OwlTail

Cover image of Gary McGraw

Gary McGraw

13 Podcast Episodes

Latest 11 Sep 2021 | Updated Daily

Weekly hand curated podcast episodes for learning

Episode artwork

Gary McGraw, "Security Engineering for Machine Learning"

CERIAS Security Seminar Podcast

Machine Learning appears to have made impressive progress onmany tasks including image classification, machine translation,autonomous vehicle control, playing complex games including chess,Go, and Atari video games, and more. This has led to muchbreathless popular press coverage of Artificial Intelligence, andhas elevated deep learning to an almost magical status in the eyesof the public. ML, especially of the deep learning sort, is notmagic, however.  ML has become so popular that its application,though often poorly understood and partially motivated by hype, isexploding. In my view, this is not necessarily a good thing. I amconcerned with the systematic risk invoked by adopting ML in ahaphazard fashion. Our research at the Berryville Institute ofMachine Learning (BIIML) is focused on understanding andcategorizing security engineering risks introduced by ML at thedesign level.  Though the idea of addressing security risk in ML isnot a new one, most previous work has focused on either particularattacks against running ML systems (a kind of dynamic analysis) oron operational security issues surrounding ML. This talk focuses onthe results of an architectural risk analysis (sometimes called athreat model) of ML systems in general.  A list of the top five (of78 known) ML security risks will be presented.

26 May 2021

Episode artwork

Dr. Gary McGraw: Process Does Matter

Lessons from the School of Cyber Hard Knocks

Today's Guest: Dr. Gary McGraw, Co-Founder of the Berryville Institute of Machine Learning. In this episode, Dr. Gary McGraw discusses co-founding the Berryville Institute of Machine Learning, the risk factors associated with machine learning, his background and early career work, the difficulties surrounding software security, and a fun story here and there. Dr. McGraw is an advisor to RunSafe Security.

21mins

14 Jan 2021

Similar People

Episode artwork

#1: The history, present, and future of software security with Dr. Gary McGraw

Software Security Gurus

Welcome to the Software Security Gurus webcast with Matias Madou. In this inaugural episode, Matias interviews Dr. Gary McGraw, one of the godfathers of software security and founder of the Berryville Institute of Machine Learning. They discuss the history, present, and future of software security, as well as how these principles may apply to the new frontier of machine learning and AI.   For more information, please visit www.softwaresecuritygurus.com.--- Send in a voice message: https://anchor.fm/softwaresecuritygurus/message

27mins

4 May 2020

Episode artwork

A conversation with software security pioneer Gary McGraw

Security Voices

Recently "retired" software security legend Gary McGraw joins us for an unfiltered conversation with Jack at his farmhouse in rural Virginia.  Gary's walks us through the history of software security with his characteristic sharp humor and insights, sparing no "poser or pretender" along the path to today (including the term "app sec" itself). Beyond his impressive career in security, any conversation with Gary uncovers his diverse interests from his life as a musician to his travels, from reading fiction to writing books. Jack's interview of Gary is no exception-- it paints a portrait as colorful as the man himself. This is the 4th and final episode in our app sec (er.... software) security series.

1hr 1min

22 Mar 2019

Most Popular

Episode artwork

Episode 44: Gary McGraw Knows Software Security

The Georgian Impact Podcast | AI, ML & More

Gary McGraw is the Vice President of Security Technology at Synopsys, the best-selling author of "Software Security" and 11 other books, and the man behind the Silver Bullet Security Podcast. In this episode, Ben Wilde interviews him about everything from the BSIMM and OWASP Top 10 to software security best practices and how to get companies to start thinking about security early and often. https://www.garymcgraw.com/ https://www.bsimm.com/ https://cybersecurity.ieee.org/center-for-secure-design/ https://www.maxmyinterest.com/

30mins

22 Apr 2017

Episode artwork

#013 – Gary McGraw: Security Is Hard Work

Cyber Security Interviews

Dr. Gary McGraw is the Vice President of Security Technology at Synopsys (SNPS). Gary quite literally helped create the field of software security. He is a globally recognized authority on software security and the author of several bestselling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books. He is also the editor of the Addison-Wesley Software Security series. Gary has also written over 100 peer-reviewed scientific publications, authors a periodic security column for SearchSecurity, is frequently quoted in the press, and regularly speaks at major cyber security conferences. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye).Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Dean’s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors. He also produces and hosts his own the monthly podcast, the Silver Bullet Security Podcast for IEEE Security & Privacy Magazine (syndicated by SearchSecurity).Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine, craft cocktails. I am truly honored to have him on the show.In this episode we discuss craft cocktails, his Shmoocon 2017 key note, building in software security, the BSIMM project, breakers as builders, leadership in infosec, cyber security in the media, government relations, the NASCAR effect, giving back to your community, and much more.I hope you enjoy this discussion. Please leave your comments below!Where you can find Gary:GaryMcgraw.comTwitterCigital BlogBooks:Software SecurityExploiting SoftwareBuilding Secure SoftwareJava SecurityExploiting Online GamesAmazon author page for GaryThe Liberal Cocktail1 1⁄2 oz Rye1⁄2 oz Sweet vermouth1⁄4 oz Amer Picon (Note: email me for substitution reccomendations)1 ds Orange bittersInstructions:Stir, strain, straight up, cocktail glass

