Episode 124 - The Learning Leader with Allan Alford
Hacker Valley Studio2 Maalis 2021

Episode 124 - The Learning Leader with Allan Alford

Introducing the Cyber Ranch Podcast and Allan Alford!

Allan Alford is currently the Chief Technology Officer/Chief Information Security Officer at TrustMAPP. Allan Alford is a member of the Hacker Valley family and has launched a new show called the Cyber Ranch Podcast. Allan has been a CISO at a number of different companies and has a wealth of knowledge in Cybersecurity. Has about 20 years of Cybersecurity and has a background in product security.

Allan is a tinkerer and a second generation information security practitioner. His father was a systems operator/administrator who specialized in Systems Security, his father brought their first IBM PC into the house while Allan was in middle school. Since that moment, Allan has always been interested in technology and had a group of friends who had the brand new tools of the time like the TI-99, TRS-80, IBM PC and Apple IIe. He and his friends were porting and writing games, hacking and war dialing. Allan’s mother was a school teacher and had house rules about television time, and so with an hour of TV a week Allan’s primary form of entertainment was reading.

In high school Allan took a creative writing class where he found a passion for storytelling and reading novels. Before entering college Allan was confident in his technology skills and decided that studying Humanities would make a greater impact for him. While studying, Allan learned that there were many parallels between the study of humanities and technology. There was a vocabulary, grammar, and structure by which things operated that had a consistent set of rules. Allan learned that the correct application of grammar and vocabulary helped all things work properly.

As the episode progresses, Allan shares while reading books, articles or other word based sources there’s a sort of internal voice that is within his mind that reads the words ‘out loud,’ however once he’s immersed in the book or text that the subvocalization fades and there’s a much more immediate type of onboarding of the information, the non-conscious reading voice. Chris shares that he describes this as the flow of learning. Allan also speaks of lucking into a prime slot on the KTCU college radio station and how he found his groove djing by deconstructing threads of music. He would put together his set by starting with a popular song and tracing it back from influence and inspirations.

Allan also shares his thoughts on the importance of networking - And not all networking starting points being equal. With his success now he tries to create bridges and conversations through his network that promote the exchange of ideas and further conversations for people, Allan is hoping to do the same with his podcast - The Cyber Ranch. Professionally he’s embarking on a new journey as the Chief Technology Officer at TrustMapp and is currently learning how to be a great producer of Security technologies.

Impactful Moments During the Show

0:00 - Welcome back to the Hacker Valley Studio!

01:30 - Welcome back to the Hacker Valley studio and welcome to the Cyber Ranch podcast

02:30 - Allan’s Professional Adventuring Card

03:00 - Allan’s tinkering background and a second generation info security professional

04:30 - Writing and porting video games as a youth, growing up as a STEM kid

05:35 - Creative writing opening the world to storytelling

06:50 - Going to college already knowing about Computer Science

08:40 - Practices and techniques for learning rapidly and staying sharp

10:30 - Understanding the fields of vocabulary and grammar

11:56 - Conscious reading voice, non-conscious reading voice and flow

14:14 - From reading to producing work that people could consume

16:00 - DJ Deconstruction, how Allan put together a primetime radio set on KTCU

17:00 - Networking without inherited connections

19:20 - How networking works for Allan now

22:20 - Networking misunderstood, the traps of the output side

24:00 - Allan’s 70/30 rule for career advancement

25:30 - CISO and CTO parallels

27:30 - What motivated Allan to start his own cyber security podcast

29:30 - For someone entering the Cybersecurity world from a non-technical background

Links

Connect with Allan on LinkedIn Allan Alford - CISO & CTO - TrustMAPP

Check out The Cyber Ranch Podcast!

Learn more about Hacker Valley Studio.

Support Hacker Valley Studio on Patreon.

Follow Hacker Valley Studio on Twitter.

Follow hosts Ron Eddings and Chris Cochran on Twitter.

Learn more about our sponsor AttackIQ and enroll in The AttackIQ Academy!

