The Cyber Security Matters Podcast

Application security has always been a balancing act but AI-generated code has tipped the scales entirely. In this episode, Harry and Matt sit down with Liav Caspi, Co-Founder & CTO of Legit Security, to explore how organisations can secure modern software pipelines without slowing development to a crawl.

From his early days in Israel's elite cyber intelligence Unit 8200, to co-founding one of the most forward-thinking AppSec companies in the market today, Liav brings a rare blend of deep technical expertise and product-led thinking to one of the most urgent challenges in cybersecurity.

They cover the lose-lose dilemma that inspired Legit Security's founding, why ASPM is becoming the cornerstone of enterprise security strategy, how AI is dismantling the technical moats of legacy vendors and what it means to secure software when AI agents are doing most of the building.

Key Topics:
Why the traditional approach to application security puts both developers and security teams in an impossible position
What Application Security Posture Management (ASPM) actually means in practice, and why it's becoming essential
How AI is disrupting legacy AppSec vendors like Checkmarx and Veracode and lowering barriers to entry for challengers
The rise of "agentic AppSec" and what it means to secure AI-driven development pipelines
Why AI fluency is now a baseline hiring requirement across every role in cybersecurity
Liav's prediction that source code itself will become less relevant as AI takes over the build process
The talent challenge in AppSec: finding people who understand both security and software development
Guest Bio:
Liav Caspi is the Co-Founder and CTO of Legit Security, where he leads the company's technology vision and product strategy. He began his career in Israel's elite cyber intelligence Unit 8200, spending around a decade in various engineering, team lead, and project management roles. He went on to serve as Senior Software Engineer and Project Lead at Argus Cyber Security, before joining Checkmarx one of the pioneers in application security where he led architecture and product management for the SCA solution. In 2021, he co-founded Legit Security, which provides an AI-native Application Security Posture Management (ASPM) platform that helps large enterprises secure their entire software development lifecycle, from code to cloud. Legit Security is purpose-built for the era of AI-powered development, securing CI/CD pipelines, coding agents, and vibe coding environments.

Sponsored by neuco.
Cyber Security Matters is brought to you by neuco, the specialist recruitment partner for the cybersecurity industry.

From dial-up curiosity to killing ransomware in milliseconds, Glenn Wilkinson has been inside the attacker's mind his entire career, and now he's using it to defend you. 
Hosts Harry Baldwin and Matt Rose sit down with Glenn Wilkinson, CEO and Co-Founder of Agger Labs, for a wide-ranging conversation covering Glenn's journey from self-taught teenage hacker in the 90s to serial founder, and a deep dive into everything ransomware where it came from, how it became a thriving criminal industry, who it's really targeting, and what businesses can actually do about it. 
Key topics covered: 
How Glenn went from dial-up internet and underground hacker forums to founding multiple cyber security companies 

The hard lessons of the hacker-to-founder transition why great engineers often miss the business fundamentals 

The origins of ransomware: from the AIDS Trojan in 1989 (distributed on a floppy disk) to CryptoLocker's Bitcoin pivot in 2013 

Double and triple extortion why backups alone no longer protect you 

How NotPetya (2017) marked the first major nation state supply chain attack, and why cyber is now a precursor to kinetic warfare 

Ransomware as a Service: the industrialisation of cybercrime, affiliate models, and initial access brokers 

Law enforcement fighting back Operation Kronos, hack-back legislation, and the moped theft analogy 

AI's actual (limited) impact on ransomware today and where the real risk lies 

Why SMBs are consistently the most vulnerable and the least prepared 

What any business can do right now to reduce ransomware risk 

The debate around banning ransomware payments 

How Agger Labs fits into the modern security stack: one thing, done well 

About the guest: 
Glenn Wilkinson is an ethical hacker, keynote speaker, and 3x founder. With a computer science background from Oxford and decades of hands-on penetration testing, Glenn has legally hacked 100+ organisations, spoken at Black Hat and DEF CON, and appeared on CNN and BBC. He is the CEO and Co-Founder of Agger Labs, which builds lightweight ransomware protection that detects and kills attacks before encryption begins running from Windows 7 to the latest server editions, no signatures or AI required. 
Connect with Glenn: LinkedIn | glenn-wilkinson.com | agger-labs.com 
Cyber Security Matters is brought to you by neuco.

In this episode of the Cyber Security Matters podcast, hosts Harry Baldwin and Matt Rose sit down with Alison Eastaway, VP of People and Culture at Push Security. Alison brings a refreshingly pragmatic perspective to the often-overlooked human infrastructure behind high-growth startups and shares why, in cybersecurity especially, the team really is everything. 

