Subscribe: The Silver Bullet Security Podcast
http://www.cigital.com/silverbullet/feed/
Preview: The Silver Bullet Security Podcast

The Silver Bullet Security Podcast with Gary McGraw



Building Security In.



 



Show 139: Matias Madou discusses secure development training and software security testing research

Tue, 31 Oct 2017 08:58:21 PDT

Listen as Gary and Matias talk about effective software security testing methods, security research, secure development training, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/daFJAmaQuIg/silverbullet-139.mp3




Show 138: Nicole Perlroth discusses life as a cyber security journalist

Fri, 29 Sep 2017 07:05:13 PDT

Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/S8PJ6VGZSvE/silverbullet-138.mp3




Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management

Thu, 31 Aug 2017 06:50:20 PDT

Listen as Gary and Wafaa cover cultural differences in technology management, CISO education, organizational hierarchy, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/K06XZOE-DSc/silverbullet-137.mp3




Show 136: Pavi Ramamurthy discusses the relationship between development and software security

Mon, 31 Jul 2017 09:26:13 PDT

Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/WQAUXlc9ETU/silverbullet-136.mp3




Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS

Thu, 29 Jun 2017 07:28:47 PDT

Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/UjhIhiyAdgs/silverbullet-135.mp3




Show 134: Kelly Jackson Higgins Discusses Cyber Security Journalism

Wed, 24 May 2017 13:50:48 PDT

Listen as Gary and Kelly discuss how to separate fact from fiction when it comes to news in security, changes in security-focused journalism in recent years, social media, security politics, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/1UpEJgeSLxY/silverbullet-134.mp3




Show 133: Cheryl Biswas Discusses the Politicization of Cyber Security

Thu, 27 Apr 2017 14:33:48 PDT

Listen as Gary and Cheryl discuss aligning security to work as a service for the business rather than an imposition for employees, trending cyber security political topics, work-life balance, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/gQkgeUUsenM/silverbullet-133.mp3




Show 132: Chenxi Wang Discusses DevOps and Diversity in Tech

Wed, 29 Mar 2017 14:33:32 PDT

Listen as Gary and Chenxi discuss the life of Professor John C. Knight, the Jane Bond Project, the Grace Hopper Conference, the state of software security, DevOps, fixing the diversity in tech issue, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/9w5ALtnfYIw/silverbullet-132.mp3




Show 131: Kate Pearce Discusses the Relationship Between Biology and Security

Tue, 28 Feb 2017 13:29:41 PST

Listen as Gary and Kate discuss the state of the software security industry, gender perspectives in the security space, the relationship between biology and security, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/PSpSvIn-bTs/silverbullet-131.mp3




Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible

Mon, 23 Jan 2017 21:28:51 PST

Listen as Gary and Jessy discuss social engineering, security research, and security education and accessibility.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/4Dn2FNzrdi8/silverbullet-130.mp3




Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security

Tue, 27 Dec 2016 21:28:55 PST

Listen as Gary and Kelly discuss the differences between application security and software security, finding bugs versus fixing bugs, improving code review tools, and how mental illness affects her analytical security outlook.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/1tUjLOcmdNw/silverbullet-129.mp3




Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics

Tue, 29 Nov 2016 17:53:13 PST

Lesley Carhart is the Security Incident Response Lead at a large corporation in the Chicagoland area where she and her team work with digital theft, misconfiguration, and hacking issues. She has 17 years of experience in the IT industry, eight of which focus on incident response and digital forensics. Lesley holds a BS in Network Technologies from DePaul University. She is an active writer, speaker, and works as a member of CircleCityCon staff.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/r_LH4x1H8NA/silverbullet-128.mp3




Show 127: Dr. Marie Moe Discusses Medical Device Security

Tue, 25 Oct 2016 21:23:17 PDT

Listen as Gary and Marie discuss her research and the future of medical device security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/ynjI9964Yd0/silverbullet-127.mp3




Show 126: Mike Pittenger Discusses Open Source Software Security

Thu, 29 Sep 2016 21:23:08 PDT

Listen as Gary and Mike discuss open source security including OpenSSL, containerization, and progress being made in the industry.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/PXDC356s9fM/silverbullet-126.mp3




