Security Conversations

Three Buddy Problem

The Three Buddy Problem is a popular Security Conversations podcast that goes beyond industry talking points to discuss what others won’t -- nation-state malware, attribution, cyberwar, ethics, privacy, and the messy realities of securing computers and corporate networks. Hosted by three veteran security pros -- journalist Ryan Naraine and malware paleontologists Costin Raiu and Juan Andres Guerrero-Saade -- the weekly show attracts a highly engaged audience of security researchers, corporate defenders, CISOs, and policymakers. Connect with Ryan on Twitter (Open DMs).

Author

Security Conversations

Category

Technology

Latest episode

Jul 4, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Google's Shane Huntley on zero-days and the nation-state threat landscape 04.04.2022

Director at Google's Threat Analysis Group (TAG) Shane Huntley joins the show and talks about lessons from the 2009 Aurora attacks, the surge in zero-day discoveries, the usefulness of IOCs, North Korean APT operations, private sector mercenary hackers, the expanding nation-state threat actor map, and much more...

Lamont Orange, CISO, Netskope 21.03.2022

Netskope security chief Lamont Orange joins the show to chat about the changing role of the Chief Information Security Officer (CISO), managing security as a business enabler, the cybersecurity skills shortage, and his own unique approach to security leadership.

Haroon Meer on the business of cybersecurity 19.03.2022

Thinkst founder and CEO Haroon Meer joins Ryan Naraine on the show to talk about building a successful cybersecurity company without venture capital investment, fast-moving attack surfaces and the never-ending battle to mitigate memory corruption issues.

Tony Pepper, co-founder and CEO, Egress 22.02.2022

Chief executive officer at Egress Tony Pepper joins the show to talk about entrepreneurship in the fast-paced age of modern computing, the state of e-mail security, and his company's bet on securing the future of messaging in the enterprise.

Microsoft's Justin Campbell on offensive security research 08.01.2022

Justin Campbell leads Microsoft’s Offensive Research and Security Engineering (MORSE) team. He joins the show to talk about his team's discovery of a SolarWinds in-the-wild zero-day, the never-ending stream of memory safety vulnerabilities, the evolving 'shift-left' mindset and Redmond's ongoing work to reduce attack surfaces.

Costin Raiu on the .gov mobile exploitation business 23.12.2021

Global director of Kaspersky's GReAT research team Costin Raiu returns to the show for an indepth discussion on the mobile surveillance business, the technically impressive FORCEDENTRY iOS exploit, the ethical questions facing exploit developers and the role of venture capitalists in the mobile malware ecosystem.

Amanda Gorton, co-founder and CEO, Corellium 20.12.2021

Corellium co-founder and chief executive Amanda Gorton joins the show to talk about raising $25 million in Series A funding, the market fit for device modeling and software virtualization products, the trials and tribulations of startup life, and the nuances of operating in the world of offensive security research.

Intel's Venky Venkateswaran on hardware-enabled security 09.09.2021

Venky Venkateswaran works on client security and roadmap planning at Intel Corp. On this episode of the podcast, Venky joins Ryan to talk about a reported surge in firmware attacks, Intel's ongoing investments in cybersecurity, the importance of transparency and open documentation, and the company's push to fight ransomware with its flagship TDT (Threat Detection Technology).

Sounil Yu on SBOMs, software supply chain security 13.07.2021

Episode sponsored by SecurityWeek.com JupiterOne CISO Sounil Yu joins the show to sift through the noise and explain the value of SBOMs (software bill of materials), the U.S. government's response to software supply chain security gaps, and what every buyer and seller should be doing to prepare for major changes in the ecosystem.

Algirde Pipikaite, Centre for Cybersecurity, World Economic Forum 06.07.2021

Episode sponsored by MongoDB.com. Algirde Pipikaite, the project lead of the Governance and Policy team at the Center for Cybersecurity at the World Economic Forum, joins the podcast to discuss her work to bridge the gap between cybersecurity experts and decision makers. We chat about communicating risk to different audiences, cybersecurity as a business enabler, and the need for more global priva...

Josh Schwartz on red-teaming and proactive security engineering 18.06.2021

Josh Schwartz, aka FuzzyNop, oversees offensive security, product engineering, and security engagement functions at Verizon Media (soon to be Yahoo). He shares insights on red-teaming, overcoming the adversarial relationship between red/blue teams. chasing the "feeling" of being secure, and why there's a need for more empathy in cybersecurity. ( Episode sponsored by Eclypsium )

Michael Laventure, threat detection and response, Netflix 10.06.2021

Netflix threat detection and response practitioner Michael Laventure joins the show to talk about a simple goal to "do security better." We discuss a transition from .gov security work to the fast pace of Silicon Valley, the culture clashes that can make life difficult, the value of threat-intelligence to a modern security program, and why we should all be optimistic about the future of cybersecur...

