Paul's Security Weekly TV

By Security Weekly

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 70
Reviews: 0

Description

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Episode Date
Investigating the Insider Threat - Chris Bush - BSW #143
38:07

Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 18, 2019
Bugs, Breaches, & More - ASW #76
28:54

Simjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 18, 2019
Leadership Articles - BSW #143
29:59

Why So Many Companies Fail at Strategy and How to Fix It, 8 Things Leaders Do That Make Employees Quit, The changing role of the CIO, How to Rehearse for an Important Presentation, and 10 Steps To Get Started In Cybersecurity Careers: What High-Achievers Do While Others Don't!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 17, 2019
Investigating the Insider Threat - Chris Bush - BSW #143
38:07

Chris Bush is the Head of Security at ObserveIT. He will be discussing: Investigating the Insider Threat.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 17, 2019
OWASP Application Security Verification Standard - ASW #76
44:28

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The excel tool Jay Durga developed can be used to measure metric or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode76 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 17, 2019
SE Village Interviews: Chris Kirsch & Micah Zenko - PSW #619
25:18

At DEF CON 2019, we interview Chris Kirsch on Getting Psychic: Cold Reading Techniques for Fortune Tellers and Social Engineers Cold reading is a technique to make others believe that you have psychic powers. Then we interview Micah Zenko on the rationale and practice of non-cyber red teaming.

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 16, 2019
Capital One Breach, Edgewise - Peter Smith - PSW #619
01:05:54

Peter Smith is the Founder & CEO of Edgewise. Peter will be covering the Capital One breach and the AWS metadata service with request forgery. He will explain how to solve this problem with Edgewise.

To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 15, 2019
Black Hat Interviews: DenimGroup, SCYTHE, & Eclypsium - ESW #153
50:24

We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 14, 2019
Security News: September 12, 2019 - PSW #619
59:24

This week, we present the Security News, to discuss New ransomware grows 118% as cybercriminals adopt fresh tactics and code innovations, Period Tracker Apps share data with Facebook, U.S. Cyber Command trolls North Korea with Malware Release, and a lot more!

Full Show Notes: https://wiki.securityweekly.com/Episode619

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 14, 2019
Elements of an Effective Penetration Testing Program - Steve Laubenstein - ESW #153
32:03

Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond, has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal.

To learn more about Core Security, visit: https://securityweekly.com/coresecurity

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 13, 2019
Mobile App Security At Scale: Brian Reed, NowSecure - Brian Reed - BSW #142
32:15

Brian Reed is the Chief Mobility Officer at NowSecure. Brian discusses mobile-app traffic now outpaces mobile web traffic, yet for many organizations mobile security drags behind web leaving businesses at risk. In fact, industry benchmarks show 85% of mobile apps have security issues and 72% have mobile privacy issues. As more organizations build mobile apps to engage with customers in delightful experiences and drive digital transformation, dev and security teams are looking for ways to ensure security and privacy are built in. The mobile app security techstack now includes tools purpose-built for mobile that automate testing and integrate into the SDLC. Let's enable the business to deliver secure mobile apps faster.

To learn more about NowSecure, visit: https://securityweekly.com/nowsecure

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 12, 2019
Enterprise News - ESW #153
29:54

This week, in the Enterprise News, Splunk buys SaaS startup Omnition, Stage Fund buys Israeli cybersecurity co Cymmetria, Trustwave platform brings more visibility and control cloud security, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode153

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 12, 2019
Bugs, Breaches, & More - ASW #75
32:11

A very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 11, 2019
David X Martin, DavidXMartin, LLC - David X Martin - BSW #142
26:47

David X Martin is the CEO at DavidXMartin, LLC. He is passionate about helping business leaders sleep better at night – by equipping them with critical cyber risk management tools that protect their enterprises while enhancing strategic business growth. David will be covering Critical Business Decision Making - IT vs Business Making.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode142 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Sep 11, 2019
Tools in the DevOps Pipeline: Ty Sbano, Sisense - ASW #75
39:46

Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 10, 2019
Black Hat Interviews: Attivo Networks and Infoblox - ESW #152
30:24

We interview Carolyn Crandall, the Chief Deception Officer at Attivo Networks. Carolyn will discussing the deception technology fabric, which interweaves "wolves in sheep's clothing" throughout the network to deceive attackers, detect their presence, and derail their attacks. We interview Krupa Srivatsan, the Director of Security Products at Infoblox. Krupa will talk about Network Security Foundations for Digital Transformation.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 06, 2019
Black Hat Interviews: NSS Labs and SaltStack - ESW #152
34:43

We interview Jason Brvenik, the Chief Executive Officer at NSS Labs. Jason will cover The Importance of Independent, Third-Party Testing. We interview Mehul Revankar, the Senior Product Manager at SaltStack. Mehul will be talking about the intersection between security and IT operations.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 05, 2019
Enterprise News - ESW #152
30:54

Privilege Escalation Vulnerability that existed in Check Point Software, Untangle survey finds SMBs continue to struggle with IT Security, Tufin delivers enhanced Visibility and Topology modeling for Cisco ACI Migration, and how the OS that poweredf smartphones started from failure!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode152

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 05, 2019
SE Village 2020 and Innocent Lives Foundation - Christopher Hadnagy - PSW #618
53:23

Christopher Hadnagy is the Chief Human Hacker of Social-Engineer, LLC. Chris will be giving an overview of inaugural SEVillage Orlando 2020. Brief description of the training workshops provided. Mission and information on non-profit Innocent Lives Foundation.

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 01, 2019
Analyzing Custom Log Sources - Corey Thuen - PSW #618
57:23

Corey Thuen is the Co-Founder at Gravwell. Security analytics using the new Sysmon DNS logging and Sysmon DNS logging dropped this week.

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 31, 2019
Respond Software, Morphisec, and Sophos - ESW #151
42:34

We interview Brett Wahlin, the VP of Security & Trust at Respond Software, Andrew Homer, the VP of Business Development at Morphisec, and Mat Gangwer, the Director of Managed Threat Response at Sophos.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 30, 2019
AttackIQ, BlueHexagon, and Coalfire - ESW #151
43:26

We interview Chris Kennedy, the CISO & VP and Customer Success at AttackIQ, Balaji Prasad, the VP of Product Management at BlueHexagon, and Mike Weber, the VP of Product Management at Coalfire.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 30, 2019
Security News: August 28, 2019 - PSW #618
49:03

In the news, we discuss how AT&T employees took bribes to plant malware on the company’s network, how hackers could decrypt your GSM calls, 80 suspects charged with massive BEC scam, and how the passports and licenses of 300 people were leaked in New Zealand!

Full Show Notes: https://wiki.securityweekly.com/Episode618

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 30, 2019
Imperva, Cofense, & VMware - ESW #151
35:52

In the news, we discuss 5 tips on how testers can collaborate with software developers, Imperva discloses a data breach affecting some firewall users, VMware unveils security enhancements in Virtual Cloud Network Offering, and how Veristor and Synack partner to apply Ethical Hackers and AI Technology!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode151

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 29, 2019
Black Hat Interviews - WhiteSource and Venafi - ASW #74
30:02

We interview Azi Cohen the Co-founder of WhiteSource. He will be talking about Application security has undergone a transition in recent years, as information security teams testing products before release became irrelevant, developers started playing a leading role in the day-to-day operational responsibility for application security. We then interview Jeff Hudson the CEO of Venafi. He will talk about code signing that has been used to verify the integrity of software, and nearly every organization relies on it to confirm their code has not been corrupted with malware.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 28, 2019
Managing 3rd Party Risk, SecureLink - Tony Howlett - BSW #141
31:22

IT and data breaches are going up every year and a large portion of them involve vendors or other third parties with access to enterprise networks and systems. Mr. Howlett will review the current state, examine a couple of high profile vendor related breaches for lessons learned and talk about best practices to limit 3rd party risk.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode141 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 28, 2019
Container Security With Sysdig Secure 2.4 - Pawan Shankar - ASW #74
36:53

Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 2.4! With this release, Sysdig adds runtime profiling to enhance anomaly detection and introduces brand new interfaces that improve runtime security policy creation and vulnerability reporting.

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 27, 2019
Leadership Articles - BSW #141
30:36

In the Leadership and Communications segment, The elements of a good company apology, 8 ways leaders delegate successfully, there's no shame in working on vacation and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode141 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 27, 2019
Recorded Future and Virsec - PSW #617
42:24

We interview Roman Sannikov, the Director and Analyst on Demand at Recorded Future. We also interview Ray DeMeo, the Chief Operating Officer at Virsec.

\Full Show Notes: https://wiki.securityweekly.com/Episode617

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 25, 2019
Enterprise News - ESW #150
40:49

In the news, ThreatConnect released Enhanced Integration with Flashpoint, ObserveIT unveils crowdsourced insider threat analytics solution, Thycotic launches automated solution for managing service accounts, and StackRox Kubernetes Security Platform is offered on the GCP!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode150

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 24, 2019
Critical Patches, Automox - Richard Melick - PSW #617
01:16:47

Waiting to deploy critical patches makes you a bigger target - Cybercriminals Have Seven-Day Advantage to Weaponize Vulnerabilities, According to New Research from Tenable- Cyber Criminals have seven day advantage to weaponize vulnerabilities according to new research from tenable.

To learn more about Automox, visit: https://securityweekly.com/automox

Full Show Notes: https://wiki.securityweekly.com/Episode617

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 24, 2019
Deobfuscating JavaScript to Investigate Phishing Domains - PSW #617
36:54

Paul gives a technical segment on deobfuscating JavaScript to investigate phishing domains.

To learn more about DomainTools, visit: https://securityweekly.com/domaintools

Full Show Notes: https://wiki.securityweekly.com/Episode617

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 23, 2019
VMRay and Blue Voyant - ESW #150
33:40

We interview Carsten Willems from VMRay and David Etue from BlueVoyant!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode150

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 23, 2019
Coresecurity, Endgame, & Edgewise - ESW #150
36:21

We interview Steve Laubenstein from CoreSecurity, Ian McShane from Endgame, and Peter Smith from Edgewise!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode150

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 22, 2019
Bugs, Breaches, and More! - ASW #73
38:30

CVE-2019-1162 showcases elevation of privilege in an ancient Windows component. HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS. We talked more about ephemeral access and SSH in episode 71, Polaris Points the Way to Kubernetes Best Practices, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 21, 2019
Jessica Johnson & Amber Pedroncelli, Hacker Halted - BSW #140
22:32

Hacker Halted is EC-Council's premier IT Security Conference held in Atlanta annually. Hacker Halted gathers 1400+ Information Security Professionals in two days of Exhibiting, Breakout Sessions, Live Hacking Demos and Keynotes!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140

To register for Hacker Halted, visit: https://securityweekly.com/hackerhalted and use the discount code HH19SW to get $100 off!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 21, 2019
Leadership Articles - BSW #140
30:48

In the Leadership and Communications segment, 3 Traits Of Successful Entrepreneurs, 4 Ways To Gain Power And Use It For Good, 5 Reasons to Never Compromise on Punctuality, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode140 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 20, 2019
Ping Identity, Cequence, & NowSecure - ASW #73
42:54

At Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 20, 2019
DEF CON 27 Interviews - PSW #616
42:32

In this segment, we interview O'Shea Bowens from Null Hat Security and Tyler Robinson from Nisos, Inc., from the Blue Team Village. Then we interview Aaran Leyland in the Social Engineering Village.

 

Full Show Notes: https://wiki.securityweekly.com/Episode616

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 19, 2019
Security News: August 15, 2019 - PSW #616
01:22:59

The Huawei shenanigans get deeper and more broad. - This is why I have issues with supply chain, CapitalOne hacker may have stolen from 30 more companies, New Data Breach Has Exposed Millions Of Fingerprint And Facial Recognition Records, Malware lingers in SMBs for an average of 800 days before discovery, and more!

 

Full Show Notes: https://wiki.securityweekly.com/Episode616

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 18, 2019
Blue Team To Red Team, Offensive Security - Tony Punturiero - PSW #616
41:51

Tony Punturiero is the Community Manager at Offensive Security. Discussing about my adventure transferring from being on the blue side to becoming a pentester/red teamer full time. Created an infosec community to help each people in the infosec field come together to learn from one another.

