Paul's Security Weekly TV

By Security Weekly

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Tech News

Open in iTunes


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 62
Reviews: 0

Description

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Episode Date
IT Industry, Jared Haggerty - Enterprise Security Weekly #145
19:34

Jared Haggerty is the Director, Content and Curation for Databerry. Jarred comes on the show to talk about an overview of security in business where it is now and where it is headed and the use of Automox in the IT Industry.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 20, 2019
MITRE ATT&CK: Katie Nickels, MITRE - Paul's Security Weekly #612
43:13

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

Full Show Notes: https://wiki.securityweekly.com/Episode612

Visit https://www.securityweekly.com/psw for all the latest episodes!

Jul 20, 2019
Identity Authentication, David Harding - Enterprise Security Weekly #145
24:02

David Harding is the SVP & Chief Technology Officer at ImageWare Systems, Inc. Identity authentication is more important now than at any other time in history. Today's methods such as 2-factor authentication are falling short and are not as secure as once believed. How do we secure our networks, private information, financial transactions, and healthcare data without adding friction and losing privacy? We'll address the authentication methods that exist, when they are appropriate, and how to use both 2FA and multi-factor biometric authentication to control and manage your digital identity.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 19, 2019
Eric McAlpine, Momentum Cyber - Business Security Weekly #136
42:09

Eric McAlpine is the Co-founder and Managing Partner at Momentum Cyber. Eric is a Founder & Managing Partner at Momentum Cyber a firm he co-founded in 2018 along with Dave DeWalt and Michael Tedesco. Momentum Cyber is the premier trusted strategic adviser to the Cybersecurity industry providing bespoke high-impact advice combined with tailored senior-level access from incubation to exit.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Jul 18, 2019
Security Money: July 15, 2019 - Business Security Weekly #136
22:35

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Jul 18, 2019
Enterprise News: July 17, 2019 - Enterprise Security Weekly #145
31:30

Vade Secure's Auto-Remediate adds automated protection for Office 365 environments, Aqua Security deepens strategic relationship with Microsoft to accelerate Azure deployments, Trend Micro's Deep Security as a Service now available on the Microsoft Azure Marketplace, DefenseStorm raises $15M to invest in employees and innovation, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode145

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 18, 2019
Securing Multi-Cloud Environments - Application Security Weekly #69
39:41

Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments.

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 16, 2019
Application News - Application Security Weekly #69
35:19

Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 16, 2019
Porn Pirating, Zoom RCE, & Huawei - Paul's Security Weekly #611
42:58

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers!

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 15, 2019
Biometric Authentication, Jumio - Paul's Security Weekly #611
36:11

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user s existing account, tips to protect against account takeover.

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 14, 2019
Cloud-Based Training Solutions - Enterprise Security Weekly #144
29:56

Employees are the weakest link in Cybersecurity and because of this 80% of businesses will adopt a Cloud-based training solution by 2020. Small to Medium sized businesses are being left behind by complex, time-consuming solutions. Resellers need MRR, simple solutions that don't require training and certifications, and need help with client renewals. SMB's face the most complex, and highest rates of online attacks ever. Technology cannot solve all their risks, most solutions are too complex, time-consuming, and costly. Open solutions like CyberHoot allow you to build automated cybersecurity programs, track employee compliance, and address critical risks we all face.

Segment References: https://wiki.securityweekly.com/ES_Episode144 Visit https://securityweekly.com/esw for all the latest episodes!

Jul 13, 2019
Blue/Purple Teaming (defense) - Paul's Security Weekly #611
01:16:00

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.

To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/Episode611

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 13, 2019
PinID, Infoblox, & BeyondTrust - Enterprise Security Weekly #144
30:26

In the news segment, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode144

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 12, 2019
Threat Hunting - Enterprise Security Weekly #144
29:10

John Strand and Matt Alderman will discuss Threat Hunting.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode144

Visit https://securityweekly.com/esw for all the latest episodes!

Jul 11, 2019
Application News - Application Security Weekly #68
32:28

WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 11, 2019
Science, Ben Franklin, & Lessons - Business Security Weekly #135
23:50

In the Leadership and Communications segment, Life Lessons of Ben Franklin, A Lesson in Leadership, How to Start a Speech: The Best (and Worst) Speech Openers, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

Jul 11, 2019
Cloud Native - Application Security Weekly #68
31:46

Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 10, 2019
ANSI's Subscription-Based Model - Business Security Weekly #135
29:00

Mark Brown, Senior Director of Standards Connect, from ANSI. ANSI is a nonprofit that supports U.S. voluntary standards and conformity assessment and protects the integrity of these processes. One way in which ANSI helps to enhance the global competitiveness of US businesses and quality of life, is to provide access to standards for companies worldwide. Some companies find Standards Connect, a subscription-based platform for standards management, to be their best solution to search, access, collaborate, and manage the standards they need.

To learn more about ANSI, visit: https://securityweekly.com/ansi

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

Jul 10, 2019
Mastercard, Gen Z, & Leadership - Business Security Weekly #134
26:40

In the Leadership and Communications segment, Mastercard CTO reveals must-have executive leadership traits, 10 Presentation Ideas That Will Radically Improve Your Presentation Skills, 7 tech skills managers hunt for, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Jul 04, 2019
Security Training for Devs - Application Security Weekly #67
34:18

Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 03, 2019
Security Challenges in the Global Value Chain - Business Security Weekly #134
34:03

Edna Conway is the Chief Security Officer, Global Value Chain at CISCO. Edna will be discussing Global Value Chain at Cisco.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Jul 03, 2019
GKE, AWS, & S3 Buckets - Application Security Weekly #67
30:40

GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 02, 2019
Security News - Paul's Security Weekly #610
01:12:06

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story.

More stories and links here: https://wiki.securityweekly.com/Episode610

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 01, 2019
CySA+ & PenTest+ Certs, ITProTV - Paul's Security Weekly #610
59:02

Don Pezet will be discussing the new CySA+ and PenTest+ certs that ITProTV has to offer! Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco.

To learn more about ITProTV, visit: https://securityweekly.com/itprotv Full Show Notes: https://wiki.securityweekly.com/Episode610

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 30, 2019
Tools to Hack Your Career, CyberSecJobs - Paul's Security Weekly #610
01:08:29

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them.

Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018
Links to more slides here: https://wiki.securityweekly.com/Episode610


→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Jun 30, 2019
Enterprise News - Enterprise Security Weekly #143
35:24

CyberArk opens integration ecosystem to community contributions, ExtraHop Announces Reveal(x) Cloud, McAfee announced updates to McAfee MVISION Cloud for Amazon Web Services, and Elastic expands cybersecurity push in new version of software suite!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 28, 2019
Email Data Exfiltration, ObserveIT - Enterprise Security Weekly #143
24:23

In our second segment, we welcome Sai Chavali, Security Strategist at ObserveIT. Most companies have preventative controls on email today, however, they are still finding that users exfiltrating sensitive data through corporate email is all too common. Currently, detection and investigation of out-of-policy user activity and security incidents are time-consuming and riddled with manual processes. Learn more on how ObserveIT helps security teams with real-time detection and take investigation time from months to minutes.

To learn more about ObserveIT, visit: https://securityweekly.com/observeit

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 28, 2019
Don't Ignore APIs - Application Security Weekly #66
24:06

API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 27, 2019
Leadership Articles - Business Security Weekly #133
25:34

In the Leadership and Communications segment, CEOs Share Their Most Helpful (and Unconventional) Career Advice, 3 Lessons From Emerging Leaders On The Power of Differing Perspectives, New breed of security vendor spells trouble for pure play firms, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

Jun 27, 2019
RSAC Asia Pacific & Japan 2019 - Enterprise Security Weekly #143
21:52

In our final segment, we welcome Britta Glade, Director of Content and Curation of RSA Conference, and Linda Gray, Director and Chief of Operations for RSAC APJ, to discuss what's coming new this year for the RSA Conference APJ!

To learn more about RSAC APJ, visit: https://www.rsaconference.com/events/ap19

Full Show Notes: https://wiki.securityweekly.com/ES_Episode143

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 26, 2019
Osquery, Netflix, & Mozilla - Application Security Weekly #66
41:56

Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 26, 2019
Third Party Vendor Management - Business Security Weekly #133
42:21

Tom Garrubba is Senior Director/CISO at Santa Fe Group/Shared Assessments. He is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for the Certified Third Party Risk Professional (CTPRP) program. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

Jun 26, 2019
Security News - Paul's Security Weekly #609
01:28:04

In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks 2 factor authentication!

Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 24, 2019
Purple Teaming, SCYTHE - Paul's Security Weekly #609
38:14

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels.

To learn more about SCYTHE, visit: https://securityweekly.com/scythe
Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 23, 2019
AttackDefense Labs Platform - Paul's Security Weekly #609
54:33

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card.

Full Show Notes: https://wiki.securityweekly.com/Episode609

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 22, 2019
Inheriting Someone Else's Code - Enterprise Security Weekly #142
27:28

Paul will talk about the challenges of inheriting someone else's code. Paul will discuss 5 tips: Use an IDE, Variable Usage, Jump To Implementation and Declaration, Global Search, and Inspection.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142


→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Jun 21, 2019
Enterprise News - Enterprise Security Weekly #142
27:01

In the Enterprise News, Docker desktop for Windows 10 will soon switch to WSL 2, Netskope introduces Zero-Trust secure access to private enterprise applications, 10 notable security acquisitions of 2019, and can your patching strategy keep up with the demands of open source?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 21, 2019
Challenges of Healthcare Security - Enterprise Security Weekly #142
32:28

Security in a healthcare environment takes on many unusual aspects that other industries do not typically deal with. From patient restraints to drug diversion to the highest workplace violence rates in any US industry, healthcare is one of the most complex and challenging security environments to maintain.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode142

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 20, 2019
3 Shocking Ways To Show Up - Business Security Weekly #132
20:48

In the Leadership and Communications Segment, the trust crisis in business, employee engagement and successful change, and 3 shocking ways to show up today!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

Jun 20, 2019
Shannon Lietz, Intuit - Application Security Weekly #65
33:49

Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 19, 2019
Azure & Cloud Migration For CISOs - Business Security Weekly #132
34:46

Jeremy Winter is the Director, Azure Management at Microsoft Azure. He joins us to talk about what CSOs & CISOs need to know about Azure + Cloud migration Tips + Mythbusting cloud security issues. This episode of Business Security Weekly will focus on what CSOs and CISOs need to know about Azure. Additionally, Jeremy will touch upon the best cloud migration tips and mythbust cloud security issues.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

Jun 19, 2019
Grim, Vim, & Neovim - Paul's Security Weekly #608
01:04:33

In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal!

Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

 

Jun 18, 2019
Bugs, Breaches, and More! - Application Security Weekly #65
35:52

There's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 18, 2019
Sysmon DNS Logging, Gravwell - Paul's Security Weekly #608
59:15

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week!

To get involved with Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 17, 2019
Seed Rounds, Equity Rounds, Debt Rounds - Enterprise Security Weekly #141
23:08

Matt and Paul talk about Seed Rounds, Equity Rounds, Debt Rounds! Discussing how to invest, how investors operate, and how to get involved with preferred stocks.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 15, 2019
1 Click Microsegmentation, Edgewise - Paul's Security Weekly #608
55:39

Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter comes on the show to talk about Edgewise's 1 click microsegmentation!

To get involved with Edgewise, visit: https://securityweekly.com/edgewise
Full Show Notes: https://wiki.securityweekly.com/Episode608

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 15, 2019
Container Services In Azure, ITProTV - Enterprise Security Weekly #141
40:28

Do you wonder how your team can save costs by lifting and shifting your existing applications to containers, and build micro-services applications to deliver value to your users faster? Use end-to-end developer and CI/CD tools to develop, update, and deploy your containerized applications? Manage containers at scale with a fully managed Kubernetes container orchestration service that integrates with Azure Active Directory? Wherever you are in your app modernization journey, the hardest part is knowing where to begin.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 14, 2019
Leadership Articles - Business Security Weekly #64
37:12

In the Leadership and Communications segment, 7 subconscious habits that sabotage your ability to listen - and lead, the power of writing stuff down, what really helps employees improve, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

Jun 13, 2019
Rapid7, Ixia, & CNA - Enterprise Security Weekly #141
30:44

Rapid7 is integrating access to Insight Platform Applications, Ixia releases a new Scalable, modular packet broker, Sonatype's Nexus user conference to bring 2000 DevSecOps leaders together for free, and CyberArk and CNA introduce cybersecurity insurance!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode141

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 13, 2019
Privacy: One Year After GDPR - Business Security Weekly #64
30:28

Unfortunately, our scheduled interview was cancelled this week, but we are working to get Brian rescheduled. Instead, we're going to discuss the state of privacy one year after GDPR. Yes, GDPR is a year old. Are things better, worse, or the same?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

Jun 12, 2019
MacOS Catalina, OpenShift, & Pink Floyd - Application Security Weekly #64
31:29

"Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 11, 2019
DevSecOps & Software Supply Chains, Microsoft - Application Security Weekly #64
38:30

Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 10, 2019
SalesForce, iPhones, & Old Androids - Paul's Security Weekly #607
01:09:29

In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized cars?!

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 10, 2019
Mental Health & Wellness - Paul's Security Weekly #607
57:59

We welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and how we can provide them with the proper support services to help!

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 09, 2019
Imperva, Securonix, & ThreatConnect - Enterprise Security Weekly #140
26:44

Flexera Acquires RISC Networks, Security stays hot as Imperva grabs Distil Networks, EnSilo is raising a series B to monitor and remediate cyber threats, SentinelOne lands $120 mln Series D, Securonix Partner Program Targets MSSPs, Thycotic Expands Enterprise-Grade Privileged Access Management-as-a-Service Solution, SecureAuth Innovates Secure Identity Management with its Intelligent Identity Cloud Service, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 08, 2019
Detection & Response, Endgame - Paul's Security Weekly #607
37:20

In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind.

To learn more about Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 08, 2019
Importance Of Remediation, Viavi - Enterprise Security Weekly #140
40:58

Charles Thompson is the Senior Director of Product Management at Viavi. Charles will discuss the importance of response/remediation in a strong security strategy and the role wire-data plays in having the forensic detail needed to identify a breach, understand scope of impact, and confirm restoration of network performance to pre-incident baseline.

To learn more about Viavi Solutions, visit: https://securityweekly.com/viavi

Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 07, 2019
The Effectiveness Of Your SOC, LogRhythm - Business Security Weekly #130
35:35

Andrew Hollister is the Chief Architect & Product Manager at LogRhythm. Andrew will talk about the Security Operations Maturity Model: How to Measure the effectiveness of your SOC.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Jun 06, 2019
Defending Against Microsoft Vulnerabilities - Enterprise Security Weekly #140
28:01

Paul will be giving a technical segment on Defending Your Environment Against Major Microsoft Vulnerabilities. Discussion points will consist of: Discovery, Temporary Countermeasures, Be Resilient, and Paul talks about the two things he'd change if he were in charge. Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 06, 2019
Cybersecurity Workforce Gap - Business Security Weekly #130
29:29

John McCumber is the Director, Cybersecurity Advocacy at (ISC)2. John will cover the statistics behind the cybersecurity workforce gap, and explain why what we perceive anecdotally isn't what we see in the media. Learn what is really taking place in cybersecurity hiring, training, and education. Find new opportunities in this data for your personal career growth.

