The Updated OWASP Top 10 for LLM Applications and the AI landscape - Talesh Seeparsan

In this episode of the Security Repo Podcast, we explore the intersection of observability and security with special guest Josh Lee, a developer advocate at Altinity and expert on Clickhouse and OpenTelemetry. We discuss the evolving definition of observability, how context and tagging enhance both security and observability practices, and how databases like ClickHouse® compare to Snowflake for monitoring applications at scale. Josh also shares insights on DevOps culture as a "foreign language" and how to bridge gaps between developers and operators in adopting modern practices. Josh is a seasoned software developer with over a decade of experience, specializing in a broad range of topics including operations, observability, and cloud-native databases. His passion for technology is matched by his enthusiasm for sharing knowledge through public speaking. Currently, Josh serves as a Developer Advocate for Altinity, where he creates educational content on ClickHouse® and OpenTelemetry. Find Josh at https://www.linkedin.com/in/joshuamlee/ @[email protected] @joshleecreates.bsky.social and on the Altinity Slack https://altinity.com/

In this episode of the Security Repo Podcast, we talk with cybersecurity expert Stephanie Honore, about her journey into security, her work with the Freedom of Information Act (FOIA), and her insights on ethical AI and chain of custody in data handling. She shares her experience building software for evidence management and her thoughts on the intersection of security and legal frameworks. We also explore her creative side as a "spycore" musician blending cybersecurity themes with nerdcore music. Stephanie Honore, also known as Scarlett Danger, is a professional programmer, building applications by day, and a volunteer OSINT investigator by night for NGOs that combat human trafficking. She has been a member of WiCyS (Woman of Cybersecurity) since 2016 and attended Hacker On The Hill in Jan 2024.  She began by attending the local hacker meetups and frequently attends cybersecurity conferences such as BSides and Texas Cybersecurity Summit. She recently started joining online chat communities on Discord and IRC where she is getting a lot of exposure to a different side of the security field. Outside of work she likes making nerdcore music about security and intelligence ( a genre she has dubbed spycore) inspired greatly by performers like YTCracker, MC Frontalot, and Yung Innanet.  You can listen to one of my songs here.  https://soundcloud.com/scarlett_danger/hack-the-planet-v2?in=scarlett_danger/sets/internet-feels https://www.linkedin.com/in/smhonore/ https://smhonore.deno.dev/ https://www.wicys.org/ https://www.muckrock.com/news/archives/2024/aug/26/with-a-little-help-from-the-national-archives-nsa-finally-releases-grace-hopper-lecture-watch-it-here/

In this episode of the Security Repo Podcast, we explore the fascinating and complex world of non-human identities (NHIs) with Jody Hunt from CyberArk. We discuss the challenges of authenticating machine workloads, delve into the "secret zero" problem, and consider how frameworks like SPIFFE are shaping the future of secure machine identity. Plus, Jody shares his journey through a tech acquisition and the enduring importance of thinking like an attacker in cybersecurity. Jody has held diverse roles in software development, sales, and marketing. He has been an enthusiastic promoter of DevOps principles since 2010. He became aware of the growing security gap introduced by automation which led him to join Conjur in 2017. Four months later, CyberArk acquired Conjur to extend secrets management and machine identity solutions to DevOps, Cloud and Kubernetes workloads. https://www.linkedin.com/in/jodyhuntatx/ https://spiffe.io/book/ https://blog.gitguardian.com/protect-secrets-with-cyberark-and-gitguardian-integration/

In this episode of the Security Repo Podcast, the team dives into the OWASP Top 10 for Large Language Model Applications with special guest Talesh Seeparsan, an expert in cybersecurity and AI safety. Talesh shares insights into why a specialized top 10 for LLM vulnerabilities is essential, delves into unique challenges like system prompt leakage and AI supply chain risks, and provides practical advice for small companies navigating AI compliance. The conversation wraps up with reflections on security best practices, including collaboration and skepticism about industry norms. With over a decade in cybersecurity, Talesh is a trusted expert in protecting enterprise applications. He has collaborated with the U.S. DoD, developed Appsec training for Adobe, and secured identities for multibillion-dollar firms. Today, he guides companies in building secure, trustworthy, generative AI and LLM applications and volunteers with the OWASP Foundation team working on the OWASP Top Ten for LLMs. His north star is the safe, performant adoption of frontier AI. https://www.linkedin.com/in/talesh https://genai.owasp.org/resource/owasp-top-10-for-llm-applications-2025/ https://owasp.org/www-project-top-10-for-large-language-model-applications/