 

Full Show Notes: https://wiki.securityweekly.com/Episode616

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 17, 2019
Black Hat 2019 Interviews - ESW #149
41:53

We interviewed NetScout, Remediant, and BitDefender at Black Hat 2019!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode149

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 16, 2019
Brandon Edwards, Capsule8 - ESW #148
35:58

Containers are a hot topic because of the simplicity they bring to the process of software development, shipping, and deployment. It is important to understand the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode148

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 16, 2019
Joe Gillespie, Netsparker - ESW #148
44:54

Managing vulnerabilities the Enterprise is more than how many assets can you scan but how do you manage the issues that you discover. They will cover usability, easy to use tool, fast deployment, quickly operational, intuitive UI and workflow, discovery, and accuracy.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode148

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 16, 2019
Enterprise News - ESW #149
23:00

Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode149

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 16, 2019
Leadership Articles - BSW - News #139
26:24

In the Leadership and Communications segment, How our brains decide when to trust, Warren Buffet's "2 List strategy, Lack of IT leadership fuels IoT trial failures, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode139 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 15, 2019
Joshua Douglas, Mimecast - PSW #615
36:01

During this discussion, Joshua and Paul will speak about the threats facing organizations today and how they are evolving. Josh will also discuss how IT and security teams need to understand the threats their organizations face and how leveraging actionable threat intelligence can help them build the most effective and efficient defense strategy.

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Aug 15, 2019
Network Detection & Response, ExtraHop - John Smith - ESW - Interview #148
27:59

Network Detection & Response (NDR) as a critical component of cloud-first security, both because of the need for east-west visibility across cloud and on-premises assets, and because combining behavioral-based threat detection with signature-based detection gives organizations a better chance of discovering threats quickly enough (and with enough context) to mitigate the damage.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode148

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 15, 2019
The Sec & Ops Challenge, Mehul Revankar - ESW #149
29:03

IT operations and security teams are very different, but at a high level they both work to create a highly available digital infrastructure that s secure and compliant with regulatory standards. Achieving this goal is easier said than done for most organizations. SaltStack is bringing new solution to market to solve this well know but unique problem.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode149

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 15, 2019
Application News - ASW - News #72
32:17

From Equifax to Capital One: The problem with web application security, Upcoming Change to Chrome's Identity Indicators means the EV UI Moving to Page Info, Apple extends its bug bounty program to cover macOS with $1 million in rewards, Azure Security Lab: a new space for Azure research and collaboration, Awarding Google Cloud Vulnerability Research, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode139 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 14, 2019
Vanessa Van Edwards, Science of People - Vanessa Van Edwards - BSW - Interview #139
31:13

Outline of Interview: Leaders want to be successful, what are the "6 Secrets of Success" As a leader, what's my body language and how do I improve it: "Body Language of Leaders" "Myths About Body Language" "Confident Body Language Boosters" As a leader, I need to know "How to Increase Your Influence" Finally, as a leader, I need to know "How to Capture an Audience by Using the Body Language Secrets"

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode139 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Aug 14, 2019
Security Do's and Don'ts - PSW #615
45:05

Paul, Larry, Doug, and Gabe talk about Software Development: Security Do's & Don'ts.

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Aug 14, 2019
Gabriel Gumbs, Spirion - PSW #615
57:40

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform.

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Aug 13, 2019
Hacker Summer Camp Round-UP - ASW - Topic #72
31:53

Mike Shema and Matt Alderman discuss Hacker Summer Camp as the Security Weekly team has returned from Las Vegas.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode72 Visit https://www.securityweekly.com/asw for all the latest episodes!

Aug 12, 2019
Security News - PSW #614
01:07:55

In the Security News, the US government issues a light aircraft cyber alert, thieves steal a laptop with 30 years of Data from University of Western Australia, RCE is possible by exploiting flaws in Vxworks, and the alleged Capital One hacker is barely bothered to hide!

Full Show Notes: https://wiki.securityweekly.com/Episode614

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 05, 2019
Signal Sciences Kubernetes, Doug Coburn - PSW #614
54:37

Talk about the way Signal Sciences is implemented, especially in the container world. Where we sit in the stack for protection of the web apps in those containers and common first things identified after install (Attack Scanners, Injection Attacks, actionable anomalies like 404 or 500 errors). Finally do a short demo walking through installing Signal Sciences in a Kubernetes environment and the Signal Sciences dashboard.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/Episode614

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 04, 2019
LogRhythm To The Cloud, Sam Straka - PSW #614
38:48

Sam Straka is the Technical Product Manager at LogRhythm, and he will be talking about the movement of their market to the Cloud, how LogRhythm is innovating in that area, and why total cost of ownership is important when looking at a SIEM platform.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode614

Visit https://www.securityweekly.com/psw for all the latest episodes!

Aug 03, 2019
News - ESW #147
31:46

Paul, Matt, and John Strand to discuss how Microsoft acquires BlueTalon to bolster data governance offerings, Arduino selects Auth0 as standardized login for open source ecosystem, new code-signing solution released by Venafi, and ExtraHop issues warning about phoning home in new security advisory!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode147

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 02, 2019
Threat Hunting - ESW #147
30:22

Charles Thompson, Sr. Director of Product Management at VIAVI Solutions, has a career spanning 20 years in the IT space specializing in using wire-data to assist SecOps and NetOps teams with management, analysis, and protection of critical applications, services, and data.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode147

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 02, 2019
Evaluating Vendors - ESW #147
21:05

To prepare for DEF CON and Black Hat, Paul and Matt talk about Evaluating Security Vendors!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode147

Visit https://www.securityweekly.com/esw for all the latest episodes!

Aug 01, 2019
Container Security Today - Application Security Weekly #71
36:44

Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!

Jul 31, 2019
Leadership Articles - Business Security Weekly #138
34:31

In the Leadership and Communications segment, Leading with Trust, Portrait of a CISO, roles and responsibilities, Cybersecurity Risk: What does a "reasonable" posture entail and who says so?, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode138 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Jul 31, 2019
CISO COMPASS, Todd Fitzgerald - Business Security Weekly #138
33:22

Todd Fitzgerald is the Managing Director/CISO/Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC. Todd will be discussing his book, the CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode138

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Jul 31, 2019
Application News - Application Security Weekly #71
37:32

Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!

Jul 30, 2019
Security News - Paul's Security Weekly #613
01:30:42

In the Security News, a phishing scheme that targets AMEX cardholders, the list of labs affected by the American Medical Collection Agency data breach continues to grow, a Silk Road drug dealer gets caught converting Bitcoin to cash, how GDPR is forcing the tech industry to rethink Identity Management and Authentication, and a Mirai-Like botnet wages massive application layer DDoS attack!

Full Show Notes: https://wiki.securityweekly.com/Episode613

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 26, 2019
Integrity Through Prevention, WEforum - Paul's Security Weekly #613
54:38

Troels Oerting is the Head of the Global Centre for Cybersecurity established by World Economic Forum in 2018. Troels talks about Security, Privacy, Integrity through Prevention, Protection and Prosecution via People, Tech and Processes.

Full Show Notes: https://wiki.securityweekly.com/Episode613

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 26, 2019
DDoS, Murray Goldschmidt - Paul's Security Weekly #613
37:10
Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about the Intro to Sense of Security, DDoS in 2019, New trends, and How to address these issues! Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!
Jul 26, 2019
Michael Aiello, Google - Enterprise Security Weekly #146
25:46

Mike is the Director of Product Management for Google Cloud Security.The concept of shared responsibility between provider and customer is core to managing security and risk as organizations move to the cloud. With the rise of hybrid and multi-cloud deployments, how do responsibilities change? Segment will cover how you can evolve your risk models and how cloud providers might help maintain and improve your security posture in a hybrid world.

Full Show Notes: https://wiki.securityweekly.com/Episode613

Visit https://www.securityweekly.com/esw for all the latest episodes!

Jul 25, 2019
Enterprise News - Enterprise Security Weekly #146
29:58

Riverbed launches Aternity to improve digital experiences, Synopsys and Ixia, a Keysight Business, Announce Collaboration to Enable Scalable Networking SoC Validation Solution, CyberArk unveils industrys most complete SaaS portfolio for privileged access security, The age of Azure is upon us: Microsoft's biggest business segment is now the one that includes its Azure cloud, OneLogin launches passwordless device authentication for Windows PCs without Active Directory, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode146

Visit https://www.securityweekly.com/esw for all the latest episodes!

Jul 25, 2019
Leadership Articles - Business Security Weekly #137
38:55

In the Leadership and Communications segment, 8 Sales Skills You Need to Learn, The Trust Crisis, Five Management Lessons From the Apollo Moon Landing, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode137 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Jul 25, 2019
Luis Giraldo, Kaseya - Enterprise Security Weekly #146
31:28

Luis is IT Glue s VP, Product. In his native Colombia, he was in the music business, once playing keyboards on tour with Shakira. Luis will be talking about Unified IT, and the Capabilities of Kaseya's IT Complete Platform What are organizations struggling with, and how the value of a unified platform can help drive higher efficiency, deeper workflow-level integrations, and lower overall cost.

To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146

Visit https://www.securityweekly.com/esw for all the latest episodes!

Jul 24, 2019
Application News - Application Security Weekly #70
31:47

SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!

Jul 24, 2019
Securing Identity With Conditional Access - Business Security Weekly #137
28:09

Ajit Sancheti is the CEO at Preempt. Ajit will be discussing Securing Identity with Conditional Access.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode137

To learn more about Preempt, visit: https://securityweekly.com/preempt

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Jul 24, 2019
Secure App Deployment With Unikernels - Application Security Weekly #70
33:34

Ian Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!

Jul 23, 2019
Security News: July 18, 2019 - Paul's Security Weekly #612
55:12

Slack Resets User Passwords After 2015 Data Breach, Hacker Breached Sprint Customer Accounts Through Samsung Website, Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink, A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias., and much more!

Full Show Notes: https://wiki.securityweekly.com/Episode612

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 22, 2019
Topic Segment: Security Roundtable - Paul's Security Weekly #612
01:10:45

They will be covering: Vulnerability Management, Patching, Asset Management, and System Hardening.

Full Show Notes: https://wiki.securityweekly.com/Episode612

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 21, 2019
IT Industry, Jared Haggerty - Enterprise Security Weekly #145
19:34

Jared Haggerty is the Director, Content and Curation for Databerry. Jarred comes on the show to talk about an overview of security in business where it is now and where it is headed and the use of Automox in the IT Industry.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 20, 2019
MITRE ATT&CK: Katie Nickels, MITRE - Paul's Security Weekly #612
43:13

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Full Show Notes: https://wiki.securityweekly.com/Episode612

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 20, 2019
Identity Authentication, David Harding - Enterprise Security Weekly #145
24:02

David Harding is the SVP & Chief Technology Officer at ImageWare Systems, Inc. Identity authentication is more important now than at any other time in history. Today's methods such as 2-factor authentication are falling short and are not as secure as once believed. How do we secure our networks, private information, financial transactions, and healthcare data without adding friction and losing privacy? We'll address the authentication methods that exist, when they are appropriate, and how to use both 2FA and multi-factor biometric authentication to control and manage your digital identity.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 19, 2019
Eric McAlpine, Momentum Cyber - Business Security Weekly #136
42:09

Eric McAlpine is the Co-founder and Managing Partner at Momentum Cyber. Eric is a Founder & Managing Partner at Momentum Cyber a firm he co-founded in 2018 along with Dave DeWalt and Michael Tedesco. Momentum Cyber is the premier trusted strategic adviser to the Cybersecurity industry providing bespoke high-impact advice combined with tailored senior-level access from incubation to exit.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Jul 18, 2019
Security Money: July 15, 2019 - Business Security Weekly #136
22:35

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Jul 18, 2019
Enterprise News: July 17, 2019 - Enterprise Security Weekly #145
31:30

Vade Secure's Auto-Remediate adds automated protection for Office 365 environments, Aqua Security deepens strategic relationship with Microsoft to accelerate Azure deployments, Trend Micro's Deep Security as a Service now available on the Microsoft Azure Marketplace, DefenseStorm raises $15M to invest in employees and innovation, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 18, 2019
Securing Multi-Cloud Environments - Application Security Weekly #69
39:41

Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments.

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 16, 2019
Application News - Application Security Weekly #69
35:19

Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 16, 2019
Porn Pirating, Zoom RCE, & Huawei - Paul's Security Weekly #611
42:58

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers!

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 15, 2019
Biometric Authentication, Jumio - Paul's Security Weekly #611
36:11

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user s existing account, tips to protect against account takeover.

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 14, 2019
Cloud-Based Training Solutions - Enterprise Security Weekly #144
29:56

Employees are the weakest link in Cybersecurity and because of this 80% of businesses will adopt a Cloud-based training solution by 2020. Small to Medium sized businesses are being left behind by complex, time-consuming solutions. Resellers need MRR, simple solutions that don't require training and certifications, and need help with client renewals. SMB's face the most complex, and highest rates of online attacks ever. Technology cannot solve all their risks, most solutions are too complex, time-consuming, and costly. Open solutions like CyberHoot allow you to build automated cybersecurity programs, track employee compliance, and address critical risks we all face.

Segment References: https://wiki.securityweekly.com/ES_Episode144 Visit https://securityweekly.com/esw for all the latest episodes!

