Helping Developers Use Open Source Security Tools & Improving Defense With AI - Mackenzie Jackson

In this episode of the Security Repo Podcast, Ailin Castellucci shares her inspiring journey from selling shoes to building cybersecurity teams and leading human-centric education projects. She discusses the unique challenges and perspectives of cybersecurity education in Argentina, emphasizing the importance of empathy, communication, and passion in the industry. Ailin also delves into her current work fostering hacker communities and promoting accessible security education across South America.https://www.linkedin.com/in/acastellucci/Ailin is an Information Security specialist and Hacking Community Builder at Strike. She previously worked at Mercado Libre, Lemon, and Galicia bank, and now leads Hécate, a project that combines creative solutions with human-centered education.

In this episode of the Security Repo Podcast, Chris Kulakowski, a seasoned detection engineer from IBM, delves into the complexities of threat detection, from writing detection rules to collaborating with red teams for proactive security strategies. He shares insights on prioritizing security risks, the evolving role of AI in cybersecurity, and the importance of adaptability in the ever-changing threat landscape. Chris also offers advice for aspiring security professionals and reflects on the positive trends in global cybersecurity efforts.https://www.linkedin.com/in/ckulakowski/Chris Kulakowski is a driven technologist, innovator, and tinkerer of all things. His career spans across 15 years of Digital Media, Information Technology, Security Operations, Threat Intelligence and Digital Forensics roles. He is currently a senior technical staff member specializing in threat detection at IBM, supporting IBM internal businesses. Prior to IBM he held various roles at General Motors and Optiv. He is seasoned in responding to incidents, developing new threat detection content, and an expert in EDR technology.Chris holds a Computer Criminology degree from Florida State University and several industry leading cyber security and digital forensics certifications including CISSP, EnCE, GCFE, GREM, and Security+. Chris is also accredited with a Stanford University Advanced Computer Security Certificate.

In this episode of the Security Repo Podcast, Bleon Proko dives into the intricacies of AWS security, focusing on the role and impact of quarantine policies in mitigating the risks of compromised credentials. He explains how AWS policies prioritize denial to prevent privilege escalation, lateral movement, and financial fraud, offering practical strategies for securing sensitive identities. Additionally, Bleon shares insights on essential tools for penetration testing and gives candid advice about navigating cloud security challenges.Bleon is an Info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented topics related to Cloud Penetration Testing and Security in conferences like BlackHat USA, Europe and Sector, DEF CON, SANS Pentest Hackfest Hollywood and Amsterdam, as well as several BSides on USA and Europe.His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of YetiHunter and DetentionDodger (https://github.com/Permiso-io-tools/[DetentionDodger | YetiHunter]).He is also the author of the upcoming book "Deep Dive into Clouded Waters: An overview in Digital Ocean's Pentest and Security" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)

In this episode of the Security Repo Podcast, we welcome back Mackenzie Jackson, security researcher and founder of this very show, to discuss the evolving landscape of AI in cybersecurity. Mackenzie dives deep into how AI is reshaping open-source security, revealing research that uncovered 600 unreported vulnerabilities in popular packages. We also explore the growing risks of AI-generated package hallucinations, how attackers might exploit them, and why security tools must be made more accessible to developers.https://www.linkedin.com/in/advocatemack/https://www.aikido.dev/Mackenzie is a security researcher and advocate with a passion for code security. He is the former CTO and founder of Conpago, where he learned firsthand the importance of building secure applications. Today, Mackenzie works for Aikido Security to help developers and DevOps engineers build secure systems.

