エピソード

  • Episode 127: Chris Wysopal on Reducing Attack Surface in the Age of AI
    2025/03/24

    In this OODAcast, Chris Wysopal shares his insights from decades in cybersecurity, detailing his journey from the early hacking collective "The L0pht" to co-founding Veracode. Wysopal reflects on the evolution of cybersecurity, highlighting his early contributions to vulnerability research and advocating the importance of adversarial thinking in security practices. He emphasizes the transition from traditional vulnerability testing to comprehensive application risk management, recognizing the increased reliance on third-party software and the escalating complexity of securing modern applications.

    Wysopal also discusses how generative AI technologies are significantly accelerating application development but simultaneously creating substantial security challenges. He stresses that while AI-generated applications multiply rapidly, their vulnerability density remains comparable to human-written code. To manage this growing risk, Wysopal underlines the necessity of integrating automated, AI-driven vulnerability remediation into the software development lifecycle.

    Looking forward, Wysopal advocates for embedding security deeply within the application creation process, anticipating that AI will eventually assist in producing inherently secure software. However, he also underscores the enduring threat of social engineering attacks, urging enterprises to prioritize comprehensive security awareness programs to bolster their overall cybersecurity posture and resilience.

    The conversation examines some very interesting correlations between the mindset of the great hackers and the success of great entrepreneurs. Both take a good bit of grit, an ability to focus and be creative and perhaps most importantly: Persistence.

    Learn more about Chris Wysopal's approaches and the company he founded at Veracode. For insights into reducing your organization's attack surface see: State of Software Security 2025

    続きを読む 一部表示
    51 分
  • Episode 126: John Boyd, Maneuver Warfare, and the Future of the Marine Corps – A Conversation with Ian Brown
    2025/03/07

    In this episode of the OODAcast, Bob Gourley speaks with Ian Brown, retired Marine Corps officer and author of A New Conception of War, which explores the influence of John Boyd on the Marine Corps and the evolution of maneuver warfare. Ian shares insights from his 20-year career in the Marines, including his experiences as a CH-53 helicopter pilot, forward air controller, and operations officer at the Brute Krulak Center for Innovation and Future Warfare.

    The conversation dives into the history and adaptability of the Marine Corps, Boyd’s impact on military strategy, and how maneuver warfare became central to Marine Corps doctrine. Ian discusses Boyd’s unique ability to synthesize knowledge from multiple disciplines, his contributions beyond the well-known OODA loop, and his lasting influence on competitive decision-making across military and business environments.

    Ian also previews his next book project, which will compile full transcripts of Boyd’s recorded presentations, offering a deeper look into his strategic thinking. The discussion touches on leadership, decision-making, and the importance of adapting mental models for success—principles that apply beyond warfare to business, strategy, and national security. Whether you’re a military historian, strategist, or business leader, this episode provides valuable insights into the enduring relevance of Boyd’s ideas.

    To get the book see: A New Conception of War

    For a directory of all OODAcasts see: https://oodaloop.com/oodacasts/

    続きを読む 一部表示
    48 分
  • Episode 125: Unmasking Cyber Threats: Trevor Hilligoss’s Mission to Disrupt Criminal Networks
    2025/02/14

    In this OODAcast, Bob Gourley interviews Trevor Hilligoss from SpyCloud, diving into his career trajectory from the U.S. Army to cybercrime intelligence. Hilligoss shares his unconventional path, starting as a forward observer in the Army before transitioning to law enforcement and later working with the FBI’s Joint Ransomware Task Force. He explains how his investigative experience led him to SpyCloud, a company dedicated to collecting intelligence on cybercriminals and using it to prevent attacks.

    The discussion highlights how cyber threats evolve and why proactive intelligence is crucial in countering criminal activities. Hilligoss explains SpyCloud’s unique role in cyber defense, which involves infiltrating underground forums and gathering stolen data to identify vulnerabilities before criminals can exploit them. He emphasizes the growing challenge of session hijacking, malware-driven credential theft, and the commoditization of cybercrime, where even low-skilled actors can execute sophisticated attacks using readily available tools. He underscores the importance of disrupting cybercriminals by exposing their identities and dismantling their infrastructure, rather than solely relying on traditional law enforcement methods.

    The conversation also explores how enterprises, governments, and small businesses can leverage SpyCloud’s intelligence to protect their networks. The episode concludes with a discussion on fraud, particularly scams targeting elderly victims, and the need for stronger industry-wide defenses. Hilligoss expresses optimism about the future of cybersecurity, citing increased collaboration between public and private sectors and innovative disruption techniques, such as name-and-shame campaigns and cybercriminal takedowns. He encourages a mindset of making cybercrime as difficult and costly as possible for bad actors, reinforcing the importance of staying ahead of evolving threats.

    For more on SpyCloud see: SpyCloud.com

    続きを読む 一部表示
    41 分
  • Episode 124: The History and Future of Cyberwar with Matt Devost
    2024/12/17

    In this episode of the OODAcast we turn the microphone over to Dr. Bilyana Lily, the world renowned cyber and geopolitical expert, who interviews OODA’s CEO and co-founder Matt Devost.