Show 125: Jim Manico Discusses Static Analysis, Open Source, and Developer Training

Tue, 30 Aug 2016 20:41:39 PDT

Listen as Gary and Jim discuss recent developments with static analysis, the relationship between open source and security, programming languages frameworks and how they impact tools, developer training, enterprises moving to the cloud, and island life.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/nfYW5Z20-CQ/silverbullet-125.mp3




Show 124: Lance Cottrell Discusses Anonymity and Privacy

Thu, 28 Jul 2016 21:22:45 PDT

Listen as Gary and Lance discuss privacy, anonymity, Tor, attribution issues, browser security, geolocation, anonymity tools, and more.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/9Hznd0_iqME/silverbullet-124.mp3




Show 123: Yanek Korff Discusses How to Build a Successful Technical Team

Tue, 28 Jun 2016 21:19:00 PDT

Listen as Gary and Yanek discuss outsourcing, people vs. automation, incident response, and what he has learned about building and maintaining a successful technical team.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/XXjIsjiLeEA/silverbullet-123.mp3




Show 122: David Nathans Discusses Security Operations Centers and Medical Device Security

Tue, 31 May 2016 21:17:26 PDT

Listen as Gary and David discuss security considerations when designing and building SOCs, the emergence of DevOps, and the progress that’s been made between data and security in medical devices over the past decade.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/hb0DK8RnZMw/silverbullet-122.mp3




Show 121: Marty Hellman Discusses Cryptography and Nuclear Non-Proliferation

Tue, 26 Apr 2016 21:19:40 PDT

Listen as Gary interviews Martin about his cutting-edge career, involvement in the crypto wars, and his work with nuclear non-proliferation and risk management.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/KrSumlki6Ec/silverbullet-121.mp3




Show 120: Silver Bullet Celebrates 10 Years! Marcus Ranum Interviews Gary McGraw

Wed, 30 Mar 2016 21:18:00 PDT

To celebrate 10 straight years of the monthly Silver Bullet Security Podcast, we’re flipping the mic. During the past decade, Dr. Gary McGraw has interviewed some of the security industry’s most influential gurus.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/_LUtkjy4ysQ/silverbullet-120.mp3




Show 119: Jacob West Discusses the IEEE CSD, Bugs, Flaws, And Wearable Devices

Mon, 29 Feb 2016 21:18:32 PST

As the Chief Architect for Security Products at NetSuite, Jacob West leads research and development for technology to identify and mitigate security threats.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/BHhdvRHKqmg/silverbullet-119.mp3




Show 118: Jack Daniel Discusses Security BSides, Communities, and the Big Picture of Security

Fri, 29 Jan 2016 21:13:23 PST

Gary talks to Jack Daniel, a leading technology community activist, about the evolution of the community-driven BSides Con, changes in the security field over the last decade, and his thoughts on where good security people come from.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/8awlQgxdZmE/silverbullet-118.mp3




Show 117: Jamie Butler Discusses Security Research, Thinking Like a Hacker, And Rootkit Development

Tue, 22 Dec 2015 09:06:52 PST

Gary talks to Jamie Butler, a self-proclaimed "coder at heart," about the importance of an offensive security approach, attack patterns, and his specialization in rootkit development.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/TKPGzuVBdbU/silverbullet-117.mp3




Show 116: Doug Maughan Discusses the Current State Of Cyber Security In the U.S. Department Of Homeland Security

Mon, 30 Nov 2015 21:12:31 PST

Gary talks to Dr. Doug Maughan about scientific research in computer security and its relationship to wider government efforts in security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/LOZ7XFcAF60/silverbullet-116.mp3




Show 115: Peiter Zatko Discusses the L0pht and Government Influence

Wed, 28 Oct 2015 21:13:42 PDT

Gary talks to Peiter Zatko, better known as “mudge” in hacker and security circles, about the evolution of the L0pht hacker collective and how his work in security influenced key agencies within the U.S. government to ramp up their cybersecurity efforts.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/TjZdwydVyd8/silverbullet-115.mp3