In this episode of the Security Repo Podcast, we delve into the intricate world of flight simulators and their unique cybersecurity challenges with guest Coburn Slay. He shares insights into managing both legacy and modern systems, the importance of compliance in operational technology, and his journey into tech starting at a young age. We also explore broader themes like the need for simplicity in cybersecurity tooling and combating misconceptions about age in the industry. Coburn Slay is a passionate and driven young cybersecurity professional based in Tulsa, Oklahoma. His love for technology began at a young age, fueled by knowledgeable mentors and a natural curiosity to understand how things work. This drive has led Coburn to explore unique fields within cybersecurity, where he’s been able to gain hands-on experience and contribute to innovative research in the ever-evolving tech landscape. / coburn-slay-aa759a164 https://openssf.org/ https://openssf.org/projects/zarf/

In this week's episode of The Security Repo Podcast, we are joined by Michael Harrison, a tech veteran who discusses the benefits and challenges of running your own email server in a world dominated by major providers, along with insights into the surprising persistence of fax technology in industries like healthcare. Michael also reflects on his pivotal role in bringing internet access to Chattanooga in the 1990s and shares practical advice on navigating walled gardens and enhancing system security. Michael describes himself as "A geek tweaking that status quo." He is the co-founder of Ring-U. https://www.linkedin.com/in/mike-harrison-1985b21/

Got psychological safety? In this episode of the Security Repo Podcast we sit down with Deanna Stanley to learn about psychological safety and the framework she has coauthored on building the layers of trust within organizations. We also dig into a few interesting stories from her time at MITRE and end up with some very encouraging words on how to stay relevant in a constantly shifting field. Deanna started her career as an embedded programmer in the telecommunications industry, and was a significant contributor to Northern California having no internet for 2 days back in the late 90s. She now helps sponsor transition to Agile and DevOps and spends her days screaming “it’s the people, not the tools!” Deanna’s love of her life is her dog Grimbal, which is why she’s always covered in fur. Learn more about psychological safety and the framework Deanna has helped establish at https://gotps.org/ https://www.linkedin.com/in/djstanley/

In this episode of the Security Repo podcast, we are joined by the legendary DFIR Matt to get a history of phone phreaking and how that community of hackers inspired an entire community, including DEF CON. We also talk about how social engineering attackers are carried out, including QR code phishing, aka "quishing." Matt gives some rok solid advice as well on how to approach a successful security career. About our guest: Matt Scheurer is a show host for the ThreatReel Podcast and Vice President of Computer Security and Incident Response in a large enterprise environment. He has many years of hands-on technical experience. Matt is an official "Hacking is NOT a Crime" Advocate, serves on the Advisory Board for the Warren County Career Center "Information Technology and Cybersecurity" program, and also volunteers as a technical mentor for the Women's Security Alliance (WomSA). He has presented numerous Information Security topics at countless technology meetup groups and prominent Information Security conferences, including keynotes at the Cybersecurity Collaboration Forum Cincinnati Leadership Exchange, the Information Security Summit in Cleveland, Queen City Con in Cincinnati, where he just got a black badge and a lifetime keynote spot. Matt is also a 2019 comSpark "Rising Tech Stars Award" winner and was named a "Top 12 Hacking Influencer" by Bishop Fox in 2023. Matt can be found online at:https://www.linkedin.com/in/mattscheurer/ and https://x.com/c3rkah

In this week's episode of the Security Repo Podcast, we ask a pentester who is one year into her cybersecurity career how she got started. Along the way, we learn about her favorite security tools, what it was like making the leap into security, and how to get started with your own journey, no matter what path you want to take. We are joined by Alexis Diediker, who brings a fresh perspective to her OCO Consultant role, where she uses the social engineering skills acquired from her non-tech service industry background to deliver practical insights and technical expertise in network penetration and advanced social engineering assessments. Known for her unique approach, Alexis holds certifications including Security+, PenTest+, PNPT, CRTO, and is a recipient of the Women of Cyber Academy scholarship from The SANS Institute (Certifying her in GFACT, GSEC, and GCIH). Alexis is currently obtaining her Bachelors and Masters degrees in Cybersecurity/IT at Western Governors University. In her free time she indulges in whiskey, riding motorcycles, and fantasy lore. https://eicc.edu/news/2024-student-story-alexis-diediker.aspx https://www.linkedin.com/in/adiediker1088/

In this episode of the Security Repo Podcast, we take a look at the concepts around securing human identities in the enterprise. We talk about why passwords alone are not enough, why it is important to use multifactor authentication, and the dream 'golden path' of ephemeral just-in-time account creation and use. As always, we find out the best and worst advice our guest has ever heard. Aria Langer joins the program this week. She is a Senior Security Engineer for KraftHeinz, specializing in PKI & privileged access management. In her personal life, Aria will talk your ear off about long-distance running, sewing, music-gaming, and RPGs from the good ol’ days. And Uncle Scrooge from DuckTales comics and media.