Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee
Hacker Valley Studio8 Nov 2022

Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee

Hacker Valley: On the Road is a curated collection of conversations that Chris and Ron have had during conferences and events around the globe. In this episode, Cloud Security Podcast’s Ashish Rajan and Shilpi Bhattacharjee speak with the Hacker Valley team at AISA CyberCon in Melbourne, Australia. Ashish and Shilpi discuss their respective talks on supply chain security and zero trust technology, SBOMs, and keynote speakers at this year’s Cybercon worth noting for the audience at home.

Timecoded Guide:

[00:00] Connecting & conversing at a cyber conference post-COVID

[06:50] Breaking down Shilpi’s presentation on supply chain threats & attacks

[11:45] Understanding the paradoxes & limitations of zero trust with Ashish’s talk

[26:13] Defining & explaining SBOM, or Software Bill of Materials

[33:16] Noticing key conversations & trends for those who didn’t attend AISA Cybercon

Sponsor Links:

Thank you to our sponsor Axonius for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

Shilpi, can you talk about the idea behind the talk you had at CyberCon?

The inspiration behind Shilpi’s conference talk was supply chain issues. Titling her talk, “Who’s Protecting Your Software in Supply Chain,” Shilpi hoped to further educate and advocate for security in the supply chain process. An estimated one in two companies will experience a supply chain attack in the coming years. Instead of fearing such a statistic, Shilpi hopes her talk inspired further security action to protect our supply chains.

“One staggering fact that I read is that one in every two companies is going to have some sort of a supply chain attack in the next three years. So, who's going to look after the supply chain? Is it going to be the organization? Is it going to be your third-party vendors?” —Shilpi

Ashish, what about your talk at Cybercon?

In contrast, Ashish’s talk was about the triple paradox of zero trust. When talking about and implementing zero trust, Ashish realized many companies don’t implement the cultural changes needed for zero trust and/or only talk about zero trust as a technology process. Zero trust has numerous layers beyond technology, and requires time and major changes in culture and technology to implement in most companies.

“I feel bad for bashing on finance, marketing, and HR teams. They're all smart people, but if you're going to add four or five layers of security for them, they almost always say, ‘I just want to do my job. I don't really care about this. It's your job to do security.’” —Ashish

Where would you recommend starting when it comes to trying to implement the ideas in your respective talks?

When push comes to shove about where cyber companies can start first with supply chain and zero trust, Ashish and Shilpi agree that companies have to discuss business priorities. When company leaders can take the opportunity to look at and understand their cyber hygiene, the next steps might look very different from another company’s tactics. Knowing what a business has is the foundational piece that impacts any new process in cyber.

“If I were to go back to the first principle of what we do with cybersecurity professionals, one of the biggest assets that we're all trying to protect is data. You can't protect what you can't see, that's the foundational piece.” —Ashish

For anyone that wasn't able to make the conference, what is one thing that you would want to share with the audience at home?

There were a lot of conversations taking place at Cybercon this year. Ashish wants the audience at home to know that cloud native, zero trust, supply chain, and leadership positions like CISOs were the main themes in many talks, panels, and conversations. Shilpi wants those who couldn’t attend to watch out for more talks and conversations about cyber from those outside of the industry to understand that the issues impacting cyber influence the world.

“I think there's that interest about cybersecurity being more than just a cybersecurity problem. Cybersecurity is not just a technical problem, it's a societal problem, a cultural problem. I very much agree, because a lot of the things that we're dealing with impacts everyone.” —Shilpi

---------------

Links:

Keep up with our guest Ashish Rajan on LinkedIn

Keep up with our guest Shilpi Bhattacharjee on LinkedIn

Listen to Ashish and Shilpi’s Cloud Security Podcast

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Avsnitt(404)

Learning How to Learn: Mastering the Cyber Fundamentals with Rich Greene

Learning How to Learn: Mastering the Cyber Fundamentals with Rich Greene

The real edge in cybersecurity isn’t found in new tools, it’s built through timeless fundamentals and a mindset that never stops learning. In this episode, Ron sits down with Rich Greene, Senior Solutions Engineer and Instructor at SANS Institute, to uncover how true cyber value starts with skills, curiosity, and mindset. Rich shares his remarkable story of surviving a battlefield injury, retraining his brain, and how that journey shaped his approach to mastering cybersecurity. Together, they connect real-world lessons like the recent Discord breach to the core truth that even advanced systems depend on people who master the basics. Impactful Moments 00:00 - Introduction 02:00 - Discord breach and third-party risk 05:00 - Meet Rich Greene from SANS 06:00 - The power of mastering fundamentals 07:00 - Learning how to learn 08:30 - Rich’s story of rebuilding his memory 11:00 - Forcing the brain to grow stronger 12:00 - Top skills that get you paid 14:00 - Skills that lead to fulfillment 16:00 - Fundamentals that fuel long-term success 17:00 - The OSI model decoded 20:00 - Why operating systems matter 21:00 - Security operations fundamentals 23:00 - Why cloud is the #1 must-learn skill 25:00 - Final advice: sharpen your fundamentals   Links Connect with our Rich on LinkedIn: https://www.linkedin.com/in/secgreene/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