Show 114: Peter Clay Discusses the Evolution of the CISO Role

Tue, 29 Sep 2015 21:07:27 PDT

Gary talks to the Chief Information Security Officer of Qlik, Peter “Pete” Clay, who holds 20+ years of experience in technology growth and its relationship to security from a risk management perspective.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/wwNPt0rEKWs/silverbullet-114.mp3




Show 113: Chandu Ketkar Discusses Software Security Best Practices

Mon, 31 Aug 2015 21:06:39 PDT

Gary talks to Synopsys’ Chandu Ketkar. With 20+ years of experience as a developer prior to getting into security, Chandu brings a unique and enlightened view to software security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/k1WHdbSxN0A/silverbullet-113.mp3




Show 112: Crypto Wars II with Steve Bellovin and Matt Green

Thu, 23 Jul 2015 21:07:08 PDT

We thought the “crypto wars” were resolved in the late 1990s. But the introduction of encrypted devices­—specifically the release of iOS 8 and the growing number of available encrypted communication channels through public services such as Facebook and Snapchat—has resurfaced the debate.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/oN71ofqAzWo/silverbullet-112.mp3




Show 111: An Interview with Marcus Ranum

Tue, 30 Jun 2015 21:02:06 PDT

Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/ARo8jh3A7xw/silverbullet-111.mp3




Show 110: An Interview with Paul Dorey

Sat, 30 May 2015 21:01:15 PDT

Gary and Paul discuss the modern role of the CSO and the ideal background for a CSO, Paul’s biggest win and biggest mistake as a CSO, and the role of building security in as part of a CSO’s strategy.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/OmFW7FWBUu8/silverbullet-110.mp3




Show 109: An Interview with Bart Preneel

Wed, 22 Apr 2015 21:01:34 PDT

Gary and Bart discuss the differences in approaches to security between the EU and the US, what the picture of building security in looks like around the world, quantum cryptography, and the implications of the Snowden revelations on cryptography.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/F2wOjWDg_vo/silverbullet-109.mp3




Show 108: An Interview with Katie Moussouris

Fri, 27 Mar 2015 19:34:18 PDT

In the 108th episode of the Silver Bullet Security podcast, Gary talks with Katie Moussouris, Chief Policy Officer of HackerOne.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/8KbLiEFidAk/silverbullet-108.mp3




Show 107: An Interview with Jean Camp

Sat, 28 Feb 2015 19:31:18 PST

Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/76P1b0YihLI/silverbullet-107.mp3




Show 106: An Interview with Steve Katz: the world’s first CISO

Sat, 31 Jan 2015 19:30:38 PST

Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.”


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/RMB2upbY6O0/silverbullet-106.mp3




Show 105: The History of Public Key Cryptography with Whitfield Diffie

Wed, 31 Dec 2014 19:31:53 PST

On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/bylekvLXYSg/silverbullet-105.mp3




Show 104: An Interview with Rick Gordon

Sun, 30 Nov 2014 19:31:09 PST

On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/EERWQypKxjY/silverbullet-104.mp3




Show 103: An Interview with Brian Krebs

Fri, 31 Oct 2014 19:26:08 PDT

On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/npxusN7gDO0/silverbullet-103.mp3




Show 102: An Interview with Richard Danzig

Wed, 17 Sep 2014 19:25:38 PDT

On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things).


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/ILqVRsa31DM/silverbullet-102.mp3




Show 101: Software Security with the Founders of the Center for Secure Design

Tue, 26 Aug 2014 19:25:09 PDT

On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Synopsys), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/0ulrwdGT_SQ/silverbullet-101.mp3




Show 100: The State of Software Security with Synopsys

Wed, 23 Jul 2014 19:25:30 PDT

In this episode Gary talks live on video with John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?) over the last decade.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/NnX0nnj-TH4/silverbullet-100.mp3




Show 099: the PLDI and Software Security with Michael Hicks

Mon, 30 Jun 2014 19:20:19 PDT

On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/uUhJWf60Ots/silverbullet-099.mp3




