The Security Repo

In this episode of the Security Repo Podcast, Eric Woodruff dives deep into the complexities of identity and access management (IAM), from the evolution of Active Directory to the future of non-human identities. He explains the real-world challenges of hybrid environments, governance, and over-engineered identity solutions. Eric also highlights practical ways for newcomers to start learning IAM and emphasizes the importance of soft skills in security roles.https://www.linkedin.com/in/ericonidentity/https://idpro.org/body-of-knowledge/https://ericonidentity.com/Throughout his 25-year career in the IT field, Eric Woodruff has sought out and held a diverse range of roles. Currently the Chief Identity Architect for Semperis; Eric previously was a member of the Security Research and Product teams. Prior to Semperis, Eric worked as a Security and Identity Architect at Microsoft partners, spent time working at Microsoft as a Sr. Premier Field Engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager.Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. Eric is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. Eric further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.

In this episode of the Security Repo Podcast, Douglas Brush, digital forensics expert and self-proclaimed "CISO Whisperer," shares his journey from early IT consulting to guiding CISOs and boards through complex security decisions. He breaks down his “Dad Bod Security” framework, connecting personal health metrics to meaningful cybersecurity goals, and highlights the need to move beyond vanity KPIs to focus on sustainable security programs. With candid insights on executive communication, legal challenges, and cultural resistance, Douglas offers a blueprint for building trust and progress in modern security leadership.https://www.linkedin.com/in/douglasabrush/https://brushcyber.com/Douglas Brush, the founder of Brush Cyber, excels in data privacy, cybersecurity, litigation, and information governance. His unique combination of technical skills and business insight has earned him the respect and admiration of clients and colleagues.What truly sets Douglas apart is his unwavering dedication to his clients. He understands that protecting data in today’s digital age is a technical challenge and a business imperative. Whether testifying as an expert witness or providing virtual CISO services, Douglas always brings his A-game with an engaging yet intelligent approach. He translates bits and bytes to dollars and cents like no other professional in his field.In fact, he’s so good at what he does that he is a federally court-appointed Court Appointed Neutral (formally known as a “Special Master”) and neutral expert in high-profile litigation matters. Douglas Brush is a beacon of light in a world where data breaches and cyberattacks are becoming increasingly common. He is always ahead of what is coming next, and you’d think he’s got his crystal ball. He’s a leader who inspires confidence and empowers organizations to embrace the digital age without fear. With Douglas at the helm, organizations can rest assured that their data is safe, allowing them to focus on their core business objectives and drive growth in the digital economy. Douglas is a heavyweight in his field, with over three decades of experience in information governance, data privacy, cybersecurity, and dispute consulting is second to none. His unique approach, blending technical expertise with a light-hearted touch, sets him apart, making the complex world of cybersecurity and privacy more accessible and engaging. His unique ability to break down complex technical concepts into easy-to-understand language has made him a sought-after speaker at industry events and conferences.

In this episode of the Security Repo Podcast, Jeffrey Bell, Principal Security Engineer and founder of CatchingPhish.com, discusses the confusion surrounding the naming conventions of threat actor groups across different security vendors. He explains how companies like CrowdStrike, Palo Alto, and Mandiant label the same adversaries with different names due to marketing and commercialization pressures, creating challenges for threat intelligence. Jeffrey also introduces MITRE ATT&CK Groups as a reliable, centralized resource to demystify these aliases and strengthen defenses based on shared TTPs.https://catchingphish.comhttps://attack.mitre.org/groups/https://github.com/mcdwayne/mitre-gang-lookupJeffrey Bell is a Principal Information Security Engineer and Threat Intelligence Lead at a Pharmaceutical Intelligence company. He graduated from UNC-Charlotte with a B.S. in Computer Science, specializing in Cybersecurity. Jeffrey has over 6 years of experience in Threat Intelligence, Incident Response, and Security Engineering. When not working, he writes for his blog, catchingphish.com, and loves to ski! He currently live near the beach in North Carolina.