Jul 13, 2019
Blue/Purple Teaming (defense) - Paul's Security Weekly #611
01:16:00

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 13, 2019
PinID, Infoblox, & BeyondTrust - Enterprise Security Weekly #144
30:26

In the news segment, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode144

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 12, 2019
Threat Hunting - Enterprise Security Weekly #144
29:10

John Strand and Matt Alderman will discuss Threat Hunting.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode144

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 11, 2019
Application News - Application Security Weekly #68
32:28

WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 11, 2019
Science, Ben Franklin, & Lessons - Business Security Weekly #135
23:50

In the Leadership and Communications segment, Life Lessons of Ben Franklin, A Lesson in Leadership, How to Start a Speech: The Best (and Worst) Speech Openers, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

Jul 11, 2019
Cloud Native - Application Security Weekly #68
31:46

Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 10, 2019
ANSI's Subscription-Based Model - Business Security Weekly #135
29:00

Mark Brown, Senior Director of Standards Connect, from ANSI. ANSI is a nonprofit that supports U.S. voluntary standards and conformity assessment and protects the integrity of these processes. One way in which ANSI helps to enhance the global competitiveness of US businesses and quality of life, is to provide access to standards for companies worldwide. Some companies find Standards Connect, a subscription-based platform for standards management, to be their best solution to search, access, collaborate, and manage the standards they need.

To learn more about ANSI, visit: https://securityweekly.com/ansi

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

Jul 10, 2019
Mastercard, Gen Z, & Leadership - Business Security Weekly #134
26:40

In the Leadership and Communications segment, Mastercard CTO reveals must-have executive leadership traits, 10 Presentation Ideas That Will Radically Improve Your Presentation Skills, 7 tech skills managers hunt for, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Jul 04, 2019
Security Training for Devs - Application Security Weekly #67
34:18

Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 03, 2019
Security Challenges in the Global Value Chain - Business Security Weekly #134
34:03

Edna Conway is the Chief Security Officer, Global Value Chain at CISCO. Edna will be discussing Global Value Chain at Cisco.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Jul 03, 2019
GKE, AWS, & S3 Buckets - Application Security Weekly #67
30:40

GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 02, 2019
Security News - Paul's Security Weekly #610
01:12:06

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story.

More stories and links here: https://wiki.securityweekly.com/Episode610

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 01, 2019
CySA+ & PenTest+ Certs, ITProTV - Paul's Security Weekly #610
59:02

Don Pezet will be discussing the new CySA+ and PenTest+ certs that ITProTV has to offer! Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.

To learn more about ITProTV, visit: https://securityweekly.com/itprotv Full Show Notes: https://wiki.securityweekly.com/Episode610

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 30, 2019
Tools to Hack Your Career, CyberSecJobs - Paul's Security Weekly #610
01:08:29

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them.

Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018
Links to more slides here: https://wiki.securityweekly.com/Episode610


→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Jun 30, 2019
Enterprise News - Enterprise Security Weekly #143
35:24

CyberArk opens integration ecosystem to community contributions, ExtraHop Announces Reveal(x) Cloud, McAfee announced updates to McAfee MVISION Cloud for Amazon Web Services, and Elastic expands cybersecurity push in new version of software suite!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 28, 2019
Email Data Exfiltration, ObserveIT - Enterprise Security Weekly #143
24:23

In our second segment, we welcome Sai Chavali, Security Strategist at ObserveIT. Most companies have preventative controls on email today, however, they are still finding that users exfiltrating sensitive data through corporate email is all too common. Currently, detection and investigation of out-of-policy user activity and security incidents are time-consuming and riddled with manual processes. Learn more on how ObserveIT helps security teams with real-time detection and take investigation time from months to minutes.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 28, 2019
Don't Ignore APIs - Application Security Weekly #66
24:06

API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 27, 2019
Leadership Articles - Business Security Weekly #133
25:34

In the Leadership and Communications segment, CEOs Share Their Most Helpful (and Unconventional) Career Advice, 3 Lessons From Emerging Leaders On The Power of Differing Perspectives, New breed of security vendor spells trouble for pure play firms, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

Jun 27, 2019
RSAC Asia Pacific & Japan 2019 - Enterprise Security Weekly #143
21:52

In our final segment, we welcome Britta Glade, Director of Content and Curation of RSA Conference, and Linda Gray, Director and Chief of Operations for RSAC APJ, to discuss what's coming new this year for the RSA Conference APJ!

To learn more about RSAC APJ, visit: https://www.rsaconference.com/events/ap19

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 26, 2019
Osquery, Netflix, & Mozilla - Application Security Weekly #66
41:56

Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 26, 2019
Third Party Vendor Management - Business Security Weekly #133
42:21

Tom Garrubba is Senior Director/CISO at Santa Fe Group/Shared Assessments. He is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for the Certified Third Party Risk Professional (CTPRP) program. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

Jun 26, 2019
Security News - Paul's Security Weekly #609
01:28:04

In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks 2 factor authentication!

Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 24, 2019
Purple Teaming, SCYTHE - Paul's Security Weekly #609
38:14

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels.

To learn more about SCYTHE, visit: https://securityweekly.com/scythe
Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 23, 2019
AttackDefense Labs Platform - Paul's Security Weekly #609
54:33

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card.

Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 22, 2019
Inheriting Someone Else's Code - Enterprise Security Weekly #142
27:28

Paul will talk about the challenges of inheriting someone else's code. Paul will discuss 5 tips: Use an IDE, Variable Usage, Jump To Implementation and Declaration, Global Search, and Inspection.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142


→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Jun 21, 2019
Enterprise News - Enterprise Security Weekly #142
27:01

In the Enterprise News, Docker desktop for Windows 10 will soon switch to WSL 2, Netskope introduces Zero-Trust secure access to private enterprise applications, 10 notable security acquisitions of 2019, and can your patching strategy keep up with the demands of open source?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 21, 2019
Challenges of Healthcare Security - Enterprise Security Weekly #142
32:28

Security in a healthcare environment takes on many unusual aspects that other industries do not typically deal with. From patient restraints to drug diversion to the highest workplace violence rates in any US industry, healthcare is one of the most complex and challenging security environments to maintain.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 20, 2019
3 Shocking Ways To Show Up - Business Security Weekly #132
20:48

In the Leadership and Communications Segment, the trust crisis in business, employee engagement and successful change, and 3 shocking ways to show up today!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

Jun 20, 2019
Shannon Lietz, Intuit - Application Security Weekly #65
33:49

Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 19, 2019
Azure & Cloud Migration For CISOs - Business Security Weekly #132
34:46

Jeremy Winter is the Director, Azure Management at Microsoft Azure. He joins us to talk about what CSOs & CISOs need to know about Azure + Cloud migration Tips + Mythbusting cloud security issues. This episode of Business Security Weekly will focus on what CSOs and CISOs need to know about Azure. Additionally, Jeremy will touch upon the best cloud migration tips and mythbust cloud security issues.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

Jun 19, 2019
Grim, Vim, & Neovim - Paul's Security Weekly #608
01:04:33

In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal!

Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

 

Jun 18, 2019
Bugs, Breaches, and More! - Application Security Weekly #65
35:52

There's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 18, 2019
Sysmon DNS Logging, Gravwell - Paul's Security Weekly #608
59:15

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week!

To get involved with Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 17, 2019
Seed Rounds, Equity Rounds, Debt Rounds - Enterprise Security Weekly #141
23:08

Matt and Paul talk about Seed Rounds, Equity Rounds, Debt Rounds! Discussing how to invest, how investors operate, and how to get involved with preferred stocks.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 15, 2019
1 Click Microsegmentation, Edgewise - Paul's Security Weekly #608
55:39

Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter comes on the show to talk about Edgewise's 1 click microsegmentation!

To get involved with Edgewise, visit: https://securityweekly.com/edgewise
Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 15, 2019
Container Services In Azure, ITProTV - Enterprise Security Weekly #141
40:28

Do you wonder how your team can save costs by lifting and shifting your existing applications to containers, and build micro-services applications to deliver value to your users faster? Use end-to-end developer and CI/CD tools to develop, update, and deploy your containerized applications? Manage containers at scale with a fully managed Kubernetes container orchestration service that integrates with Azure Active Directory? Wherever you are in your app modernization journey, the hardest part is knowing where to begin.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 14, 2019
Leadership Articles - Business Security Weekly #64
37:12

In the Leadership and Communications segment, 7 subconscious habits that sabotage your ability to listen - and lead, the power of writing stuff down, what really helps employees improve, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

Jun 13, 2019
Rapid7, Ixia, & CNA - Enterprise Security Weekly #141
30:44

Rapid7 is integrating access to Insight Platform Applications, Ixia releases a new Scalable, modular packet broker, Sonatype's Nexus user conference to bring 2000 DevSecOps leaders together for free, and CyberArk and CNA introduce cybersecurity insurance!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 13, 2019
Privacy: One Year After GDPR - Business Security Weekly #64
30:28

Unfortunately, our scheduled interview was cancelled this week, but we are working to get Brian rescheduled. Instead, we're going to discuss the state of privacy one year after GDPR. Yes, GDPR is a year old. Are things better, worse, or the same?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

Jun 12, 2019
MacOS Catalina, OpenShift, & Pink Floyd - Application Security Weekly #64
31:29

"Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 11, 2019
DevSecOps & Software Supply Chains, Microsoft - Application Security Weekly #64
38:30

Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 10, 2019
SalesForce, iPhones, & Old Androids - Paul's Security Weekly #607
01:09:29

In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized cars?!

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 10, 2019
Mental Health & Wellness - Paul's Security Weekly #607
57:59

We welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and how we can provide them with the proper support services to help!

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 09, 2019
Imperva, Securonix, & ThreatConnect - Enterprise Security Weekly #140
26:44

Flexera Acquires RISC Networks, Security stays hot as Imperva grabs Distil Networks, EnSilo is raising a series B to monitor and remediate cyber threats, SentinelOne lands $120 mln Series D, Securonix Partner Program Targets MSSPs, Thycotic Expands Enterprise-Grade Privileged Access Management-as-a-Service Solution, SecureAuth Innovates Secure Identity Management with its Intelligent Identity Cloud Service, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 08, 2019
Detection & Response, Endgame - Paul's Security Weekly #607
37:20

In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind.

To learn more about Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 08, 2019
Importance Of Remediation, Viavi - Enterprise Security Weekly #140
40:58

Charles Thompson is the Senior Director of Product Management at Viavi. Charles will discuss the importance of response/remediation in a strong security strategy and the role wire-data plays in having the forensic detail needed to identify a breach, understand scope of impact, and confirm restoration of network performance to pre-incident baseline.

To learn more about Viavi Solutions, visit: https://securityweekly.com/viavi

Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 07, 2019
The Effectiveness Of Your SOC, LogRhythm - Business Security Weekly #130
35:35

Andrew Hollister is the Chief Architect & Product Manager at LogRhythm. Andrew will talk about the Security Operations Maturity Model: How to Measure the effectiveness of your SOC.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Jun 06, 2019
Defending Against Microsoft Vulnerabilities - Enterprise Security Weekly #140
28:01

Paul will be giving a technical segment on Defending Your Environment Against Major Microsoft Vulnerabilities. Discussion points will consist of: Discovery, Temporary Countermeasures, Be Resilient, and Paul talks about the two things he'd change if he were in charge. Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 06, 2019
Cybersecurity Workforce Gap - Business Security Weekly #130
29:29

John McCumber is the Director, Cybersecurity Advocacy at (ISC)2. John will cover the statistics behind the cybersecurity workforce gap, and explain why what we perceive anecdotally isn't what we see in the media. Learn what is really taking place in cybersecurity hiring, training, and education. Find new opportunities in this data for your personal career growth.

To learn more about ISC2, visit: https://securityweekly.com/isc2

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Jun 05, 2019
Application News - Application Security Weekly #63
26:16

This week, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 05, 2019
Major Identities & Micro Services - Application Security Weekly #63
31:31

Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 04, 2019
Gatekeeper, WannaCry, and BlueKeep- Paul's Security Weekly #606
01:10:10

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that makes you WannaCry!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 03, 2019
Automate IT, SaltStack - Paul's Security Weekly #606
48:07

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtual), network devices, and endpoints. From "day 0" provisioning to "day n" configuration drift management and compliance management, Salt can scale to automate all the most difficult and frustrating tasks.

To learn more about SaltStack, visit: https://securityweekly.com/saltstack

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 02, 2019
Network-Wide Security Policy, Tufin - Enterprise Security Weekly #139
34:22

Ruvi Kitov, CEO and Co-Founder of Tufin, talks about the importance of having a network-wide security policy! The discussion will be on the importance of having a network-wide security policy, the fact that most companies don’t have one, and therefore lack visibility and are not compliant with regulations and even with their own policies, and finally the value that we provide with SecureTrack.

To learn more about Tufin, visit: https://securityweekly.com/tufin

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 01, 2019
BlueKeep Vulnerability, Robert Graham - Paul's Security Weekly #606
31:04

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 01, 2019
Digital Hygiene & The School System - Paul's Security Weekly #606
30:20

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digital hygiene if we don't have the proper education in place?, what is Digital Citizenship, and how is the Privacy playing a roll in our always-on youth?