Google's Heather Adkins on defenders playing the long game 26.05.2021

Founding-member of the Google security team Heather Adkins joins the conversation to stress the importance of defenders playing the "long-game," the need for meaningful culture-change among security leaders, the expansion of zero-trust beyond identities and devices, and some thoughts on the future of electronic voting. Sponsored by Eclypsium: Eclypsium ships an enterprise device platform that prov...

Collin Greene, head of product security, Facebook 25.05.2021

Facebook product security leader Collin Greene joins the show to discuss philosophies around securing code at scale, the pros and cons of relying on bug-bounty programs, the humbling lessons from being on the wrong side of a malicious hack, and why "shift-left" should be the priority for every defender.

Alex Matrosov on the state of security at the firmware layer 23.05.2021

Former head of offensive security research at NVIDIA Alex Matrosov joins the show to talk about the state of security at the firmware layer, the need for specialized reverse engineering skills, the limits of bug-bounty programs for hardware research, and the future of advanced malware analysis.

Charles Nwatu, Security Technology & Risk, Netflix 11.05.2021

Charles Nwatu is an engineering manager in Netflix's Security, Technology Assurance & Risk organization. He joins Ryan on the show to talk about a career pivot from U.S. gov service into cybersecurity in Silicon Valley, the exciting parts of compliance and risk management, and why newcomers should consider jobs in SOCs to kickstart security careers.

Doug Madory on the mysterious AS8003 global routing story 29.04.2021

Director of Internet Analyis at Kentik, Doug Madory, joins the podcast to shed light on the mysterious appearance of unused IPv4 space belonging to the US Department of Defense: the strange connection to a Florida company now managing the world's largest honeypot; the odd Inauguration Day timing of this discovery;, and why enterprise network defenders should pay very close attention.

Crossbeam CISO Chris Castaldo on securing the start-up 23.04.2021

Sponsored by Eclypsium Chris Castaldo has a fascinating career in cybersecurity. A U.S. army veteran who dabbled in tech during the early 2000s dot-com boom before settling on security, Castaldo is now CISO at Crossbeam and a decision-maker with a bird's eye view into how the should be protected. Castaldo joins Ryan on the show to talk about his new book on securing the startup, why he's the rare...

Shubs Shah on finding riches (and lessons) from bug bounty hacking 20.04.2021

Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web ap...

Fahmida Rashid, Executive Editor, VentureBeat 09.04.2021

Newly appointed Executive Editor at VentureBeat Fahmida Rashid joins the show to talk about her introduction to computer networking in school, her winding path into cybersecurity journalism, the security stories worth telling, the venture capital ecosystem, and the surge in unicorn cybersecurity startups.

Microsoft's David Weston on the surge in firmware attacks 06.04.2021

Microsoft's David Weston joins Ryan on the show to discuss a new report that shows 83% of organizations have been hit by a firmware attack in the last two years. As businesses continue to under-invest in resources to prevent firmware attacks, Weston warns about the inevitability of advanced attacks at the 'invisible' layer, the absence of skills and tools to find malicious activity in firmware, th...

Lena Smart, CISO, MongoDB 02.04.2021

At age 16, Lena Smart finished high school and went into the workforce. At the time, a university degree and advanced education were not available to her in a single-parent household in Scotland. Today, she is CISO of MongoDB, a $16 billion company with thousands of employees around the world and she is a leading voice on education and talent-identification in cybersecurity. Lena joins Ryan on the...

Patrick Howell O'Neill, Cybersecurity Editor, MIT Technology Review 30.03.2021

Patrick Howell O’Neill is the cybersecurity senior editor for MIT Technology Review. In this out-of-band episode of the show, Patrick joins Ryan to discuss his latest scoop on Google Project Zero's visibility into malware used in a Western .gov counter-terrorism operation, the tricky nature of attributing nation-state backed attacks, Apple's iOS becoming a hot target and the controversies surround...

Nico Waisman, Head of Privacy & Security, Lyft 26.03.2021

After a 20-year career working in the offensive security reseach trenches, security industry pioneer Nico Waisman made the transition to defense to head up privacy and security efforts at ride-sharing firm Lyft. Waisman joins Ryan Naraine on the show to talk about early hacking in Argentina, the contributions of non-Americans to the security industry, and much much more...

Ron Brash on the water plant hacks and the state of ICS security 11.03.2021

Ron Brash joins Ryan Naraine on the show to talk about the recent water supply hack, the state of security in ICS/SCADA installations, the checklist of affordable things for critical infrastructure defenders, and the things we should worry -- and not worry -- about. Ron is Director of Cyber Security Insights at Verve Industrial Protection, a critical infrastructure-focused organisation that sells...

Listen to the Three Buddy Problem podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.