    The session provides insights which can benefit any entrepreneur, board member, investor or cybersecurity practitioner. Bilyana reviews Matt’s journey from a small-town in Vermont to becoming a global leader in cybersecurity, counterterrorism, and risk management and then dives into Matt’s work founding groundbreaking companies like FusionX and the Terrorism Research Center, his insights into AI and cyber defense, and even his contributions to Hollywood films like Blackhat. Matt also explores the evolving hacker community, the future of augmented reality, and why exponential technological change will reshape our world. This is a must-watch for anyone interested in the nexus of technology, security, and innovation.

    続きを読む 一部表示
    1 時間 2 分
  • Episode 123: Forging Leadership: Admiral Studeman on Intelligence, National Security, and Proactivity
    2024/12/17

    In this OODAcast, Bob Gourley interviews retired Admiral Mike Studeman, a leader with over 35 years of experience in operational intelligence and national security. Admiral Studeman shares his journey, from joining the Navy at the close of the Cold War to serving as the Director of Intelligence for Southern Command and Indo-Pacific Command, and ultimately as the Commander of the Office of Naval Intelligence. He offers deep insights into the evolving nature of intelligence, emphasizing the importance of operational intelligence in driving informed decision-making at all levels.

    Admiral Studeman discusses key lessons from his career, the value of continual learning, and his perspective on leadership—highlighting the importance of proactive action, integrity, and inspiring others. He also explores challenges facing America today, including leadership crises and the strategic implications of global shifts, particularly with respect to China.

    The discussion delves into his new book, Mind of the Chain: Forging Leaders of Iron Integrity, where he shares stories and reflections from his career, offering valuable advice to leaders at all stages of their journey. Admiral Studeman’s message is clear: effective leadership requires constant learning, discernment, and a commitment to shaping a better future.

    For more see:

    • MikeStudeman.com
    • Might of the Chain: Forging Leaders of Iron Integrity
    続きを読む 一部表示
    47 分
  • Episode 122: Embracing the Future: Insights from Brandon Jones
    2024/09/13
    In this episode of the OODAcast, Bob Gourley sits down with Brandon Jones, CEO of Throughline, to explore his career journey, the importance of liberal arts in technology, and the innovative work of Throughline. The conversation highlights the value of a diverse educational background and the pivotal role of communication and storytelling in driving organizational success. Brandon Jones shares his foundational story, emphasizing the impact of his time at St. Mary’s College in Maryland, where he graduated with a computer science degree while also engaging deeply with liberal arts. His experience playing basketball and becoming the all-time leading scorer for men’s basketball at St. Mary’s taught him valuable lessons in teamwork and decision-making. This liberal arts background fostered a creative spark that later influenced his leadership style. Jones and Gourley discuss the importance of blending science and liberal arts education. Jones highlights the critical thinking skills developed through studying philosophy and other liberal arts subjects. He emphasizes the need for understanding problems deeply before jumping to solutions, a principle that has guided his career and approach to leadership. After graduating, Jones began his career at Electronic Data Systems (EDS), where he worked on the Navy Marine Corps Internet at the Pentagon. This role exposed him to high-level operations and decision-making within the Navy. His transition to public service came when he joined the Naval Facilities Engineering Systems Command (NAVFAC), where he ultimately served as the Chief Information Officer (CIO). As the CIO of NAVFAC, Jones faced numerous challenges, including cybersecurity threats and the need for application rationalization. He successfully reduced the number of applications from 3,000 to 200 and secured significant funding to enhance cybersecurity for naval facilities. His proactive approach and ability to communicate complex issues through compelling storytelling were crucial in achieving these milestones. Jones underscores the importance of storytelling in leadership. At NAVFAC, he used visual storytelling to convey the critical need for cybersecurity measures, which resulted in securing $100 million in funding and 100 full-time equivalents (FTEs) for cybersecurity efforts. This approach demonstrated the power of combining technical expertise with effective communication. Throughline, an enterprise design and strategy firm, blends creative agency capabilities with management consulting. Jones describes Throughline as the “Amazon of Storytelling,” helping organizations communicate their strategies, visualize progress, and align talent with organizational goals. The firm’s mission is to help human beings win, leading to organizational success. Jones acknowledges the competitive landscape but emphasizes Throughline’s unique approach, rooted in a blend of IT and creative expertise. He highlights the importance of continuous learning, both personally and for his team. Jones reads extensively and invests in professional development to stay ahead in a rapidly evolving industry. The conversation also touches on the future of space exploration and technology, drawing on insights from Dr. Thomas PM Barnett’s book, “America’s New Map.” Jones discusses the importance of understanding global trends and taking strategic actions to build a desirable future. Throughline’s collaboration on the book exemplifies their commitment to shaping the future through innovative thinking and strategic foresight. Brandon Jones’ journey from a liberal arts college to leading Throughline demonstrates the value of a diverse educational background, the power of storytelling in leadership, and the importance of continuous learning. His insights provide valuable lessons for leaders and organizations navigating the complexities of today’s technological landscape. Connect with Brandon on LinkedIn. Related Reading: Technology Convergence and Market Disruption: Rapid advancements in technology are changing market dynamics and user expectations. See: Disruptive and Exponential Technologies. Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat Challenges in Cyber “Net Assessment”: While leaders have long tried to gauge both cyber risk and security, actionable metrics remain elusive. Current metrics mainly determine if a system can be compromised, without guaranteeing its invulnerability. It’s imperative...
    続きを読む 一部表示
    41 分
  • Episode 121: Dr. Bilyana Lilly on Russian Information Warfare and Navigating Future Risks
    2024/09/04

    In this OODAcast, Matt interviews Dr. Bilyana Lilly who is an expert on Russian information warfare and geo-political risk. Bilyana is also the author of the book Russian Information Warfare and the novel Digital Mindhunters.