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

May 31, 2019
Verodin, Palo Alto, & Okta - Enterprise Security Weekly #139
41:34

John Strand and Paul Asadoorian discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and funding updates from Palo Alto, FireEye, and Verodin!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

May 31, 2019
Understanding & Quantifying Cyber Risk, RiskLens - Enterprise Security Weekly #139
23:12

We interview Jack Jones, Chief Risk Scientist at RiskLens to talk about Understanding and quantifying cyber risk using FAIR!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

May 29, 2019
Google, Huawei, & Windows 0-Day - Paul's Security Weekly #605
59:34

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 27, 2019
Does DNS Fit Into A Secure Architecture - Paul's Security Weekly #605
40:40

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 26, 2019
KnowBE4, Autho0, & Guardicore - Enterprise Security Weekly #138
21:52

In the Enterprise News, ThreatQuotient expands integration with MITRE ATT&CK Framework, JASK launches a new Heads Up Display for security operations centers, and we have some acquisition and funding updates from Guardicore, Auth0, and KnowBe4!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 25, 2019
Candy Alexander, ISSA - Enterprise Security Weekly #138
23:27

Candy Alexander is the President of Information Systems Security Association. Ms. Alexander has 30 years of information security experience working for various high-tech companies. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a Virtual or Fractional CISO and Executive Cyber Security Consultant assisting companies large and small to improve their security programs through effective security initiatives.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 25, 2019
Matthew McMahon, Salve Regina University - Paul's Security Weekly #605
40:15

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 25, 2019
The Pillars Of The Enterprise, Gravwell - Enterprise Security Weekly #138
30:09

Corey Thuen is the Co-Founder at Gravwell. Corey covers the topics: Framework for discussion: the pillars of the SOC and the 80/20 principle, Wire data, Log/Application Data, Endpoint protection/EDR, Threat Intel, Data fusion, SOAR, and much more!

To learn more about Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 24, 2019
Application News - Application Security Weekly #62
30:05

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

May 23, 2019
Leadership Articles - Business Security Weekly #129
19:08

In the Leadership and Communications segment, don't let your expertise narrow your perspective, don't be blinded by your own expertise, and the smartest cities in the future of urban development!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

May 22, 2019
Cody Wood, Signal Sciences - Application Security Weekly #62
33:07

Mike Shema and John Kinsella interview Cody Wood. Cody Wood is the AppSec Product Support Engineer at Signal Sciences.

To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

May 22, 2019
Discovering Applications, Netsparker - Business Security Weekly #129
35:32

We welcome Ferruh Mavituna, Founder and CEO of Netsparker! They will be discussing the discover and scan perspective of applications, how to handle in-house written applications vs. ones that are acquired, the prioritization and planning of the applications you have, and the common practice companies should be doing to focus on the top 20% of critical apps.

To get involved with Netsparker, visit: https://securityweekly.com/netsparker

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

May 21, 2019
Singapore, Cisco, and Israeli Spyware - Paul's Security Weekly #604
01:11:44

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability!

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 20, 2019
Fixing Identity and Access Management - Paul's Security Weekly #604
01:02:27

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management.

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 19, 2019
Julian Zottl, Raytheon - Paul's Security Weekly #604
43:41

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks!

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 18, 2019
Centralization of Web Security, Netsparker - Enterprise Security Weekly #137
37:44

Ferruh Mavituna is the Founder & Product Manager at Netsparker. Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing?

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 17, 2019
SysDig, In-Q-Tel, NextGen, & SIEM - Enterprise Security Weekly #137
27:39

In the news, Atos launches a new unified cloud identity and access management solution, ExtraHop announces new panorama partner program, SysDig and In-Q-Tel partnership to provide U.S. government agencies with the SysDig Cloud Native VSP, and LogRhythm releases a Cloud Based NextGen SIEM platform!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 17, 2019
Leadership Articles - Business Security Weekly #128
36:43

In the Leadership and Communications segment, Transformational leadership style inspires 'moonshot goals', How to Deal With Information Overload, The surprising secret of success: it's not about winning, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

May 16, 2019
Firewalls, Paul Asadoorian - Enterprise Security Weekly #137
24:51

Paul will be giving a technical segment on firewalls. Paul talks about an enterprise open-source firewalls?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 16, 2019
Application News - Application Security Weekly #61
28:43

In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

May 15, 2019
Jon Fredrickson, BCBSRI - Business Security Weekly #128
40:32

This week, we welcome Jon Fredrickson, Information Security Officer at Blue Cross & Blue Shield of Rhode Island.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

May 14, 2019
Securing Software Supply Chains - Application Security Weekly #61
42:23

This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains. Derek is the VP and DevOps Advocate at Sonatype. Derek is the world's foremost researcher on the topic of DevSecOps and securing software supply chains.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

May 14, 2019
Security News - Paul's Security Weekly #603
01:23:53

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing!

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 13, 2019
Chris Sanders, AND & RTF - Paul's Security Weekly #603
38:47

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas.

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 12, 2019
Security Industry Briefings Update - Enterprise Security Weekly #136
20:14

We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 11, 2019
Enterprise News - Enterprise Security Weekly #136
22:46

In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 11, 2019
From IT to OT Security, Lesley Carhart - Paul's Security Weekly #603
52:34

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Lesley will be discussing her transition from IT security to OT security, DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?, and much more!

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 11, 2019
Continuous Controls Monitoring, Panaseer - Enterprise Security Weekly #136
29:49

Nik Whitfield is the CEO at Panaseer. He joins us to talk about Continuous Controls Monitoring!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 10, 2019
Application News - Application Security Weekly #60
34:16

Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and security.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60

Follow us on Twitter: https://www.twitter.com/securityweekly

May 09, 2019
Leadership Articles - Business Security Weekly #127
38:03

In the Leadership and Communications segment, How to build a startup, You Don't Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

May 08, 2019
Sven Morgenroth, Netsparker - Application Security Weekly #60
35:37

Sven joins us to talk about securing our applications, how confident can we be about the security of web applications, and how we can make it easier to build applications that we don't need to worry about the OWASP top 10 because of secure defaults.

To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60
Follow us on Twitter: https://www.twitter.com/securityweekly

May 08, 2019
Global Cyber Innovation Summit Recap - Business Security Weekly #127
29:33

Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

May 07, 2019
Philip Niedermair, National Cyber Group - Paul's Security Weekly #602
45:03

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 06, 2019
Joshua Abraham, Praetorian - Paul's Security Weekly #602
58:44

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 05, 2019
ThreatConnect, HALO, & SolarWinds - Enterprise Security Weekly #135
26:43

In the Enterprise news, ThreatConnects new features make creating security playbooks easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 04, 2019
Nokia 9, Julian Assange, & Tenable - Paul's Security Weekly #602
58:26

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 04, 2019
Joshua Abraham, Praetorian - Enterprise Security Weekly #135
36:38

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders!

Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 03, 2019
Leadership Articles - Business Security Weekly #126
28:13

In the Leadership and Communications segment, 5 Myths about Strategy, The making of a technology leader, Want Fewer Employees to Quit? Listen to Them, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

May 02, 2019
Patch Management Struggles, Automox - Enterprise Security Weekly #135
37:03

A self-described "Nerd with a big mouth" Jay is an 18-year startup veteran specialized in pre-IPO, hyper-competitive environments with a focus on new technology introduction, partner/customer acquisition. Jay joins us to discuss Patch management struggles and how to overcome them!

To get involved with Automox, visit: https://securityweekly.com/automox

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 02, 2019
Security Awareness, Education, & Training - Business Security Weekly #126
37:05

Craig Sandman is the President and Co Founder of Symbol Security, a Cyber Security SaaS company with a mission to reduce corporate risk through Security Awareness Education. Craig will discuss Security Awareness, Education, and Training!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

May 01, 2019
Application News - Application Security Weekly #59
34:26

In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

May 01, 2019
Larry Maccherone, Comcast - Application Security Weekly #59
30:48

This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 30, 2019
Fujifilm, Facebook, & Black Holes - Paul's Security Weekly #601
01:13:31

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole!

Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 29, 2019
SaaS Product, Cloudneeti - Paul's Security Weekly #601
58:57

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications!

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 28, 2019
Dave Kennedy, Binary Defense - Enterprise Security Weekly #134
23:19

Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community! A great conversation between two security legends and long time best friends! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 27, 2019
The Canary Tool, Thinkst - Paul's Security Weekly #601
01:06:05

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary!

To get started with Canary, visit: https://securityweekly.com/canary
Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 27, 2019
ShieldX, Tenable, & Capsule8 - Enterprise Security Weekly #134
30:28

In the Enterprise news, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 26, 2019
Francis Dinha, OpenVPN - Enterprise Security Weekly #134
27:14

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN. Francis Dinha is the CEO of OpenVPN.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 25, 2019
Leadership Articles - Business Security Weekly #125
31:20

In the Leadership and Communications segment, 5 Ways to Find Natural Leaders for Your Team, Business Wisdom Learned From Bomb Squad Experts And Their Commanders, Why Rest Is Essential To High Performance, 4 Ways Working Dads Can Make More Time for Family, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125

Apr 24, 2019
Adam Fletcher, Blackstone - Business Security Weekly #125
27:55

Adam Fletcher is the Chief Information Security Officer for Blackstone. As a security professional with over 18 years of experience, Adam has worked with global security organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant.

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125

Please join Adam and other CISOs at the Global Cyber Innovation Summit by visiting https://globalcybersummit.org/request-information to request your invitation.

Apr 24, 2019
Application News - Application Security Weekly #58
31:42

In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 23, 2019
Thomas Hatch, SaltStack - Application Security Weekly #58
39:41

Thomas is the creator of the Salt open source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and IoT.

 

To learn more about SaltStack, visit: https://securityweekly.com/saltstack

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 23, 2019
Patrick Tierney, Endgame - Enterprise Security Weekly #133
17:06

We interview Patrick Tierney, the Sales Engineer at Endgame.

To get involved with Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 20, 2019
Tufin, OpenVPN, & NYSE IPO - Enterprise Security Weekly #133
19:12

In the news, OpenVPN and JumpCloud Partner to Bring Secure Cloud-based Authentication and User Management to VPN, IdenTrust and Device Authority Collaborate to Deliver Secure Lifecycle Management to the IoT, Tufin Prices NYSE IPO at $108 Million, Bad security hygiene still a major risk for enterprise IT networks and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 19, 2019
SOC Intel: Wire, Logs, & Endpoint - Enterprise Security Weekly #133
31:41

Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint!

To get involved with ExtraHop, vist: https://securityweekly.com/extrahop

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 18, 2019
How To Think Like An Investor, Will Lin - Business Security Weekly #124
30:34

Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley.

Full show Notes: https://wiki.securityweekly.com/BSWEpisode124

Apr 18, 2019
Application News - Application Security Weekly #57
38:53

3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 17, 2019
Security Money - Business Security Weekly #124
27:59

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode124

Apr 17, 2019
Containers and Kubernetes - Application Security Weekly #57
23:54

This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 16, 2019
Bitcoin, WikiLeaks, & Julian Assange - Paul's Security Weekly #600
01:18:17

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks.

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 16, 2019
Merissa & Jessica, WSC - Paul's Security Weekly #600
42:09

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers.

If anyone has questions, they can visit our website at https://womenscyberjutsu.org/ or reach out to me directly, I’m always happy to help!

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 15, 2019
Gabriel Gumbs, Spirion - Paul's Security Weekly #600
43:33

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 14, 2019
Coalfire ASV Scanning - Enterprise Security Weekly #132
01:04:58

Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire.

Coalfire ASV Scanning:

- ASV program (love, praise, struggle)
- Development and growth of scanning, 1-5 person team, partnership, marketing position
- Published opinion piece, getting knowledge, supporting the industry
- Scan platform
- RISE - movement in the company, coalfire programs, development at Coalfire
- Limitations of scanning, pen testing?

To learn more about Coalfire, visit: https://securityweekly.com/coalfire
Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 13, 2019
Vendor Briefing - Enterprise Security Weekly #132
22:52

In the last segment, we air the Security Briefing from Secure World Boston! Paul and Matt review the vendors at SecureWorld Boston 2019!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 13, 2019
Cloud Security, Bitglass, & Funding - Enterprise Security Weekly #132
29:03

In the news, Cloud security company Bitglass raises $70M in late-stage round, Lockpath Announces Significant Updates to Keylight Platform, TrustBuilder Identity Hub introduces simple and scalable access management for Docker, Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners, RedSeal raises more than $60 million for its cybersecurity tools, Google expands cloud security capabilities, including simpler configuration, and Sysdig Unites Cloud-Native Visibility and Security in Platform Update.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 12, 2019
Calendars, Work-Life, & Balance - Business Security Weekly #123
29:42

In the Leadership and Communications segment, 94% of CIOs, CISOs have to make protection compromises, Accelerating Business Through Customer Centricity, 5 states dominating tech employment, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode123

Apr 10, 2019
Docker, ARM, & "Selfie" - Application Security Weekly #56
37:14

In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 10, 2019
Falco, Sysdig - Application Security Weekly #56
42:47

This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco!

