Supply Chain Security & Zero Trust Tech with Ashish Rajan & Shilpi Bhattacharjee

Is compliance just a checkbox, or the backbone of real security? Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't just a formality; it's foundational to modern security. As one of the original architects of the NSA Red Team and a 20-year PCI veteran, Jeff explains how this often-misunderstood framework has shaped everything from pen testing to vendor accountability. Ron and Jeff unpack the six core goals of PCI, how red teams and SaaS builders are directly affected, and why many security teams resist compliance efforts, despite relying on them to get essential buy-in and funding.   Impactful Moments: 00:00 – Introduction 01:00 – Does compliance equal security? 02:09 – Jeff returns with PCI firepower 03:15 – Defining security vs. compliance 05:33 – “Show me what you’re doing” 06:45 – Six goals at PCI’s core 10:45 – Security is watching, not reacting 13:30 – Companies secure because they have to 15:00 – PCI gave red teams their jobs 16:30 – Stripe and Square absorb PCI burden 19:30 – PCI 4.0 causes confusion 21:00 – Vendors aren’t your trusted advisors 22:30 – “Hate me, but I’ll help” Links: Connect with our guest, Jeff Man: https://www.linkedin.com/in/jeffreyeman/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Juli 24min

What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to discuss what it takes to lead in today’s high-stakes digital world. Gary shares battle-tested insights on accountability, the evolving expectations of the CISO role, and how AI is reshaping leadership without replacing it. Gary shares stories ranging from military mishaps to enterprise-scale transformation, and makes the case for visibility, trust, and embracing change. His perspective brings clarity to the fundamental responsibilities of a CISO and the mindset required to lead with impact. Impactful Moments 00:00 – Introduction 02:00 – Defining the modern CISO as a business leader 05:45 – Why CISOs should never delegate accountability 07:30 – The danger of staying invisible 10:45 – The $40K UPS explosion mistake 15:00 – How leaders build trust in new teams 19:10 – Visibility is not micromanagement 24:30 – Staying humble while leading big 30:00 – Building “Rocky the Raccoon” internal GPT 34:30 – Hiring for AI fluency in security teams Links: Connect with our guest, Gary Hayslip: https://www.linkedin.com/in/ghayslip/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Juli 37min

Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built billion-dollar portfolios, coached executive teams, and still shows up in a white hoodie when that feels right. With Ron, he unpacks how executive presence becomes a strategic weapon for breaking resistance, commanding attention, and making your message unforgettable. You’ll learn why generic resumes fail, how to master executive storytelling with the SPAR method, and what dropping the ego really looks like in your next leadership role.   Impactful Moments: 00:00 – Introduction 03:00 – Breaking the rules of executive delivery 07:00 – Why confidence starts in your closet 11:30 – Respecting identity in professional spaces 12:30 – Advice for breaking into cybersecurity 17:00 – Reinvention at the mid-senior level 21:00 – The SPAR framework for storytelling 30:00 – Drop the ego, find your passion   Links: Connect with our guest, Mel Reyes: https://www.linkedin.com/in/melreyes/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Juli 32min

Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker Valley Studio to discuss purple teaming as the most future-proof career path in cyber. She opens up about mentorship, burnout, compensation realities, and how we’re still failing the fundamentals. Together, Ron and Maril dig into what purple teaming really is (and isn’t), why soft skills matter more than ever, and how defenders are the frontline signal source for law enforcement. From guiding her mom into IR to co-founding Mind Over Cyber, Maril embodies what it means to show up for the cyber community and demand more from the culture itself.   Impactful Moments 00:00 - Introduction 01:01 - Maril’s role at NetSPI 03:00 - Why purple skills are future-proof 05:19 - Salary truths in purple teaming 08:30 - Know your value, negotiate wisely 13:07 - How defenders enable law enforcement 16:22 - The real meaning of purple teaming 18:39 - Common misconceptions debunked 24:45 - People are always the soft spot 26:01 - The two security stack must-haves 29:00 - Mom made it to incident response 30:48 - Maril’s mentorship philosophy 34:09 - Why you need to post anyway 36:35 - What Mind Over Cyber is really about 40:00 - CISOs are burning out silently 41:31 - Closing thoughts Links: Connect with our guest, Maril Vernon: https://www.linkedin.com/in/marilvernon   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Juni 43min

