
Securing the Workspace Attackers Already Live In with Rajan Kapoor
From Hacker Valley Studio by Hacker Valley Media
February 19, 2026 · 38 min · Season 6 · Episode 415
About this episode
Rajan Kapoor discusses the evolving risks in cloud security and practical measures to enhance protection against internal threats.
Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover. In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough. Impactful Moments00:00 – Introduction03:30 – The current state of phishing05:30 – Outbound email compromise risk09:30 – OAuth apps as attack vectors15:00 – AI agents accessing your workspace16:00 – Prompt injection is the new SQL injection18:00 – Allow listing apps immediately24:30 – Google Workspace vs Microsoft 365 security27:30 – Custom detections require API expertise28:00 – Why passkeys matter right now32:00 – Data lifecycle management for shared docs LinksConnect with our guest, Rajan…
People in this episode
Host: Ron
Guest: Rajan Kapoor
Topics covered
- security
- phishing
- OAuth apps
- cloud workspace
- data lifecycle management
Keywords
- Google Workspace
- Microsoft 365
- business email compromise
- passkeys
- document sharing hygiene
Mentioned in this episode
Products: Google Workspace, Microsoft 365, Material Security
More episodes of Hacker Valley Studio
- Fighting Smarter: What Combat Sports Teaches Us About Cyber Defense with Robin Black · June 9, 2026 · 25 min
- Is Vibe Coding Breaking the Internet? with Tanya Janca · June 2, 2026 · 36 min
- Why Smart People Fall for Deepfakes with Perry Carpenter · May 26, 2026 · 36 min
- Who Owns Your AI Security Policy? with Chris Cochran · May 18, 2026 · 35 min
- Turning 30,000 Findings Into 50 That Matter with Dan Pagel and Brad Hibbert · May 1, 2026 · 35 min
- Killing the Playbook with Agentic AI with Allan Alford and Tom Findling · April 24, 2026 · 39 min
Explore listener stats, chart rankings, contacts and more on the Hacker Valley Studio podcast page.