Bare Knuckles and Brass Tacks

Quinnlan Varcoe, founder of Blueberry Security, joins the show for a raw conversation about building a security startup!Quinn takes us through her wild ride from SOC analyst to founder - including how she shut down her business only to relaunch it stronger than ever. George K and George A talk to Quinn about: Finding your true product-market fit in the security services space The brutal reality of B2B sales cycles (hint: they're WAY longer than you think) How literally ONE client call changed everything while she was recovering from surgery Her narrative-based approach to security operations trainingPlus, Quinn opens up about her experience as a trans founder in cybersecurity, navigating both professional challenges and today's political climate.This episode is PACKED with insights for founders, security practitioners, and anyone interested in the human side of building something from scratch. ---------------🏳️‍🌈 Pride Month is just around the corner! We're once again running our t-shirt campaign to raise money for scholarships for LGBTQ+ students in cybersecurity programs.In the month of June, all profits from any Pride gear purchased from the BKBT Swag Store will be donated.Set your reminders for June, and check out the collection: https://bkbtpodcast.shop/

Dr. Kashyap "Kash" Thimmaraju joins the show to talk about a new study on burnout, wellbeing, and flow state in security operations.George K and George A talk to Kash about: New research using psychologically validated scales to measure burnout in cybersecurity professionals How "flow state" might be the key to better performance AND preventing burnout The impact of remote work and isolation on security teams Practical techniques security leaders can implement TODAY to support their teamsProtecting our human resources is just as important as protecting our digital ones.Dr. Thimmaraju and his co-authors' research points to a significant gap in how we understand and support the mental wellbeing of security professionals. It's time to start changing that conversation.Mentioned this episode: Human Performance in Cybersecurity Operations Paper: https://flowguard-institute.com/wp-content/uploads/2025/03/Human-Performance-in-Security-Operations.pdf Human performance in cybersecurity survey: http://flowguard-institute.com/hpcs Flow Guard Institute: http://flowguard-institute.com

Recorded LIVE at RSAC 2025: Don Jeter, Chief Meme Officer at Torq returns! He breaks down how Torq built a cult brand in cybersecurity around their "SOAR is Dead" campaign.George K and George A talk to Don about: Harnessing creativity in an era of algorithmic optimization: “You're not remembered for the safe ideas ever" Building internal excitement with your team (especially sales) before launching campaigns Creating something people actually want to be part of, not just another product His beliefs that brand leads to demandIf you're tired of AI-generated content, algorithm chasing, and the same old B2B tech marketing playbook, this episode delivers practical advice on standing out in an oversaturated market.This episode is presented in partnership with Torq.Check out the full video version of this interview on YouTube.

George K and George A are off to San Francisco for RSAC 2025 this week. Here are some short musings on what they think they might see...Mentioned:  Chase Cunningham has built an app that lets you rank vendor demos in real time! If you'd like to join the effort, you can do so here: https://10ringvendors.glide.page

“When you look at cybersecurity…we've got to be constantly thinking about how we disrupt ourselves in order to actually solve the problem."Casey Ellis is a hacker, a founder, and an advisor and investor. Occupying a lot of different vantage points in cyber has given him a very unique perspective on the industry.George K and George A talk to Casey about: How Casey went from hacker to solution architect to entrepreneur, creating a marketplace that connects ethical hackers with companies who need them Why security startups focused solely on acquisition are hurting the industry (and why defenders deserve better) The reality check on AI in security - separating hype from actual value Why human creativity will always be necessary in security (automation is great, but humans build systems and humans break them)It’s real and it’s raw. As always.👊⚡️🏳️‍🌈 Our Pride campaign kicks off in June, and we're looking for a brave vendor sponsors! Queer communities are facing backlash and corporations are shrinking back into the shadows. We’re looking for courageous vendor partners and individuals who will consider matching donations to help us multiply the show's contribution. If you’d like to remain anonymous, that’s fine, too. After all it’s about getting resources to those who need it.If you're interested, get in touch: contact@bareknucklespod.com 

Jake Bernardes, CISO at Anecdotes, brings a uniquely adventurous spirit to this week’s show! And his ethos of “Don’t be an a**hole” is certainly one we can get behind.George K and George A talk to Jake about: Jake's "inherent risk-taker" philosophy that's guided his career moves Why the best CISOs are "repulsed by the idea of being bored" and how that drives innovation The changing face of security leadership - from risk-averse consultants to today’s disruptive problem solvers His refreshingly honest take on how CISOs should interact with vendors: "Just don't be an a**hole"Whether you're in the trenches, pitching security tools, or running a whole damn cyber program, Jake drops serious insights you can use.————👊⚡️Support the show!For as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!https://ko-fi.com/bareknucklesbrasstacksYour contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.We appreciate you!

