Paul's Security Weekly (Video)

New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663

Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection. This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw663

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more pressure on the CIO and CISO. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new controls, and do it all while managing existing budgets and staff. Making Elastic endpoint security completely free and open helps level the playing field for organizations that are struggling with the typically high cost and complexity of adopting effective endpoint security. This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw662

In this segment, we discuss the importance of automating the Vulnerability Management Program and discuss Qualys VMDR which takes vulnerability management to the next level bringing detection and response to vulnerability management. For your free trial of Qualys VMDR, visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

How hackers could spy on satellite internet traffic with just $300 of home TV equipment, Smart locks opened with nothing more than a MAC address, 17-Year-Old 'Mastermind' and 2 Others Behind the Biggest Twitter Hack Arrested, Flaw in popular NodeJS express-fileupload module allows DoS attacks and code injection, and how Netgear Won't Patch 45 Router Models Vulnerable to a Serious Flaw! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

Chad talks about the DomainTools COVID research (and how they stumbled on the CovidLock Android ransomware), mapping the Reopen Campaigns in more detail. He will then touch on some of the work he is doing that will be released that maps Twitter hunting into a nice, observable dashboard for the lazy. This segment is sponsored by DomainTools. Visit https://securityweekly.com/domaintools to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw661

A Vulnerability that Allowed Brute-Forcing Passwords of Private Zoom Meetings, Russia's GRU Hackers Hit US Government and Energy Targets, a New tool that detects shadow admin accounts in AWS and Azure environments, BootHole Secure Boot Threat Found In Mostly Every Linux Distro, and Windows 8 And 10, and how Hackers Broke Into Real News Sites to Plant Fake Stories! Show Notes: https://wiki.securityweekly.com/psw660 Visit https://www.securityweekly.com/psw for all the latest episodes!

MIDAS uses unsupervised learning to detect anomalies in a streaming manner in real-time and has become a new baseline. It was designed keeping in mind the way recent sophisticated attacks occur. MIDAS can be used to detect intrusions, Denial of Service (DoS), Distributed Denial of Service (DDoS) attacks, financial fraud and fake ratings. MIDAS combines a chi-squared goodness-of-fit test with the Count-Min-Sketch (CMS) streaming data structures to get an anomaly score for each edge. It then incorporates temporal and spatial relations to achieve better performance. MIDAS provides theoretical guarantees on the false positives and is three orders of magnitude faster than existing state of the art solutions. Check out MIDAS at https://github.com/Stream-AD/MIDAS Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw660

The Gravwell Data Fusion platform is releasing a major update this week. New features make analyzing logs and network data much easier for new users while still keeping the raw power of a unix-like search query pipeline for power users. Gravwell is free for community use and during launch week if you sign up for CE we're bumping the data cap up to 4 GB/day. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw660

Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities, Fugitive Wirecard Executive Jan Marsalek Was Involved In Attempt to Purchase Hacking Team Spyware, 8 Cybersecurity Themes to Expect at Black Hat USA 2020, Twitter says hackers viewed 36 accounts' private messages, and how Thieves Are Emptying ATMs Using a New Form of Jackpotting! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

Leveraging the unifying power of a cloud-based security platform to provide full context and comprehensive visibility into the entire attack chain for a complete, accurate risk-based analysis and response. The cloud allows you to unify different context vectors like asset discovery, rich normalized software inventory, end of life visibility, vulnerabilities and exploits, misconfigurations, in-depth endpoint telemetry, and network reachability with a powerful backend to correlate it all for accurate assessment, detection and response. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

Zane Lackey joins us once again to talk about Zero Trust, Cloud Security, and the impact of COVID-19 on Digital Transformation! This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw659

Microsoft fixes critical wormable RCE SigRed in Windows DNS servers, Zoom Addresses Vanity URL Zero-Day, Docker attackers devise clever technique to avoid detection,a massive DDoS Attack Launched Against Cloudflare in Late June, Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers, and what you need to know about the Twitter Mega Hack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

The guys welcome our newest host to the family. John Snyder will replace Matt Alderman on Security and Compliance Weekly. Tune in to hear about how John made the jump from being a trial lawyer in New York to founding AGNES Intelligence, a forensic AI firm that has perfected the application of unsupervised machine learning! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

With advent of Internet of Things (IoT) and emerging cloud technologies, ensuring continued cybersecurity at scale is a challenging task. An ever growing increase in demand of cybersecurity workforce makes the problem even more challenging. In this talk we will explore how autonomous solutions based on Artificial Intelligence (AI) and Machine Learning (ML) can help in bridging the gap, by automating current cybersecurity tools and techniques. We will also discuss if current AI solutions can be practical at scale or simply marketing/media hype. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw658

