Find partners
Biz & Tech Podcasts — Collaboration Platform
Menu
HomeBusiness and Technology PodcastsAboutBlogContactSubmit Podcast
ConversingLabs Podcast

ConversingLabs Podcast

Hosted by ReversingLabs

TechnologyNewsInterviews guests
WebsiteRSS feedLinkedInYouTube

Episodes

53

Latest episode

Jun 2026

Language

EN

About the show

ConversingLabs Podcast brings you conversations with the best and brightest minds in malware analysis, threat hunting, and software supply chain security. Hosted by Paul Roberts, director of editorial and content at ReversingLabs, ConversingLabs digs into cutting edge topics that are most pressing in the world of cybersecurity.

Listen to episodes

53 recent
June 4, 2026Episode 250 min

Building Secure AI - A Conversation With Steve Wilson of Exabeam

Host Paul Roberts welcomes Conversing Labs  guest Steve Wilson, Chief AI and Product Officer at Exabeam and co-chair of the OWASP GenAI Security Project. Steve discusses his path from early programming to AppSec at Contrast Security and leading the OWASP Top 10 for LLMs, which grew into a large community and later an Agentic Top 10.Wilson explains AI’s recent leap via transformer architecture, cloud scale, and GPUs, and describes Exabeam’s evolution from SIEM and behavior analytics to generative and agentic AI with multiple security agents. He summarizes his 2024 O’Reilly book expanding OWASP risks into case studies and secure development practices, emphasizing that AppSec alone is insufficient for autonomous agents, requiring monitoring and “agent behavior analytics.” The conversation highlights AI supply chain risks (models, plugins/MCP, OpenClaw skills, fake Chrome extensions), scoping/least privilege, and the practical impact of tools like Claude Code on AppSec and security operations.00:00 Welcome and Guest Intro02:35 Steve’s Cyber Journey04:13 OWASP LLM Top 10 Origins06:21 From LLMs to Agents06:59 Tron and AI History09:32 Why Transformers Changed Everything11:35 What Exabeam Actually Does16:08 Writing the LLM Security Book20:27 Agent Risks Beyond AppSec22:05 What Changed Since 202423:30 Reasoning Models and Strawberry26:18 Agentic Top 10 and Supply Chain27:11 Hallucinated Dependencies27:47 Model Supply Chain Trust28:57 Plugins And Agent Exploits29:58 MCP And Skills Risks31:01 Chrome Plugin Trap33:47 RAISE Framework Overview35:12 Monitoring Digital Workers38:40 Scoping And RAG41:44 Excessive Agency Controls43:02 Sandboxed Assistant Build45:16 AI Impact On Infosec49:15 Closing And Contact

February 12, 2026Episode 136 min

Predictions For Software Supply Chain Security In 2026

In this episode of ConversingLabs Podcast, host Paul Roberts interviews ReversingLabs Chief Trust Officer Saša Zdjelar about the recent Notebook++ hack and what he thinks software supply chain security will look like in 2026. The two will also discuss the findings of RL’s fourth annual report on the subject, which offers six predictions for how threats will evolve, as well as how security teams will respond. Also, Saša will share his take that the technology industry needs to move away from a “move fast and break things” mindset in order to best secure software supply chains.Read Saša's commentary for Cyber Scoop here: https://cyberscoop.com/move-fast-break-things-cybersecurity-supply-chain-security-op-ed/ Read the 2026 Software Supply Chain Security Report here: https://www.reversinglabs.com/sscs-report

December 4, 2025Episode 1043 min

Can Frameworks Stop Supply Chain Attacks?

In this episode of ConversingLabs Podcast, host Carolynn van Arsdale welcomes North Carolina State University Professor Laurie Williams and Ph.D. student Sivana Hamer to discuss their team’s research on the effectiveness of software supply chain security (SSCS) frameworks. Their study, “Closing the Chain,” (PDF) found that software products would still be vulnerable to attacks like SolarWinds, Log4j and XZ Utils – even if they fully enforced 10 well-known SSCS frameworks published by government, industry, academia and open source.

November 5, 2025Episode 952 min

The State of Vulnerability Management

In this episode of ConversingLabs, host Paul Roberts interviews Casey John Ellis, founder of Bugcrowd, about the state of vulnerability management and bug bounties in 2025. Casey shares his insights on current changes impacting both the threat landscape and the cybersecurity industry, such as matters at the federal level and increased AI usage. Looking at the future, Casey also mentions how important it is to welcome the next generation into cybersecurity.

October 14, 2025Episode 824 min

Who Will Maintain Open Source’s Future?