Show 098: The Hype behind Heartbleed with Bart Miller

Fri, 30 May 2014 19:20:11 PDT

Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of binaries, and the SWAMP project.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/gT4YHo-h6Vk/silverbullet-098.mp3




Show 097: The Development Side of Software Security with Aaron Bedra

Wed, 30 Apr 2014 19:20:12 PDT

Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type safety and closure in programming, and the most recent non-fiction book that Aaron’s read.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/FPsF2vezNQ0/silverbullet-097.mp3




Show 096: An Interview with Nate Fick

Mon, 31 Mar 2014 17:20:29 PDT

Gary and Nate discuss the use of the term  "cyber war"  from the perspective of an ex-Marine, Nate's time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/cTRIhxoqsxI/silverbullet-096.mp3




Show 095: An Interview with Charlie Miller

Mon, 24 Feb 2014 19:20:08 PST

On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/6ygYcdFDwU0/silverbullet-095.mp3




Show 094: An Interview with Ming Chow

Fri, 31 Jan 2014 19:15:02 PST

Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/udxfH8Qo28U/silverbullet-094.mp3




Show 093: An Interview with Yoshi Kohno

Tue, 24 Dec 2013 19:14:54 PST

Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, and helping consumers understand privacy implications of popular products’ security designs.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/8YrTwDZ-pCg/silverbullet-093.mp3




Show 092: The Early Days of Computing with Jon Callas

Wed, 27 Nov 2013 09:10:27 PST

Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms actually work (rock on).


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/2pOv3sXZzcQ/silverbullet-092.mp3




Show 091: A Breakdown of the BSIMM-V with Caroline Wong

Wed, 30 Oct 2013 19:15:20 PDT

Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profile firms, and how to increase the number of women in computer science.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/nWmT98agKnQ/silverbullet-091.mp3




Show 090: Cryptography compared with Matthew Green

Mon, 30 Sep 2013 19:09:32 PDT

Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_DRBG RSA/EMC random number generator.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/VYeNn4vfzNI/silverbullet-090.mp3




Show 089: Academic vs. Corporate research with Michael Reiter

Sat, 31 Aug 2013 19:10:01 PDT

On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teaching computer security, and how to attract more women to the field of software security.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/4nYgKUunO08/silverbullet-089.mp3




Show 088: Teaching Security Globally with Christian Collberg

Wed, 31 Jul 2013 19:09:03 PDT

Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software, Christian’s opinions on products that purport to offer software protection on mobile devices, and whether software security students should be taught to think like an attacker.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/kDTTPNi17cw/silverbullet-088.mp3




Show 087: Progression of Software Security with James Walden

Sun, 30 Jun 2013 19:09:30 PDT

Gary and James discuss the progress being made in the field of software security, why there are plenty of top N lists for bugs but none for flaws, the difficulties of teaching how to fix code, the current generation’s outlook on privacy, and security metrics and measurement.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/s8pyA67KdF8/silverbullet-087.mp3




Show 086: Technical Culture across the Pacific with Wenyuan Xu

Fri, 31 May 2013 19:08:48 PDT

Gary and Wenyuan discuss the differences between American and Chinese technical culture, Wenyuan’s work on automatic meter reading systems, whether electrical engineering is more advanced in terms of design than computer science, and why there are so few women in engineering and computer science.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/TNp-PjOwEB4/silverbullet-086.mp3




Show 085: A Discussion with Jim Routh and Scott Matsumoto

Tue, 30 Apr 2013 19:10:17 PDT

On this episode, Gary and guests discuss the challenges of mobile security and how these challenges are exactly the same as and utterly different than software security concerns from across the years.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/zIPWeBoMnfo/silverbullet-085.mp3




Show 084: Learning Science in the Country with Hord Tipton

Sun, 31 Mar 2013 19:04:25 PDT

Gary and Hord discuss how one gets into science and engineering when growing up in rural Tennessee, what insight being nuclear and chemical engineer gives Hord about modern control systems, whether or not certification can help advance software security, and the benefits of teaching software security to kids.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/u3ZzUU6AM9Y/silverbullet-084.mp3