To learn more about ISC2, visit: https://securityweekly.com/isc2

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Jun 05, 2019
Application News - Application Security Weekly #63
26:16

This week, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 05, 2019
Major Identities & Micro Services - Application Security Weekly #63
31:31

Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 04, 2019
Gatekeeper, WannaCry, and BlueKeep- Paul's Security Weekly #606
01:10:10

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that makes you WannaCry!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 03, 2019
Automate IT, SaltStack - Paul's Security Weekly #606
48:07

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtual), network devices, and endpoints. From "day 0" provisioning to "day n" configuration drift management and compliance management, Salt can scale to automate all the most difficult and frustrating tasks.

To learn more about SaltStack, visit: https://securityweekly.com/saltstack

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 02, 2019
Network-Wide Security Policy, Tufin - Enterprise Security Weekly #139
34:22

Ruvi Kitov, CEO and Co-Founder of Tufin, talks about the importance of having a network-wide security policy! The discussion will be on the importance of having a network-wide security policy, the fact that most companies don’t have one, and therefore lack visibility and are not compliant with regulations and even with their own policies, and finally the value that we provide with SecureTrack.

To learn more about Tufin, visit: https://securityweekly.com/tufin

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

Jun 01, 2019
BlueKeep Vulnerability, Robert Graham - Paul's Security Weekly #606
31:04

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Jun 01, 2019
Digital Hygiene & The School System - Paul's Security Weekly #606
30:20

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digital hygiene if we don't have the proper education in place?, what is Digital Citizenship, and how is the Privacy playing a roll in our always-on youth?

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

May 31, 2019
Verodin, Palo Alto, & Okta - Enterprise Security Weekly #139
41:34

John Strand and Paul Asadoorian discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and funding updates from Palo Alto, FireEye, and Verodin!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

May 31, 2019
Understanding & Quantifying Cyber Risk, RiskLens - Enterprise Security Weekly #139
23:12

We interview Jack Jones, Chief Risk Scientist at RiskLens to talk about Understanding and quantifying cyber risk using FAIR!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

May 29, 2019
Google, Huawei, & Windows 0-Day - Paul's Security Weekly #605
59:34

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 27, 2019
Does DNS Fit Into A Secure Architecture - Paul's Security Weekly #605
40:40

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 26, 2019
KnowBE4, Autho0, & Guardicore - Enterprise Security Weekly #138
21:52

In the Enterprise News, ThreatQuotient expands integration with MITRE ATT&CK Framework, JASK launches a new Heads Up Display for security operations centers, and we have some acquisition and funding updates from Guardicore, Auth0, and KnowBe4!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 25, 2019
Candy Alexander, ISSA - Enterprise Security Weekly #138
23:27

Candy Alexander is the President of Information Systems Security Association. Ms. Alexander has 30 years of information security experience working for various high-tech companies. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a Virtual or Fractional CISO and Executive Cyber Security Consultant assisting companies large and small to improve their security programs through effective security initiatives.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 25, 2019
Matthew McMahon, Salve Regina University - Paul's Security Weekly #605
40:15

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

May 25, 2019
The Pillars Of The Enterprise, Gravwell - Enterprise Security Weekly #138
30:09

Corey Thuen is the Co-Founder at Gravwell. Corey covers the topics: Framework for discussion: the pillars of the SOC and the 80/20 principle, Wire data, Log/Application Data, Endpoint protection/EDR, Threat Intel, Data fusion, SOAR, and much more!

To learn more about Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

May 24, 2019
Application News - Application Security Weekly #62
30:05

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

May 23, 2019
Leadership Articles - Business Security Weekly #129
19:08

In the Leadership and Communications segment, don't let your expertise narrow your perspective, don't be blinded by your own expertise, and the smartest cities in the future of urban development!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

May 22, 2019
Cody Wood, Signal Sciences - Application Security Weekly #62
33:07

Mike Shema and John Kinsella interview Cody Wood. Cody Wood is the AppSec Product Support Engineer at Signal Sciences.

To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

May 22, 2019
Discovering Applications, Netsparker - Business Security Weekly #129
35:32

We welcome Ferruh Mavituna, Founder and CEO of Netsparker! They will be discussing the discover and scan perspective of applications, how to handle in-house written applications vs. ones that are acquired, the prioritization and planning of the applications you have, and the common practice companies should be doing to focus on the top 20% of critical apps.

To get involved with Netsparker, visit: https://securityweekly.com/netsparker

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

May 21, 2019
Singapore, Cisco, and Israeli Spyware - Paul's Security Weekly #604
01:11:44

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability!

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 20, 2019
Fixing Identity and Access Management - Paul's Security Weekly #604
01:02:27

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management.

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 19, 2019
Julian Zottl, Raytheon - Paul's Security Weekly #604
43:41

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks!

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly

May 18, 2019
Centralization of Web Security, Netsparker - Enterprise Security Weekly #137
37:44

Ferruh Mavituna is the Founder & Product Manager at Netsparker. Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing?

To learn more about Netsparker, visit: https://securityweekly.com/netsparker

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 17, 2019
SysDig, In-Q-Tel, NextGen, & SIEM - Enterprise Security Weekly #137
27:39

In the news, Atos launches a new unified cloud identity and access management solution, ExtraHop announces new panorama partner program, SysDig and In-Q-Tel partnership to provide U.S. government agencies with the SysDig Cloud Native VSP, and LogRhythm releases a Cloud Based NextGen SIEM platform!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 17, 2019
Leadership Articles - Business Security Weekly #128
36:43

In the Leadership and Communications segment, Transformational leadership style inspires 'moonshot goals', How to Deal With Information Overload, The surprising secret of success: it's not about winning, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

May 16, 2019
Firewalls, Paul Asadoorian - Enterprise Security Weekly #137
24:51

Paul will be giving a technical segment on firewalls. Paul talks about an enterprise open-source firewalls?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode137

Visit https://securityweekly.com/esw for all the latest episodes!

May 16, 2019
Application News - Application Security Weekly #61
28:43

In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

May 15, 2019
Jon Fredrickson, BCBSRI - Business Security Weekly #128
40:32

This week, we welcome Jon Fredrickson, Information Security Officer at Blue Cross & Blue Shield of Rhode Island.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

May 14, 2019
Securing Software Supply Chains - Application Security Weekly #61
42:23

This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains. Derek is the VP and DevOps Advocate at Sonatype. Derek is the world's foremost researcher on the topic of DevSecOps and securing software supply chains.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

May 14, 2019
Security News - Paul's Security Weekly #603
01:23:53

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing!

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 13, 2019
Chris Sanders, AND & RTF - Paul's Security Weekly #603
38:47

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas.

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 12, 2019
Security Industry Briefings Update - Enterprise Security Weekly #136
20:14

We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 11, 2019
Enterprise News - Enterprise Security Weekly #136
22:46

In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 11, 2019
From IT to OT Security, Lesley Carhart - Paul's Security Weekly #603
52:34

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Lesley will be discussing her transition from IT security to OT security, DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?, and much more!

Full Show Notes: https://wiki.securityweekly.com/Episode603

Follow us on Twitter: https://www.twitter.com/securityweekly

May 11, 2019
Continuous Controls Monitoring, Panaseer - Enterprise Security Weekly #136
29:49

Nik Whitfield is the CEO at Panaseer. He joins us to talk about Continuous Controls Monitoring!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode136

Visit https://securityweekly.com/esw for all the latest episodes!

May 10, 2019
Application News - Application Security Weekly #60
34:16

Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and security.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60

Follow us on Twitter: https://www.twitter.com/securityweekly

May 09, 2019
Leadership Articles - Business Security Weekly #127
38:03

In the Leadership and Communications segment, How to build a startup, You Don't Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

May 08, 2019
Sven Morgenroth, Netsparker - Application Security Weekly #60
35:37

Sven joins us to talk about securing our applications, how confident can we be about the security of web applications, and how we can make it easier to build applications that we don't need to worry about the OWASP top 10 because of secure defaults.

To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60
Follow us on Twitter: https://www.twitter.com/securityweekly

May 08, 2019
Global Cyber Innovation Summit Recap - Business Security Weekly #127
29:33

Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

May 07, 2019
Philip Niedermair, National Cyber Group - Paul's Security Weekly #602
45:03

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 06, 2019
Joshua Abraham, Praetorian - Paul's Security Weekly #602
58:44

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 05, 2019
ThreatConnect, HALO, & SolarWinds - Enterprise Security Weekly #135
26:43

In the Enterprise news, ThreatConnects new features make creating security playbooks easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 04, 2019
Nokia 9, Julian Assange, & Tenable - Paul's Security Weekly #602
58:26

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack!

Full Show Notes: https://wiki.securityweekly.com/Episode602

Follow us on Twitter: https://www.twitter.com/securityweekly

May 04, 2019
Joshua Abraham, Praetorian - Enterprise Security Weekly #135
36:38

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders!

Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 03, 2019
Leadership Articles - Business Security Weekly #126
28:13

In the Leadership and Communications segment, 5 Myths about Strategy, The making of a technology leader, Want Fewer Employees to Quit? Listen to Them, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

May 02, 2019
Patch Management Struggles, Automox - Enterprise Security Weekly #135
37:03

A self-described "Nerd with a big mouth" Jay is an 18-year startup veteran specialized in pre-IPO, hyper-competitive environments with a focus on new technology introduction, partner/customer acquisition. Jay joins us to discuss Patch management struggles and how to overcome them!

To get involved with Automox, visit: https://securityweekly.com/automox

Full Show Notes: https://wiki.securityweekly.com/ES_Episode135

Visit https://securityweekly.com/esw for all the latest episodes!

May 02, 2019
Security Awareness, Education, & Training - Business Security Weekly #126
37:05

Craig Sandman is the President and Co Founder of Symbol Security, a Cyber Security SaaS company with a mission to reduce corporate risk through Security Awareness Education. Craig will discuss Security Awareness, Education, and Training!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

May 01, 2019
Application News - Application Security Weekly #59
34:26

In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

May 01, 2019
Larry Maccherone, Comcast - Application Security Weekly #59
30:48

This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 30, 2019
Fujifilm, Facebook, & Black Holes - Paul's Security Weekly #601
01:13:31

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole!

Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 29, 2019
SaaS Product, Cloudneeti - Paul's Security Weekly #601
58:57

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications!

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 28, 2019
Dave Kennedy, Binary Defense - Enterprise Security Weekly #134
23:19

Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community! A great conversation between two security legends and long time best friends! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 27, 2019
The Canary Tool, Thinkst - Paul's Security Weekly #601
01:06:05

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary!

To get started with Canary, visit: https://securityweekly.com/canary
Full Show Notes: https://wiki.securityweekly.com/Episode601

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 27, 2019
ShieldX, Tenable, & Capsule8 - Enterprise Security Weekly #134
30:28

In the Enterprise news, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 26, 2019
Francis Dinha, OpenVPN - Enterprise Security Weekly #134
27:14

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN. Francis Dinha is the CEO of OpenVPN.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode134

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 25, 2019
Leadership Articles - Business Security Weekly #125
31:20

In the Leadership and Communications segment, 5 Ways to Find Natural Leaders for Your Team, Business Wisdom Learned From Bomb Squad Experts And Their Commanders, Why Rest Is Essential To High Performance, 4 Ways Working Dads Can Make More Time for Family, and more!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125

Apr 24, 2019
Adam Fletcher, Blackstone - Business Security Weekly #125
27:55

Adam Fletcher is the Chief Information Security Officer for Blackstone. As a security professional with over 18 years of experience, Adam has worked with global security organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant.

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125

Please join Adam and other CISOs at the Global Cyber Innovation Summit by visiting https://globalcybersummit.org/request-information to request your invitation.

Apr 24, 2019
Application News - Application Security Weekly #58
31:42

In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 23, 2019
Thomas Hatch, SaltStack - Application Security Weekly #58
39:41

Thomas is the creator of the Salt open source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and IoT.

 

To learn more about SaltStack, visit: https://securityweekly.com/saltstack

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 23, 2019
Patrick Tierney, Endgame - Enterprise Security Weekly #133
17:06

We interview Patrick Tierney, the Sales Engineer at Endgame.

To get involved with Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 20, 2019
Tufin, OpenVPN, & NYSE IPO - Enterprise Security Weekly #133
19:12

In the news, OpenVPN and JumpCloud Partner to Bring Secure Cloud-based Authentication and User Management to VPN, IdenTrust and Device Authority Collaborate to Deliver Secure Lifecycle Management to the IoT, Tufin Prices NYSE IPO at $108 Million, Bad security hygiene still a major risk for enterprise IT networks and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 19, 2019
SOC Intel: Wire, Logs, & Endpoint - Enterprise Security Weekly #133
31:41

Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint!

To get involved with ExtraHop, vist: https://securityweekly.com/extrahop

Full Show Notes: https://wiki.securityweekly.com/ES_Episode133

Visit https://securityweekly.com/esw for all the latest episodes!

Apr 18, 2019
How To Think Like An Investor, Will Lin - Business Security Weekly #124
30:34

Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley.

Full show Notes: https://wiki.securityweekly.com/BSWEpisode124

Apr 18, 2019
Application News - Application Security Weekly #57
38:53

3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 17, 2019
Security Money - Business Security Weekly #124
27:59

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode124

Apr 17, 2019
Containers and Kubernetes - Application Security Weekly #57
23:54

This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 16, 2019
Bitcoin, WikiLeaks, & Julian Assange - Paul's Security Weekly #600
01:18:17

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks.

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 16, 2019
Merissa & Jessica, WSC - Paul's Security Weekly #600
42:09

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers.

If anyone has questions, they can visit our website at https://womenscyberjutsu.org/ or reach out to me directly, I’m always happy to help!

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 15, 2019
Gabriel Gumbs, Spirion - Paul's Security Weekly #600
43:33

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion’s rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.

Full Show Notes: https://wiki.securityweekly.com/Episode600

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 14, 2019
Coalfire ASV Scanning - Enterprise Security Weekly #132
01:04:58

Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire.

Coalfire ASV Scanning:

- ASV program (love, praise, struggle)
- Development and growth of scanning, 1-5 person team, partnership, marketing position
- Published opinion piece, getting knowledge, supporting the industry
- Scan platform
- RISE - movement in the company, coalfire programs, development at Coalfire
- Limitations of scanning, pen testing?