In this episode of the Security Repo Podcast, we sit down with cybersecurity expert Gerard Johansen to dive deep into identity and access management (IAM) challenges in the enterprise space. We explore the explosion of data and identities, the ongoing debate over who "owns" IAM in organizations, and how threat actors are evolving their tactics to exploit identity-based vulnerabilities. Gerard also shares insights from his experience in digital forensics and incident response, offering advice on how security professionals can sharpen their skills and make an impact in the field.https://www.linkedin.com/in/gerardjohansen/Gerard Johansen is a cyber security professional with over a decade of experience specializing in Incident Response, Digital Forensics, and Threat Intelligence. Gerard has been fortunate to work with a wide range of organizations from enterprise environments, industrial, boutique consulting and international security providers. He is a frequent speaker at various conferences and also an author, currently working on the fourth edition of Digital Forensics and Incident Response. Gerard is currently employed with an MDR firm based out of Denver, CO.

In this episode of the Security Repo Podcast, we sit down with Josh Kuntz, Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation, to explore the unique challenges of securing state agencies. With nearly three decades in public service, Josh shares his insights on navigating government cybersecurity, hiring the next generation of security professionals, and the evolving role of CISOs. We also discuss how AI and social engineering are reshaping the threat landscape and why patching remains the top security concern after 25 years.https://www.linkedin.com/in/joshua-kuntz-cissp-35a825176/Josh serves as the Chief Information Security Officer (CISO) for the Texas Department of Licensing and Regulation (TDLR), where he is recognized as a leading expert in cybersecurity across the state. With nearly three decades of public service, including six years in the Marine Corps and 24 years with various state agencies, he has cultivated a wealth of experience in physical and information security, IT management, major information resource project procurement, project management, contract management, and risk management.His career highlights include eight years at the Texas Department of Public Safety (TXDPS), where he oversaw the statewide Texas Law Enforcement Telecommunications System (TLETS) satellite network, and three years at the Texas Youth Commission (TYC) as their first Information Security Officer (ISO), leading the security program during its merger with the Juvenile Probation Department. He also served seven years at the Texas Department of Motor Vehicles (TXDMV) as their inaugural ISO, where he took on additional roles as interim Chief Information Officer and interim Project Management Office Director.A passionate advocate for cybersecurity training, Josh established a public-private partnership that provided cybersecurity training and certification for 90 state employees. As CISO of the Texas Workforce Commission (TWC), he built a robust cybersecurity team and launched an apprenticeship program, while also offering cybersecurity guidance to the 28 workforce boards across Texas.In 2023, Josh initiated a 12-month CISO Mentorship Program designed to cultivate the next generation of cybersecurity leaders within the state. He holds a degree in criminal justice, achieved CISSP certification in 2012, and was honored as the Austin ISSA CISO of the Year in 2024. With his extensive background and commitment to excellence, Josh continues to shape the future of cybersecurity in Texas.

In this episode of the Security Repo Podcast, we sit down with Zach Hill from Antisyphon Training to discuss affordable cybersecurity education and the evolving landscape of IT training. Zach shares insights on the importance of hands-on learning, the challenges of misinformation in online education, and how AI is reshaping entry-level IT roles. We also dive into unconventional career paths into security and the critical need for foundational knowledge like networking and version control.https://www.linkedin.com/in/iamnerdy/https://antisyphontraining.comZach Hill is a dad, mental health advocate, creator, hacker, and self-described nerd.In 1999, Zach dropped out of high school of freshman year due to severe depression and anxiety issues.  What he thought for a long time was a curse was in all reality a blessing.  While everyone he knew was in school, Zach was at home on the internet learning everything that he could about websites, search engine optimization, internet marketing, and eventually social media.  In 2008, Zach was burnt out from web development and discovered that he had an interest in the infrastructure side of technology and quickly transitioned his career into technical support for school districts, by 2018 Zach was in charge of security awareness training and MDM administration for a hospital.In 2018, he quit his full-time position to focus on a YouTube channel that he had created in 2014 called IT Career Questions.  This channel was built to help people find their way into the growing world of IT and has grown with a reach of over 20 million people, and a fan base of over 280,000 subscribers.In 2021, Zach joined forces with TCM Security to continue the mission of helping others in their journey through IT.As of 2024, Zach is proudly with Antisyphon Training, a company Powered by Black Hills Information Security, where he continues to help people find their path into the world of IT and cybersecurity.

