Hacker Valley Studio

Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover. 

In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough.

Impactful Moments
00:00 – Introduction
03:30 – The current state of phishing
05:30 – Outbound email compromise risk
09:30 – OAuth apps as attack vectors
15:00 – AI agents accessing your workspace
16:00 – Prompt injection is the new SQL injection
18:00 – Allow listing apps immediately
24:30 – Google Workspace vs Microsoft 365 security
27:30 – Custom detections require API expertise
28:00 – Why passkeys matter right now
32:00 – Data lifecycle management for shared docs

Links
Connect with our guest, Rajan Kapoor, on LinkedIn: https://www.linkedin.com/in/rajankkapoor/

Learn more about Material Security: https://material.security 

___
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Check out our upcoming events: https://www.hackervalley.com/livestreams 

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com 

Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure.

Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies.

Impactful Moments
00:00 - Introduction
02:21- Sonali’s unexpected CEO path
06:10 - Compliance isn’t real security
10:19 - PTaaS: start in 24 hours
12:33- 5,000 pentests yearly scale
17:01 - Humans beat automation limits
20:16 - AI behavior vulnerabilities emerge
27:54 - Indirect prompt injection explained
30:51 - Why juniors + AI is risky
38:27 - 2026 becomes AI battleground

Links
Connect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/

Check out Cobalt: https://www.cobalt.io

____
Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track.

In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down.

Impactful Moments
00:00 - Intro
02:05 - Codex desktop sparks agent shift
06:40 - Harness beats model iteration
08:10 - Context window: the hidden limiter
12:10 - Terminal sprawl creates agent chaos
14:05 - Maestro panels: agents, tabs, history
17:25 - Auto Run: fresh context per task
26:15 - “Donate tokens” via Symphony PRs
28:20 - AI tax debate gets spicy
33:05 - Start simple: download and run

Links
Connect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/

Check out Maestro for yourself: https://runmaestro.ai/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day.

In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI.

Impactful Moments

00:00 - Introduction
02:44 - Cloud infrastructure powering crime at scale
07:45 - What phishing 2.0 really means
12:10 - How MFA gets bypassed in real attacks
15:30 - Why the browser is the final control point
18:40 - AI reducing SOC alert fatigue
23:07 - Mentorship shaping cybersecurity careers
27:00 - Thinking like attackers to defend better
31:15 - When trust becomes the attack surface

Links

Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today.

Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations.

Impactful Moments
00:00 - Introduction
04:16 - Malware before money existed
07:30 - Cheesy biscuits changed cybersecurity
13:10 - When documents became dangerous
14:33 - Crime replaced curiosity
15:23 - Sony proved no one was safe
20:15 - Reporting hacks without causing harm
24:01 - AI replacing penetration testers
29:18 - Agentic AI shifts the threat model
36:30 - Why rushing AI breaks trust

Links
Connect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/