Show 083: An Interview with Mark Graff

Thu, 28 Feb 2013 19:04:10 PST

Gary and Mark discuss what exactly a CISO does all day, how corporate security posture at NASDAQ compares to the security posture at Lawrence Livermore National Laboratory, Enrico Fermi and the piano tuners (the “Fermi problem”) and how it relates to estimation, and the most surprising cultural difference between the left and right coasts.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/YmXWfP4UAMc/silverbullet-083.mp3




Show 082: An Interview with Kevin Fu

Fri, 18 Jan 2013 19:04:41 PST

Gary and Kevin discuss finding advisors and picking a grad school, the security implications of embedded medical devices, malware in hospital systems, the consumer trend toward analyzing one’s own health data, and the difficulty of teaching design analysis to other humans.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/kf9cVe06tgc/silverbullet-082.mp3




Show 081: An Interview with Steve Bellovin

Wed, 26 Dec 2012 19:03:26 PST

Gary and Steve discuss how often academic research finds its way into the real world versus research that’s done in a commercial lab, how code has gotten better overall but how the threat model has changed, whether mobile security is just a repackaging of the same security problem we’ve been dealing with for years, the state of computer security in the government, the very first days of Usenet and the famed Evil Bit.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/5wAmdugBRUo/silverbullet-081.mp3




Show 080: An Interview with Thomas Rid

Fri, 30 Nov 2012 18:58:38 PST

On the 80th episode of the Silver Bullet Security Podcast, Gary talks with Thomas Rid, Reader in War Studies at King’s College London and a non-resident fellow at the Center for Transatlantic Relations in the School for Advanced International Studies, Johns Hopkins University, in Washington, DC.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/T_svzRf_apk/silverbullet-080.mp3




Show 079: Software Security Initiative at Sony with Per-Olof Persson

Wed, 24 Oct 2012 18:58:30 PDT

On the 79th episode of the Silver Bullet Security Podcast, Gary talks with Per-Olof Persson (a.k.a. Peo), head of Global Software Security Operations at Sony Mobile and Board member of Sony Corporation.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/DTC2ujNqYS8/silverbullet-079.mp3




Show 078: An Interview with Jacob West

Sun, 30 Sep 2012 18:58:02 PDT

On the 78th episode of the Silver Bullet Security Podcast, Gary talks with Jacob West, Director, Software Security Research for the Enterprise Security Products division of Hewlett-Packard and newly minted CTO.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/nXBSg7ZpvVY/silverbullet-078.mp3




Show 077: An Interview with Gary Warzala

Tue, 28 Aug 2012 18:58:14 PDT

On the 77th episode of the Silver Bullet Security Podcast, Gary talks with Gary Warzala, CISO of Visa International.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/sR9TFpMh9Ao/silverbullet-077.mp3




Show 076: An Interview with David Evans

Fri, 27 Jul 2012 18:58:09 PDT

Gary and Dave discuss the founding of the Interdisciplinary Major in Computer Science (BA) at UVa and why a broad approach to Computer Science and Computer Security is a good idea, why data privacy gets short shrift in the United States, why people think (for no apparent reason) that their mobile devices are secure, groceries, David’s research on Secure Computation, and the Udacity project.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/FG7E7FigU2k/silverbullet-076.mp3




Show 075: An Interview with Howard Schmidt

Sat, 30 Jun 2012 18:53:36 PDT

In this episode, Gary and Howard discuss the differences between doing security work in the public and private sectors, the difficulties of establishing cybersecurity in the government (especially when it comes to software security), the government’s involvement in cyberespionage, and how the actions of Anonymous and Wikileaks square with the notion of free speech.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/g3pBA7-f-vU/silverbullet-075.mp3




Show 074: An Interview with Bruce Schneier

Wed, 30 May 2012 18:52:47 PDT

They revisit Bruce’s prediction in episode 9 that insight into economics and security would help vendors sell their products more efficiently.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/yZY75y8C9BA/silverbullet-074.mp3




