Latio: On the Record
Latio: On the Record
Podcast Description
Deep dives into relevant cybersecurity topics, focusing especially on cloud and application security pulse.latio.tech
Podcast Insights
Content Themes
The podcast covers a range of critical cybersecurity topics with a strong emphasis on cloud security and runtime defense. Episodes delve into specific themes like the evolution of security practices, the integration of AI in security measures, and the complex dynamics of collaboration between security and development teams. For example, one episode centers on current threats such as supply chain attacks and offers actionable insights on enhancing incident response strategies.
Deep dives into relevant cybersecurity topics, focusing especially on cloud and application security
Date: May 12, 2025Guest: Daniel Pacak (Software Engineer, Miggo)Hosts: James Berthoty, Charrah HardamonTopic: Building Real Runtime Security with eBPF
In this episode, we go deep on eBPF and what it actually takes to build reliable, performant runtime detection, beyond the buzzwords. James and Charrah are joined by Daniel Pacak, a longtime engineer in the cloud security space whose work spans Aqua Security, Cycode, RAD Security, and now Miggo. Daniel brings years of firsthand experience building eBPF sensors and walking the line between kernel-level complexity and practical detection coverage.
We open with Daniel’s journey into runtime security, beginning with his early work on Aqua’s Tracee project and continuing through multiple startup roles where he helped shape eBPF-based detection systems. He shares candid insights about the challenges of kernel instrumentation, the tradeoffs of performance versus visibility, and why function-level detection is so difficult but increasingly important.
Key discussion points include:
* Why runtime protection historically underperformed on Linux
* How vendors differ in their approaches to eBPF integration
* The technical realities behind stack unwinding, kernel hooks, and symbolization
* What ADR (and CADR) really means from a backend detection perspective
* Common misconceptions around eBPF and what it can (and can’t) do
* Why the industry lacks a common SDK or standard framework for building sensors
* Practical advice for evaluating vendors’ claims and assessing impact in real-world clusters
Daniel also walks through his thinking on why some tools overload the node with too much local processing, and what a healthier architecture looks like, particularly for teams focused on tuning alerts and scaling reliably.
The episode closes with a reminder that learning eBPF is a long road, but one with real payoffs for engineers interested in modern detection systems. And for security teams trying to figure out if eBPF tooling fits into their environment, Daniel gives straightforward guidance: test it in a real cluster, give it time to run, and measure both what it detects and how it performs.
Follow Daniel’s work on GitHub or LinkedIn.
Get full access to Latio Pulse at pulse.latio.tech/subscribe
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.