The Art of Security

Supply Chain Compromise: Trust Is the Target

31 min · 13 de may de 2026
Portada del episodio Supply Chain Compromise: Trust Is the Target

Descripción

We're told to patch fast, trust updates, and rely on the software ecosystems that power modern business. But what happens when that trust becomes the attack vector itself? In this episode of The Art of Security, Josh Davies and Tyler Reguly dive into the growing world of software supply chain compromise — from malicious open source packages and compromised dependencies to sleeper-agent style attacks that quietly infiltrate trusted projects for years before striking at scale. Josh and Tyler unpack how attackers are weaponizing trust, automation, and AI-assisted development to spread compromise at scale, while exploring practical defenses and why today's "patch immediately" mindset may no longer be enough. When trust is the delivery mechanism, every dependency becomes part of your attack surface. Make sure to subscribe to the podcast!

Comentarios

0

Sé la primera persona en comentar

¡Regístrate ahora y únete a la comunidad de The Art of Security!

Empezar

2 meses por 1 €

Después 4,99 € / mes · Cancela cuando quieras.

  • Podcasts exclusivos
  • 20 horas de audiolibros / mes
  • Podcast gratuitos

Todos los episodios

15 episodios

Portada del episodio Not Curious? Cybersecurity Isn't the Career for You — A Student's Honest Take

Not Curious? Cybersecurity Isn't the Career for You — A Student's Honest Take

Is cybersecurity really facing a skills shortage or are businesses just unwilling to train the next generation? In episode 10 of The Art of Security, Josh Davies and Tyler Reguly are joined by Dema Gorkun, cybersecurity student at MacEwan University, leader of the Student Ethical Hacking Club, and OWASP collaborator. Dema shares a candid student's-eye view of what today's cybersecurity education gets right, where it falls short, and how curiosity, home labs, and community involvement matter more than any resume. From vibe coding pitfalls to phishing projects that triggered emergency CEO meetings, this conversation explores the future of cybersecurity talent — and how to stand out in an AI-driven hiring landscape. Whether you're a student, a hiring manager, or a seasoned practitioner wondering how to mentor the next wave of talent, this episode offers a refreshing, unfiltered look at how we create the security artists of the future. 🎧 Don't miss an episode — subscribe to The Art of Security today

8 de jul de 202647 min
Portada del episodio After the Breach: Ransomware, Data Loss, and the Legal Fallout

After the Breach: Ransomware, Data Loss, and the Legal Fallout

What really happens after a data breach? In this episode of The Art of Security, hosts Josh Davies and Tyler Reguly are joined by Brent Arnold [https://www.inq.law/brent-arnold] of INQ Law to unpack the legal, operational, and business fallout that follows a breach. From ransomware negotiations and breach reporting obligations to data loss, regulatory risk, and recovery planning, Brent shares what organizations need to know when a cyber incident becomes a legal crisis. The conversation also explores why preparation matters, how process failures often matter as much as technical ones, and why knowing where your sensitive data lives is critical before an incident happens. If you work in cybersecurity, risk, compliance, or business leadership, this episode offers a practical look at what comes next when data is exposed, stolen, or held hostage. Listen now for practical insights on ransomware response, legal risk, and recovery.

24 de jun de 202645 min
Portada del episodio Learning Cybersecurity: Education, Experience, and AI

Learning Cybersecurity: Education, Experience, and AI

Cybersecurity is one of the few professions where the learning never stops. New technologies, evolving threats, and the rapid rise of AI constantly reshape what security professionals need to know. In this episode of The Art of Security, Josh Davies and Tyler Reguly sit down with Dr. Mansour Alqarni of Fanshawe College to explore the current state of cybersecurity education and what it takes to build the next generation of security professionals. They discuss the cybersecurity skills gap, the role of colleges and universities in preparing students for the workforce, the balance between theory and hands-on experience, and whether cybersecurity should be considered an entry-level career path. The conversation also dives into the impact of AI on security operations, hiring, and education and why critical thinking and continuous learning may be more important than ever. Whether you're a student considering a career in cybersecurity, a hiring manager evaluating talent, or a seasoned practitioner looking to stay ahead of industry changes, this episode offers valuable insights into how cybersecurity professionals are trained, developed, and prepared for the challenges ahead. Topics covered: • The different paths to a cybersecurity career • Teaching security in the age of AI • Practical experience vs academic theory • AI's impact on SOC analysts and security teams • The importance of soft skills and trust Subscribe now for more expert insights and security conversations.

10 de jun de 202644 min
Portada del episodio Named Vulnerabilities, CVEs & the Problem With Security Hype

Named Vulnerabilities, CVEs & the Problem With Security Hype

Why do vulnerabilities like Heartbleed, PrintNightmare, and Log4Shell get memorable names while thousands of other CVEs go unnoticed? In this episode of The Art of Security, Josh Davies and Tyler Reguly debate whether named vulnerabilities help cybersecurity awareness or create dangerous hype cycles. From CVE identifiers and responsible disclosure to media sensationalism and "boy who cried wolf" fatigue, the conversation explores how branding vulnerabilities impacts SOC teams, executives, researchers, and the wider industry. A must-watch for SOC analysts, threat researchers, vulnerability management teams, CISOs, business leaders, and cybersecurity practitioners who want to understand how vulnerability naming and security hype shape real-world response, risk perception, incident prioritization, and executive decision-making.

27 de may de 202637 min
Portada del episodio Supply Chain Compromise: Trust Is the Target

Supply Chain Compromise: Trust Is the Target

We're told to patch fast, trust updates, and rely on the software ecosystems that power modern business. But what happens when that trust becomes the attack vector itself? In this episode of The Art of Security, Josh Davies and Tyler Reguly dive into the growing world of software supply chain compromise — from malicious open source packages and compromised dependencies to sleeper-agent style attacks that quietly infiltrate trusted projects for years before striking at scale. Josh and Tyler unpack how attackers are weaponizing trust, automation, and AI-assisted development to spread compromise at scale, while exploring practical defenses and why today's "patch immediately" mindset may no longer be enough. When trust is the delivery mechanism, every dependency becomes part of your attack surface. Make sure to subscribe to the podcast!

13 de may de 202631 min