Hackers Are Exploiting a 5-Alarm Bug in Networking Equipment, Cisco Talos discloses technical details of Chrome and Firefox flaws, Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS, Zoom zero-day flaw allows code execution on victim's Windows machine, and how the Trump administration is looking into ban on TikTok and other Chinese apps! V isit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Arrested at 17 while hacking with a Commodore 64, Terry went on to work for the US National Security Agency help track terrorists. He left the NSA in 2007 to bootstrap Tactical Network Solutions, an offensive-focused cyber company catering to the world's friendly foreign governments and militaries. In 2017, he spun out ReFirm Labs as an investor-backed company to help fight IoT insecurity. In his spare time, he runs mini-real estate portfolio of rental properties. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

In this technical demo, Joff will show how you can bring up an IPv6 tunnel to learn and play with IPv6 connectivity and basic concepts. This tech segment will largely be a demo on a Debian based Linux system to show you how you might get started with IPv6. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode657

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software, Firefox 78 is out with a mysteriously empty list of security fixes, Python Arbitrary File Write Prevention: The Tarbomb, New Lucifer DDoS Botnet Targets Windows Systems with Multiple Exploits, Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking, and how The Internet is too unsafe, and why We need more hackers! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

With bug bounties becoming more and more main stream for organizations. The bounty hunters are turning to more and more automation. Open source intelligence gathering can be automated with the use of python and a handful of other opensource tools such as Recon-NG, Amass, and others. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

Hackers know that more people are working from home now and accessing/ sending/ sharing sensitive company data through their home networks. How can businesses help employees secure their home networks? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode656

As web applications have evolved from static HTML pages into fully-fledged applications with a native feel to them, web browsers continue to provide developers with truly novel functionality. The resulting paradigm shift from merely rendering web pages to acting as an OS-agnostic abstraction layer poses unique challenges to everyone involved with web application security, including automated web application security scanning solutions. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, 3 common misconceptions about PCI compliance, SMBleed could allow a remote attacker to leak kernel memory, Kubernetes Falls to Cryptomining via Machine-Learning Framework, and The F-words hidden superpower: How Repeating it can increase your pain threshold! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

We'll discuss how organizations can improve their vulnerability management life cycle and demo some quick ways to get started with vulnerability management and combining penetration test results. Then walking through the whole life cycle of a vulnerability. To learn more about PlexTrac, visit: https://securityweekly.com/plextrac Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode655

Octopus Scanner Sinks Tentacles into GitHub Repositories, RobbinHood and the Merry Men, Zoom Restricts End-to-End Encryption to Paid Users, Hackers steal secrets from US nuclear missile contractor, and Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654

Threat hunting activities often require packet capture analysis but capturing and storing PCAP at scale is rough. This segment covers open source tools for collecting packet captures on demand within a threat hunting use case in Gravwell. To learn more about Gravwell, visit: https://securityweekly.com/gravwell To check out Packet Fleet, visit: https://github.com/gravwell/ingesters/tree/master/PacketFleet Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654

Paul delivers a Technical Segment on Lightweight Vulnerability Management using NMAP! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode654

In this week's Security News, NSA warns Russia-linked APT group is exploiting Exim flaw since 2019, Hackers Compromise Cisco Servers Via SaltStack Flaws, OpenSSH to deprecate SHA-1 logins due to security risk, all this and more with Special Guest Ed Skoudis, Founder of Counter Hack and Faculty Fellow at SANS Institute! To check out the SANS Pen Test HackFest and Cyber Range Summit, visit: https://www.sans.org/event/hackfest-ranges-summit-2020 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode653

"Burn-In: A Novel of the Real Robotic Revolution" (May 26 release) is a new kind of novel+nonfiction. It uses the technothriller format as a way to share real research on the ways that AI+automation will shape our future, but also leave it vulnerable to a new scale of risks. That is, it is a fictional story following an FBI agent as she and a new partner hunt a new kind of terrorist bent on holding the entire city hostage in a way previously impossible. But baked into the story are some 300 macro and micro predictions of the tech and trends that will change our tomorrow, drawn from the latest nonfiction studies to show that it could/will come true (IE, it is a novel, but with endnotes on everything). Think of it as the veggies hidden in the smoothie, to give people a fun/scary read, but also to understand key terms and ideas soon to shape their lives. To get a discounted copy of Burn-In: A Novel of the Real Robotic Revolution, visit: https://800ceoread.com/securityweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode653

The MITRE ATT&CK framework has had a major impact on the cybersecurity industry and has given a defenders a haystack in which to focus their defensive efforts. What's most interesting, perhaps, is where and how these TTPs intersect and how we can use that information to determine patterns and disrupt attacks by analyzing historical datasets. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode653

In the Security News, Hackers target the air-gapped networks of the Taiwanese and Philippine military, Stored XSS in WP Product Review Lite plugin allows for automated takeovers, Remote Code Execution Vulnerability Patched in VMware Cloud Director, Shodan scan of new preauth RCE shows 450k devices at risk including all QNAP devices, and The 3 Top Cybersecurity Myths & What You Should Know! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode652

HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly. Security Header Whitepaper: https://www.netsparker.com/whitepaper-http-security-headers/ Slide Show: https://securityweekly.com/http-security-headers-in-action/ To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode652

