Hacker Valley Studio

Hosted by Hacker Valley Media

Technology EducationInterviews guests

Website RSS feed LinkedIn YouTube

Episodes

427

Latest episode

Jun 2026

Language

About the show

Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.

Listen to episodes

60 recent

June 16, 2026Episode 43028 min

Feed Your Brain: What Cybersecurity Veterans Are Getting Wrong with Johnny Xmas

Is AI really coming for your red teaming job? What does it actually take to build a team that thinks like the adversary, and what happens when that team stops caring? And what do you do when you've been in this field long enough that the job that once fired you up has started to feel hollow? In this episode, Ron catches up with Johnny Xmas, Head of Offensive Security at a Fortune 150 Global Food Manufacturer, and one of the most candid voices in offensive security, for a conversation that covers a lot of ground fast. They go deep on where AI actually fits into offensive security workflows, what Johnny really looks for when building elite teams, and why the career advice everyone gives early practitioners might be setting them up for burnout down the road. The conversation takes a turn that doesn't come up enough in this industry, and it's the part you won't want to miss. If you've ever felt your tank running low, this episode was made for you. Impactful Moments 00:00 - Introduction 02:10 - Busting the myth: AI is not replacing red teamers 04:30 - Guest introduction: Johnny Xmas 06:15 - How the offensive security job has changed with AI 09:35 - The SEC 8-K IoC parser tool Johnny just published 11:40 - Building elite teams: what skills Johnny actually hires for 12:45 - Soft skills over technical gaps, and why the fire has to come with you 15:40 - Why "where do you see yourself in five years?" is a garbage question 17:30 - Has Johnny ever crossed the line when it comes to hacking? 20:20 - What to do when you've stopped caring about the job 26:25 - Outro: The AI myth, revisited Links Johnny Christmas on LinkedIn: https://www.linkedin.com/in/johnnyxmas/ Johnny's SEC 8-K IoC parser tool: https://github.com/johnnyxmas/its-over-8k — Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show: https://hackervalley.com/work-with-us/

June 9, 2026Episode 42925 min

Fighting Smarter: What Combat Sports Teaches Us About Cyber Defense with Robin Black

What does a calf kick have to do with vulnerability management? What can a fighter's mindset teach a security practitioner about operating against an adversary they've never faced? Ron Eddings brings back fan-favorite combat sports analyst and commentator Robin Black for a conversation that was never meant to be about cybersecurity, and ends up being one of the most insightful episodes on the human side of the field. They dig into how underdogs actually win (hint: we're usually wrong about who the underdog is), what it really means to maintain control in a fight, and why the highest level of mastery might actually look like letting go of control entirely. The conversation closes with a look at how the cybersecurity landscape is mutating alongside AI, and whether an arms race that trains itself is heading somewhere catastrophic, or whether it's simply the next evolution of the fight. The answer, like most things in this episode, is more nuanced than you'd expect. Impactful Moments 00:00 - Introduction 02:10 - The Rewind: The Calf Kick and the Peroneal Nerve 04:05 - Welcome back, Robin Black 05:30 - Can smaller still beat bigger? 07:00 - Why underdogs don't win (And why we were wrong) 08:25 - Fighting is about exploiting belief systems 09:30 - Maintaining control against an unknown adversary 10:25 - Adapting vs. anticipating: be water 13:00 - Failure is mandatory 17:25 - How Robin’s thoughts have changed about being attacked online 19:00 - AI and the mutating threat landscape 22:15 - Ron's closing thoughts Links Connect with Robin Black on LinkedIn: https://www.linkedin.com/in/robin-black-31b6bb39/ Check out Robin Black on YouTube: https://www.youtube.com/RobinBlack – Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show: https://hackervalley.com/work-with-us/

