Tattoos, Code, & Data Flows

In Episode 25 of Tattoos, Code, and Data Flows, Matt Rose interviews , Paul Asadoorian, Firmware Security Evangelist at Eclypsium. Paul Asadoorian spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. He is the founder of the Security Weekly podcast network, offering freely available shows on the topics of information security and hacking. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones. Paul and Matt talk about: ↳ The lack of updates from firmware ↳ Building a management interface into your device ↳ Most common security issues with firmware ↳ Supply chain risk vs firmware risk And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 24 of Tattoos, Code, and Data Flows, Matt Rose interviews Robert Wood, CISO of Centers for Medicare & Medicaid Services. Robert Wood leads enterprise cyber security, compliance, privacy, and counter intelligence functions at CMS and ensures the Agency complies with secure IT requirements while encouraging innovation. He has over 10 years of experience in information technology, information security and management consulting. Prior to CMS, Robert has built and managed several security programs in the technology sector. He was also formerly a Principal Consultant for Cigital where he advised enterprises about their software security programs. He also founded and led the red team assessment practice with Cigital, focused on holistic adversarial analysis, helping organizations identify and manage risks from alternative perspectives. Robert and Matt talk about: ↳ Transitioning from start-ups to working for a federal enterprise ↳ The problem with "zero trust" today ↳ Shifting everywhere in the CI/CD pipeline ↳ Robert's story to becoming a successful CISO And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 23 of Tattoos, Code, and Data Flows, Matt Rose interviews Debbie Gordon, Founder & CEO of Cloud Range. Debbie has focused her work on businesses that improve people's lives. Her career began in technical education and certification, and she has built and sold several companies in eCommerce, IT asset management, and training. She is currently on the board of directors of Entrepreneurs' Organization - Nashville. Debbie is a frequent speaker on cybersecurity readiness, simulation training, and team effectiveness at conferences and seminars all around the world. Debbie's current role is founder and CEO of Cloud Range, the industry-leading cybersecurity simulation training solution that helps organizations reduce cyber risk. A globally recognized technology entrepreneur, Debbie founded Cloud Range on the premise that simulation training is as integral in cybersecurity as it is in other fields like medicine, aviation, or the military. The result was that Cloud Range led the development of a new category in cybersecurity. Only three years later, organizations around the globe are incorporating the company's cyber readiness solution as a core element of their security programs. Debbie and Matt talk about: ↳ The evolution of cybersecurity and finding talent ↳ Refining your technology stack and understanding your tools ↳ Investing in the people that make up your company ↳ Different types of simulation scenarios And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 22 of Tattoos, Code, and Data Flows, Matt Rose interviews Jason Rebholz, the Chief Information Security Officer at Corvus Jason has over a decade of experience performing forensic investigations into sophisticated cyber attacks and helping organizations build secure and resilient environments. As Corvus's CISO, Jason leverages his incident response, security, and infrastructure expertise to drive security strategy and reduce the risk of security threats internally at Corvus and for Corvus's policyholders. Prior to joining Corvus, Jason held leadership roles at Mandiant, The Crypsis Group, Gigamon, and MOXFIVE. Jason and Matt talk about: ↳ Assessing the risk of companies at scale in cyber insurance ↳ Must have technology stack for businesses ↳ Path to/responsibilities of becoming a successful CISO ↳ Application & Cloud Security Posture Management And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 21 of Tattoos, Code, and Data Flows, Matt Rose interviews Brian Lowy, an application security expert that has extensive experience in the industry for decades. Brian Lowy has been in the internet space since 1993 with companies such as PSInet, DIGEX, BBN, Genuity, Akamai, and Savvis. Brian also ran his own business in the financial sector, which was sold off in 1992! Brian has most recently been focused on Quantum Safe Encryption solutions. He has been hugely successful in his roles as an engineer, sales director, and now as a director of client assurance information security. Brian and Matt talk about: ↳ Analyzing current and emerging risk factors ↳ Dealing with audits (SOC 1, SOC 2, PCI, Client) ↳ Interconnectivity between security products ↳ Quantum Computing and it's importance/future And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 20 of Tattoos, Code, and Data Flows, Matt Rose interviews Sean Casey, Director of Sales Engineering at Checkmarx. Sean Casey has had 13 years of experience as a Web Developer working with numerous companies in the security world. Sean later transitioned into the Sales Engineer world for the last 6 years, and has been crushing it ever since. In 2019, he received the 2019 CEO Employee Excellence award for North America! Sean and Matt talk about: ↳ The responsibilities of a successful sales engineer ↳ Supply Chain Risks vs OWASP Top 10 Risks ↳ The rise of the Site Reliability Engineer ↳ The problems with auto-remediation today And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 19 of Tattoos, Code, and Data Flows, Matt Rose discusses the importance of understanding your application security posture in production, rather than focusing on shifting left and testing only in the pre-production stages. Matt is a technical Application Security Testing (AST) leader with a record of consistent accomplishments in sales and sales engineering management roles. He has more than 20 years of experience in application security sales, sales engineering leadership, software development, marketing, and consulting. Matt was a key thought leader for two AST vendors growing from startup phase to major acquisition (Fortify and Checkmarx). Also, Matt is a very accomplished public speaker and has been quoted in 50+ AST industry media publications. After being in the SAST world from the beginning (15+ years) Matt decided to join forces with Bionic to help define a new concept in security and risk identification. Application Security Posture Management (ASPM) is something Matt had been talking about, in concept, for years. Today, Matt covers:

