WE'RE IN!

In this episode, host Josh Mason chats with Synack Red Team Legend Ozgur Alp, who shares his offensive security journey from university to big four consulting to full-time Synack Red Team researcher. Ozgur gives his unique take on where AI excels (and falls short), which roles AI will replace, and whether the cost of AI is sustainable in the long-term.

 

Chapters:

00:00 Introduction: Meet Ozgur

03:28 Joining the Synack Red Team

07:13 Critical Authorization and Authentication Bugs

08:03 Why Ozgur Still Uses Burp 1.7.37

08:32 Pentesting with AI and Automation

09:12 Will AI Replace Human Pentesters?

11:53 Why AI Struggles with Business Logic

13:45 Why Google Can't "Solve" XSS (Even with AI)

14:47 How Mythos is Changing Offensive Security

16:15 The Benefits of Hacking with AI

17:09 How AI is Changing Pentesting

19:42 Vibe Coding is Creating More Security Vulnerabilities

23:11 Is the Cost of AI Sustainable Long-Term?

23:51 Closing Remarks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Josh Mason sits down with Tim Nordvedt, Synack's Senior Manager of North American Solutions Architects, to discuss his unique cybersecurity origin story, the power of networking, automating attack surface discovery, and why "falling in love with learning" is the only way to survive an AI-driven security landscape.

Chapter Timestamps

00:00 Introduction: Meet Tim Nordvedt

01:05 Security Origin Story

02:36 The Commodore 64: A Forgotten Connection to Tech

03:35 The Classroom Moment: Discovering Offensive Security

04:54 Collecting Certs and Networking Like Crazy

09:37 Reframing Imposter Syndrome: Skills are Never Wasted

10:34 Lessons as a Bike Mechanic: Translating Technical Value

14:31 Trying Out for the Synack Red Team (SRT)

15:29 Transitioning to Solutions Architecture (SA)

18:40 Building Tools: Automating Attack Surface Discovery (ASD)

21:48 Proactive Defense: Providing Value to Customers

25:14 Career Advice: Fall in Love with Learning

25:39 Upskill for the Future: AI and Agentic Red Teaming

26:43 Closing Thoughts

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE'RE IN, host Josh Mason sits down with Teri Green, VP of Technology at Elevate and CIO/CISO at Light Technology Solutions.

Teri breaks down her proprietary TEST Framework (Touch, Execute, Store, Trust)-a practical toolset for CISOs to evaluate AI risk beyond simple vulnerabilities. They discuss why humans remain the greatest vector in the age of AI, how to teach digital citizenship to the next generation, and why the basics of security still apply even as we move toward a quantum future.

Timestamps:

[00:00] Welcome, meet Teri Green

[00:43] Cybersecurity Origin Story

[01:44] Degrees and Certifications

[02:34] Career Path and Leadership

[03:28] TEST AI Risk Framework

[05:30] AI Trust and Human Factor

[06:53] Teaching AI Ethics to Kids

[08:34] Governance Outpaced by AI

[09:42] Upcoming Talks and Takeaways

[12:37] Learning AI and Plain Language

[16:17] AI Already in Your Org

[18:13] Where to Follow Teri

[18:58] Closing and Thanks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this episode of WE’RE IN, Josh Mason sits down with Sayaan Alam, a Level 5 Synack Red Team (SRT) member who started his hacking journey at 14 years old. Sayaan shares his story of how he became the second-youngest researcher onboarded to the SRT and how he climbed the ranks to become recognized on the Synack Acropolis.

Timestamps:

00:54 Meet Sayaan: Starting Bug Bounties at 14

01:33 Joining the Synack Red Team (SRT)

03:18 SRT Onboarding Process

04:41 Climbing the Tiers: From Level 1 to Level 5

05:42 Why Synack is Different from Other Platforms

06:30 Improving Professional Pentesting Skills

06:58 Finding Patterns in Client Architectures

08:32 The AI Chatbot Vulnerability: SSRF Case Study

10:57 Remediation Advice for AI File Handling

11:58 Trends in AI Chatbot Security & Stored XSS

13:12 Thoughts on Sara: The Synack Autonomous Red Agent

14:29 How to Connect with Sayaan

15:07 Outro and Closing Remarks

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This conversation explores how AI is transforming the offensive security landscape, focusing on the rise of AI-driven vulnerabilities, the evolution of pen testing, and the integration of human and AI efforts in cybersecurity. The discussion highlights the importance of adapting to new threats and the role of Synack's Autonomous Red Agent in enhancing vulnerability detection and remediation processes.
Timestamps
04:51
Traditional vs. Modern Pen Testing Approaches
07:55
The Role of Human Analysts in AI-Driven Security
10:57
Introducing Sara Pentest: A New Era in Testing
13:16
Executing a Sara Pentest: A Step-by-Step Guide
20:13
Real-Time Insights from Sara Pentest
23:20
Technical Difficulties and Collaboration
23:25
Exploring Pen Test Engagements
27:00
Successful Pen Test Outcomes and Future Implications

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.