Episode Summary: Application Paranoia S6EP1

In the Season 6 premiere of Application Paranoia, hosts Colin Bell, Rob Cuddy, and Kris Duer kick off a new theme: debunking the top 10 myths about application security—one myth per episode.

They warm up with some lighthearted commentary on new workplace trends like “coffee badging” and the rise of “corp core” attire before diving into a fascinating conversation with Kinny Chan, Chief Commercial Officer at Trust Stamp.

Kinny shares his unique career journey from law to the cutting edge of digital identity and privacy, explaining how electronic discovery evolved from paper documents to complex digital evidence, and the challenges of handling sensitive data in litigation.

The discussion then pivots to the core topic of digital identity in an age where emails, chats, and advanced AI can fake voices and images. Kinny highlights the critical role of biometrics—like facial, palm, and gait recognition—while unpacking the challenges of ensuring liveness and authenticity.

The conversation tackles the limitations of current authentication methods (passwords, devices, biometrics), the risks of centralized identity systems, and the promise of decentralized solutions for greater privacy and control. Kinny also introduces Trust Stamp’s innovative approach of using biometric tokens and data shards to enhance both security and user privacy.

For listeners seeking practical advice, the episode covers essential tips for protecting your digital identity: monitoring your credit report to combat synthetic identity fraud, using unique email addresses, and educating children and grandparents about the dangers of deepfakes and the importance of verification.

The episode concludes with Kinny’s emphasis on using a combination of something you know, something you have, and something you are for strong authentication—and the urgent need to keep evolving digital identity protections as technology rapidly advances.

Key Takeaways:

• Digital identity is increasingly complex due to new technologies and AI.
• Biometrics offer promise but also introduce new challenges.
• Decentralized identity solutions may offer better privacy and control.
• Practical tips: monitor credit reports, use unique emails, and educate about deepfakes and verification.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this episode our special guest is Mark Spears.

Mark is currently a Principal Security Consultant at Solis Security. Having fulfilled significant time as a network defender and vCISO dealing with writing and testing InfoSec Programs and dealing with auditors and endless reporting, he has now re-focused his time on Penetration Testing to get his fill of offensive security operations. So Red Pill or Blue Pill?

A lot of his most recent education and skill focus has been on helping companies with their Web Application security through Secure-SDLC practices including configuration of Web Application Firewalls and Zero Trust solutions. When not enjoying his work at Solis Security, he can be found practicing physical security, lock picking, social engineering, or hardware hacking. Or, out on a Harley Davidson!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this episode the interviewvers be come the interviewd as David Rubinstien interviews Colin, Rob and Kris for his recent SD times articale on Discerning reality from the hype around AI. You can read his article here at the following link

https://sdtimes.com/ai/discerning-reality-from-the-hype-around-ai/

David is the Publishing Director and Editor-in-Chief, SD Times and ITOps Times
Conference Chairman, VSMcon; Improve: Test and Productivity
and Co-founder and Chief Operating Officer, D2Emerge LLC

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Tanya Janca who is helping the team discuss all things Security in the Devlopment space.

Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the head of education and community at Semgrep! As the founder of We Hack Purple, Tanya is bringing her security training to Semgrep customers and beyond. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an Advisor for NordSec and Katilyst and the Founder of We Hack Purple, OWASP DevSlop, WoSECShe and the very popular #CyberMentoringMonday. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Ray [Redacted] who is helping the team discuss all things Posture Management.

Ray is a Technologist & researcher for a Fortune 50 corporation and Associate Producer Emeritus of Jack Rhysider’s critically acclaimed hacker podcast “Darknet Diaries.” “Ray is particularly interested in researching nation state APT activities, and he is known online for being passionate about Mental Health Care issues as it relates to information and cybersecurity.

https://twitter.com/RayRedacted
https://twitter.com/DarknetDiaries

Hey everyone, welcome back to Application Paranoia! Colin Bell, Rob Cuddy, and Kris Duer are excited to kick off season 5!

For our first episode of 2024, we're joined by a special guest: Mike Khusid! Mike is the new Head of Product Management for HCL AppScan, and he brings a wealth of experience from companies like Codacy, Contrast, Red Hat, Akamai, Veracode, and Zerto. We're thrilled to have him on the show!

In this episode, we're diving deep into the hottest application security trends for 2024. Get ready for insights from a seasoned pro and buckle up for a season packed with valuable information!

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Ken Fanger who is an acclaimed speaker, author, and cyber security expert, who is focused on making a better world with less fear and more function.

Ken's current campaign is to "humanize security," a fundamental change toward a more holistic approach to cyber resilience and recovery. Ken is also one of fewer than 2,000 people to hold the designation of CMMC-RP (Cybersecurity Maturity Model Certification Registered Practitioner), helping businesses with federal contracts to meet the new Department of Defense cybersecurity standards.

Ken also has a new book that was released this past summer called Relax A Guide to True Cybersecurity which is available through Amazon.

The team also outline the Words of 2023.

Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another insightful application paranoia session.

In this weeks episode our special guest is Pete Morgan who is a leading expert in cloud security and compliance. He is the co-founder and CSO of Phylum (https://www.phylum.io/), a cloud security company that helps organizations to protect their cloud environments and achieve compliance with industry regulations.

Pete helps unpack some best practices around software supply chain security and outlines how his company Phylum helps organizations contextualize the associated risks from open source.

The team also discuss College Football, the Rugby World Cup, U2 in Las Vegas, room temperature semiconductors and the invention of starlite https://en.wikipedia.org/wiki/Starlite in the 1980's.