Paul's Security Weekly TV

By Security Weekly

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 90
Reviews: 0

Description

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Episode Date
Lightweight Vulnerability Management Using NMAP - PSW #654
48:25

Paul delivers a Technical Segment on Lightweight Vulnerability Management using NMAP!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode654

Jun 06, 2020
Security Chaos Engineering - Aaron Rinehart, Casey Rosenthal - ESW #186
36:29

Co-Founder and CEO Casey Rosenthal and Co-Founder and CTO Aaron Rinehart of Verica join us today to talk Chaos Engineering and Security, Continuous Integration, Delivery, Verification, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode186

Jun 05, 2020
Unraveling Your Software Bill of Materials - Alyssa Miller - ESW #186
36:11

Whether you are deploying your own software or someone else's software, there are a chain of dependencies that likely includes vulnerabilities. From the base OS image, to utilities, to frameworks and app servers, to language specific libraries, all can contain vulnerabilities. Not only can they contain vulnerabilities, but the chain of dependencies can carry vulnerabilities as well. Learn how to combat this problem in this segment!

 

To learn more about Snyk, visit: https://securityweekly.com/snyk

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode186

Jun 05, 2020
Dragos, AttackIQ, Cortex XSOAR, & SureCloud - ESW #186
30:27

SureCloud Launches Cyber Resilience Assessment Solution, Blackpoint Cyber launches 365 Defense - a Microsoft 365 security add-on for its MDR service, Endace and Palo Alto Networks Cortex XSOAR enable accelerated forensics of cyberthreats, Zscaler acquires Edgewise Networks, WatchGuard Technologies Completes Acquisition of Panda Security, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode186

Jun 04, 2020
Regulations, PCI, and IoT Safety - Part 2 - Josh Corman - SCW #30
43:34

Jeff loves PCI DSS. Josh has been a fierce critic of it... and... Josh has been working with public policy... We'll dig into the nuances and offer better ways to tell good from bad policy incentives.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode30

Jun 04, 2020
Regulations, PCI, and IoT Safety - Part 1 - Josh Corman - SCW #30
43:33

Jeff loves PCI DSS. Josh has been a fierce critic of it... and... Josh has been working with public policy... We'll dig into the nuances and offer better ways to tell good from bad policy incentives.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode30

Jun 03, 2020
How to Truly Disrupt Cybercrime - Jen Ellis - BSW #175
39:14

Jen Ellis focuses on cybersecurity policy for Rapid7. Working with governments, manufacturers, and operators, Jen strategizes on policies and practices that will actually disrupt cybercrime at scale. By changing the behavior of attackers through complexity and costs, these strategies can truly disrupt cybercrime. We'll discuss some of the latest strategies, including CyberBOM, Hack Back, Vulnerability Disclosure, and other Secure by Design approaches to cybersecurity.

 

To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode175

Jun 03, 2020
CISO vs. CEO, Security Is Not a Technical Problem, How to Be a Great Listener - BSW #175
32:03

In the Leadership and Communications section, CISO vs. CEO: How executives rate their security posture, 3 Reasons Why Cybersecurity Is Not A Technical Problem, How to Be a Great Listener in Remote Meetings and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode175

Jun 02, 2020
Apps Are the New Endpoint - Catherine Chambers - ASW #109
32:47

Apps are everywhere. Increasingly apps are the main entry point for daily services such as banking, home security or even unlocking a car. But mobile devices are untrustworthy: a place where hackers can reverse engineer apps, tamper with them, and steal the secrets they hold. As apps become the new endpoints, it’s high time to reconsider their security. In this webcast Catherine Chambers, Senior product manager, will discuss why Security needs to be on your app’s feature list.

 

To learn more about Irdeto, visit: https://securityweekly.com/irdeto

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode109

Jun 02, 2020
How to Prevent Account Takeover Attacks - John Chirhart - ASW #109
35:26

Attackers are using methods such as password spraying and credential theft to commit fraud against websites at an alarming rate. Automated bots are aiding the attacker to conduct these operations at scale. Your defensive strategy should include a mechanism to determine if a session is being controlled by a real user or a bot. How can we best accomplish this without creating too much friction between the real users and your web applications?

 

To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha

To register for our upcoming webcast with Google Cloud: https://attendee.gotowebinar.com/register/886342018982842384?source=ASW

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode109

Jun 01, 2020
Ed Skoudis & Security News - PSW #653
01:44:02

In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute!

 

To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode653

May 30, 2020
"Burn-In: A Novel of the Real Robotic Revolution" - Peter Singer - PSW #653
45:21

"Burn-In: A Novel of the Real Robotic Revolution" (May 26 release) is a new kind of novel+nonfiction. It uses the technothriller format as a way to share real research on the ways that AI+automation will shape our future, but also leave it vulnerable to a new scale of risks. That is, it is a fictional story following an FBI agent as she and a new partner hunt a new kind of terrorist bent on holding the entire city hostage in a way previously impossible. But baked into the story are some 300 macro and micro predictions of the tech and trends that will change our tomorrow, drawn from the latest nonfiction studies to show that it could/will come true (IE, it is a novel, but with endnotes on everything). Think of it as the veggies hidden in the smoothie, to give people a fun/scary read, but also to understand key terms and ideas soon to shape their lives.

 

To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode653

May 29, 2020
2020 MITRE ATT&CK Malware Trends - Greg Foss - PSW #653
47:38

The MITRE ATT&CK framework has had a major impact on the cybersecurity industry and has given a defenders a haystack in which to focus their defensive efforts. What’s most interesting, perhaps, is where and how these TTPs intersect and how we can use that information to determine patterns and disrupt attacks by analyzing historical datasets.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode653

May 29, 2020
Cybersecurity Is a Mindset That Cannot Be Taught - Zack Moody - ESW #185
25:43

Security Leadership, Accountability in Security Leadership, and Enforcing Buy-in From the Top!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode185

May 28, 2020
The Real Value of Identity in a Multi-Vendor IT Environment - Adam Bosnian - ESW #185
23:09

What is the value of identity in a larger security conversation? Why does CyberArk partner with so many technology vendors? What’s the value to you, the customer? It’s an opportunity to talk about Privileged Access Management solution integrations with market leading software applications in the vulnerability management, SIEM, storage, discovery, orchestration & response, governance and many other fields. We will discuss why identity is an important part of securing an application - fundamental security principle that is not yet widely considered.

 

To learn more about CyberArk, visit: https://securityweekly.com/cyberark

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode185

May 28, 2020
BeyondTrust, MITRE ATT&CK for ICS, & ThreatConnect - ESW #185
32:08

This week, MITRE ATT&CK for ICS: A Technical Deep Dive, Tufin Expands Security Automation Capabilities, Strengthen Business and Security Alignment with ThreatConnect, BeyondTrust Privilege Management for Windows and Mac SaaS Accelerates and Enhances Endpoint Security, Re-imaging threat detection, hunting and response with CTI, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode185

May 27, 2020
Stuxnet, RCE's Everywhere, & Breach Chaos - PSW #652
01:16:01

In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 24, 2020
HTTP Security Headers In Action - Sven Morgenroth - PSW #652
01:02:19

HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly.

 

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 23, 2020
Building An InfoSec Career - Jason Nickola - PSW #652
01:02:52

The guests on Trust Me I'm Certified have dropped some real knowledge and I'd like to distill that down as well as talk about building technical skills, looking at your career as a 'thing' that needs care and feeding, and the BSidesNH conference.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode652

May 23, 2020
Dealing With Phishing Attacks Outside of Email - DJ Sampath - ESW #184
26:57

In this segment we'll discuss why email security is still not a solved problem and how now that people are increasingly working from home, it poses an increased risk. We'll also share some interesting attacks that we've uncovered in the past several weeks since the beginning of shelter-in-place.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 22, 2020
Managing Enterprise Security Assessments - Dan DeCloss - ESW #184
34:06

Whether it's an external red team, internal red team, vulnerability scanning data, or a self-assessment questionnaire, results from all of these different types of assessments must be tracked and managed. Dan from Plextrac will walk you through how to track and manage all of these activities in one place!

 

To learn more about PlexTrac or to claim your Free Month, visit: https://securityweekly.com/plextrac

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 22, 2020
Acquisition-Mania, SaltStack Breaches, & RSAC 2021 - ESW #184
35:53

RSA Conference 2021 Changes Date from February to May 2021, Docker partners with Snyk on container image vulnerability scanning, Venafi acquires Jetstack to bring together developer speed and enterprise security, Onapsis expands assessments for its Business Risk Illustration service, Volterra launches VoltShare to simplify the process of securely encrypting confidential data end-to-end, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode184

May 21, 2020
The Center for Long-Term Cybersecurity - Part 2 - Ann Cleaveland - SCW #29
34:24

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode29

May 21, 2020
The Center for Long-Term Cybersecurity - Part 1 - Ann Cleaveland - SCW #29
29:09

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information. Anne will tell us about the work that the CLTC is doing, why "Long-Term" is in the name, and introduce us to their recent joint study with Booz Allen that researched "Considerations for Effective Oversight of Cyber Risk" based on interviews of a cross-section of board level positions.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode29

May 20, 2020
Burnt Out CISOS, Build Strategy, and 50+ Security Products - BSW #174
26:46

In the leadership and communications section, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

May 20, 2020
Is the Virtual SOC Our "New Normal"? - Mike Adler - BSW #174
35:10

As many organizations look to their "new normal," remote work will likely be a large piece of that strategy. Adler will dive into the impact this has on the SOC and why EDR should be top-of-mind.

 

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode174

May 19, 2020
Highlights From the New Open Source Security and Risk Analysis Report - Tim Mackey - ASW #108
00

The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.

 

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

May 19, 2020
Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108
00

Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.

 

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode108

May 18, 2020
Ramsay Malware, Top 10 CVE's, & Reverse RDP Attacks - PSW #651
01:34:06

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 17, 2020
Securing Remote Access: Quarantines & Security - Harry Sverdlove - PSW #651
54:05

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security?

 

To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 16, 2020
MITRE ATT&CK & Security Visibility: Looking Beyond Endpoint Data - Mike Nichols - PSW #651
53:24

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position.

 

To learn more about Elastic Security, visit: https://securityweekly.com/elastic

To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://ela.st/mitre-eval-rd2

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode651

May 16, 2020
Using the Network to Reduce Remediation Costs - Sid Nanda - ESW #183
26:33

Many companies hire external consultants to conduct incident response and remediation, which can add up quickly in cost. By providing these security consultants with network data in seconds as opposed to hours or days, we can drastically reduce remediation costs and speed breach containment.

 

To learn more about VIAVI Solutions, visit: https://securitweekly.com/viavi

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 15, 2020
Qualys VMDR: A Customer Perspective - Georges Bellefontaine - ESW #183
24:24

Discuss approach to vulnerability management at Toyota Financials and benefits of a full life-cycle approach to vulnerability management.

 

To learn more about Qualys VMDR, visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 15, 2020
Cortex XSOAR, Fortinet, & YubiEnterprise - ESW #183
29:12

In the Enterprise Security News, how GitHub Code Scanning aims to prevent vulnerabilities in open source software, SlashNext Integrates with Palo Alto Networks Cortex XSOAR to Deliver Automated Phishing IR and Threat Hunting, Portshift Announces Extended Kubernetes Cluster Protection, Vigilant Ops InSight Platform V1 automatically generates device software bill of materials, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode183

May 14, 2020
What Does "Security" Really Mean? - Part 2 - Jake Williams - SCW #28
33:28

Security vs. Compliance: Where are the overlaps? Where are the differences?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

May 14, 2020
What Does "Security" Really Mean? - Part 1 - Jake Williams - SCW #28
28:54

Security vs. Compliance: Where are the overlaps? Where are the differences?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode28

May 13, 2020
5 Tactical Steps, 5 CISO Priorities, and Communicating "Why" - BSW #173
25:40

In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating “Why”, 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

May 13, 2020
Lessons for Cybersecurity From a Pandemic - Mike Lloyd - BSW #173
34:30

The coronavirus has focused the world’s attention on disease spread like never before. This discussion will draw out some of the parallels that can inform how we do our work in cybersecurity, and that are helpful in communicating with the people who pay the bills. All the new vocabulary around “social distancing”, “contact tracing”, and “flattening the curve” is useful for our discussions in cybersecurity.

 

To learn more about RedSeal, visit: https://securityweekly.com/redseal

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode173

May 12, 2020
Samsung RCE 0-Click, Whispers, & Compromising Pluton - ASW #107
33:42

In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team’s code with code scanning and secret scanning!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

May 12, 2020
How Can Security Work TOGETHER, Not Against, Developers - Joe Garcia - ASW #107
36:45

DevOps and Agile IT practices have been around for a while. However, security teams are just now catching up. We will discuss how security teams can stop being “showstoppers” for the developers and actually work with them, not against them. Focus will be around empowering the developers with open source secrets management, securing endpoints and cloud native apps, and embedding security in the development process as early as possible.

 

To learn more about CyberArk, visit: https://securityweekly.com/cyberark

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode107

May 11, 2020
Vulnerability Madness, IoT Botnets, & Breach Chaos - PSW #650
01:34:23

In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

May 11, 2020
Project Fantastic - Bringing The CLI to GUI Users - PSW #650
46:18

Lots of IT and security professionals do not want to use the CLI, which has set them back. Fantastic exposes the same power as the CLI in an easy to use GUI that is more consistent and hopefully easier to navigate/use than the native GUI tools.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

May 09, 2020
Public Utility Security and National Guard Support - Chris Elgee, Jim McPherson - PSW #650
30:27

Public utilities are under fire from malicious actors now, more than ever. At the same time, authorities for National Guard units are expanding, allowing greater levels of support. However, this only works when relationships already exist.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode650

May 09, 2020
Effective Goal Setting and Tracking - ESW #182
36:02

Executing on a successful program and proving its efficacy is an impossibility for many security teams. Tune in as we discuss what steps you can take immediately to set more effective goals, track progress and share your success. You'll also have the opportunity to see how Rapid7's Vulnerability Management solution, InsightVM can help you create and contextualize metrics that your non-technical leadership and board—as well as your users—can understand.

 

To learn more about Rapid7, or to request a Demo, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

May 08, 2020
Why the Cloud Stall Is Now the Cloud Surge - ESW #182
33:35

Broad shifts to remote access plus increased strain on budgets and resources make it a business imperative to accelerate cloud adoption, and do it securely. Network detection and response bridges the gap between security and network teams and enables scalable visibility and security for cloud and multicloud environments.

 

To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

May 08, 2020
WordPress Attacks, IoT Device Shifts, & Splunk Cloud - ESW #182
32:49

Microsoft is to buy Israeli cybersecurity startup CyberX, ExtraHop Data Shows Shifts in IoT Device Usage During COVID-19 Have Broad Security Implications, Immuta and Snowflake help customers share data with automated privacy protection, Code42 Integrates with Palo Alto Networks Cortex XSOAR to Speed and Automate Insider Threat Incident Response, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode182

May 07, 2020
PCI: A New Hope - SCW #27
31:42

Security, Compliance, and Breach News!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode27

May 07, 2020
The Rise of PCI - SCW #27
39:30

Today we will discuss the PCI DSS and some of its myths, misunderstandings, and misconceptions, including: Why most vendors don't understand how their products fit within PCI, The six overall goals of the PCI DSS, Why PCI is perceived as a check box program, and more!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode27

May 06, 2020
CISO Burnout, 7 Rules to Stay Productive, and Hire Great Talent Now! - BSW #172
16:33

In the leadership and communications section, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode172

May 06, 2020
Lessons Learned from a Data Breach - Graeme Payne - BSW #172
36:36

During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as “the human error”.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode172

May 05, 2020
Psychic Paper, Salt RCE, & Love Bugs - ASW #106
33:09

This week in the Application Security News, “Psychic Paper” demonstrates why a lack of safe and consistent parsing of XML is disturbing, Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams, Salt Bugs Allow Full RCE as Root on Cloud Servers, Managing risk in today’s IoT landscape: not a one-and-done, and Love Bug's creator tracked down to repair shop in Manila!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode106

May 05, 2020
Modern Application Security & Container Security - Gareth Rushgrove - ASW #106
39:29

This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! They also discuss Configuration Management, how developers are writing more Docker and Kubernetes Container files, and more!

 

To learn more about Snyk, visit: https://securityweekly.com/snyk

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode106

May 04, 2020
Defensive Strategies and Qualys VMDR - PSW #649
01:32:10

The crew talks about how to accomplish asset management, vulnerability management, prioritization of remediation, and the actual remediation steps! No small task! Then check out a deep dive demonstration of Qualys VMDR that includes, you guessed it, Asset Management, Vulnerability Management, Threat Detection & Prioritization, and Response!

 

To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode649

May 03, 2020
Python Pickling, Sophos 0-Day, & AWS RDS MySQL - PSW #649
58:40

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode649

May 02, 2020
Fighting the Cyber War With Battlefield Tactics - Jeremy Miller, Philip Niedermair - PSW #649
52:09

Jeremy Miller, a former Green Beret and current CEO of Lionfish Cyber Security, will discuss how mission set tactics used by Special Forces can be applied directly to the cyber war being waged today. These mission sets are very relevant for the front line of cybersecurity professionals, who are the next generation of Special Operation forces. These are the men and women that protect our country, our businesses and our families. Approaching the cyber war with this mindset, Miller is re-aligning how cybersecurity in small to medium sized businesses is structured. His team plans to be a force multiplier for SMBs by bundling resources and capabilities into an affordable security platform, making cyber security more a strength than a weakness for these organizations.

