The Security Repo

Misconfigurations, Legacy Landmines, and Tier Zero Truths – Jake Hildreth on Active Directory

In this episode of the Security Repo Podcast, we chat with Jake Hildreth, Principal Security Consultant at Semperis, about the enduring challenges of securing Active Directory in a hybrid cloud world. Jake shares war stories from the field, including dangerously misconfigured environments and the real-world impacts of legacy systems. We also explore practical advice for defenders, including the critical importance of identifying and protecting Tier Zero assets.https://linktr.ee/jakehildrethhttps://www.linkedin.com/in/jakehildreth/Jake Hildreth is a dedicated husband, fun-loving father, and seasoned IT professional with nearly 25 years of experience. As Principal Security Consultant at Semperis, Jake helps organizations fortify their digital defenses against Active Directory incursions. His open-source tools (Locksmith, BlueTuxedo, and PowerPUG!) are designed to lighten the load for overworked AD administrators by making security more accessible and manageable. Jake’s expertise is further underscored by his CISSP certification and Microsoft MVP status, which serve as testaments to his wide base of knowledge and commitment to cybersecurity excellence.

Rebuilding OWASP St. Louis & Strengthening Security Growing The Community – Andre Van Klaveren

In this episode of the Security Repo Podcast, Andre Van Klaveren talks about his decades-long journey through IT, software development, and application security, culminating in the reboot of the OWASP St. Louis chapter. They discuss the history and importance of OWASP, community building in a post-pandemic world, and how risk-based thinking and strong fundamentals drive effective security practices. Andre also shares practical advice for anyone curious about joining a security meetup and the significance of influencing positive change within teams.https://owasp.org/www-chapter-saint-louis/We organize our meetups on Meetup.com:https://www.meetup.com/owasp-saint-louis-chapter/https://www.linkedin.com/in/andrevanklaveren/Andre is a seasoned technologist who has spent more than 30 years in the trenches of IT, software development, and architecture. For the past 15 years, he's been laser-focused on application security - finding and fixing the vulnerabilities before they become problems. He’s passionate about building secure software and loves connecting with others in the security community to share ideas.Outside of work, Andre has what his wife calls 'way too many hobbies,' but you can usually find him either tinkering with a new IoT project, talking on his ham radio, or getting lost in the great outdoors.

Teaching AppSec With Scratchers: Gamified Learning For Real-World Impact - Jenn Gile

In this episode of the Security Repo Podcast, Jenn Gile shares insights from her hands-on security education at DEF CON's AppSec Village, where she ran a wildly successful lottery-style dependency upgrade game. She discusses the challenges developers face with remediation, the importance of empathy in AppSec, and how gamified, tangible learning experiences can bridge gaps between dev and security teams. The episode also explores how community engagement and inclusive learning can strengthen security culture.https://www.linkedin.com/in/jenngile/Jenn Gile is a tech educator and community builder with experience in AppSec, DevOps, and national security spaces. She’s a frequent speaker at security meetups and conferences, a prolific writer, and is the host of LeanAppSec - a free educational program that helps AppSec professionals be more effective without getting bigger budgets. Jenn is currently Head of Community at Endor Labs, and previously worked at F5, NGINX, and the U.S. Department of State. Outside of work, Jenn is deeply involved in the cycling community as a board member for 2nd Cycle.

Threat Modeling OpenSSL, Lessons from a Data Breach, and Volunteering with Narayan Ram Narayanan

In this episode of the Security Repo Podcast, Narayan Ram Narayanan shares his journey into cybersecurity, sparked by a personal data breach and fueled by a passion for privacy and secure development. He discusses his upcoming talk on threat modeling OpenSSL applications using STRIDE and other threat models, and highlights the value of volunteering and networking at events like BSides. The conversation also explores lessons from past mistakes, favorite security tools, and advice for newcomers in the field.Links mentioned in this episodehttps://nixos.org/guides/nix-pills/10-developing-with-nix-shell.htmlhttps://asciinema.org/https://www.linkedin.com/in/n2r/Narayan Ram Narayanan is passionate about Linux, cryptography, and secure SDLC. He loves digging into code, threat modeling, and breaking things (responsibly). Whether it’s hardening apps or decoding exploits. He’s all about making software safer - one commit at a time.

From Risk Acceptance to Community Building: Inside Security With Sean Juroviesky

In this episode of the Security Repo Podcast, Sean Juroviesky joins us to share their journey through cybersecurity, from finding community in BurbSec to giving talks at major conferences like DEF CON and BlueTeamCon. Sean dives deep into the realities of risk management, executive sign-off processes, and the critical importance of understanding business impact. The conversation also touches on the necessity of building cross-functional relationships and documenting everything to make informed, actionable security decisions.https://burbsec.com/Sean Juroviesky is a dedicated cybersecurity, risk management, and privacy advocate, speaking on those topics at conferences across the world, including DEF CON, CypherCon, CornCon, BSides Rochester, SecretCon, Sec-T, and more. Sean also acts as a cybersecurity architect for a large music streaming provider. Beyond their professional pursuits, Sean finds joy in backpacking through the mountains with their adventurous Australian Shepherd, partner, and twins, embracing the serenity of nature and the thrill of exploration.