In Episode 18 of Tattoos, Code, and Data Flows, Matt Rose interviews Peter Chestna, CISO of North America at Checkmarx. He is also a Board Member for the DevSecCon Global Community and MergeBase. Peter is a proven engineering and security leader with deep technical experience. He is an outspoken expert on DevOps/DevSecOps and has 16 years of experience in the Application Security Industry. He is effective in building, leading and developing high velocity Agile and DevOps teams with security as a first class citizen. He also speaks internationally at both security and developer conferences. Peter and Matt talk about: ↳ Defining DevOps and Agile ↳ CI/CD automation vs functionality/capability ↳ Application Security fundamentals and hygiene ↳ The challenges and intentions of being a CISO And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 17 of Tattoos, Code, and Data Flows, Matt Rose interviews Rafal Los, Founder and Host of Down the Security Rabbithole Podcast. Rafal Los is an industry innovator, strategist, and personality. His career spans 20+ years while working inside companies from the Fortune 10 to a firm of less than 10. His most recent achievements include assisting a company in its pivot from infrastructure provider to security-as-a-service by developing a pre-sales strategy and developing a professional services framework; implementing significant changes in business process that led to the company's ability to measure the impacts of various efforts on the sales cycle. Rafal is an active member of the Security Advisor Alliance, serving on the advisory board with the intent of creating innovative ways for security leaders to give back to their communities through service and knowledge sharing. Additionally, Rafal is a founder and host of the Down the Security Rabbithole Podcast - an industry podcast delivering a weekly office-friendly format since 2011. The podcast includes thought leadership, and industry experts from government advisors, industry founders, and everyone in between. Rafal's career is about more than being a recognizable expert - he brings people together to solve complex problems in innovative ways; forming relationships and continually sharing his hunger for knowledge. Rafal and Matt talk about: ↳ Founding & Hosting his podcast called "Down The Security Rabbithole" ↳ Eliminating 3/4 of the Security industry ↳ The 3 Pillars of Applications ↳ Defining ASPM And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

We have a very special podcast guest this week: our very own Chief Architect, Matthew Rose

