s accessing it. Karthik discusses advances in AI, natural language processing (NLP), Open AI ChatGPT, Large Language Models (LLMs), and what it all means to data classification and society.Karthik Krishnan explains the incredible expenses and human power required to classify and govern data, and how Concentric AI’s DSPM product reduces costs. Paul and Karthik discuss why the cloud native and AI DSPM products differ from data security products of the past, and Paul grills Karthik to see if there are any hidden costs in the cloud.Concentric AI can be found at Concentric.ai, on LinkedIn.com/company/concentricinc, or Twitter @IncConcentric. Concentric Founder Karthik Krishnan can be found on LinkedIn.com/in/kkrishnan/.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep. 8 CISO Sebastian Goodwin on Advising DSPM and Automation Startups
Jun 26, 202300:30:42Tap to summarizeChief Trust Officer Autodesk and recent CISO of Nutanix Sebastian Goodwin discusses advising startup, Concentric AI, in the new data security posture management (DSPM) space, and the importance of locating your data as a prerequisite for security. Sebastian and Paul discuss the recent maturity of natural language processing (NLP), and how ChatGPT and large language models (LLMs) are impacting the startup world. Also discussed are key questions, like how to wade through the AI hype and setting expectations in this new generation of AI.Sebastian discusses what it’s like on the Night Dragon Startup Advisory Board, advising startups during ideation and early stage, including tales of brainstorming key product categories over coffee years before anyone heard of them. Paul and Sebastian discuss his work with StrikeReady and the AI virtual assistant space, as well as several other automation startups.Sebastian discusses the future of automation and highlights a couple more startups, like Reach Security, which automates and enables optimal configuration and usage of cybersecurity products. Sebastian also discusses Hadrian which auto-maps attack surfaces and automates finding exploits and vulnerabilities.Sebastian explains the benefits of a non-traditional career path and spanning fields, and Paul and Sebastian discuss the downsides of hyperspecialization.Sebastian Goodwin can be found on LinkedIn.com/in/sebgoodConcentric AI can be found at Concentric.ai, on LinkedIn.com/company/concentricinc, or Twitter @IncConcentric. Hadrian Security is at Hadrian.io on Twitter @hadriansecurity or LinkedIn.com/company/hadriansecurity.Reach Security is at Reach.security on Twitter @ReachSecurity or LinkedIn.com/company/reach-security.Find StrikeReady.com on Twitter @strike_ready or LinkedIn.com/company/strikeready.NightDragon is at NightDragon.com, on Twitter @nightdragon or LinkedIn.com/company/nightdragon-security.Send feedback to host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn.com/in/paulshomo.
Transcribe →Ep 7. Security Practitioner Trends from 2,400 RSA Conference Submissions
Jun 13, 202300:19:02Tap to summarizeJoin the podcast as we dive into a fascinating conversation with Britta Glade, the Vice President of Content and Curation at RSA Conference. Discover the world of "people's trends" as Britta sheds light on her team's meticulous analysis of 2,400 speaker submissions from influential practitioners in the industry. Get an insider's perspective on RSA's technical session selection process, where industry experts and data science come together to uncover valuable insights and emerging trends.Host Paul Shomo raises an interesting point about the scarcity of industry reports capturing these practitioner trends. The discussion takes an exciting turn as Glade and Shomo geek out over the submission trends for 2023. From the Russia-Ukraine conflict and the vulnerabilities lurking in open source software to the intriguing concepts of shift left and shift right, quantum computing advancements, and the evolving landscape of SBOMs driven by the recent White House executive order, this episode covers it all.Connect with Britta Glade on Twitter @brittaglade or find her on LinkedIn at linkedIn.com/in/britta-glade-5251003. Share your feedback and join the conversation with host Paul Shomo on Twitter @ShomoBits or connect on LinkedIn at linkedIn.com/in/paulshomo. Don't miss out on this informative podcast episode that offers deep insights into the ever-evolving world of cybersecurity.
Transcribe →