The Security Table
Izar Tarandach, Matt Coles, and Chris Romeo
0
The Security Table brings together four cybersecurity industry veterans from diverse backgrounds to discuss building secure software and the challenges that arise. The podcast covers a range of topics related to software security, drawing on the hosts' extensive experience.
Епизоди
-
Don't Bury the Model T: Why STRIDE Still Drives in an AI World 01.07.2026 59минIn this episode, we dig into two things the security community loves to argue about: npm finally doing the right thing and whether STRIDE has any business being called dead. The npm v12 changes gate dangerous install script behavior by default, which is a good step forward and also about a decade overdue. Then we wade into a hot take claiming that STRIDE was built for a world that no longer exists, and we push back hard on the idea that non-deterministic AI systems need an entirely new threat...
-
Mostly Dead or Mostly Back: The Zombie Resurrection of DAST in an AI World 24.06.2026 42минIn this episode, we dig into whether DAST is dead, mostly dead, or quietly making a comeback dressed in an AI trench coat. The conversation traces the origins of dynamic application security testing from nmap scans and open source hacker tools to a market now valued at nearly four billion dollars and growing. We debate where DAST ends, and AI pen testing begins, whether AI can find a vulnerability nobody has ever seen before, and what happens when you compound the false positives of rigid rul...
-
Realists At The Table: How To See Through The Hype 17.06.2026 37минIn this episode, we dig into how the cybersecurity personality has shifted from the ego-driven, hoodie-up archetype to the paycheck-chasing newcomer. The conversation covers hype cycles from mainframes to AI to quantum, whether passion or profit is driving the next generation into the field, and why we think the threat modeling problem is already solved. At the same time, everyone else keeps getting in the way. The discussion takes detours through The Cuckoo's Egg, Sneakers, War Games, and NF...
-
The Agentic Access Problem: When AI Becomes Its Own Administrator 03.06.2026 40минIn this episode, we explore what happens when AI agents meet the security principle of least privilege. As agents gain the ability to request permissions, make decisions, and interact with systems on our behalf, the line between human and machine responsibility starts to blur. The discussion covers prompt fatigue, over-permissioned agents, and why "because the agent told me to" may become the next security anti-pattern—before taking a hilarious detour into EULAs, cookie notices, and Matt's un...
-
The Tool Creep Problem: When More Security Means Less Security 08.05.2026 42минIn this episode, we break down why security budgets keep growing while organizations keep falling further behind. We explore how tool creep has quietly shifted from a nuisance into an active attack surface, and why agentic AI is becoming the insider threat no one planned for. Izar shares a firsthand account of watching an AI agent attempt increasingly creative workarounds to escape a sandbox, revealing just how much risk lives in the gap between what agents are told to do and what they are ac...
-
The Human In The Loop Illusion: Why AI Approvals Are Failing Security 30.04.2026 47минIn this episode, a debate about hacker movies turns into a deeper conversation about AI, security, and the human-in-the-loop illusion. We explore how approval fatigue and AI-generated code can create a false sense of security and why fundamentals still matter. 🚀 Join the Conversation Are we improving security, or just automating bad decisions faster? FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podcast ➜YouTube: The Security Table YouTube Channel T...
-
The Mythos Problem: When AI Finds Every Vulnerability 15.04.2026 47минIn this episode, we break down the “AI Vulnerability Storm” and what happens when AI can find—and exploit—vulnerabilities faster than humans can fix them. We explore how compressed OODA loops are shifting the balance toward attackers, why traditional scoring like CVSS may start to break down, and whether “just patch faster” is even realistic anymore. The team also questions the push toward AI agents everywhere—and whether fighting AI with more AI actually solves the problem. At the end of the...
-
What If AI Never Happened? The AppSec Reality Check 08.04.2026 47минIn this episode, we explore a simple but surprisingly deep question: what would application security look like if generative AI never existed? We break down how AppSec might still rely on deterministic, rule-based approaches, what we might gain in structure and rigor, and what we’d lose in speed, scale, and accessibility. Along the way, we debate whether AI is truly improving security or just accelerating existing problems, from “vibe coding” and false confidence in results to the growing gap...
-
The Evolution Problem: After 100 Episodes, What’s Changed… and What Hasn’t? 01.04.2026 49минWe made it to 100 episodes, so naturally, we decided to look back and see how wrong we’ve been. In this episode, we revisit some of our past topics, predictions, and hot takes to figure out what still holds up and what didn’t quite land. From “we don’t know what we don’t know” to the evolution of security tools, we reflect on what’s changed, what hasn’t, and why some problems never seem to go away. Along the way, we compare where we were then to where things stand now, calling out a few wins,...
-
The Agent Access Problem: When AI Has the Keys, Who’s Really in Control? 25.03.2026 48минIn this episode, we dive into the messy reality of AI agents acting inside your systems and what that means for modern security. We explore the idea of agents as actors with real access—credentials, APIs, and permissions—and why this isn’t as new as it sounds (hint: it’s just applications all over again). We unpack where things actually get risky, from over-permissioned agents to unpredictable behavior driven by prompts, and why “it won’t go rogue” might be missing the point entirely. We also...