To learn more about Coalfire, visit: https://securityweekly.com/coalfire
Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 13, 2019
Vendor Briefing - Enterprise Security Weekly #132
22:52

In the last segment, we air the Security Briefing from Secure World Boston! Paul and Matt review the vendors at SecureWorld Boston 2019!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 13, 2019
Cloud Security, Bitglass, & Funding - Enterprise Security Weekly #132
29:03

In the news, Cloud security company Bitglass raises $70M in late-stage round, Lockpath Announces Significant Updates to Keylight Platform, TrustBuilder Identity Hub introduces simple and scalable access management for Docker, Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners, RedSeal raises more than $60 million for its cybersecurity tools, Google expands cloud security capabilities, including simpler configuration, and Sysdig Unites Cloud-Native Visibility and Security in Platform Update.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode132

Visit http://securityweekly.com/esw for all the latest episodes!

Apr 12, 2019
Calendars, Work-Life, & Balance - Business Security Weekly #123
29:42

In the Leadership and Communications segment, 94% of CIOs, CISOs have to make protection compromises, Accelerating Business Through Customer Centricity, 5 states dominating tech employment, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode123

Apr 10, 2019
Docker, ARM, & "Selfie" - Application Security Weekly #56
37:14

In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 10, 2019
Falco, Sysdig - Application Security Weekly #56
42:47

This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco!

To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 10, 2019
Post-Perimeter Security , Lookout - Business Security Weekly #123
34:24

Michael Murray is the Chief Security Officer at Lookout. Michael joins us today to talk about Post-perimeter Security.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode123

Apr 09, 2019
OceanLotus, Russia, & Google - Paul's Security Weekly #599
53:51

In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale!

Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Apr 01, 2019
Threat Hunting & AI Hunter, ACM - Paul's Security Weekly #599
48:06

In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter!

To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 31, 2019
Illusive Networks - Enterprise Security Weekly #131
25:51

Paul sits down with Wade Lance and Nir Greenberg of Illusive Networks at the RSA Conference 2019!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode131

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 30, 2019
Mary Beth Borgwing, Cyber Social Club - Paul's Security Weekly #599
49:14

This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber!

Full Show Notes: https://wiki.securityweekly.com/Episode599

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 30, 2019
Branden Williams, Union Bank - Enterprise Security Weekly #131
25:16

Dr. Branden R. Williams has more than twenty years of experience in business, technology, and information security as a consultant, leader, and an executive. His specialty is navigating complex landscapes—be it compliance, security, technology, or business—and finding innovative solutions that propel companies forward while reducing risk.

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode131

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 29, 2019
Leadership Articles - Business Security Weekly #122
27:10

In the Leadership and Communications segment, even CEOs should clean their own bathrooms sometimes, building an effective cybersecurity program, how to get booked as a podcast guest, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode122

Mar 28, 2019
Bugs, Breaches, and More! - Application Security Weekly #55
30:48

XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode55 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 28, 2019
Security ROI, Endgame - Business Security Weekly #122
37:11

Ian McShane, the VP, Product Marketing at Endgame, joins us on Business Security Weekly to talk about security ROI and how to align goals, skills, and budgets to reduce risk.

 

To learn more about Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode122

Mar 28, 2019
Android Q, Sirens, & Korean Hotels - Paul's Security Weekly #598
40:03

In the Security News, how Android Q will come with improved privacy protections, hacked tornado sirens taken offline ahead of a major storm, and how Putty released an update that fixed 8 new security flaws!

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 26, 2019
Iris, DomainTools - Paul's Security Weekly #598
26:27

In this segment, we run a Technical Demo with our sponsor DomainTools, all about Domain Investigation with DomainTools Iris!

To learn more about DomainTools, visit: https://securityweekly.com/domaintools

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 25, 2019
Marcus Carey, Tribe of Hackers - Paul's Security Weekly #598
50:43

Marcus Carey is the Founder & CEO at Threatcare. Navy Cryptologist turned cybersecurity entrepreneur, Marcus Carey is Currently working as founder and CEO of cybersecurity company Threatcare. He joins us talk about the book that he Co-Authored, "Tribe of Hackers"!

Full Show Notes: https://wiki.securityweekly.com/Episode598

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 24, 2019
NexDefense, 42Crunch, & ExtraHop - Enterprise Security Weekly #130
31:24

Stackpath released new edge computing VMs, ExtraHop hires former Tenable and HPE leaders to support growth in cyber, Security professionals want to return fire to Venafi, Dragos acquires NexDefense, and 42Crunch unveils a new platform to discover API vulnerabilities and protect them from attacks!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode130

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 22, 2019
Endgame, Virsec, & SCYTHE - Enterprise Security Weekly #130
48:19

Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019: Endgame, Virsec, and SCYTHE

Full Show Notes: https://wiki.securityweekly.com/ES_Episode130

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 21, 2019
DARPA, Yelp, & FBI - Application Security Weekly #54
29:06

Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 21, 2019
Leadership Articles - Business Security Weekly #121
28:52

In the Leadership and Communications segment, How Boeing Should Have Responded to the 737 Max Safety Crisis, Digital Transformation is Not About Technology, Gartner's Top 10 Security Projects for 2019, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode121

Mar 20, 2019
Jamie Duncan, Red Hat - Application Security Weekly #54
33:51

Jamie Duncan is a recovering history major who has been at Red Hat for just over 7 years. Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 20, 2019
Intersection of Development & Security - Business Security Weekly #121
38:10

Nick Galbreath, Co-founder and Chief Technology Officer at Signal Sciences, to discuss the Intersection of Development and Security!

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode121

Mar 19, 2019
Malware Sandboxing, VMRay - Paul's Security Weekly #597
40:23

We interview Carsten Williams, Co-Founder and CEO at VMRay, discussing malware sandboxing! Carsten is the original developer of CWSandbox, a commercial malware analysis suite that was later renamed to GFI Sandbox, and now Threat Analyzer by ThreatTrack Security.

To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 18, 2019
Tesla, YouTube, & Sexy Selfies - Paul's Security Weekly #597
01:28:39

New WordPress flaw lets unauthenticated remote attackers hack sites, Tesla allegedly spied on and ran a smear campaign on a whistleblower, Facebook and Instagram suffer most severe outage ever, a man drives 3,300 miles to talk to YouTube about a deleted video, and what do sexy selfies, search warrants, and tax files have in common?

Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 17, 2019
RSAC 2019 Recap - Enterprise Security Weekly #129
01:00:44

Paul Asadoorian and Matt Alderman recap RSA Conference 2019, including their briefings with: - 42Crunch - Baffle - CyberInt - Eclypsium - Ericom Software - Lacework - Radware - RiskRecon and More!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 16, 2019
Evolution of Zero Trust, Edgewise - Paul's Security Weekly #597
53:53

We welcome Peter Smith, Founder and CEO of Edgewise to talk about the evolution of Zero Trust! Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University’s first NAC system before it became a security category. Peter brings a security practitioner’s perspective to Edgewise with more than ten years of expertise as an infrastructure and security architect of data centers.

To learn more about Edgwise, visit: https://securityweekly.com/edgewise/

Full Show Notes: https://wiki.securityweekly.com/Episode597

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 16, 2019
Continuous Cloud Assurance, Cloudneeti - Enterprise Security Weekly #129
36:26

This week, we interview Gururaj Pandurangi, Founder and CEO at Cloudneeti, to discuss Continuous Cloud Assurance! Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj has 20 years of professional experience, a good portion of it as an early adopter of cloud technologies and building global scale cloud products like Windows Live, Bing platform, Consumer Identity and Federations.

To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 15, 2019
RSAC 2019 Interviews Enterprise Security Weekly #129
46:23

Paul Asadoorian and Matt Alderman recorded interviews with the following vendors at RSA Conference 2019:

- Venafi

- XM Cyber

- Onapsis

Full Show Notes: https://wiki.securityweekly.com/ES_Episode129

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 14, 2019
Application News - Application Security Weekly #53
29:40

WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 14, 2019
Leadership Articles - Business Security Weekly #120
28:04

In the Leadership and Communications segment, How to Make Sure Your Board Sets a Good Example for Your Company, Cybersecurity is Putting Customer Trust at the Center of Competition, 6 Reasons Your Home Office is Better Than Your Company Office, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode120

Mar 13, 2019
RSA 2019 Recap - Application Security Weekly #53
27:47

Keith and Paul discuss the structure and experiences of 2019's RSA Conference.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 13, 2019
Ben Carr, Aristocrat - Business Security Weekly #120
34:47

Ben Carr is the Chief Information Security Officer at Aristocrat. Prior to Aristocrat, we was VP of Strategy for Cyberbit and North America's Technical Director for Tenable. Prior to Tenable, he was Senior Director, Global Information Security at Visa and Head of Global Corporate IT Security at Nokia.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode120

Mar 12, 2019
YouTube Censorship & Vulnerabilities- Paul's Security Weekly #596
01:29:55

YouTube controversy on ALL fronts, Cisco SOHO wireless VPN firewalls and routers open to attack, Ring doorbell flaw opens door to spying, bot plagues, free hacking toolkits, and everything you need to know about the Huawei controversy!

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 04, 2019
David Marble, OSHEAN - Paul's Security Weekly #596
46:27

David Marble is the President & CEO at OSHEAN. David joins us to talk about what to expect at at this years Rhode Island Cybersecurity Exchange Day! This conference will be held on March 13th 2019 from 9am to 3pm at Salve Regina University, w/ a featured keynote by our Founder and CTO, Paul Asadoorian!

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 03, 2019
PCI, Capsule8, & Polaris - Enterprise Security Weekly #128
31:05

Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode128

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 02, 2019
Threat Intelligence, Recorded Future - Paul's Security Weekly #596
53:06

Allan Liska is the Senior Solutions Architect at Recorded Future. Allan talks about threat intelligence – no longer just for the secret squirrels among us. While the term can elicit reactions ranging from exasperated sigh to flashbacks of security buzzword bingo circa 2015, Recorded Future is delivering on the industry promise – actionable intelligence for all security pros.

Get Trending Threat Insights Delivered to Your Inbox, at: https://securityweekly.com/recordedfuture

Full Show Notes: https://wiki.securityweekly.com/Episode596

Follow us on Twitter: https://www.twitter.com/securityweekly

Mar 02, 2019
Funding and M&A News - Enterprise Security Weekly #128
27:55

Paul and Matt discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode128

Visit http://securityweekly.com/esw for all the latest episodes!

Mar 01, 2019
Matt Springfield, 12Feet, Inc. - Application Security Weekly #52
28:40

Matt Springfield is the founder of 12Feet, Inc. an information security consulting firm based in the Dallas area. Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 28, 2019
Bruce Sussman, SecureWorld - Business Security Weekly #119
27:16

Bruce Sussman is the Media-Development Director at SecureWorld. Bruce will give us a preview of SecureWorld Boston 2019 and the upcoming events.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode119

Feb 27, 2019
Securing the Human Layer, Armorblox - Business Security Weekly #119
31:30

DJ Sampath is the Co-Founder and Chief Executive Officer at Armorblox. DJ comes on the show to discuss "Securing the Human Layer"!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode119

Feb 27, 2019
Bugs, Breaches, and More! - Application Security Weekly #52
32:03

Many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 27, 2019
Passwords, Splunk, & Nest Microphones - Paul's Security Weekly #595
01:06:36

In the Security News, password managers leaking data in memory, security analysts are only human, Splunk changes position of Russian customers, Google admits error over hidden microphone, and a nasty code-execution bug in WinRAR threatened millions of users for 14 years!

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 25, 2019
Steve Brown, SecureWorld Keynote - Paul's Security Weekly #595
54:58

Steve Brown, Keynote Speaker at SecureWorld Boston 2019 to discuss his talk about Building Your Strategic Roadmap for the Next Wave of Digital Transformation!

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 24, 2019
Product Launches and Announcements - Enterprise Security Weekly #127
41:05

CylancePROTECT now available on AWS marketplace, Attivo Networks enhances deception platform with Forensic Collection, Cyber Security market will reach $365.26B by 2026, and Elevate Security raises $8M in Series A!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode127

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 23, 2019
SILENTRINITY Updates, BHIS - Paul's Security Weekly #595
47:40

Marcello Salvati, Security Analyst at our sponsor Black Hills Information Security, to give some updates on his Post Exploitation Tool SILENTRINITY! Sign up for the BHIS Mailing List to receive updates about upcoming webcasts, blogs, and open-source tools from our testers at: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode595

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 23, 2019
SOAR, Cody Cornell - Enterprise Security Weekly #127
30:03

Cody Cornell is the CEO of Swimlane. Matt Alderman and Joff Thyer interview Cody, to discuss Security Orchestration, Automation, and Response!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode127

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 22, 2019
Leadership & Communication - Business Security Weekly #118
38:16

In the Leadership and Communications segment, are boards of directors responsible for cybersecurity, cybersecurity mental health warning, how to cope with a Mid-Career Crisis, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode118

Feb 21, 2019
Android, Dark Web, & Development - Application Security Weekly #51
25:10

A PNG Android Vulnerability, 620 Million Stolen Accounts for Sale on the Dark Web, How Shifting Security Left Speeds Development and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 20, 2019
Cyber Insurance, Brendan Goodwin - Business Security Weekly #118
22:26

Brendan Goodwin is the Regional Cyber Director – Northeast & Mid-Atlantic at Alfred J. Gallagher Co. Brendan comes on the show to talk about "How Cyber Insurance can Augment Your Cyber Security Strategy."

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode118

Feb 20, 2019
DEFCON, Windows 10, & Linux vs Mac - Paul's Security Weekly #594
59:44

Why it's way too easy to sell counterfeit goods on amazon, how to defend against the runC container vulnerability, creating a dream team for the new age of cyber security, how you can get a windows 95 emulator for Windows 10, Linux, or MAC, DEF CON goes to Washington, and InfoSec institutes top podcasts that take your computer skills to the next level!

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 19, 2019
Integrating Security into DevOps, Altran - Application Security Weekly #51
27:07

Gurpreet S. Sachdeva is the Assistant Vice President of Technology for Altran. Gurpreet Sachdeva will be discussing "Integrating Security into DevOps"!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 19, 2019
Enterprise-ish Network Security: Pt. 1 - Paul's Security Weekly #594
39:24

There are quite a few choices for selecting open-source and inexpensive hardware to build your network and provide tools to monitor for security events. In this segment we'll discuss some of the options, the pros and cons of each, limitations, and really cool features! Includes coverage of Qotom hardware, how to procure enterprise-grade switches, the right cabling, and OPNSense and pfSense.

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 18, 2019
Harry Sverdlove, Edgewise - Paul's Security Weekly #594
55:50

Harry Sverdlove, Chief Technology Officer of Edgewise for an interview, to talk about The Future of Firewalls!

To learn more about Edgewise, visit: https://www.securityweekly.com/edgewise

Full Show Notes: https://wiki.securityweekly.com/Episode594

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 17, 2019
The Evolution Of Vulnerability Management - Enterprise Security Weekly #126
23:13

Where do we stand today in the following 3 areas when it comes to vulnerability management: 1. Applications - DevOps, containers and applications in general (desktop and SaaS) - What are the new challenges and how do we solve them? 2. Infrastructure - We still have infrastructure, operating systems, IoT, network infrastructure, etc...How do we best make this happen and make sense of the results? 3. Mobile - How do we cover iOS, Android, Chrome OS? Do we even care?