 

Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode649

May 02, 2020
Building an Enterprise Security Team - Wim Remes - ESW #181
33:00

This week, we welcome Wim Remes, CEO and Principal Consultant at Wire Security, to discuss learning how to build an Enterprise Security Team, including how to find the right people!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode181

May 01, 2020
Security Challenges When Working Remotely - Gerald Beuchelt - ESW #181
27:49

Unfortunately, the pandemic has been used as the subject in an aggressive spike of malicious cyber attacks attempting to monopolize the situation. Knowing how and where to focus your security efforts first is critical in maintaining security and privacy.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode181

May 01, 2020
Trustwave, F-Secure, & Obsidian Security - ESW #181
26:44

This week in the Enterprise Security News, Obsidian Security lets security teams monitor Zoom usage, Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base, Trustwave Security Colony delivers resources, playbooks and expertise to bolster security posture, Almost half of security pros being redeployed during pandemic, Why You Need Both SIEM and SOAR Solutions in your Cybersecurity, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode181

Apr 30, 2020
Cyber and Disabilities Pt.2 - Joe Brinkley - SCW #26
28:59

We continue the discussion with TheBlindHacker, Joe Brinkley. The Blind Hacker is an InfoSec enthusiast, hacker, mentor, pen tester, red team member, and much more. Among these many roles, the role that he feels is of absolute importance is making time to mentor others online (e.g. through streams and online communities). Furthermore, he frequently volunteers his time in the realm of workplace development by providing resume reviews and job advice (e.g. via mock interviews and professional workshops to help lead people into the roles they want).

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode26

Apr 30, 2020
Cyber and Disabilities Pt.1 - Joe Brinkley - SCW #26
28:19

This week, we welcome Joe Brinkley, Director Offensive Security at ACTIVECYBER, to discuss Cyber and Disabilities! We're taking a different angle on compliance today; talking to Joe Brinkley, the "Blind Hacker"!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode26

Apr 29, 2020
Avoid These Missteps and Strategize a Return to the Office - BSW #171
21:33

In the Leadership and Communications section, Executives and Boards, Avoid These Missteps in a Crisis, Strategizing a return to the office, How to Answer an Unanswerable Question, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode171

Apr 29, 2020
Relations Between Buyers and Sellers of Security Products - David Spark - BSW #171
33:36

The concept of the CISO/Security Vendor Relationship Series started more than two years ago when relations between security vendors and practitioners appeared very strained. Since we started producing our podcasts more than a year and a half ago, anecdotally, we're seeing a lot of improvement. But, there are still plenty of issues like what we saw more than two years ago.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode171

Apr 28, 2020
Nintendo Breach, NSA Advisory, & Security of IoMT - ASW #105
31:34

This week, in the Application Security News, Nintendo Confirms Breach of 160,000 Accounts via a legacy endpoint, NSA shares list of vulnerabilities commonly exploited to plant web shells, Code Patterns for API Authorization: Designing for Security, Health Prognosis on the Security of IoMT Devices? Not Good, and 8 Tips to Create an Accurate and Helpful Post-Mortem Incident Report!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode105

Apr 28, 2020
Threat Modeling in AppSec - Avi Douglen - ASW #105
34:28

This week, we welcome Avi Douglen, Founder and CEO of Bounce Security, to talk about Threat Modeling in Application Security, DevSecOps, and how Application Security is mapping Security culture!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode105

Apr 27, 2020
iOS Mail Hijack, Hacking Satellites, & 0-Days for Days - PSW #648
01:26:16

In the Security News, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, Wanna hack a Satellite? The Navy will let you…, IBM 0-day released for days after notification - IBM said “won’t fix!”, Zoom Dropped by Big Business Despite Addressing Security Flaws, Android Users Beware: Google Just Banned These Devious Apps With 69 Million Installs, NSA shares list of vulnerabilities commonly exploited to plant web shells, German Government Loses 'Tens of Millions' in COVID-19 Phishing Attack, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode648

Apr 26, 2020
Layer8 Conference & WorkshopCon - Ori Zigindere, Patrick Laverty - PSW #648
40:10

Patrick Laverty created and co-organizes the Layer 8 Conference with Lea Snyder. This year will be the 3rd annual conference that solely focuses on social engineering and OSINT topics. Ori Zigindere is an offensive security professional with a background in software engineering. He works with a wide range of companies in all major industries to help them improve their security posture against day to day threats. Patrick and Ori join us today to talk about the Layer8 Conference, and WorkshopCon!

 

To sign up for the Layer8 Conference, please visit: https://layer8conference.com/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode648

Apr 25, 2020
The Insider Threat - Steven Bay - PSW #648
59:21

Steven Bay has over 16 years of cybersecurity experience, spanning the military, government, consulting, and enterprise security. For 10 of those years, he supported the National Security Agency both as a member of the military and a contractor. In 2013 he hired Edward Snowden to a contract position in Hawaii and was his manager when Snowden fled the country with top-secret NSA data. Following this, he moved into commercial cybersecurity where he provided IR and Threat Intelligence services to Fortune 500 companies, served as a CISO, and today is the Director of Security Operations at Security On-Demand. He also is a keynote speaker where shares his story and lessons learned from his Snowden experience at industry groups, corporate events, and student groups.

 

To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode648

Apr 25, 2020
Threats of Social Engineering Go Beyond Phishing - Peter Warmka - ESW #180
32:03

Peter will discuss this article and put it into even greater perspective: https://worldview.stratfor.com/article/linkedin-cybersecurity-recruitment-hostile-intelligence-agency

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode180

Apr 24, 2020
Work from Home - Business Impacts & Security Risks - Mark Orsi - ESW #180
26:00

As we quickly pivot to remote work, what are the business impacts and security risks? What have we learned and how quickly can organizations adapt to this new paradigm? What activities should we take to make our organizations more resilient as we emerge from this crisis and prepare for the next?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode180

Apr 24, 2020
ThunderScan, F-Secure Countercept, & ZeroFOX AI - ESW #180
22:47

This week in the Enterprise Security News, Breach-and-Attack Simulation Firm SafeBreach Raises $19 Million, F-Secure launches protection and response service to protect remote workers, Swimlane acquires Syncurity to spur growth and affirm commitment to SOAR market, DefenseCode ThunderScan SAST 2.1.0 supports Go and ABAP languages, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode180

Apr 23, 2020
Compliance News - SCW #25
30:31

This week in the Security and Compliance News, Back to basics: The GDPR and PCI DSS, Why Compliance is for Guidance, Not a Security Strategy, Cognizant hit by 'Maze' ransomware attack, Audits Don't Solve Security Problems, Contact Tracing Apps Attempt to Balance Necessary Public Health Measures With User Privacy, and more!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode25

Apr 23, 2020
State of the Union - Paul Asadoorian - SCW #25
40:56

We're talking to our host and benefactor about his vision for Security Weekly Productions and how Security & Compliance Weekly fits into the mix.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode25

Apr 22, 2020
Clear Vision, 3 Recession Scenarios, and Transparency - BSW #170
33:34

In the leadership and communications section, Leaders, Do You Have a Clear Vision for the Post-Crisis Future?, 3 recession scenarios and their impact on tech spend, Supply chain transparency: Technology, partnership and progress, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode170

Apr 22, 2020
InfoSec World Conference 2020 - Summer Fowler - BSW #170
28:00

As the Co-Chair of the Leadership Board for InfoSec World Conference in Orlando, FL this June 2020, Summer will discuss how this is an excellent opportunity for Executive, Management, and Technical teams to attend a conference together to learn more about both the business of cyber security and the latest in technical capabilities.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode170

Apr 21, 2020
Malicious Ruby Gems & JSON Web Token Bypass - ASW #104
34:42

This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode104

Apr 21, 2020
Building an AppSec Ecosystem - Rebecca Deck - ASW #104
36:12

It's possible to check the boxes and have an AppSec program that looks great on paper, but still not have positive results. We will cover using continuous feedback from AppSec testing activities passing through threat models to make life better for AppSec, red teams, QA, and engineers.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode104

Apr 20, 2020
Hospital Hackers, $500K Zoom 0day, & SFO Windows Hackers - PSW #647
01:24:29

This week in the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, Macs Are More Secure, and Other Jokes You Can Tell Yourself, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Apr 19, 2020
Pen Testing to Validate Vulnerability Scanners - Magno Gomes - PSW #647
24:50

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choose between the two. But that’s not the case. This segment will cover why and how pen testing can be used to validate vulnerability scanner results.

 

To learn more about Core Security, visit: https://securityweekly.com/coresecurity

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Apr 18, 2020
Threat Intel Program Strategies - Wade Woolwine - PSW #647
49:07

Defining key areas of investment that organizations need to consider in their programs. Within the areas of investment, we talk about functional areas and defining capabilities within each functional area. The end goal is to have a framework that folks can use to document their security program, measure evolution over time, share best practices, organize content and data, and be used as a reference architecture based on community input.

 

To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Apr 18, 2020
The Missing Link for Protecting Against Ransomware - Tim Williams - ESW #179
17:32

Tim Williams, Founder and CEO of Index Engines, joins us to discuss the cyber security software market and how it's focused on preventing ransomware attacks. How do you know if that line of defense fails? How do you prove that negative?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode179

Apr 17, 2020
Phishing's Effect on Corporate Culture - Terry McCorkle - ESW #179
18:09

Many organizations today know about phishing and have taken steps to educate users, followed by phishing simulations. What comes next? This discussion will revolve around what many organizations are struggling with after they have built a phishing program.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode179

Apr 17, 2020
Patch Tuesday, Sysdig, & AttackIQ - ESW #179
26:44

This week in the Enterprise Security News, NeuVector adds to container security platform and automates end-to-end vulnerability management, Sysdig Expands Unified Monitoring Across IBM Cloud Services Globally, Optiv Hires Deloitte Stalwart Kevin Lynch as Chief Executive Officer, Illusive Networks Integrates with Infoblox to Speed Deployment, Microsoft's April 2020 Patch Tuesday arrives with fixes for 3 zero-day exploits and 15 critical flaws, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode179

Apr 16, 2020
Cyber Insurance News - SCW #24
33:04

Jeffrey Smith joins us in looking at how cyber insurance is playing out in the real world - or at least how it's showing up in the news.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode24

Apr 16, 2020
Cyber Insurance - Jeffrey Smith - SCW #24
34:21

This week, we welcome Jeffrey Smith, Managing Partner at Cyber Risk Underwriters, to sell us Cyber Insurance, and how he wants to take on the skeptics (e.g. the SCW hosts) about the role that Cyber Insurance plays in security!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode24

Apr 15, 2020
Start, Stop, Defer; Adapting to a Crisis; and Building a Culture - BSW #169
18:10

In the leadership and communications section, the 3 stages of adapting to a crisis, build a culture that aligns to people's values, stop, start, defer: how companies are navigating technology spend in a crisis, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode169

Apr 15, 2020
Security Money - BSW #169
24:37

It's our Security Money show, where we'll review the Security Weekly 25 Index and all the financial updates for both the public and private security markets.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode169

Apr 14, 2020
Zooming Alex Stamos & Building Security TestOps - ASW #103
33:32

This week in the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode103

Apr 14, 2020
Making Kubernetes a Hostile Place for Attackers - Brad Geesaman - ASW #103
38:06

Kubernetes is conceptually simple, but in practical terms, a highly complex distributed system with thousands of interdependent settings that drive behavior and security posture. That said, focusing hardening efforts on a handful of key configurations and policies can make the job of an attacker incredibly challenging in a cluster.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode103

Apr 13, 2020
Zoom, Kubernetes, and Hacking - PSW #646
01:08:07

A little about Zoom vulnerabilities and data leaks and Cisco Webex vulnerabilities. We talk about security Kubernetes and how the same security principals apply, vulnerabilities in ICS systems and how hackers can help improve society. Oh, and smart toilets that scan your, er, logs.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode646

Apr 12, 2020
Tales From The Crypt...Analyst - Part 2 - Jeff Man - PSW #646
01:28:14

In the second part of our interview series with the legend Jeff Man, he continues his discussion with Paul, Matt, and Lee, about the many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode646

Apr 11, 2020
To Hunt or Not To Hunt; This is Never a !=? - Tyler Robinson - PSW #646
59:00

We welcome Security Weekly's own Tyler Robinson for a Technical Segment, to talk about how individuals are tracked and then demonstrates different TTPs Nisos uses to hunt and track people of interest. Using a modified version of Trape, ngrok, and DNS setup, Tyler shows how much information and tracking data can be gathered and further used for ongoing operations by simply clicking a link or visiting a page with embedded JavaScript.

 

To view ngrok, visit: https://www.ngrok.com/

To check out the Trape tool, visit: https://github.com/jofpin/trape

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode646

Apr 11, 2020
Moving Towards Modern Vulnerability Management - Ed Bellis - ESW #178
19:18

What are the practical ways to get that time to value in app security? How can we utilize devs in the process without creating massive SAST integration projects and training them on false positives and complex challenges. So just fitting into their daily process, and only sending them actionable and real findings.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode178

Apr 10, 2020
Time to Measure Security Improvement in AppSec - Ferruh Mavituna - ESW #178
33:20

What are the practical ways to get that time to value in app security? How can we utilize devs in the process without creating massive SAST integration projects and training them on false positives and complex challenges. So just fitting into their daily process, and only sending them actionable and real findings.

 

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode178

Apr 10, 2020
CrowdStrike, Automox, & Ixia - ESW #178
27:09

New from BitDam, Ping, CrowsdStrike, Automox, Ixia, Recorded Future, CyberArk, AlgoSec, Tufin, Unisys. Redis servers found exposed to the Internet and vulnerable!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode178

Apr 09, 2020
CMMC - Part 2 - Chris Golden - SCW #23
35:32

Chris Golden, Board Member for the Accreditation Body, continues the conversation surrounding the DOD's release of the CMMC program to keep the amount of false information to a minimum.

 

To view the CMMC Model, visit: https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode23

Apr 09, 2020
CMMC - Part 1 - Chris Golden - SCW #23
33:53

Chris Golden, Board Member for the Accreditation Body, will answer questions surrounding the DOD's release of the CMMC program to keep the amount of false information to a minimum.

 

To view the CMMC Model, visit: https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode23

Apr 08, 2020
3 Tips, 4 Behaviors, and 15 Steps for Remote Work - BSW #168
32:58

In the leadership and communications section, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode168

Apr 08, 2020
Cyber Resilience - Richard Clarke - BSW #168
31:44

This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days. Significant risks are still manageable, but what are the concrete steps that can be taken toward cyber resilience. In conversations with leading scientists, government officials, and corporate executives, the prevailing consensus is that we are capable of defending ourselves as individuals, as organizations, and as a nation, but that our cyber security remains contingent on the a consensus that it is worth prioritizing.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode168

Apr 07, 2020
Zoom Flaws, 'Zombie' win32k Bug, & Inputscope - ASW #102
35:09

This week in the Application Security News, Zoom is gaining lots of attention for flaws and serves as a good exercise in threat modeling and communicating security trade-offs, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak from the usual suspect of an S3 bucket for an unusual amount of sensitive data, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode102

Apr 07, 2020
You're (probably) Doing AppSec Wrong - Grant Ongers - ASW #102
36:39

Most security programs generally get in the way of delivery (if they don't, to all intents and purposes, prevent it altogether) and are probably also failing to provide the required level of actual security. This segment can try to look at why this is the case and how (in general terms) security and product teams can change this.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode102

Apr 06, 2020
Security News - To Zoom or Not to Zoom - PSW #645
01:32:42

This segment will largely focus on the recent Zoom vulnerabilities and the responses from security researchers, the security community and enterprises. Should you stop using Zoom? Tune in to find out! (Hint: Uhm, probably not).

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode645

Apr 04, 2020
IoT Devices: Security and Privacy Labels Research - Lorrie Cranor - PSW #645
49:51

At Carnegie Mellon University we are designing a usable security and privacy label for smart devices to help consumers make informed choices about Internet of Things device purchases and encourage manufacturers to disclose their privacy and security practices. The label includes information on privacy and security practices of the smart device, such as the type of data the device collects and whether or not the device gets automatic security updates. Based on research with both consumers and experts, we have designed a two-layer label that includes a simple, understandable primary layer for consumers and a more detailed secondary layer that includes information important to experts.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode645

Apr 04, 2020
Collaboration Between NetOps and SecOps in Today's World - Matt Allen - PSW #645
49:47

Matt and the Security Weekly crew will discuss how the interaction between network engineers and security operations has changed over the years, as well as the value of the network when identifying security threats and performing remediation.

 

For more information on VIAVI Solutions, visit: https://securityweekly.com/viavi

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode645

Apr 03, 2020
Windows Exploits, Re-Training Your Security Solutions - Tod Beardsley - ESW #177
21:13

Tod Beardsley, research director, will discuss some of the trends in Internet scanning and attacker behavior given there are new Windows vulnerabilities and the workforce working from home. Should you re-train your User Behavior Analytics (UBA) and/or rely on other technologies?

 

To learn more about Rapid7 or to get a free trial, visit: https://securityweekly.com/rapid7

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode177

Mar 27, 2020
Keeping Systems Secure...From Home - Sumedh Thakar - ESW #177
28:27

The cybersecurity challenges created by remote workforces and what it takes to deliver security to remote workers while avoiding impacting business operations. How do you continue vulnerability and patch management across endpoints and servers when everyone is working from home?