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 10, 2019
Post-Perimeter Security , Lookout - Business Security Weekly #123
34:24

Michael Murray is the Chief Security Officer at Lookout. Michael joins us today to talk about Post-perimeter Security.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode123

Apr 09, 2019
OceanLotus, Russia, & Google - Paul's Security Weekly #599
53:51

In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale!

Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 01, 2019
Threat Hunting & AI Hunter, ACM - Paul's Security Weekly #599
48:06

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter!

To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 31, 2019
Illusive Networks - Enterprise Security Weekly #131
25:51

Paul sits down with Wade Lance and Nir Greenberg of Illusive Networks at the RSA Conference 2019!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode131

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 30, 2019
Mary Beth Borgwing, Cyber Social Club - Paul's Security Weekly #599
49:14

This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber!

Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 30, 2019
Branden Williams, Union Bank - Enterprise Security Weekly #131
25:16

Dr. Branden R. Williams has more than twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. His specialty is navigating complex landscapes—be it compliance, security, technology, or business—and finding innovative solutions that propel companies forward while reducing risk.

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode131

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 29, 2019
Leadership Articles - Business Security Weekly #122
27:10

In the Leadership and Communications segment, even CEOs should clean their own bathrooms sometimes, building an effective cybersecurity program, how to get booked as a podcast guest, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode122

Mar 28, 2019
Bugs, Breaches, and More! - Application Security Weekly #55
30:48

XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode55 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 28, 2019
Security ROI, Endgame - Business Security Weekly #122
37:11

Ian McShane, the VP, Product Marketing at Endgame, joins us on Business Security Weekly to talk about security ROI and how to align goals, skills, and budgets to reduce risk.

 

To learn more about Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode122

Mar 28, 2019
Android Q, Sirens, & Korean Hotels - Paul's Security Weekly #598
40:03

In the Security News, how Android Q will come with improved privacy protections, hacked tornado sirens taken offline ahead of a major storm, and how Putty released an update that fixed 8 new security flaws!

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 26, 2019
Iris, DomainTools - Paul's Security Weekly #598
26:27

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris!

To learn more about DomainTools, visit: https://securityweekly.com/domaintools

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 25, 2019
Marcus Carey, Tribe of Hackers - Paul's Security Weekly #598
50:43

Marcus Carey is the Founder & CEO at Threatcare. Navy Cryptologist turned cybersecurity entrepreneur, Marcus Carey is Currently working as founder and CEO of cybersecurity company Threatcare. He joins us talk about the book that he Co-Authored, "Tribe of Hackers"!

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 24, 2019
NexDefense, 42Crunch, & ExtraHop - Enterprise Security Weekly #130
31:24

Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode130

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 22, 2019
Endgame, Virsec, & SCYTHE - Enterprise Security Weekly #130
48:19

Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019: Endgame, Virsec, and SCYTHE

Full Show Notes: https://wiki.securityweekly.com/ES_Episode130

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 21, 2019
DARPA, Yelp, & FBI - Application Security Weekly #54
29:06

Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 21, 2019
Leadership Articles - Business Security Weekly #121
28:52

In the Leadership and Communications segment, How Boeing Should Have Responded to the 737 Max Safety Crisis, Digital Transformation is Not About Technology, Gartner's Top 10 Security Projects for 2019, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode121

Mar 20, 2019
Jamie Duncan, Red Hat - Application Security Weekly #54
33:51

Jamie Duncan is a recovering history major who has been at Red Hat for just over 7 years. Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 20, 2019
Intersection of Development & Security - Business Security Weekly #121
38:10

Nick Galbreath, Co-founder and Chief Technology Officer at Signal Sciences, to discuss the Intersection of Development and Security!

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode121

Mar 19, 2019
Malware Sandboxing, VMRay - Paul's Security Weekly #597
40:23

We interview Carsten Williams, Co-Founder and CEO at VMRay, discussing malware sandboxing! Carsten is the original developer of CWSandbox, a commercial malware analysis suite that was later renamed to GFI Sandbox, and now Threat Analyzer by ThreatTrack Security.

To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 18, 2019
Tesla, YouTube, & Sexy Selfies - Paul's Security Weekly #597
01:28:39

New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common?

Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 17, 2019
RSAC 2019 Recap - Enterprise Security Weekly #129
01:00:44

Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: - 42Crunch - Baffle - CyberInt - Eclypsium - Ericom Software - Lacework - Radware - RiskRecon and More!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 16, 2019
Evolution of Zero Trust, Edgewise - Paul's Security Weekly #597
53:53

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers.

To learn more about Edgwise, visit: https://securityweekly.com/edgewise/

Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 16, 2019
Continuous Cloud Assurance, Cloudneeti - Enterprise Security Weekly #129
36:26

This week, we interview Gururaj Pandurangi, Founder and CEO at Cloudneeti, to discuss Continuous Cloud Assurance! Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj has 20 years of professional experience, a good portion of it as an early adopter of cloud technologies and building global scale cloud products like Windows Live, Bing platform, Consumer Identity and Federations.

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 15, 2019
RSAC 2019 Interviews Enterprise Security Weekly #129
46:23

Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019:

- Venafi

- XM Cyber

- Onapsis

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 14, 2019
Application News - Application Security Weekly #53
29:40

WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 14, 2019
Leadership Articles - Business Security Weekly #120
28:04

In the Leadership and Communications segment, How to Make Sure Your Board Sets a Good Example for Your Company, Cybersecurity is Putting Customer Trust at the Center of Competition, 6 Reasons Your Home Office is Better Than Your Company Office, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode120

Mar 13, 2019
RSA 2019 Recap - Application Security Weekly #53
27:47

Keith and Paul discuss the structure and experiences of 2019's RSA Conference.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 13, 2019
Ben Carr, Aristocrat - Business Security Weekly #120
34:47

Ben Carr is the Chief Information Security Officer at Aristocrat. Prior to Aristocrat, we was VP of Strategy for Cyberbit and North America's Technical Director for Tenable. Prior to Tenable, he was Senior Director, Global Information Security at Visa and Head of Global Corporate IT Security at Nokia.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode120

Mar 12, 2019
YouTube Censorship & Vulnerabilities- Paul's Security Weekly #596
01:29:55

YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you need to know about the Huawei controversy!

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 04, 2019
David Marble, OSHEAN - Paul's Security Weekly #596
46:27

David Marble is the President & CEO at OSHEAN. David joins us to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! This conference will be held on March 13th 2019 from 9am to 3pm at Salve Regina University, w/ a featured keynote by our Founder and CTO, Paul Asadoorian!

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 03, 2019
PCI, Capsule8, & Polaris - Enterprise Security Weekly #128
31:05

Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode128

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 02, 2019
Threat Intelligence, Recorded Future - Paul's Security Weekly #596
53:06

Allan Liska is the Senior Solutions Architect at Recorded Future. Allan talks about threat intelligence – no longer just for the secret squirrels among us. While the term can elicit reactions ranging from exasperated sigh to flashbacks of security buzzword bingo circa 2015, Recorded Future is delivering on the industry promise – actionable intelligence for all security pros.

Get Trending Threat Insights Delivered to Your Inbox, at: https://securityweekly.com/recordedfuture

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 02, 2019
Funding and M&A News - Enterprise Security Weekly #128
27:55

Paul and Matt discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode128

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 01, 2019
Matt Springfield, 12Feet, Inc. - Application Security Weekly #52
28:40

Matt Springfield is the founder of 12Feet, Inc. an information security consulting firm based in the Dallas area. Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 28, 2019
Bruce Sussman, SecureWorld - Business Security Weekly #119
27:16

Bruce Sussman is the Media-Development Director at SecureWorld. Bruce will give us a preview of SecureWorld Boston 2019 and the upcoming events.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode119

Feb 27, 2019
Securing the Human Layer, Armorblox - Business Security Weekly #119
31:30

DJ Sampath is the Co-Founder and Chief Executive Officer at Armorblox. DJ comes on the show to discuss "Securing the Human Layer"!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode119

Feb 27, 2019
Bugs, Breaches, and More! - Application Security Weekly #52
32:03

Many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 27, 2019
Passwords, Splunk, & Nest Microphones - Paul's Security Weekly #595
01:06:36

In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a nasty code-execution bug in WinRAR threatened millions of users for 14 years!

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 25, 2019
Steve Brown, SecureWorld Keynote - Paul's Security Weekly #595
54:58

Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation!

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 24, 2019
Product Launches and Announcements - Enterprise Security Weekly #127
41:05

CylancePROTECT now available on AWS marketplace, Attivo Networks enhances deception platform with Forensic Collection, Cyber Security market will reach $365.26B by 2026, and Elevate Security raises $8M in Series A!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode127

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 23, 2019
SILENTRINITY Updates, BHIS - Paul's Security Weekly #595
47:40

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 23, 2019
SOAR, Cody Cornell - Enterprise Security Weekly #127
30:03

Cody Cornell is the CEO of Swimlane. Matt Alderman and Joff Thyer interview Cody, to discuss Security Orchestration, Automation, and Response!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode127

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 22, 2019
Leadership & Communication - Business Security Weekly #118
38:16

In the Leadership and Communications segment, are boards of directors responsible for cybersecurity, cybersecurity mental health warning, how to cope with a Mid-Career Crisis, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode118

Feb 21, 2019
Android, Dark Web, & Development - Application Security Weekly #51
25:10

A PNG Android Vulnerability, 620 Million Stolen Accounts for Sale on the Dark Web, How Shifting Security Left Speeds Development and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 20, 2019
Cyber Insurance, Brendan Goodwin - Business Security Weekly #118
22:26

Brendan Goodwin is the Regional Cyber Director – Northeast & Mid-Atlantic at Alfred J. Gallagher Co. Brendan comes on the show to talk about "How Cyber Insurance can Augment Your Cyber Security Strategy."

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode118

Feb 20, 2019
DEFCON, Windows 10, & Linux vs Mac - Paul's Security Weekly #594
59:44

Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level!

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 19, 2019
Integrating Security into DevOps, Altran - Application Security Weekly #51
27:07

Gurpreet S. Sachdeva is the Assistant Vice President of Technology for Altran. Gurpreet Sachdeva will be discussing "Integrating Security into DevOps"!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 19, 2019
Enterprise-ish Network Security: Pt. 1 - Paul's Security Weekly #594
39:24

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense.

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 18, 2019
Harry Sverdlove, Edgewise - Paul's Security Weekly #594
55:50

Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls!

To learn more about Edgewise, visit: https://www.securityweekly.com/edgewise

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 17, 2019
The Evolution Of Vulnerability Management - Enterprise Security Weekly #126
23:13

Where do we stand today in the following 3 areas when it comes to vulnerability management: 1. Applications - DevOps, containers and applications in general (desktop and SaaS) - What are the new challenges and how do we solve them? 2. Infrastructure - We still have infrastructure, operating systems, IoT, network infrastructure, etc...How do we best make this happen and make sense of the results? 3. Mobile - How do we cover iOS, Android, Chrome OS? Do we even care?

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode126

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 16, 2019
Qualys, Lacework, & Multicloud - Enterprise Security Weekly #126
29:36

Cisco unlocks IoT potential with Intent-Based Networking, Qualys extends cloud platform with patch management, Tenable announces general availability of Predictive Prioritization, and Lacework announces security support for Azure and Multicloud environments!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode126

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 15, 2019
Application News - Application Security Weekly #50
28:18

In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 14, 2019
Leadership Articles - Business Security Weekly #117
24:57

In the Leadership and Communications segment, Keep your employees and you'll keep your customers, Why leadership development is superficial and how to fix it, simple techniques to overcome negative emotions when negotiating with others, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117

Feb 13, 2019
Basic Flow of Problem, Solution, and Value - Application Security Weekly #50
28:46

Tim Eades is the CEO at vArmour. Tim joins us on the show to talk about the basic flow of problems, the solutions, and the value.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 13, 2019
Connie Mastovich, InfoSec World 2019 - Paul's Security Weekly #593
34:19

Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Can We Protect Ourselves?" Connie teases her talk and explains how to protect ourselves, our clients, and the information that we handle daily.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 12, 2019
Ed Moyle, InfoSec World 2019 - Business Security Weekly #117
32:50

Ed Moyle is on the Advisory Board for InfoSec World and he joins us on the show to talk about InfoSec World 2019 and its upcoming plans. Ed Moyle is also giving a talk on "Cryptocurrency Lessons for Enterprise Blockchain".

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117

Feb 12, 2019
5G, Zero-Days, & National Museum - Paul's Security Weekly #593
01:15:59

5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War 2 German message decrypts to go on display at the National Museum of Computing!