George K and George A are out this week to keynote SecureWorld Toronto and host the Cyber Pitch Battle Royale. Catch up on interviews you may have missed with: Stacey Lokey-Day on collecting experiences to build your career Candace Williams on the keys to networking Allan Alford on the best ways vendors can engage with CISOs and ensure they stay in good graces Jessica Andree on how to build loyalty and performance through better talent acquisition Kate Wood on the top 3 pieces of advice for advancing your career———👊⚡️SUPPORT THE SHOW!https://ko-fi.com/bareknucklesbrasstacksFor as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.We appreciate you!

This week, Ads Dawson, Staff AI Security Researcher at Dreadnode, joins the show to talk all things AI Red Teaming!George K and George A talk to Ads about: The reality of securing #AI model development pipelines Why cross-functional expertise is critical when securing AI systems How to approach continuous red teaming for AI applications (hint: annual pen tests won't cut it anymore) Practical advice for #cybersecurity pros looking to skill up in AI securityWhether you're a CISO trying to navigate securing AI implementations or an infosec professional looking to expand your skill set, this conversation is all signal.Course mentioned: https://learn.nvidia.com/courses/course-detail?course_id=course-v1:DLI+S-DS-03+V1————👊⚡️BECOME A SHOW SUPPORTERhttps://ko-fi.com/bareknucklesbrasstacksFor as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.We appreciate you!

Ever wondered why cybersecurity hiring is broken? Jessica's flipping the script with a revolutionary approach to talent acquisition and development!George K and George A talk to Jessica about: How she transformed the company’s hiring by focusing on building talent rather than looking for unicorns or perfect fits Why asking "Why are you here?" is her #1 interview question (and what she learns from it) How her military background shaped her approach to servant leadership Their "strange renegades" philosophy that's created remarkable team loyalty"Accessibility does not equate to aptitude. Some people just don't have access, but that doesn't mean they won't be great employees."Every company struggling with talent acquisition or employee churn needs to check out this conversation.Jessica's transparency about Risk360's approach to compensation, benefits, and career development is refreshingly honest.Listen now and let us know what you think! Could this approach work in your organization?------------🇨🇦 Toronto listeners! We’ll be setting the stage on fire with the opening keynote at SecureWorld Toronto on April 8th. And…we’ll be closing out the show with our signature event, the Cyber Pitch Battle Royale!Register for the Cyber Pitch Battle Royale here————👊⚡️BECOME A SHOW SUPPORTERhttps://ko-fi.com/bareknucklesbrasstacksFor as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.

This week, researcher Kate Wood from Info-Tech joins the show to talk about the future of security autonomization with AI.George K and George A talk to Kate about: The reality of AI adoption in security beyond marketing hype (and where the hallucinations are still problematic) Modernizing vendor risk management beyond checkbox exercises A fascinating framework for "autonomization" vs. automation - and understanding your tolerance for AI decision-making at operational, tactical and strategic levels And Kate drops some incredibly real and raw career advice on authenticity, pursuing work you love, and finding mentorsResearch mentioned: https://www.infotech.com/research/ss/build-an-autonomous-security-delivery-roadmap-----------🇨🇦 We’ll be setting the stage on fire with the opening keynote at SecureWorld Toronto on April 8th. And…we’ll be closing out the show with our signature event, the Cyber Pitch Battle Royale!Register for the Cyber Pitch Battle Royale here————👊⚡️BECOME A SHOW SUPPORTERhttps://ko-fi.com/bareknucklesbrasstacksFor as little as $1 a month, you can support the show and get exclusive member benefits, or send a one-time gift!Your contribution covers our hosting fees, helps us make cool events and swag, and it lets us know that what we're doing is of value to you.We appreciate you!