In this OODAcast, Chris Wysopal shares his insights from decades in cybersecurity, detailing his journey from the early hacking collective "The L0pht" to co-founding Veracode. Wysopal reflects on the evolution of cybersecurity, highlighting his early contributions to vulnerability research and advocating the importance of adversarial thinking in security practices. He emphasizes the transition from traditional vulnerability testing to comprehensive application risk management, recognizing the increased reliance on third-party software and the escalating complexity of securing modern applications.

Wysopal also discusses how generative AI technologies are significantly accelerating application development but simultaneously creating substantial security challenges. He stresses that while AI-generated applications multiply rapidly, their vulnerability density remains comparable to human-written code. To manage this growing risk, Wysopal underlines the necessity of integrating automated, AI-driven vulnerability remediation into the software development lifecycle.

Looking forward, Wysopal advocates for embedding security deeply within the application creation process, anticipating that AI will eventually assist in producing inherently secure software. However, he also underscores the enduring threat of social engineering attacks, urging enterprises to prioritize comprehensive security awareness programs to bolster their overall cybersecurity posture and resilience.

The conversation examines some very interesting correlations between the mindset of the great hackers and the success of great entrepreneurs. Both take a good bit of grit, an ability to focus and be creative and perhaps most importantly: Persistence.

Learn more about Chris Wysopal's approaches and the company he founded at Veracode. For insights into reducing your organization's attack surface see: State of Software Security 2025

In this episode of the OODAcast, Bob Gourley speaks with Ian Brown, retired Marine Corps officer and author of A New Conception of War, which explores the influence of John Boyd on the Marine Corps and the evolution of maneuver warfare. Ian shares insights from his 20-year career in the Marines, including his experiences as a CH-53 helicopter pilot, forward air controller, and operations officer at the Brute Krulak Center for Innovation and Future Warfare.

The conversation dives into the history and adaptability of the Marine Corps, Boyd’s impact on military strategy, and how maneuver warfare became central to Marine Corps doctrine. Ian discusses Boyd’s unique ability to synthesize knowledge from multiple disciplines, his contributions beyond the well-known OODA loop, and his lasting influence on competitive decision-making across military and business environments.

Ian also previews his next book project, which will compile full transcripts of Boyd’s recorded presentations, offering a deeper look into his strategic thinking. The discussion touches on leadership, decision-making, and the importance of adapting mental models for success—principles that apply beyond warfare to business, strategy, and national security. Whether you’re a military historian, strategist, or business leader, this episode provides valuable insights into the enduring relevance of Boyd’s ideas.

To get the book see: A New Conception of War

For a directory of all OODAcasts see: https://oodaloop.com/oodacasts/

In this OODAcast, Bob Gourley interviews Trevor Hilligoss from SpyCloud, diving into his career trajectory from the U.S. Army to cybercrime intelligence. Hilligoss shares his unconventional path, starting as a forward observer in the Army before transitioning to law enforcement and later working with the FBI’s Joint Ransomware Task Force. He explains how his investigative experience led him to SpyCloud, a company dedicated to collecting intelligence on cybercriminals and using it to prevent attacks.

The discussion highlights how cyber threats evolve and why proactive intelligence is crucial in countering criminal activities. Hilligoss explains SpyCloud’s unique role in cyber defense, which involves infiltrating underground forums and gathering stolen data to identify vulnerabilities before criminals can exploit them. He emphasizes the growing challenge of session hijacking, malware-driven credential theft, and the commoditization of cybercrime, where even low-skilled actors can execute sophisticated attacks using readily available tools. He underscores the importance of disrupting cybercriminals by exposing their identities and dismantling their infrastructure, rather than solely relying on traditional law enforcement methods.

The conversation also explores how enterprises, governments, and small businesses can leverage SpyCloud’s intelligence to protect their networks. The episode concludes with a discussion on fraud, particularly scams targeting elderly victims, and the need for stronger industry-wide defenses. Hilligoss expresses optimism about the future of cybersecurity, citing increased collaboration between public and private sectors and innovative disruption techniques, such as name-and-shame campaigns and cybercriminal takedowns. He encourages a mindset of making cybercrime as difficult and costly as possible for bad actors, reinforcing the importance of staying ahead of evolving threats.

For more on SpyCloud see: SpyCloud.com