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode126

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 16, 2019
Qualys, Lacework, & Multicloud - Enterprise Security Weekly #126
29:36

Cisco unlocks IoT potential with Intent-Based Networking, Qualys extends cloud platform with patch management, Tenable announces general availability of Predictive Prioritization, and Lacework announces security support for Azure and Multicloud environments!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode126

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 15, 2019
Application News - Application Security Weekly #50
28:18

In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 14, 2019
Leadership Articles - Business Security Weekly #117
24:57

In the Leadership and Communications segment, Keep your employees and you'll keep your customers, Why leadership development is superficial and how to fix it, simple techniques to overcome negative emotions when negotiating with others, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117

Feb 13, 2019
Basic Flow of Problem, Solution, and Value - Application Security Weekly #50
28:46

Tim Eades is the CEO at vArmour. Tim joins us on the show to talk about the basic flow of problems, the solutions, and the value.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 13, 2019
Connie Mastovich, InfoSec World 2019 - Paul's Security Weekly #593
34:19

Connie Mastovich is the Sr. Security Compliance Analyst at Reclamere and she will be speaking at InfoSec World 2019. Connie's talk will be about "The Dark Web 2.0: How It Is Evolving, and How Can We Protect Ourselves?" Connie teases her talk and explains how to protect ourselves, our clients, and the information that we handle daily.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 12, 2019
Ed Moyle, InfoSec World 2019 - Business Security Weekly #117
32:50

Ed Moyle is on the Advisory Board for InfoSec World and he joins us on the show to talk about InfoSec World 2019 and its upcoming plans. Ed Moyle is also giving a talk on "Cryptocurrency Lessons for Enterprise Blockchain".

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode117

Feb 12, 2019
5G, Zero-Days, & National Museum - Paul's Security Weekly #593
01:15:59

5G networks must be secured from hackers and bad actors, zero-day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War 2 German message decrypts to go on display at the National Museum of Computing!

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 11, 2019
DetectionLab, Chris Long - Paul's Security Weekly #593
32:35

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant.

Full Show Notes: https://wiki.securityweekly.com/Episode593

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 10, 2019
RSA, DigiCert, and Signal Sciences - Enterprise Security Weekly #125
27:28

RSA Conference announces finalists for Innovation Sandbox Contest 2019, DigiCert announces all-in-one digital certificate management solution, Google's new Chrome extension warns you about stolen passwords, Signal Sciences raises 35$ Million to accelerate market expansion and tech innovation, and Palo Alto is in talks to buy Information Security firm Demisto!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode125

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 09, 2019
Randall Trzeciak, CERT - Enterprise Security Weekly #125
24:32

Randall Trzeciak, the Director of the CERT Insider Threat Center at Carnegie Mellon University's Software Engineering Institute! Randall will be speaking at InfoSec World 2019 about "An Effective Insider Threat Program" on Saturday, March 30th @9:00 am.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode125

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 08, 2019
Application News - Application Security Weekly #49
29:53

Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 07, 2019
Privacy & Software Development - Application Security Weekly #49
31:28

Keith and Paul discuss the current state of privacy and software development.

- Facebook reveals news feed experiment to control emotions

- Facebook pays teens to install VPN that spies on them

- Apple blocks Facebook from running its internal iOS apps

- Apple restores Google’s internal iOS apps after certificate misuse punishment

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 07, 2019
Sandra Toms & Britta Glade, RSA Conference - Business Security Weekly #116
24:11

Sandra Toms is Vice President and Curator at RSA Conference. In 1998, her vision was to establish RSA Conference as a global cybersecurity forum where technology vendors and businesses unite. We all know how that turned out! Britta Glade is Director, Content and Curation at RSA Conference. When I first met Britta in 2012, she headed analyst relations for RSA before moving over to RSA Conference. If you want to learn more about RSA Conference, you can visit RSAConference.com.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116

Feb 06, 2019
Dave Kennedy, TrustedSec - Business Security Weekly #116
37:46

We welcome David Kennedy, founder and CEO, at TrustedSec to discuss "Investing in the right technology and resources"!

To learn more about TrustedSec, visit: https://www.securityweekly.com/trustedsec

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode116

Feb 05, 2019
The Future Of Security - Paul's Security Weekly #592
56:22

In our second segment, the Security Weekly hosts will discuss the Future of Security, such as major changes, evolving threats, and security culture!

Full Show notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 04, 2019
Web App Scanning w/ Authentication, Acunetix - Paul's Security Weekly #592
29:04

Benjamin Daniel Mussleris the Senior Security Researcher at Acunetix. Benjamin will come on the show to talk about Web App Scanning with authentication.

To learn more about Acunetix, visit: https://securityweekly.com/acunetix

Full Show Notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 03, 2019
Yubico, Symantec, & Sophos - Enterprise Security Weekly #124
39:43

In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition and funding updates from ReSec, Medigate, Cato Networks, Sophos, and DarkBytes!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode124

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 02, 2019
Leadership Articles - Business Security Weekly #115
26:13

In the Leadership and Communications segment, cybersecurity isn't just for tech people anymore, the weird approach to leadership, 4 things to do before a tough conversation, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115

Feb 02, 2019
Japan, Imperva, & DDoS - Paul's Security Weekly #592
01:17:00

In the Security News, 5 tips for access control from an ethical hacker, Japan is to hunt down Citizens insecure IoT devices, kid tracking watches allow attackers to monitor real time location data, and Imperva mitigate a DDoS attack generated 500 million packets per second!

Full Show Notes: https://wiki.securityweekly.com/Episode592

Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 02, 2019
Andrew Peterson, Signal Sciences - Enterprise Security Weekly #124
34:50

Andrew Peterson is the Founder & CEO of Signal Sciences, and an O’Reilly author of "Cracking Security Misconceptions". He joins the show today to talk about prioritizing bugs, if certain bugs at lower levels are being exploited, how to connect with developers and prioritize bugs, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode124

Visit http://securityweekly.com/esw for all the latest episodes!

Feb 01, 2019
Advanced Bot Protection, Cequence Security - Business Security Weekly #115
21:56

Shreyans Mehta is the CTO at Cequence Security. Shreyans joins us to talk about advanced bot protection and how Cequence is involved.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode115

Feb 01, 2019
Jing Xie, Venafi - Application Security Weekly #48
40:57

Dr. Jing Xie is the senior threat intelligence researcher for Venafi, the market leading cybersecurity company in machine identity protection. As a member of the Venafi thought leadership group, she leads Venafi Labs.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 31, 2019
Bugs, Breaches, and More! - Application Security Weekly #48
29:17

Concerns about WordPress' new "White Screen of Death", Google Chrome changes could 'destroy' ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, Websites can steal browser data via extensions APIs, a Fortnite security issue would have granted hackers access to accounts, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 30, 2019
Android, Nest, & Linux Malware - Paul's Security Weekly #591
52:10

Cellular carriers are implementing services to identify cell scam leveraging, New Android Malware uses motion sensor to avoid detection, Linux Malware disables security software to mine cryptocurrency, and how a Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert!

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 29, 2019
Topics & Questions - Paul's Security Weekly #591
56:52

In our second segment, the Security Weekly hosts talks about some of our favorite hacker movies, influencers in the community, and what software and devices make appearances in our labs!

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 28, 2019
Chris Morales, Vectra - Paul's Security Weekly #591
43:29

Christopher Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Full Show Notes: https://wiki.securityweekly.com/Episode591

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 27, 2019
Ping, API, & eSentire - Enterprise Security Weekly #123
38:51

Jeff Man joins Paul to talk about Ping Identity offering advanced API cyber protection, AppDynamics keeps expanding monitoring vision, eSentire announces managed endpoint defense powered by Carbon Black, and Juniper Networks signs a deal with IBMs!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode123

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 26, 2019
Open-Source & Free Collaboration Security Tools - Enterprise Security Weekly #123
36:54

Paul and Jeff Man talk about Open-Source and free collaboration security tools.

1. Project Planning - OrangeScrum

2. Ticketing - Mantis Bug Tracker

3. Documentation - MediaWiki

4. Zabbix - Remote System Monitoring

5. Feedly - Share stories and RSS feed

6. Slack - Free!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode123

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 24, 2019
The Human Element of Application Security - Application Security Weekly #47
22:24

This week on Application Security Weekly, Matt Alderman is joined by James Wickett, who is the Head of Research at Signal Sciences. They talk about the human element of application security training and testing.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 24, 2019
Leadership Articles - Business Security Weekly #114
23:47

In the Leadership and Communications segment, customer surveys are no substitute for actually talking to customers, CEOs most concerned about Cybersecurity in 2019, the open workspace, doesn't work, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

Jan 23, 2019
Zane Lackey, Signal Sciences - Business Security Weekly #114
28:20

Zane Lackey is the Chief Security Officer at Signal Sciences. Zane comes on the show to talk about advising!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode114

Jan 23, 2019
Bugs, Breaches, and More - Application Security Weekly #47
29:51

In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 23, 2019
DerbyCon, Flaws, & Azure DevOps - Paul's Security Weekly #590
01:21:54

Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty program!

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 22, 2019
PowerShell for Fun and Profit - Paul's Security Weekly #590
29:37

Joff will demonstrate some syntax with PowerShell useful for transferring data into a network while pen testing. The technical segment assumes that the pen testing is able to directly use PowerShell from the console itself, although the techniques can be adapted for different purposes.

To learn more about BHIS, visit: https://securityweekly.com/bhis

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 21, 2019
Dr. Eric Cole, Secure Anchor Consulting - Paul's Security Weekly #590
55:23

Dr. Eric Cole is the leading cybersecurity expert in the world, known as the go-to for major political and business power players.

Full Show Notes: https://wiki.securityweekly.com/Episode590

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 20, 2019
Security Product Launches, and Announcements - Enterprise Security Weekly #122
19:06

In this segment, we will discuss some security product launches & announcements from Trustwave, NopSec, ConnectGuard, Pulse Secure, and Synopsys!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode122

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 19, 2019
Security Mergers, Acquisitions, and Partnerships - Enterprise Security Weekly #122
21:03

In this segment, they discuss some mergers, acquisitions, and partnerships, such as TokenEx partnering with SureCloud, Check Point acquires ForceNock, Zix agrees to acquire AppRiver for $275 million, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode122

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 18, 2019
CRLF, NASA, & GitHub - Application Security Weekly #46
23:34

Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 17, 2019
Leadership Articles - Business Security Weekly #113
25:02

In business articles they discuss, how to be present, manage time, and avoid distractions, why your gut instinct is usually wrong, the 5 most efficient ways to get your work done, the creative difference between multitasking and multi-focus, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113

Jan 16, 2019
Rey Bango, Microsoft - Application Security Weekly #46
32:17

Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago & worked feverishly to transition into this new community.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 16, 2019
Security Money - Business Security Weekly #113
30:55

This week we introduce a new quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also created our own index to track public security companies called the Security Weekly 25. Let's understand how the security market is doing.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode113

Jan 15, 2019
Tim Callahan, Aflac - Business Security Weekly #112
28:16

Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. They talk about communicating threat intelligence to executives and the board.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Jan 14, 2019
Hyatt, El Chapo's IT, and Amazon Key - Paul's Security Weekly #589
01:04:13

Why Hyatt Is Launching a Public Bug Bounty Program, Amazon Key partners with myQ, Web vulnerabilities up, IoT flaws down, enterprise iPhones will soon be able to use security dongles, and how El Chapo's IT manager cracked his encrypted chats and brought him down!

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 14, 2019
pktrecon, Kory Findley - Paul's Security Weekly #589
26:10

Kory Findley talks about his Github project pktrecon. Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods.

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 13, 2019
Bryson Bort, SCYTHE- Paul's Security Weekly #589
50:49

Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. He comes on the show to talk about Attack Simulation.

To learn more about SCYTHE.io, go to: https://www.scythe.io/securityweekly

Full Show Notes: https://wiki.securityweekly.com/Episode589

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 12, 2019
Neustar, BlackBerry, and ShieldSquare - Enterprise Security Weekly #121
24:05

Neustar bolsters fraud detection capabilities with Trustid, almost half of containers in production have vulnerabilities, BlackBerry offers its security technology to IoT device makers, and Radware to acquire ShieldSquare for expansion of its cloud security portfolio!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode121

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 11, 2019
Cyber Deception Today: Tony Cole - Enterprise Security Weekly #121
30:06

Tony Cole is the Chief Technology Officer at Attivo Networks and is a cybersecurity expert with more than 30 years’ experience, a bachelor’s degree in computer networking and is a CISSP. Tony discusses the cyber deception in the enterprises today and gives a brief history of deception and it’s applicability to cybersecurity.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode121

Visit http://securityweekly.com/esw for all the latest episodes!

Jan 10, 2019
Ken Johnson, GitHub - Application Security Weekly #45
30:46

Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 09, 2019
WordPress, Silicon Valley, and Hijacking - Application Security Weekly #45
29:22

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 08, 2019
Leadership Articles - Business Security Weekly #112
38:19

This week how to moderate a panel discussion, the secret to leading organizational change is empathy, DevOps explained, 5 cloud computing predictions for 2019, and the top 3 things CIOs lose sleep over.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode112

Jan 08, 2019
PewDiePie, DOOM Roomba, and 9/11 - Paul's Security Weekly #588
50:36

Hijacking smart TV's to promote PewDiePie, hackers attempt to sell stolen 9/11 documents, turning your house into a DOOM level with a Roomba, and hopefully you're over that New Year's hangover, because there's an Adobe PDF app patch to install!

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 07, 2019
Breaches, Privacy, Compliance and More! - Paul's Security Weekly #588
01:11:47

The Security Weekly crew has a lively topic discussion on the following: Security Breaches, Privacy, Vulnerability Disclosure, Evaluating Security Solutions, and Compliance.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 06, 2019
Helping People In The Security Community - Paul's Security Weekly #588
44:19

"Phoneboy" has been helping the security community for over 15 years. We fondly remember Phoneboy as a resource that helped us configure our Check Point firewalls back in the day! Phoneboy comes on the show to discuss how to help people in the security community, a topic near and dear to our hearts.

Full Show Notes: https://wiki.securityweekly.com/Episode588

Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 05, 2019
Hacking the Brainstem, Mandy Logan - Paul's Security Weekly #587
01:06:41

Following a series of 5 strokes and major head injuries, Mandy is no longer in the construction engineering industry. Instead, she is pursuing all things InfoSec with an emphasis on Incident Response, Neuro Integration, Artificial General Intelligence, sustainable, ethical neuro tech, and improving the lives and community of InfoSec professionals and Neurodiverse professionals. She enjoys art, requires loads of rest still, and hopes to be half the person her service dog, Trevor, is.

