Beating “Checkbox Security” With Continuous Offense with Sonali Shah

Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure.

Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies.

Impactful Moments 00:00 - Introduction 02:21- Sonali’s unexpected CEO path 06:10 - Compliance isn’t real security 10:19 - PTaaS: start in 24 hours 12:33- 5,000 pentests yearly scale 17:01 - Humans beat automation limits 20:16 - AI behavior vulnerabilities emerge 27:54 - Indirect prompt injection explained 30:51 - Why juniors + AI is risky 38:27 - 2026 becomes AI battleground

Links Connect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/

Check out Cobalt: https://www.cobalt.io

____ Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(424)

Who Owns Your AI Security Policy? with Chris Cochran

Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even hav...

18 Mai 35min

Turning 30,000 Findings Into 50 That Matter with Dan Pagel and Brad Hibbert

Mythos just found 30,000 new vulnerabilities, and now every security team is asking the same question: what actually matters? In this episode, Ron Eddings sits down with Dan Pagel, CEO at Brinqa, and ...

1 Mai 34min

Killing the Playbook with Agentic AI with Allan Alford and Tom Findling

SOAR promised to close the loop in the SOC and fell flat. Agentic AI is finally delivering what a decade of playbooks couldn’t. In this episode, Ron sits down with Allan Alford, SVP at NTT Global Dat...

24 Apr 39min

The Epidemic of Sameness Is Killing Your Brand with Don Jeter

In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth. In this episode, Ron...

17 Apr 34min

Minutes to Meltdown: Cyber Recovery When It Counts with Chris Bevil

Most organizations are prepping for disaster recovery when they should be building for cyber recovery, and those are not the same thing. Recorded live at RSAC Conference 2026, Ron sat down with Chris...

7 Apr 28min

Building AI Governance Before the Incidents Hit with Guru Sethupathy

AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, brea...

1 Apr 24min

What Happens When Attackers Collaborate More Than Defenders? Ron Eddings Reporting Live from RSAC Conference

What happens when attackers collaborate better than defenders? Recorded live from RSAC 2026, this solo episode with Ron breaks down the biggest themes shaping cybersecurity right now, from organized ...

31 Mar 13min

RSAC 2026: Show Up or Fall Behind

What does it mean when your smart doorbell becomes an entry point for surveillance? What happens when a single hacker can jailbreak every major AI model within hours of its release? And why are the sa...

20 Mar 21min