Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibi…

Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partn…

Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her car…

Kelly Jackson Higgins is the Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with over 20 years of experience as a reporter and editor. Publications that Kelly has been associated with include Network Computing, Secure Enterprise Magazine, Communications Week, and more. Kelly’s coverage of com…

Cheryl Biswas is a Cyber Security Consultant focusing on threat intelligence at KPMG Canada. Her IT career began over 20 years ago at CP Rail’s helpdesk, with further roles in vendor management and change management. She went on to work as an InfoSec researcher at JIG Technologies where she advised her team and clients on security matters and weekl…

Dr. Chenxi Wang is the founder of the Jane Bond Project. She has built an illustrious security career with experience at Forrester Research, Intel Security, CipherCloud, and Twistlock. Dr. Wang started her career as a computer security faculty member at Carnegie Mellon University. She holds a Ph.D. in Computer Science from the University of Virgini…

Kate Pearce is a Senior Security Consultant at Cisco within the Customer Solutions division. In her career, Kate approaches security from diverse perspectives encompassing defenders, builders, assessors, and attackers. Her approach blends business, academic, and assessment contexts with a clear focus on evidence-driven security approaches. Kate hol…

Jessy Irwin is Vice President of Security and Privacy at Mercury Public Affairs. Her work focuses on human-centric technology and security. Jessy works tirelessly to make security and privacy accessible to the average person through education and awareness. As an outspoken advocate, she writes and speaks publicly about security research, strong cry…

Kelly Lum, a.k.a. Aloria, is a Security Engineer at Tumblr and an Adjunct Professor of Graduate Computer Networking and Application Security at NYU. She has 13 years of experience in computer security, having previously worked in both the government and financial services spaces. Kelly is also a frequent speaker on the Black Hat SummerCon Counterme…

Lesley Carhart is the Security Incident Response Lead at a large corporation in the Chicagoland area where she and her team work with digital theft, misconfiguration, and hacking issues. She has 17 years of experience in the IT industry, eight of which focus on incident response and digital forensics. Lesley holds a BS in Network Technologies from …

Dr. Marie Moe is a Security Researcher at SINTEF and an Associate Professor at the Norwegian University of Science and Technology. She was previously a Team Leader at NorCERT, the Norwegian national CERT, where she managed incident response to cyberattacks against national critical infrastructure. Marie’s recent work focuses on public safety and se…

Mike Pittenger is the VP of Security Strategy at Black Duck Software where he is responsible for strategic leadership of security solutions, including product direction and strategic alliances. He has 30 years of experience in technology and business, more than 25 years of management experience, and has spent the past 15 years focusing on security.…

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and secure engineering. He is also the founder of Brakeman Security which produces a Ruby on Rails security scanner. He is a volunteer and Former Global Board Member of the Open Web Application Security Project (OWASP) and the author of Iron-Clad Jav…

Lance Cottrell is the Chief Scientist at Ntrepid where he works on the Passages product. He founded Anonymizer, Inc. in 1995, which was later acquired in 2008. Lance has been at the cutting edge of Internet privacy, anonymity, and security for over 20 years. He is on the board of the North Bay Angels and is a mentor for SoCo Nexus Sprout. He lives …

Yanek Korff is the owner of Korff Consulting, LLC where he is a strategic consultant advising firms on information security topics. Having worked at Bell Atlantic, Cigital, AOL, and Mandiant, Yanek has well over a decade of experience in security operations, development, and infrastructure. Listen as Gary and Yanek discuss outsourcing, people vs. a…

David Nathans is a security professional with Siemens Healthcare where he specializes in medical device security. He has extensive experience in building security operations centers (SOCs) and cyber security programs. As the author of Designing and Building Security Operations Center and an original member of the first cyber squadron of the Air Nat…

Martin E. Hellman is Professor Emeritus of Electrical Engineering at Stanford University. A graduate of New York University, Martin went on to earn both a Master’s degree and Ph.D. in Electrical Engineering from Stanford. He is the author of over 70 technical papers, holder of 12 U.S. patents, co-inventor of public key cryptography, and the 2015 Tu…

