Security Conversations
Three Buddy Problem
The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).
Author
Security Conversations
Category
Podcast website
Latest episode
Jul 4, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Dakota Cary on China's weaponization of software vulnerabilities 15.09.2023 55:48
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub, conducting research on China’s efforts to develop its hacking capabilities, artificial-intelligence and cybersecurity research at Chinese universities, the People’s Liberation Army’s efforts to automate software vulnerability discovery, and...
Abhishek Arya on Google's AI cybersecurity experiments 12.09.2023 33:27
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Abhishek Arya is director of engineering at Google, overseeing open source and supply chain security efforts that include OSS-Fuzz, SLSA, GUAC and OSV DB. In this episode, Arya talks about some early success experimenting with AI and LLMs on fuzzing and vulnerability management, the industry's over-pivoting on SBOMs, re...
Dr Sergey Bratus on the 'citizen science' of hacking 31.08.2023 40:02
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Dr Sergey Bratus is a Research Associate Professor of Computer Science at Dartmouth College and a program manager at DARPA. In this episode, he discusses his pioneering work on securing parsers and patching long-forgotten devices. He also puts the AI hype into context and showers praise on the labor-of-love "citizen sci...
DARPA's Perri Adams on CTF hacking, new $20M AI Cyber Challenge 20.08.2023 26:47
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) DARPA program manager Perri Adams joins the conversation to chat about her love for CTF hacking competitions, the hunt for leapfrog security technologies in DARPA’s Information Innovation Office (I2O), and the goal of the new AI Cyber Challenge (AIxCC) offering $20 million in prizes to teams competing to develop AI-driv...
Ryan Hurst on tech innovation and unsolved problems in security 16.08.2023 42:24
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Peculiar Ventures chief executive Ryan Hurst joins the show to talk about a career that spanned 20 years at Microsoft and Google, his work building the plumbing for encryption on the web, unsolved problems in BGP security, the hype and promise of AI, and Microsoft's ongoing cloud security hiccups.
Jason Chan on Microsoft's security problems, layoffs and startups 07.08.2023 27:07
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Bessemer Venture Partner's Jason Chan returns to the show for a frank discussion on the state of cyber, including thoughts on Microsoft's prominent security failures, the meaning of layoffs hitting security teams, the excitement around AI, and the long road ahead. The former Netflix security chief also talks about mergi...
GitHub security chief Mike Hanley on secure coding, AI and SBOMs 02.08.2023 40:29
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) GitHub security chief Mike Hanley joins the show to discuss merging the CSO and SVP/Engineering roles, securing data and code in an organization under constant attack, the thrilling promise of AI to the future of secure code, the dangers of equating SBOMs to supply chain security, and new SEC reporting rules for CISOs.
Jason Shockey, Chief Information Security Officer, Cenlar FSB 26.07.2023 33:47
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Cenlar FSB security chief Jason Shockey joins the show to discuss the task of securing a financial institution, pivoting from a career in the military to the private sector, the current state of the job market, managing risk from APTs, and the mission of his My Cyberpath project.
Federico Kirschbaum on a life in the Argentina hacking scene 19.07.2023 42:01
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.
Kymberlee Price reflects on life at the MSRC, hacker/vendor engagement, bug bounties 12.07.2023 48:38
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Product security executive Kymberlee Price joins the show to gab about life in the trenches at the Microsoft Security Response Center (MSRC), the challenges of maintaining healthy hacker/vendor relationships, the harsh realities of bug-bounty programs, and thoughts on the cybersecurity job market.
OpenSSF GM Omkhar Arasaratnam on open-source software security 05.07.2023 36:11
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) New General Manager of the Open Source Security Foundation (OpenSSF) Omkhar Arasaratnam joins Ryan for a candid conversation on the challenges surrounding open-source software security, lessons from the Log4j crisis, the value of SBOMs, and the U.S. government efforts at securing America's software supply chains.
Serial entrepreneur Rishi Bhargava on building another cybersecurity company 10.04.2023 32:32
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Rishi Bhargava and the team of entrepreneurs behind Demisto’s $560 million exit are back at it with a new startup building technology in the customer identity market. The new company, called Descope, raised an abnormally large $53 million seed-stage funding round with ambitious plans to take on rivals big and small in t...
Claude Mandy on CISO priorities, data security principles 06.03.2023 35:02
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Symmetry Systems executive Claude Mandy joins the show to discuss a career in the security trenches, life as a CISO during the WannaCry crisis, and first principles around data security. We dig into the emerging Data Security Posture Management (DSPM) category and how it extends the Zero Trust philosophy to hybrid cloud...
