ConversingLabs Podcast
Episodes
Can Frameworks Stop Supply Chain Attacks?
04 Dec 2025
Contributed by Lukas
In this episode of ConversingLabs Podcast, host Carolynn van Arsdale welcomes North Carolina State University Professor Laurie Williams and Ph.D. stud...
The State of Vulnerability Management
05 Nov 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts interviews Casey John Ellis, founder of Bugcrowd, about the state of vulnerability management and...
Who Will Maintain Open Source’s Future?
14 Oct 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts interviews Abigail Cabunoc Mayes, who is responsible for Open Source Maintainer Programs at GitHu...
Security Badging Open-Source Projects
21 Aug 2025
Contributed by Lukas
In this episode of ConversingLabs, host Carolynn van Arsdale interviews Kadi McKean, Community Manager at ReversingLabs, to discuss a new initiative a...
Aviation Has A Software Problem
10 Jul 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts interviews Jiwon Ma, Senior Policy Analyst at the Foundation for Defense of Democracies (FDD), ab...
The Threat of Package Hallucinations
01 Jul 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts interviews Major Joe Spracklen, a PhD student at the University of Texas at San Antonio, who rece...
Going Back to Basics to Thwart Attacks
08 May 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts interviews Chuck McWhirter, principal solutions architect at ReversingLabs, about the importance ...
AppSec Girl Power
10 Apr 2025
Contributed by Lukas
In this episode, host Carolynn van Arsdale interviews Tanya Janca (aka SheHacksPurple), a world-renowned application security (AppSec) leader, author,...
Cybersecurity's Double-Edged Sword
26 Mar 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts chats with Malcolm Harkins, Chief Security and Trust Officer at HiddenLayer, about cybersecurity’...
The Evolution of Threat Intel
17 Mar 2025
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts chats with Jason Valenti, director of product at ReversingLabs, about the evolution of threat int...
Hackers Hacking Hackers
01 Oct 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Security Researcher Sam Curry about his own experience being hacked via the Internet of Things and how i...
The Past, Present & Future of SBOMs
10 Sep 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Beau Woods, Founder & CEO of Stratigos Security, about the history of the software bill of materials...
Is Cybersecurity Ready for the SolarWinds Prosecution?
22 May 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Tarah Wheeler, CEO of Red Queen Dynamics, about her recent Council on Foreign Relations piece regarding ...
Chinese APT Group Exploits SOHO Routers
03 Apr 2024
Contributed by Lukas
In this episode of the ConversingLabs podcast, host Paul Roberts chats with Daniel Adamitis, a Principal Information Security Engineer at Lumen Techno...
Securing Medical Devices with SBOMs
27 Mar 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Kevin Fu, an Electrical & Computer Engineering Professor at Northeastern University, about the new f...
The LockBit Takedown: What We Know
15 Mar 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Ali Khan, Field CISO at ReversingLabs, about the recent takedown of the LockBit ransomware group, which ...
The State of Software Supply Chain Security 2024
28 Feb 2024
Contributed by Lukas
In this episode, host Paul Roberts chats with Karlo Zanki, a Reverse Engineer at ReversingLabs, about the state of software supply chain security in 2...
The State of Open Source Software Security
05 Oct 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Mikaël Barbero, Head of Security at the Eclipse Foundation, about the state of open source software sec...
Apple Devices as a Growing Attack Vector
27 Sep 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Devin Byrd, Director of Threat Intelligence at Kandji on the sidelines of the 2023 Black Hat USA confere...
The Art of Security Chaos Engineering
20 Sep 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Kelly Shortridge, a Senior Principal at Fastly, on the sidelines of the 2023 Black Hat USA Conference. I...
Modern Risks to the Internet of Things and Software Supply Chains
13 Sep 2023
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts chats with Thomas Pace, the CEO & co-founder of the firmware security firm NetRise. Thomas an...
Lemons & Liability: What it Means for Software Applications
06 Sep 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Daniel Woods, a Cybersecurity Lecturer at The University of Edinburgh on the sidelines of the 2023 Black...
Creating the Standard for Supply Chain Risk
21 Jun 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Robert Martin of MITRE and Cassie Crossley of Schneider Electric about their session at this year’s RS...
How Do You Trust Open Source Software?
14 Jun 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Naveen Srinivasan, an OpenSSF Scorecard Maintainer, about his talk at this year’s RSA Conference on ho...
The State of Application Security
01 Jun 2023
Contributed by Lukas
In this episode, we interview Chris Romeo, CEO of Kerr Ventures and long-time application security (app sec) practitioner on the sidelines of the 2023...
Red Teaming the Indian Government
23 May 2023
Contributed by Lukas
In this episode of ConversingLabs, host Paul Roberts chats with John Jackson, a security researcher, about the work he and research group Sakura Samur...
SBOM skeptics and talks about the importance of software supply chain transparency
10 May 2023
Contributed by Lukas
In this special Café edition of ConversingLabs, host Paul Roberts interviews Joshua Corman, the Vice President of Cyber Safety Strategy at Claroty an...
Malware & Software Supply Chain Security
27 Apr 2023
Contributed by Lukas
In this special edition episode of ConversingLabs, host Paul Roberts interviews ReversingLabs Director of Product Management, Charlie Jones, on the si...