In Episode 15 of Tattoos, Code, and Data Flows, Matt Rose interviews Dustin Lehr, Director of Application Security at Fivetran. He is also the co-founder and Chief Solutions Officer at Katilyst Security. Dustin Lehr is an accomplished software engineer turned information security leader welcoming the new age of security: people-focused programs that properly incentivize taking personal ownership and responsibility for good security habits. Dustin motivates and aligns leadership on security strategy and builds support in designing effective behavior-oriented information security programs that balance technical security risk with business objectives. Dustin and Matt talk about: ↳ Identifying a company's maturity level and motivating people to fix their security issues ↳ Forming a partnership to collaborate on solving security issues ↳ Wanting to provide engineering teams more clarity and context ↳ Application Security vs Software Security And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 14 of Tattoos, Code, and Data Flows, Matt Rose interviews Chris Hughes, CISO and Co-Founder at Aquia. Chris is also a board advisor for Microsec.ai, Resurface Labs, and ByteChek. Chris Hughes is passionate about Cybersecurity, Cloud, DevSecOps and helping to educate individuals looking to further their career. He is a proven Cloud/Cybersecurity leader with nearly 20 years of experience in both the Federal and commercial industries. Chris holds various IT, Cyber and Cloud related certifications and has a strong desire to continuously learn as well as help teach individuals interested in the field of Cybersecurity and Cloud Computing. Chris Hughes seeks to contribute back to the industry through teaching as an Adjunct Professor and also contributing to several working group initiatives with respected industry research organizations. Chris and Matt talk about: ↳ The state of DevSecOps and where it's headed (roles, tools, industry) ↳ Challenges for the workforce in security ↳ Defining the term "agile" ↳ Differentiating various types of security bugs and the processes to fix them And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 13 of Tattoos, Code, and Data Flows, Matt Rose interviews Damien Suggs, Sr. Application Security Architect at FalconX and VP of Metro-Atlanta ISSA Chapter. Damien is also a Penetration Tester / Ethical Hacker at Caesium55 and Saltworks Security, LLC. Damien Suggs is an application security professional with a background of over 22 years of extensive IT infrastructure and 20 years of web application and network security experience. Damien has a proven track record of providing network and web application solutions in diverse environments. He is dedicated to the protection of information and information systems. Damien and Matt talk about: ↳ Looking at Application Security holistically and staying on track with new technologies ↳ Overusing "Shift Left" as a slogan and Matt's poll results ↳ Identifying a Site Reliability Engineer's goals and responsibilities ↳ How Bionic is revolutionizing the Application Security space with ASPM And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 12 of Tattoos, Code, and Data Flows, Matt Rose interviews Nick Sinai, Senior Advisor / Venture Partner at Insight Partners. Nick Sinai is a Senior Advisor at Insight Partners and a Senior Fellow at the #HarvardKennedySchool. Previously, Nick was U.S. Deputy Chief Technology Officer at the #WhiteHouse. Nick led President Obama's Open Data Initiatives to liberate data to fuel innovation and economic growth, and worked to advance innovation in health, energy, education, and finance sectors. Nick also co-led President Obama's Open Government Initiative to ensure the Federal Government is more transparent, participatory, and collaborative. Prior to joining the Obama Administration, Nick was a venture capitalist at Lehman Brothers Venture Partners (now Tenaya Capital). He co-established the Boston office of Lehman Brothers Venture Partners, sourced investments, and served as a board representative and advisor to portfolio companies. Previously, at Polaris Partners since 2004, Nick helped invest in almost a dozen Internet, software, communications and clean technology companies, including an early stage investment in LogMeIn (NASDAQ: LOGM). Nick is a Berkeley, CA native, a private pilot, and the father of twin girls. Nick and Matt talk about: ↳ How the U.S. Defense Department needs to do a better job trying, buying, and scaling new emerging technologies and innovations ↳ The challenges of hiring professionals in Government ↳ DevOps vs DevSecOps and Shift Left within Government agencies and groups ↳ Being on the executive staff for the Obama Administration And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 11 of Tattoos, Code, and Data Flows, Matt Rose interviews Ty Sbano, Chief Information Security Officer at Vercel. Ty Sbano is an application security expert that has experience working at major companies such as: Capital One, Target, JP Morgan Chase, and more! He is currently an investor with Silicon Valley CISO Investments and an advisor for Nightfall AI, Cider Security, and Identify Security. Ty is also a martial arts coach and has a passion for photography! Ty and Matt talk about: ↳ Lessons learned from transitioning as a CISO ↳ Practices and documentation standards within the cyber security space ↳ Shift left & DevOps vs DevSecOps ↳ Tattoos, industry standards, and Muay Thai And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 10 of Tattoos, Code, and Data Flows, Matt Rose interviews Derek Fisher, VP of Application Security at Envestnet & Professor at Temple University. Derek Fisher is an award-winning author, speaker, leader, and university instructor and can bring a host of unique skills, abilities, and decades of experience in all facets of engineering abilities. Throughout Derek's professional career, he has made a track record of maturing information security teams and creating and implementing organizational information security strategies to improve risk mitigation and ensure maximum performance, and a whole lot more! Derek and Matt talk about: ↳ Derek's passion for teaching the next generation of cyber security professionals at Temple University ↳ Ways to scale an Application Security function for a more efficient team ↳ Working with developers and providing the right tools ↳ Writing security books for children And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 9 of Tattoos, Code, and Data Flows, Matt Rose interviews Rob Black, Founder & Virtual CISO at Fractional CISO. Rob Black is the Founder and Managing Principal of Fractional CISO. He helps organizations reduce their cybersecurity risk as a Virtual CISO. Rob is the inventor of three security patents. He consults, speaks, and writes on IoT and security. Rob helps founders create and tell their cybersecurity story when their customers demand improved security. Rob and Matt talk about: ↳ Persuasion in the cyber security world ↳ Problems with social media, especially Tik Tok ↳ DevOps vs DevSecOps ↳ Rob's favorite influencers and bloggers And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 8 of Tattoos, Code, and Data Flows, Matt Rose interviews Ory Segal, Sr. Director of Product Management at Palo Alto Networks. Ory Segal is an expert in application security and cloud security and holds numerous patents! Along with being the Senior Director of Product Management at Palo Alto Networks, Ory is an Advisor for Oxeye and Zenity, and is a member of CyberStarts! Ory and Matt talk about: ↳ The creation of the Application Security Posture Management genre ↳ The fragmentation in the cyber security industry ↳ Looking at security as a swiss cheese paradigm ↳ Ory's band and tattoos And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 7 of Tattoos, Code, and Data Flows, Matt Rose interviews Walter Haydock, Director of Product Management at Privacera. Walter is a Naval Academy grad, Marine Corp veteran, and has a ton of experience in security product management. He is an active member of the security community and contributes regularly to his own blog called Deploying Securely (http://haydock.substack.com/ (haydock.substack.com)). He also contributes to the tech and veteran communities by offering free 30-minute sessions to veterans looking to get into tech (see this link: https://www.linkedin.com/posts/walter-haydock_marine-corps-veterans-looking-to-get-into-activity-6873953034469171200-LLUp/). Walter and Matt talk about: The importance of managing risk across the SDLC Why money talks - the impact of risk measured in dollars How business context should be applied to risk How a poor interpretation of risk scores causes businesses to overcorrect And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 6 of Tattoos, Code, and Data Flows, Matt Rose interviews Scott "Csp3r" Lyons, CEO & Co-Founder of Red Lion Security. This podcast episode is filled with the perfect mix of technical, professional, and personal. Scott has a ton of experience as an entrepreneur in security, but also as a hacker and an individual contributor to the security community. Scott and Matt talk about: The impact of personal information security practices on digital privacy The importance of doing your own research instead of blindly following thought leaders How a "digital bank" could impact cybersecurity Blockchain and the impact on security And so much more. Be sure to listen to this episode, and so many of our other great episodes by hitting the follow button. Make sure to like and subscribe to the episode. We hope you enjoy it!