Show 073: An Interview with Robert Vamosi

Mon, 30 Apr 2012 18:52:33 PDT

Gary and Robert discuss whether we’re doomed to idiocy as a species thanks to gadget dependency, why designers ignore security and privacy issues in gadget design.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/eYeF_OPwBPI/silverbullet-073.mp3




Show 072: Cyber Law Discussion with Randy Sabett

Fri, 30 Mar 2012 18:54:37 PDT

Gary and Randy discuss Microsoft’s Zeus Botnet raid, alleged AT&T/NSA wiretapping, whether cyberlaw is full of loopholes, and if security always trades off against privacy and anonymity.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/jz6xa-pVKss/silverbullet-072.mp3




Show 071: An Interview with Bill Arbaugh

Wed, 29 Feb 2012 18:52:54 PST

Gary and Bill discuss how malware has evolved and changed over the last decade and how it’s affected software security practices, BIOS-based attacks, academia vs. startup, and why the NSA doesn’t play defense when it comes to cybersecurity.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/lSfu_qbdNSg/silverbullet-071.mp3




Show 070: An Interview with Ross Anderson

Tue, 31 Jan 2012 18:47:39 PST

Gary chats a second time with Ross Anderson, Professor of Security Engineering at the Computer Laboratory at Cambridge University and author of the book Security Engineering.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/DiQcphXFMpE/silverbullet-070.mp3




Show 069: An Interview with Steve Myers

Thu, 29 Dec 2011 18:47:17 PST

On the 69th episode of The Silver Bullet Security Podcast, Gary talks with Steve Myers, Assistant Professor of Informatics and Computing in the School of Informatics at Indiana University and a member of the Center for Applied Cybersecurity.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/-_VPeW1geaY/silverbullet-069.mp3




Show 068: An Interview with John Steven

Wed, 30 Nov 2011 18:47:51 PST

Gary and John discuss how software architecture is being pulled by financial services instead of being pushed by technology firms, why architecture risk analysis is so important (and so hard to automate), the bias that developers and security practitioners show towards security features rather than software security Touchpoints, and enterprise use of static analysis tools.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/0YEUNEKLed8/silverbullet-068.mp3




Show 067: An Interview with Bill Pugh

Fri, 28 Oct 2011 18:47:34 PDT

On the 67th episode of The Silver Bullet Security Podcast, Gary talks with Bill Pugh, professor at the University of Maryland College Park.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/w5Rnn6o00OU/silverbullet-067.mp3




Show 066: An Interview with Shari Lawrence Pfleeger

Thu, 29 Sep 2011 18:42:03 PDT

On the 66th episode of The Silver Bullet Security Podcast, Gary chats with Shari Lawrence Pfleeger, Director of Research for the Institute for Information Infrastructure Protection at Dartmouth College.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/SmZgNZ8RNnE/silverbullet-066.mp3




Show 065: An Interview with Giovanni Vigna

Mon, 29 Aug 2011 18:42:49 PDT

On the 65th episode of The Silver Bullet Security Podcast, Gary is joined by Giovanni Vigna, professor of Computer Science at UC Santa Barbara.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/sDzfqDelZGc/silverbullet-065.mp3




Show 064: An Interview with Markus Schumacher

Fri, 29 Jul 2011 18:41:36 PDT

On the 64th episode of The Silver Bullet Security Podcast, Gary chats with Markus Schumacher, co-founder and CEO of Virtual Forge.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/cxg8uZS9pgo/silverbullet-064.mp3




Show 063: An Interview with Craig Miller

Tue, 28 Jun 2011 18:42:21 PDT

On the 63rd episode of The Silver Bullet Security Podcast, Gary talks with Craig Miller, principal at the MAPA Group. Gary and Craig discuss entrepreneurship, the pluses and minuses of working for start-ups and very large corporations, smart grid security, and working with NRECA.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/n0HkEyw6VWY/silverbullet-063.mp3




