In this episode of ConversingLabs, host Paul Roberts interviews Jiwon Ma, Senior Policy Analyst at the Foundation for Defense of Democracies (FDD), about her recent report that addresses the urgent cybersecurity challenges facing the aviation industry. The report, "Turbulence Ahead: Navigating the Challenges of Aviation Cybersecurity" (PDF), analyzes a number of factors that are putting U.S. aviation infrastructure at increasing cyber risk, including how weaknesses in the software supply chain pose serious risks to the industry.

In this episode of ConversingLabs, host Paul Roberts interviews Major Joe Spracklen, a PhD student at the University of Texas at San Antonio, who recently published a paper with his peers regarding the threat posed to software supply chains caused by code-generating Large Language Models (LLMs). The paper, “We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs” (PDF), discusses how the rise of these LLMs can create package hallucinations that arise from fact-conflicting errors – representing a novel form of package confusion attack.

In this episode of ConversingLabs, host Paul Roberts interviews Chuck McWhirter, principal solutions architect at ReversingLabs, about the importance of sticking to basics when it comes to thwarting attacks from adversaries. Chuck recounts his experiences in both the public and private sectors, including his efforts in securing the 2002 Olympics – back when the Security Operations Center (SOC) had not yet evolved. The details of Chuck’s journey shed light on how enterprise security teams can better handle the cyber threats stemming from nation-state adversaries. By minimizing cybersecurity tool sprawl and alert fatigue, as well as assessing situational risk, Chuck argues that security teams stand a better chance against attackers.  

In this episode, host Carolynn van Arsdale interviews Tanya Janca (aka SheHacksPurple), a world-renowned application security (AppSec) leader, author, speaker and educator. In addition to having multiple bestselling books, such as ‘Alice and Bob Learn Secure Coding,’ Janca is the founder of We Hack Purple and leads education and community for Semgrep. In their conversation, they discuss how Janca’s career embodies AppSec Girl Power: Beginning from her start as a software developer, up to her current success as a prominent thought leader in AppSec and secure coding philosophy.

Subscribe to Tanya's newsletter here, and if you're an AppSec professional, take her survey here. 

Find Tanya on social media:

• https://bsky.app/profile/shehackspurple.bsky.social 
• https://twitter.com/shehackspurple
• https://www.linkedin.com/in/tanya-janca
• https://infosec.exchange/@SheHacksPurple
• https://www.tiktok.com/@shehackspurple
• https://www.youtube.com/shehackspurple  

In this episode of ConversingLabs, host Paul Roberts chats with Malcolm Harkins, Chief Security and Trust Officer at HiddenLayer, about cybersecurity’s double-edged sword: artificial intelligence (AI). Harkins will discuss what HiddenLayer has discovered in regards to AI-based threats to software supply chains, including research about DeepSeek R1. The two will also identify which enterprise security tools lack the means to spot these developing threats. Finally, they’ll consider whether or not AI itself can be a part of the solution in out-pacing threat actors’ utilization of these risks.

In this episode of ConversingLabs, host Paul Roberts chats with Jason Valenti, director of product at ReversingLabs, about the evolution of threat intelligence and the growing role it’s playing in cyber defense. A former IT specialist at the FBI and director of product management at the firm CrowdStrike, Jason will touch on his journey prior to his RL career and his work to promote the use of threat intelligence in both the public and private sectors. Jason will also talk about the epidemic of sophisticated cybercriminal and nation state hacking campaigns and how enterprise security teams can leverage threat intel to contextualize- and push back against these pressing threats.

You can find Jason on LinkedIn here. 

In this episode, host Paul Roberts chats with Security Researcher Sam Curry about his own experience being hacked via the Internet of Things and how it led to a shocking discovery regarding modem security. More broadly, the conversation touches on how APIs can leave consumers vulnerable, the increasing popularity of IoT attacks, and how to mitigate such risks.

Check out Sam's blog post about his modem getting hacked here: https://samcurry.net/hacking-millions-of-modems

Learn more about Sam and Ian Carroll's research on airport security here: https://ian.sh/tsa

In this episode, host Paul Roberts chats with Beau Woods, Founder & CEO of Stratigos Security, about the history of the software bill of materials (SBOM) – from its beginnings, to its modern-day use, to efforts underway to adapt it for the future. SBOMs have exploded in popularity within the past two years, and are oftentimes considered synonymous with software supply chain security. However, SBOMs are not a new tool, and while they’re important – they certainly aren’t the end-all-be-all for mitigating modern threats to software supply chains. Woods will explain in this conversation how SBOMs have taken center stage in 2024, and how they will continue to impact the future of cybersecurity.

In this episode, host Paul Roberts chats with Tarah Wheeler, CEO of Red Queen Dynamics, about her recent Council on Foreign Relations piece regarding what the U.S. SEC’s prosecution of SolarWinds and new disclosure rules mean for the cybersecurity industry at-large. Wheeler believes that these new moves from the Commission emphasize the concept of “materiality” in cyber - graduating the industry to a level of enterprise risk it has never experienced before.

In this episode of the ConversingLabs podcast, host Paul Roberts chats with Daniel Adamitis, a Principal Information Security Engineer at Lumen Technologies’ Black Lotus Labs. They discuss his team’s discovery of an impossible-to-kill botnet packed with end-of-life SOHO routers, which is being used by a Chinese nation-state backed APT group as a covert data transfer network. The group, known as Volt Typhoon, is also well known for targeting U.S. critical infrastructure.