Izar Tarandach, Matt Coles, and Chris Romeo

The Security Table

The Security Table is four cybersecurity industry veterans from diverse backgrounds discussing how to build secure software and all the issues that arise!

Author

Izar Tarandach, Matt Coles, and Chris Romeo

Category

Technology

Latest episode

Jul 1, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Building the World's Largest Threat Model Library 09.07.2025

Today we’re joined by Petra Vukmirovic. Petra, is the head of information security at Numan and co-leader of the Threat Model Library Project. Petra shares her vision for creating a massive, structured dataset of crowdsourced threat models that could revolutionize how the cybersecurity community learns and shares threat modeling knowledge. We explore the complex challenges of convincing companies...

Vibe Coding: Can You Put Your Trust in the Machine? 02.07.2025

We’re discussing vibe coding again and how AI-generated code is reshaping software development. We discuss the trustworthiness and maintainability of AI-generated code, examining the challenges of reviewing and integrating automated changes at scale. The conversation spans from practical concerns about code quality to broader implications for open-source projects in an AI-augmented world. We talk...

Traversing the Conference Circuit: Highlights and Insights 11.06.2025

It’s security conference season and we’re discussing the importance of networking, the value of in-person connections, and sharing insightful tips for delivering effective presentations. From recapping our conference experiences, debating the significance of keynotes, to reminiscing about the impact of classic rock bands like Def Leppard. Listen now to hear about conference experiences, mentoring...

MCP…Something Could Go Wrong 03.06.2025

We’re discussing the complexities of the Model Context Protocol (MCP) and its application in AI systems. Join us for an in-depth discussion about MCP, agent-to-agent communication, and potential security vulnerabilities. We wrap up with a thought-provoking conversation on the future of AI safety and the challenges it presents.  FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Sec...

Threat Modeling or Threat Intelligence, Are they the Same? 21.05.2025

Listen in as we debate the differences between threat intelligence and threat modeling. What distinguishes these two concepts in cybersecurity, and how do they inform each other? The conversation explores definitions, real-world examples, and the interconnected relationship between proactive threat modeling and reactive threat intelligence. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜Link...

Skillset Over Experience: Rethinking Qualifications in Cybersecurity 23.04.2025

Today we delve into the evolving landscape of cybersecurity hiring, debating the merits of prioritizing skills over degrees and experience. From discussing the value of critical thinking and hands-on skills to the potential role of AI in the workforce, the conversation navigates the complexities of hiring practices. We share personal anecdotes, insights from industry articles, and our experiences...

Vibe Coding: What Could Possibly Go Wrong? 26.03.2025

Vibe coding, or using AI to generate code by describing what you want. We critically examine the concerns surrounding AI-generated code, including code quality, security risks, and the potential for creating numerous low-quality applications. Our discussion explores whether AI can truly provide foolproof, production-ready code, or if it should be limited to idea generation and prototyping. Catch o...

The Department of No 12.02.2025

We’re discussing the complexities of saying 'yes' or 'no' in the context of security decisions in today’s episode and the enduring challenge of integrating security into software development. The conversation swerves into the intriguing idea of a trade-like progression for developers, contrasting it with current knowledge work. The episode culminates in a hit parade of pop cult...

The Cyber Trust Mark Debate 22.01.2025

The Cyber Trust Mark, a new FCC program aimed at assuring the security of IoT devices is the topic of discussion today. We discuss various aspects of the Cyber Trust Mark, the history of similar initiatives like UL certification, and the challenges faced by consumers in determining the security of their devices. They also debate the merits and drawbacks of regulations like the EU's Cyber Resi...

Hovercrafts and the Evolution of AppSec in 2025 08.01.2025

Hovercrafts and application security in the new year. We revisit last year's predictions on Quantum LLM, SBOMs, and whether DAST tools will make a comeback. With humor and forward-thinking, we explore what the future might hold for application security, the rise of new technologies, and even the outlandish idea of AppSec being dead.  Episode mentioned: AppSec Resolutions - January 9, 2024 FOL...

Find Your Conferences and watch Die Hard. And the Princess Bride. 11.12.2024

What makes a conference truly valuable? Is it the unexpected connections and serendipitous meetings of minds, or the chance to break free from the "security echo chamber" by exploring diverse conference experiences? We discuss the considerations that make conferences worth attending and examine whether they are compelling enough to warrant personal investment. Whether large or intimate,...

Is it Necessary? Not everything requires an LLM 10.12.2024

We debate the necessity and efficiency of LLMs in finding code vulnerabilities in a C library compared to traditional static code analyzers and fuzzing techniques. The conversation explores broader topics in application security testing, including the evolving landscape of Dynamic Application Security Testing (DAST), fuzzing, and the potential of emerging technologies like Application Detection an...