16 Okt 25min

How AI Elevates Cyber Hygiene with Jason Rebholz

How AI Elevates Cyber Hygiene with Jason Rebholz

What if protecting your digital twin becomes the new cyber hygiene? In this week's episode, Ron welcomes back cybersecurity leader Jason Rebholz, CEO of Evoke, to discuss how AI is reshaping the fundamentals of cyber hygiene. From data breaches and deepfakes to everyday habits that protect our digital lives, Jason shares how small actions and smarter use of AI can make all the difference. Together, they uncover how our growing digital footprints are giving rise to digital twins, AI replicas that can mirror our behaviors, voices, and even decisions, and what that means for the future of trust, identity, and security. Impactful Moments: 00:00 - Introduction 01:00 - The Neon app data leak story 03:00 - Why our voices are the new passwords 05:00 - How AI can strengthen cyber hygiene 07:00 - Jason’s mission to secure AI systems 09:00 - AI as a force multiplier for defenders 11:00 - Deepfakes and the new social engineering playbook 13:00 - Attackers’ use of AI and what it means for us 15:00 - The rise of digital twins and identity threats 19:00 - How to defend against “yourself” online 20:00 - Final reflection: Trust in the AI age   Links: Connect with Jason on LinkedIn: https://www.linkedin.com/in/jrebholz/ Check out the TechCrunch article on the Neon app data leak story: https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Okt 21min

Securing Software at AI Speed with Varun Badhwar

Securing Software at AI Speed with Varun Badhwar

The biggest security threat isn’t in the cloud, it’s hidden in the code you trust the most. In this episode, Ron sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, who shares why research shows that nearly 80–90% of application code comes from open source and third-party libraries, not your own developers. Varun discusses the unseen risks of AI-generated software, how attackers can now weaponize vulnerabilities in hours, and why precision in security matters more than ever. He also reveals how AI can be both the ultimate accelerator and the ultimate weakness in modern development.   Impactful Moments: 00:00 - Introduction 02:00 - Varun’s journey from RedLock to Endor Labs 04:00 - Why the software supply chain is broken 07:00 - AI coding assistants and insecure code risks 10:00 - The NPM self-replicating worm discovery 13:00 - Simple controls to enforce Zero Trust in code 16:00 - Pairing AI with security to prevent slop 19:00 - AI-powered security code reviews explained 22:00 - Why 88% of code goes unused 26:00 - Developer efficiency as the new security metric 29:00 - The next wave of AI-driven software threats   Links: Connect with our Endor on LinkedIn: https://www.linkedin.com/in/vbadhwar/     Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

2 Okt 34min

The End of Search and the Rise of AI Browsers and Voices with Ron Eddings

The End of Search and the Rise of AI Browsers and Voices with Ron Eddings

Search engines aren’t dying quietly, they’re being replaced in real time by AI browsers and voice agents. AI isn’t just answering questions anymore; it’s acting for us. In this episode, Ron Eddings explores how tools like NanoBrowser and Comet are reshaping browsing, why Google may be in trouble, and how AI voices are becoming the new interface for productivity. From breakthroughs to risks, this is a front-row look at how AI agents are changing how we work, connect, and live online.   Impactful Moments: 00:00 - Introduction 01:00 - AI agents as everyday tools 02:00 - Testing AI-powered browsers 03:00 - Comet: AI browser from Perplexity 04:30 - Why Google should be worried 05:30 - Real-world tasks for AI browsers 07:00 - Automating cybersecurity inventory 09:00 - Comet in action on LinkedIn 10:00 - Testing for malicious exploits 11:00 - Risks of persuasive AI prompts 12:00 - The rise of voice agents 13:30 - First real-world AI voice experience 15:00 - Security concerns with customer data 16:30 - Double-edged sword of AI adoption 17:30 - System prompt leakage vulnerabilities 18:00 - Why voice could shrink attack surfaces Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/   Check out NanoBrowser: https://nanobrowser.ai/ Check out Comet by Perplexity: https://www.perplexity.ai/comet Read the article ‘No more links, no more scrolling - the browser is becoming an AI Agent.’ here: https://venturebeat.com/ai/no-more-links-no-more-scrolling-the-browser-is-becoming-an-ai-agent Read the article ‘How Voice AI Prompt Injection Threatens Enterprise Security’ here: https://www.teneo.ai/blog/how-voice-ai-prompt-injection-threatens-enterprise-security   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

