In this episode, host Paul Roberts chats with Tarah Wheeler, CEO of Red Queen Dynamics, about her recent Council on Foreign Relations piece regarding what the U.S. SEC’s prosecution of SolarWinds and new disclosure rules mean for the cybersecur

Chinese APT Group Exploits SOHO Routers

Apr 3rd, 2024 22m 46s

In this episode of the ConversingLabs podcast, host Paul Roberts chats with Daniel Adamitis, a Principal Information Security Engineer at Lumen Technologies’ Black Lotus Labs. They discuss his team’s discovery of an impossible-to-kill botnet pa

Securing Medical Devices with SBOMs

Mar 27th, 2024 32m 52s

In this episode, host Paul Roberts chats with Kevin Fu, an Electrical & Computer Engineering Professor at Northeastern University, about the new federal standards for the cybersecurity of medical devices, which includes the submission of softwa

The LockBit Takedown: What We Know

Mar 15th, 2024 19m 50s

In this episode, host Paul Roberts chats with Ali Khan, Field CISO at ReversingLabs, about the recent takedown of the LockBit ransomware group, which is considered to be one of the most prolific cybercrime groups globally.

The State of Software Supply Chain Security 2024

Feb 28th, 2024 26m 21s

In this episode, host Paul Roberts chats with Karlo Zanki, a Reverse Engineer at ReversingLabs, about the state of software supply chain security in 2024. The two will review key findings on the software supply chain threat landscape in 2023, a

The State of Open Source Software Security

Oct 5th, 2023 27m 56s

In this episode, host Paul Roberts chats with Mikaël Barbero, Head of Security at the Eclipse Foundation, about the state of open source software security. Eclipse has been around for more than two decades and has for a long time prioritized th

Apple Devices as a Growing Attack Vector

Sep 27th, 2023 7m 33s

In this episode, host Paul Roberts chats with Devin Byrd, Director of Threat Intelligence at Kandji on the sidelines of the 2023 Black Hat USA conference. In their conversation, Byrd discusses how Kandji has grown into a major security provider

The Art of Security Chaos Engineering

Sep 20th, 2023 12m 22s

In this episode, host Paul Roberts chats with Kelly Shortridge, a Senior Principal at Fastly, on the sidelines of the 2023 Black Hat USA Conference. In their conversation, they discuss her new book, Security Chaos Engineering: Sustaining Resili

Modern Risks to the Internet of Things and Software Supply Chains

Sep 13th, 2023 18m 53s

In this episode of ConversingLabs, host Paul Roberts chats with Thomas Pace, the CEO & co-founder of the firmware security firm NetRise. Thomas and Paul talk about the shifting ground of threats and attacks as the Internet of Things grows and w

Lemons & Liability: What it Means for Software Applications

Sep 6th, 2023 12m 26s

In this episode, host Paul Roberts chats with Daniel Woods, a Cybersecurity Lecturer at The University of Edinburgh on the sidelines of the 2023 Black Hat USA conference about his briefing: “Lemons and Liability: Cyber Warranties as an Experime

Creating the Standard for Supply Chain Risk

Jun 21st, 2023 22m 47s

In this episode, host Paul Roberts chats with Robert Martin of MITRE and Cassie Crossley of Schneider Electric about their session at this year’s RSA Conference. They explained how MITRE’s System of Trust can serve as a standard for software su

How Do You Trust Open Source Software?

Jun 14th, 2023 15m 40s

In this episode, host Paul Roberts chats with Naveen Srinivasan, an OpenSSF Scorecard Maintainer, about his talk at this year’s RSA Conference on how to better trust open source software. In their conversation, Naveen explains how the OpenSSF S

The State of Application Security

Jun 1st, 2023 18m 21s

In this episode, we interview Chris Romeo, CEO of Kerr Ventures and long-time application security (app sec) practitioner on the sidelines of the 2023 RSA Conference. He gives a rundown on the state of app sec and comments on other software thr

Red Teaming the Indian Government

May 23rd, 2023 42m 40s

In this episode of ConversingLabs, host Paul Roberts chats with John Jackson, a security researcher, about the work he and research group Sakura Samurai did in looking at exposed secrets and other threats on Indian government websites.

SBOM skeptics and talks about the importance of software supply chain transparency

May 10th, 2023 22m 15s

In this special Café edition of ConversingLabs, host Paul Roberts interviews Joshua Corman, the Vice President of Cyber Safety Strategy at Claroty and the Founder of I Am The Cavalry on the sidelines of the RSA Conference 2023 in San Francisco.

Malware & Software Supply Chain Security

Apr 27th, 2023 16m 56s

In this special edition episode of ConversingLabs, host Paul Roberts interviews ReversingLabs Director of Product Management, Charlie Jones, on the sidelines of the 2023 RSA Conference in San Francisco. Charlie speaks with Paul about his RSAC t

Contextualizing the National Cybersecurity Strategy

Apr 26th, 2023 37m 46s

In this episode, host Paul Roberts chats with Devin Lynch, Director of Supply Chain and Technology Security for the Office of the National Cyber Director, about the National Cybersecurity Strategy released by the White House last month. They di

The Future of Bug Bounties

Apr 19th, 2023 34m 22s

In this episode, host Paul Roberts chats with Katie Mousourris, CEO and Founder of Luta Security. Mousourris has a robust background in creating and running bug bounty programs as well as professional hacking. In their conversation, she discuss

The Road to Software Supply Chain Security Compliance

Mar 29th, 2023 35m 46s

In this episode, host Paul Roberts chats with Steve Lasker, a former Azure Program Manager with over 20 years of experience at Microsoft. Lasker touched on his industry experience to explain how the effort to secure software has evolved into wh

ZetaNile - Open Source Software Trojans

Jan 2nd, 2023 22m 41s

In September 2022, Microsoft released a report on a group they track as ZINC (also known as Lazarus), which is a state-sponsored group out of North Korea. The report details how ZINC has been using a set of trojanized, open source software impl

A Closer Look at the Enduring Security Framework’s Guidance

Jan 2nd, 2023 26m 47s

The U.S. Federal Government's Enduring Security Framework (ESF) Working Panel released a guidance on "Securing The Software Supply Chain" in September, 2022. The ESF is made up of both government officials and industry practitioners, and this g

Firmware Supply Chain Risks

Jan 2nd, 2023 47m 39s

Supply chain attacks are not limited to SaaS (software-as-a-service) applications. Specific kinds of software, such as firmware, are also at risk of suffering supply chain attacks. Firmware is typically used to control hardware devices, and sit

The Silent Epidemic of Business Email Compromise (BEC) Attacks

Jan 2nd, 2023 51m 51s

Online fraud is among the most pernicious and devastating forms of cybercrime- measured by the financial and psychological toll it takes on victims. Phony tech support, online romance and business email compromise scams drain billions from our

Don’t Sleep on SBOMs

Jan 2nd, 2023 41m 28s

Software Bills of Materials (SBOMs) are a helpful first step for an organization looking to secure its software supply chain. SBOMs serve as an ingredients list, pointing out all of the components that make up a software product, such as open s

Hunting Follina

Oct 3rd, 2022 25m 50s

The exploit known as Follina resurfaced in late May 2022 as researchers discovered its use in a phishing document campaign. ReversingLabs Malware Researcher Joseph Edwards hunted for Follina exploitation samples to observe what final payloads a