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 11, 2019
DetectionLab, Chris Long - Paul's Security Weekly #593
32:35

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 10, 2019
RSA, DigiCert, and Signal Sciences - Enterprise Security Weekly #125
27:28

RSA Conference announces finalists for Innovation Sandbox Contest 2019, DigiCert announces all-in-one digital certificate management solution, Google's new Chrome extension warns you about stolen passwords, Signal Sciences raises 35$ Million to accelerate market expansion and tech innovation, and Palo Alto is in talks to buy Information Security firm Demisto!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode125

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 09, 2019
Randall Trzeciak, CERT - Enterprise Security Weekly #125
24:32

Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute! Randall will be speaking at InfoSec World 2019 about "An Effective Insider Threat Program" on Saturday, March 30th @9:00 am.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode125

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 08, 2019
Application News - Application Security Weekly #49
29:53

Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 07, 2019
Privacy & Software Development - Application Security Weekly #49
31:28

Keith and Paul discuss the current state of privacy and software development.

- Facebook reveals news feed experiment to control emotions

- Facebook pays teens to install VPN that spies on them

- Apple blocks Facebook from running its internal iOS apps

- Apple restores Google’s internal iOS apps after certificate misuse punishment

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 07, 2019
Sandra Toms & Britta Glade, RSA Conference - Business Security Weekly #116
24:11

Sandra Toms is Vice President and Curator at RSA Conference. In 1998, her vision was to establish RSA Conference as a global cybersecurity forum where technology vendors and businesses unite. We all know how that turned out! Britta Glade is Director, Content and Curation at RSA Conference. When I first met Britta in 2012, she headed analyst relations for RSA before moving over to RSA Conference. If you want to learn more about RSA Conference, you can visit RSAConference.com.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116

Feb 06, 2019
Dave Kennedy, TrustedSec - Business Security Weekly #116
37:46

We welcome David Kennedy, founder and CEO, at TrustedSec to discuss "Investing in the right technology and resources"!

To learn more about TrustedSec, visit: https://www.securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116

Feb 05, 2019
The Future Of Security - Paul's Security Weekly #592
56:22

In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture!

Full Show notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 04, 2019
Web App Scanning w/ Authentication, Acunetix - Paul's Security Weekly #592
29:04

Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication.

To learn more about Acunetix, visit: https://securityweekly.com/acunetix

Full Show Notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 03, 2019
Yubico, Symantec, & Sophos - Enterprise Security Weekly #124
39:43

In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition and funding updates from ReSec, Medigate, Cato Networks, Sophos, and DarkBytes!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode124

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 02, 2019
Leadership Articles - Business Security Weekly #115
26:13

In the Leadership and Communications segment, cybersecurity isn't just for tech people anymore, the weird approach to leadership, 4 things to do before a tough conversation, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115

Feb 02, 2019
Japan, Imperva, & DDoS - Paul's Security Weekly #592
01:17:00

In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigate a DDoS attack generated 500 million packets per second!

Full Show Notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 02, 2019
Andrew Peterson, Signal Sciences - Enterprise Security Weekly #124
34:50

Andrew Peterson is the Founder & CEO of Signal Sciences, and an O’Reilly author of "Cracking Security Misconceptions". He joins the show today to talk about prioritizing bugs, if certain bugs at lower levels are being exploited, how to connect with developers and prioritize bugs, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode124

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 01, 2019
Advanced Bot Protection, Cequence Security - Business Security Weekly #115
21:56

Shreyans Mehta is the CTO at Cequence Security. Shreyans joins us to talk about advanced bot protection and how Cequence is involved.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115

Feb 01, 2019
Jing Xie, Venafi - Application Security Weekly #48
40:57

Dr. Jing Xie is the senior threat intelligence researcher for Venafi, the market leading cybersecurity company in machine identity protection. As a member of the Venafi thought leadership group, she leads Venafi Labs.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 31, 2019
Bugs, Breaches, and More! - Application Security Weekly #48
29:17

Concerns about WordPress' new "White Screen of Death", Google Chrome changes could 'destroy' ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, Websites can steal browser data via extensions APIs, a Fortnite security issue would have granted hackers access to accounts, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 30, 2019
Android, Nest, & Linux Malware - Paul's Security Weekly #591
52:10

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert!

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 29, 2019
Topics & Questions - Paul's Security Weekly #591
56:52

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs!

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 28, 2019
Chris Morales, Vectra - Paul's Security Weekly #591
43:29

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 27, 2019
Ping, API, & eSentire - Enterprise Security Weekly #123
38:51

Jeff Man joins Paul to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode123

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 26, 2019
Open-Source & Free Collaboration Security Tools - Enterprise Security Weekly #123
36:54

Paul and Jeff Man talk about Open-Source and free collaboration security tools.

1. Project Planning - OrangeScrum

2. Ticketing - Mantis Bug Tracker

3. Documentation - MediaWiki

4. Zabbix - Remote System Monitoring

5. Feedly - Share stories and RSS feed

6. Slack - Free!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode123

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 24, 2019
The Human Element of Application Security - Application Security Weekly #47
22:24

This week on Application Security Weekly, Matt Alderman is joined by James Wickett, who is the Head of Research at Signal Sciences. They talk about the human element of application security training and testing.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 24, 2019
Leadership Articles - Business Security Weekly #114
23:47

In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

Jan 23, 2019
Zane Lackey, Signal Sciences - Business Security Weekly #114
28:20

Zane Lackey is the Chief Security Officer at Signal Sciences. Zane comes on the show to talk about advising!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

Jan 23, 2019
Bugs, Breaches, and More - Application Security Weekly #47
29:51

In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 23, 2019
DerbyCon, Flaws, & Azure DevOps - Paul's Security Weekly #590
01:21:54

Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty program!

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 22, 2019
PowerShell for Fun and Profit - Paul's Security Weekly #590
29:37

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes.

To learn more about BHIS, visit: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 21, 2019
Dr. Eric Cole, Secure Anchor Consulting - Paul's Security Weekly #590
55:23

Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players.

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 20, 2019
Security Product Launches, and Announcements - Enterprise Security Weekly #122
19:06

In this segment, we will discuss some security product launches & announcements from Trustwave, NopSec, ConnectGuard, Pulse Secure, and Synopsys!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode122

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 19, 2019
Security Mergers, Acquisitions, and Partnerships - Enterprise Security Weekly #122
21:03

In this segment, they discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode122

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 18, 2019
CRLF, NASA, & GitHub - Application Security Weekly #46
23:34

Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 17, 2019
Leadership Articles - Business Security Weekly #113
25:02

In business articles they discuss, how to be present, manage time, and avoid distractions, why your gut instinct is usually wrong, the 5 most efficient ways to get your work done, the creative difference between multitasking and multi-focus, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113

Jan 16, 2019
Rey Bango, Microsoft - Application Security Weekly #46
32:17

Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago & worked feverishly to transition into this new community.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 16, 2019
Security Money - Business Security Weekly #113
30:55

This week we introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also created our own index to track public security companies called the Security Weekly 25. Let's understand how the security market is doing.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113

Jan 15, 2019
Tim Callahan, Aflac - Business Security Weekly #112
28:16

Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. They talk about communicating threat intelligence to executives and the board.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Jan 14, 2019
Hyatt, El Chapo's IT, and Amazon Key - Paul's Security Weekly #589
01:04:13

Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El Chapo's IT manager cracked his encrypted chats and brought him down!

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 14, 2019
pktrecon, Kory Findley - Paul's Security Weekly #589
26:10

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods.

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 13, 2019
Bryson Bort, SCYTHE- Paul's Security Weekly #589
50:49

Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation.

To learn more about SCYTHE.io, go to: https://www.scythe.io/securityweekly

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 12, 2019
Neustar, BlackBerry, and ShieldSquare - Enterprise Security Weekly #121
24:05

Neustar bolsters fraud detection capabilities with Trustid, almost half of containers in production have vulnerabilities, BlackBerry offers its security technology to IoT device makers, and Radware to acquire ShieldSquare for expansion of its cloud security portfolio!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode121

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 11, 2019
Cyber Deception Today: Tony Cole - Enterprise Security Weekly #121
30:06

Tony Cole is the Chief Technology Officer at Attivo Networks and is a cybersecurity expert with more than 30 years’ experience, a bachelor’s degree in computer networking and is a CISSP. Tony discusses the cyber deception in the enterprises today and gives a brief history of deception and it’s applicability to cybersecurity.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode121

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 10, 2019
Ken Johnson, GitHub - Application Security Weekly #45
30:46

Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 09, 2019
WordPress, Silicon Valley, and Hijacking - Application Security Weekly #45
29:22

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 08, 2019
Leadership Articles - Business Security Weekly #112
38:19

This week how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Jan 08, 2019
PewDiePie, DOOM Roomba, and 9/11 - Paul's Security Weekly #588
50:36

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install!

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 07, 2019
Breaches, Privacy, Compliance and More! - Paul's Security Weekly #588
01:11:47

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 06, 2019
Helping People In The Security Community - Paul's Security Weekly #588
44:19

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 05, 2019
Hacking the Brainstem, Mandy Logan - Paul's Security Weekly #587
01:06:41

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is.

Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke

Full Show Notes: https://wiki.securityweekly.com/Episode587
Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 24, 2018
What The Heck Are "Security Basics"? - Paul's Security Weekly #587
01:48:41

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture?

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 23, 2018
Detecting Attacker Behavior, LogRhythm - Paul's Security Weekly #587
25:26

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques!

To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 22, 2018
Top Ten List for 2018 - Enterprise Security Weekly #120
20:16

Paul, Matt Alderman, and John Strand talk Paul’s Top Ten List of 2018! They talk about Paul’s personal favorite acquisitions, breaches, vulnerabilities, interviews, attack tools, news articles, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 21, 2018
Bitdefender, Symantec, & Untangle - Enterprise Security Weekly #120
29:52

Bitdefender offers new managed threat monitoring service, Symantec and Fortinet partner to deliver robust and comprehensive cloud security service, Untangle partners with Malwarebytes to bring layered security to SMBs, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 21, 2018
Signal App, Jenkins Servers, & WordPress - Application Security Weekly #44
28:52

Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 20, 2018
Leadership Articles - Business Security Weekly #111
21:57

Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you’re underperforming, selling your product as you build it, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Dec 19, 2018
Harry Sverdlove, Edgewise - Application Security Weekly #44
32:02

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more!

To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 19, 2018
Bob Ackerman, AllegisCyber - Business Security Weekly #111
47:12

Bob Ackerman is a legend in venture capital investing and is referred to as one of "Cyber's Money Men". Bob is the Founder and Managing Director of venture capital firm AllegisCyber, Co-Founder of DataTribe, Maryland's Cyber Start-up Studio, and the Founder and Executive Chairman of FounderÕs Equity Partners. Bob, welcome to Business Security Weekly.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Dec 18, 2018
Taylor Swift, KringleCon, & 3D Head - Paul's Security Weekly #586
47:56

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already!

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 17, 2018
Ed Skoudis, Counter Hack Challenge - Paul's Security Weekly #586
34:10

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Challenge, and other organizations. Our featured products include NetWars, CyberCity, Holiday Hack Challenge, Cyber Aces Online, and several Cyber Quests."

Join KringleCon: www.kringlecon.com

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 16, 2018
Minerva, Rapid7, & Venafi - Enterprise Security Weekly #119
27:03

NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform achieves VMware ready status, SecurityScorecard announces partnership with cybernance to drive holistic view of cyber risk across the enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 15, 2018
Don Murdoch, Regent University Cyber Range - Paul's Security Weekly #586
41:23

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition".

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 15, 2018
John Bradshaw, Acalvio - Enterprise Security Weekly #119
30:16

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception!

Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program!

To learn more about Acalvio, go to: https://securityweekly.com/acalvio
Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 14, 2018
Kubernetes, Firefox, & WordPress - Application Security Weekly #43
27:53

Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, a botnet of over 20,000 WordPress sites is attacking other WordPress sites, the rise of visual studio code, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 13, 2018
Chris Elgee, Counter Hack Challenge - Application Security Weekly #43
22:55

Chris Elgee is a full time husband, father of four, and technical engineer at Counter Hack Challenges. Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it's been working on the challenge vs. playing it, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 12, 2018
Leadership & Communication - Business Security Weekly #110
35:03

How to collaborate with people you don't like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, a CISO's wishlist, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Dec 12, 2018
Brian Carey, Rapid7 - Business Security Weekly #110
33:32

Brian Carey is a Senior Security Consultant at Rapid7, specializing in: Security Program Assessments, Security Program Development, Vulnerability Management Program Development, Security Awareness and Policy Development. In this interview, we discuss emerging trends that he is seeing with his clients, and how they impact their clients' security programs, including maturity, roadmap, and recommendations!