In this episode of the Security Repo Podcast, we sit down with Alex Scheel, staff back-end engineer at GitLab and chair of the OpenBao Technical Steering Committee, to discuss the origins and future of OpenBao, a fork of HashiCorp Vault. Alex explains the implications of HashiCorp's licensing change, the technical advantages OpenBao brings to the table, and the importance of open-source governance under the Linux Foundation. We also dive into interoperability in security tooling, secrets management best practices, and how developers can get involved in contributing to OpenBao.Alex Scheel is a Staff Backend Engineer at GitLab and the Chair of the OpenBao Technical Steering Committee. He has built a career on open source contributions, previously working at Keyfactor on Bouncy Castle, at HashiCorp on Vault, and at Canonical and Red Hat. You can find him under the nickname cipherboy most places. In his free time, he likes playing the violin and taking photography trips.https://www.linkedin.com/in/alexander-scheel-807514105/https://openbao.org/https://openbao.org/blog/vision-for-namespaces/

In this episode of the Security Repo Podcast, we sit down with Edna Jonnson, a cybersecurity engineer and SOC analyst, to discuss their journey from web development to security operations. Edna shares insights on the value of Capture the Flag (CTF) competitions for skill development, recounting their recent victory at Wild West Hacking Fest. We also dive into their day-to-day work in a SOC, the importance of credit freezes for personal security, and their involvement in cybersecurity communities like DEF CON and B-Sides Orlando.Edna Jonsson (they/them) is a cybersecurity engineer and SOC analyst with a strong foundation in web development and technical education. Their journey began as a web developer and coding bootcamp instructor, equipping them with a unique blend of technical expertise and a passion for mentorship.Edna is an active leader in the cybersecurity community, serving as the Volunteer Coordinator for BSides Orlando and an organizer for Career Village and Social Engineering Adventure Village. They also play a pivotal role in DEATHCon, both as the main conference organizer and Orlando site lead. They also help organize meetings for the local DC407 chapter.Previously, Edna hosted Security Chipmunks, a podcast dedicated to guiding early-career cybersecurity professionals. They were also instrumental in the launch and rapid growth of the WGU Cybersecurity Club, helping expand its membership to over 8,000 students. Edna coined the club’s motto, “No Owl Left Behind,” emphasizing their commitment to ensuring every student—whether in academics or competitions—received the support they needed to succeed.With a deep passion for cybersecurity, education, and community building, Edna continues to empower the next generation of security professionals.https://www.linkedin.com/in/ednajonsson/https://bsky.app/profile/ednas.bsky.social https://x.com/ednashttps://dc407.com/https://deathcon.io/https://bsidesorlando.org/

In this episode of the Security Repo Podcast, we dive into the concept of defense in depth with guest John Poulin, who shares insights on secure code reviews, architecture design, and threat modeling. We discuss the importance of integrating security tests into development workflows, the role of security headers in assessing a company's security posture, and the challenges of implementing robust audit logging. Plus, John recounts the day GitHub logged out all users due to a security bug and offers advice on avoiding over-reliance on web application firewalls.John Poulin leads Cloud Security Partners' technology and platform development. He is an experienced application security practitioner with over 10 years of experience in software development and security. Over his tenure, John has worked with many Fortune 500 companies and startups to perform secure code review, architecture, and design discussions, as well as threat modeling.Previously, John served as a staff manager of product security engineering, a role in which he and his team focused on performing secure code review of features and services, performing threat modeling, and helping to ensure that Cloud Security Partners' software ecosystem moves toward security maturity. John has also served as the director of engineering, where he focused on leading engineering teams through multiple stages of security-focused product development.John has given talks or training at many industry conferences, such as DEF CON, LASCON, DevSecCon, CactusCon, and Source, as well as various Ruby and OWASP events about practical application security.In his free time, John enjoys spending time with his family, traveling, playing adult league softball, and making hot sauce.https://www.linkedin.com/in/johnmpoulinLogs wall of shame https://Audit-logs.taxSSO wall of shame https://sso.tax/