 

To learn more about Qualys, visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode177

Mar 27, 2020
Threat Stack, Qualys, StackRox, Sysdig - ESW #177
22:33

How to Write an Automated Test Framework in a Million Little Steps, Qualys remote endpoint protection solution helps enterprises secure remote workforces, Sysdig Provides the First Cloud-Scale Prometheus Monitoring Offering, Kaspersky Security for Microsoft Office 365 adds protection for SharePoint Online and Microsoft Teams and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode177

Mar 26, 2020
Nemours Use Of RSA Archer To Manage Compliance Risk - Kevin Haynes - SCW #22
36:20

Customer perspective on the three topics discussed with RSA in first segment Also: -What is your view of security vs. compliance vs. risk? -What drives your security program initiatives? -What are the biggest challenges in administering a security program?

 

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode22

Mar 26, 2020
Compliance Risk Challenges - David Walter - SCW #22
30:47

David Walter from RSA will join us to discuss the following:
-The shift in the enterprise from compliance-based focused initiatives to risk-based ones
-Regulatory changes that are impacting organizations security program/management efforts
-Challenges/Successes associated with automating compliance monitoring efforts/continuous compliance monitoring

 

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode22

Mar 25, 2020
Real Leaders, Social Distancing, and Vendor Relationships - BSW #167
30:36

In the leadership and communications section, Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode167

Mar 25, 2020
Protect Your Assets According to Their Value - Jeff Costlow - BSW #167
25:49

How do you protect your assets commensurate with their value if you lack situational awareness of everything communicating on your network thanks to IoT, rogue cloud instances, and shadow IT? If we can agree that EDR doesn't give the full picture, what can the security industry do to combat this challenge both from a technological and a process/culture perspective? Jeff will discuss how asset and risk management is changing and open up a conversation around how the CIA Triad has and is evolving.

 

For more information, visit: https://securityweekly.com.extrahop

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode167

Mar 24, 2020
The Benefits of SAST and SCA in Your IDE - Utsav Sanghani - ASW #101
38:28

Static application security testing (SAST) is critical for uncovering and eliminating issues in proprietary code. However, over 60% of the code in an average application today is composed of open source components. SAST isn't designed to find open source vulnerabilities (CVEs) or identify open source licenses. And manually maintaining a repository of approved open source components for developers is inefficient and time-consuming. That’s where software composition analysis (SCA) comes in. Introducing a new functionality within the Code Sight IDE plugin that combines SAST and SCA in one place to enable secure development.

 

For more information, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode101

Mar 24, 2020
Singularity: A Different Take on Container Security - Adam Hughes - ASW #101
34:53

Singularity is a container runtime that was built from the ground up to live in multi-user environments where POSIX permissions must be respected. In addition to a novel runtime approach, the Singularity Image Format (SIF) differs significantly from other container image formats, with built-in support for full image encryption as well as digital signatures.

 

For more information, visit: http://sylabs.io/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode101

Mar 23, 2020
Drobo Exploit, Docker Escape, SMBv3.11 - PSW #644
01:21:18

SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 - Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, WordPress, Apache Struts Attract the Most Bug Exploits, Run Docker nginx as Non-Root-User.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode644

Mar 21, 2020
RSAC Micro Interview: Acunetix and Netsparker - Kevin Gallagher, Mark Ralls - ESW #176
30:18

Acunetix: Automation as a Solution for Web Application Security - Mark Ralls - RSAC 2020 Mark Ralls, President and Chief Operating Officer at Acunetix, discusses web security challenges in small and medium enterprises and how automation can help fill the skills gap. To schedule a demo with Acunetix, visit: https://securityweekly.com/acunetix Netsparker: How to Scale Web Application Security - Kevin Gallagher - RSAC 2020 Kevin Gallagher, Chief Revenue Officer at Netsparker, discusses how to scale web application security including asset discovery, application scanning, prioritization of results, and more! To get a demo of NetSparker, please visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

Mar 21, 2020
Zen And The Art Of Logs In The Cloud - Corey Thuen - PSW #644
53:38

Struggling with how to get your logs from the cloud? Have no fear, Corey and the Security Weekly crew talk about how to configure your logs in the cloud, use cloud-native services to handle the shuffling of logs in and out of the cloud, and control your costs! We conclude by talking a bit about Windows Event logs and overcoming some gotchas.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

To learn more about Gravwell, visit: https://securityweekly.com/gravwell

Show Notes: https://wiki.securityweekly.com/PSWEpisode644

Mar 20, 2020
Work from home securely - PSW #644
58:59

The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode644

Mar 20, 2020
RSAC Micro Interview - SaltStack and Synopsys - ESW #176
27:57

SaltStack: Managing Configuration & Patches with SaltStack - Mehul Revankar - RSAC 2020 Offering open-source and commercial solutions for configuration, patch, and vulnerability management, SaltStack is a must-have! Mehul Ravankar provides us with details about the various products and new features including the ability to import vulnerability scan data and remediate! To request a demo with SaltStack, visit: https://securityweekly.com/saltstack Synopsys: Enabling Developers Without Negatively Impacting Their Velocity - Utsav Sanghani - RSAC 2020 Utsav Sanghani, Senior Product Manager from Synopsys, discusses the latest efforts to enable developers in ensuring that software security is accounted for in their work without negatively impacting their velocity. To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

Mar 20, 2020
Enterprise News - ESW #176
31:39

Fortinet Introduces Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

Mar 19, 2020
A holistic view of meeting compliance requirements - Part 2 - Matt Allen - SCW #21
34:46

Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21

Mar 19, 2020
A holistic view of meeting compliance requirements - Part 1 - Matt Allen - SCW #21
32:42

Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21

Mar 17, 2020
Where the Law Thinks Your Data Lives - Steve Black - BSW #166
29:47

What data compliance regulations apply to a Las Vegas hospital with California patients? One major compliance fine can lead to a big financial hit and a complete loss of customer trust, so understanding ‘where your data lives’ and how the law shifts based on the location of data collection, storage and transfer is paramount. With no overarching federal data law, each state can (and does) require different duties from organizations that collect and keep data. A big challenge for compliance teams is figuring out which state (or states) claim your data. Unfortunately, the legal world of intangible data property is complicated and sometimes even contradictory. I will also preview my InfoSec World 2020 session - Cyberlaw Year in Review. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166

Mar 17, 2020
Bottlerocket, Supply Chain Casualty, DevOps Sweet Spot - ASW #100
32:35

Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1). Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100

Mar 17, 2020
DevSecOps / Scaling Security - Clint Gibler - ASW #100
39:53

Due to a combination of a) development teams embracing Agile and DevOps and b) that security teams are often outnumbered by developers 100:1 or more in many companies, there's been a fundamental shift in how security teams need to operate. I've spent a significant amount of time studying how security teams at companies, large and small, have attempted to adapt to this new reality. There are a number of interesting trends in how work is prioritized, continuous code scanning (static and dynamic), scaling threat modeling and detection & response, investing in secure defaults, asset inventory, self-healing cloud environments, and more. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100

Mar 17, 2020
Drowning in a Sea of Alerts, CIO News, and More! - BSW #166
25:55

In the leadership and communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166

Mar 17, 2020
Protecting Data on Employee 0wned PCs - Gabe Gumbs - PSW #643
01:01:25

COVID-19, among other things, has deemed it necessary for many to work from home. There are several security concerns that need to be raised, such as those who work from home still require access to data and services. How many will store sensitive information on their personal computers? How will attackers change their strategy to target those working from home? Tune in to this segment for the full discussion! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

Mar 15, 2020
Connected devices security - Dorit Naparstek - PSW #643
29:10

Hacks performed on connected & IoT devices, such as routers, security cameras, smart meters, etc. are increasingly common, and revealing major vulnerabilities in existing security measure. This vicious cycle of hack & patch can be broken by adopting a new approach that introduces the role of flash memory in securing devices.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

Mar 15, 2020
Girls Who Hack and Secure Open Vote - Bianca Lewis - PSW #643
56:56

Girls Who Hack teaches classes primarily to middle school girls on hacking and making. Secure Open Vote is an end to end, open source election system that is in the design stages. www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

Mar 14, 2020
RSAC Micro Interviews - ExtraHop and Bandura - Corey Bodzin, Todd Weller - ESW #175
32:00

ExtraHop - Agents and logs don't play well in an IoT environment, however the network doesn't lie. Looking at the behaviors of IoT devices through the lens of the network traffic can help build an asset inventory help detect attacks. Corey Bodzin is the VP of Product Management for ExtraHop and discusses how network visibility can help with IoT security. To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop Bandura - Todd Weller, Chief Strategy Officer at Bandura Cyber, provides an update on Bandura Cyber and discusses the latest trends and dynamics in threat intelligence. To find out more about Bandura Cyber, please email Todd.Weller@banduracyber.com Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Mar 13, 2020
Drink all the booze, log all the things. - Corey Thuen - ESW #175
26:07

The pain caused by bad pricing models in cybersecurity and analytics tools Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Mar 12, 2020
Neustar, Fortinet, WatchGuard, Panda Security - ESW #175
24:54

Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two hybrid IT focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Mar 11, 2020
Categorization of Information Security - BSW #165
22:46

How we breakdown the categories in information security. We look at the major areas of infosec and how they relate to your security programs and the vendors/technologies in each category. Our category breakdown will be used to label each segment we produce and allow subscribers to select categories of interest!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode165

Mar 11, 2020
Where do you Stand? Part 2 - Winn Schwartau - SCW #20
29:13

The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode20

Mar 10, 2020
Where do you Stand? - Winn Schwartau - SCW #20
35:21

The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode20

Mar 10, 2020
CISOs, CVE, DevOps, Gandalf - ASW #99
37:17

CVE-2020-0688 Losing the keys to your kingdom, which is why Multiple nation-state groups are hacking Microsoft Exchange servers, Revoking certain certificates on March 4 and Why 3 million Let’s Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, CISOs Who Want a Seat at the DevOps Table Better Bring Value. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode99

Mar 10, 2020
CISOs ready to move, How CISOs manage stress, and more! - BSW #165
29:33

In the leadership and communications section, CISOs who leave after 2 years may not finish what they start, Most CISOs ready to move jobs if something better comes along, A New Framework for Executive Compensation, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode165

Mar 09, 2020
Guy Podjarny, Snyk - Guy Podjarny - ASW #99
35:56

Guy Podjarny (@guypod) is Snyk's Founder and President, focusing on using open source and staying secure. Guy was previously CTO at Akamai following their acquisition of his startup, Blaze.io, and worked on the first web app firewall & security code analyzer. Guy is a frequent conference speaker & the author of O'Reilly "Securing Open Source Libraries", "Responsive & Fast" and "High Performance Images". Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode99

Mar 09, 2020
Tomcat, AWS Malware, Hacker Movies - PSW #642
01:43:44

Apache Tomcat AJP exploit, malware in AWS, hacker movies and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

Mar 09, 2020
Mark Cooper, PKI Solutions - Mark Cooper - PSW #642
47:20

How SHAKEN/STIR and PKI will end the global robocall problem Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spoofing/a/d-id/1336285 Link to landing page with more info: https://www.pkisolutions.com/shakenstir/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

Mar 08, 2020
Active Directory, Azure and Windows Security - Sean Metcalf - PSW #642
01:00:40

Active Directory & Microsoft Cloud (Azure AD & Office 365) Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode642

Mar 08, 2020
RSAC Micro Interview - Plextrac & Gravwell - Corey Thuen, Daniel DeCloss - ESW #174
29:30

Dashboards are a great way to enable junior security analysts to be more effective when trying to discover security events. Cory Thuen is the Founder and CEO of Gravwell, and they want to your logs, all of your logs. Gravwell's solution allows you to run queries and create dashboards that lead to actionable events. Cory explains how this works and even how customers are using Gravwell to collect logs on-premise and in the cloud. Vulnerabilities and exposures come from many different sources. Plextrac allows you to bring in data from anywhere and track those findings across your entire organization. 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode174

Mar 04, 2020
RSAC Micro Interview - Elastic & Rapid7 - Mike Nichols, Tod Beardsley - ESW #174
29:35

It is no secret that elections are under constant attack. Attacks take many shapes and forms, from dis-information to malware to denial of service, its all in play as adversaries look to disrupt enemy infrastructure. Tod Beardsley, Director of Research at Rapid 7 brings unique and insightful perspectives on this topic as he is analyzing data from scans of the entire Internet and monitoring over 250 honeypots.Mike Nichols, Head of Product at Elastic, discusses election security and their partnership with the DDC to offer 2020 campaigns free security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174

Mar 04, 2020
Enterprise News - ESW #174
39:43

News from Nozomi Networks, Code42, CrowdStrike, SCYTHE, Palo Alto Networks, Gurucul, SentinelOne and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174

Mar 04, 2020
Compliance News - SCW #19
31:25

Health compliance measures to improve pandemic recovery and reduce issues, World Bank pandemic awareness, Is coronavirus not a flu?, Dear passwords: Forget you. Here's what is going to protect us instead, Cyber insurance coverage reflects a changing threat landscape, and the greatest contest ever – privacy versus security.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode19

Mar 03, 2020
Reflections On RSAC - SCW #19
34:18

Reflections on RSAC! Let's talk about the grand festival of infosec consumerism that is RSA Conference! Was it worth catching the Coronavirus? And if so, did you use a lime!?

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode19

Mar 03, 2020
InfoSec World Workshop: DevSecOps and Cultural Transformation - Dan Petit - ASW #98
38:28

Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a "deep survey" into all things DevSecOps. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode98

Mar 02, 2020
Ghostcat, Apache, Networks, Starliner - ASW #98
31:40

CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol. IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple’s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode98

Mar 02, 2020
Cool Things We Found At RSAC 2020 - PSW #641
27:56

We found some cool stuff at RSAC 2020! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Mar 02, 2020
Protect Ya Data - Gabe Gumbs - PSW #641
33:26

Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to security and compliance. Protect what matters most. Visit https://securityweekly.com/spirion for more information. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Mar 01, 2020
Tales From The Crypt...Analyst - Jeff Man - PSW #641
49:10

There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Mar 01, 2020
Shadow Risk Elimination - Rob Gurzeev - BSW #164
25:06

This interview will cover the idea of Shadow Risk and why it's something your organization can’t ignore. Specifically, we'll talk about why your security efforts have to start with mapping and managing your attack surface, how that's gotten harder with digital transformation, and how legacy approaches to addressing the problem -- including vulnerability management and penetration testing -- and even more recent approaches like Security Ratings Services, are out of touch with your IT infrastructure and, worse still, lag behind the way attackers operate.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode164

Mar 01, 2020
Jinan Budge, Forrester - CISO Leadership, Culture, and the Evolving Role - Jinan Budge - BSW #164
23:51

Jinan Budge, Principal Analyst at Forrester, discusses CISO Leadership, Security Culture, and the Evolving Role of the CISO.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode164

Mar 01, 2020
Application News - RSA Conference News and Activities - ASW #97
32:30

6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Development and DevOps Environments, and more RSA Conference News!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode97

Feb 26, 2020
Chris Eng Interview - What's New with Veracode - Chris Eng - ASW #97
30:59

Chris Eng, Chief Research Officer at Veracode, provides an update on Veracode including 2019 growth, new product announcements, Veracode Security Labs, and booth activities at RSA Conference 2020.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode97

Feb 25, 2020
Tesla Sensors, Israeli Soldiers Phished, Machine Learning - PSW #640
01:23:09

Nedbank Says 1.7 Million Customers Impacted by Breach at Third-Party Provider, 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users, 5 inch piece of electrical tape can fool Tesla sensors, Israeli soldiers phished by HAMAS posing as interested women, and a simple guide to AI, Deep Learning, and Machine Learning.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Feb 24, 2020
Kubernetes/Container Security - Ian Coldwater - PSW #640
54:07

Ian Coldwater is the Lead Platform Security Engineer at Heroku. Ian will discuss Kubernetes and container security!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Feb 23, 2020
Unifying SIEM And Endpoint Security - PSW #640
56:49

Elastic recently released Elastic Security 7.6 - the culmination of months of work by the security team and a monumental leap forward toward delivering a unified threat protection and security analytics solution. At the core of our solution is Elasticsearch, powering a new SIEM detection engine that automates threat detection and comes with 100+ prebuilt rules aligned with the MITRE ATT&CK framework to identify known and unknown threats. We would like to talk about these milestone features in the context of bringing SIEM and endpoint security together in a single UI.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Feb 22, 2020
ExtraHop Customer Interview - Ben Budge, Lyle Beck - ESW #173
31:06

Ben Budge and Lyle Beck will discuss the problems they faced at Litehouse in regards to network and system monitoring and troubleshooting and how that ultimately took them to Extrahop. They will also discuss the value ExtaHop has brought to Litehouse and share some of those experiences. To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

Feb 22, 2020
IBM announces RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020 - ESW #173
41:04

his week, in the enterprise news segment, IBM announces RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020, and lots of funding announcements.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

Feb 21, 2020
Red Lion is running the CTF at Infosec World 2020 - ESW #173
18:02

Scott Lyons will provide an overview of their CTF at InfoSec World 2020, including their training class, CTF 101.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

Feb 20, 2020
SweynTooth, OWASP, CRXcavator, DevSecOps - ASW #96
33:14

SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, OWASP SAMM version 2, Understanding Trusted Execution Environments and Arm TrustZone, Security Researchers Partner With Chrome To Take Down Browser Extension Fraud Network Affecting Millions of Users with a revisit to CRXcavator and a look at one of its components, RetireJS, It's the Boot for TLS 1.0 and TLS 1.1 and it's only been about six to nine years since major protocol attacks were demonstrated. How does your organization manage tech debt?, What Is DevSecOps and How to Enable It on Your SDLC?