-
The Invisible Code Problem: When You Can’t See the Attack, Can You Stop It? 20.03.2026 36минIn this episode, we dive into the strange world of invisible Unicode attacks and what they could mean for modern software security. We explore how hidden characters can be used to conceal malicious code within packages, why this isn’t entirely a new problem, and whether current tools, such as linters and SAST, are equipped to detect it. We also question the role of LLMs in both enabling and detecting these attacks, and whether this is a real emerging threat or just another overhyped security ...
-
The Moltbook Dilemma: What Happens When AI Agents Start Networking 06.02.2026 41минIn this episode, we discuss the implications of AI technologies like OpenClaw and Moltbot, exploring the potential threats and societal changes that may arise from their integration into daily life. We talk about the nature of AI communication, the concept of agentic AI, and the philosophical questions surrounding the future of human and machine interaction. Per usual our conversation is laced with humor and skepticism about the rapid advancements in AI and their impact on society. FOLLOW OUR...
-
The Walking Dead of Security: When AI Resurrects the Build vs. Buy Debate 28.01.2026 40минAre cybersecurity technologies really dead, or are reports of their demise greatly exaggerated? Today’s episode is a discussion on how AI is reshaping the classic build vs. buy debate, empowering non-engineers to create working prototypes and potentially reviving the DIY coding culture of pre-open-source days. We also talk about how developers trained on open source are now leveraging AI built from that same foundation, raising questions about innovation and originality in modern programming....
-
Crystal Penguins and AI Chaos: What Could Go Wrong in 2026? 14.01.2026 40минWe’re predicting what 2026 has in store for AI and cybersecurity. We explore the wild possibilities of AI integration gone wrong, from people accidentally connecting their AI to sensitive file systems to blaming their AI agents for losing critical data. The conversation takes a thoughtful turn as they debate which jobs might fall to AI automation and if the human touch is still irreplaceable? Examining real examples like the "Y'allbot" weather monitoring system and photorealistic AI actress T...
-
The Cost of Knowing: How Cybersecurity Professionals View Innovation Differently 03.12.2025 30минWe’re pulling back the curtain on the technology industry to reveal what life looks like when you're constantly aware of what can go wrong. From the loss of childlike wonder when encountering new tech to the ethical dilemmas posed by autonomous vehicles, we discuss the unique burden of seeing technology's darker possibilities. We’re examining how years of witnessing security breaches and system failures shape a professional outlook that balances innovation with caution. FOLLOW OUR SOCIAL MEDI...
-
The Roller Coaster of Risk: A Threat Modeler's Perspective 26.11.2025 45минWhat do roller coasters and threat modeling have in common? More than you'd think. In this episode, we explore how security professionals view risk differently than everyone else—and why that matters. From roller coaster anxiety to the ethics of identifying danger, we dive into the unique mindset that comes with being a threat modeler. Because once you learn to see threats everywhere, there's no going back. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @SecTablePodcast ➜LinkedIn: The Security Table Podc...
-
Can AI Replace Security Teams? The Software Quality Debate 19.11.2025 36минIs the cybersecurity industry facing a security problem or a software quality problem? In this episode, we’re tackling the controversial claim that AI advancements could make security teams obsolete—and uncover the deeper issues plaguing software development. The conversation reveals an uncomfortable truth: software companies often transfer the risk of vulnerabilities to customers, creating a system where there's little incentive to invest in security by design. Can AI bridge this gap, or do ...
-
The Debate: Is the CIA Triad Truly Dead? 22.10.2025 29минWe’re debating an online article claiming that the CIA Triad (Confidentiality, Integrity, Availability) is a relic and needs to be updated for 21st-century threats. The discussion includes whether new properties like authenticity, accountability, and resilience should be incorporated into modern security models. And we delve into the use of analogies, system properties versus values, and the role of ethical considerations in cybersecurity. Listen along to our discussion on whether the foundat...
-
Don’t Forget the Beauty of Simplicity: Exploring Shifts in Software Development 08.10.2025 33минWe’re debating the concepts of 'Shift Left' and 'Shift Down' in the world of cybersecurity. We explore the intricacies of developer responsibility, the impact of modern AI on code security, and the delicate balance between innovation and secure coding practices. Join us for a thought-provoking discussion that ranges from keeping our digital world secure, efficient and, most importantly, simple. The Modernization Imperative: Shifting Left is for Suckers. Shift Down Instead. FOLLOW ...
-
More Cowbell: Security and Speed in Agile 01.10.2025 48минWe’re diving into the relevance and execution of threat modeling within agile development environments. We dissect the claims, explore the true integration of agile practices with threat modeling, and address the misconceptions and challenges commonly faced. Check out the episode to find out if threat modeling is indeed slowing down agile processes or if it can be seamlessly integrated for better security outcomes. The Problem With Threat Modeling in Application Security: Too Slow, Too Theore...
Популярен в
Този подкаст се появява и в подкаст класациите на тези държави.