To learn more about Rapid7, go to: www.rapid7.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Dec 11, 2018
Marriott Breach, Lame Printer Hack, and Docker - Paul's Security Weekly #585
40:46

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service!

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 10, 2018
Marcello Salvati, BHIS - Paul's Security Weekly #585
33:47

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell.

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 09, 2018
Ixia, Yubico, Fortinet, and ZeroStack - Enterprise Security Weekly #118
26:02

Ixia extends collaboration with ProtectWise, Ping Identity brings in New Customer Identity as a service solution, Fortinet introduces new security automation capabilities on AWS, and Yubico announces YubiHSM 2 integration with AWS IoT Greengrass!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode118

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 08, 2018
Lenny Zeltser, Minerva Labs - Paul's Security Weekly #585
01:06:39

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger.

To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 08, 2018
Mike Nichols, Endgame - Enterprise Security Weekly #118
36:54

Mike Nichols, the VP of Product for Endgame, joins us for an interview to talk about MITRE evaluation of Endgame, Open-Source Query Language EQL, and Storytime with Mike!

To learn more about Endgame, go to: www.endgame.com

Full Show Notes: https://wiki.securityweekly.com/ES_Episode118

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 07, 2018
NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42
30:26

Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, the state of JavaScript, Amazon announces Firecracker, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 06, 2018
Leadership Articles - Business Security Weekly #109
36:27

Paul and Jason Alburquerque discuss The new math of leadership, How pragmatic leaders can transform stuck organizations, and Why building a work community is critical!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Dec 05, 2018
Aleksei Tiurin, Acunetix - Application Security Weekly #42
30:24

Aleksei Tiurin is the Senior Security Researcher for Acunetix. He is performing a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.

To learn more about Acunetix, go to: www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 05, 2018
Jay Prassl, Automox - Business Security Weekly #109
22:26

Matt Alderman interviews Jay Prassl, the CEO of Automox. Jay Prassl explains what Automox does, how Automox bridges the gap between ITOps and SecOps use case, and how Automox defines the way to patch systems in the MacOS, Linux, Windows, and MSP.

To learn more about Automox, go to: www.automox.com

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Dec 04, 2018
"Dunkin" Donuts, Microsoft, & Marijuana - Paul's Security Weekly #584
01:17:37

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how Las Vegas police are cracking down on Black Market marijuana sales!

Full Show Notes: https://wiki.securityweekly.com/Episode584

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 03, 2018
Wietse Venema & Dan Farmer, SATAN - Paul's Security Weekly #584
59:27

Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN), talk about their experience as developers, their journey to creating SATAN and their decision to keep SATAN a open source tool.

Full Show Notes: https://wiki.securityweekly.com/Episode584

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 02, 2018
Sven Morgenroth, Netsparker - Paul's Security Weekly #584
31:53

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo.

Full Show Notes: https://wiki.securityweekly.com/Episode584

To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 01, 2018
EdgeEngine, Cloud-Native, and Orkus - Enterprise Security Weekly #117
25:16

tackPath launches EdgeEngine Serverless Computing, Alcide advances Cloud-Native security Firewall platform, Orkus launches Access Governance platform for Cloud Security, Tufin announces a new Cloud Security solution, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode117

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 29, 2018
Drupalgeddon, USPS, & JavaScript - Application Security Weekly #41
30:03

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 29, 2018
Jeremy Winter, Microsoft - Enterprise Security Weekly #117
36:47

Jeremy Winter is Director of Azure Management, responsible for areas such as Azure Governance, Policy, Configuration, PowerShell, Disaster Recovery, Azure Migrate and the Azure Portal Experiences from within Azure Compute. He joins Paul and John to talk about Microsoft's Azure program, the shift in CloudOps and how it matters to security, and how it helps further the evolving roles of Cloud Ops and Cloud Security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode117

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 28, 2018
Leadership Articles - Business Security Weekly #108
33:21

The million-dollar question of cyber-risk, risk assessments essential to secure third-party vendor management, how digital tech is transforming business ecosystem, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Nov 28, 2018
Brent Dukes - Application Security Weekly #41
41:21

Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 28, 2018
Richard Seiersen, President of M-Cubed - Business Security Weekly #108
38:58

Richard Seiersen a CISO with experience ranging from small technology companies to multi-national conglomerates. He joins Matt and Paul this week to talk about Richard’s CISO experience and expertise, and the book Richard co-authored called, "How to Measure Anything in Cybersecurity Risk".

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Nov 27, 2018
Mimecast, Endpoint Security, & Tufin - Enterprise Security Weekly #16
21:46

Israeli cybersecurity company Tufin plans NASDAQ IPO, F-Secure boosts endpoint detection and response, Mimecast joins IBM Security app exchange community, and Awake Security debuts Network Traffic Analysis Platform to detect risks!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode116

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 24, 2018
Rick Fernandez, LogRhythm - Enterprise Security Weekly #16
36:18

Rick Fernandez is the Sr. Sales Engineer focused on Sales Integrators at LogRhythm. The discussion is about what Sis want isn’t that different from the Enterprise. They discuss automating the hunt, contextualizing and enriching before analysts have to work with the alarm/data, and the ability to scale contextualization and enrichment so it pulls from your entire environment, not just a single source/log/event.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode116

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 23, 2018
Interviews: Venafi, Irdeto, and HP - Enterprise Security Weekly #16
48:19

Our interviews with Jeff Hudson the CEO of Venafi, Dr. Kimberlee A. Brannock and Michael Howard from HP, and Ben Bennett and Mark Hearn from Irdeto.

For Full DefCon18 Playlist, go to: https://securityweekly.com/summercamp18

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 22, 2018
Goals, Leadership, & Don't Set Limits - Business Security Weekly #107
25:11

Jason Alburquerque and Paul discuss six ways you can establish which goals are important, how to diversify your professional network, the impact of perception and bias on leadership, and more!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Nov 21, 2018
Michael Pleasant, Open Security - Business Security Weekly #107
31:51

Michael Pleasant is the Chief Executive Officer at Open Security. Michael talks about how his transferring from Marine training to a business environment, brought a different perspective/technique to the business. He also talks about his company Open Source and their mission for the client.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Nov 20, 2018
Instagram, Kraken, GitMiner - Application Security Weekly #40
29:08

Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekl

 

Nov 20, 2018
John Kinsella, Layered Insight - Application Security Weekly #40
35:54

Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it's acquisition of Layered Insight. John talks about Qualys' Container Security that centralized, continuous discovery and tracking for containers and images.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 19, 2018
Spectre, ATMs, and Japan's Minister - Paul's Security Weekly #583
01:15:32

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer!

Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 19, 2018
John Moran, DFLabs - Paul's Security Weekly #583
40:01

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs.

To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 18, 2018
Jon Buhagiar, Sybex - Paul's Security Weekly #583
49:00

Jon Buhagiar is responsible for Network Operations at Pittsburgh Technical College for the past 19 years. Jon is currently a Network+ Review Course Instructor at Sybex, and he joins us to talk about Network Operations at Sybex.

Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 17, 2018
Dragos, BlackBerry, & ForeScout - Enterprise Security Weekly #115
31:57

AlgoSec delivers Native Cloud Security Management for Azure, HP Reinvents customer experience with Ping Identity, what mid market security budgets will look like in 2019, and we have some acquisition & funding updates from ForeScout, Dragos, Netskope, Duality, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode115

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 16, 2018
Brian Kelly, CyberArk - Application Security Weekly #39
29:58

Brian Kelly is Head of Conjur Engineering at CyberArk, where he focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39

To learn more about Conjur, go to: www.conjur.org/asw

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 15, 2018
James Wickett, Signal Sciences - Enterprise Security Weekly #115
32:50

James Wickett is the Head of Research at Signal Sciences. James talks about how security is moving to the application space and web applications. WAFs may seem tedious but they are necessary to allow developers to focus on other things.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode115

To learn more about Signal Sciences, go to: www.signalsciences.com/psw

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 15, 2018
Dario Forte, DFLabs - Business Security Weekly #106
29:43

Dario Forte the CEO & Founder of DFLabs, explains his journey to the position he is in now. Dario talks about DFLabs and their platform tools. Dario also explains DFLabs recent press release about Open Integration Framework and what it allows people to do when it comes to the DFLabs platform addressing SOAR.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode106

Nov 14, 2018
ColdFusion, Destroying Logs, & Tracing Meme's - Application Security Weekly #39
32:13

DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 14, 2018
Leadership Articles - Business Security Weekly #106
27:22

In the Article Discussion, Matt and Paul talk the key to better focus and higher productivity, living your life on purpose, why people are willing to do more meaningful work for less money, the fundamentals of leadership, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode106

Nov 13, 2018
Eyal Neemany, Javelin Networks - Paul's Security Weekly #582
51:12

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to connect to remote machines using AD.

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 12, 2018
Corin Imai, DomainTools - Paul's Security Weekly #582
28:29

Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. This interview, they talk about DNS, phishing tools, and tease what DomainTools has in store for 2019.

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 11, 2018
Symantec, Veracode, & Thoma Bravo - Enterprise Security Weekly #114
22:43

Symantec boosts security with Javelin Networks, ThreatQuotient integrates Verified Breach Intelligence from Visa, FireMon delivers hybrid cloud security with new visibility and orchestration, StackPath partners with Sectigo, and we have some acquisition & funding updates from Veracode, Shape Security, Thoma Bravo, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode114

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 10, 2018
Harry Sverdlove, Edgewise - Enterprise Security Weekly #114
28:16

Harry Sverdlove is currently the CTO and Founder at Edgewise. He joins Matt and Paul this week to talk about Zero Trust Segmentation, what Edgewise does, and how it’s helping the community in new and effective ways today!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode114

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 09, 2018
'Stalkerware', DHCPv6 Packets , & Python - Application Security Weekly #38
28:10

In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 08, 2018
Leadership Articles - Business Security Weekly #105
35:06

In the Leadership Articles, Matt and Paul talk how getting fired can be good for your career, a powerful planning routine that puts you in control, how to get better with sales execution, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode105

Nov 07, 2018
Daniel Cuthbert, Banco Santander - Application Security Weekly #38
23:43

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. He joins Keith and Paul this week for an interview!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 07, 2018
Alex Wood, CISO - Business Security Weekly #105
34:01

Matt Alderman's good friend Alex Wood comes on the show to talk about the business mind set, how to be an effective CISO, and the vulnerabilities in the business that you have to watch out for.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode105

Nov 06, 2018
Apache, Dirty Cow, & Edge - Paul's Security Weekly #582
42:39

Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, and some of these vibrating apps turn your phone into a sex toy!

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 06, 2018
AWS Lambda, Bleedingbit, and Cisco - Paul's Security Weekly #581
01:14:16

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 05, 2018
Matt Toussain, BHIS - Paul's Security Weekly #581
35:46

Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS).

To learn more about BHIS, go to: https://www.blackhillsinfosec.com/PSW
Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 05, 2018
Aleksei Tiurin, Acunetix - Paul's Security Weekly #581
39:49

Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks.

To learn more about Acunetix, go to: https://www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 04, 2018
LogRhythm, SOAR, and A Huge Acquisition - Enterprise Security Weekly #113
39:53

LogRhythm advances NextGen SIEM security platform with SOAR, Ping Identity launches a Quickstart private sandbox, McAfee takes a big step in the cloud, Endgame improves Endpoint Security with Total Attack Lookback, and we have some acquisition updates from IBM, Red Hat, Neustar, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode102

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 03, 2018
Ian McShane, Endgame - Enterprise Security Weekly #113
31:32

Ian McShane has nearly two decades of experience in operational IT and security and risk planning for enterprises, service providers and software vendors. Paul, Matt, and Ian talk about the future of the enterprise and Endgame's enterprise tools!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode113

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 02, 2018
Airline Hacks, MicroTik Bug, & WordPress - Application Security Weekly #37
29:54

Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, WordPress team working to wipe-out older versions from existence on the Internet, MicroTik Router Bug is as bad as it gets, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 01, 2018
Johnny Xmas, Kasada.io - Application Security Weekly #37
39:41

Keith, Paul, and Johnny Xmas discuss airport security, penetration testing, the top 5 payment apps, and DevOps infused conversation!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 31, 2018
AI Fear, FDA, Tesla, and D-Link - Paul's Security Weekly #580
01:05:57

Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 29, 2018
Yossi Sassi, Javelin Networks - Paul's Security Weekly #580
57:33

Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence.

To learn more about Javelin Networks, Go To: www.javelin-networks.com

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 28, 2018
Veronica Schmitt, DFIRLABS - Paul's Security Weekly #580
55:01

Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics.