In Episode 5 of Tattoos, Code, and Data Flows, Matt Rose interviews David Matousek, Product Owner & Cybersecurity Technical Lead at John Hancock.  We are very excited for you to listen to this episode. David is someone who we consider to be at the forefront of Application Security Posture Management. He has written extensively about cloud security, application security, and more. David and Matt talk about: How David made his way into the cybersecurity industry How he began his obsession over application security posture Defining Application Security Posture Management and what is “posture” How businesses can make more data-driven decisions in security And so much more. Join us by listening to this podcast episode and by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode!

In Episode 4 of Tattoos, Code, and Data Flows, Matt Rose interviews Eyal Mamo, CTO & Co-Founder at Bionic. Prior to becoming the CTO & Co-Founder at Bionic, Eyal was a member of Unit 8200 in the IDF and the VP of R&D at Cymmetria. Eyal and Matt talk about: Eyal's story and how Idan and himself founded what is now known as Bionic New innovative technologies and mindsets in application security How a simple shift in governance and security could improve an organization's security posture Join us by listening to this podcast episode and by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode!

In Episode 3 of Tattoos, Code, and Data Flows, Matt Rose interviews Mark Geeslin, Head of InfoSec and Product Security for Ramsey Solutions. He has worked as a Product Security & Information Security leader for Ramsey Solutions, Asurion, Citrix, and Intuit, and is well-known for founding MusicCityCon, a technical Product Security event in Nashville. Matt and Mark talk about how: Important and valuable red teaming can be to application security teams Application security teams should be managing security processes, but ultimately the engineering and developer teams need to be the ones remediating and fixing There are so many more ways security can be automated, and we need to explore how to improve from an AppSec standpoint Join us by listening to this podcast episode and by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode!

In Episode 2 of Tattoos, Code, and Data Flows, Matt Rose interviews Mario Vuksan, CEO & Co-Founder of ReversingLabs which provides modern security teams with visibility into every associated malware file, location, and threat with the speed, accuracy, and scale required for today's digital enterprise. Mario shares his thoughts about what he sees as gaps in the modern enterprise's security program, why people need to get away from checkbox diplomacy, and how the security world is actually addressing things as soon as possible. Join us by listening to this podcast episode and by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode.

On our very first episode of Tattoos, Code, and Data Flows, Matt Rose interviews Alan Shimel, CEO & Founder of TechStrong Group which houses media assets like DevOps.com, Security Boulevard, Container Journal, and more. Alan shares his thoughts about where the security world lives today, how security integrates into CI/CD and DevOps, his perfect world when it comes to security and developer professionals, and more. Join us in our inaugural podcast episode by hitting the like button, subscribing to the podcast, and leaving a review! We appreciate you listening, and hope you enjoy the episode.