Support Mandy by going to her GoFundMe Page: https://www.gofundme.com/hacking-recovery-brainstem-stroke

Full Show Notes: https://wiki.securityweekly.com/Episode587
Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 24, 2018
What The Heck Are "Security Basics"? - Paul's Security Weekly #587
01:48:41

The question comes up quite often, what should organizations be doing to meet the basic security requirements? We often hear the terms "Security Basics", "Minimum Security Standards" or dear lord "Security Hygiene". But what does all this mean? Is it the same for everyone? People will point to different resources that attempt to define the security basics, but do they really work? Does compliance play into this picture?

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 23, 2018
Detecting Attacker Behavior, LogRhythm - Paul's Security Weekly #587
25:26

Vaughn will discuss using freely available tools and logs you are already collecting to detect attacker behavior. Vaughn has a cookbook that will allow you to configure and analyze logs to detect attacks in your environment. You don't need anything fancy to detect attacks, use what you have along with freely available tools and techniques!

To get involved with LogRhythm, go to: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/Episode587

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 22, 2018
Top Ten List for 2018 - Enterprise Security Weekly #120
20:16

Paul, Matt Alderman, and John Strand talk Paul’s Top Ten List of 2018! They talk about Paul’s personal favorite acquisitions, breaches, vulnerabilities, interviews, attack tools, news articles, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 21, 2018
Bitdefender, Symantec, & Untangle - Enterprise Security Weekly #120
29:52

Bitdefender offers new managed threat monitoring service, Symantec and Fortinet partner to deliver robust and comprehensive cloud security service, Untangle partners with Malwarebytes to bring layered security to SMBs, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode120

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 21, 2018
Signal App, Jenkins Servers, & WordPress - Application Security Weekly #44
28:52

Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 20, 2018
Leadership Articles - Business Security Weekly #111
21:57

Matt and Paul discuss how to be productive during the holiday season, how to work from home without losing your mind, how to talk to your boss when you’re underperforming, selling your product as you build it, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Dec 19, 2018
Harry Sverdlove, Edgewise - Application Security Weekly #44
32:02

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more!

To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 19, 2018
Bob Ackerman, AllegisCyber - Business Security Weekly #111
47:12

Bob Ackerman is a legend in venture capital investing and is referred to as one of "Cyber's Money Men". Bob is the Founder and Managing Director of venture capital firm AllegisCyber, Co-Founder of DataTribe, Maryland's Cyber Start-up Studio, and the Founder and Executive Chairman of FounderÕs Equity Partners. Bob, welcome to Business Security Weekly.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode111

Dec 18, 2018
Taylor Swift, KringleCon, & 3D Head - Paul's Security Weekly #586
47:56

How Taylor Swift used Facial Recognition to Thwart Stalkers, unlocking android phones with a 3D printed head, Ticketmaster fails to take responsibility for malware, and it's December of 2018, To Hell with it, Just patch your stuff already!

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 17, 2018
Ed Skoudis, Counter Hack Challenge - Paul's Security Weekly #586
34:10

Ed Skoudis, Founder of the Counter Hack Challenge and Kringle Con 2018, joins us on the show to talk about this years challenge and what's in store! "Welcome to Counter Hack Challenges, an organization devoted to creating educational, interactive challenges and competitions to help identify people with information security interest, potential, skills, and experience. We design and operate a variety of capture-the-flag and quiz-oriented challenges for the SANS Institute, Cyber Aces, US Cyber Challenge, and other organizations. Our featured products include NetWars, CyberCity, Holiday Hack Challenge, Cyber Aces Online, and several Cyber Quests."

Join KringleCon: www.kringlecon.com

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 16, 2018
Minerva, Rapid7, & Venafi - Enterprise Security Weekly #119
27:03

NopSec announces the latest release of its flagship product, Minerva Labs Anti-Evasion Platform achieves VMware ready status, SecurityScorecard announces partnership with cybernance to drive holistic view of cyber risk across the enterprise, and we have some acquisition and funding updates from Venafi, WhiteFox, and Pindrop!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 15, 2018
Don Murdoch, Regent University Cyber Range - Paul's Security Weekly #586
41:23

Don Murdoch is the Assistant Director at Regent University Cyber Range. Don discusses his book "Blue Team Handbook Incident Response Edition".

Full Show Notes: https://wiki.securityweekly.com/Episode586

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 15, 2018
John Bradshaw, Acalvio - Enterprise Security Weekly #119
30:16

This segment is sponsored by Acalvio. Check out their deception technologies by visiting https://securityweekly.com/acalvio. And remember, all [cyber] war is based on deception!

Our guest is John Bradshaw, the Sr. Director of Solutions Engineering at Acalvio Technologies. John has more than 25 years of experience in the Cyber Security industry focusing on advanced, targeted threats. John joins Paul Asadoorian and John Strand to discuss the five tenets of enterprise deception, levels of interactivity for deception targets, and many more interest facets of deception technologies as they are applied to an enterprise security program!

To learn more about Acalvio, go to: https://securityweekly.com/acalvio
Full Show Notes: https://wiki.securityweekly.com/ES_Episode119

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 14, 2018
Kubernetes, Firefox, & WordPress - Application Security Weekly #43
27:53

Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, a botnet of over 20,000 WordPress sites is attacking other WordPress sites, the rise of visual studio code, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 13, 2018
Chris Elgee, Counter Hack Challenge - Application Security Weekly #43
22:55

Chris Elgee is a full time husband, father of four, and technical engineer at Counter Hack Challenges. Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it's been working on the challenge vs. playing it, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 12, 2018
Leadership & Communication - Business Security Weekly #110
35:03

How to collaborate with people you don't like, the right way to solve complex business problems, what the habits are of successful people, three things to know before you land a tech job, a CISO's wishlist, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Dec 12, 2018
Brian Carey, Rapid7 - Business Security Weekly #110
33:32

Brian Carey is a Senior Security Consultant at Rapid7, specializing in: Security Program Assessments, Security Program Development, Vulnerability Management Program Development, Security Awareness and Policy Development. In this interview, we discuss emerging trends that he is seeing with his clients, and how they impact their clients' security programs, including maturity, roadmap, and recommendations!

To learn more about Rapid7, go to: www.rapid7.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/BSWEpisode110

Dec 11, 2018
Marriott Breach, Lame Printer Hack, and Docker - Paul's Security Weekly #585
40:46

This week, how Docker containers can be exploited to mine for cryptocurrency, WordPress sites attacking other WordPress sites, why the Marriott Breach is a valuable IT lesson, malicious Chrome extensions, why hospitals are the next frontier of cybersecurity, and how someone is claiming to sell a Mass Printer Hijacking service!

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 10, 2018
Marcello Salvati, BHIS - Paul's Security Weekly #585
33:47

Marcello Salvati is a security consultant at BHIS, and is giving a technical segment on SilentTrinity. Marcello will solve the red team tradecraft problem of gaining dynamic access to the .net api without going through powershell.

To learn more about Black Hills Information Security, go to: https://www.blackhillsinfosec.com/PSW

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 09, 2018
Ixia, Yubico, Fortinet, and ZeroStack - Enterprise Security Weekly #118
26:02

Ixia extends collaboration with ProtectWise, Ping Identity brings in New Customer Identity as a service solution, Fortinet introduces new security automation capabilities on AWS, and Yubico announces YubiHSM 2 integration with AWS IoT Greengrass!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode118

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 08, 2018
Lenny Zeltser, Minerva Labs - Paul's Security Weekly #585
01:06:39

Lenny Zeltser the VP of Products at Minerva, will be giving a technical segment on Evasion Tactics in Malware from the Inside Out. He will explain the tactics malware authors use to evade detection and analysis and find out how analysts examine these aspects of malicious code with a disassembler and a debugger.

To learn more about Minerva Labs, go to: https://l.minerva-labs.com/security-weekly

Full Show Notes: https://wiki.securityweekly.com/Episode585

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 08, 2018
Mike Nichols, Endgame - Enterprise Security Weekly #118
36:54

Mike Nichols, the VP of Product for Endgame, joins us for an interview to talk about MITRE evaluation of Endgame, Open-Source Query Language EQL, and Storytime with Mike!

To learn more about Endgame, go to: www.endgame.com

Full Show Notes: https://wiki.securityweekly.com/ES_Episode118

Visit http://securityweekly.com/esw for all the latest episodes!

Dec 07, 2018
NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42
30:26

Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, the state of JavaScript, Amazon announces Firecracker, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 06, 2018
Leadership Articles - Business Security Weekly #109
36:27

Paul and Jason Alburquerque discuss The new math of leadership, How pragmatic leaders can transform stuck organizations, and Why building a work community is critical!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Dec 05, 2018
Aleksei Tiurin, Acunetix - Application Security Weekly #42
30:24

Aleksei Tiurin is the Senior Security Researcher for Acunetix. He is performing a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.

To learn more about Acunetix, go to: www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 05, 2018
Jay Prassl, Automox - Business Security Weekly #109
22:26

Matt Alderman interviews Jay Prassl, the CEO of Automox. Jay Prassl explains what Automox does, how Automox bridges the gap between ITOps and SecOps use case, and how Automox defines the way to patch systems in the MacOS, Linux, Windows, and MSP.

To learn more about Automox, go to: www.automox.com

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode109

Dec 04, 2018
"Dunkin" Donuts, Microsoft, & Marijuana - Paul's Security Weekly #584
01:17:37

Hackers breach Dunkin Donuts, how insiders are serious threats to security in an organization, the return of email flooding, Microsoft helps police shut down fake tech support in India, and how Las Vegas police are cracking down on Black Market marijuana sales!

Full Show Notes: https://wiki.securityweekly.com/Episode584

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 03, 2018
Wietse Venema & Dan Farmer, SATAN - Paul's Security Weekly #584
59:27

Wietse Venema and Dan Farmer, the Developers of Security Administrator Tool for Analyzing Networks (SATAN), talk about their experience as developers, their journey to creating SATAN and their decision to keep SATAN a open source tool.

Full Show Notes: https://wiki.securityweekly.com/Episode584

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 02, 2018
Sven Morgenroth, Netsparker - Paul's Security Weekly #584
31:53

Sven will talk about PHP Object injection vulnerabilities and explain the dangers of PHP's unserialize function. He will show the format of serialized PHP Objects, explain PHP's magic methods and how to write an exploit for a PHP Object Injection vulnerability during his technical demo.

Full Show Notes: https://wiki.securityweekly.com/Episode584

To learn more about Netsparker, go to: https://www.netsparker.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 01, 2018
EdgeEngine, Cloud-Native, and Orkus - Enterprise Security Weekly #117
25:16

tackPath launches EdgeEngine Serverless Computing, Alcide advances Cloud-Native security Firewall platform, Orkus launches Access Governance platform for Cloud Security, Tufin announces a new Cloud Security solution, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode117

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 29, 2018
Drupalgeddon, USPS, & JavaScript - Application Security Weekly #41
30:03

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 29, 2018
Jeremy Winter, Microsoft - Enterprise Security Weekly #117
36:47

Jeremy Winter is Director of Azure Management, responsible for areas such as Azure Governance, Policy, Configuration, PowerShell, Disaster Recovery, Azure Migrate and the Azure Portal Experiences from within Azure Compute. He joins Paul and John to talk about Microsoft's Azure program, the shift in CloudOps and how it matters to security, and how it helps further the evolving roles of Cloud Ops and Cloud Security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode117

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 28, 2018
Leadership Articles - Business Security Weekly #108
33:21

The million-dollar question of cyber-risk, risk assessments essential to secure third-party vendor management, how digital tech is transforming business ecosystem, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Nov 28, 2018
Brent Dukes - Application Security Weekly #41
41:21

Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 28, 2018
Richard Seiersen, President of M-Cubed - Business Security Weekly #108
38:58

Richard Seiersen a CISO with experience ranging from small technology companies to multi-national conglomerates. He joins Matt and Paul this week to talk about Richard’s CISO experience and expertise, and the book Richard co-authored called, "How to Measure Anything in Cybersecurity Risk".

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode108

Nov 27, 2018
Mimecast, Endpoint Security, & Tufin - Enterprise Security Weekly #16
21:46

Israeli cybersecurity company Tufin plans NASDAQ IPO, F-Secure boosts endpoint detection and response, Mimecast joins IBM Security app exchange community, and Awake Security debuts Network Traffic Analysis Platform to detect risks!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode116

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 24, 2018
Rick Fernandez, LogRhythm - Enterprise Security Weekly #16
36:18

Rick Fernandez is the Sr. Sales Engineer focused on Sales Integrators at LogRhythm. The discussion is about what Sis want isn’t that different from the Enterprise. They discuss automating the hunt, contextualizing and enriching before analysts have to work with the alarm/data, and the ability to scale contextualization and enrichment so it pulls from your entire environment, not just a single source/log/event.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode116

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 23, 2018
Interviews: Venafi, Irdeto, and HP - Enterprise Security Weekly #16
48:19

Our interviews with Jeff Hudson the CEO of Venafi, Dr. Kimberlee A. Brannock and Michael Howard from HP, and Ben Bennett and Mark Hearn from Irdeto.

For Full DefCon18 Playlist, go to: https://securityweekly.com/summercamp18

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 22, 2018
Goals, Leadership, & Don't Set Limits - Business Security Weekly #107
25:11

Jason Alburquerque and Paul discuss six ways you can establish which goals are important, how to diversify your professional network, the impact of perception and bias on leadership, and more!


Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Nov 21, 2018
Michael Pleasant, Open Security - Business Security Weekly #107
31:51

Michael Pleasant is the Chief Executive Officer at Open Security. Michael talks about how his transferring from Marine training to a business environment, brought a different perspective/technique to the business. He also talks about his company Open Source and their mission for the client.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode107

Nov 20, 2018
Instagram, Kraken, GitMiner - Application Security Weekly #40
29:08

Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekl

 

Nov 20, 2018
John Kinsella, Layered Insight - Application Security Weekly #40
35:54

Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it's acquisition of Layered Insight. John talks about Qualys' Container Security that centralized, continuous discovery and tracking for containers and images.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 19, 2018
Spectre, ATMs, and Japan's Minister - Paul's Security Weekly #583
01:15:32

7 new Spectre/Meltdown attacks, Hacking ATM's for free cash is easier than Windows XP, AI can now fake fingerprints fooling ID scanners, and Japan's cybersecurity minister admits he's never used a computer!

Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 19, 2018
John Moran, DFLabs - Paul's Security Weekly #583
40:01

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about IncMan SOAR and how DFLabs Automation & Response platform helps automate, orchestrate, and measure CSIRTs and SOCs.

To learn more about DFLabs, go to: www.dflabs.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 18, 2018
Jon Buhagiar, Sybex - Paul's Security Weekly #583
49:00

Jon Buhagiar is responsible for Network Operations at Pittsburgh Technical College for the past 19 years. Jon is currently a Network+ Review Course Instructor at Sybex, and he joins us to talk about Network Operations at Sybex.

