The Security Table
The Security Table is four cybersecurity industry veterans from diverse backgrounds discussing how to build secure software and all the issues that arise!
Episodes
71 episodes
The STRIDE Controversy: Evolution vs. Extinction in Security Models
We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We disc...
•
Season 2
•
Episode 32
•
41:11
Why 100X Isn't the Answer
A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about ...
•
Season 2
•
Episode 31
•
44:54
We'll Be Here Until We Become Obsolete
This week we explore the multifaceted concept of obsolescence in technology, detailing its planned, unplanned, and forced forms. We delve into the security implications of outdated or unsupported devices and software, with a spotlight on cloud-...
•
Season 2
•
Episode 30
•
27:48
Everything is Boring
Is everything boring? Chris, Izar and Matt discuss why nothing seems interesting enough lately. Is the excitement of vulnerabilities and ransomware waning? The guys touch on Governance, Risk, and Compliance (GRC) in corporate auditing, the impa...
•
Season 2
•
Episode 29
•
29:59
Experts Want to Excel
What constitutes an expert in the field of threat modeling? Today Matt, Chris and Izar explore cultural references, the intricacies of threat modeling practices, and the criteria that define an expert. The discussion touches on the evolution of...
•
Season 2
•
Episode 28
•
44:07
Numb to Data Breaches, and How it Impacts Security of the Average Feature
In this episode of the Security Table with Chris Romeo, Izar Tarandach, and Matt Coles, the team dives into the evolving landscape of modern security approaches. They discuss the shift from strategy to tactics, the impact of data breaches, and ...
•
Season 2
•
Episode 27
•
32:22
Philosophizing Cloud Security
In this episode of the Security Table, our hosts discuss the concept of the 'Shared Fate Model' in cloud security. The conversation explores how this model builds on the shared responsibility model and the implications for cloud service provide...
•
Season 2
•
Episode 26
•
28:40
Innovations in Threat Modeling?
In this episode of The Security Table, hosts Chris Romeo, Izar Tarandach, and Matt Coles dive into the evolving concept of threat models, stepping beyond traditional boundaries. They explore
•
31:36
The Illusion of Secure Software
In this episode of The Security Table Podcast, hosts ChriS, Izar and Matt dive into the recent statement by CISA's Jen Easterly on the cybersecurity industry's software quality problem. They discuss the implications of her statement, explore th...
•
Season 2
•
Episode 24
•
40:18
The Intersection of Hardware and Software Security
In this episode of The Security Table, Chris, Izar, and Matt discuss an article that discusses threat modeling in the context of hardware. They explore the intersection of hardware and software security, the importance of understanding attack s...
•
Season 2
•
Episode 23
•
30:25
Computing Has Trust Issues
Join us in this episode of The Security Table as we dive into the world of cybersecurity, starting with a nostalgic discussion about our favorite security-themed movies like 'Sneakers,' 'War Games,' and 'The Matrix.' We then shift gears to expl...
•
Season 2
•
Episode 22
•
46:09
The Stages of Grief in Incident Response
Join Chris, Izar, and Matt as they sit around the Security Table to dissect and discuss the different stages of dealing with security incidents. In this episode, they explore the developer's stages of grief during an incident, and discuss a rec...
•
Season 2
•
Episode 21
•
24:05
To SSH or Not?
In this episode of 'The Security Table,' we are back from our midsummer break to discuss OpenSSH regression vulnerability. We dig into the nuances of this race condition leading to remote code execution, explore the chain of security updates, a...
•
Season 2
•
Episode 20
•
28:08
Rethinking Security Conferences: Engagement and Innovation
In this episode Chris, Matt, and Izar discuss the current state of security conferences and gatherings for professionals in the field. They discuss the value and viability of different types of gatherings, the importance of networking and commu...
•
Season 2
•
Episode 19
•
26:04
Privacy vs. Security: Complexity at the Crossroads
In this episode of the Security Table, Chris, Izar, and Matt delve into the evolving landscape of cybersecurity. The episode has a humorous start involving t-shirts and Frogger as a metaphor for the cybersecurity journey, the conversation shift...
•
Season 2
•
Episode 18
•
35:48
Security, Stories, Jazz and Stage Presence with Brook Schoenfield
In this episode of 'The Security Table,' hosts Chris Romeo, Izar Tarandach, and Matt Coles are joined by Brook Schoenfield, a seasoned security professional, to share insights and stories from his extensive career. The conversation ...
•
Season 2
•
Episode 17
•
52:04
Debating the CISA Secure by Design Pledge
In this episode of 'The Security Table,' hosts Chris Romeo, Matt Coles, and Izar Tarandach discuss the CISA Secure by Design Pledge, a recent initiative where various companies commit to improving software security practices. The hosts critique...
•
Season 2
•
Episode 16
•
39:41
Why Developers Will Take Charge of Security, Tests in Prod
The script delves into a multifaceted discussion encompassing critiques and praises of book-to-movie adaptations like 'Hitchhiker's Guide to the Galaxy', 'Good Omens', and 'The Chronicles of Narnia'. It then transitions to a serious examination...
•
Season 2
•
Episode 15
•
48:10
12 Factors of Threat Modeling
Chris, Matt and Izar share their thoughts on an article published by Carnegie Mellon University’s Software Engineering Institute. The list from the article covers various threat modeling methodologies such as STRIDE, PASTA, LinDoN, and OCTAVE m...
•
Season 2
•
Episode 14
•
45:39
XZ and the Trouble with Covert Identities in Open Source
Matt, Izar, and Chris delve into the complexities of open source security. They explore the topics of trust, vulnerabilities, and the potential infiltration by malicious actors. They emphasize the importance of proactive security measures, the ...
•
Season 2
•
Episode 13
•
43:54
Nobody's Going To Mess with Our STRIDE
Matt, Izar, and Chris take issue with a controversial blog post that criticizes STRIDE as being outdated, time-consuming, and does not help the right people do threat modeling. The post goes on to recommend that LLMs should handle the task. The...
•
Season 2
•
Episode 12
•
39:31
SQLi All Over Again?
Chris, Matt, and Izar discuss a recent Secure by Design Alert from CISA on eliminating SQL injection (SQLi) vulnerabilities. The trio critiques the alert's lack of actionable guidance for software manufacturers, and they discuss various strateg...
•
Season 2
•
Episode 11
•
37:55
How I Learned to Stop Worrying and Love the AI
Dive into the contentious world of AI in software development, where artificial intelligence reshapes coding and application security. We spotlight the surge of AI-generated code and the incorporation of copy-pasted snippets from popular forums...
•
Season 2
•
Episode 10
•
42:19
Secure by Default in the Developer Toolset and DevEx
Matt, Chris, and Izar talk about ensuring security within the developer toolset and the developer experience (DevEx). Prompted by a recent LinkedIn post by Matt Johansen, they explore the concept of "secure by default" tools. The conversation h...
•
Season 2
•
Episode 9
•
43:46
Debating the Priority and Value of Memory Safety
Chris, Izar, and Matt tackle the first point of the recent White House report, "Back to the Building Blocks: a Path toward Secure and Measurable Software." They discuss the importance of memory safety in software development, particularly in th...
•
Season 2
•
Episode 8
•
34:58