Jaksot(411)

Turning Agent Chaos into a Command Center with Pedram Amini

Turning Agent Chaos into a Command Center with Pedram Amini

Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track. In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down. Impactful Moments 00:00 - Intro 02:05 - Codex desktop sparks agent shift 06:40 - Harness beats model iteration 08:10 - Context window: the hidden limiter 12:10 - Terminal sprawl creates agent chaos 14:05 - Maestro panels: agents, tabs, history 17:25 - Auto Run: fresh context per task 26:15 - “Donate tokens” via Symphony PRs 28:20 - AI tax debate gets spicy 33:05 - Start simple: download and run   Links Connect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/ Check out Maestro for yourself: https://runmaestro.ai/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Helmi 37min

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Why MFA Isn’t the Safety Net You Think It Is with Yaamini Barathi Mohan

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

29 Tammi 32min

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

When Cybercrime Learned How to Make Money and Never Looked Back with Graham Cluley

Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today. Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations. Impactful Moments 00:00 - Introduction 04:16 - Malware before money existed 07:30 - Cheesy biscuits changed cybersecurity 13:10 - When documents became dangerous 14:33 - Crime replaced curiosity 15:23 - Sony proved no one was safe 20:15 - Reporting hacks without causing harm 24:01 - AI replacing penetration testers 29:18 - Agentic AI shifts the threat model 36:30 - Why rushing AI breaks trust Links Connect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

25 Tammi 37min

When Automation Outruns Control with Joshua Bregler

When Automation Outruns Control with Joshua Bregler

AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and catastrophe. In this episode, Ron sits down with Joshua Bregler, Senior Security Manager at McKinsey’s QuantumBlack, to dissect how AI agents, pipelines, and dynamic permissions are reshaping application security. From prompt chaining attacks and MCP server sprawl to why static IAM is officially obsolete, this conversation gets brutally honest about what works, what doesn’t, and where security teams are fooling themselves. Impactful Moments 00:00 – Introduction 02:15 – AI agents create identity chaos 04:00 – Static permissions officially dead 07:05 – AI security is still AppSec 09:30 – Prompt chaining becomes invisible attack 12:23 – Solving problems vs solving AI 15:03 – Ethics becomes an AI blind spot 17:47 – Identity is the next security failure 20:07 – Frameworks no longer enough alone 26:38– AI fixing insecure code in real time 32:15 – Secure pipelines before production Connect with our Guest Joshua Bregler on LinkedIn: https://www.linkedin.com/in/breglercissp/   Our Links Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

18 Tammi 37min

The Day AI Stopped Asking for Permission with Marcus J. Carey

The Day AI Stopped Asking for Permission with Marcus J. Carey

AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and consequences became unavoidable. In this episode, Ron sits down with Marcus J. Carey, Principal Research Scientist at ReliaQuest, to examine what happens after AI is given authority: agents running in production, prompt debt replacing technical debt, vibe coding accelerating risk, and maintenance emerging as the true bottleneck. Together, they discuss how cybersecurity, software engineering, and the job market are shifting now that AI operates with autonomy, often faster than organizations can explain what their systems are actually doing. Impactful Moments 00:00 - Introduction 02:26 - AI agents cross into production 03:35 - Trust boundaries become attack surfaces 6:46 - Vibe coding and hidden technical debt 09:22 - Prompt debt changes everything 17:40 - Why junior knowledge disappears 19:00 - AI replaces repetitive cyber workflows 23:43 - Coding becomes human leverage 29:30 - Fall in love with the problem   Connect with our guest, Marcus J. Carey: LinkedIn https://www.linkedin.com/in/marcuscarey/ X https://x.com/marcusjcarey   Articles and Books Mentioned: Article used for discussion:  https://www.techradar.com/pro/security/this-webui-vulnerability-allows-remote-code-execution-heres-how-to-stay-safe   Atomic Habits: https://jamesclear.com/atomic-habits-summary   Fall in Love with the Problem, Not the Solution: https://sobrief.com/books/fall-in-love-with-the-problem-not-the-solution   Our Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