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode96

Feb 20, 2020
Integrated Risk Management is the New GRC - Part 2 - Jeff Recor - SCW #18
29:17

Continuation of the discussion with Jeff Recor about integrated risk management.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode18

Feb 19, 2020
Zero to Sixty: Making Security Programmatic and Cultural - David Sherry, Tara Schaufler - BSW #163
30:44

Our presentation in Orlando will be the rapid cultural change of security on the Princeton campus.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode163

Feb 19, 2020
Integrated Risk Management is the New GRC - Part 1 - Jeff Recor - SCW #18
31:48

Jeff was scheduled to be part of the 'Security vs. Compliance' Roundtable (https://securityweekly.com/shows/security-vs-compliance-psw-632-2/) recorded on Dec. 19, 2019 but got snowed out. He finally gets to enlighten us on integrated risk management.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode18

Feb 18, 2020
Companies Can't Sustain Privacy, Old School Paper Planner, Attracting Top Talent - BSW #163
29:21

In the leadership and communications section, Why 67% of companies fear they can't sustain privacy compliance, How Using An Old School Paper Planner Changed My Life, How to attract top talent in a competitive hiring market, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode163

Feb 18, 2020
Lessons Learned From The DevSecOps Trenches - Doug DePerry - ASW #96
39:29

Doug DePerry has held multiple positions in his three years at Datadog, including Director of Product Security and currently, Director of Defense. Prior to his current position, Doug lead the bug bounty program at Yahoo. Much of his 12+ years of experience in the security industry is on the offensive side, as a security researcher and consultant at Leaf SR and iSec Partners and helping establish the Yahoo red team. Prior to that he worked for various defense contractors and the US Army. Doug has presented at multiple industry conferences including Blackhat, DefCon, and multiple OWASP and DevSecCon events.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode96

Feb 18, 2020
Docker, 42 Vulnerabilities, Backdoors, Spying on 100+ Foreign Govs. - PSW #639
01:17:12

In the Security News, Misconfigured Docker Registries Expose Thousands of Repositories, a Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks, Jail Software Left Inmate Data Exposed Online, Adobe patches 42 vulnerabilities across 5 products, and how the CIA Secretly Owned Global Encryption Provider, Built Backdoors,& Spied On 100+ Foreign Governments!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 16, 2020
The Unprotected Attack Surface of the Enterprise - John Loucaides - PSW #639
01:16:10

Hackers are using firmware implants and backdoors to compromise enterprise security with attacks that are stealthy and persistent. It’s time for information security specialists to learn how to attack and defend enterprise infrastructure. John will provide a preview of his upcoming presentation at InfoSec World where he will demonstrate attacks on firmware that are invisible to traditional security platforms, and show how to detect and defend against them.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 15, 2020
Living in Blue Team Land and Skicon - O'Shea Bowens - PSW #639
52:32

O'Shea Bowens is the CEO of Null Hat Security. O'Shea will discuss why I think blue teaming is as essential now as our red brothers. Mistakenly calling out APT's. A new type of security conference I've created, SKICON. If there is time, diversity in cyber.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode639

Feb 14, 2020
RSA NetWitness, MDR+, CASB+, ZeroFox, Elastic Stack, Tufin SecureCloud - ESW #172
39:02

This week in the Enterprise News, Paul and Matt cover the following stories: Insight Completes Venture Acquisition of Armis, Salt Security API Protection Explained, RSA NetWitness Platform Bolsters Threat Detection and Incident Response, Thycotic Leads the Way for Cloud-based Privileged Access Management, Deep learning cybersecurity co Deep Instinct raises $43m, LogicHub launches MDR+ to provide flexible end-to-end detection and response, CipherCloud CASB+ for Slack: Visibility, protection and control of all user activity on Slack, ZeroFOX launches AI-powered Advanced Email Protection for Google and Microsoft platforms, 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks, Elastic Stack 7.6 delivers automated threat analysis and response, and Tufin SecureCloud Enables Companies to Secure Hybrid Cloud Environments Without Compromising Business Speed or Agility.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 13, 2020
Secure Cloud Workloads & Reduce Friction With ExtraHop - Jeff Deininger - ESW #172
34:14

Migrating to the cloud is increasingly a business imperative, but there are pressing security challenges unique to cloud environments that can slow, halt, or even reverse progress. Here's how cloud-native network detection and response addresses those challenges, with a real-world example from Wizards of the Coast.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 13, 2020
Secure Cloud Workloads & Reduce Friction With ExtraHop - Jeff Deininger - ESW #172
34:14

Migrating to the cloud is increasingly a business imperative, but there are pressing security challenges unique to cloud environments that can slow, halt, or even reverse progress. Here's how cloud-native network detection and response addresses those challenges, with a real-world example from Wizards of the Coast.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 13, 2020
Endpoint Security, Facebook Lawsuit, Hanna Andersson/Salesforce Breach - SCW #17
23:57

This week in the Security & Compliance News Segment, Jeff, Scott, Josh and Matt cover the following news stories: IT, Legal, Compliance: We Need to Talk. Corollary: You need to listen, Back to the basics – What is the cost of non-PCI Compliance?, Endpoint Security the Foundation to Cybersecurity, Facebook settles data breach class-action lawsuit, CCPA cited in Hanna Andersson/Salesforce breach lawsuit, and Hanna Andersson Notice of Data Breach to Consumers.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Feb 13, 2020
Building a Great Culture, Excelling at Failure, and Leadership Book Suggestions - BSW #162
26:44

This week in the leadership articles segment, Paul and Jason cover the following articles: The Answer is Yes! Now, What Was Your Question?, When You Lead A Company Or Startup, You Are Creating The Culture Whether You Mean To Or Not. Ten Insights To Building A Great Culture And Tribe, Why Warren Buffett, Jeff Bezos And Bruce Flatt Excel At Failure, Are You Falling for the Myth of "Failing to Plan is Planning to Fail"?, and 11 Books That Will Change The Way You Think About Leadership.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode162

Feb 13, 2020
Cyber Safety & Security in K-12 Schools - David Waugh - ESW #172
33:16

As K-12 schools and students move into a digital world, the traditionally separate areas of campus safety and cybersecurity are converging. Cyberbullying, the increase in violence on campus, hackers targeting school information systems and student data, and the technological overlap between campus safety and cybersecurity are all driving this trend. The segment will look at how schools are taking a layered approach to protecting Google G Suite and Microsoft Office 365 data from risks focused on the K-12 education environment.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode172

Feb 12, 2020
The Spirit of the Law - Risk-Based Security - SCW #17
33:07

What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? Is there a more apparent path forward to teach/educate on the importance of focusing on risk?

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode17

Feb 12, 2020
The Critical Role of Basic Cyber Hygiene - Mike Lloyd - BSW #162
32:44

Doing simple things consistently and at scale is hard. Today's short staffing doesn't help. Automation is the answer. To find out more and try Redseal, please visit: https://securityweekly.com/redseal

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode162

Feb 12, 2020
WhatsApp Flaw, Dropbox Bug Bounty Program, Investigating Web Shell Attacks - ASW #95
31:20

This week in the Application Security News, Mike and John cover the following news stories: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Feb 12, 2020
Mitigating at Design Time - Shaun Lamb - ASW #95
36:48

In this interview segment, Mike and John interview Shaun Lamb about strategies for how best to design applications so they are "secure by default" and have fewer incidents and vulnerabilities, How DevOps or DevSecOps positively changes the relationship between security and development/operations including: the application design process, security testing, and security education programs, and the security impact of applications moving to a microservices-based architecture running on Docker/Kubernetes and the role of an API Gateway.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode95

Feb 11, 2020
Security News - PSW #638
01:09:10

In the Security News, Twitter fixes API bug that can reveal users, Microsoft patches flaws in Azure stack, 8 cities that have been crippled by cyber attacks and how they fought against it, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 09, 2020
Adventures In AWS Computing - PSW #638
01:13:37

Paul shows you how to create secure Docker containers and begin to deploy them to Amazon ECS. This segment focuses on the security aspects of taking a legacy/non-contanerized application to the cloud.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 08, 2020
Security Orchestration Is Not About Tools - Wilson Bautista - ESW #171
26:18

We interview Wilson Bautista is the Founder of Jun Cyber. Wilson will talk about leadership, DevOps and Secrity working together to provide security for the business, how does that work? Building secure culture, breaking down silos, communication between teams, security working in teams, IR teams talking, Threat intel teams, pen testers, and compliance.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 08, 2020
BADASS Army - The Fight Against Revenge Porn - Katelyn Bowden - PSW #638
48:40

After finding her own intimate photos online without her consent, Katelyn Bowden discovered that there weren't many resources for those who find themselves victims of this sort of abuse. In response, she started B.A.D.A.S.S., a nonprofit dedicated to fighting image abuse through victim empowerment and awareness. In their 2 year existence, BADASS has accomplished a lot-from legislation to education, and there's so much more on the way.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Feb 07, 2020
The Rise of the Cyber Industrial Complex - Malcolm Harkins - ESW #171
31:35

Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks. Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 07, 2020
The Big Lie - Part 2 - SCW #16
40:01

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Feb 06, 2020
Threat Detection, Risk Analytics, Threat Intelligence, Vulnerability Management - ESW #171
33:16

This week in the Enterprise Security News segment, Paul, Jeff, and Matt cover the following news stories: Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Wallarm announces CircleCI Orbs for Wallarm FAST, Automox raises $30 million, Radiflow Launches Business-Driven Industrial Risk Analytics Service, Check Point Delivers Unified Security Management as a Cloud Service, Now available: eSentire's 2019 Annual Threat Intelligence Report, STEALTHbits' free program helps orgs mitigate risks associated with Microsoft's pending AD update, NETSCOUT enables streamline monitoring and reduces risk, If You're Only Focused on Patching, You're Not Doing Vulnerability Management, 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Feb 05, 2020
The Big Lie - Part 1 - Chris Roberts - SCW #16
31:55

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

Feb 05, 2020
Kobe's Quotes To Live and Other Leadership News - BSW #161
22:35

This week in the leadership articles segment, Matt, Paul and Jason cover the following articles: Tech Isn't the Problem or Solution for Better Productivity. Instead, Look to Your Own Leadership, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, Research: How to Build Trust with Business Partners from Other Cultures, Discover focusing on efficiency, brings in new CIO, CTO interview: Juan Villamil discusses changing IT culture, and For zero trust to work, machines and humans require identities.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Feb 05, 2020
Network Communications in the World of IoT - David Starobinski - BSW #161
35:12

In this interview, David Starobinksi discusses the changes in network communications in both the wireless and IoT world, including cascading attacks, network outages, and the impact on the economy. David will also discuss software-defined radios (SDRs) and how they can help us in the new world of IoT.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Feb 04, 2020
Scaling an AppSec Program - ASW #94
25:48

Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode94

Feb 03, 2020
Xbox Bounty Program, Magento Patch, RCE in OpenSMTPD - ASW #94
28:51

This week in the Application Security News, Mike, John, and Matt cover the following news stories: Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode94

Feb 03, 2020
Wawa Breach, Citrix ADC, Magecart Hackers, Ragnarok Ransomware - PSW #637
01:10:46

In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale,, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

Feb 03, 2020
Stopping Python Backdoor Attacks - Peter Smith - PSW #637
01:13:20

The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments. To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

Feb 02, 2020
The Unicorn Project and The Five Ideals - Gene Kim - PSW #637
01:16:47

In this week's episode of Paul's Security Weekly, Paul and the guys welcome back Gene Kim to interview him about his newest book "The Unicorn Project". Gene shares with us his goals and aspirations for The Unicorn Project, describes in detail the Five Ideals, along with his favorite case studies of both ideal and non-ideal, and why he believes more than ever that DevOps will be one of the most potent economic forces for decades to come.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Feb 01, 2020
Cybereason, Swimlane, Citrix Scanner - ESW #170
33:58

This week in the Enterprise Security News, Paul and Matt cover the following stories: Cequence CQ botDefense, Optimizing Your IT Spend as You Move to the Cloud, Cybereason Launches Free Emotet-Locker Tool, Swimlane Version 10.0, Cisco Launches IoT Security Architecture, AV Vendors Continuing Support for Products Under Windows 7, Citrix and FireEye Launch IoC Scanner, StackRox Announces Google Anthos Support, Sophos Introduces Intercept X for Mobile, New Cisco/AppDynamics Integration, CloudKnox Security Raises Funding, and Magnet Forensics Unveils New Solution to Simplify Remote Forensics Investigations.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 31, 2020
Cyber Insurance, Ransomware, and More Cowbell - SCW #15
24:35

This week in the Security and Compliance Weekly News, Jeff, Matt, Scott, and Josh cover the following stories: Cyber insurance policies evolving to meet emerging risks - and premiums reflect it, Dallas County Acquires Cyber Insurance through ICAP, Ransomware Claims Driving Up Cyber Insurance Costs, Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100, The Cold Truth About Your Cyber Insurance, Cyber insurance basics, Cyber insurance costs and pitfalls, cyber insurance rates go up, and Even banks don't know what Cyber insurance means.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Jan 30, 2020
Trust, Community, Competitive Advantage, Employee Appreciation - BSW #160
21:31

This week in the leadership articles segment, Matt and Paul cover the following topics: Board members find cybersecurity risk an existential threat - According to a study from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) and consulting firm Booz Allen Hamilton, When Community Becomes Your Competitive Advantage, The Little Things That Make Employees Feel Appreciated, Don't Stay in Your Lane: The Secret to Developing Your Career, Trust is at the Core or Software Marketing, and Chipotle, Target CISOs: Repurpose talent for cyber.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode160

Jan 30, 2020
Edward Snowden and the Insider Threat - Steven Bay - ESW #170
43:35

Edward Snowden is a prime example of an Insider Threat. Steven Bay was his manager at the time as says: "My missing employee, Edward Snowden, revealed himself to be the person behind the Top Secret NSA leaks that rocked the country in the preceding days. I felt my life came tumbling down around me. My worst day had come. I had to act - I had to lead. " We discuss insiders and why they are so dangerous and gain unique insights into the Edward Snowden story. The lessons learned we can apply to both identify and protect ourselves from such threats.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 29, 2020
Migrating Legacy Apps to the Cloud Pt. 1 - ESW #170
29:40

Whether you're trying to migrate a "homegrown" application or an open-source tool, getting into containers and to the cloud can be challenging. There are many ways to achieve the same goal, and as always, some not-so-great advice on the Internet. This segment will cover some of the technical details and considerations for moving applications into Docker and eventually into cloud services. We'll review Docker configurations and strategies for building, maintaining and securing containers.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Jan 29, 2020
Cyber Insurance - SCW #15
33:51

Cyber Insurance. Cyberinsurance points to ponder: Relationship and dilution of responsibility between brokers, underwriters, and reinsurance companies, Cost of cyberinsurance, Actuarial tables for cyberinsurance, Questionnaires to get cyberinsurance, Is there anyone who is NOT eligible for cyberinsurance?, Typical exclusions of cyberinsurance policies, How has cyberinsurance changed over the last few years?, Big cases in cyberinsurance (Zurich insurance, Cottage health), and Cost of cyberinsurance vs. the cost of an incident response.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Jan 29, 2020
CISO Challenges in a Changing World - Michael Figueroa - BSW #160
32:32

Michael discusses the challenges of CISOs and the differences between large enterprises and small businesses. As the role of the CISO continues to change, so do the requirements for both large enterprise and small business CISOs. We discuss the balance of communications. leadership, ownership, governance, and the board. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode160

Jan 29, 2020
Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93
34:25

Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Jan 29, 2020
Dynamically Protecting Mobile Applications With RASP - John Butler - ASW #93
33:25

Mobile applications are a rapidly growing attack surface and the tools and techniques being used to compromise these environments are constantly evolving. As the provider in mobile application protection mapping to two out of 10 security risks found in the OWASP Mobile Top 10, Guardsquare is most effective in providing advanced detection for on-device and off-device attacks. Guardsquare s RASP library adds resilience and prevents a vast array of dynamic attack vectors by providing detection for indicators of threat and compromise, including hooking, jailbreaking, rooting, code tampering - as well providing obstruction for debugger and emulator attachments of all types. To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Jan 28, 2020
Tomatoes, Jeff Bezo, Vuln. In AMD ATI Radeon, 'The Rise of Skywalker' - PSW #636
01:19:39

In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards, Brazil prosecutes Glenn Greenwald in attack on press freedom, and Cybersecurity Lessons Learned from 'The Rise of Skywalker'!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 27, 2020
Electronic Frontier Foundation (EFF), Godwin's Law, Freedom of Speech - Mike Godwin - PSW #636
55:29

Paul, Doug and Tyler interview Mike Godwin about the creation of the EFF, why it was created and how he became involved, some of the first cases taken on by the EFF, Godwin's Law, the right to repair, freedom of speech, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 26, 2020
Dug Song - Engineer to Entrepreneur - Dug Song - PSW #636
01:02:30

Paul, Doug and Tyler interview Dug Song about how he got his start in Information Security, what prompted him to begin work for dsniff, his transition from engineer to entrepreneur, what he learned from his experiences at Arbor Networks, why he decided to found a company in the authentication space, how to grow a company while maintaining your vision and culture, CISCO's acquisition of DUO Security, what it's like to be integrated into such a large company, what makes company's great, advice for talented tech people who want to become entrepreneurs, Dug's book recommendation for inspiring entrepreneurs, and much, much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Jan 25, 2020
Compelling People to Care About Security - Robert Siciliano - ESW #169
21:24

Security goes against our core beliefs, therefore security awareness training often falls flat because employees don't care about security. By showing employees the "why" and how it benefits them as individuals, they are much more open to the "how" and begin to appreciate the value security provides.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 25, 2020
IE Zero-Day, Flashpoint, Malware Sandboxes - ESW #169
39:28

In the Enterprise News, Paul and Matt cover new InfoSec products of the week, CyberArk's new JIT access capabilities, a Micro patch that simulates a workaround for the recent zero-day IE flaw, easier and faster AD rollback and recovery with STEALTHbits StealthRECOVER, automating protection from advanced threats with the new Kaspersky Sandbox, compromised credentials monitoring with FlashPoint, and some funding and acquisition updates from Security Compass, Sysdig, Waterfall Security, ServiceNow, and FireEye!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 24, 2020
SAP Vulnerabilities - Alex Horan, Juan Pablo Perez Etchegoyen - ESW #169
36:03

Alex Horan is the Director of Product Management at Onapsis and JP Perez is the CTO at Onapsis. Today they discuss the current state as it relates to SAP Vulnerabilities and security.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Jan 24, 2020
The Role of Compliance in the Federal Gov. - How Security Works - Trevor Bryant - SCW #14
32:57

In this segment, we interview Trevor about his role, his experience and his thoughts on the role of compliance in the Federal Government.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

Jan 23, 2020
The State of the Financial Markets - Chase Robertson - BSW #159
31:14

Chase Robertson, the CEO at Robertson Wealth Management, joins us to discuss the state of the financial markets in 2020 and beyond.

Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode159

Jan 23, 2020
The Role of Compliance in the Federal Gov. - How Compliance Works - Trevor Bryant - SCW #14
30:51

In this segment, we continue the discussion with Trevor on the role of compliance in the Federal Government.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

Jan 22, 2020
Security Money - BSW #159
22:20

This week we provide our quarterly Security Money update. This segment tracks the top 25 public security vendors, known as the Security Weekly 25 Index, and the private funding.

Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode159

Jan 22, 2020
Crypto Bugs, IoT Planes and Application Inspectors, Oh My! - ASW #92
32:46

PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring, Building a more private web: A path towards making third party cookies obsolete and making the User-Agent less revealing about the user, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Jan 21, 2020
Protecting Data in Apps and Protecting Apps from Data - ASW #92
35:53

Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data? Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for AWS, Azure, and GCP. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes also supports this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user-generated content or microservice architectures handle data securely? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Jan 21, 2020
Crypto Bugs, IoT Planes and Application Inspectors, Oh My! - ASW #92
32:14

PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring, Building a more private web: A path towards making third party cookies obsolete and making the User-Agent less revealing about the user, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Jan 20, 2020
CVE-2020-0601, Netscaler RCE, npm - PSW #635
01:32:10

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 19, 2020
Hacking IoT Devices - Jeff Spielberg, Ryan Speers - PSW #635
00

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today? Importantly, security needs to be baked in while remaining lean and moving quickly towards an MVP product. Discussions will range from hardware chip selection, cryptographic protocol design, and firmware security -- both at the design and security pen test phases.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 18, 2020
VISA Security Alerts - What We Can Learn & What We Can Do - Ward Cobleigh - ESW #168
24:02

This week on Enterprise Security Weekly, Paul Asadoorian and Matt Alderman interview Ward Cobleigh about the recent VISA security alerts highlighting the need for ongoing network monitoring and the ability to react quickly to specific indicators of compromise (IOCs). How flow and wire data can flag malicious behaviors and identify breach scope and impact. To find out more about VIAVI Solutions and to download their "Using Wire Data for Security Forensics" White Paper, visit https://securityweekly.com/VIAVI.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode168

Jan 18, 2020
What Does It Mean To Be A Hacker? - PSW #635
02:24:17

This is the Hacker Culture Roundtable discussion from the Security Weekly Christmas podcast marathon and features almost all of our hosts and special guests. Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem. The term purportedly originated in the 1960s, when it was used to describe the activities of certain MIT model train enthusiasts who modified the operation of their model trains. They discovered ways to change certain functions without re-engineering the entire device. These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. To the general public, a "hack" became known as a clever way to fix a problem with a product, or an easy way to improve its function. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 17, 2020
Outdated Defense Approaches - Mark Orlando - ESW #168
23:30

This week on Enterprise Security Weekly, Paul Asadoorian and Matt Alderman interview Mark Orlando on outdated defense approaches and the need to revisit traditional thinking about security operations in the enterprise.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode168

Jan 17, 2020
Tenable, VMRay, Tinfoil - ESW #168
33:33

This week on the Enterprise Security News segment, Paul Asadoorian, John Strand, and Matt Alderman cover the following stories: Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, How to Create Easy and Open Integrations with VMRays REST API - VMRay, Neustar Offers Companies a Flexible Customer Identity Authentication Solution - Help Net Security, Zimperium Integrates With Microsoft Defender Advanced Threat Protection EDR - Help Net Security, PacketViper Deception360 now available for Microsoft Azure - Help Net Security, Synopsys, Inc.s Acquisition Of Tinfoil Security Global Legal Chronicle, and Say Goodbye to Windows Server 2008 and Hello to Azure.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode168

Jan 16, 2020
Security and Compliance News - SCW #13
26:07

This week in the Security and Compliance news, Matt Alderman, Scott Lyons, and Josh Marpet cover the following stories: A Risk Assessment Path to Real-Time Assurance, Culture, Integrity and the Board's Role in Guarding Corporate Reputation, Skills For the Compliance Professional in the 2020s, Four Compliance Insights For 2020 and Beyond, Compliance Officer Burnout, Why You Should Draft a Compliance Mission Statement, 3-minute Video on Big Tech Getting Into Finance, Compliance Dept is the Biggest Team at Coinsource, a Bitcoin ATM Startup, Cyber Insurance Market is HUGE!!!, Top Cyber Insurance Stories of 2019, California Rings In The New Year With A New Data Privacy Law, and Why California's Privacy Law Won't Hurt Facebook or Google.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode13

Jan 16, 2020
Leadership Articles - BSW #158
27:07

This week in the Leadership Articles segment of Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque cover the following articles: Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, How Corporate Cultures Differ Around the World, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds, and Forrester: Insider threats and employee rights strike tension.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode158

Jan 16, 2020
The Multiple Personalities In Compliance & Audit Engagements - Ben Rothke - SCW #13
30:10

This week on Security and Compliance Weekly, Matt Alderman, Scott Lyons, and Josh Marpet interview Ben Rothke about the multiple personalities we encounter during compliance and audit engagements.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode13

Jan 15, 2020
Startup Security - It's Everyone's Business - Al Ghous - BSW #158
29:30

With the growing number of Security startups, often times the need for a quick go to market supersedes developing basic Security hygiene. However, the enterprise customers that startups want to attract will not do business unless they pass their third party risk review. The question then becomes, how can startups build security within, without inhibiting their GTM strategy or increases expenditure, in order to attract enterprise customers?

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode158

Jan 15, 2020
Application News - ASW #91
32:13

This week on the Application Security News, Mike Shema, Matt Alderman and John Kinsella cover the following news stories: Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode91

Jan 15, 2020
The Evolution of DevSecOps and AppSec Trends in 2020 - Hillel Solow - ASW #91
36:47

Hillel Solow is the CTO at Check Point. Much has evolved in a few short years with DevSecOps and application development and security. But just when we think we see everything clearly and have it all figured out, something new changes. Here we will discuss the unique ways organizations are leveraging serverless for their applications and how DevSecOps teams are working together to build out these architectures at a rapid pace in 2020.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode91

Jan 14, 2020
Security News: January 9, 2020 - PSW #634
01:11:52

In the security news, Car hacking hits the streets, 4 Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 13, 2020
The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds - Ambuj Kumar - PSW #634
44:42

According to Gartner, 70% of businesses are adopting a hybrid cloud and multi-cloud strategy to augment their internal data centers. The challenges of protecting data and using encryption for multiple hybrid, public cloud, and on-premises environments increases complexity, cost, and security risk. As workloads and sensitive data move to the cloud, keeping cryptographic keys, shared secrets and tokens secure is critical to secure public cloud deployments and successful digital transformation.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 12, 2020
Improve Pen Testing Outcomes With Purple Teaming - PSW #634
57:09

Purple teaming reduces the lifespan of vulnerabilities found from pentests by facilitating knowledge transfer between red and blue teams in the remediation phase. PlexTrac provides a single interface through which red teams may report vulnerabilities and blue teams may remediate them. Visit https://www.securityweekly.com/plextrac to claim your free month of PlexTrac. Also, be sure to stop by their booth in the Early Stage Exhibit at RSA next month.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 11, 2020
RSA Conference 2020 - Britta Glade, Linda Gray Martin - ESW #167
32:42

This week on Enterprise Security Weekly Paul Asadoorian and Matt Alderman interview Britta Glade and Linda Gray Martin about RSA Conference 2020! This segment will give listeners a high-level overview of what to expect at RSA Conference 2020 and will highlight new components of content and programming like the Engagement Zone and the recently announced keynote speaker lineup. The segment will also discuss RSAC 2020's overarching theme - the Human Element - and how it will be intertwined throughout the Conference. To register for RSAC 2020 using our discount code or to book an interview with Security Weekly on-site at RSA Conference visit: https://securityweekly.com/rsac2020

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 10, 2020
Docker Container Security - Vulnerable Upon Inception - ESW #167
24:00

The Internet gives bad advice sometimes, especially when you are trying to figure out how to build container images. While you may get it to work, typically security will be left out completely. This segment will look at just one aspect of container security, specifically, the FROM directive that tells Docker which image to build from. We'll talk about how to approach this subject with your dev teams and use Anchore to review the security vulnerabilities to help you choose the most secure images!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 09, 2020
Quantifiable Risk Metrics - Bringing Value to Your Security Program Part 2 - Ian Amit - SCW #12
26:44

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode12

Jan 09, 2020
Leadership Articles - BSW #157
29:46

This week, in the Leadership Articles segment of Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the following articles: 5 CIO and IT leadership trends for 2020, First Look: Leadership Books for January 2020, Replace Resolutions with Habits and Make Your Life Mean Something Beyond 2020, The Right Way to Form New Habits, How to Handle Speaking In Public When You're Not a Public Speaker, and 5 Questions You Can Ask to Learn About Company Culture in a Job Interview.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode157

Jan 09, 2020
Enterprise News - ESW #167
28:32

This week in the Enterprise News segment, Paul Asadoorian, John Strand and Matt Alderman cover the following news stories: Pulse Secure and SecureWave Partnership, BigID raised $50 million to accelerate global sales, channel and product expansion, Tapplock introduced new enterprise fingerprint scanning padlock accessories, Cloudflare for Teams, CORRECTING and REPLACING: NetScout Wins Victory Against Patent Assertion Entity, and acquisitions including Broadcom, Symantec Enterprise Acquiring Cybersecurity Analytics Firm, Mimecast acquiring Segasec, Cloudflare acquiring stealthy startup S2 Systems.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 08, 2020
Quantifiable Risk Metrics - Bringing Value to Your Security Program Part 1 - Ian Amit - SCW #12
31:24

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode12

Jan 08, 2020
The Best and Worst of 2019 - BSW #157
26:46

This week on Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the best and worst of 2019! The best companies and performance of 2019 include Amazon, Apple, and Lululemon. The worst companies and performance of 2019 include Facebook, Boeing, and Pacific Gas and Light.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode157

Jan 08, 2020
Application News - ASW #90
28:23

This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs).

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode90

Jan 08, 2020
Privacy by Design - ASW #90
29:06

This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles. This discussion includes these topics: Proactive not Reactive; Preventative not Remedial, Privacy as the Default, Privacy Embedded into Design, Full Functionality - Positive-Sum, not Zero-Sum, End-to-End Security - Lifecycle Protection, Visibility and Transparency, Respect for User Privacy, and OWASP API Security Project.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode90

Jan 07, 2020
Security News: January 2, 2020 - PSW #633
01:03:12

In the security news, mysterious Drones are Flying over Colorado (watchout Mr. Alderman), 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 05, 2020
Diplomacy, Norms and Deterrence in Cyberspace - Chris Painter - PSW #633
49:52

Global conversations around acceptable norms of behavior in cyberspace (particularly for states), attribution, accountability, and deterrence (though we have not done well on the last one), recent attacks, and the processes that are dealing with setting rules of the road in cyberspace.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 04, 2020
Who is Going to Protect the Brave New Virtual Worlds and HOW? - Kavya Pearlman - PSW #633
55:17

Emerging technologies such as Virtual, Augmented and Mixed Reality are inevitably gaining momentum and helping businesses gain competitive advantage. These technological advancements are giving rise to digital transformation as well as digital risks. The bigger question is who will protect these technologies. While the world is catching up on the business aspects and the real use cases, Silicon Valley startups are already gearing up to combat the risks born alongside emerging tech's benefits. The Valley companies are utilizing the same technologies to combat the associated risks. My Quest to protect these Brave New Virtual Worlds has taken me around the world and connected me to the geniuses at Wallarm. In this segment, I will talk about WHY I believe Wallarm, XRSI and companies alike are the ones moving fast to protect the Immersive Technologies.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 03, 2020
Security History - Lessons from the past - PSW #632
01:13:31

The history of security can be traced back to a variety of different sources. The amount of articles on the topic is dizzying. Most will cite names of early phone phreaks, Kevin Mitnick, Kevin Poulsen, Steve Jobs, Steve Wozniak and quickly transition to many other more recent "hacks" or breaches. Our goal is to not review the history of hacking. This is the history of security. We've carefully chosen key events and research to discuss the very beginnings of security, and their impact and lessons for today's ever-evolving security landscape.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Jan 02, 2020
Security vs. Compliance - PSW #632
01:01:51

It was once said that if Security and Compliance were in a relationship the status would be "It's Complicated". This discussion will aim to help you understand this relationship and how it can be beneficial or a mere distraction to an organization's overall security posture. - Define "Secure" and "Compliant". - Does compliance merely raise awareness about security shortcomings? - What is the relationship between Security and Compliance? - Being Secure and being Compliant are mere points in time, how can we best develop a process to ensure we are always striving to a secure and compliant state? - How does Security impact and/or influence Compliance? - How does Compliance impact and/or influence Security? - How do you balance these extremes: "We will be Secure and ignore compliance" vs. "We will be compliant but ignore security"

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Dec 28, 2019
Holiday Hack Challenge - PSW #631
01:03:21

Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 26, 2019
The State of Penetration Testing - PSW #631
01:06:10

Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well. - What has changed in the past year with regards to penetration testing? - What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs? - How has the increased popularity of breach and attack simulation tools impacted penetration testing? - Has the MITRE attack framework impacted penetration testing? If so, how? - Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less? - With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test?

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 24, 2019
DevOps and Securing Applications - PSW #632
01:04:22

- Given that DevOps is a process and its execution requires many different tools, how do we get started "doing DevOps"? - What about DevOps allows us to produce more secure applications? - What concepts inside of DevOps do most people lose site of? - What are the major challenges involved in taking an application from traditional development to DevOps? - What are some of the best approaches to making an application more resilient to threats - To ORM or not to ORM? - Which services do you implement yourself vs. using a cloud service? - How do I choose the best secrets vault? - What should I use an orchestrator for and what should I not use an orchestrator for? - How do I build a secure API for my app? - Thoughts on GraphQL vs. REST security implications? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Dec 23, 2019
Blue Team Tactics and Techniques - PSW #631
01:02:05

It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions: - How do you prioritize your defensive efforts? - How do you best detect attacks? - How do you best protect against attacks? - We always say "patch your stuff" but how often should you patch? Which systems should you patch? - What techniques work best to defend against email phishing? - How do you provide a "good enough" level of security for your Active Directory? - What are the fundamentals of defense? How do they differ per environment and organization? - How do you get management to buy-in to your security plans and spending?

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 23, 2019
Risk-Based Vuln. Mgmt/Threat & Vuln. Mgmt - Jason Rolleston, Michael Roytman - ESW #166
40:19

Jason Rolleston, Chief Product Officer at Kenna Security & Michael Roytman, Chief Data Scientist at Kenna Security join Paul, Matt, and Jeff on this week's episode of ESW to discuss how risk-based vulnerability management is transforming the vulnerability management industry by enabling enterprises to understand the true risk of their infrastructure and applications, saving them time and resources by prioritizing efforts around actions that reduce the most risk.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 21, 2019
Unify DevOps and SecOps - ESW #166
30:22

DevSecOps is all the rage, but what does it really mean? How do you achieve the integration of Security into DevOps? This segment explores the people and process challenges of DevSecOps and where to integrate security seamlessly into the DevOps pipeline.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 21, 2019
Enterprise News - ESW #166
33:26

In the Enterprise News, we talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 20, 2019
The Joys Of Scoping pt. 2 - Steve Levinson - SCW #11
32:15

Steve Levinsonis the Vice President - Risk, Security & Privacy at Online Business Systems. Steve’s strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike. To learn more about Online Business Systems, visit: https://securityweekly.com/online

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode11

Dec 20, 2019
Leadership Articles - BSW #156
40:20

Why Crowdsourcing Often Leads to Bad Ideas, Transforming operations for successful cloud adoption, Do You Need Charisma to Be a Great Public Speaker?, 20 Tools for More Productive Email, and Fight the skills gap with a great upskilling and reskilling strategy.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode156

Dec 19, 2019
The Joys Of Scoping - Steve Levinson - SCW #11
37:40

Steve Levinsonis the Vice President - Risk, Security & Privacy at Online Business Systems. Steve’s strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike.