In this episode of ConversingLabs, host Paul Roberts interviews Abigail Cabunoc Mayes, who is responsible for Open Source Maintainer Programs at GitHub – the world’s leading development platform – about the uncertainty of open source’s future. This uncertainty is caused by a steady decline in Gen Z maintainers, which presents a major software supply chain security risk. Abigail will explain how in order to welcome and retain young maintainers, the OSS community must understand the perspectives of Gen Z, and ensure their needs are met. She will also walk through actions that the community can immediately take to address this growing uncertainty.Read Abigail's blog post on the topic here: https://github.blog/open-source/maintainers/who-will-maintain-the-future-rethinking-open-source-leadership-for-a-new-generation/

August 21, 2025Episode 732 min

Security Badging Open-Source Projects

In this episode of ConversingLabs, host Carolynn van Arsdale interviews Kadi McKean, Community Manager at ReversingLabs, to discuss a new initiative aimed at securing the open source software supply chain: the Spectra Assure Community Badge. As a result of threat actors continuing to target open source software (OSS) platforms like PyPI and npm, it’s become increasingly difficult for developers to avoid malicious packages. Kadi explains how this new, free badging system can help the community quickly identify which open source projects meet the most rigorous security standards. If you're a maintainer and want to work with Kadi, email community@reversinglabs.com.

July 10, 2025Episode 642 min

Aviation Has A Software Problem

In this episode of ConversingLabs, host Paul Roberts interviews Jiwon Ma, Senior Policy Analyst at the Foundation for Defense of Democracies (FDD), about her recent report that addresses the urgent cybersecurity challenges facing the aviation industry. The report, "Turbulence Ahead: Navigating the Challenges of Aviation Cybersecurity" (PDF), analyzes a number of factors that are putting U.S. aviation infrastructure at increasing cyber risk, including how weaknesses in the software supply chain pose serious risks to the industry.

July 1, 2025Episode 543 min

The Threat of Package Hallucinations

In this episode of ConversingLabs, host Paul Roberts interviews Major Joe Spracklen, a PhD student at the University of Texas at San Antonio, who recently published a paper with his peers regarding the threat posed to software supply chains caused by code-generating Large Language Models (LLMs). The paper, “We Have a Package for You! A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs” (PDF), discusses how the rise of these LLMs can create package hallucinations that arise from fact-conflicting errors – representing a novel form of package confusion attack.

May 8, 2025Episode 435 min

Going Back to Basics to Thwart Attacks

In this episode of ConversingLabs, host Paul Roberts interviews Chuck McWhirter, principal solutions architect at ReversingLabs, about the importance of sticking to basics when it comes to thwarting attacks from adversaries. Chuck recounts his experiences in both the public and private sectors, including his efforts in securing the 2002 Olympics – back when the Security Operations Center (SOC) had not yet evolved. The details of Chuck’s journey shed light on how enterprise security teams can better handle the cyber threats stemming from nation-state adversaries. By minimizing cybersecurity tool sprawl and alert fatigue, as well as assessing situational risk, Chuck argues that security teams stand a better chance against attackers.

April 10, 2025Episode 351 min

AppSec Girl Power

In this episode, host Carolynn van Arsdale interviews Tanya Janca (aka SheHacksPurple), a world-renowned application security (AppSec) leader, author, speaker and educator. In addition to having multiple bestselling books, such as ‘Alice and Bob Learn Secure Coding,’ Janca is the founder of We Hack Purple and leads education and community for Semgrep. In their conversation, they discuss how Janca’s career embodies AppSec Girl Power: Beginning from her start as a software developer, up to her current success as a prominent thought leader in AppSec and secure coding philosophy. Subscribe to Tanya's newsletter here, and if you're an AppSec professional, take her survey here. Find Tanya on social media:https://bsky.app/profile/shehackspurple.bsky.social https://twitter.com/shehackspurplehttps://www.linkedin.com/in/tanya-jancahttps://infosec.exchange/@SheHacksPurplehttps://www.tiktok.com/@shehackspurplehttps://www.youtube.com/shehackspurple

Is this your show?

Claim this listing to keep it up to date, reach guests who want to pitch you, and manage bookings with Guestify.

Claim this listing

More Technology podcasts

Modern Cyber with Jeremy Snyder

Modern Cyber with Jeremy Snyder

Jeremy Snyder

TechnologyBusiness
AI Pulse - Daily AI News Podcast

AI Pulse - Daily AI News Podcast

Richey Malhotra

Technology
Drive Electric Alabama

Drive Electric Alabama

Drive Electric Alabama

TechnologyInterviews guests
Builders by Proxify

Builders by Proxify

Proxify

TechnologyInterviews guests
Beyond Binary

Beyond Binary

Rupa Singh

Technology
Transforming Tech: Advancing Innovation Through Inclusion

Transforming Tech: Advancing Innovation Through Inclusion

The National Academy of Sciences

BusinessManagementInterviews guests