15 Tammi 33min

When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

When AI Ships the Code, Who Owns the Risk with Varun Badhwar and Henrik Plate

AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t velocity, it’s invisible security debt compounding faster than teams can see it. In this episode, Ron Eddings sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, and Henrik Plate, Principal Security Researcher of Endor Labs, to break down how AI-assisted development is reshaping the software supply chain in real time. From MCP servers exploding across GitHub to agents trained on insecure code patterns, they analyze why traditional AppSec controls fail in an agent-driven world and what must replace them. This conversation pulls directly from Endor Labs’ 2025 State of Dependency Management Report, revealing why most AI-generated code is functionally correct yet fundamentally unsafe, how malicious packages are already exploiting agent workflows, and why security has to exist inside the IDE, not after the pull request. Impactful Moments 00:00 – Introduction 02:00 – Star Wars meets cybersecurity culture 03:00 – Why this report matters now 04:00 – MCP adoption explodes overnight 10:00 – Can you trust MCP servers 12:00 – Malicious packages weaponize agents 14:00 – Code works, security fails 22:00 – Hooks expose agent behavior 28:30 – 2026 means longer lunches 33:00 – How Endor Labs fixes this Links Connect with our Varun on LinkedIn: https://www.linkedin.com/in/vbadhwar/ Connect with our Henrik on LinkedIn: https://www.linkedin.com/in/henrikplate/   Check out Endor Labs State of Dependency Management 2025: https://www.endorlabs.com/lp/state-of-dependency-management-2025   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

8 Tammi 35min

Think Like a Hacker Before the Hack Happens with John Hammond

Think Like a Hacker Before the Hack Happens with John Hammond

What if the most dangerous hackers are the ones who never touch a keyboard? The real threat isn't just about stolen credentials or ransomware; it's about understanding how attackers think before they even strike. In cybersecurity, defense starts with offense, and the best defenders are those who've walked in the hacker's shoes. In this episode, Ron sits down with John Hammond, principal security researcher at Huntress and one of cybersecurity's most recognizable educators. John shares his journey from Coast Guard enlistee to YouTube creator, building an entire media company around ethical hacking. They dig into the balance between public research and responsible disclosure, the rise of AI-augmented attacks, and why identity is now the biggest attack surface in modern enterprises. Impactful Moments: 00:00 - Introduction 01:00 - AI weaponized in cyber espionage 05:00 - Learning by teaching publicly 09:00 - Balancing curiosity with responsible disclosure 13:00 - Building a creator company 16:00 - Identity as the new frontier 20:00 - AI agents running breach simulations 22:00 - Predictions for cybersecurity in 2026 25:00 - Ron's hacking habit confession   Links: John Hammond LinkedIn: https://www.linkedin.com/in/johnhammond010/ John Hammond Youtube: https://www.youtube.com/@_JohnHammond Article for Discussion: https://www.reuters.com/world/europe/russian-defense-firms-targeted-by-hackers-using-ai-other-tactics-2025-12-19/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

1 Tammi 28min

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Breaking Into Banks and Bypassing Modern Security with Greg Hatcher and John Stigerwalt

Three banks in four days isn't just a bragging right for penetration testers. It's a wake-up call showing that expensive security tools and alarm systems often fail when tested by skilled operators who understand both human behavior and technical vulnerabilities. Greg Hatcher and John Stigerwalt, co-founders of White Knight Labs, talk about their latest physical penetration tests on financial institutions, manufacturing facilities protecting COVID-19 vaccine production, and why their new Server 2025 course had to rewrite most common Active Directory tools. They share stories of armed guards, police gun draws, poison ivy reconnaissance, and a bag of chips that saved them from serious trouble. The conversation reveals why EDR alone won't stop ransomware, how offline backups remain the exception rather than the rule, and what security controls actually work when attackers bring custom tooling. Impactful Moments: 00:00 - Intro 01:00 - New training courses launched 03:00 - Server 2025 breaks standard tools 05:00 - COVID facility physical penetration 07:00 - Armed guards change the game 10:00 - Police draw guns on operators 13:00 - Bag of chips saves the day 15:00 - Nighttime versus daytime physical tests 18:00 - VIP home security assessments 20:00 - 2026 threat predictions 22:00 - Why EDR doesn't stop ransomware 27:00 - Low cost ransomware simulation ROI 29:00 - Three banks in four days 32:00 - Deepfake as the new EDR Links: Connect with our guests –  Greg Hatcher: https://www.linkedin.com/in/gregoryhatcher2/ John Stigerwalt: https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ Learn more about White Knight Labs: https://www.whiteknightlabs.com Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

18 Joulu 202533min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
adhd-podi
rss-narsisti
psykologia
rahapuhetta
kesken
rss-duodecim-lehti
rss-valo-minussa-2
rss-vapaudu-voimaasi
rss-liian-kuuma-peruna
rss-niinku-asia-on
aamukahvilla
rss-uskonto-on-tylsaa
rss-honest-talk-with-laurrenna
rss-luonnollinen-synnytys-podcast
rss-tietoinen-yhteys-podcast-2
rss-koira-haudattuna
rss-opeklubi