To learn more about Online Business Systems, visit: https://securityweekly.com/online

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode11

Dec 18, 2019
Securing the OT - Martin Bally - BSW #156
29:11

Martin Bally is a highly accomplished senior global information security officer with more than 20 years of experience in multiple industries. Currently, he is the Chief Information Security Officer for American Axle & Manufacturing where he is responsible for Information, cyber, and product security.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode156

Dec 18, 2019
Binary Planting, GitLab, and DevOps Pipelines - ASW #89
39:33

Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs -- and design your app to support these types of workflows, including account recovery.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode89

Dec 18, 2019
API Security - Dave Ferguson - ASW #89
32:50

Dave Ferguson is the Director of Product Management, WAS at Qualys. Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers.

Full Show Notes: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode89

Dec 17, 2019
Risks, Ransomware, Data Leaks, Oh My! - PSW #630
01:18:19

In the Security News, Reveton ransomware schemer stripped of six years of freedom, £270,000, and Rolex, Web-hosting firm 1&1 hit by almost €10 million GDPR fine over poor security at call centre, iPR Software Exposed Thousands via a Humongous Corporate Data Leak, and how the FBI assesses Russian apps may be counterintelligence threat!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 15, 2019
Backdoors & Breaches - The Card Game - PSW #630
46:51

John Strand is a Security Analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures. John will be talking about Backdoors & Breaches, the Incident Response card game.

To learn more about BHIS, visit: https://securityweekly.com/bhis

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 14, 2019
Improving Security Requires Reducing Complexity - Jamie Butler - ESW #165
31:26

Jamie Butler is the Tech Lead at Elastic. The vast majority of breaches are not launched by nation states or foreign militaries, but individuals and cyber crime groups with varying degrees of experience, often looking for weaknesses in enterprise systems or processes. One of the primary reasons these actors are successful is the complex web of technologies deployed across enterprise networks by defenders in the search for a security panacea that does not exist. This discussion will focus on ways an organization can reduce complexity and improve security efficiency and scale. To learn more about Elastic, visit: https://securityweekly.com/elastic

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 14, 2019
Runtime Protection for Containers - Jorge Salamero - PSW #630
54:12

Jorge Salamero is the Director of Technical Marketing at Sysdig. Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, and in the past was a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road.

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 13, 2019
Measuring And Maturing Security Operations Maturity - James Carder - ESW #165
27:34

James Carder is the Chief Security Officer (CSO) and Vice President at LogRhythm. Overview of our security operations maturity model (SOMM), discussion around measurement and road-map to advancing your organization's maturity level. What are mature organizations measuring, who are they reporting that to, what key uses cases are on the roadmap, etc.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 13, 2019
Equifax, Data Security, & A Compliance Carol - SCW #10
13:22

Equifax nears 'historic' data breach settlement that could cost up to $3.5B, Maryland Again Amends its Data Breach Notification Law, Hidden Complexity is Biggest Threat to Compliance , Data Security Remains Top IT Concern for Small Businesses and Others, A Compliance Carol: A visit from the Ghost of Compliance Past, and more!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode10

Dec 12, 2019
Booz Allen, Barracuda, & Accenture - ESW #165
33:37

Barracuda launches Cloud Security Guardian integration with Amazon Detective, Booz Allen Hamilton announces support for AWS Outposts, 10 Notable Cybersecurity Acquisitions of 2019, Part 2, Sophos launches new cloud-based threat intelligence and analysis platform, and much more!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 12, 2019
Orienting Younger Children to Cyber and Tech - Laura Jones - SCW #10
36:06

Laura Jones is the author of a children’s book titled Cyber Ky & Tekkie Guy Manage the Risk of Being Online. She focuses on children being as 'appropriately informed' as they are comfortable with using technology. Her book introduces real terms, definitions and careers to young people. Laura joins Jeff and Scott to discuss Orienting Younger Children to Cyber and Tech!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode10

Dec 11, 2019
Leadership Articles - BSW #155
32:10

In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode155

Dec 11, 2019
The World Runs On Open-Source, But Who's Paying For Gas? - ASW #88
30:46

In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode88

Dec 11, 2019
Software Bill of Materials (SBOM) - Allan Friedman - ASW #88
37:26

Allan Friedman is the Director of Cybersecurity Initiatives of NTIA (National Telecommunication and Information Administration) US Dept of Commerce. The problem: unknown software supply chain. Following a newly identified software risk, very few firms can answer the simple question: Am I affected? An overview of the solution: what is an SBOM, and how is it used. Where we are: some background on why the govt is doing this, the results thus far, and where we are going next. Potential to discuss regulation, govt policy, etc.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode88

Dec 10, 2019
Defecting Chinese, IoT Smartwatch, and Malicious SDKs - PSW #629
01:26:39

Netflix: BPF is a new type of software we use to run Linux apps securely in the kernel, Automated security tests with OWASP ZAP, HackerOne Breach Leads to $20,000 Bounty Reward, US-CERT AA19-339A: Dridex Malware , and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629

Dec 09, 2019
Open Source Intelligence (OSINT) in Cyber - PSW #629
54:59

Micah Hoffman is the Principle Investigator at Spotlight Infosec. Looking to increase the publicity of using Open Source Intelligence (OSINT) in traditional cyber fields like pentest, DFIR, and cyber defense. Just created a new non-profit called The OSINT Curious Project (https://osintcurio.us) that is a clearinghouse for excellent OSINT information and resources.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode629

Dec 08, 2019
Outlook on Phishing in 2020 - Eric Brown - PSW #629
49:58

Eric Brown is the Sr. Security Analyst at LogRhythm. Eric will cover topics including: Phishing Trends, 2020 Outlook, Top 4 Types Eric is seeing: Exec Phish / Legit websites (Box/sites.google/OneDrive) / Fake O365 / HTML attachment, Use of/upload to VirusTotal, Value of Incident Response and Playbooks, Value of Training baseStriker, Has it been patched? Or just now detectable?, and Hunting Phish Kits.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode629

Dec 07, 2019
Untangle's Upcoming SD-WAN Router release - Heather Paunet - ESW #164
18:43

Heather Paunet is the VP of Product at Untangle. Untangle is releasing an SD-WAN Router, which has advanced routing capabilities and provides the ability for a business to build a comprehensive, secure Software Defined Network at a fraction of the cost. Our SD-WAN Router provides interoffice connectivity across multiple sites, optimizes the internet over existing infrastructure and prioritizes business critical application to maximize employee productivity.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode164

Dec 07, 2019
Web Security Program and A Realistic Approach for Enterprises - Ferruh Mavituna - ESW #164
37:51

Ferruh Mavituna is the CEO at Netsparker. Ferruh will be talking about How to start building a web security program and a realistic approach to starting a web security security program in enterprises. To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode164

Dec 06, 2019
NSS Labs, CloudKnox, & Kratikal - ESW #164
33:13

In the news, Mimecast Challenges Shadow IT for Cloud App Usage on Mobile and Desktop Devices, CloudKnox Security Announces Integration with AWS IAM Access Analyzer, Morphisec Achieves AWS Security Competency Status for Cloud Server Workload Protection, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode164

Dec 05, 2019
Hong Kong, Sentara Hospitals, & Global Cops - SCW #9
28:44

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains, Sentara Hospitals to pay $2.2M HIPAA settlement for undisclosed data breaches, Privacy Regs Changing the Face of Cybersecurity, TrueDialog Leaks 600GB of Personal Data, Affecting Millions, CFTC Fines Goldman Sachs $1 Million for Failing to Record Calls Global Cops Shut 31,000 Domains in IP Crackdown, and more! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode9

Dec 05, 2019
Why You Should Be Sending More Video Emails - BSW #154
26:32

Companies Need to Rethink What Cybersecurity Leadership Is, What Companies That Are Good at Innovation Get Right, Staff in smaller businesses bogged down by poor communications, Why You Should Be Sending More Video Emails … And How To Record Them, Enterprises muddled over cloud security responsibilities, and Top tech conferences to attend in 2020.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode154

Dec 05, 2019
Integrated Risk Management for CEOs - Mathieu Gorge - SCW #9
37:50

Mathieu Gorge is the CEO at Vigitrust. The approach that business leaders need to take in developing payment risk strategies, linking, PCI, ISO, GDPR, CCPA, SCA.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode9

Dec 04, 2019
Bringing NetOps Into The Threat Hunt - Ward Cobleigh - BSW #154
31:28

Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions. In a very recent study, 65% of responding organizations reported a shortage of cybersecurity staff, with a lack of skilled or experienced security personnel their number one workplace concern (36%). To help fill this void, there is a very real and still growing need to cross-train existing professionals and teams whenever possible. How achievable is this goal? Can we really take the typical NetOps skillset, combine it with the data sources that are typically available to them, and apply this to the SecOps skills gap? This Business Security Week Podcast will answer these questions and include a demonstration of how a performance analysis platform can be used to quickly and efficiently identify threats.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode154

Dec 04, 2019
Facebook, Twitter, & Firefox - ASW #87
28:49

Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode87

Dec 04, 2019
Bot Management - Sandy Carielli - ASW #87
35:19

Sandy Carielli is the Principal Analyst at Forrester Research. Discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem. Review how the bot management marketing is evolving and how WAFs are buying up or partnering with bot management tools to expand their reach.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode87

Dec 03, 2019
IoT Crusher - Ken Belva - ESW #163
29:19

Kenneth F. Belva, CISSP, CEH is a cyber security expert practicing in the field since 1998 serving in both technical and non-technical roles. Ken joins Matt and Paul today to talk about Why scanning for default credentials missing from the rest of the scanning vendors! The problem of default and weak credentials. Why they're still low hanging fruit after all these years. And new solutions to detecting default and weak credentials on the network.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode163

Dec 01, 2019
Cloudflare, Qulays, and Palo Alto - ESW #163
29:28

Cloudflare Open-Sources its Network Vulnerability Scanner, Qualys brings its Market Leading Vulnerability Management Solution to the next level, and some acquisition and funding updates from Palo Alto, Cymulate, Detectify, and Perimeter 81!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode163

Dec 01, 2019
Patch Management - Brendan O'Connor - ESW #163
23:25

From Fortune 500 to Education, from startup to running a consulting firm, Brendan's experience in information security has served him well. It all started with his boss speaking outloud about how they 'needed to get someone to handle security', and deciding he wanted to be that someone. Now a CISSP, CISM, and a couple of decades, and many industry changes, later he is still at it. Brendan joins Matt and Paul this week to discuss Patch Management, and how using Automox is helping him in the space!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode163

Dec 01, 2019
Security & Compliance at Small and Medium Sized Businesses - Jim Nitterauer, Russell Mosley - SCW #8
34:46

Russell and Jim will discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode8

Nov 30, 2019
Discussion and Q&A - Jim Nitterauer, Russell Mosley - SCW #8
34:42

Russell and Jim will discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode8

Nov 30, 2019
Maersk, Digital Detox, and The Tech Job Market - BSW #153
31:38

Maersk CISO on NotPetya recovery, workforce harmony and what makes a security chief, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital Detox: 3 Easy Steps for Success, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode153

Nov 29, 2019
Elastic Security Update and Organizational Cybersecurity - Nate Fick - BSW #153
31:47

Nate Fick is the GM of Elastic Security. Earlier this month, Elastic announced a radical change to how endpoint protection is offered, doing away with per-endpoint pricing. We'd like to spend 5-10 mins talking about why, and the remainder of the show talking about a topic Nate has talked and written about extensively: organizational cybersecurity. Cybersecurity has historically been perceived as an enigma - a world of hackers lurking in the shadows - which reinforces the idea that the only way to stop them is with highly trained security experts at large enterprises with multi-million dollar budgets. To learn more about Elastic Security, visit: https://securityweekly.com/elastic

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode153

Nov 29, 2019
Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86
33:24

Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app. To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86

Nov 28, 2019
Application News - ASW #86
32:08

$1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail’s AMP4Email via DOM Clobbering, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86

Nov 27, 2019
The Marvel Universe - PSW #628
01:09:39

In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, A critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Nov 27, 2019
Coalfire Incident & DerbyCon Communities - PSW #628
01:02:28

Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Nov 26, 2019
The Next Generation of SOCs - Peter Liebert - PSW #628
49:56

Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some lessons learned that can be shared with the wider community. The first is how to leverage automation and devsecops methodologies in your SOC and the second is how to break out of the traditional Tier 1-3 model.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628

Nov 25, 2019
Kubernetes and Project Falco - Jorge Salamero - ESW #162
35:45

Jorge Salamero is the Director of Product Marketing at Sysdig. Jorge joins us on the show to talk about Kubernetes, Project Falco, vulnerability pre-deployment, and containers.

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162

Nov 23, 2019
Cloud, Containers, and Microservices - Reuven Harrison - ESW #162
26:25

Reuven Harrison is the Chief Technology Officer at Tufin. Reuven brings more than 20 years of software development experience, holding two key senior developer positions at Check Point Software, as well other key positions at Capsule Technologies and ECS. He received a Bachelor's degree in Mathematics and Philosophy from Tel Aviv University.

To learn more about Tufin, visit: https://securityweekly.com/tufin Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode162

Nov 22, 2019
Kubernetes, CyberCube, and Illusive - ESW #162
32:02

In the enterprise news, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162

Nov 22, 2019
CCPA, GDPR, Uber, PCI, and You Can't Find Me! - SCW #7
30:06

Verizon finds payment security declines for 2nd consecutive year, Is My PCI Compliance Good Enough to Serve as a Network Cybersecurity Audit?, Getting Prepared for New York’s Expanded Security Breach and Data Security Requirements, Virginia Builds New Model for Quantifying Cybersecurity Risk, Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant, and more!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode7

Nov 21, 2019
The Highest Performing Teams Have These 4 Mindsets - BSW #152
24:35

CISOs left in compromising position as organisations tout cyber robustness, Why Your Organization Needs an Innovation Ecosystem, How businesses can accelerate innovation, The Highest Performing Teams Have These 4 Mindsets, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode152

Nov 21, 2019
Challenges in the Browser & Securing Web Sessions - Scott Petry - BSW #152
40:02

Scott Petry is the CEO of Authentic8. Scott Petry has been using the cloud to disrupt the information security market for nearly 20 years. He founded Postini in 1999, which pioneered the cloud-delivered service model for email security and content compliance. After Postini was acquired by Google, Scott remained as Director of Product Management for Google Enterprise. In 2010, he co-founded Authentic8, a secure virtual browser solution designed to address the inherent lack of security in the protocols the world uses to access the web. He graduated with a B.S. from San Diego State University.

To learn more about Authentic8, visit: https://securityweekly.com/authentic8

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode152

Nov 21, 2019
Mirantis' Docker, CISOs, & End of Life Dates - ASW #85
28:56

This site maintains quick links for checking End Of Life dates for various tools and technologies, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Website, Know Thyself: What Code Are You Serving? because it might have a, Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode85

Nov 21, 2019
2019 Verizon Payment Security Report - SCW #7
32:10

On SCW this week, we talk about the 2019 Verizon Payment Security Report. We discuss Why is PCI Compliance Decreasing?, why is it decreasing?, what's missing?, and what needs to change?

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode7

Nov 20, 2019
Sysdig Secure 3.0 - Pawan Shankar - ASW #85
36:55

Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 3.0! With this release, Sysdig Secure is the industry’s first security tool to bring both threat prevention and incident response to Kubernetes.

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode85

Nov 20, 2019
Security and Compliance News - SCW #6
32:10

Payment Security Compliance Declines - 1 in 3 Companies Make the Grade, RMC Agrees to $3M HIPAA Settlement Over Mobile Device Encryption, How Emerging Technologies Are Disrupting the Banking Compliance Landscape, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode6

Nov 18, 2019
Humans vs. Machines - PSW #627
01:27:12

Two security researchers earned $60,000 for hacking an Amazon Echo, Amazon Kindle, Embedded devices Open to Code-Execution, This App Will Tell You if Your iPhone Gets Hacked, Two New Carding Bots Threaten E-Commerce Sites, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

Nov 18, 2019
Building A Security and Compliance Program - SCW #6
29:30

They answer questions like what is a security program and what is a compliance program?, Aren't they the same thing?, What are some differences?, Where do they overlap or how should they work together?, Do they compete for the same budget?, and more!