To celebrate 10 straight years of the monthly Silver Bullet Security Podcast, we’re flipping the mic. During the past decade, Dr. Gary McGraw has interviewed some of the security industry’s most influential gurus. A globally recognized authority on security and software, he is the CTO of Cigital and the author of eight bestselling books on software…

As the Chief Architect for Security Products at NetSuite, Jacob West leads research and development for technology to identify and mitigate security threats. West has over a decade of experience developing, delivering, and monetizing innovative security solutions. Prior to his role at NetSuite, he served as the CTO for Enterprise Security Products …

Gary talks to Jack Daniel, a leading technology community activist, about the evolution of the community-driven BSides Con, changes in the security field over the last decade, and his thoughts on where good security people come from. Jack is currently a Strategist for Tenable Network Security, and has over twenty years of experience in network and …

Gary talks to Jamie Butler, a self-proclaimed “coder at heart,” about the importance of an offensive security approach, attack patterns, and his specialization in rootkit development. Jamie is currently the CTO and Chief Scientist at Endgame where he leads research on advanced threats, vulnerabilities, and attack patterns. He has directed vulnerabi…

Gary talks to Dr. Doug Maughan about scientific research in computer security and its relationship to wider government efforts in security. Maughan is currently the Cyber Security Division (CSD) Director for the Homeland Security Advanced Research Projects Agency. With a Ph.D. in Computer Science and over 10 years of experience working with the Dep…

Gary talks to Peiter Zatko, better known as “mudge” in hacker and security circles, about the evolution of the L0pht hacker collective and how his work in security influenced key agencies within the U.S. government to ramp up their cybersecurity efforts. During his time as a Program Manager with DARPA, mudge worked to fund much needed research for …

Gary talks to the Chief Information Security Officer of Qlik, Peter “Pete” Clay, who holds 20+ years of experience in technology growth and its relationship to security from a risk management perspective. Pete brings federal, public, private and start-up insight into the global security space. He shares personal lessons he has learned as a consulta…

Gary talks to Cigital’s Chandu Ketkar. With 20+ years of experience as a developer prior to getting into security, Chandu brings a unique and enlightened view to software security. Chandu shares his insight into why developers and security experts struggle to get along, and offers a solution from the world of economics. He also provides lessons fro…

We thought the “crypto wars” were resolved in the late 1990s. But the introduction of encrypted devices­—specifically the release of iOS 8 and the growing number of available encrypted communication channels through public services such as Facebook and Snapchat—has resurfaced the debate. FBI Director Comey and other law enforcement groups are conce…

Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security. He is the inventor of both the proxy firewall and early-advanced intrusion systems. Gary and Marcus discuss the current state of software security, firewalls, de-p…

On the 110th episode of The Silver Bullet Security Podcast, Gary talks with Paul Dorey, founder of CSO Confidential and Visiting Professor at the University of London. Gary and Paul discuss the modern role of the CSO and the ideal background for a CSO, Paul’s biggest win and biggest mistake as a CSO, and the role of building security in as part of …

On the 109th episode of The Silver Bullet Security Podcast, Gary is joined by Bart Preneel. Bart is a full professor at the KU Leuven, one of the oldest universities in the world. Gary and Bart discuss the differences in approaches to security between the EU and the US, what the picture of building security in looks like around the world, quantum c…

In the 108th episode of the Silver Bullet Security podcast, Gary talks with Katie Moussouris, Chief Policy Officer of HackerOne. Gary and Katie discuss her first program (a piece of interactive fiction in the Choose Your Own Adventure category written in Basic), bug bounty programs, how financial services and healthcare firms might approach vulnera…

L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security. They close out their discussion with the most surprising hangover cure and Jean’s f…

Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what i…

On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussin…

On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behi…

On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why “old media” can’t support in-depth security reporting, and why the government continues to be five years …

On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what he learned when running the US Navy that can be applied to comput…

On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation …

After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?…

On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They g…

On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of b…

On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type…

On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out th…

On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days. They close out their chat with Charlie’s official car hacking soundtrack. …

On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk a…

On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, an…

On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms act…

On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profi…

On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_…

On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teach…

On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software…