The new cybersecurity pioneers aren’t chasing alerts, they’re building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when machines fill the gaps we used to grow into? In this episode, Chris Cochran, CEO and Founder of Commandant, returns to Hacker Valley Studio with an insider view on building in the AI boom. He shares why he’s betting on incident response over the “AI SOC,” what it means to use AI with integrity, and how this moment mirrors the early industrial revolutions: chaotic, risky, but ripe with once-in-a-career opportunity.   Impactful Moments: 00:00 – Introduction 02:11 – Launch of Commandant AI 03:06 – Early-stage LLM opportunities 05:26 – Built first AI co-pilot in 4 hours 06:00 – AI bot tops HackerOne leaderboard 07:44 – AI used for and against orgs 10:14 – Focus on incident response, not AI SOC 12:34 – Reducing cost of prolonged incidents 14:01 – Cybersecurity changing every 2 months 16:58 – AI causing rapid skill loss 21:59 – AI-assisted job interviews detected 24:49 – AI lacks business context for blocking 27:30 – Daily AI use pays long-term dividends Links: Connect with our guest, Chris Cochran: https://www.linkedin.com/in/chrishvm/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

19 Juni 30min

What happens when AI refuses to be replaced? This episode kicks off with a chilling real-world example of an AI threatening blackmail—and only gets more intense from there. Host Ron Eddings unpacks the terrifyingly innovative ways AI is altering the cybersecurity threat landscape. From deepfakes convincing enough to fool your own family to auto-summarizing email clients acting as unintentional insiders, the stakes have never been higher. Ron also shares insights from his brand-new book Attack Surface Management, co-authored with MJ Kaufman and published by O'Reilly, and breaks down why the simplest social engineering tactics remain the most dangerous—even in the age of advanced AI. Impactful Moments: 00:00 - Introduction 02:30 - Model Context Protocol explained 05:00 - Google's VEO-3 and fake riot videos 07:00 - Fake Facebook ads pushing malware 09:30 - Social engineering still reigns supreme 13:30 - Using AI to write malicious emails 16:30 - Calendly phishing and credential theft 19:00 - Gemini and the risk of auto-summarization 21:30 - LLM access to your private documents 22:45 - Takeaways and protecting your environment   Links: Connect with Ron on LinkedIn: https://www.linkedin.com/in/ronaldeddings/ Grab a copy of Ron’s new book, “Attack Surface Management: Strategies and Techniques for Safeguarding Your Digital Assets”: https://a.co/d/1nmPod2   Check out the full article on “The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare” here: https://www.wired.com/story/youre-not-ready-for-ai-hacker-agents/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Juni 23min

What if Zero Trust isn’t a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and author of Project Zero Trust, reveals the human-first truth behind the Zero Trust movement, and why it’s not something you buy but something you build. George shares stories from hacking a college database to launching a deepfake of himself trained on his own books, all while breaking down how AI and creativity are reshaping security leadership.     Impactful Moments: 00:00 - Introduction 01:16 - Cyber Hall of Fame recognition 07:00 - Hacked his college to solve mail 09:00 - Took startup job without paycheck 14:14 - Zero Trust is a strategy, not tool 17:00 - Tailoring security like a custom suit 23:29 - AI strategy through Zero Trust lens 29:30 - Built a Zero Trust voice clone hotline 36:00 - You don’t need to be a CISO 38:30 - Why weirdos make cybersecurity stronger Links: Connect with our guest, George Finney: https://www.linkedin.com/in/georgefinney/ Check out George’s books on Amazon: https://www.amazon.com/stores/author/B01MT0C6X3   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

5 Juni 40min

You won’t be replaced by AI—you’ll be replaced by someone using it better. Returning guest Marco Figueroa is back with a frontline report on the AI agent boom. This isn’t a prediction—it’s a tactical update from someone tracking every release, every benchmark battle, and every edge worth chasing. In this episode, Ron is joined by Marco as he breaks down the rapid evolution of AI agents—from Claude Code to Codex to Google Flow. He explains why general-purpose models are leveling off, how specialized tools are reshaping the landscape, and why creativity is now your most valuable edge. Whether you're in code, ops, or content, your two-year advantage starts right here.   Impactful Moments 00:00 - Introduction 01:08 - AI agents are no longer hype 03:45 - Major LLM releases and what's next 05:32 - The Grok delay and pricing drama 07:30 - Why general models are losing steam 10:50 - Benchmark manipulation and model specialization 14:15 - The future belongs to creatives 22:05 - The next AI drops to watch   Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

29 Maj 36min