Vulnerability Management & Remediation
Guest: Vishal Kalro, CISO & DPO, Quatiphi

In this episode of Breakpoint, Neelu and Vishal discuss the complexities of #vulnerabilitymanagement and #remediation in #cybersecurity. They explore the challenges faced by #security teams in identifying and prioritizing vulnerabilities, the importance of collaboration with development teams, and how to tie #vulnerabilities to business #risks. Vishal emphasizes the need for actionable insights and effective communication between teams to ensure vulnerabilities are addressed efficiently.
In this conversation, they explore the friction between security and engineering teams, emphasizing the importance of empathy and communication. The discussion highlights the need for partnerships in vulnerability management, accountability for fixing issues, and the power of storytelling in articulating security risks. Ultimately, they advocate for a people-first mindset to foster collaboration and effective remediation strategies.

---
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

Vulnerability Management & Remediation
Guest: Vishal Kalro, CISO & DPO, Quatiphi

The real security flaw isn't the vulnerability itself, it's the failure to execute remediation. Security teams are drowning in thousands of alerts and treating every bug like a Critical emergency. This "Alert Fatigue" guarantees that the actual high-risk exposures get missed, leaving the door wide open for the successful breach.

---
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

Guests:
Mohini Sharma, TMT Technology Consultant, EY.
Jaydeep Katariya, AMI Technology Consultant, EY.

The metaverse seamlessly integrates physical and digital spaces, enabling AI-driven innovations in virtual interactions, autonomous avatars, and real-time experiences. However, increased reliance on AI brings sweeping cybersecurity challenges, such as adversarial attacks, deep fake impersonation, and AI-driven phishing campaigns. The security of the metaverse is vital for the sustainability of user trust and system integrity. As AI assumes a larger role in virtual environments, proactive cybersecurity measures must be taken to counter emerging threats.
This paper introduces DAI-TIRS, a holistic security framework designed to proactively secure the metaverse. DAI-TIRS is the integration of machine learning-based anomaly detection, dynamic honeypots, and predictive threat modelling that detect, classify, and mitigate AI-driven threats in real time. By utilising MITRE ATT&CK and the PyTM framework, it constantly learns new emerging threats through advanced behavioural analytics and keeps pace with the adversarial AI model’s evolution. The experimental results from a simulated metaverse environment demonstrate that DAI-TIRS achieves 93% accuracy in threat detection, 90% precision in classifying the severity, and a 36.9% faster threat mitigation response time than the average performance of baseline models, as detailed in the paper.
Recommended reading/viewing, Paper(in this topic) for practitioners
Their Research Paper which got published in the J.UCS: DAI-TIRS: An AI-Powered Threat Intelligence and Response System for Securing the Metaverse

---
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

As organisations and users increasingly move into the metaverse, AI-powered threats are evolving faster than traditional defences.
The primary challenge for today’s security teams is that conventional detection and manual response are too slow for the millisecond-scale attacks of immersive environments.

Their work on DAI-TIRS addresses this problem by integrating anomaly detection, adversarial AI defence, dynamic honeypots, and predictive threat modelling into a unified system for metaverse.

Guests:
Mohini Sharma, TMT Technology Consultant, EY.
Jaydeep Katariya, AMI Technology Consultant, EY.

Mohini Sharma:
Mohini Sharma is a dedicated researcher, consultant, and professional with interests in cybersecurity, artificial intelligence, and emerging technologies such as the metaverse and blockchain. Her work focuses on developing innovative solutions that bridge security challenges with advanced AI-driven approaches, ensuring safe and resilient digital environments. Alongside her research, she actively provides consultancy to organisations, helping them strengthen their security posture, adopt emerging technologies responsibly, and align with industry best practices. With a strong academic background and strong industry experience, she strives to contribute towards value-driven insights in the field of cybersecurity.

Jaydeep Katariya:
Jaydeep Katariya is a cybersecurity consultant and researcher working at the intersection of technology, business, and policy. An alumnus of IIM Ahmedabad and Symbiosis International University (SIU), where he completed his MBA in Information Technology Business Management, he has contributed to projects spanning SOC automation, deception systems, and public-sector digital transformation initiatives. He also represented SIU in an international research collaboration with Hochschule Mainz, Germany, and has published impactful research, including an IEEE conference paper on transforming carbon markets using blockchain, AI, and IoT, as well as his award-winning work on an adaptive AI-based cybersecurity suite for the metaverse in reputed journals. Currently with EY, Jaydeep combines hands-on consulting exposure with academic research while actively contributing to the cybersecurity community

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt Ltd

In this Rapidfire Anant shares insights from his experiences in the field of both Supply Chain Security and his professional journey in Cybersecurity.

Checkout the full episode where we discuss these practical nuances of SBOMs, so you get the best out of your 'bill of materials'.
https://youtu.be/PwuJoABJfmc

------

Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt Ltd

It's not your code that gets breached, it's the code you inherit. We expose the hidden dangers lurking in your Software Supply Chain and reveal the single document that can save you: the SBOM .

This episode breaks down why relying on Open Source components creates major risk. Learn how the Software Bill of Materials tracks every transitive dependency, allowing instant mapping of a new CVE to your production assets.

Recommended reading/viewing, Paper for practitioners

• https://www.cisa.gov/sites/default/files/2025-08/2025_CISA_SBOM_Minimum_Elements.pdf
• https://knightcolumbia.org/content/ai-as-normal-technology
• https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
• https://github.com/cyfinoid/sbomplay
• https://cyfinoid.com/introducing-sbom-play-a-privacy-first-sbom-explorer-with-vulnerability-license-insights/

----

Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt Ltd

Implementing Software Bill of Materials (SBOMs) is a complex process riddled with challenges that can undermine their security benefits. The primary issue is data quality and accuracy, as many tools fail to list all components, especially hidden transitive dependencies, creating a false sense of security.
Furthermore, organizations are often overwhelmed by the sheer volume of data an SBOM produces, lacking the context and tooling to turn it into actionable intelligence. Finally, SBOMs are static snapshots in a dynamic world, becoming quickly outdated as new vulnerabilities are discovered, making it difficult to maintain their relevance without a continuous, automated workflow.

Checkout the full episode where we discuss these practical nuances, so you get the best out of your 'bill of materials'.

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy

From Vulnerability to Value: Harnessing Bug Bounties for Continuous Security Improvement

Guest: Shobhit Gautam, HackerOne, Staff Security Solutions Architect, HackerOne

This short clip is fun, fast, and full of great personal insights on #cybersecurity . It’s a great reminder that behind every strong security defense is a brilliant, interesting human. #bugbountytips

--
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Subscribe for Video on YouTube: Subscribe: https://www.youtube.com/@BreakpointSecurityPodcast?sub_confirmation=1

If you like to see more like this, please Subscribe to Breakpoint Youtube!

Please Share with others in the community. It always means a lot!

Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com

Buzz me on Twitter or LinkedIn Connect with me on -

• Twitter: @NeeluTripathy
• LinkedIn: @neelutripathy