Discussions, playbooks, and tech resources for teams building software for the DoD and other highly regulated industries, so you can ship fast, stay secure, and be compliant. <br/><br/><a href="https://www.viaknowledgehub.com?utm_medium=podcast">www.viaknowledgehub.com</a>

VIA Knowledge Hub Podcast
Claim This Podcastby VIA
Podcast Overview
Discussions, playbooks, and tech resources for teams building software for the DoD and other highly regulated industries, so you can ship fast, stay secure, and be compliant. <br/><br/><a href="https://www.viaknowledgehub.com?utm_medium=podcast">www.viaknowledgehub.com</a>
Language
🇺🇲
Publishing Since
9/12/2025
1 verified contact email on file for VIA Knowledge Hub Podcast
Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.
Recent Episodes

June 10, 2026
The One Thing Devs Can’t Outsource to AI with Tanya Janca
<p>Security has never been a solved problem, but the 2025 OWASP Top 10 makes one thing clear: the rules have shifted again. AI is writing code at scale; developers are vibe-coding to production; and the data that trained those models came from an internet where security was largely optional. The result is a new generation of software that looks like it works, until it doesn’t.</p><p>Tanya Janca, Secure Coding Trainer at She Hacks Purple Consulting and lead author of the 2025 OWASP Top 10, joins us this week on the VIA Knowledge Hub podcast. She has spent years training developers at large enterprises, and what she’s seeing right now should concern anyone shipping software in 2026.</p><p>In this conversation, Tanya breaks down the vulnerabilities that matter most right now, why AI is making some of them significantly worse, and what developers can actually do about it starting today. She also shares her live training example of AI-generated code hiding its own security failures, and makes the case that developers themselves have become the new high-value target.</p><p>Topics Covered</p><p><strong>00:00 -</strong> Introduction</p><p><strong>02:00 -</strong> What is The OWASP Top 10 and why does the 2025 update matter?</p><p><strong>03:30 -</strong> Broken access control explained, and why it stays at number one</p><p><strong>05:30 -</strong> AI trained on unsecured data, and what it learned about security</p><p><strong>07:20 -</strong> Speed pressure, vibe coding, and the widening gap between developers and security teams</p><p><strong>08:15 -</strong> Real-world vibe coded breaches and the logging and alerting problem</p><p><strong>12:35 -</strong> Deterministic vs. probabilistic code and the case for rigorous code review</p><p><strong>15:45 -</strong> Why code review is the new secure coding</p><p><strong>18:25 -</strong> Prompt injection in AI systems, explained from first principles</p><p><strong>21:10 -</strong> Threat modeling for agentic workflows: Adam Shostack’s four question threat modeling framework</p><p><strong>23:00 -</strong> Are teams actually defending against prompt injection today?</p><p><strong>27:35 -</strong> Are developers equipped to defend themselves from social engineering and targeting?</p><p><strong>29:50 -</strong> The DevSec Station podcast: 5-minute training episodes</p><p><strong>32:55 -</strong> Tanya teaches her book, “Alice and Bob Learn Secure Coding” for free, every month</p><p>About Tanya Janca</p><p>Tanya Janca, known online as SheHacksPurple, is the best-selling author of Alice and Bob Learn Secure Coding and Alice and Bob Learn Application Security. She is the CEO of She Hacks Purple Consulting, where she delivers high-impact, live, secure-coding training for engineering teams. She is also the host of DevSec Station Podcast.</p><p>Over 29 years in the industry Tanya has received numerous awards, spoken at events worldwide, and built a reputation as one of the most approachable and influential voices in application security. She has trained thousands of developers and security practitioners through her academies and live programs. Her experience includes counter-terrorism work, leading security for the 42nd Canadian federal election, as well as building and securing a vast range of applications. Today, she is recognized internationally as a leading authority on the security of software</p><p>* Connect with our guest Tanya Janca: <a target="_blank" href="https://www.linkedin.com/in/tanya-janca">LinkedIn</a></p><p><strong>Make it secure and ship faster? Yes, please. We built the easy button for military-grade authentication.</strong></p><p></p> <br/><br/>This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit <a href="https://www.viaknowledgehub.com?utm_medium=podcast&utm_campaign=CTA_1">www.viaknowledgehub.com</a>

May 27, 2026
Financial Exclusion Is a Security Risk and Blockchain Confusion Is Making It Worse with Candace Kelly