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode6

Nov 18, 2019
Simulating Ransomware Attacks with SCYTHE - PSW #627
45:17

Bryson Bort (Founder and CEO of SCYTHE) will demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! How would your organization protect, detect and respond to a ransomware attack? Bryson is also announcing the availability of the SCYTHE marketplace where red teams can collaboratively build and share threats and modules to extend the SCYTHE platform while also sharing market intelligence on what enterprises are looking for in their assessments. To learn more about SCYTHE, visit: https://scythe.io/securityweekly

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

Nov 17, 2019
The Ethics of Surveillance - Dr. Kevin Harris - PSW #627
46:47

As advancements have been made in technologies new surveillance tools have been designed giving those charged with protecting citizen’s additional opportunities to prevent crimes or identify those who have violated laws or policies. While innovation has introduced a variety of new platforms there remains a concern of if the implementation of them is ethical. Additionally, there are concerns that surveillance has been and continues to be unequally applied. Our guest for this segment is Dr. Kevin Harris, the Program Director for Information Systems Security and Information Technology Management at American Public University.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627

Nov 16, 2019
Threat Detection: The Network Scavenger Hunt - Ward Cobleigh - ESW #161
28:50

Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions. There's an abundance of potential data sources that can be found within you network. Where should you look? Which data sources offer unique perspectives and value? How can you use these data sources to speed threat identification, understand scope and impact, and aide in remediation steps to minimize impact? This segment will include a brief demonstration of how commonly available data sources can be effectively leveraged by SecOps and NetOps teams. Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode161

Nov 15, 2019
Zero Trust Architecture - Baber Amin - ESW #161
27:12

Baber Amin is the CTO West at Ping Identity. Security has always been perimeter centric with an "US" vs "THEM" approach. Multiple factors are forcing a change to this design pattern, and exposing it's shortcomings. The concept of "zero trust" is really a concept of "defense in depth" applicable when our perimeters are ephemeral and fluid.

To learn more about Ping Identity, visit: https://securityweekly.com/ping

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode161

Nov 15, 2019
Bridging Compliance pt 2 - Ron Ross - SCW #4
32:25

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode4

Nov 15, 2019
STEALTHbits, Tenable, Aqua Security - ESW #161
27:20

STEALTHbits releases StealthDEFEND 2.2, its real-time threat detection and response platform, Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration, Aqua Security buys CloudSploit to expand into cloud security posture management, and much more!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode161

Nov 14, 2019
Security and Compliance News - SCW #5
24:26

What does your business need to know about the California Consumer Privacy Act (CCPA)?, California AG: No CCPA Safe Harbor for GDPR Compliance, Canada data breach tally soars since new privacy laws arrived, Marijuana Compliance and the quandary for brokers and dealers, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode5

Nov 14, 2019
Application News - ASW #84
33:47

Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode84

Nov 14, 2019
Bridging Compliance pt 1 - Ron Ross - SCW #4
30:56

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode4

Nov 14, 2019
Security Testing - ASW #84
31:44

Mike, Matt, and John talk about security testing.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode84

Nov 13, 2019
Leadership Articles - BSW #151
29:27

5 questions with Cisco's CISO, The CIO role, from IT operator to business strategist, Making the case for integrated risk management, Gartner's strategic tech trends for 2020: Part 1, augmenting skills, and much more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode151

Nov 13, 2019
2019 NACD Blue Ribbon Commission Initiative - SCW #3
34:29

Josh Marpet and Scott Lyons perform interviews at 2019 NACD Blue Ribbon Commission Initiative.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode3

Nov 12, 2019
Artificial Intelligence and Compliance, Part 1 - SCW #5
31:00

This week, we discuss part 1 on how Artificial Intelligence and Machine Learning can be used for Compliance, including:
- What is Artificial Intelligence (AI) and Machine Learning (ML)?
- What are the roles of AI/ML for Compliance?
- Example: Gaming

Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode5

Nov 12, 2019
Developing an Effective AppSec Security Program - Brendon Macaraeg - BSW #151
34:54

Brendon Macaraeg is the Sr. Director of Product Marketing of Signal Sciences. Focus on the people, processes and tools a dev team needs to put an effective security program in place. Discuss how to improve listener's current program and tooling to develop, release secure code and proactively protect their apps in prod. Four potential key tactics or areas to cover.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode151

Nov 12, 2019
Security and Compliance News - SCW #3
34:58

PwC's 2019 Annual Corporate Directors Survey, What is the Board's Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance, and 5 Updates from PCI SSC That You Need to Know.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode3

Nov 11, 2019
Security News: November 7, 2019 - PSW #626
01:16:16

In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, Amazons Ring Video Doorbell could open the door of your home to hackers, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Nov 11, 2019
Arcade Hustle - PSW #626
01:16:55

Kevin Finisterre is a Co-founder of Arcade Hustle. Josh Valentine is a Co-founder of Arcade Hustle. Josh and Kevin have spent the last year immersing ourselves in arcade platforms, games, and cabinets. There is quite a bit of cross over into the traditional security scene. There is even more to learn in the subtle differences of how each scene handles. We'd like to talk about our project Arcade Hustle, and the things we've learned during our into to the arcade scene.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Nov 10, 2019
Stopping Linux Malware - Peter Smith - PSW #626
57:37

Peter Smith is the Founder & CEO of Edgewise.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode626

Nov 09, 2019
Quantum Computing and IT - Tim Callan - ESW #160
28:19

Tim Callan is the Senior Fellow at Sectigo. Quantum computing and what its arrival means for IT, traditional computing and infosecurity. TC expects that both architectures will live side by side, with traditional computing serving most tasks and quantum computing being employed for the specific operations where it offers improved efficiency. He will discuss expected outcome of quantum computing is that the world’s existing cryptographic infrastructure will have to change in a fundamental way and future encryption platforms need to be resistant to attacks not just from quantum computers but traditional computers as well.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160

Nov 09, 2019
Enterprise Deception - Adrian Sanabria - ESW #160
26:41

Adrian is an Advocate at Thinkst, the company behind the awesome and much loved Thinkst Canary. A former practitioner, PCI QSA, penetration tester, industry analyst and entrepreneur, he has explored many angles of the security industry, attempting to understand what makes it tick and what makes it fail. Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the industry, tell stories and still sees the glass as half full.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160

Nov 08, 2019
Security and Compliance News - SCW #2
30:05

New York’s Breach Law Amendments and New Security Requirements, Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability, Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients, Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches, The Human Factor of Cyber Security, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode2

Nov 07, 2019
Enterprise News - ESW #160
32:28

In the news, talking about how Trustwave offers threat detection and response for Microsoft Azure, LogRhythm offers migration service to Splunk customers to address security challenges, CrowdStrikes Falcon security platform lands on AWS, and how GitLab plans to ban hires in China and Russia due to espionage concerns!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode160

Nov 07, 2019
Leadership Articles - BSW #150
26:21

Balancing the Company’s Needs and Employee Satisfaction, Why Successful People Wear The Same Thing Every Day, What industry gets wrong about cyber insurance, and much more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode150

Nov 07, 2019
PCI: State of the Union - SCW #1
40:05

Jeff Man, Scott Lyons, Josh Marpet, and Matt Alderman talk about PCI and how it affects the state of the union.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode1

Nov 06, 2019
Cybersecurity Talent Initiative - Alexander Niejelow - SCW #2
41:28

Alexander Niejelow is the Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard. The Cybersecurity Talent Initiative is the first-of-its-kind public-private partnership aimed at recruiting and training a world-class cybersecurity workforce. The program is a selective opportunity for students in cybersecurity-related fields to gain vital public and private sector work experience and even receive up to $75,000, inclusive of tax, in student loan assistance.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode2

Nov 06, 2019
What is Hardsec? - Henry Harrison - BSW #150
35:09

Henry Harrison is the CTO of Garrison. A contrarian in the security industry, Henry Harrison of Garrison believes the only way forward is to implement security on the foundational level through Hardsec. An evangelizing approach that emerged out of research and development from the UK’s national security, hardsec relies on hardware security executed through the use of non-turing machines digital logic – chips that are too dumb to be hacked – to eliminate cyber threats. This moves away from the generic chip sets and advocates for a more unique and specialized chip set for devices where security is paramount. During this conversation, Henry can talk about this approach and what it would take for it to become widely adopted.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode150

Nov 06, 2019
Application News - ASW #83
31:21

Stable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awareness: Why Tools Can't Replace People, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode83

Nov 06, 2019
PCI: State of the Union - SCW #1
40:05

Jeff Man, Josh Marpet, Scott Lyons, and Matt Alderman talk about the infamous word, PCI! In this new show, they will be bridging the gap between compliance and security.

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode1

Nov 05, 2019
Security and Compliance News - SCW #1
32:01

Important security notice about your DoorDash account, How PCI DSS compliance milestones can be a GDPR measuring stick, Companies vastly overestimating their GDPR readiness, only 28% achieving compliance - Help Net Security, When Compliance Isn't Enough: A Case for Integrated Risk Management, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode1

Nov 05, 2019
Teaching Security In Software Development - Daniel Lowrie, Justin Dennison - ASW #83
35:37

We interview Daniel Lowrie, who is an Edutainer at ITProTV and Justin Dennison, who is also an Edutainer at ITProTV. Dan and Justin talk about how to bridge the gap between a developer and security. Developers are faced with the challenges of working under pressure to get things done quickly, often overlooking securing their code. We'll discuss the strategies to capture interest while addressing common pitfalls.

To learn more about ITProTV, visit: https://securityweekly.com/itprotv Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode83

Nov 05, 2019
Security Weekly RoundTable, Cyberwire - PSW #625
46:09

Paul and Matt sit down with Dave Bittner from Cyberwire to discuss the state of security podcasts, the latest security trends, and the security community.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Nov 03, 2019
Format String Vulnerabilities - PSW #625
39:37

Sven Morgenroth is the Security Researcher at Netsparker. Sven joins us again to talk about Formatting string vulnerabilities.

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Nov 02, 2019
A New Prescription for Security - Philippe Courtot, Sumedh Thakar - PSW #625
01:01:22

Philippe Courtot is the Chairman and CEO of Qualys. Sumedh Thakar is the Chief Product Officer Qualys. Philippe Courtot, chairman and CEO of Qualys will examine the impact of today's complex and hyper-connected IT environments have on security and compliance. He will discuss why, in a world where everything connects, we need to regain the visibility we have lost, and why visibility is now the cornerstone of security. Simply put, it is difficult, if not impossible, to secure what we do not know or cannot see.

To learn more about Qualys, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode625

Nov 01, 2019
IT/OT Convergence In The Power/Utilities Space - Carter Manucy - ESW #159
24:13

Carter Manucy is the Cybersecurity Manager at Municipal Power Agency. Fireside chat around the differences in IT and OT cybersecurity, challenges finding the right folks, challenges facing securing OT specific equipment, workforce development.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159

Nov 01, 2019
Vulnerability Management Evaluation Guide - ESW #159
31:24

Paul and Matt talk about Deployment, Practice, and Reporting concerning Vulnerability Management.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159

Nov 01, 2019
Enterprise News - ESW #159
30:15

In the Enterprise News, discussing how IaaS cloud vulnerabilities are expected to increase 50% over 2018 figures, examining security process maturity in 400 organizations, Snow Software Unveils Risk Monitor to Combat Security and Compliance Threats, and some funding and acquisition updates from Aviatrix and enSilo!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode159

Oct 31, 2019
Leadership Articles - BSW #149
20:45

In the leadership and communications section, Of the 4 manager types, only 1 boosts employee performance 26%, How to Look and Sound Confident During a Presentation, 2020 IT spending priorities — and the traps a cloud shift creates, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode149

Oct 31, 2019
Email Security - Kevin O'Brien - BSW #149
38:14

This week, we welcome Kevin O'Brien, Co-founder and CEO at GreatHorn, to discuss email security.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode149

Oct 30, 2019
Application News - ASW #82
33:17

Top cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode82

Oct 30, 2019
Bug Bounties, Pentesting, & Scanners - ASW #82
32:28

Mike Shema, Matt Alderman, and John Kinsella, talk about Bug Bounties, Pentesting, & Scanners.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode82

Oct 29, 2019
Endgame To Elastic Endpoint Security - Mark Dufresne - PSW #624
37:11

Last week, Elastic and Endgame announced that they have formally joined forces to introduce Elastic Endpoint Security. Together, they combine Elastic’s free and open SIEM with Endgame's endpoint security product to give users an integrated solution that offers greater visibility across their environment. This is a step toward realizing Elastic’s vision for applying search to multiple use cases, like threat hunting, fraud detection, and security monitoring. Now, when users deploy a data collection agent for Elastic SIEM, they can protect the endpoint simultaneously and remove the inefficiency of multiple solutions that can’t respond in time to prevent damage and loss. And, to make Elastic Endpoint available to everyone, the company announced that they are eliminating per-endpoint pricing. No more counting endpoints or days of threat intelligence data retained.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

Oct 27, 2019
Security News: October 24, 2019 - PSW #624
01:44:07

In the news, we talk Security News, discussing how Amazon Echo and Kindle devices were affected by a WiFi bug, Ransomware and data breaches linked to uptick in fatal heart attacks, a woman was ordered to type in her iPhone password so police could search the device, and how the military found Marijuana at a North Dakota nuclear launch facility!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

Oct 26, 2019
Pentesters and Phishing- Kevin O'Brien, GreatHorn - ESW #158
31:41

Kevin O'Brien is the CEO & Co-Founder at GreatHorn. Kevin will be talking about Pen testers and phishing, Social engineering and why user training isn't the answer
In moments of stress, you should rely on your training, but perspective is lost in the moment of pressure, What to look out for in an email (for the non-technical person)

To learn more about GreatHorn, visit: https://securityweekly.com/greathorn

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode158

Oct 26, 2019
Mental Health Hackers & Veterans - Tom Williams - PSW #624
36:05

Tom Williams is the Director of Veterans Operations of Veterans MHH. Speaking about the challenges that veterans face and how MHH is looking to address those.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode624

Oct 25, 2019
Insider Threat (Whistleblowers) - Erich Anderson, ObserveIT - ESW #158
25:07

Erich Anderson is the Insider Threat Principal at ObserveIT. Erich will be covering: Authorities, Processes, Staff and Operations, Exploring the types of protections employees have in an organization, There are very limited laws and regulations at the Federal level, more at the State level but still not enough, and much more!


To learn more about ObserveIT, visit: https://securityweekly.com/observeit
Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode158

Oct 25, 2019
Enterprise News - ESW #158
24:13

This week, In our first segment, we talk Enterprise News, discussing how ManageEngine launched a holistic take on privileged access security, Avast faced a security breach aimed at messing up its CCleaner, Recorded Future enhanced partnership with ServiceNow to reduce organizational risk, and the Sophos Cloud Optix are now available on AWS marketplace!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode158

Oct 24, 2019
Leadership Articles - BSW #148
31:13

In the leadership and communications section, Two Big Reasons that Digital Transformations Fail, DevSecOps model requires security get out of its comfort zone, 3 things CIOs should discuss with the CEO to optimize cybersecurity, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode148

Oct 23, 2019
CISO Role and Experience - Merlin Namuth - BSW #148
36:27

Merlin Namuth is a former CISO. Namuth has over 24 years of IT experience with the last 21 years focused in security. His experience includes building and running numerous security programs, program management, managing incident response teams, computer forensics, compliance, architecture, and engineering complex security solutions. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode148

Oct 23, 2019
Application News - ASW #81
35:32

From Stackoverflow to CVE, with some laughs along the way, Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise, Recent Site Isolation improvements in Chrome, policy_sentry is an IAM Least Privilege Policy Generator, auditor, and analysis database, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode81

Oct 23, 2019
Doug Coburn, Signal Sciences - Doug Coburn - ASW #81
34:57

Doug Coburn is the Director, Professional Services at Signal Sciences. Doug will be discussing Containers, Layer 7, and application security. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode81

Oct 22, 2019
Cybercrime, Threat Hunting, & APT - PSW #623
36:45

Peter Kruse is the Founder of CSIS Security Group. "Nothing specific but a Google search will provide numerous research I have been involved with and conferences I have spoken at including Kaspersky SAS, NCSC, Underground Economy, Virusbulletin, CARO, APWG, Hackdays, Confidence, Cyberhagen and many more."

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

Oct 22, 2019
Security News: October 17, 2019 - PSW #623
01:17:05

Cybercrime Tool Prices Bump Up in Dark Web Markets, Pen testers find mystery black box connected to ships engines, Using Machine Learning to Detect IP Hijacking - Schneier on Security, and much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

Oct 21, 2019
What Makes A Good Pentest Report? - Daniel DeCloss - PSW #623
50:13

DeCloss is the President and CEO of PlexTrac. The segment will focus on the importance of a high-quality report and what red and blue teamers should recognize goes into a good report. Often times, there’s no feedback loop after report delivery and collaboration can be limited post-engagement. That will lead into a demo of PlexTrac to highlight the efficiencies we provide when creating and receiving a report.

To learn more about PlexTrac, visit: https://securityweekly.com/plextrac

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode623

Oct 19, 2019
Hacker Halted Interviews - ESW #157
25:03

We air three pre-recorded interviews from Hacker Halted with Cathy Ullman, Joe Gray, and Jenny Radcliffe!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode157

Oct 19, 2019
Tactics For Understanding Security Vendor Products - ESW #157
26:40

In our second segment, we talk Tactics for Understanding Security Vendor Products!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode157

Oct 18, 2019
Enterprise News - ESW #157
33:42

In the news, we discuss how Okta is launching offerings for threat detection and remediation, Tenable extends Lumin to all platform customers, Signal Sciences announces integration with Pivotal Container Service, and how Thoma Bravo made a 3.9 Billion dollar offer to acquire Sophos!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode157

Oct 17, 2019
Security Money - BSW #147
24:29

It's our quarterly security money segment and we'll review the Security Weekly 25 index.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode147

Oct 17, 2019
Survey Results - BSW #147
19:59

In this segment, we'll share the results of our Security Weekly 25 Index Survey, which we completed earlier this year.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode147

Oct 15, 2019
Application News - ASW #80
31:27

In the Application Security News, Key takeaways from Imperva breach, From Automated Cloud Deployment to Progressive Delivery, Designing Your First App in Kubernetes: An Overview Food for Thought, Autonomy and the death of CVEs?, and AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode80

Oct 14, 2019
Francois Lascelles, Ping Identity - - Francois Lascelles - ASW #80
34:02

Francois is a member of the Ping Identity Office of the CTO. He provides product and strategic direction to customers and partners with a focus on API infrastructures security and API cybersecurity.

