Hacker Valley Studio

Phishing didn’t get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day.

In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI.

Impactful Moments

00:00 - Introduction
02:44 - Cloud infrastructure powering crime at scale
07:45 - What phishing 2.0 really means
12:10 - How MFA gets bypassed in real attacks
15:30 - Why the browser is the final control point
18:40 - AI reducing SOC alert fatigue
23:07 - Mentorship shaping cybersecurity careers
27:00 - Thinking like attackers to defend better
31:15 - When trust becomes the attack surface

 

Links

Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/

 

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Cybersecurity didn’t start as a billion-dollar crime machine. It started as pranks, ego, and curiosity. That origin story explains almost everything that’s breaking today.

Ron sits down with Graham Cluley, one of the earliest antivirus developers turned trusted cyber voice, to trace how malware evolved from digital graffiti into organized financial warfare. From floppy disks and casino-style viruses to ransomware, extortion, and agentic AI, the conversation shows how early decisions still shape today’s most dangerous assumptions. Graham also explains why AI feels inevitable, but still deeply unfinished inside modern organizations.

Impactful Moments
00:00 - Introduction
04:16 - Malware before money existed
07:30 - Cheesy biscuits changed cybersecurity
13:10 - When documents became dangerous
14:33 - Crime replaced curiosity
15:23 - Sony proved no one was safe
20:15 - Reporting hacks without causing harm
24:01 - AI replacing penetration testers
29:18 - Agentic AI shifts the threat model
36:30 - Why rushing AI breaks trust

Links
Connect with our guest on LinkedIn: https://www.linkedin.com/in/grahamcluley/

 

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

The most dangerous attack surface isn’t your infrastructure, it’s desire under pressure. When people are emotional, impulsive, and hoping for connection, security controls don’t fail… judgment does.

Ron sits down with George Al-Koura, CISO at Ruby Life, to talk about securing some of the most psychologically sensitive data on the internet, and why dating data can carry more real-world risk than financial data. From the fallout of the Tea dating-safety app breaches to impulse-driven human behavior, sexual science, and intel-driven security, this conversation cuts straight to the uncomfortable truth: protecting users means understanding how people actually behave when emotion overrides logic.

Impactful Moments
00:00 - Introduction
01:45 - Tea app breach reality-check
04:26 - Why George chose Ruby Life
09:10 - Dating data hits harder
11:52 - Competitors refuse threat sharing
16:15- AI boosts social engineering
18:47 - Horny brains create risk
19:49 - Sexual science meets security
21:20 - AI avatars dating first
33:13 - Trust is earned in layers

Links
Connect with our guest on LinkedIn: https://www.linkedin.com/in/george-y-al-koura/

 

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

AI doesn’t break security, it exposes where it was already fragile. When automation starts making decisions faster than humans can audit, AppSec becomes the only thing standing between scale and catastrophe.

In this episode, Ron sits down with Joshua Bregler, Senior Security Manager at McKinsey’s QuantumBlack, to dissect how AI agents, pipelines, and dynamic permissions are reshaping application security. From prompt chaining attacks and MCP server sprawl to why static IAM is officially obsolete, this conversation gets brutally honest about what works, what doesn’t, and where security teams are fooling themselves.

Impactful Moments
00:00 – Introduction
02:15 – AI agents create identity chaos
04:00 – Static permissions officially dead
07:05 – AI security is still AppSec
09:30 – Prompt chaining becomes invisible attack
12:23 – Solving problems vs solving AI
15:03 – Ethics becomes an AI blind spot
17:47 – Identity is the next security failure
20:07 – Frameworks no longer enough alone
26:38– AI fixing insecure code in real time
32:15 – Secure pipelines before production

Connect with our Guest
Joshua Bregler on LinkedIn: https://www.linkedin.com/in/breglercissp/

 

Our Links

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

AI didn’t quietly evolve, it crossed the line from recommendation to execution. Once agents stopped advising humans and started acting inside real systems, trust replaced experimentation and consequences became unavoidable.

In this episode, Ron sits down with Marcus J. Carey, Principal Research Scientist at ReliaQuest, to examine what happens after AI is given authority: agents running in production, prompt debt replacing technical debt, vibe coding accelerating risk, and maintenance emerging as the true bottleneck. Together, they discuss how cybersecurity, software engineering, and the job market are shifting now that AI operates with autonomy, often faster than organizations can explain what their systems are actually doing.

Impactful Moments
00:00 - Introduction
02:26 - AI agents cross into production
03:35 - Trust boundaries become attack surfaces
6:46 - Vibe coding and hidden technical debt
09:22 - Prompt debt changes everything
17:40 - Why junior knowledge disappears
19:00 - AI replaces repetitive cyber workflows
23:43 - Coding becomes human leverage
29:30 - Fall in love with the problem

 

Connect with our guest, Marcus J. Carey:

LinkedIn https://www.linkedin.com/in/marcuscarey/

X https://x.com/marcusjcarey

 

Articles and Books Mentioned:

Article used for discussion:  https://www.techradar.com/pro/security/this-webui-vulnerability-allows-remote-code-execution-heres-how-to-stay-safe

 

Atomic Habits: https://jamesclear.com/atomic-habits-summary

 

Fall in Love with the Problem, Not the Solution: https://sobrief.com/books/fall-in-love-with-the-problem-not-the-solution

 

Our Links:
Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/