<p>Most people think blockchain means Bitcoin. That misunderstanding has real consequences for regulators, developers building on it, and for the 1.3 billion people worldwide who still don’t have a bank account. </p><p>Candace Kelly spent nearly two decades as a federal prosecutor at the DOJ and FBI before becoming Chief Legal Officer at the Stellar Development Foundation.</p><p>In this episode, she breaks down how post-9/11 AML legislation inadvertently locked entire communities out of the banking system, and why financial exclusion is, in her view, a national security issue.</p><p>For developers building in this space, the episode lands on the areas where the real work is still happening: privacy-preserving transactions via zero-knowledge proofs, agentic commerce with dispute resolution baked into smart contracts, and the challenge of harmonizing compliance frameworks across jurisdictions that don’t move at the same pace as the technology.</p><p>Topics Covered </p><p>00:00 - Introducing Candace Kelly: DOJ, FBI, and the Stellar Development Foundation</p><p>02:15 - What blockchain actually is </p><p>03:15 - Rules still apply: why blockchain doesn’t create a lawless financial system</p><p>05:00 - Blockchain vs. cryptocurrency: the internet analogy and why conflating them matters</p><p>07:30 - What runs on Stellar: stablecoins, real-world assets, and tokenized securities</p><p>11:40 - Delivering US dollar aid to internally displaced Ukrainians via mobile wallets</p><p>13:00 - How the disbursement platform was built, tested, and open-sourced</p><p>15:30 - Haiti: 89% unbanked, cash insecurity, and a local merchant network accepting digital assets</p><p>17:00 - Why there is friction in moving from digital funds to fiat funds. </p><p>18:00 - How post-9/11 AML legislation excluded low-income communities, immigrants, and charities</p><p>22:00 - How blockchain addresses the compliance vs. access tradeoff, and its limitations</p><p>25:20 - Transparency vs. privacy: the challenge of open ledgers and user-controlled data</p><p>26:15 - Zero-knowledge proofs: proving facts without revealing identity</p><p>28:30 - Blockchain as the foundation for privacy features, not a barrier to them</p><p>30:05 - Real-world blockchain applications already in the wild</p><p>33:30 - Agentic commerce: smart contracts, micropayments, and baked-in dispute resolution</p><p>34:50 - Non-financial use cases for blockchain </p><p>36:30 - Supply chain fraud and why an immutable ledger changes export enforcement</p><p>37:30 - What makes Candace most hopeful: regulators, traditional finance, and proactive detection</p><p>About Candace Kelly</p><p>Candace Kelly is the Chief Legal and Policy Officer of the Stellar Development Foundation (SDF), a non-profit organization focused on working with and supporting changemakers to create equitable access to the global financial system through blockchain technology. She leads SDF’s legal team, that is responsible for all of SDF’s legal affairs and the policy team that is focused on bridging the gap between the public and private sectors and fostering dialogue with global regulators and policymakers. </p><p>Prior to joining SDF, Candace worked for Uber Technologies, Inc., where she held a variety of positions, helping to navigate the company’s response to regulatory investigations and advising on safety, security, privacy, consumer protection, and law enforcement response. </p><p>Candace brings many years of legal experience to SDF, most notably her 17 year career at the United States Department of Justice (DOJ), where she held positions as a legal and policy advisor on national security, criminal, and civil rights issues in leadership offices in Washington D.C. and as a prosecutor in the Northern District of California. During her time with DOJ, she also served as Special Counsel for National Security for the Director of the FBI. She holds a Bachelor of Arts in East Asian Studies from Williams College and a Juris Doctor from University of California (UC), Hastings College of the Law.</p><p>Candace is a member of the Janet Reno Endowment Advisory Committee at the Center for Juvenile Justice Reform at the Georgetown University McCourt School of Public Policy, and an Advisory Board Member for the UC Hastings Center for Business Law.</p><p>* Connect with our guest, Candace Kelly: <a target="_blank" href="https://www.linkedin.com/in/candace-kelly">LinkedIn</a></p><p><strong>Make it secure and ship faster? Yes, please. We built the easy button for military-grade authentication.</strong></p><p></p> <br/><br/>This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit <a href="https://www.viaknowledgehub.com?utm_medium=podcast&utm_campaign=CTA_1">www.viaknowledgehub.com</a>

April 7, 2026
In the end, it's all risk. An AppSec leader's guide to enterprise AI with Joshua Bregler
