We’re discussing the article, “Agentic AI Threat Modeling Framework: Maestro published back in February of this year on the Cloud Security Alliance blog. We discuss the various layers, patterns, and threats outlined in the framework, comparing it to existing methodologies like STRIDE and PASTA, and evaluate Maestro's structure, its potential complexity for developers, and its overall practicality and usefulness in the threat modeling arena. Listen along as we unravel the intricacies of the framework and share our candid thoughts on its strengths and weaknesses.

Agentic AI Threat Modeling Framework Maestro

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

We’re talking about the rise of "vibe startups" - entrepreneurs hunting for problems to solve rather than building solutions from personal experience. We chat about AI security challenges, questioning whether these are truly new problems or just old security concepts repackaged for the AI era. From prompt injection and guardrails to the scary reality of AI agents acting as humans, we examine whether the industry's obsession with AI is leaving traditional security gaps exposed.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

What are the core competencies that matter most for modern application security teams? Today we discuss understanding code and systems thinking and the crucial ability to assess risk in context - plus why your AppSec team might eventually get absorbed into engineering (and why it could be a good thing). We debate the role of developer mindset in security, the importance of technical depth over tool knowledge, and how to build teams that truly enable rather than gate development.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

Today we’re joined by Petra Vukmirovic. Petra, is the head of information security at Numan and co-leader of the Threat Model Library Project. Petra shares her vision for creating a massive, structured dataset of crowdsourced threat models that could revolutionize how the cybersecurity community learns and shares threat modeling knowledge. We explore the complex challenges of convincing companies to share their threat models publicly, diving into concerns about legal liability, competitive advantage, and the fundamental tension between transparency and security risk. Listen along to learn more about this exciting project and its potential impact on the cybersecurity field.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

We’re discussing vibe coding again and how AI-generated code is reshaping software development. We discuss the trustworthiness and maintainability of AI-generated code, examining the challenges of reviewing and integrating automated changes at scale. The conversation spans from practical concerns about code quality to broader implications for open-source projects in an AI-augmented world. We talk about identifying telltale patterns in AI-generated code and why context and traceability are becoming essential for trusting automated systems.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

It’s security conference season and we’re discussing the importance of networking, the value of in-person connections, and sharing insightful tips for delivering effective presentations. From recapping our conference experiences, debating the significance of keynotes, to reminiscing about the impact of classic rock bands like Def Leppard. Listen now to hear about conference experiences, mentoring sessions, and the evolving industry landscape.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

We’re discussing the complexities of the Model Context Protocol (MCP) and its application in AI systems. Join us for an in-depth discussion about MCP, agent-to-agent communication, and potential security vulnerabilities. We wrap up with a thought-provoking conversation on the future of AI safety and the challenges it presents.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

Listen in as we debate the differences between threat intelligence and threat modeling. What distinguishes these two concepts in cybersecurity, and how do they inform each other? The conversation explores definitions, real-world examples, and the interconnected relationship between proactive threat modeling and reactive threat intelligence.

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!