Full Show Notes: https://wiki.securityweekly.com/Episode583

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 17, 2018
Dragos, BlackBerry, & ForeScout - Enterprise Security Weekly #115
31:57

AlgoSec delivers Native Cloud Security Management for Azure, HP Reinvents customer experience with Ping Identity, what mid market security budgets will look like in 2019, and we have some acquisition & funding updates from ForeScout, Dragos, Netskope, Duality, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode115

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 16, 2018
Brian Kelly, CyberArk - Application Security Weekly #39
29:58

Brian Kelly is Head of Conjur Engineering at CyberArk, where he focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39

To learn more about Conjur, go to: www.conjur.org/asw

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 15, 2018
James Wickett, Signal Sciences - Enterprise Security Weekly #115
32:50

James Wickett is the Head of Research at Signal Sciences. James talks about how security is moving to the application space and web applications. WAFs may seem tedious but they are necessary to allow developers to focus on other things.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode115

To learn more about Signal Sciences, go to: www.signalsciences.com/psw

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 15, 2018
Dario Forte, DFLabs - Business Security Weekly #106
29:43

Dario Forte the CEO & Founder of DFLabs, explains his journey to the position he is in now. Dario talks about DFLabs and their platform tools. Dario also explains DFLabs recent press release about Open Integration Framework and what it allows people to do when it comes to the DFLabs platform addressing SOAR.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode106

Nov 14, 2018
ColdFusion, Destroying Logs, & Tracing Meme's - Application Security Weekly #39
32:13

DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 14, 2018
Leadership Articles - Business Security Weekly #106
27:22

In the Article Discussion, Matt and Paul talk the key to better focus and higher productivity, living your life on purpose, why people are willing to do more meaningful work for less money, the fundamentals of leadership, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode106

Nov 13, 2018
Eyal Neemany, Javelin Networks - Paul's Security Weekly #582
51:12

Former Head of Israeli Air Force CERT & Forensics Team, Senior Security Researcher at Javelin Networks. Eyal will be discussing securing remote administration, remote credentials, explains that Jump Servers aren’t as good, and show you have to connect to remote machines using AD.

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 12, 2018
Corin Imai, DomainTools - Paul's Security Weekly #582
28:29

Corin Imai is Sr. Security Advisor for DomainTools. Corin began her career working on desktop virtualization, networking, and cloud computing technologies before delving into security. This interview, they talk about DNS, phishing tools, and tease what DomainTools has in store for 2019.

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 11, 2018
Symantec, Veracode, & Thoma Bravo - Enterprise Security Weekly #114
22:43

Symantec boosts security with Javelin Networks, ThreatQuotient integrates Verified Breach Intelligence from Visa, FireMon delivers hybrid cloud security with new visibility and orchestration, StackPath partners with Sectigo, and we have some acquisition & funding updates from Veracode, Shape Security, Thoma Bravo, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode114

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 10, 2018
Harry Sverdlove, Edgewise - Enterprise Security Weekly #114
28:16

Harry Sverdlove is currently the CTO and Founder at Edgewise. He joins Matt and Paul this week to talk about Zero Trust Segmentation, what Edgewise does, and how it’s helping the community in new and effective ways today!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode114

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 09, 2018
'Stalkerware', DHCPv6 Packets , & Python - Application Security Weekly #38
28:10

In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 08, 2018
Leadership Articles - Business Security Weekly #105
35:06

In the Leadership Articles, Matt and Paul talk how getting fired can be good for your career, a powerful planning routine that puts you in control, how to get better with sales execution, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode105

Nov 07, 2018
Daniel Cuthbert, Banco Santander - Application Security Weekly #38
23:43

Daniel Cuthbert is the Global Head of Security Research for Banco Santander. He joins Keith and Paul this week for an interview!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 07, 2018
Alex Wood, CISO - Business Security Weekly #105
34:01

Matt Alderman's good friend Alex Wood comes on the show to talk about the business mind set, how to be an effective CISO, and the vulnerabilities in the business that you have to watch out for.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode105

Nov 06, 2018
Apache, Dirty Cow, & Edge - Paul's Security Weekly #582
42:39

Cisco accidentally released Dirty Cow exploit code, Apache Struts Vulnerabilities, Zero Day exploit published for VM Escape flaw, Spam spewing IoT botnet infects 100,000 routers, and some of these vibrating apps turn your phone into a sex toy!

Full Show Notes: https://wiki.securityweekly.com/Episode582

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 06, 2018
AWS Lambda, Bleedingbit, and Cisco - Paul's Security Weekly #581
01:14:16

AWS Security Best Practices, Masscan and massive address lists, Bleedingbit vulnerabilities, and Cisco Zero-Day exploited in the wild, ! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 05, 2018
Matt Toussain, BHIS - Paul's Security Weekly #581
35:46

Matt Toussain a Security Analyst at Black Hills Information Security, will be giving a tech segment on remote access tools (RAS).

To learn more about BHIS, go to: https://www.blackhillsinfosec.com/PSW
Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 05, 2018
Aleksei Tiurin, Acunetix - Paul's Security Weekly #581
39:49

Aleksei Tiurin is the Senior Security Researcher for Acunetix. Aleksei is giving a technical segment on insecure deserialization in Java/JVM and explains what polymorphism is. Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks.

To learn more about Acunetix, go to: https://www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/Episode581

→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Nov 04, 2018
LogRhythm, SOAR, and A Huge Acquisition - Enterprise Security Weekly #113
39:53

LogRhythm advances NextGen SIEM security platform with SOAR, Ping Identity launches a Quickstart private sandbox, McAfee takes a big step in the cloud, Endgame improves Endpoint Security with Total Attack Lookback, and we have some acquisition updates from IBM, Red Hat, Neustar, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode102

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 03, 2018
Ian McShane, Endgame - Enterprise Security Weekly #113
31:32

Ian McShane has nearly two decades of experience in operational IT and security and risk planning for enterprises, service providers and software vendors. Paul, Matt, and Ian talk about the future of the enterprise and Endgame's enterprise tools!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode113

Visit http://securityweekly.com/esw for all the latest episodes!

Nov 02, 2018
Airline Hacks, MicroTik Bug, & WordPress - Application Security Weekly #37
29:54

Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, WordPress team working to wipe-out older versions from existence on the Internet, MicroTik Router Bug is as bad as it gets, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 01, 2018
Johnny Xmas, Kasada.io - Application Security Weekly #37
39:41

Keith, Paul, and Johnny Xmas discuss airport security, penetration testing, the top 5 payment apps, and DevOps infused conversation!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 31, 2018
AI Fear, FDA, Tesla, and D-Link - Paul's Security Weekly #580
01:05:57

Fear of AI attacks, the FDA releases cybersecurity guidance, watch hackers steal a Tesla, serious D-Link router security flaw may never be patched, and California addresses default passwords! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 29, 2018
Yossi Sassi, Javelin Networks - Paul's Security Weekly #580
57:33

Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about persistence.

To learn more about Javelin Networks, Go To: www.javelin-networks.com

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 28, 2018
Veronica Schmitt, DFIRLABS - Paul's Security Weekly #580
55:01

Veronica Schmitt is the Sr. Digital Forensic Scientist for DFIRLABS. Veronica explains what SRUM is in WIndows 10. She explains how SRUM can be a valuable tool in Digital Forensics.

Full Show Notes: https://wiki.securityweekly.com/Episode580

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 27, 2018
Security Solutions, Acquisitions, and IPOs - Enterprise Security Weekly #112
31:15

Netscout takes internet scale Threat Protection to the EDGE, Splunk addresses several vulnerabilities in Enterprise and Light products, Ping Identity launches a Quickstart Private Sandbox, and we have some acquisition updates from CheckPoint acquiring Dome9, CrowdStrike, Fortinet, Rapid7, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode112

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 27, 2018
Jonathan Sander, Snowflake - Enterprise Security Weekly #112
31:19

Jonathan Sander explains how he came to work for Snowflake and what Snowflake does in the enterprise security space. Jonathan explains how Snowflake contains their data and protect from breaches as well as keeping the data safe.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode112

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 26, 2018
Cryptocurrency, Disney, and Adobe - Application Security Weekly #36
27:33

Hackers hide Cryptocurrency malware in Adobe flash updates, the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and Disney is helping women from across their company to become Developers!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 25, 2018
Leadership, Communication, and Innovation - Business Security Weekly #103
30:54

In the Article Discussion, Michael and Paul talk about the root cause of workplace drama, how to make the most of meetings between IT and your business partners, how to stop procrastinating on your goals by using the "Seinfeld Strategy", and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

Oct 24, 2018
Bugs, Breaches, and More! - Application Security Weekly #36
29:18

Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 24, 2018
Michael McKee, ObserveIT - Business Security Weekly #103
34:32

Mike McKee, CEO of ObserveIT, joins us to talk about the importance of focussing on people, and you do that to experience growth.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode103

To Learn More About ObserveIT, Go To: www.observeit.com/securityweekly

Oct 23, 2018
Shodan, Apache, ICS, and Controllers - Paul's Security Weekly #579
49:18

How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security Plagued with Basic, and avoidable mistakes!

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 22, 2018
John Walsh, CyberArk - Paul's Security Weekly #579
39:39

John Walsh the DevOps Evangelist for CyberArk joins us on the show. John talks about the articles he wrote for CyberArk about Kubernetes, DevSecOps, and how to strengthen your container authentication with CyberArk.

Sponsor Landing Page: https://www.conjur.org/asw

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 21, 2018
Mark Dufresne, Endgame - Paul's Security Weekly #579
45:51

Mark Dufresne explains why MITRE created their tool and what the MITRE attack framework is.

Full Show Notes: https://wiki.securityweekly.com/Episode579

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 20, 2018
BlackBerry, Imperva, & CyberArk - Enterprise Security Weekly #111
16:45

In the Enterprise Security News, Avast launches AI-based software for phishing attacks, Carbon Black and Secureworks apply Red Cloak Analytics to Carbon Blacks Cloud, ShieldX integrates intention engine into Elastic Security Platform, and we have updates from Imperva, WhiteSource, BlackBerry, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

 

Visit https://www.securityweekly.com/esw for all the latest episodes! 

Oct 19, 2018
Briefings Summary - Enterprise Security Weekly #111
32:04

In a special segment for this week, John Strand and Paul discuss some companies that Paul had a chance to sit down for briefings with! They discuss GuardiCore and their Application Segmentation, Cyxtera and their Network Security and Software Defined Perimeters, PreVeil’s Encrypted Email and File Sharing, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ES_Episode111

 

Visit https://www.securityweekly.com/esw for all the latest episodes! 

Oct 18, 2018
Garrett Gross, Rapid7 - Application Security Weekly #35
28:43

Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. Garrett joins Keith and Paul this week for an interview!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

www.rapid7.com/securityweekly

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 16, 2018
Git Project, Google+, & Facebook - Application Security Weekly #35
31:57

In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is Shutting Down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, Climate Change being taught on Fortnite Twitch stream, and more!

 

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 16, 2018
Article Discussion - Business Security Weekly #102
40:00

This week, Michael and Paul talk about the Article Discussion on Leadership, Communication, and Innovation! They discuss how to automate habits and never think about them again, why it’s important to explain to employees that organizational changes are coming, how journaling can boost your leadership skills, why you need to tell them why, and more on this episode of Business Security Weekly!

 

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode102

Oct 16, 2018
DerbyCon, Russians, and Next Story - Paul's Security Weekly #578
39:33

New Apple and Microsoft security flaws at Black Hat Europe, CCTV makers leaves at least 9 million cameras public, upset Google+ users are sueing Google, US weapons systems apparently can be easily hacked, not all multifactor authentication is created equal, and Kanye's '000000' password makes iPhone security great again!

Full Show Notes: https://wiki.securityweekly.com/Episode578

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 15, 2018
Lee Neely, Lawrence Livermore National Lab - Paul's Security Weekly #578
53:06

Lee Neely is a senior IT and security professional at LLNL with over 25 years of extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 14, 2018
Omer Yair, Javelin - Paul's Security Weekly #578
28:09

Omer is End-Point team lead at Javelin Networks. The team focuses on methods to covertly manipulate OS internals. Before Javelin Networks, he was a malware researcher at IBM Trusteer for two years focusing on financial malware families and lectured about his research on Virus Bulletin and Zero Nights conferences.

Full Show Notes: https://wiki.securityweekly.com/Episode578

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 13, 2018
Mark Russinovich, Microsoft Azure - Enterprise Security Weekly #110
29:14

Doug White interviews Mark Russinovich at Microsoft Ignite. Doug and Mark talk about Azure Confidential Computing, Mark's book Zero Day, and Azure security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 12, 2018
Splunk, White Hat, and Palo Alto - Enterprise Security Weekly #110
36:00

Splunk unveils first IoT platform for customers, Palo Alto Networks acquires RedLock to build out Cloud Security Tech, KnowBe4 boosts security awareness training with Virtual Risk Officer, Symantec brings workload assurance security to the Cloud, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode110

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 11, 2018
Mimecast, LogRhythm, & Tanium - Enterprise Security Weekly #109
19:56

Mimecast offers free training kit as part of Cybersecurity Awareness Month, Microsoft will finally kill off the old Skype client (for real this time), Security startup Tanium raises another $200 million at a $6.5 billion valuation, LogRhythm receives patent for data monitoring tech, Tufin launches first of its kind program for MSSPs, three reasons why BlackBerry stock is potentially about to soar, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 06, 2018
Michael Gordover, ObserveIT - Enterprise Security Weekly #109
30:55

Mike Gordover is a Pre-Sales manager and solutions architect at ObserveIT. He has been at ObserveIT consulting on insider threat management for 5 years, working hands on with over 300 deployments, and working with researchers and analysts on strategies to mitigate internal risk. Paul and John talk with Michael about the current perception in the market of DLP, how ObserveIT’s solutions differ from traditional DLP, what challenges he faces when combating insider threats, and much more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode109 ObserveIT Landing Page: www.observeit.com/securityweekly

Visit http://securityweekly.com/esw for all the latest episodes!

Oct 05, 2018
Bugs, Breaches, and More - Application Security Weekly #34
30:52

Facebook discloses the loss of at least 50M Access Tokens also covered by Motherboard Formjacking is on the rise, Google admits to allowing hundreds of companies read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 04, 2018
Leadership, Communication, and Innovation - Business Security Weekly #101
28:39

Michael, Paul, and Jason discuss how to develop empathy for someone who annoys you, separating the quality of the outcome and quality of the decision, and much more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Oct 03, 2018
Landing a Job in Application Security - Application Security Weekly #34
32:08

Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there's no substitute for Practice, OWASP Juice Shop, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly

Oct 03, 2018
Jason Albuquerque, Carousel Industries - Business Security Weekly #101
26:49

Michael and Paul ask Jason how to become a better business. Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Oct 02, 2018
Business Tips and Tricks - Business Security Weekly #104
51:35

Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!

Oct 02, 2018
Linux Bugs, macOS Zero-Day, & Twitter Exposed - Paul's Security Weekly #577
42:59

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook’s 2-Factor authentication With a phone number isn’t only for security, it’s used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Oct 01, 2018
Offensive Operating Against SysMon, Carlos Perez - Paul's Security Weekly #577
29:22

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 30, 2018
Mike Nichols, Keith McCammon, & Shawn Smith - Paul's Security Weekly #577
41:58

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary’s Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was.