<p>What would you do if your AI agent deleted your production database because it decided that was the logical thing to do? That's not a hypothetical. It happened. And according to Joshua Bregler, it happened because someone gave an AI agent the same admin privileges they'd never hand to a new hire.</p><p>Joshua is an application security leader at McKinsey, working at the intersection of AppSec, AI adoption, and risk. He spends his days helping some of the world's largest organizations figure out what to do when a shiny new AI tool shows up at their door — and what to do when they've already let the wrong one in.</p><p>In this conversation, Joshua shares front-line stories from enterprise AI deployments gone wrong, breaks down the guardrail and access control decisions that teams consistently get wrong, and makes a case that's both simple and easy to miss: the right way to manage an AI agent is a lot like the right way to manage a junior developer. The fundamentals don't change. We just haven't learned how to apply them here yet.</p><p>Topics Covered</p><p>01:20 - Why AI adoption fails when humans are removed from the loop entirely</p><p>02:30 - Real-world use cases: When AI fabricates data, and it admits it on the spot</p><p>04:30 - AI given admin privileges, and why it deleted the production database</p><p>06:00 - The three themes: human-in-the-loop, guardrails, and access control</p><p>07:00 - Treating AI like a junior developer: prompt guardrails, library restrictions, and code review that holds</p><p>09:30 - The old methods are still the right ones, we just need to apply them to AI</p><p>10:30 - Why ignoring business logic creates vulnerabilities that don't surface for weeks</p><p>12:00 - What good AI adoption actually looks like: small, purposeful agents over monolithic platforms</p><p>13:00 - Why an unused AI agent is an attack surface waiting to be activated</p><p>14:45 - Test, test, and retest: the only real advice for AI-powered compliance tooling</p><p>16:00 - An example where an AI-generated compliance report could be a huge liability trap</p><p>17:20 - The ROI question every executive asks first, and why the answer is always “it depends” </p><p>20:00 - "In the end, it's all risk:” money, lawsuits, reputational capital, and institutional knowledge</p><p>21:30 - What questions companies are (and aren't) asking about AI adoption</p><p>24:20 - Managing AI identities: why blanket permissions don't work, and granular access is harder than it sounds</p><p>27:00 - The AI agent inventory: from Excel spreadsheets to dashboards</p><p>28:30 - Don't ignore the frameworks: OWASP Application Security Verification Standard, OWASP AI Top 10, and why they apply more than you think</p><p>About Joshua Bregler</p><p>Joshua Bregler is a cybersecurity executive with deep expertise in application security, cloud architecture, and mission-critical systems. He currently serves as the Application Security Leader at McKinsey & Company, where he builds and scales firmwide application security capabilities, enabling secure product development and enterprise resilience.</p><p>Before joining McKinsey, Joshua was a Principal Security Architect at Amazon Web Services, where he supported the U.S. Department of Defense and the Intelligence Community. In that role, he led secure cloud transformation initiatives, architected high-assurance systems, and partnered with national security stakeholders to advance zero-trust security models across classified and critical workloads.</p><p>Joshua holds an MBA from Johns Hopkins University and is a U.S. Marine Corps veteran, bringing a mission-first mindset and disciplined leadership style to every engagement. His career reflects more than two decades of advancing cybersecurity strategy, designing secure digital ecosystems, and guiding organizations through complex technical and regulatory environments.</p><p>Connect with our guest Joshua Bregler: LinkedIn </p><p>—</p><p>Join the VIA Knowledge Hub community on Substack: <a target="_blank" href="http://viaknowledgehub.com">viaknowledgehub.com</a> </p><p>Get passwordless logins instantly with VIA's Zero Trust Fabric (ZTF): solvewithvia.com/via-ztf</p><p>Test out VIA's Zero Trust Fabric on GitHub: github.com/viascience/ztf-tutorial</p><p></p> <br/><br/>This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit <a href="https://www.viaknowledgehub.com?utm_medium=podcast&utm_campaign=CTA_1">www.viaknowledgehub.com</a>
14 total episodes available
Deep-dive analytics for VIA Knowledge Hub Podcast
Frequently asked questions
Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.
- What is VIA Knowledge Hub Podcast?
- How often does this podcast release new episodes?
This podcast updates daily.
- Where can I listen to this podcast?
This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
- Does this podcast accept guests?
Yes, this podcast regularly features guests.
Legal Disclaimer
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.