    Dr. Lilly shares her fascinating origin story and how she emerged as one of the premiere experts on Russian information warfare and geopolitical dynamics. Bilyana has worked tracking international arms and weapons supply chains, conflict zones, and other geo-political dynamics in academia, the private sector, and at internationally renowned think tanks. She shares fascinating insights from her time attending a Russian military conference with top leaders, her activities tracking information warfare and influence campaigns and then the conversation shifts to current geo-political risks including the conflict in Ukraine and what we can expect by way of targeting during the upcoming US election cycle.

    Official Bio:

    Dr. Bilyana Lilly is the chair of the cyber track at the Warsaw Security Forum and an adjunct researcher at the RAND Corporation. Dr. Lilly helps clients to detect and respond to ransomware threats and information warfare activities. Bilyana led a team that developed a threat-based risk assessment framework to prioritize vulnerabilities in critical infrastructure which the U.S. Department of Homeland Security now uses in all 50 states. She is a speaker at DefCon, CyCon, Executive Women's Forum, and the author of two books and a dozen publications, translated in Russian and Chinese. Dr. Lilly has been cited in the Wall Street Journal, Foreign Policy, and ZDNet. She has been denounced by Russia’s Ministry of Foreign Affairs. Lilly has a Ph.D. from Pardee RAND Graduate School, and master’s degrees from Oxford University (distinction) in England and the Graduate Institute in Switzerland.

    Additional Resources:

    • Connect with Dr. Lilly on LinkedIn
    • Russian Information Warfare: Assault on Democracies in the Cyber Wild West

    続きを読む 一部表示
    57 分
  • Episode 120: Leadership and Innovation with Former NASA CIO and Current Executive Leader Renee Wynn
    2024/08/02

    In this episode of the OODAcast, Bob Gourley interviews Renee Wynn, former Chief Information Officer (CIO) of NASA.

    Renee Wynn’s career trajectory is a testament to the unpredictable yet rewarding nature of professional journeys. Starting with a Bachelor of Arts in Economics from a liberal arts college, Renee navigated through various roles, ultimately becoming the CIO of NASA. She emphasizes the importance of focusing on capabilities rather than specific job titles, a mindset that allowed her to seize unexpected opportunities.

    The Value of Liberal Arts in Technology

    Renee underscores the significance of her liberal arts education in her professional life. Her studies honed her writing skills, critical thinking, and ability to organize arguments—skills essential for effective communication and policy defense in public service. This foundation proved invaluable in her roles at the Environmental Protection Agency (EPA) and NASA, where she often had to articulate complex technical concepts to diverse audiences.

    Renee’s tenure at the EPA was marked by her passion for the agency’s mission—ensuring clean air, water, and safe land use. Her role evolved with the advent of computers, sparking her interest in how technology can enhance mission delivery. This experience laid the groundwork for her transition to NASA, where she faced the challenges of managing a vast and complex IT infrastructure supporting global and off-world operations.

    At NASA, Renee encountered a culture of profound dedication and love for the agency’s mission. She detailed the complexities of NASA’s operations, which include managing data from global and space-based sources. A significant part of her role involved ensuring the cybersecurity of these operations, particularly the International Space Station, where a cyber incident could have international repercussions.

    Renee highlights the innovative integration of art and science in NASA’s projects. For instance, the James Webb Space Telescope’s sun shields, inspired by origami, demonstrate how artistic concepts can solve engineering challenges. This convergence of disciplines not only facilitates technical advancements but also fosters creativity and out-of-the-box thinking.

    The conversation delves into the burgeoning space economy, where new opportunities such as space mining, in-orbit servicing, and space tourism are emerging. Renee points out the dual nature of these advancements—each new capability also presents potential risks, particularly in cybersecurity and ethical considerations.

    Since retiring, Renee has embraced a portfolio career, serving on corporate and advisory boards, consulting, and engaging in public speaking. Her diverse roles keep her connected to cutting-edge technology and allow her to contribute her expertise to various sectors, including marketing and nonprofit organizations.

    Renee Wynn’s journey from a liberal arts graduate to the CIO of NASA exemplifies the profound impact of a well-rounded education on a career in technology. Her insights into the integration of liberal arts and technical disciplines highlight the value of diverse perspectives in solving complex problems. As the space economy continues to evolve, her experiences and foresight offer valuable lessons for the future of technology and exploration.

    Connect with Renee Wynn on LinkedIn

    続きを読む 一部表示
    56 分