Sidra Ahmed Lefort dishes on VC investments and cyber uncertainties 15.02.2023 31:00
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Munich Re Ventures investment principal Sidra Ahmed Lefort joins Ryan Naraine for a frank discussion on the state of VC funding in cybersecurity, the rise (and coming correction) in the land of security 'unicorns', the massive early-stage funding rounds and what they mean, layoffs and contractions, and the places in sec...
Paul Roberts on wins and losses in the 'right to repair' battle 19.01.2023 47:32
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) SecuRepairs.org co-founder Paul Roberts joins the show to discuss his passion for the right to repair consumer electronic devices, the big-ticket lobbyists working to undermine the movement, and how changing consumer spending patterns are helping to rack up regulatory wins.
Katie Moussouris on where bug bounties went wrong 08.12.2022 33:18
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Luta Security founder and chief executive Katie Moussouris joins the show to dish on the bug-bounty ecosystem, the abuse of hacker labor, and the common mistakes made by even the most mature security programs. A security industry pioneer, Moussouris argues for better use of bug bounty metrics to drive decisions and a he...
Robinhood CSO Caleb Sima on a career in the security trenches 08.11.2022 30:38
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Caleb Sima is a cybersecurity lifer now responsible for security at Robinhood, a mobile stock trading platform. Caleb joins Ryan on the show to discuss the early hacking scene in Atlanta, building SPI Dynamics in a webapp security powerhouse, the evolution of attack surfaces, the CISO's changing priorities, and more...
Charlie Miller on hacking iPhones, Macbooks, Jeep and Self-Driving Cars 18.10.2022 59:00
Episode sponsors: Binarly ( https://binarly.io ) FwHunt ( https://fwhunt.run ) Famed hacker Charlie Miller joins Ryan on the podcast to discuss a career in vulnerability research and software exploitation. Charlie talks about hacking iPhones and Macbooks at Pwn2Own, the 'No More Free Bugs' campaign, the Jeep hack that led to a recall and his current work securing Cruise's self-driving fleet. Plus,...
JAG-S on big-game malware hunting and a very mysterious APT 17.10.2022 52:40
Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence. SentinelLabs malware hunter Juan Andres Guerrero-Saade (JAG-S) returns to the show to discuss how big-game attribution has changed over the years, the nation-state APT landscape, Mudge and the nightmares facing CISOs, and a mysterious actor named Metador.
Chainguard's Dan Lorenc gets real on software supply chain problems 13.10.2022 47:07
Episode sponsors: Binarly and FwHunt - Protecting devices from emerging firmware and hardware threats using modern artificial intelligence. Dan Lorenc and a team or ex-Googlers raised $55 million in early-stage funding to build technology to secure software supply chains. On this episode of the show, Dan joins Ryan to talk about the different faces of the supply chain problem, the security gaps th...
Vinnie Liu discusses a life in the offensive security trenches 07.08.2022 1:07:34
A conversation with Bishop Fox chief executive Vinnie Liu on the origins and evolution of the pentest services business, the emerging continuous attack surface management space, raising $75m as a 'growth mode' investment, cybersecurity's people problem, and much more...
Down memory lane with Snort and Sourcefire creator Marty Roesch 25.07.2022 1:07:34
Network security pioneer Marty Roesch takes listeners on a trip down memory lane, sharing stories from the creation of Snort back in the 1990s, the startup journey of building Sourcefire into an IDS/IPS powerhouse and selling the company for $2 billion, the U.S. government killing a Check Point acquisition, and his newest adventure as chief executive at Netography.
Subbu Rama, co-founder and CEO, BalkanID 01.06.2022 34:17
Serial entrepreneur Subbu Rama joins the show to talk about building a cybersecurity business, addressing the problem of entitlement sprawl and raising seed funding for intelligent access governance technology.
Project Zero's Maddie Stone on the surge in zero-day discoveries 10.05.2022 42:10
Maddie Stone is a security researcher in Google's Project Zero team. Over the last few years, she has publicly tracked the discovery and disclosure of zero-day malware attacks seen in the wild. On this episode, Maddie joins Ryan to chat about three years of zero-day exploitation data, the nuances around 0day disclosures, the never-ending struggle to mitigate memory corruption attacks and the need...
Prof. Mohit Tiwari on the future of securing data at scale 06.05.2022 46:01
Symmetry Systems co-founder Mohit Tiwari has been studying data security and control flow access for more than a decade. On this episode of the podcast, he discusses his transition from academia to data security entrepreneurship, first principles around the data security and privacy, the exploding DSPM (data security posture management) space, and the mission to solve one of cybersecurity's bigges...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.