The guests on Trust Me I'm Certified have dropped some real knowledge and I'd like to distill that down as well as talk about building technical skills, looking at your career as a 'thing' that needs care and feeding, and the BSidesNH conference. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode652

In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes critical vulnerability so patch immediately!, U.S. Cyber Command Shares More North Korean Malware Variants, and The Top 10 Most-Targeted Security Vulnerabilities! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

We use terms such as Social Distancing, Quarantine, and Contact Tracing on a regular basis amid the current crisis. How do these apply to Information and Network Security? To learn more about Edgewise Networks or to request a Demo, visit: https://securityweekly.com/edgewise Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

In this episode of Paul's Security Weekly, we will dive into the recently published MITRE ATT&CK second-round evaluation based on APT29. While MITRE does not declare a "winner," stressing that the results enable users to make informed decisions on what tools meet their needs, It's notable how many vendors claimed victory shortly after the results were published. We will discuss how organizations can interpret the results relative to their own security strategy using the free and open ATT&CK visualization dashboard developed by Elastic. And, since the ATT&CK framework is built to help defenders find the gaps in their security visibility, we will also cover the importance of looking at data beyond the endpoint to develop a comprehensive, extended detection and response position. To learn more about Elastic Security, visit: https://securityweekly.com/elastic To view the Elastic Dashboard of MITRE ATT&CK® Round 2 Evaluation Results, visit: https://tinyurl.com/Elastic-Dashboard-of-MITRE-ATT Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode651

In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild, Another Stuxnet-Style Vulnerability Found in Schneider Electric Software, and remembering the ILOVEYOU virus! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode650

Lots of IT and security professionals do not want to use the CLI, which has set them back. Fantastic exposes the same power as the CLI in an easy to use GUI that is more consistent and hopefully easier to navigate/use than the native GUI tools. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode650

Public utilities are under fire from malicious actors now, more than ever. At the same time, authorities for National Guard units are expanding, allowing greater levels of support. However, this only works when relationships already exist. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode650

The crew talks about how to accomplish asset management, vulnerability management, prioritization of remediation, and the actual remediation steps! No small task! Then check out a deep dive demonstration of Qualys VMDR that includes, you guessed it, Asset Management, Vulnerability Management, Threat Detection & Prioritization, and Response! To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode649

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode649

Jeremy Miller, a former Green Beret and current CEO of Lionfish Cyber Security, will discuss how mission set tactics used by Special Forces can be applied directly to the cyber war being waged today. These mission sets are very relevant for the front line of cybersecurity professionals, who are the next generation of Special Operation forces. These are the men and women that protect our country, our businesses and our families. Approaching the cyber war with this mindset, Miller is re-aligning how cybersecurity in small to medium sized businesses is structured. His team plans to be a force multiplier for SMBs by bundling resources and capabilities into an affordable security platform, making cyber security more a strength than a weakness for these organizations. Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode649

In the Security News, Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis, Wanna hack a Satellite? The Navy will let you…, IBM 0-day released for days after notification - IBM said "won't fix!", Zoom Dropped by Big Business Despite Addressing Security Flaws, Android Users Beware: Google Just Banned These Devious Apps With 69 Million Installs, NSA shares list of vulnerabilities commonly exploited to plant web shells, German Government Loses 'Tens of Millions' in COVID-19 Phishing Attack, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode648

Patrick Laverty created and co-organizes the Layer 8 Conference with Lea Snyder. This year will be the 3rd annual conference that solely focuses on social engineering and OSINT topics. Ori Zigindere is an offensive security professional with a background in software engineering. He works with a wide range of companies in all major industries to help them improve their security posture against day to day threats. Patrick and Ori join us today to talk about the Layer8 Conference, and WorkshopCon! To sign up for the Layer8 Conference, please visit: https://layer8conference.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode648

Steven Bay has over 16 years of cybersecurity experience, spanning the military, government, consulting, and enterprise security. For 10 of those years, he supported the National Security Agency both as a member of the military and a contractor. In 2013 he hired Edward Snowden to a contract position in Hawaii and was his manager when Snowden fled the country with top-secret NSA data. Following this, he moved into commercial cybersecurity where he provided IR and Threat Intelligence services to Fortune 500 companies, served as a CISO, and today is the Director of Security Operations at Security On-Demand. He also is a keynote speaker where shares his story and lessons learned from his Snowden experience at industry groups, corporate events, and student groups. To watch our interview with Steven Bay on Enterprise Security Weekly #170, visit: https://youtu.be/nbnSSiVUSSw Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode648

This week in the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, Macs Are More Secure, and Other Jokes You Can Tell Yourself, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choose between the two. But that's not the case. This segment will cover why and how pen testing can be used to validate vulnerability scanner results. To learn more about Core Security, visit: https://securityweekly.com/coresecurity Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Defining key areas of investment that organizations need to consider in their programs. Within the areas of investment, we talk about functional areas and defining capabilities within each functional area. The end goal is to have a framework that folks can use to document their security program, measure evolution over time, share best practices, organize content and data, and be used as a reference architecture based on community input. To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647