Alison's career is anything but conventional. Having started working at 14 in Australia and bypassed a traditional university route, she's built her expertise through hands-on experience across telco, hospitality, advertising tech, HR tech, and now cybersecurity, including a formative stint at screen, which was later acquired by Datadog. Throughout the conversation, she shares hard-won insights on hiring for culture fit in remote-first organisations, navigating today's complicated talent market, and why the best thing a great candidate can do in a first interview is simply avoid scoring an own goal. 
Key Topics: 
How Alison fell into cybersecurity and what drew her to the industry's pragmatic, low-BS culture 
Why she views her proudest professional achievement not as the Datadog acquisition, but as the Screen team group chat that still pings years later 
The "culture as a savings account" philosophy and why you need to invest before you need to draw on it 
The unique challenges of building and maintaining culture in fully remote or distributed teams 
The state of the talent market right now: why it's a buyer's market for employers, and what candidates can do to stand out amid AI-generated application noise 
Practical interview advice including why a first interview is really about not scoring an own goal 
How to handle having multiple offers on the table (and the smart question Alison always asks candidates first) 
What candidates switching from big companies to startups need to get right and the language mistakes that give them away 
Career advice for anyone looking to enter cybersecurity or move into a people and talent function 
Guest Bio: 
Alison Eastaway is a senior people and talent leader with extensive global experience across high-growth startups and scale-ups. She has led recruitment, people operations, and organisational development across Europe, the US and beyond, with leadership roles at companies including Poolside and screen the latter acquired by Datadog in 2021. Alison is currently VP of People and Culture at Push Security, where she leads global people strategy in support of long-term business growth. 
About neuco:
We are a specialist recruitment and executive search firm, working globally in four sectors; Content & Media, Satellite & NewSpace, Connectivity & Cyber Security.
If you are hiring for a new role or want to discuss your growth plans. Please do reach out to [email protected]

In this episode of Cyber Security Matters, hosts Harry Baldwin and Matt Rose sit down with Ray Ruemmele, Chief Revenue Officer at Evolve Security.
Ray shares insights from his 20+ year journey through enterprise technology, from selling typewriter ribbons at IBM to leading offensive security initiatives. The conversation explores the evolution of proactive cybersecurity, building high-performing teams, and why understanding your people is the foundation of great management.
About Ray Ruemmele
Ray brings over two decades of leadership experience in enterprise technology and cybersecurity. Before joining Evolve Security as CRO, he led major growth initiatives as VP of Sales at Kudelski Security and held leadership positions at IBM, Lenovo, Juniper Networks, and Okta. Ray is known for building high-performing teams that drive sustainable revenue growth and specialises in offensive, proactive cybersecurity solutions.
Key Topics Discussed:
Career evolution from IBM typewriter ribbons to offensive security leadership
The strategic value of big company experience versus startup agility
Learning strategic thinking through Harvard training and the Five Forces framework
Management philosophy: Understanding what makes your people tick
The 45 sales kickoffs spanning a career in enterprise tech
How the COVID pivot changed sales forever and hiring for the new reality
The journey from individual contributor to management
Building effective sales teams: What Ray looks for in candidates
Offensive security and Evolve's Academy training mission
What attracted Ray to Evolve Security and the Chicago connection
First year as CRO: Team assessment, tools, and the 1985 Bears analogy
The Zafran partnership and building a partner ecosystem
Advice for entering cybersecurity: Learning, labour, and patience
About Evolve Security
Evolve Security is a leader in offensive, proactive cybersecurity solutions, specialising in continuous penetration testing and security validation. The company helps organisations move from reactive security postures to proactive threat identification and remediation.
Connect with Ray Ruemmele on LinkedIn: https://www.linkedin.com/in/rayruemmele/

On this episode of Cyber Security Matters, hosts Harry Baldwin and Matt Rose sit down with Michael Waite, Co-founder and CTO of Dune Security. Michael shares his journey from enterprise consulting to building a venture-backed startup tackling one of security's stickiest problems: the human element.
Episode Summary
Michael discusses how traditional security awareness training fails to change human behaviour and why the threat landscape has shifted dramatically toward off-channel attacks via WhatsApp and encrypted apps. He reveals how attackers are using AI-powered voice cloning and open-source intelligence to launch sophisticated social engineering campaigns, and shares his personal security practices. Michael also explains how Dune Security uses AI defensively to quantify individual risk and drive targeted interventions that achieve a two-order-of-magnitude improvement in employee security posture.
Key Topics Covered
The transition from hands-on-keyboard building to strategic leadership as a startup scales

How Dune's CISO Advisory Council shaped the product from day one

Why soft skills and curiosity matter more than technical expertise in hiring

The shift from email phishing to off-channel attacks on personal devices

Real-world examples including the MGM breach and $50 bribes in lower-cost delivery centres

Personal security practices anyone can adopt

Using AI defensively for individual-level risk quantification

Chapters
00:00 – Introduction

01:12 – How Michael got into cybersecurity

04:43 – Key influences and leadership lessons from consulting

07:05 – Mindset shift from consultant to co-founder/CTO

09:05 – Building the CISO Advisory Council

10:59 – Talent acquisition strategy and team building

13:51 – The skills shortage debate and what really matters in hiring

16:58 – The state of enterprise security and the human element

19:42 – Off-channel attacks and the WhatsApp threat

23:03 – What motivates attackers: bribes, data, and disruption

25:00 – Why no business is safe from AI-powered attacks

27:00 – Personal security tips

29:24 – AI on the defensive side: how Dune Security uses it

32:47 – Changing the "tick the box" compliance mindset

35:42 – Advice for those entering cybersecurity

Guest Bio
Michael Waite is the Co-founder and CTO of Dune Security, a company focused on protecting enterprises from modern social engineering threats. His career spans building secure platforms, leading large-scale cloud migrations, and scaling security solutions for Fortune 50 organisations. Under his technical leadership, Dune Security has raised $8 million in pre-seed and seed funding.