Show 062: An Interview with Halvar Flake

Tue, 31 May 2011 18:41:51 PDT

On the 62nd episode of The Silver Bullet Security Podcast, Gary chats with Halvar Flake (a.k.a. Thomas Dullien), founder of reverse engineering consultancy, Zynamics, which was recently purchased by Google. Gary and Halvar discuss the acquisition, Zynamics’ product BinDiff, whether the “bad guys” are using code understanding tools (including decompilers) better than developers, static versus dynamic analysis, international politics meets computer security, and the growing complexity of malware.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/03GVMe0PIv0/silverbullet-062.mp3




Show 061: An Interview with Carl Landwehr

Thu, 28 Apr 2011 18:42:04 PDT

On the 61st episode of The Silver Bullet Security Podcast, Gary talks with Carl Landwehr, Director of Trustworthy Computing at the National Science Foundation and a Senior Research Scientist at the Institute for Systems Research within the University of Maryland.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/9IN5tnapS6s/silverbullet-061.mp3




Show 060: An Interview with Neil Daswani

Wed, 30 Mar 2011 18:36:51 PDT

On the 5th anniversary, 60th episode of The Silver Bullet Security Podcast, Gary talks with Neil Daswani, CTO and co-founder of Dasient.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/fnGh1UOUBHE/silverbullet-060.mp3




Show 059: An Interview with Ralph Langner

Fri, 25 Feb 2011 18:37:02 PST

On the bonus-length 59th episode of The Silver Bullet Security Podcast, Gary chats with Ralph Langner, Founder and CEO of Langner Communications.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/SsYQinag0Ts/silverbullet-059.mp3




Show 058: An Interview with John Savage

Mon, 24 Jan 2011 18:36:53 PST

On the 58th episode of The Silver Bullet Security Podcast, Gary talks with John Savage, professor of Computer Science at Brown University and Jefferson Science Fellow for the State Department.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/FtsLJZHZBvM/silverbullet-058.mp3




Show 057: An Interview with Elinor Mills

Thu, 23 Dec 2010 18:36:34 PST

On the 57th Silver Bullet Security Podcast, Gary talks with Elinor Mills, senior writer at CNET’s news.com.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/AxP0rbMNpos/silverbullet-057.mp3




Show 056: An Interview with Sammy Migues

Tue, 30 Nov 2010 18:30:56 PST

Gary and Sammy discuss how Sammy’s southern upbringing affects his approach to security, his experience speaking to the National Rural Electric Cooperative Association, the advantages of defensive programming versus “the bug parade” and the BSIMM.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/8qJjB65OVMI/silverbullet-056.mp3




Show 055: An Interview with Deborah Frincke

Fri, 29 Oct 2010 18:31:02 PDT

On the 55th Silver Bullet Security Podcast, Gary chats with Deborah Frincke, Chief Scientist, Cybersecurity at Pacific Northwest National Laboratory.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/g4zJfScAX4M/silverbullet-055.mp3




Show 054: The Decades Science Fiction with Marc Donner

Mon, 27 Sep 2010 18:30:59 PDT

On the 54th Silver Bullet Security Podcast, Gary talks with Dr. Marc Donner, engineering director for Google Health and Google Finance.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/PmHYsjI606M/silverbullet-054.mp3




Show 053: Network Security Best Practices with Richard Bejtlich

Mon, 23 Aug 2010 18:31:57 PDT

On the 53rd episode of The Silver Bullet Security Podcast, Gary interviews Richard Bejtlich, Director of Incident Response for General Electric and Principal Technologist for GE’s Global Infrastructure Services division.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/tN9Xi2t2qnE/silverbullet-053.mp3




Show 052: A Breakdown of Security Analysis with Paul Kocher

Wed, 21 Jul 2010 18:31:12 PDT

On the 52nd episode of The Silver Bullet Security Podcast, Gary chats with Paul Kocher, President and Chief Scientist of Cryptography Research.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/dkCZMlyyaqk/silverbullet-052.mp3




Show 051: Startup versus Government Research with Anup Ghosh

Fri, 25 Jun 2010 18:25:54 PDT

On the 51st episode of The Silver Bullet Security Podcast, Gary talks with former co-worker Dr. Anup Ghosh.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/UmQgzl9q4mw/silverbullet-051.mp3