June 2, 2026Episode 42835 min

Is Vibe Coding Breaking the Internet? with Tanya Janca

What happens when AI writes all the code and nobody reads it? What if the security prompt you trusted still produced software designed to leak your secrets? And who exactly is on the hook when an AI-generated application takes down your company? In this episode, Ron sits down with returning guest Tanya Janca, Secure Coding Trainer at SheHacksPurple Consulting, to dig into one of the most underestimated risks in software development today: vibe coding. Tanya breaks down what vibe coding actually means, why AI trained on the internet's worst repositories is quietly baking the OWASP Top 10 into every app being built, and what her AI-powered secure coding prompt library can do to help. This is a candid, practical, and community-driven episode, the kind that'll make you want to audit your vibe code-a-thon project before it ever touches production. Impactful Moments 00:00 - Introduction 01:40 - The Rewind: Margaret Hamilton and Apollo 11 05:00 - Knight Capital and the $460M software failure 07:00 - Guest introduction: Tanya Janca 08:15 - What vibe coding actually means in 2026 10:00 - Real story: Claude leaked secrets in a live training 11:30 - Securemyvibe.ca and Tanya’s secure coding prompt library 15:00 - OWASP Top 10 vs OWASP Top 10 for LLMs 22:45 - Tanya's petition for the world's first secure coding law 24:55 - Device flow authentication and reducing security friction 28:00 - What the internet would look like in five years without change Links Connect with our guest, Tanya Janca, on LinkedIn: https://www.linkedin.com/in/tanya-janca Get Tanya's free secure coding guideline: https://securecodingguideline.com Subscribe to Tanya’s AI Secure Coding Prompt Library: https://securemyvibe.ca Access Tanya's Newsletter & Free Monthly Training: https://newsletter.shehackspurple.ca Connect with Tanya across all social channels: @shehackspurple – Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show: https://hackervalley.com/work-with-us/

May 26, 2026Episode 42735 min

Why Smart People Fall for Deepfakes with Perry Carpenter

What if the most sophisticated attack has nothing to do with your firewall? In a world where AI can clone voices, re-lip-sync politicians, and spread a fake newscast to 200,000 people in days, the real target has always been your brain. Ron sits down with Perry Carpenter, Chief Deception Strategist at KnowBe4, to unpack why we're still getting fooled in 2026 and what we can actually do about it. Perry gets into the neuroscience behind why our brains are wired the way they are, how attackers exploit that, and what it really takes to build better instincts in a world full of AI-generated content. You'll also want to stick around for the live demos, where Perry breaks down why they worked and how to spot the tells. Impactful Moments 00:00 - Introduction 02:15 - The myth: smart people don't get fooled 05:20 - Flashback segment: the Ireland deepfake and why it went viral 06:15 - Guest introduction: Perry Carpenter 09:50 - Exploiting cultural bias and tribal instincts 13:45 - Live deepfake demo: face and body replacement in real time 15:30 - Synthetic media vs. deepfake: what's the difference? 20:40 - Breaking down a deepfake: what made it convincing 23:00 - Overproof: why bad deepfakes try too hard 27:15 - System 1 vs. System 2 thinking in cybersecurity 29:45 - The FAIK framework: freeze, analyze, investigate, know 32:40 - Ron's closing reflection Links Connect with our guest, Perry Carpenter, on LinkedIn: https://www.linkedin.com/in/perrycarpenter Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show: https://hackervalley.com/work-with-us/

May 18, 2026Episode 42635 min

Who Owns Your AI Security Policy? with Chris Cochran

Right now, someone in your organization is probably feeding sensitive data into an AI system that nobody approved. So when something goes wrong, who's responsible? And more critically, do you even have a policy in place to answer that question? Ron Eddings sits down with his Hacker Valley co-founder, Chris Cochran, now serving as SANS Field CISO and VP of AI Security, to talk about his freshly released SANS AI Security Maturity Model, a practical framework built for security leaders who need to stop philosophizing and start making decisions. They cover the three pillars of AI security maturity: utilizing AI for defense, protecting AI itself, and governing it across the organization. Chris then gets real about where most enterprises actually stand (hint: not as far along as they think). Listen for a conversation that meets you wherever you are: skeptic, early adopter, or somewhere in between. Impactful Moments 00:00 - Introduction 03:00 - Chris Cochran: from Co-Founder to SANS Field CISO 04:20 - Your board is pushing AI before security is ready 06:00 - Tiers of AI uses: summarization to full automation 07:50 - When AI shouldn't make the final call 10:10 - Bite-sized AI: starting small in the enterprise 11:45 - Introducing the SANS AI Security Maturity Model 13:20 - You can no longer afford to be an AI skeptic 16:30 - Three buckets: utilize, protect, and govern AI 18:50 - Fact or Cap: what level of maturity is your enterprise? 21:00 - Retroactive vendor risk and the AI explosion 23:05 - Agentic Identity: workforce, non-human, and beyond 25:00 - What works in the agentic identity space? 27:05 - Blockchain for agent identity: promising or hype? 29:00 - A Message for the next generation of practitioners 31:30 - Ron's closing take: who owns your AI policy? Links Connect with Chris Cochran on LinkedIn: https://www.linkedin.com/in/chrishvm/ Download the SANS AI Security Maturity Model: https://www.sans.org/mlp/2026-ai-security-maturity-model-ebook Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