Contextualizing the National Cybersecurity Strategy
26 Apr 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Devin Lynch, Director of Supply Chain and Technology Security for the Office of the National Cyber Direc...
The Future of Bug Bounties
19 Apr 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Katie Mousourris, CEO and Founder of Luta Security. Mousourris has a robust background in creating and r...
The Road to Software Supply Chain Security Compliance
29 Mar 2023
Contributed by Lukas
In this episode, host Paul Roberts chats with Steve Lasker, a former Azure Program Manager with over 20 years of experience at Microsoft. Lasker touch...
The Silent Epidemic of Business Email Compromise (BEC) Attacks
02 Jan 2023
Contributed by Lukas
Online fraud is among the most pernicious and devastating forms of cybercrime- measured by the financial and psychological toll it takes on victims. P...
ZetaNile - Open Source Software Trojans
02 Jan 2023
Contributed by Lukas
In September 2022, Microsoft released a report on a group they track as ZINC (also known as Lazarus), which is a state-sponsored group out of North Ko...
Firmware Supply Chain Risks
02 Jan 2023
Contributed by Lukas
Supply chain attacks are not limited to SaaS (software-as-a-service) applications. Specific kinds of software, such as firmware, are also at risk of s...
A Closer Look at the Enduring Security Framework’s Guidance
02 Jan 2023
Contributed by Lukas
The U.S. Federal Government's Enduring Security Framework (ESF) Working Panel released a guidance on "Securing The Software Supply Chain" in September...
Don’t Sleep on SBOMs
02 Jan 2023
Contributed by Lukas
Software Bills of Materials (SBOMs) are a helpful first step for an organization looking to secure its software supply chain. SBOMs serve as an ingred...
Hunting Follina
03 Oct 2022
Contributed by Lukas
The exploit known as Follina resurfaced in late May 2022 as researchers discovered its use in a phishing document campaign. ReversingLabs Malware Rese...
Leveraging YARA
03 Oct 2022
Contributed by Lukas
YARA rules have been a proven tool for threat detection and hunting. Organizations who want to be mindful of today’s most serious threats, such as w...
Lessons Learned from CI/CD Compromises
03 Oct 2022
Contributed by Lukas
In this special edition episode, ConversingLabs host Paul Roberts interviewed researchers Iain Smart and Viktor Gazdag of NCC Group from the showroom ...
Déjà Vu: Uncovering Stolen Algorithms in Commercial Products
03 Oct 2022
Contributed by Lukas
A systemic issue impacting the cybersecurity community is the theft and unauthorized use of algorithms by corporate entities. This is an issue that Pa...
Not All Developers Can Be Security Jedis
03 Oct 2022
Contributed by Lukas
At this year’s Black Hat Conference in Las Vegas, software supply chain security was top of mind for the InfoSec community. One of the biggest obsta...
IconBurst - The Newest Software Supply Chain Attack
03 Oct 2022
Contributed by Lukas
ReversingLabs recently discovered a software supply chain attack known as IconBurst. This incident is a widespread campaign, consisting of the install...
Smash and Grab - AstraLocker Breach
03 Oct 2022
Contributed by Lukas
AstraLocker is a fork of the Babuk ransomware family. Babuk is a past Ransomware-as-a-Service (RaaS) threat group, selling ransomware tools to affilia...
Bryson Bort of Scythe.io talks Colonial Pipeline: Lessons Learned
08 Sep 2022
Contributed by Lukas
Bryson Bort of Scythe.io spoke with host Paul Roberts about the May 2021 Colonial Pipeline hack that caused a fuel shortage on America's southeastern ...
Steve Lipner of SAFECODE on Supply Chain Security - Is It Even Possible?
08 Sep 2022
Contributed by Lukas
In this conversation, Steve Lipner of SAFECODE explains what secure software is, and recounts his own experiences on Microsoft’s Software Security D...
Robert Martin of MITRE on Supply Chain System of Trust
08 Sep 2022
Contributed by Lukas
In this conversation, Robert Martin of MITRE talks about how the software supply chain is highly complicated, due to an increasing number of things in...
Dependency Confusion As A Tool For Targeted NPM Hacks
08 Sep 2022
Contributed by Lukas
NPM dependency confusion has emerged as a potent software supply chain attack vector via platforms like npm, with malicious packages surreptitiously a...
Local Threat Intel - You're Soaking In It!
08 Sep 2022
Contributed by Lukas
Even small organizations are sitting on top of a wealth of threat intel: their own IT environment. It’s essential for enterprises of all kinds to un...
Emotet Unbound: Understanding the Risk
08 Sep 2022
Contributed by Lukas
Emotet is one of the most prolific pieces of malware on the Internet. What started as software designed to hijack online banking sessions is now a Swi...
Putting Conti in Context
01 Sep 2022
Contributed by Lukas
The Conti ransomware group —a.k.a. Wizard Spider; a.k.a. TrickBot; a.k.a Ryuk—is one of the most prolific ransomware gangs around. It is believed ...
Cyberwar in Europe: Unpacking the Ukrainian Wipers
01 Sep 2022
Contributed by Lukas
Even before Russian tanks began rolling across Ukraine’s borders on February 24, the cyber war on the country had begun. In the days before the kine...