In this episode of the Security Repo Podcast, Dwayne McDaniel sits down with Amy Devine, a systems architect who transitioned from embedded wireless systems to cybersecurity. Amy shares the eye-opening story behind her Blue Team Con talk on how misdirected emails exposed sensitive personal data and what that means for digital identity. The conversation dives deep into privacy, data brokers, and what we sacrifice when companies prioritize convenience over security.https://github.com/bitsdanceforme/email_scrubbinghttps://bitsdanceforme.blog/https://www.linkedin.com/in/bitsdanceforme/Amy Devine worked in embedded systems development of wireless protocols before switching over to cybersecurity. She currently works as a Systems Architect for AV while also contributing to her cybersecurity community. Her talks to the local community include securing your email and how to avoid online scams. When she’s not sitting at a keyboard, you can find her working out in her other happy place - her home gym. Or running errands. Or trying to keep up with her kid. Or sleeping. You can find her online at her somewhat out of date website https://bitsdanceforme.blog/She has a bachelors in Computer Engineering from the University of Illinois and a masters in cybersecurity from DePaul University.

In this episode of the Security Repo Podcast, we sit down with Martín Villalba, founder of InfoSecMap, to explore how his platform is transforming the way InfoSec professionals discover global events, communities, and CFPs. We dive into the origin story of InfoSecMap, its recent growth surge, and its strategic partnerships with organizations like OWASP. Martín also shares practical advice on building strong security cultures and the importance of addressing root causes over chasing vulnerabilities.https://infosecmap.com/LinkedIn: https://www.linkedin.com/in/wmvillalba/Twitter:https://twitter.com/act1vand0W. Martín VillalbaFounder & Principal, C13 SecurityFounder & Principal, InfoSecMapMartín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.

In this episode of the Security Repo Podcast, we welcome Srajan Gupta, a security engineer exploring the evolving security implications of Model Context Protocol (MCP) servers. Shrojan breaks down how MCPs act as AI connectors to external systems and the alarming rise in attack surfaces, including tool squatting and indirect prompt injections. The conversation dives into emerging threats, authorization challenges, and how securing MCPs mirrors early API and cloud security lessons.Srajan Gupta is a security engineer and builder focused on uncovering how systems fail — not just through vulnerabilities, but through the architecture itself. With a background in application security, platform engineering, and threat modeling, Srajan works at the intersection of usability and risk, helping teams identify and address design-level security flaws before they become incidents.Srajan is passionate about building practical security tools, automating guardrails, and making threat modeling an everyday engineering skill.Blog - https://srajangupta.substack.com/BSides LV talk - https://www.youtube.com/watch?v=Wld0VVRMN4c&t=21977shttps://www.linkedin.com/in/srajan-gupta/Their research often explores trust boundaries, secure defaults, and the hidden assumptions baked into the applications and infrastructure. They are especially interested in how attackers exploit the gray areas between platforms, automation, and access controls — and how defenders can close those gaps without slowing down delivery.

In this episode of the Security Repo Podcast, we chat with Alyssa Miles, a product marketing leader at CyberArk, about building authentic developer communities in the security space. She shares her journey from agency marketing to driving developer engagement, along with insights from Hacker Summer Camp and strategies for enabling community-driven identity tooling. Alyssa also discusses how to shift from traditional marketing to true enablement and why "thinking like a hacker" is key to building impactful security communities.https://lp.cyberark.com/20251110-cyberark-workload-identity-day-zero-atlanta-registration.htmlhttps://www.linkedin.com/in/alyssanoellemiles/https://infocondb.org/con/def-con/def-con-33/thinking-like-a-hacker-in-the-age-of-aiAlyssa is a product marketing leader passionate about making security easy for developers. At CyberArk, she drives developer experience initiatives that help platform engineers, DevOps teams, and cloud security pros adopt identity tools that fit naturally into their workflows. She also leads efforts to grow and engage CyberArk’s developer community. When she's not working, she's probably driving her ten-year-old daughter to ballet or hanging out at a brewery.