Welcome back to the show! Hacker Valley Studio podcast features Host Ron Eddings, as he explores the world of cybersecurity through the eyes of professionals in the industry. We cover everything from inspirational real-life stories in tech, to highlighting influential cybersecurity companies, and we do so in a fun and enthusiastic way. We’re making cybersecurity accessible, creating a whole new form of entertainment: cybertainment.
Episodes
4 days ago
4 days ago
Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day.
In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI.
Impactful Moments
00:00 - Introduction
02:44 - Cloud infrastructure powering crime at scale
07:45 - What phishing 2.0 really means
12:10 - How MFA gets bypassed in real attacks
15:30 - Why the browser is the final control point
18:40 - AI reducing SOC alert fatigue
23:07 - Mentorship shaping cybersecurity careers
27:00 - Thinking like attackers to defend better
31:15 - When trust becomes the attack surface
Links
Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Sunday Jan 25, 2026
Sunday Jan 25, 2026
Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today.
Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations.
Impactful Moments
00:00 - Introduction
04:16 - Malware before money existed
07:30 - Cheesy biscuits changed cybersecurity
13:10 - When documents became dangerous
14:33 - Crime replaced curiosity
15:23 - Sony proved no one was safe
20:15 - Reporting hacks without causing harm
24:01 - AI replacing penetration testers
29:18 - Agentic AI shifts the threat model
36:30 - Why rushing AI breaks trust
Links
Connect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Sunday Jan 18, 2026
Sunday Jan 18, 2026
AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and catastrophe.
In this episode, Ron sits down with Joshua Bregler, Senior Security Manager at McKinsey’s QuantumBlack, to dissect how AI agents, pipelines, and dynamic permissions are reshaping application security. From prompt chaining attacks and MCP server sprawl to why static IAM is officially obsolete, this conversation gets brutally honest about what works, what doesn’t, and where security teams are fooling themselves.
Impactful Moments
00:00 – Introduction
02:15 – AI agents create identity chaos
04:00 – Static permissions officially dead
07:05 – AI security is still AppSec
09:30 – Prompt chaining becomes invisible attack
12:23 – Solving problems vs solving AI
15:03 – Ethics becomes an AI blind spot
17:47 – Identity is the next security failure
20:07 – Frameworks no longer enough alone
26:38– AI fixing insecure code in real time
32:15 – Secure pipelines before production
Connect with our Guest
Joshua Bregler on LinkedIn: https://www.linkedin.com/in/breglercissp/
Our Links
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Thursday Jan 15, 2026
Thursday Jan 15, 2026
AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and consequences became unavoidable.
In this episode, Ron sits down with Marcus J. Carey, Principal Research Scientist at ReliaQuest, to examine what happens after AI is given authority: agents running in production, prompt debt replacing technical debt, vibe coding accelerating risk, and maintenance emerging as the true bottleneck. Together, they discuss how cybersecurity, software engineering, and the job market are shifting now that AI operates with autonomy, often faster than organizations can explain what their systems are actually doing.
Impactful Moments
00:00 - Introduction
02:26 - AI agents cross into production
03:35 - Trust boundaries become attack surfaces
6:46 - Vibe coding and hidden technical debt
09:22 - Prompt debt changes everything
17:40 - Why junior knowledge disappears
19:00 - AI replaces repetitive cyber workflows
23:43 - Coding becomes human leverage
29:30 - Fall in love with the problem
Connect with our guest, Marcus J. Carey:
LinkedIn https://www.linkedin.com/in/marcuscarey/
Articles and Books Mentioned:
Article used for discussion: https://www.techradar.com/pro/security/this-webui-vulnerability-allows-remote-code-execution-heres-how-to-stay-safe
Atomic Habits: https://jamesclear.com/atomic-habits-summary
Fall in Love with the Problem, Not the Solution: https://sobrief.com/books/fall-in-love-with-the-problem-not-the-solution
Our Links:
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/
Thursday Jan 08, 2026
Thursday Jan 08, 2026
AI isn’t quietly changing software development… it’s rewriting the rules while most security programs are still playing defense. When agents write code at machine speed, the real risk isn’t velocity, it’s invisible security debt compounding faster than teams can see it.
In this episode, Ron Eddings sits down with Varun Badhwar, Co-Founder & CEO of Endor Labs, and Henrik Plate, Principal Security Researcher of Endor Labs, to break down how AI-assisted development is reshaping the software supply chain in real time. From MCP servers exploding across GitHub to agents trained on insecure code patterns, they analyze why traditional AppSec controls fail in an agent-driven world and what must replace them.
This conversation pulls directly from Endor Labs’ 2025 State of Dependency Management Report, revealing why most AI-generated code is functionally correct yet fundamentally unsafe, how malicious packages are already exploiting agent workflows, and why security has to exist inside the IDE, not after the pull request.
Impactful Moments
00:00 – Introduction
02:00 – Star Wars meets cybersecurity culture
03:00 – Why this report matters now
04:00 – MCP adoption explodes overnight
10:00 – Can you trust MCP servers
12:00 – Malicious packages weaponize agents
14:00 – Code works, security fails
22:00 – Hooks expose agent behavior
28:30 – 2026 means longer lunches
33:00 – How Endor Labs fixes this
Links
Connect with our Varun on LinkedIn: https://www.linkedin.com/in/vbadhwar/
Connect with our Henrik on LinkedIn: https://www.linkedin.com/in/henrikplate/
Check out Endor Labs State of Dependency Management 2025: https://www.endorlabs.com/lp/state-of-dependency-management-2025
Check out our upcoming events: https://www.hackervalley.com/livestreams
Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio
Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com
Continue the conversation by joining our Discord: https://hackervalley.com/discord
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/