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 27, 2018
Security Solutions, Acquisitions, and IPOs - Enterprise Security Weekly #112
31:15

Netscout takes internet scale Threat Protection to the EDGE, Splunk addresses several vulnerabilities in Enterprise and Light products, Ping Identity launches a Quickstart Private Sandbox, and we have some acquisition updates from CheckPoint acquiring Dome9, CrowdStrike, Fortinet, Rapid7, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode112

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 27, 2018
Jonathan Sander, Snowflake - Enterprise Security Weekly #112
31:19

Jonathan Sander explains how he came to work for Snowflake and what Snowflake does in the enterprise security space. Jonathan explains how Snowflake contains their data and protect from breaches as well as keeping the data safe.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode112

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 26, 2018
Cryptocurrency, Disney, and Adobe - Application Security Weekly #36
27:33

Hackers hide Cryptocurrency malware in Adobe flash updates, the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and Disney is helping women from across their company to become Developers!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 25, 2018
Leadership, Communication, and Innovation - Business Security Weekly #103
30:54

In the Article Discussion, Michael and Paul talk about the root cause of workplace drama, how to make the most of meetings between IT and your business partners, how to stop procrastinating on your goals by using the "Seinfeld Strategy", and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

Oct 24, 2018
Bugs, Breaches, and More! - Application Security Weekly #36
29:18

Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 24, 2018
Michael McKee, ObserveIT - Business Security Weekly #103
34:32

Mike McKee, CEO of ObserveIT, joins us to talk about the importance of focussing on people, and you do that to experience growth.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

To Learn More About ObserveIT, Go To: www.observeit.com/securityweekly

Oct 23, 2018
Shodan, Apache, ICS, and Controllers - Paul's Security Weekly #579
49:18

How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes!

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 22, 2018
John Walsh, CyberArk - Paul's Security Weekly #579
39:39

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk.

Sponsor Landing Page: https://www.conjur.org/asw

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 21, 2018
Mark Dufresne, Endgame - Paul's Security Weekly #579
45:51

Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is.

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 20, 2018
BlackBerry, Imperva, & CyberArk - Enterprise Security Weekly #111
16:45

In the Enterprise Security News, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

 

Visit https://www.securityweekly.com/esw for all the latest episodes! 

Oct 19, 2018
Briefings Summary - Enterprise Security Weekly #111
32:04

In a special segment for this week, John Strand and Paul discuss some companies that Paul had a chance to sit down for briefings with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

 

Visit https://www.securityweekly.com/esw for all the latest episodes! 

Oct 18, 2018
Garrett Gross, Rapid7 - Application Security Weekly #35
28:43

Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. Garrett joins Keith and Paul this week for an interview!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

www.rapid7.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 16, 2018
Git Project, Google+, & Facebook - Application Security Weekly #35
31:57

In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is Shutting Down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, Climate Change being taught on Fortnite Twitch stream, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 16, 2018
Article Discussion - Business Security Weekly #102
40:00

This week, Michael and Paul talk about the Article Discussion on Leadership, Communication, and Innovation! They discuss how to automate habits and never think about them again, why it’s important to explain to employees that organizational changes are coming, how journaling can boost your leadership skills, why you need to tell them why, and more on this episode of Business Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode102

Oct 16, 2018
DerbyCon, Russians, and Next Story - Paul's Security Weekly #578
39:33

New Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are sueing Google, US weapons systems apparently can be easily hacked, not all multifactor authentication is created equal, and Kanye's '000000' password makes iPhone security great again!

Full Show Notes: https://wiki.securityweekly.com/Episode578

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 15, 2018
Lee Neely, Lawrence Livermore National Lab - Paul's Security Weekly #578
53:06

Lee Neely is a senior IT and security professional at LLNL with over 25 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 14, 2018
Omer Yair, Javelin - Paul's Security Weekly #578
28:09

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 13, 2018
Mark Russinovich, Microsoft Azure - Enterprise Security Weekly #110
29:14

Doug White interviews Mark Russinovich at Microsoft Ignite. Doug and Mark talk about Azure Confidential Computing, Mark's book Zero Day, and Azure security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 12, 2018
Splunk, White Hat, and Palo Alto - Enterprise Security Weekly #110
36:00

Splunk unveils first IoT platform for customers, Palo Alto Networks acquires RedLock to build out Cloud Security Tech, KnowBe4 boosts security awareness training with Virtual Risk Officer, Symantec brings workload assurance security to the Cloud, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 11, 2018
Mimecast, LogRhythm, & Tanium - Enterprise Security Weekly #109
19:56

Mimecast offers free training kit as part of Cybersecurity Awareness Month, Microsoft will finally kill off the old Skype client (for real this time), Security startup Tanium raises another $200 million at a $6.5 billion valuation, LogRhythm receives patent for data monitoring tech, Tufin launches first of its kind program for MSSPs, three reasons why BlackBerry stock is potentially about to soar, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 06, 2018
Michael Gordover, ObserveIT - Enterprise Security Weekly #109
30:55

Mike Gordover is a Pre-Sales manager and solutions architect at ObserveIT. He has been at ObserveIT consulting on insider threat management for 5 years, working hands on with over 300 deployments, and working with researchers and analysts on strategies to mitigate internal risk. Paul and John talk with Michael about the current perception in the market of DLP, how ObserveIT’s solutions differ from traditional DLP, what challenges he faces when combating insider threats, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109 ObserveIT Landing Page: www.observeit.com/securityweekly

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 05, 2018
Bugs, Breaches, and More - Application Security Weekly #34
30:52

Facebook discloses the loss of at least 50M Access Tokens also covered by Motherboard Formjacking is on the rise, Google admits to allowing hundreds of companies read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 04, 2018
Leadership, Communication, and Innovation - Business Security Weekly #101
28:39

Michael, Paul, and Jason discuss how to develop empathy for someone who annoys you, separating the quality of the outcome and quality of the decision, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Oct 03, 2018
Landing a Job in Application Security - Application Security Weekly #34
32:08

Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there's no substitute for Practice, OWASP Juice Shop, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 03, 2018
Jason Albuquerque, Carousel Industries - Business Security Weekly #101
26:49

Michael and Paul ask Jason how to become a better business. Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Oct 02, 2018
Business Tips and Tricks - Business Security Weekly #104
51:35

Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!

Oct 02, 2018
Linux Bugs, macOS Zero-Day, & Twitter Exposed - Paul's Security Weekly #577
42:59

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook’s 2-Factor authentication With a phone number isn’t only for security, it’s used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Oct 01, 2018
Offensive Operating Against SysMon, Carlos Perez - Paul's Security Weekly #577
29:22

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 30, 2018
Mike Nichols, Keith McCammon, & Shawn Smith - Paul's Security Weekly #577
41:58

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary’s Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was.

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 29, 2018
BeyondTrust, Rapid7, & Symantec - Enterprise Security Weekly #108
42:08

In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition from PAM vendor, Rapid7 looks to SOAR with InsightConnect Automation Platform, DigiCert, Gemalto, and ISARA Partner on Quantum-Safe Encryption, Symantec extends Data Loss Prevention Platform with DRM, ExtraHop announces the availability of Reveal(x) for Microsoft Azure, Attivo brings cyber security deception to containers and serverless, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode108

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 28, 2018
Threat & Vulnerability Management - Enterprise Security Weekly #108
31:16

Paul and Matt sit down this week to discuss Threat and Vulnerability Management, the value it has, and the different players that deal with it in the Enterprise. They delve into Cloud and Application Security’s impact on vendors, and who they need to look at for potential integrations or acquisitions.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode108

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 27, 2018
Newegg, Ticketmaster, & iOS 12 - Application Security Weekly #33
34:26

In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 27, 2018
Ron Gula, Gula Tech Adventures - Application Security Weekly #33
41:57

Ron started his cybersecurity career as a network penetration tester for the NSA, and is the Founder of Tenable and Gula Tech Adventures. He joins Keith and April for an interview to talk about security in the upcoming elections, how to maintain separation of duties, attack simulation, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 26, 2018
Scott King, Rapid7 Pt. 2 - Business Security Weekly #100
30:37

In the second part of Scott’s interview, Michael and April talk with him about ICS security, communication, and building relationships! They discuss the best practices to understand how these systems work, holding accountability, common goals, and how legal and security share common goals!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Sep 26, 2018
Scott King, Rapid7 Pt. 1 - Business Security Weekly #100
28:00

Scott brings a unique mixture of hands-on experience in incident response, penetration testing, forensics, operations, architecture, engineering, and executive leadership as a former Chief Information Security Officer (CISO) to the Rapid7 Advisory team. He talks about his role at Rapid7, why he joined the company, how to integrate security better into an organization, and what he recommends to people who need to break the ice and get their first meeting started!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Sep 25, 2018
GovPayNow.com, AmazonBasics, and FBI - Paul's Security Weekly #576
57:16

Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Microwave works with Alexa!

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 24, 2018
Threat Hunting in the Cloud, Apollo Clark - Paul's Security Weekly #576
30:16

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 24, 2018
Mike Ahmadi, DigiCert - Paul's Security Weekly #576
49:18

Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare.

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 23, 2018
Cisco, Fidelis, Crossmatch, and DigitalPersona - Enterprise Security Weekly #107
33:22

Cisco aims to make security foundational throughout its business, Fidelis looks to grow cyber-security platform, How artificial intelligence can improve human decision-making in IoT apps, Crossmatch announces the availability of DigitalPersona v3.0, and video fingerprinting.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode107

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 22, 2018
Audit Mistakes - Enterprise Security Weekly #107
32:24

Doug White and Matt Alderman talk about audit mistakes. Don't get into the mindset of ticking the box to satisfy audit. - What is this control and why are using it? - What does it control?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode107

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 21, 2018
Bluebox-ng, Stock Data Breaches, and CommitStrip- Application Security Weekly #32
36:51

Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 20, 2018
Tracking Security Innovation - Business Security Weekly #99
28:25

Michael Santarcangelo joined by special guest Ron Gula from Gula Tech Adventures, talk with Chris Brenton about how do you take someone with a basic level certification and give them access to the tool?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Sep 19, 2018
April Wright, ArchitectSecurity.org - Application Security Weekly #32
35:00

Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 19, 2018
Microsoft, Elon Musk, Kernel and Powershell - Paul's Security Weekly #575
01:17:06

Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode575

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 18, 2018
Chris Brenton, ACM - Business Security Weekly #99
37:17

Michael Santarcangelo returns! Michael is joined by Matt Alderman and Ron Gula to interview Chris Brenton. They discuss what is threat hunting, what does this actually mean, is there a level of maturity required (organization, security team, individuals)?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Sep 18, 2018
Bypassing PAM, Eyal Neemany - Paul's Security Weekly #575
40:23

Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks.

→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Sep 17, 2018
Brian Coulson, LogRhythm - Paul's Security Weekly #575
39:57

Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA.

→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Sep 16, 2018
CLEAR, Demisto, OneLogin & Netskope - Enterprise Security Weekly #106
36:34

Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode106

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 15, 2018
Dave Maestas, Bandura - Enterprise Security Weekly #106
38:55

David Maestas, also known as Dave, is the Co-Founder and Chief Technology Officer at Bandura Systems. David talks about how to phase out the bad tools and companies in the enterprise.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode106

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 14, 2018
Microsoft, Equifax, MacOS, and Bug Bounties - Application Security Weekly #31
33:03

U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 13, 2018
Imperva, Allstate, & Sonatype - Business Security Weekly #98
38:24

Imperva acquires app security firm Prevoty in $140 million deal, Allstate accelerates expansion into Identity Protection with acquisition of InfoArmor, Sonatype receives $80 million investment from TPG, Very Good Security makes data unhackable with $8.5 million from Andreessen, Lacework raises $24 million for AI-based cloud security platform, Synapsefi raises over $17 million in Series A funding, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Sep 12, 2018
Zane Lackey, Signal Sciences - Application Security Weekly #31
43:21

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 12, 2018
Supermicro, Apache Struts, & HTTPS - Paul's Security Weekly #574
44:07

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts!

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 11, 2018
Gabriel Gumbs, STEALTHbits - Business Security Weekly #98
33:22

Michael and Paul interview Gabriel Gumbs from STEALTHbits. They talk about moving from detection to prevention, and protecting your data!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Sep 11, 2018
Beacon Analysis, Chris Brenton - Paul's Security Weekly #574
35:32

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.

***Powerpoint Slides in Full Show Notes***

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 10, 2018
Wim Remes, Wire Security bvba - Paul's Security Weekly #574
49:26

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 09, 2018
Black Hat Dual Interview pt. 2- Enterprise Security Weekly #105
21:43

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 08, 2018
Black Hat Dual Interview pt.1- Enterprise Security Weekly #105
23:16

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 07, 2018
BitSight, SentinelOne, and McAfee - Enterprise Security Weekly #105
26:37

How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 06, 2018
Texas, T-Mobile, and Jack Daniel - Paul's Security Weekly #573
55:58

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 04, 2018
No-Script Automation Tool, John Moran - Paul's Security Weekly #573
30:04

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 03, 2018
Jayson Street, SphereNY - Paul's Security Weekly #573
52:25

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 02, 2018
Minerva Labs, CrowdStrike, & VMware - Enterprise Security Weekly #104
26:30