Paranoids' Pod

In this episode of the Paranoids podcast, our hosts — Shawn and Steven — explore their colleagues’ work to secure the software supply chain.Starting with the one question you’re all asking: What does that even mean in a world of open-source software?! Join us in conversation to hear discussion on: Defining Supply Chain Security (2:36) The Prolific Nature of Open Source  (4:38)Improving The Developer Experience (6:36)Explaining Common Supply Chain Security Attacks  (7:30)  The Different Pieces of Software Supply Chain Security  (11:40)Working Within the Paranoids (18:10)What’s Next?! (26:28)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Sr. Manager, Governance, Risk, and Compliance)Guests: Nate Burton (Sr. Principal Technical Security Engineer), Hemil Kadakia (Principal Software Engineer), Yonghe Zhao (Software Engineer) 

Summer is one of our favorite times of the year — and not just because of the beach days. Every year, we host (and learn from) interns from colleges and universities worldwide. In this episode of the podcast, former intern — and current Paranoid — Alden Schmidt and GRC Security analyst Chris Faulkner, who leads the internship program, talk about:Defining the Program (2:20) Alden’s Internship Presentation (7:44) Discovering the Program, Applying (10:40) Last Summer’s Projects, High Lights (13:10) Exposing Interns to the Breadth of Security (17:16) Recommendations and Advice (19:46)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests: Alden Schmidt (Forensics and Incident Response Engineer) and Chris Faulkner (Sr. Technical Security Engineer & Paranoids Internship Coordinator)  

The nature of leadership has changed as we’ve all moved from our offices to our living rooms. For the Paranoids, that means adjusting how we all grow together.Join this conversation to hear about:Our Approach (2:18)Squads, Organizing and Leading Remote Teams (6:12)Tea Time, Fostering Relationships  (11:11)Defcon, Getting Together (13:30)Remote Culture Requires an All-In Approach (18:47)Host: Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests: Will Chilcutt (Manager, Community Driven Security), Jeff Larson (Sr. Manager, Behavioral Engineering), Josh Schwartz (Sr. Director, Proactive Engineering)

The podcast welcomes its first outside guest: Jason Haddix, a bug bounty veteran who has participated in hundreds of programs over his career. He joins the Paranoids’ team — Arjun Govindaraju and Jonathon Robin — who run our program’s strategy and operations.  Over the course of roughly 45 minutes or so, they discuss: ‘What makes the Paranoids’ program COOL?!’ (3:43)The Importance of Scope (5:50)Live Hacking Events (15:27)The Art of Recon  (24:04)The Bug Bounty Lifecycle (32:20)Advice for Security Researchers (39:00)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Jason Haddix, Arjun Govindaraju (Bug Bounty Program Lead), and Jonathon Robin (Bug Bounty Operations Lead)Are you looking to get in touch because of something you found on Yahoo properties? Reach out to us using the contact information you find here: https://www.yahoo.com/.well-known/security.txt

Addressing cyber risk within the business is a challenging task for any security team to manage on their own. This places a premium on the Paranoids' relationship with engineering teams.  An especially necessary one when conducting an expedited patch across the organization for an internet-wide weakness. Namely,  Log4Shell. In this episode of the  podcast,  join Yahoo CTO Aengus McClean and Chief Paranoid Sean Zadig in conversation about: The Working Relationship (1:00) Security Culture (3:10)Communicating Priorities: Log4Shell (12:00)"Slow is Smooth and Smooth is Fast" (20:20)Building Security Into the Process (26:27)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests: Aengus McClean (Chief Technology Officer) and Sean Zadig (Chief Information Security Officer)This is our final episode in a series about Log4Shell. You can find episodes One and Two on the Paranoids' landing page.  

In our second podcast covering the Paranoids’ approach to remediating the Log4Shell vulnerability, Steven Asifo talks to Sadiah Choudhry and Lisa Hulen — who work inside Yahoo’s Vulnerability Management team responsible for handling newly disclosed security vulnerabilities. They discuss: The Elements of Vulnerability Management (2:46)Defining a NewVuln (4:40)What’s an S-Bug?! (12:15)Responding to an Unprecedented Event (15:31)A Companywide Culture of Collaboration (19:03)Big Takeaways (26:28)Host: Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Sadiah Choudhry (Technical Security Manager, Vulnerability and Control Operations Team) and Lisa Hulen (Vulnerability Management Lead)

Arguably among the most consequential – and widespread – security vulnerabilities of the past decade, Log4Shell impacted nearly every company doing business on the Internet Yahoo was no different. Listen to this episode, as the Paranoids explore how FIRE (the Forensics, Incident Response, Engineering Team) responded to a widespread vulnerability at scale: The Role of Incident Response (2:20)Hunting for Log4Shell… with Arkime (6:37) Trust in Running Large-Scale Investigations (11:50)Incident Response Planning (15:25)Post-Mortem: Takeaways (20:50)Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guests:  Georgios Kapoglis (Sr. Technical Security Engineer) and Art Maddalena (FIRE Specialist Lead)

Have you ever just wondered why so many security teams are shrouded in opacity?! Us, too. That’s why we’re launching a podcast. So you can get the opportunity to know the Paranoids more deeply. And learn what we’re about, what our mission is, and why we love doing what we do.Listen in to this inaugural episode to: Meet our CISO, Sean Zadig: 1:22 Hear about our seven operating, principles: 6:27   Learn more about the Paranoids history and our organizational pillars: 13:42Discover why you should come join us (cough: theparanoids.com): 25.20Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)Guest: Sean Zadig (Chief Information Security Officer)

Security teams tend to be black boxes. From the outside-in, it isn't easy to discern their culture. Or what makes them unique. So, to ensure the Paranoids can be more transparent, both to the security industry community — and those thinking about joining us in our mission! — we're launching a podcast. Throughout our episodes, we plan on surfacing the expertise of our team by introducing our colleagues. Mostly, so you can hear what makes them Paranoid. We'll publish our first episode will in the New Year. But, for now, take a listen to this trailer!Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)