Claim Ownership


Subscribed: 0Played: 0


The podcast welcomes its first outside guest: Jason Haddix, a bug bounty veteran who has participated in hundreds of programs over his career. He joins the Paranoids’ team — Arjun Govindaraju and Jonathon Robin — who run our program’s strategy and operations.  Over the course of roughly 45 minutes or so, they discuss: ‘What makes the Paranoids’ program COOL?!’ (3:43)The Importance of Scope (5:50)Live Hacking Events (15:27)The Art of Recon  (24:04)The Bug Bounty Lifecycle (32:20)Advice for Security Researchers (39:00)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Jason Haddix, Arjun Govindaraju (Bug Bounty Program Lead), and Jonathon Robin (Bug Bounty Operations Lead)Are you looking to get in touch because of something you found on Yahoo properties? Reach out to us using the contact information you find here:
Addressing cyber risk within the business is a challenging task for any security team to manage on their own. This places a premium on the Paranoids' relationship with engineering teams.  An especially necessary one when conducting an expedited patch across the organization for an internet-wide weakness. Namely,  Log4Shell. In this episode of the  podcast,  join Yahoo CTO Aengus McClean and Chief Paranoid Sean Zadig in conversation about: The Working Relationship (1:00) Security Culture (3:10)Communicating Priorities: Log4Shell (12:00)"Slow is Smooth and Smooth is Fast" (20:20)Building Security Into the Process (26:27)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests: Aengus McClean (Chief Technology Officer) and Sean Zadig (Chief Information Security Officer)This is our final episode in a series about Log4Shell. You can find episodes One and Two on the Paranoids' landing page.  
In our second podcast covering the Paranoids’ approach to remediating the Log4Shell vulnerability, Steven Asifo talks to Sadiah Choudhry and Lisa Hulen — who work inside Yahoo’s Vulnerability Management team responsible for handling newly disclosed security vulnerabilities. They discuss: The Elements of Vulnerability Management (2:46)Defining a NewVuln (4:40)What’s an S-Bug?! (12:15)Responding to an Unprecedented Event (15:31)A Companywide Culture of Collaboration (19:03)Big Takeaways (26:28)Host: Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Sadiah Choudhry (Technical Security Manager, Vulnerability and Control Operations Team) and Lisa Hulen (Vulnerability Management Lead)
Arguably among the most consequential – and widespread – security vulnerabilities of the past decade, Log4Shell impacted nearly every company doing business on the Internet Yahoo was no different. Listen to this episode, as the Paranoids explore how FIRE (the Forensics, Incident Response, Engineering Team) responded to a widespread vulnerability at scale: The Role of Incident Response (2:20)Hunting for Log4Shell… with Arkime (6:37) Trust in Running Large-Scale Investigations (11:50)Incident Response Planning (15:25)Post-Mortem: Takeaways (20:50)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Georgios Kapoglis (Sr. Technical Security Engineer) and Art Maddalena (FIRE Specialist Lead)
Have you ever just wondered why so many security teams are shrouded in opacity?! Us, too. That’s why we’re launching a podcast. So you can get the opportunity to know the Paranoids more deeply. And learn what we’re about, what our mission is, and why we love doing what we do.Listen in to this inaugural episode to: Meet our CISO, Sean Zadig: 1:22 Hear about our seven operating, principles: 6:27   Learn more about the Paranoids history and our organizational pillars: 13:42Discover why you should come join us (cough: 25.20Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guest: Sean Zadig (Chief Information Security Officer)
Security teams tend to be black boxes. From the outside-in, it isn't easy to discern their culture. Or what makes them unique. So, to ensure the Paranoids can be more transparent, both to the security industry community — and those thinking about joining us in our mission! — we're launching a podcast. Throughout our episodes, we plan on surfacing the expertise of our team by introducing our colleagues. Mostly, so you can hear what makes them Paranoid. We'll publish our first episode will in the New Year. But, for now, take a listen to this trailer!Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)
Download from Google Play
Download from App Store