52mins

13 Feb 2017

Episode artwork

2016-048: Dr. Gary McGraw, Building Security into your SDLC, w/ Special guest host Joe Gray!

Brakeing Down Security Podcast

As part of our ongoing discussion about the #SDLC and getting security baked in as far left as possible, Joe Gray, host of the  Advanced Persistant Security #Podcast (find it at https://advancedpersistentsecurity.net/), Mr. Boettcher, and I sat down with Dr. Gary McGraw, author of "Software Security: Building Security In" to discuss his book. We are also doing this book as part of the Brakeing Security Book Club (check out our #Slack channel for more information). Gary walks us through the 7 Kingdoms of getting more security in, including doing automated and manual code audits, proper penetration testing of the application at various stages (testing), documentation (if you don't know it works, how can you test it?), and your Security Operations people, monitoring for things once it goes into production.  Also, find out what Chapter he thinks you should skip altogether... the answer may surprise you... :) Join Mr. Gray, Mr. Boettcher, and I for a discussion with a true leader in the software and application security industry. Buy the book on Amazon: https://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705 Check out Gary's Website at https://www.garymcgraw.com/, and check out Gary's own podcast the Silver Bullet Security Podcast at https://www.garymcgraw.com/technology/silver-bullet-podcast/ Gary's twitter is @cigitalgem Joe Gray's twitter is @C_3PJoe Special deal for our #BrakeSec Listeners: "If you have an interesting security talk and fancy visiting Amsterdam in the spring, then submit your talk to the Hack In The Box Amsterdam conference, which will take place between 10 to 14 April 2017. The Call For Papers (#CFP) is open until the end of December, submission details can be found at https://cfp.hackinthebox.org/. Tickets are already on sale, with early bird prices until December 31st. And the 'brakeingsecurity' discount code gets you a 10% discount". Brakeing Down Security thanks Sebastian Paul Avarvarei and all the organizers of Hack In The Box (#HITB) for this opportunity! Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-048-Gary_McGraw_Securing_Your_SDLC_and_guest_host_Joe_Gray.mp3 iTunes:  https://itunes.apple.com/us/podcast/2016-048-dr.-gary-mcgraw-building/id799131292?i=1000378548363&mt=2 YouTube: https://www.youtube.com/watch?v=x65yL5_Hpi4 Join our Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback, or Suggestions?  Contact us via Email: bds.podcast@gmail.com #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

1hr 11mins

3 Dec 2016

Episode artwork

Interview with Gary McGraw - Episode 366 - March 20, 2014

Paul's Security Weekly

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

39mins

24 Mar 2014

Episode artwork

Episode 366: Interview with Gary McGraw

Paul's Security Weekly TV

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

39mins

24 Mar 2014

Episode artwork

Gary McGraw, "Building Security In Maturity Model (BSIMM)"

CERIAS Security Seminar Podcast

As a discipline, software security has made great progress over thelast decade. There are now at least 46 large scale softwaresecurity initiatives underway in enterprises including globalfinancial services firms, independent software vendors, defenseorganizations, and other verticals. In 2008, Brian Chess, SammyMigues and I interviewed the executives running nine initiativesusing the twelve practices of the Software Security Framework asour guide. Those companies among the nine who graciously agreed tobe identified include: Adobe, The Depository Trust and ClearingCorporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and WellsFargo. The resulting data, drawn from real programs at differentlevels of maturity was used to guide the construction of theBuilding Security In Maturity Model (BSIMM). This talk willdescribe the observation-based maturity model, drawing examplesfrom many real software security programs. A maturity model isappropriate because improving software security almost always meanschanging the way an organization works---people, process, andautomation are all required. While not all organizations need toachieve the same security goals, all successful large scalesoftware security initiatives share common ideas and approaches.Whether you rely on the Cigital Touchpoints, Microsoft's SDL, orOWASP CLASP, there is much to learn from practical experience.Since its March release, the BSIMM is being expanded to includeBSIMM Europe, BSIMM II, and BSIMM Lite. Use the BSIMM as ayardstick to determine where you stand and what kind of softwaresecurity plan will work best for you.

7 Oct 2009

Loading