Show 050: Lacking Defense in Cyber War with Richard Clarke

Tue, 01 Jun 2010 18:27:04 PDT

On the landmark 50th episode of Silver Bullet, Gary talks with Richard A. Clarke. Richard Clarke is an internationally-recognized expert on security, including homeland security, national security, cyber security, and counterterrorism.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/DntDyQrDon0/silverbullet-050.mp3




Show 049: Imitating the Attackers Prespective with Ivan Arce

Fri, 30 Apr 2010 18:26:21 PDT

On the 49th episode of The Silver Bullet Security Podcast, Gary talks with Ivan Arce, co-founder and CTO of Core Security Technologies.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/8gKijw7i3hA/silverbullet-049.mp3




Show 048: Changes in Security Compliance with Andrew Jaquith

Thu, 25 Mar 2010 18:26:33 PDT

On the 48th episode of The Silver Bullet Security Podcast, Gary interviews Andrew Jaquith, senior analyst at Forrester.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/MMSNSKo0clA/silverbullet-048.mp3




Show 047: Security’s need for Languages with Greg Morrisett

Sun, 28 Feb 2010 18:25:29 PST

On the 47th episode of The Silver Bullet Security Podcast, Gary calls in from Leuven, Belgium to chat with childhood friend and security expert Greg Morrisett.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/9baYbJDbpUc/silverbullet-047.mp3




Show 046: A Look Inside Infowar with David Rice

Wed, 27 Jan 2010 18:21:03 PST

Gary and David discuss David’s involvement with Infowar at the Naval Postgraduate School and how it impacted his thinking about software, the recent Chinese cyberattack on Google, what incentives exist to create and apply software security best practices, how users may be mistaking marketing for security, and the SANS WhatWorks in Application Security Summit.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/tp6MXYYVBm0/silverbullet-046.mp3




Show 045: The Common Disregard for Privacy with Lorrie Cranor

Fri, 18 Dec 2009 18:20:36 PST

On the 45th episode of The Silver Bullet Security Podcast, Gary chats with Lorrie Cranor, Associate Professor of Computer Science and Engineering and Public Policy at Carnegie Melon University.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/kIxfp0ZDpAk/silverbullet-045.mp3




Show 044: The History of Network Security with Steve Kent

Wed, 25 Nov 2009 18:21:07 PST

On the 44th episode of The Silver Bullet Security Podcast, Gary talks with Steve Kent, Chief Scientist – Information Security, for BBN Technologies, a division of Raytheon.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/z60lfzpsESo/silverbullet-044.mp3




Show 043: The Hype behind Cloud Security with Chris Hoff

Wed, 21 Oct 2009 18:20:33 PDT

On the 43rd episode of The Silver Bullet Security Podcast, Gary chats with Christofer Hoff, Director of Cloud and Virtualization Solutions at Cisco.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/liguDEY_s6Y/silverbullet-043.mp3




Show 042: Informatics and Health Security with Gilian Hayes

Fri, 25 Sep 2009 18:20:43 PDT

On the 42nd episode of The Silver Bullet Security Podcast, Gary chats with Gillian Hayes, Assistant Professor in Informatics at the Bren School of Information and Computer Sciences at UC Irvine.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/H93c3_0FnQc/silverbullet-042.mp3




Show 041: Security vs. Reliability with Fred Schneider

Fri, 21 Aug 2009 18:14:55 PDT

On the 41st episode of The Silver Bullet Security Podcast, Gary talks with Fred Schneider, Samuel B. Eckert Professor of Computer Science at Cornell University and author of Trust in Cyberspace.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/1ndhDfuMOjQ/silverbullet-041.mp3




Show 040: Comparing Security Models with Bob Blakley

Fri, 17 Jul 2009 18:14:47 PDT

For the 40th episode of The Silver Bullet Security Podcast, Gary interviews Bob Blakley, VP and research director of The Burton Group’s Identity and Privacy Strategies.


Media Files:
http://feedproxy.google.com/~r/TheSilverBulletSecurityPodcastWithGaryMcgraw/~5/DoeoTATlmno/silverbullet-040.mp3