25 Sep 18min

Where Automation Ends, Cyber Ingenuity Begins with Phillip Wylie

Where Automation Ends, Cyber Ingenuity Begins with Phillip Wylie

Some tools replace tasks. Others reshape the way we think about security. In this episode, Ron welcomes back Phillip Wylie, one of the most respected voices in offensive security, author, educator, and longtime friend of the Hacker Valley community. With over 27 years of experience across cybersecurity disciplines, Phillip has guided thousands of professionals through his books, talks, and mentorship. He shares how AI is reshaping pen testing and red teaming, the value of automating away repetitive tasks, and why the fundamentals of security will always matter. From defining red teaming in 2025 to guiding newcomers on how to break in, Phillip delivers insights that balance cutting-edge innovation with timeless wisdom. Impactful Moments: 00:00 - Introduction 01:00 - Why Phillip keeps podcasting 03:00 - AI opportunities in pen testing 04:30 - What automation should replace 06:00 - Red teaming vs pen testing in 2025 08:00 - Defining adversary emulation 10:40 - Building the ideal AI assistant 15:00 - The best AI use cases today 18:30 - AI-driven threat modeling 21:00 - Breaking into pen testing now 25:00 - Building a portfolio and personal brand 27:30 - Why in-person networking still matters   Links: Connect with Phillip on LinkedIn: https://www.linkedin.com/in/phillipwylie/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

18 Sep 33min

The Power of Showing Up: Daily Streams, Big Impact with Gerald Auger

The Power of Showing Up: Daily Streams, Big Impact with Gerald Auger

What if showing up with consistency could spark opportunities, create careers, and build a global movement? In this episode, Ron sits down with Gerald Auger, Ph.D., cybersecurity educator, content creator, and founder of Simply Cyber. Gerald shares how his daily livestream grew into a thriving community, why consistency is the key to influence, and how AI is reshaping the way cyber professionals work. From building SimplyCyberCon to launching a new pentesting venture, Gerry’s journey is a masterclass in community, creativity, and courage. This episode is filled with inspiration and practical takeaways for anyone ready to grow their career, brand, or business in cybersecurity.

11 Sep 34min

The Rise of the Autonomous Blue Team with Vineet Edupuganti

The Rise of the Autonomous Blue Team with Vineet Edupuganti

What if defenders had their own AI-powered task force, always on, always adapting, and finally one step ahead of attackers? In this episode, Ron welcomes Vineet Edupuganti, Founder and CEO of Cogent Security, to discuss how AI agents are rewriting the rules of cybersecurity. Vineet shares why traditional vulnerability management is fundamentally broken, why exposure management matters more than ever, and how Cogent is building an “AI Task Force” to give defenders the edge. From his early days in machine learning to reshaping the future of cyber defense, Vineet breaks down the urgent need for automation, context-driven insights, and explainable AI in security. Impactful Moments: 00:00 - Introduction 02:00 - Vineet’s journey into AI and cyber 04:30 - Why vulnerability management is broken 06:10 - Generative AI as a defender’s edge 08:20 - Why AI agents outperform brittle automation 09:45 - The first use cases for Cogent’s agents 12:00 - Rethinking tier-one SOC analyst roles 13:30 - The rise of exposure management (CTEM) 17:10 - Cogent’s vision for an AI task force 18:30 - Early wins and insights with Cogent 20:00 - Biggest misconceptions about AI in security 23:00 - What enterprises should demand from vendors 25:00 - Why explainability is essential in AI systems 27:00 - Startups vs incumbents in cybersecurity innovation 29:30 - Why enterprises must invest in AI now   Links: Connect with our guest, Vineet Edupuganti, on LinkedIn: https://www.linkedin.com/in/vineetedupuganti Learn more about Cogent Security: https://www.cogent.security    Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

4 Sep 37min

Turning AI Into Your Super Tool with Ron Eddings

Turning AI Into Your Super Tool with Ron Eddings

AI is neither friend nor foe, it’s both. The way we choose to use it determines whether it helps or harms. In this solo episode, Ron Eddings shares lessons from his first job at a grocery store, his early days in cybersecurity, and today’s AI-driven landscape. From productivity hacks like meeting transcription, to creative tools like content-aware editing, to the dark side of phishing and deepfakes, Ron shows why human judgment remains the ultimate defense. This is a passionate reminder that the real power isn’t in the tools, it’s in us. Impactful Moments 00:00 - Introduction 01:15 - AI is the tool, not the toolbox 03:00 - A grocery store scam that taught a life lesson 06:00 - The irreplaceable role of human judgment 07:30 - First cybersecurity job at Booz Allen Hamilton 09:00 - How AI boosts productivity with meeting transcription 12:00 - Creative shortcuts with AI in image and video editing 15:00 - Vibe coding and generative red teaming 17:30 - AI-powered phishing and scam emails 18:50 - Testing a deepfake voice on Ron’s mom 21:30 - Why curiosity and skepticism beat AI deception 22:30 - Final challenge: don’t serve AI—make AI serve you Links: Connect with our Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

28 Aug 22min

Populärt inom Utbildning

historiepodden-se
rss-bara-en-till-om-missbruk-medberoende-2
det-skaver
nu-blir-det-historia
sektledare
harrisons-dramatiska-historia
alska-oss
roda-vita-rosen
johannes-hansen-podcast
allt-du-velat-veta
rss-sjalsligt-avkladd
rss-max-tant-med-max-villman
not-fanny-anymore
polisutbildningspodden
sa-in-i-sjalen
rss-om-vi-ska-vara-arliga
sektpodden
rikatillsammans-om-privatekonomi-rikedom-i-livet
rss-makabert
rss-basta-livet