May 1, 2026Episode 42534 min

Turning 30,000 Findings Into 50 That Matter with Dan Pagel and Brad Hibbert

Mythos just found 30,000 new vulnerabilities, and now every security team is asking the same question: what actually matters? In this episode, Ron Eddings sits down with Dan Pagel, CEO at Brinqa, and Brad Hibbert COO & CSO at Brinqa, to break down the Anthropic Mythos moment that rattled the security industry. From the panic of millions of new findings dropping overnight to the strategy of narrowing them down to the 50 that actually matter in YOUR environment, this episode is a masterclass in exposure management at machine speed. Dan and Brad share how Brinqa helps organizations make sense of massive volumes of findings, correlating data across 260+ connectors, enriching vulnerability context, and delivering clear, explainable actions to IT operations teams. They also tackle the bigger question: how do you build enough trust in AI to let it take autonomous action on your behalf? The answer starts with better data, better explainability, and knowing when to keep humans in (or on) the loop. Impactful Moments 00:00 - Introduction 02:00 - What just happened? Breaking down the Anthropic Mythos moment 04:10 - Why most new findings don’t apply to your environment 07:12 - What Mythos means to the broader market 09:09 - Why AI-driven discovery isn’t slowing down 11:00 - The gap between security and IT ops: how explainability closes it 13:38 - How fast you should go through findings 15:53 - Why MTTR is the wrong metric and what businesses actually care about 18:03 - Why real-time visibility is replacing scheduled scanning 19:50 - Human IN the loop vs. human ON the loop 22:14 - What happens when AI hallucinates? 27:20 - Why we’re over and under-estimating the impact of AI 29:54 - The immediate win Brinqa achieves for its customers 31:50 - What CISOs are really asking now: "What does good look like?" Links Connect with our guest, Dan Pagel, on LinkedIn: https://www.linkedin.com/in/dpagel/ Connect with our guest, Brad Hibbert, on LinkedIn: https://www.linkedin.com/in/bradhibbert/ Learn more about Brinqa: https://www.brinqa.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

April 24, 2026Episode 42439 min

Killing the Playbook with Agentic AI with Allan Alford and Tom Findling

SOAR promised to close the loop in the SOC and fell flat. Agentic AI is finally delivering what a decade of playbooks couldn’t. In this episode, Ron sits down with Allan Alford, SVP at NTT Global Data Centers, and Tom Findling, co-founder and CEO of Conifers.ai. They cover why static playbooks broke under real-world conditions and how agentic systems are flipping the SOC operating model. They get into hallucination guardrails, human-on-the-loop versus human-in-the-loop, and the QR-code phishing investigation an agent solved on its own without being told how. The conversation closes on trust thresholds, the speed of enterprise adoption, and Allan's blunt warning to any CISO trying to slow this train down… you're already on the tracks. Impactful Moments 00:00 - Intro 02:30 - Why the lazy sysadmin always wins 05:15 - Why SOAR fell flat 08:00 - Guardrails, hallucinations, and showing the work 13:00 - The SOC AI holy grail 15:30 - The moment you start saying we 17:30 - QR-code phishing the agent solved alone 19:00 - Why playbooks were never going to scale 28:00 - Earning trust at enterprise scale 33:30 - Stand in front of this revolution and lose 35:40 - Risk quantification on business steroids Links Connect with our guest, Tom Findling, on LinkedIn: https://www.linkedin.com/in/tomfindling/ Learn more about Conifers.ai at https://www.conifers.ai Connect with our guest, Allan Alford, on LinkedIn: https://www.linkedin.com/in/allanalford/ ___ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