Full Show Notes: https://wiki.securityweekly.com/Episode577

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 29, 2018
BeyondTrust, Rapid7, & Symantec - Enterprise Security Weekly #108
42:08

In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition from PAM vendor, Rapid7 looks to SOAR with InsightConnect Automation Platform, DigiCert, Gemalto, and ISARA Partner on Quantum-Safe Encryption, Symantec extends Data Loss Prevention Platform with DRM, ExtraHop announces the availability of Reveal(x) for Microsoft Azure, Attivo brings cyber security deception to containers and serverless, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode108

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 28, 2018
Threat & Vulnerability Management - Enterprise Security Weekly #108
31:16

Paul and Matt sit down this week to discuss Threat and Vulnerability Management, the value it has, and the different players that deal with it in the Enterprise. They delve into Cloud and Application Security’s impact on vendors, and who they need to look at for potential integrations or acquisitions.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode108

Visit https://www.securityweekly.com/esw for all the latest episodes!

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 27, 2018
Newegg, Ticketmaster, & iOS 12 - Application Security Weekly #33
34:26

In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 27, 2018
Ron Gula, Gula Tech Adventures - Application Security Weekly #33
41:57

Ron started his cybersecurity career as a network penetration tester for the NSA, and is the Founder of Tenable and Gula Tech Adventures. He joins Keith and April for an interview to talk about security in the upcoming elections, how to maintain separation of duties, attack simulation, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 26, 2018
Scott King, Rapid7 Pt. 2 - Business Security Weekly #100
30:37

In the second part of Scott’s interview, Michael and April talk with him about ICS security, communication, and building relationships! They discuss the best practices to understand how these systems work, holding accountability, common goals, and how legal and security share common goals!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Sep 26, 2018
Scott King, Rapid7 Pt. 1 - Business Security Weekly #100
28:00

Scott brings a unique mixture of hands-on experience in incident response, penetration testing, forensics, operations, architecture, engineering, and executive leadership as a former Chief Information Security Officer (CISO) to the Rapid7 Advisory team. He talks about his role at Rapid7, why he joined the company, how to integrate security better into an organization, and what he recommends to people who need to break the ice and get their first meeting started!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Sep 25, 2018
GovPayNow.com, AmazonBasics, and FBI - Paul's Security Weekly #576
57:16

Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Microwave works with Alexa!

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 24, 2018
Threat Hunting in the Cloud, Apollo Clark - Paul's Security Weekly #576
30:16

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools.

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 24, 2018
Mike Ahmadi, DigiCert - Paul's Security Weekly #576
49:18

Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare.

Full Show Notes: https://wiki.securityweekly.com/Episode576

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 23, 2018
Cisco, Fidelis, Crossmatch, and DigitalPersona - Enterprise Security Weekly #107
33:22

Cisco aims to make security foundational throughout its business, Fidelis looks to grow cyber-security platform, How artificial intelligence can improve human decision-making in IoT apps, Crossmatch announces the availability of DigitalPersona v3.0, and video fingerprinting.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode107

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 22, 2018
Audit Mistakes - Enterprise Security Weekly #107
32:24

Doug White and Matt Alderman talk about audit mistakes. Don't get into the mindset of ticking the box to satisfy audit. - What is this control and why are using it? - What does it control?

Full Show Notes: https://wiki.securityweekly.com/ES_Episode107

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 21, 2018
Bluebox-ng, Stock Data Breaches, and CommitStrip- Application Security Weekly #32
36:51

Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 20, 2018
Tracking Security Innovation - Business Security Weekly #99
28:25

Michael Santarcangelo joined by special guest Ron Gula from Gula Tech Adventures, talk with Chris Brenton about how do you take someone with a basic level certification and give them access to the tool?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Sep 19, 2018
April Wright, ArchitectSecurity.org - Application Security Weekly #32
35:00

Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 19, 2018
Microsoft, Elon Musk, Kernel and Powershell - Paul's Security Weekly #575
01:17:06

Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode575

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 18, 2018
Chris Brenton, ACM - Business Security Weekly #99
37:17

Michael Santarcangelo returns! Michael is joined by Matt Alderman and Ron Gula to interview Chris Brenton. They discuss what is threat hunting, what does this actually mean, is there a level of maturity required (organization, security team, individuals)?

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Sep 18, 2018
Bypassing PAM, Eyal Neemany - Paul's Security Weekly #575
40:23

Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks.

→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Sep 17, 2018
Brian Coulson, LogRhythm - Paul's Security Weekly #575
39:57

Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA.

→Full Show Notes: https://wiki.securityweekly.com/Episode575
→Visit our website: https://www.securityweekly.com
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly

Sep 16, 2018
CLEAR, Demisto, OneLogin & Netskope - Enterprise Security Weekly #106
36:34

Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode106

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 15, 2018
Dave Maestas, Bandura - Enterprise Security Weekly #106
38:55

David Maestas, also known as Dave, is the Co-Founder and Chief Technology Officer at Bandura Systems. David talks about how to phase out the bad tools and companies in the enterprise.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode106

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 14, 2018
Microsoft, Equifax, MacOS, and Bug Bounties - Application Security Weekly #31
33:03

U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 13, 2018
Imperva, Allstate, & Sonatype - Business Security Weekly #98
38:24

Imperva acquires app security firm Prevoty in $140 million deal, Allstate accelerates expansion into Identity Protection with acquisition of InfoArmor, Sonatype receives $80 million investment from TPG, Very Good Security makes data unhackable with $8.5 million from Andreessen, Lacework raises $24 million for AI-based cloud security platform, Synapsefi raises over $17 million in Series A funding, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Sep 12, 2018
Zane Lackey, Signal Sciences - Application Security Weekly #31
43:21

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 12, 2018
Supermicro, Apache Struts, & HTTPS - Paul's Security Weekly #574
44:07

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts!

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 11, 2018
Gabriel Gumbs, STEALTHbits - Business Security Weekly #98
33:22

Michael and Paul interview Gabriel Gumbs from STEALTHbits. They talk about moving from detection to prevention, and protecting your data!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Sep 11, 2018
Beacon Analysis, Chris Brenton - Paul's Security Weekly #574
35:32

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process.

***Powerpoint Slides in Full Show Notes***

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 10, 2018
Wim Remes, Wire Security bvba - Paul's Security Weekly #574
49:26

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications.

Full Show Notes: https://wiki.securityweekly.com/Episode574

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 09, 2018
Black Hat Dual Interview pt. 2- Enterprise Security Weekly #105
21:43

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 08, 2018
Black Hat Dual Interview pt.1- Enterprise Security Weekly #105
23:16

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 07, 2018
BitSight, SentinelOne, and McAfee - Enterprise Security Weekly #105
26:37

How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode105

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 06, 2018
Texas, T-Mobile, and Jack Daniel - Paul's Security Weekly #573
55:58

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 04, 2018
No-Script Automation Tool, John Moran - Paul's Security Weekly #573
30:04

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 03, 2018
Jayson Street, SphereNY - Paul's Security Weekly #573
52:25

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects.

Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Sep 02, 2018
Minerva Labs, CrowdStrike, & VMware - Enterprise Security Weekly #104
26:30

In the Enterprise News this week, VMWare launches Blockchain project, lacework raises new funds to extend Cloud Security capabilites, Minerva Labs achieves certified integration with McAfee ePO, CrowdStrike helps advance malware searches on hybrid analysis portal, Atos named a leader in IoT services by global analyst firm NelsonHall, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

Sep 01, 2018
Office 365 User Behavior Analytics - Enterprise Security Weekly #104
09:37

John Strand delivers the Technical Segment this week on Office 365 User Behavior Analytics. The idea is if you have a user account simultaneously logged in to multiple computer systems, that may be abnormal.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 31, 2018
Fortnite, Netflix, & Black Hat - Application Security Weekly #30
30:03

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 30, 2018
Rick Holland, Digital Shadows - Enterprise Security Weekly #104
38:45

Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode104

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 30, 2018
Cloudera, AlienVault, and CA - Business Security Weekly #97
26:52

Join Paul, Doug White, and Todd to talk about Security Innovation that includes: AlienVault, Cloudera, Splunk, Fortinet, CA and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 29, 2018
The Apache Struts2 RCE Vulnerability - Application Security Weekly #30
29:26

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover:

- CVE-2018-11776

- How the 3 Ways of DevOps can guide us toward better security practices

- Shared Version Control

- Test Environments

- Shared Ticketing

- ChatOps

- Buying

Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 29, 2018
Burp Suite 2.0, DNC, and NotPetya - Paul's Security Weekly #572
01:13:00

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 28, 2018
Todd Weller, Bandura Systems - Business Security Weekly #97
42:04

Todd talks about his journey in the security industry. Todd also explains what Bandura Systems does for the security industry and how they sell their solution to companies.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 28, 2018
PHP Type Juggling Vulnerabilities, Netsparker - Paul's Security Weekly #572
27:31

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 27, 2018
Tod Beardsley, Rapid7 - Paul's Security Weekly #572
57:34

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report.

Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 26, 2018
Mike Jones, DomainTools - Enterprise Security Weekly #103
21:40

Mike leads the Product Management, Product Marketing, UX, and Business Development efforts at DomainTools. He brings over 20 years of experience in the security industry, and has a real passion for building products that customers love and driving significant growth for the product lines he leads.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 25, 2018
DEF CON 2018: Enterprise Vendors pt. 2 - Enterprise Security Weekly #103
39:13

Paul Asadoorian and Matt Alderman compare and contrast the enterprise security vendors that were at Black Hat and DEF CON 2018.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 24, 2018
Matt Alderman & Paul Asadoorian, Def Con 2018 - Application Security Weekly #29
21:04

Matt Alderman and Paul sat down at DEF CON to talk all of the AppSec vendors that they held briefings with at our Pool Cabana. They sat down with companies like Synopsis, Signal Sciences, and discussed how their products influence the AppSec world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 23, 2018
DEF CON 2018: Enterprise Vendors pt.1 - Enterprise Security Weekly #103
19:03

Paul Asadoorian and Matt Alderman talk about and discuss the enterprise security vendors that attended DEF CON 2018.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode103

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 23, 2018
Matt Alderman & Paul, Def Con 2018 - Business Security Weekly #96
26:23

Matt Alderman sits down with Paul this year at DEF CON to talk about the processes that they go through to hold briefings. Founders, CEO’s, and Business Execs of many different companies sat down to discuss what their product was, how they fit into the marketplace, and who their competition is, all while sitting aside Security Weekly’s Pool Cabana in the Las Vegas sun.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode96

Visit http://securityweekly.com/category/ssw for all the latest episodes!

!

Aug 22, 2018
Tom McLaughlin, ServerlessOps - Application Security Weekly #29
40:26

Tom is the founder of ServerlessOps (https://www.serverlessops.io/) and an experienced operations engineer. He started ServerlessOps after he asked the question, what would he do if servers went away? At a loss for an answer and interested in the future of his profession, he decided to pursue the answer. Tom is actively engaged in promoting serverless infrastructure and engaging with the community to learn more about their thoughts, wants, and concerns are around the topic.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 22, 2018
Cigars and Security - Paul's Security Weekly #571
49:25

Paul and Matt Alderman had the chance at DEF CON to sit down and talk about Cigars and Security. In our very first episode, Paul asks Matt questions on how he got started in Security, who some of his biggest influencers were, and how he feels about the Security world today. Matt asks Paul questions about Cigars, their origin, and what the difference is between different tobaccos grown all around the world.

Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 21, 2018
Sharon Goldberg, Commonwealth Crypto - Business Security Weekly #96
38:47

Sharon Goldberg is the CEO/Co-Founder of Commonwealth Crypto, a Boston blockchain startup that is making cryptocurrency trading more secure. She is also an associate professor in the Computer Science Department at Boston University, where her research focuses on securing the protocols that provide many of the global internet's core functions.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode96

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 21, 2018
Spoofing GPS with a hackRF, Larry Pesce - Paul's Security Weekly #571
57:54

Our very own Larry Pesce delivers the Technical Segment this week on Spoofing GPS with a hackRF.

Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 20, 2018
ThinkPenguin, Hacking Bodycams, & Adobe Flaws - Paul's Security Weekly #571
01:25:35

In the Security News this week, Hacking Police Bodycams, Adobe fixes critical code execution flaws in latest patch update, Researchers develop device to aid in hunt for stealthy ATM card skimmers, Australians who wont unlock their phones could face 10 years in jail, overcoming 'Security as a Silo' with Orchestration and Automation, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode571 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 20, 2018
Attack Simulation - Enterprise Security Weekly #102
16:39

Paul and Matt discuss all of the vendors providing attack simulation solutions, including why you want (or need) this type of solution, the problem(s) they solve, and differentiators. This is an exciting space, so exciting that Paul and Matt sweat A LOT as this was recorded live from our pool cabana in Las Vegas!

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 18, 2018
ICS - Enterprise Security Weekly #102
19:47

Paul and Matt review the ICS security landscape, discussing the problems and potential solutions to secure critical infrastructure. We used several on-site interviews and briefings with solutions providers at Blackhat as a basis for this segment. Recorded live at the Security Weekly pool cabana in Las Vegas!

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 17, 2018
Al Ghous, GE Digital - Enterprise Security Weekly #102
38:41

Al Ghous is the Sr Director of Cyber Security for GE Digital. In this capacity Al is responsible for GE Digital’s Cloud Platform and Product Cyber Security where he is focused on building secure and resilient Cloud for the Industrial Internet of Things (IIOT).

Full Show Notes: https://wiki.securityweekly.com/ES_Episode102

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 16, 2018
Secure Coding Practices - Application Security Weekly #28
32:50

After arriving back from Black Hat and DEF CON 2018, Doug joins Keith to share some of his stories about attending the world famous security conferences. They discuss, secure coding practices.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 15, 2018
Alibaba Cloud Security, Comcast, and Facebook - Application Security Weekly #28
32:28

Alibaba Cloud Security team discovers Apache spark rest API remote code execution exploit, Comcast security flaws exposed partial address, Hacker finds hidden 'God Mode' in old x86 CPUs, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 14, 2018
Resources, Bugs, Breaches, and Learning Tools - Application Security Weekly #27
33:05

Hardware-based Root of Trust, Small Trusted Computing Base, React v16.4.2, GitHub shows best practices for account security and recoverability, and the cost of JavaScript, and Food for Thought!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 09, 2018
Katie Stebbins, UMASS - Business Security Weekly #95
40:34

Katie Stebbins is the Vice President for economic development for the University of Massachusetts, a five-campus, 75,000-student public research university system. She serves as a liaison to the business community, establishing and growing research and workforce development partnerships to benefit the university and the Commonwealth of Massachusetts.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode95

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 08, 2018
Galen Hunt, Microsoft - Application Security Weekly #27
29:13

Galen founded and lead the team building the Azure Sphere, announced at RSA Conference 2018. Our goal is to make IoT safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; devices possessing all 7 Properties of Highly-Secured Devices.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 08, 2018
Yale University, Spam's Revival, and SDR - Paul's Security Weekly #570
01:19:16

Reddit breached after hackers bypass 2FA, Yale University discloses old school data breach, and 5 steps to fight unauthorized cryptomining. All that and more, here on security weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 07, 2018
Eric Bednash, RackTop - Business Security Weekly #95
31:26

Eric Bednash is the CEO and co-founder of RackTop Systems. He has spent the past 19 years as an innovator and entrepreneur, designing products and solutions to solve challenging Extreme Data problems. He has co-founded prior companies focused on delivering IT based services and products within the DoD Intel and Financial communities.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode95

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 07, 2018
Larry Pesce, Getting Started with FL2k - Paul's Security Weekly #570
41:16

An introduction to FL2K: Software Defined Radio is all the rage for detecting unknown signals and transmitters. We'll show you how to set up and use a surreptitious transmitter to start your journey.

Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 06, 2018
Joshua Abraham, Praetorian - Paul's Security Weekly #570
49:52

Josh is a key member of the technical execution team. In this capacity, he is responsible for leading, directing, and executing client-facing engagements that include Praetorian’s tactical and strategic service offerings.

Full Show Notes: https://wiki.securityweekly.com/Episode570 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 05, 2018
Oracle, FireEye, & Mimecast - Enterprise Security Weekly #101
25:53

This week, Endace and Ixia partner to secure and monitor networks, Oracle brings autonomous security to identity with Trust Fabric, NetSpectre attack could enable remote CPU exploitation, FireEye boosts endpoint security with MalwareGuard Machine Learning, Mimecast snaps up Solebit for $88 Million, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode101

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 04, 2018
Evaluating Security Vendors At Trade Shows - Enterprise Security Weekly #101
41:58

Paul and Jeff talk about the mentality you need to talk to vendors at a Trade Show. Concerning the upcoming conferences, Black Hat and Def Con, Paul and Jeff explain the best tactics to meet the vendors you want to talk with in the chaos of 100s of vendors.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode101

Visit http://securityweekly.com/esw for all the latest episodes!

Aug 03, 2018
Spectre, OWASP, and iGoat - Application Security Weekly #26
28:20

New Spectre attack can remotely steal secrets, Microsoft discovers supply chain attack at unnamed maker of PDF Software, XSS filter in edge, OWASP iGoat is a vulnerable swift application for iOS, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode26 Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 02, 2018
Tenable, Imperva, & Proofpoint - Business Security Weekly #94
26:02

This week, Imperva to acquire DevOps security leader prevoty, Carbon Black announces second quarter results, Sophos group upgraded to add at Numis Securities, Tenable jumps 31% by end of trading day at IPO, and Amalgamated Bank has $1.44 million holdings in CA, Inc.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode94

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Aug 01, 2018
Jessica Rozhin, Marqueta - Application Security Weekly #26
32:32

Jessica Rozhin is currently a Security Engineer at an Oakland Financial Tech startup called Marqeta. This is her first role in the security space, but she is no stranger to technical operations and incident response. Before Marqeta she spent several years working the the Network Operations Center at Box, focused on preventing, responding to and resolving large scale customer impacting site incidents.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode26 Follow us on Twitter: https://www.twitter.com/securityweekly

Aug 01, 2018
Bluetooth Bug, Tenable, and Cosco - Paul's Security Weekly #569
01:16:12

Bluetooth bug allows man-in-the-middle attacks on phones and laptops, serial killer electrocutes himself in jail cell sex act, Google launches its own USB-based FIDO U2F keys, and GhostPack.

Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 31, 2018
Article Discussion - Business Security Weekly #94
31:52

This week, the show must go on. Paul and Matt Alderman talk about how leaders should stop avoiding the hard decisions, making smart people move in motion vs taking action, 10 things successful entrepreneurs never tolerate, the negotiation edge, and marketing's hidden treasure.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode94

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 31, 2018
Chris Dale, Netsecurity - Paul's Security Weekly #569
45:20

Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management.

Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 30, 2018
Dean Coclin, DigiCert - Paul's Security Weekly #569
53:25

Dean Coclin is the Senior Director of Business Development at DigiCert. Dean brings more than 30 years of business development and product management experience in software, security, and telecommunications to the company.

Full Show Notes: https://wiki.securityweekly.com/Episode569 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 29, 2018
Pulse, CloudHealth, and Barracuda - Enterprise Security Weekly #100
16:08

Secure SAP Interfaces with the new Virtual Forge InterfaceProfiler, Sumo Logic unveils massive support for Google Cloud Platform, Barracuda's CloudGen WAF lands on Google Compute Platform.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode100

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 28, 2018
Rip & Replace Your Antivirus Software? - Enterprise Security Weekly #99
12:56

John Strand discusses whether your enterprise should replace your antivirus software and replace it with a new generation security software. Or, should the enterprises stick with your current vendor and try to implement the technology that will get you about 60% - 70% of what the new generation security software will get you.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode100

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 27, 2018
Joe Garcia, CyberArk - Application Security Weekly #25
36:19

As a Global Corporate Solutions Engineer, Joe Garcia has a strong background in DevOps, Cloud and Security and is currently focused on helping customers implement and scale effective secrets management solutions. He was previously a Solutions Architect with the CyberArk Customer Success team for the West and Southeast regions.

Full Show Note: https://wiki.securityweekly.com/ASW_Episode25 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 26, 2018
Corey Thuen, Gravwell - Enterprise Security Weekly #100
31:11

Corey Thuen is a founder of Gravwell and has spent over a decade in ICS (OT), IT, and IoT security. That experience is now driving development of a full-stack analytics platform built to solve modern analytics problems of the IoT age.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode100

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 26, 2018
Article Discussion - Business Security Weekly #93
37:56

This week, Michael and Paul discuss the power of leaders who focus on solving problems, always waiting for and trusting the question, what someone learned from 5 years at Gartner, & how "Urgency bias" is killing your productivity.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode93

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 25, 2018
Venmo, Oracle, & Linux - Application Security Weekly #25
34:01

Venmo caught publishing all transactions publicly, Oracle releases critical patches, Microsoft releases PowerShell Core for Linux, Health insurers are vacuuming up details about you, changing your screen to Grayscale can help fight phone addiction, when to 'purchase' a solution to your cybersecurity problem, & more on this episode of Application Security Weekly!

Full Show Note: https://wiki.securityweekly.com/ASW_Episode25

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 25, 2018
Pen Testing, SIM Hijackers, & Mining Bitcoin - Paul's Security Weekly #568
01:10:24

In the Security News this week, the evolutionary waves of the penetration testing, the SIM Hijackers, Roblox blames virtual "gang rape" on hack, thousands of Mega logins dumped online, Facebook refuses to remove fake news but demote it, alleged Russian Hackers mined Bitcoin to fund their operation, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 24, 2018
Gary Berman, Cyberman Security - Business Security Weekly #93
28:15

Gary is the CEO of Cyberman Security and refers to himself as, "the most reluctant cyber security person in the world" given that his 25-year career has been as a thought leader in marketing communications in general and in market segmentation in particular.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode93

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 24, 2018
Chris Spehn, Mandiant's Red Team - Paul's Security Weekly #568
42:01

Chris 'Lopi' Spehn is a consultant on Mandiant's red team. Chris was formerly a penetration tester for major credit card companies and retailers. Chris is also the founder of Illinois State University's first information security club, participated in CCDC for three years, and received first place in National Cyber League 2012.

Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 23, 2018
Davi Ottenheimer, MongoDB - Paul's Security Weekly #568
38:01

Davi Ottenheimer is a strategist and author focused on cultural disruptions and defense ethics in emerging data platforms and intelligent machines; for more than twenty years’ he has led global teams developing and managing secure systems.

Full Show Notes: https://wiki.securityweekly.com/Episode568 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 22, 2018
ThreatConnect, Optiv, & StackRox - Enterprise Security Weekly #99
22:19

Alert Logic transforms Container Security, McAfee announces new enterprise security portfolio, ThreatConnect updates its Playbooks, Optiv Security launches new managed identity service, CA Technologies to become part of Broadcom, and more!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode99

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 21, 2018
John Moran, DFLabs - Enterprise Security Weekly #99
43:36

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. John Moran talks about DFLabs Incman SOAR.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode99

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 20, 2018
AppSec Solutions in a DevOps World - Application Security Weekly #24
34:08

Application Security solutions in a DevOps world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode24 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 19, 2018
Mayank Varia, Boston University pt. 2 - Business Security Weekly #92
27:37

Mayank Varia is a research associate professor of computer science at Boston University and the co-director of BU's Center for Reliable Information Systems & Cyber Security. He holds a bachelor's degree from Duke University and a PhD from MIT.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode92

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 18, 2018
iOS Bugs, Burp Suite, & DevSecOps - Application Security Weekly #24
31:08

In the news, compromised JavaScript package caught stealing npm credentials, remote iOS bugs, a $39 device that can defeat iOS USB Restricted mode, Broadcom buys CA Technologies, Burp Suite Automation Tool, & more on this episode of Application Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode24 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 18, 2018
Chris Brenton, Active Countermeasures - Enterprise Security Weekly #95
38:09

Chris has been a leader in IT and security for over 20 years. He has written multiple books on networking and security including "Mastering Cisco Routers" and "Mastering Network Security".

Full Show Notes: https://wiki.securityweekly.com/ES_Episode95

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 18, 2018
Airport Security, Dark Web, and Apple - Paul's Security Weekly #567
57:42

In the Security News this week, Hackers put Airport Security system Access on the Dark Web, Arch Linux PDF reader package poisoned,Chrome defends Spectre, & Cisco patches bug in VoIP phones.

Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 17, 2018
Mayank Varia, Boston University pt. 1 - Business Security Weekly #92
29:47

Mayank Varia is a research associate professor of computer science at Boston University and the co-director of BU's Center for Reliable Information Systems & Cyber Security. He holds a bachelor's degree from Duke University and a PhD from MIT.

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode92

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 17, 2018
Limor Elbaz, Peerlyst - Paul's Security Weekly #567
35:48

Limor is an entrepreneur, product evangelist, security expert, and a business development executive. She is the Founder of Peerlyst, the largest community of security professionals, serving more than half a million security experts in 191 countries.

Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 16, 2018
SolarWinds, Mimecast, & AT&T - Enterprise Security Weekly #98
19:53

This week, Thoma Bravo to buy majority stake in cybersecurity firm Centrify, SolarWinds acquires real-time threat-monitoring service Trusted Metrics, Mimecast acquires Ataata, AT&T to acquire AlienVault, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode98

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 15, 2018
Zane Lackey, Signal Sciences - Paul's Security Weekly #567
42:08

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences and serves on the Advisory Boards of the Internet Bug Bounty Program and the US State Department-backed Open Technology Fund. Prior to Signal Sciences, Zane was the Director of Security Engineering at Etsy and a Senior Security Consultant at iSEC Partners.

Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 15, 2018
Joe McManus, Automox - Enterprise Security Weekly #98
32:15

Joe McManus is an expert and industry advisor in the field of information security. He currently serves as the CISO of Automox, provider of cloud-based, cross-platform patching software. He is also a senior researcher at CERT, part of the Software Engineering Institute at Carnegie Mellon University, where he specializes in large scale network monitoring, network forensics and incident response.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode98

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 14, 2018
Ferruh Mavituna, Netsparker - Enterprise Security Weekly #98
37:04

Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exploitation features, used by thousands companies around the world today.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode98

Visit http://securityweekly.com/esw for all the latest episodes!

Jul 13, 2018
The Hardest Problem in Application Security - Application Security Weekly #23
28:09

One of the hardest problems that Application Security practitioners need to solve is the problem of visibility. Not only do they need to uncover all of the different projects under development - they also need to worry about what libraries and frameworks those projects are using.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode23 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 12, 2018
Intellectual Property, Edna Conway - Business Security Weekly #91
31:46

CSO of Cisco Systems, Inc. Edna Conway, makes her return to discuss Intellectual Property with Paul, and more on this episode of Business Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode91

Visit http://securityweekly.com/category/ssw for all the latest episodes!

!

Jul 11, 2018
Facebook, Google, & GitLab - Application Security Weekly #23
30:02

In the news, Google patches critical remote code execution bugs in Android OS, A new data breach may have exposed personal information of almost every American adult, Facebook acknowledges it shared user data with 61 companies, social media apps are 'deliberately' addictive to users, & more on this episode of Application Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode23 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 11, 2018
Articles, News, & Discussion - Business Security Weekly #91
29:42

Technical experts need to get better at telling stories, How to get the upper hand in any "Take It Or Leave It" offer, How and when to inform your team of major developments in your business, why companies need to build a skills inventory, and more!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode91

Visit http://securityweekly.com/category/ssw for all the latest episodes!

Jul 10, 2018
PHPMyAdmin, GitHub, and VS Code - Application Security Weekly #22
35:16

'GDPR-Lite', Testing Firefox, refactoring in VS Code, sniff network traffic from our iOS device, Gentoo GitHub organization is hacked, and what does it mean to experience fulfillment? All that and more, here on Application Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode22 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 05, 2018
WPA3, Ticketmaster, and Don't Wipe So Hard - Paul's Security Weekly #566
43:30

Terrible passwords outlawed in Microsoft's new Azure tool, Ticketmaster suffers security breach in personal and payment data, stop wiping your butt so hard, Toronto cops in big trouble for eating weed edibles, and WiFi's tougher WPA3 security is read. All that and more, here on Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 03, 2018
Thomas GX, Yelda - Application Security Weekly #22
33:00

Thomas GX is a French entrepreneur specialized in Automation, AI, Assistants & Bots, handling creation and development as well as project management processes.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode22 Follow us on Twitter: https://www.twitter.com/securityweekly

Jul 03, 2018
Fun with Android APK's, Joff Thyer - Paul's Security Weekly #566
38:46

Ever wonder how to get started pen testing Android Apps? This tech segment will demonstrate a few basic techniques and tools to give you a taste of mobile app assessments with the Android platform.

Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 02, 2018
Tom Brennan & Gary Berman - Paul's Security Weekly #566
54:58

Tom Brennan from Proactive Risk and Gary Berman from Cyberman Security, come on the show and talk about their journey up till their comic. They give us the inside scoop on their comic book, "The CyberHero Adventures".

Full Show Notes: https://wiki.securityweekly.com/Episode566 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Jul 01, 2018
Duo, CyberArk, & Demisto - Enterprise Security Weekly #97
20:01

This week, Duo integrates with Sophos to address BYOD Security, SkyHigh not the limit of McAfee's ambition; IPO an option, CyberArk's new offering to mitigate privileged access risk, Ping Identity acquires Elastic Beam for AI-Powered API Security, and more on this episode of Enterprise Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode97

Visit http://securityweekly.com/esw for all the latest episodes!

Jun 30, 2018
Gabriel Gumbs, STEALTHbits - Enterprise Security Weekly #97
33:45