The STRIDE Controversy: Evolution vs. Extinction in Security Models 13.11.2024

We discuss a controversial LinkedIn post claiming "Threat Modeling is Dead." While the STRIDE methodology may need updating, it remains a valuable "gateway" tool for teaching security concepts to developers without security backgrounds. We discuss how STRIDE serves as a useful categorization system, emphasize that dogmatic approaches to threat modeling are problematic, and argu...

Why 100X Isn't the Answer 07.11.2024

A good discussion today covering two different articles, the first covers CISA's list of product security "bad practices", questioning whether it provides real value or is just content marketing. Then the discussion moves onto an article about Shift Left. The group debates whether it is truly more expensive to fix design flaws versus implementation bugs, noting the difficulty of qua...

We'll Be Here Until We Become Obsolete 23.10.2024

This week we explore the multifaceted concept of obsolescence in technology, detailing its planned, unplanned, and forced forms. We delve into the security implications of outdated or unsupported devices and software, with a spotlight on cloud-connected vehicles and their vulnerabilities. We discuss architectural decisions, regulatory requirements, and real-world incidents like the OnStar hack, re...

Everything is Boring 16.10.2024

Is everything boring? Chris, Izar and Matt discuss why nothing seems interesting enough lately. Is the excitement of vulnerabilities and ransomware waning? The guys touch on Governance, Risk, and Compliance (GRC) in corporate auditing, the impact of ransomware and the contentious role of cyber insurance, the fading novelty of AI and its influence on security, and examine why essential security tas...

Experts Want to Excel 09.10.2024

What constitutes an expert in the field of threat modeling? Today Matt, Chris and Izar explore cultural references, the intricacies of threat modeling practices, and the criteria that define an expert. The discussion touches on the evolution of threat modeling, the roles of facilitators, and the importance of experience and recognition in the field. The guys humorously debate the challenge of scal...

Numb to Data Breaches, and How it Impacts Security of the Average Feature 18.09.2024

In this episode of the Security Table with Chris Romeo, Izar Tarandach, and Matt Coles, the team dives into the evolving landscape of modern security approaches. They discuss the shift from strategy to tactics, the impact of data breaches, and why people are becoming numb to such incidents. The episode also touches on the importance of understanding the business side of security and the role of pr...

Philosophizing Cloud Security 11.09.2024

In this episode of the Security Table, our hosts discuss the concept of the 'Shared Fate Model' in cloud security. The conversation explores how this model builds on the shared responsibility model and the implications for cloud service providers and consumers. From robust default security measures to the historical evolution of ISPs, the discussion covers technical and philosophical asp...

Innovations in Threat Modeling? 28.08.2024

In this episode of The Security Table, hosts Chris Romeo, Izar Tarandach, and Matt Coles dive into the evolving concept of threat models, stepping beyond traditional boundaries. They explore 'Rethinking Threat Models for the Modern Age ,' an article by author Evan Oslick. Focusing on user behavior, alert fatigue, and the role of psychological acceptability, they debate whether broader hu...

The Illusion of Secure Software 14.08.2024

In this episode of The Security Table Podcast, hosts ChriS, Izar and Matt dive into the recent statement by CISA's Jen Easterly on the cybersecurity industry's software quality problem. They discuss the implications of her statement, explore the recurring themes in security guidelines, and debate whether the core issue is with people or technology. Join the conversation as they analyze t...

The Intersection of Hardware and Software Security 07.08.2024

In this episode of The Security Table, Chris, Izar, and Matt discuss an article that discusses threat modeling in the context of hardware. They explore the intersection of hardware and software security, the importance of understanding attack surfaces, and the challenges posed by vulnerabilities in hardware components, such as speculative execution faults and the impact of supply chain security. J...

Computing Has Trust Issues 31.07.2024

Join us in this episode of The Security Table as we dive into the world of cybersecurity, starting with a nostalgic discussion about our favorite security-themed movies like 'Sneakers,' 'War Games,' and 'The Matrix.' We then shift gears to explore a critical topic in modern computing: the vulnerabilities and implementation issues of Secure Boot. Discover the intricate...

The Stages of Grief in Incident Response 24.07.2024

Join Chris, Izar, and Matt as they sit around the Security Table to dissect and discuss the different stages of dealing with security incidents. In this episode, they explore the developer's stages of grief during an incident, and discuss a recent large-scale IT incident. They share insights from their multi-decade experience in security, analyze the fragility of current systems, and discuss...

To SSH or Not? 17.07.2024

In this episode of 'The Security Table,' we are back from our midsummer break to discuss OpenSSH regression vulnerability. We dig into the nuances of this race condition leading to remote code execution, explore the chain of security updates, and the role of QA in preventing such regressions. We debate the necessity of SSH in modern cloud-native environments and its alternatives. Plus, w...

Listen to the The Security Table podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.