April 17, 2026Episode 42334 min

The Epidemic of Sameness Is Killing Your Brand with Don Jeter

In 2025, Torq brought a monster truck to RSAC. And Don Jeter, Torq's CMO, will be the first to tell you: nobody's buying an AI SOC platform because of a grave digger in the booth. In this episode, Ron sits down with Don to discuss what Torq is actually doing in a category packed with 60 near-identical vendors, and why "the epidemic of sameness" is the real threat to every cybersecurity brand right now. Don explains why Torq builds everything in-house, why he starts every strategy by listening instead of pitching the product, and why the only differentiator left in cyber marketing is how much you genuinely care. It's a conversation about brand, but it's really a conversation about trust, community, and what it takes to make a CISO text you back. Impactful Moments 00:00 - Introduction 03:50 - How Don landed at Torq 06:09 - What the Torq brand stands for 07:41 - Giving cybersecurity pros their flowers 09:09 - Cookie-cutter booths, cookie-cutter brands 12:00 - Why Torq built everything in-house 15:34 - Start with listening, not the product 18:13 - "We have to out-care the other teams" 21:45 - Nobody buys because of a monster truck 24:06 - Welcome to the experience age 28:30 - Entertain them or lose them Links Connect with our guest, Don Jeter, on LinkedIn: https://www.linkedin.com/in/donjeter/ Check out our upcoming events: https://www.hackervalley.com/livestreams Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

April 7, 2026Episode 42228 min

Minutes to Meltdown: Cyber Recovery When It Counts with Chris Bevil

Most organizations are prepping for disaster recovery when they should be building for cyber recovery, and those are not the same thing. Recorded live at RSAC Conference 2026, Ron sat down with Chris Bevil, Principal Security AI Strategist at Commvault, to break down what actually happens after a breach hits and why most teams are caught flat-footed. Chris walks us through Commvault's Minutes to Meltdown tabletop exercise, why isolated recovery environments matter, and how clean data determines whether you get your company back in hours or in 200+ days. This episode will tell you what separates a team that recovers from a team that unravels. Impactful Moments 01:16 - Live at RSAC 2026 with Chris Bevil, Principal, Security AI Strategist at Commvault 01:40 - Minutes to Meltdown origin story 03:00 - What goes into a Meltdown? 04:48 - What happens in the first 30 minutes of chaos 07:00 - What Commvault actually does 08:21 - What is IRE? Isolated recovery environment breakdown 10:40 - What is Disaster Recovery in 2026? 13:00 - How cyber recovery differs from disaster recovery 14:20 - Where attackers go in the first 30 minutes 15:40 - The 3-2-1 rule and where teams fail 21:45 - What successful recovery looks like 25:14 - AI strategy at Commvault Links Connect with our guest, Chris Bevil, on LinkedIn: https://www.linkedin.com/in/chris-b-211998a/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

April 1, 2026Episode 42124 min

Building AI Governance Before the Incidents Hit with Guru Sethupathy

AI adoption is outpacing governance at every level, and the cost of waiting is getting higher by the day. Guru Sethupathy, General Manager of AI Governance at Optro and former Founder of FairNow, breaks down what it really takes to build trust in AI systems before things go sideways. Guru lays out a simple but powerful 3 P’s Framework: policies, process, and people, connecting it to what teams are actually dealing with right now, from shadow AI to security threats that don’t look like anything we’ve seen before. If 2026 is the year AI moves from experiments to real operations, this conversation is your blueprint for keeping it under control. Impactful Moments 00:00 - Introduction 02:25 - What does Optro do? Helping companies with the AI governance journey. 03:10 - Why AI governance is really about trust, not control 05:15 - The moment AI went mainstream, and why that changed everything 05:50 - The three real business risks: performance, security, and transparency 07:30 - Human accountability in an AI-driven world 08:48 - What’s actually happening with AI regulation, EU, US, and standards 10:28 - Where Optro fits, orchestration vs monitoring in AI governance 13:05 - The 3 Ps framework: policies, process, and people 14:47 - Governance 101, why AI inventory is the first move every team misses 16:12 - The reality check, AI adoption is outpacing governance everywhere 17:45 - Shadow AI explained, what your team is doing that you can’t see 19:45 - Optro’s top use cases: visibility, compliance, and operationalizing governance 20:43 - Who owns AI governance, and why it’s becoming a team sport 22:20 - Final advice, start now or play catch-up later Links Connect with our guest, Guru Sethupathy, on LinkedIn: https://www.linkedin.com/in/guru-sethupathy/ Learn more about Optro: https://optro.ai/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/