To learn more about Ping Identity, visit: https://securityweekly.com/ping

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode80

Oct 14, 2019
Leadership Articles - BSW #146
22:42

In the leadership and communications section, The 5 Enemies of Trustworthy Leadership, 5 Things Leaders Do That Stifle Innovation, 'What's Your Purpose'? Big Tech's 7 Favorite Interview Questions, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode146

Oct 10, 2019
Ty Sbano, Sisense - Ty Sbano - BSW #146
40:20

Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty graduated from Penn State University with a B.S. in Information Science & Technology and from Norwich University with a M.S. in Information Assurance. He currently holds a CISSP, CEH, CCSK and CPT. To learn more, please visit – tysbano.com.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode146

Oct 09, 2019
Application News - ASW #79
36:02

Ex-Yahoo Engineer Abused Access to Hack 6,000 User Accounts, American Express Insider Breaches Cardholder Information, How a double-free bug in, WhatsApp turns to RCE, Flare-on 6 2019 Writeups, Five Trends Shaping the Future of Container Security, and Common Pitfalls of Security Monitoring!

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode79

Oct 09, 2019
Cloud Security for Small Teams - ASW #79
39:45

How to step in and help with small cloud security teams.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode79

Oct 08, 2019
Security News: October 3, 2019 - PSW #622
01:43:34

This week, we talk Security News, how Turkey fines Facebook $282,000 over privacy breach, why the FBI is encouraging not to pay ransomware demands, the top 10 cybersecurity myths that criminals love, Doordash third-party breach hits 4.9 Million users, and how a "Bulletproof" Dark Web data center was seized by German police!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

Oct 07, 2019
Data Privacy and The Journey to Code - Stewart Room - PSW #622
53:18

Stewart Room is a Partner of PwC. Security Professionals have long understood the need to deliver security outcomes in technology and data, but is the privacy community on the same page? Data Privacy requires outcomes for matters such as data accuracy, data minimization and fair processing, as well as risks, such as portability and access. These outcomes need tech and data solutions. In this session we will examine The Journey to Code, the next evolutionary step for Data Privacy.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

Oct 06, 2019
Security & Compliance Introduction - PSW #622
27:28

It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly. This show is hosted by: Jeff Man, Josh Marpet, and Scott Lyons.

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode622

Oct 04, 2019
Cyber Security Threats - Paul Claxton - ESW #156
29:38

Paul Claxton is the CEO at Elite Holding, Co.. Discussing the top cyber security threats for chief operations officers and chief marketing officer/chief information security officers. With regards to the top cyber security threats, Phishing/Social Engineering, Insider Threats such as Private Contractors/Employees, and Data leakage/Information and Data Management.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode156

Oct 03, 2019
Leadership Articles - BSW #145
28:59

In the articles, they cover Why New Leaders Should Make Decisions Slowly, The Missing Ingredient in Kraft Heinz’s Restructuring, Shift to digital business is booming, but are CEOs ignoring associated risk?, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode145 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Oct 03, 2019
Supply Chain Security In The IoT Era - Matt Wyckhouse - ESW #156
32:03

Matt Wyckhouse is the Co Founder & CEO at Finite State. More than 15 years of experience developing advanced software to support offensive and defensive cyber operations led Matt Wyckhouse to co-found Finite State in 2017 to focus on the unique challenges of cybersecurity in the IoT era. Matt spent most of his career at Battelle, the world’s largest private R&D company, where he was the technical founder and CTO of Battelle’s Cyber Innovations Business. He will be talking about Supply chain security in the IoT era.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode156

Oct 02, 2019
Enterprise News - ESW #156
37:23

In the news, we discuss how ripwire unveils new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security!

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode156

Oct 02, 2019
SOC Visibility and SIEM Tools - Jeff Costlow - BSW #145
31:32

Jeff Costlow is the Head of Security at ExtraHop. Organizations looking to embrace the speed and flexibility of the cloud need to shift gears in security as well, moving towards a cloud-first approach that combines complete visibility with behavioral- and- rule-based threat detection. Learn how the SOC Visibility Triad pairs network detection and response with endpoint detection and response and SIEM tools in order to help you strengthen your cloud security posture.

To learn more about ExtraHop, visit: https://securityweekly.com/extrahop

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode145 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Oct 02, 2019
Application News - ASW #78
30:32

Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78 Visit https://www.securityweekly.com/asw for all the latest episodes!

Oct 02, 2019
Information Disclosure Vulnerabilities - Ryan Kelso - ASW #78
00

Ryan Kelso is the Application Security Engineer at 10-Sec, Inc. Former developer turned application security engineer with a passion for giving back to the security community that has helped me out tremendously with getting into this field. Information disclosures traditionally aren't seen as high priority fixes, but can be pretty important in an exploitation chain. The more information provided to an attacker, the better equipped that attacker is.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78 Visit https://www.securityweekly.com/asw for all the latest episodes!

Oct 01, 2019
Security News: September 26, 2019 - PSW #621
01:05:01

How a hacker took over a smart home with vulgar music and rising temperatures, a security warning for 23 million YouTube creators following a crazy hack attack, Vimeo sued for storing faceprints of people without their say-so, Selfie Android Apps push ads and can record audio, and how adopting DevOps leads to an improved security posture!

Full Show Notes: https://wiki.securityweekly.com/Episode621

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 30, 2019
Perry Carpenter and Chris Edwards - PSW #621
24:36

We interview Perry Carpenter and Chris Pritchard at DEF CON SE Village. Perry Carpenter talks about how (as someone on the autism spectrum) has used various social-engineering related skills to become extremely successful in my career. Chris Pritchard talks about the basics of Social Engineering aKa how I break into Casinos, Airports and Critical National Infrastructure.

Full Show Notes: https://wiki.securityweekly.com/Episode621

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 29, 2019
Building An Engineering Team With Company Growth - Tony Meehan - ESW #155
33:27

Tony Meehan is the Vice President of Engineering at Endgame. Tony will be talking about building an engineering team for every stage of company growth. In the fast-paced startup world, there’s one thing you can always rely on: constant change. This makes work challenging and stimulating, but it also means recruiting can be a real challenge. How do you describe your company to prospective candidates when the work environment is constantly evolving? And how do you attract people who will be the right fit for this precise moment in your growth, but who will also continue to be a good fit in the future?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode155

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 28, 2019
Billy Boatright, Edward Miro, & Jayson Street - PSW #621
25:20

We interview Billy Boatright, Edward Miro, and Jayson Street at DEF CON SE Village. Billy talks about Impostor Syndrome. Edward Miro talks about Rideshare OSINT – Car Based SE For Fun & Profit. Jayson Street talks about Hugs, SE Village, Security Awareness, and DEF CON itself.

Full Show Notes: https://wiki.securityweekly.com/Episode621

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 28, 2019
qqqqqqqqqqqqqqqqqqqqqq - PSW #22222
09
gsgdfsgfd Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode22222
Sep 27, 2019
Path To Threat Hunting Through Great Network Data, Brian Dye - ESW #155
38:43

Brian Dye is the CEO of Corelight. Brian will be discussing the Path To Threat Hunting Is Paved With Great Network Data. Tune in for a lively discussion about the role of network evidence in threat hunting and innovations our guest speaker sees in the industry from some of the world’s most sophisticated threat hunters. Brian Dye is Chief Product Officer at Corelight, provider of network security monitoring solutions from the creators of open-source Zeek (formerly Bro).

Full Show Notes: https://wiki.securityweekly.com/ES_Episode155

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 27, 2019
Enterprise News - ESW #155
38:15

In the news, Akamai acquires MFA specialist KryptCo, HP acquires Bromium to enhance its security platform, Cyber Insurance firm Cowbell emerges from stealth with $3.3M in seed funding, and more. Full Show Notes: https://wiki.securityweekly.com/ES_Episode155

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 26, 2019
Big Tech VS Big Tobacco - Brian Lamoureux - BSW #144
31:15
Brian Lamoureux is a Partner at Pannone Lopes Devereaux. Is Big Tech heading down the same road of Big Tobacco? Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/bsw for all the latest episodes!
Sep 26, 2019
Leadership Articles - BSW #144
26:16

In the leadership and communications section, Troublesome Teammates, Email challenges and how to set boundaries, Cybersecurity confidence rattled by continued investments, small results, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode144 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 25, 2019
Application News - ASW #77
29:49

BSIMM10 Emphasizes DevOps' Role in Software Security and the BSIMM10 report, Crowdsourced Security & the Gig Economy, Lessons learned through 15 years of SDL at work, Software eats the world, jobs double US employment growth rate, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 25, 2019
Training For Developers - Nicolas Valcarcel - ASW #77
38:52

Nicolas Valcárcel is the Security Engineer at AdRoll. Nicolas Developers and security professional have vastly different views of the world, so it's not uncommon that trainings created by the later don't fully reach the former. Training for developers should be made with their tools and with their view of the world in mind.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 24, 2019
iOS, Equifax Is Back, & phpMyAdmin CSRF Zero-Day - PSW #620
01:04:44

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS!

Full Show Notes: https://wiki.securityweekly.com/Episode620

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 23, 2019
Audio Security - PSW #620
42:09

Wes Widner is the Cloud Engineering Manager at CrowdStrike. Wes will be talking about personal voice assistants are the wave of the future. So naturally we should wonder about the unique attack vectors they pose. I'd like to discuss my research into this field and share a few tips on how you can keep yourself safe around voice assistants. Full Show Notes: https://wiki.securityweekly.com/Episode620

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 22, 2019
Anything Red/Purple Teaming - Jason Lang - PSW #620
57:52

Jason Lang is the Sr. Security Consultant of TrustedSec. Modern day red teaming against some of the largest company's in the US. Current passion is Ansible for red teamers (i.e. fast infrastructure buildout).

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode620

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 21, 2019
Attacking AWS: Elastic Map to Reduce Clusters - ESW #154
31:14

John Strand gives a teaser about his upcoming webcast: Attacking AWS: Elastic Map to Reduce Clusters. John will talk about the intro to cloud security research.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode154

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 21, 2019
Enterprise News - ESW #154
17:26

In the Enterprise News, hundreds of laid off by Symantec as part of restructuring plan, Infection Monkey Industries first Zero Trust Assesment Tool, Shape Security eyes IPO after raising 51 million at 1 billion evaluation, Lacework secures $42 Million and adds new president, board members and customers, and FireMon announced the introduction of FireMon automation, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode154

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 20, 2019
Cloud Security - ESW #154
32:35

Matt gives a demo on Cloud Security covering IaaS, PaaS, FaaS, SaaS, and the components concerning the User and the provider.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode154

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 19, 2019
Investigating the Insider Threat - Chris Bush - BSW #143
38:07

Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 18, 2019
Bugs, Breaches, & More - ASW #76
28:54

Simjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 18, 2019
Leadership Articles - BSW #143
29:59

Why So Many Companies Fail at Strategy and How to Fix It, 8 Things Leaders Do That Make Employees Quit, The changing role of the CIO, How to Rehearse for an Important Presentation, and 10 Steps To Get Started In Cybersecurity Careers: What High-Achievers Do While Others Don't!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 17, 2019
Investigating the Insider Threat - Chris Bush - BSW #143
38:07

Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 17, 2019
OWASP Application Security Verification Standard - ASW #76
44:28

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The excel tool Jay Durga developed can be used to measure metric or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode76 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 17, 2019
SE Village Interviews: Chris Kirsch & Micah Zenko - PSW #619
25:18

At DEF CON 2019, we interview Chris Kirsch on Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers Cold reading is a technique to make others believe that you have psychic powers. Then we interview Micah Zenko on the rationale and practice of non-cyber red teaming.

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 16, 2019
Capital One Breach, Edgewise - Peter Smith - PSW #619
01:05:54

Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edgewise.

To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 15, 2019
Security News: September 12, 2019 - PSW #619
59:24

This week, we present the Security News, to discuss New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber Command trolls North Korea with Malware Release, and a lot more!

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 14, 2019
Black Hat Interviews: DenimGroup, SCYTHE, & Eclypsium - ESW #153
50:24

We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 14, 2019
Elements of an Effective Penetration Testing Program - Steve Laubenstein - ESW #153
32:03

Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond, has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal.

To learn more about Core Security, visit: https://securityweekly.com/coresecurity

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 13, 2019
Enterprise News - ESW #153
29:54

This week, in the Enterprise News, Splunk buys SaaS startup Omnition, Stage Fund buys Israeli cybersecurity co Cymmetria, Trustwave platform brings more visibility and control cloud security, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 12, 2019
Mobile App Security At Scale: Brian Reed, NowSecure - Brian Reed - BSW #142
32:15

Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built in. The mobile app security techstack now includes tools purpose-built for mobile that automate testing and integrate into the SDLC. Let's enable the business to deliver secure mobile apps faster.

To learn more about NowSecure, visit: https://securityweekly.com/nowsecure

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 12, 2019
David X Martin, DavidXMartin, LLC - David X Martin - BSW #142
26:47

David X Martin is the CEO at DavidXMartin, LLC. He is passionate about helping business leaders sleep better at night – by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth. David will be covering Critical Business Decision Making - IT vs Business Making.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 11, 2019
Bugs, Breaches, & More - ASW #75
32:11

A very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 11, 2019
Tools in the DevOps Pipeline: Ty Sbano, Sisense - ASW #75
39:46

Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 10, 2019
Black Hat Interviews: Attivo Networks and Infoblox - ESW #152
30:24

We interview Carolyn Crandall, the Chief Deception Officer at Attivo Networks. Carolyn will discussing the deception technology fabric, which interweaves "wolves in sheep's clothing" throughout the network to deceive attackers, detect their presence, and derail their attacks. We interview Krupa Srivatsan, the Director of Security Products at Infoblox. Krupa will talk about Network Security Foundations for Digital Transformation.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 06, 2019
Enterprise News - ESW #152
30:54

Privilege Escalation Vulnerability that existed in Check Point Software, Untangle survey finds SMBs continue to struggle with IT Security, Tufin delivers enhanced Visibility and Topology modeling for Cisco ACI Migration, and how the OS that poweredf smartphones started from failure!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 05, 2019
Black Hat Interviews: NSS Labs and SaltStack - ESW #152
34:43

We interview Jason Brvenik, the Chief Executive Officer at NSS Labs. Jason will cover The Importance of Independent, Third-Party Testing. We interview Mehul Revankar, the Senior Product Manager at SaltStack. Mehul will be talking about the intersection between security and IT operations.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 05, 2019
SE Village 2020 and Innocent Lives Foundation - Christopher Hadnagy - PSW #618
53:23

Christopher Hadnagy is the Chief Human Hacker of Social-Engineer, LLC. Chris will be giving an overview of inaugural SEVillage Orlando 2020. Brief description of the training workshops provided. Mission and information on non-profit Innocent Lives Foundation.

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 01, 2019
Analyzing Custom Log Sources - Corey Thuen - PSW #618
57:23

Corey Thuen is the Co-Founder at Gravwell. Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 31, 2019
Respond Software, Morphisec, and Sophos - ESW #151
42:34

We interview Brett Wahlin, the VP of Security & Trust at Respond Software, Andrew Homer, the VP of Business Development at Morphisec, and Mat Gangwer, the Director of Managed Threat Response at Sophos.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 30, 2019
Security News: August 28, 2019 - PSW #618
49:03

In the news, we discuss how AT&T employees took bribes to plant malware on the company’s network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the passports and licenses of 300 people were leaked in New Zealand!

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 30, 2019
AttackIQ, BlueHexagon, and Coalfire - ESW #151
43:26

We interview Chris Kennedy, the CISO & VP and Customer Success at AttackIQ, Balaji Prasad, the VP of Product Management at BlueHexagon, and Mike Weber, the VP of Product Management at Coalfire.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 30, 2019
Imperva, Cofense, & VMware - ESW #151
35:52

In the news, we discuss 5 tips on how testers can collaborate with software developers, Imperva discloses a data breach affecting some firewall users, VMware unveils security enhancements in Virtual Cloud Network Offering, and how Veristor and Synack partner to apply Ethical Hackers and AI Technology!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 29, 2019
Managing 3rd Party Risk, SecureLink - Tony Howlett - BSW #141
31:22

IT and data breaches are going up every year and a large portion of them involve vendors or other third parties with access to enterprise networks and systems. Mr. Howlett will review the current state, examine a couple of high profile vendor related breaches for lessons learned and talk about best practices to limit 3rd party risk.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode141 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 28, 2019
Black Hat Interviews - WhiteSource and Venafi - ASW #74
30:02

We interview Azi Cohen the Co-founder of WhiteSource. He will be talking about Application security has undergone a transition in recent years, as information security teams testing products before release became irrelevant, developers started playing a leading role in the day-to-day operational responsibility for application security. We then interview Jeff Hudson the CEO of Venafi. He will talk about code signing that has been used to verify the integrity of software, and nearly every organization relies on it to confirm their code has not been corrupted with malware.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 28, 2019
Container Security With Sysdig Secure 2.4 - Pawan Shankar - ASW #74
36:53

Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 2.4! With this release, Sysdig adds runtime profi