PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 12 of 98

Terms & Acronyms - SWN Vault

Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White. Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain. Show Notes: https://securityweekly.com/vault-swn-21

Nov 26, 202434 min

2nd Edition: How to Measure Anything in Cybersecurity Risk - Doug Hubbard - BSW Vault

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14

Nov 25, 202437 min

AI messes with scammers, autonomous endpoint security, malware targets Excel - ESW #385

In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an "autonomous" endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA's leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-385

Nov 23, 202450 min

All the biggest cybersecurity news out of Microsoft Ignite 2024 - ESW #385

Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. Show Notes: https://securityweekly.com/esw-385

Nov 22, 202431 min

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet... - SWN #433

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-433

Nov 22, 202433 min

Fixing how cybersecurity products are bought and sold - Mariana Padilla - ESW #385

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Show Notes: https://securityweekly.com/esw-385

Nov 22, 202430 min

Fortinet, Palo Alto, VMWare - PSW #852

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC! Show Notes: https://securityweekly.com/psw-852

Nov 21, 20241h 58m

Confessions of a Cyber Criminal Stalker - Ken Westin - PSW #852

Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety. Show Notes: https://securityweekly.com/psw-852

Nov 21, 202458 min

AI fixes everything, C++ the actual worst, IAM is hard - ASW #308

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Watchtowr has some fun with Citrix VDI! Show Notes: https://securityweekly.com/asw-308

Nov 20, 202437 min

Finally, Liability Coverage for CISOs as the Cybersecurity Workforce Peaks - BSW #373

In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Show Notes: https://securityweekly.com/bsw-373

Nov 19, 202421 min

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and... - SWN #432

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-432

Nov 19, 202432 min

Similarities Between SOX And SEC's Cyber Rule - Padraic O'Reilly - BSW #373

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including: Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings. This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Show Notes: https://securityweekly.com/bsw-373

Nov 19, 202425 min

Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308

This week's interview dives deep into the state of biometrics with two Forrester Research analysts! This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the keys to a range of engagement models of the future. Andras Cser dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as Andras explains, there's no need to, thanks to how biometrics actually work. Then, Enza takes us through the latest on privacy in biometrics - a concern for both consumers, and businesses tasked with complying with privacy regulations and avoiding costly fines. Finally, get a sneak peek into the upcoming Forrester Security & Risk Summit. Whether you're an industry professional or just curious about the implications of biometrics, this episode delivers insights you won't want to miss! Show Notes: https://securityweekly.com/asw-308

Nov 19, 202433 min

Funding, Trustwave/Cybereason, NVIDIA Morpheus AI SOC, and the job situation is bad - ESW #384

This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-384

Nov 16, 202454 min

The Top-Down Approach in Cybersecurity and Compliance Isn't Working - What's Next? - Justin Beals - ESW #384

Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support? Show Notes: https://securityweekly.com/esw-384

Nov 15, 202430 min

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More... - SWN #431

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-431

Nov 15, 202432 min

AI and the Autonomous SOC - Separating Hype from Reality - Itai Tevet - ESW #384

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Show Notes: https://securityweekly.com/esw-384

Nov 15, 202430 min

Holiday Hack Challenge - PSW #851

We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds of tabs, color-coded cells, and JSON to create entire virtual worlds. Then we covered the rest of the security news including hacking Mazda's infotainment system and more! Segment Resources: https://sans.org/holidayhack Show Notes: https://securityweekly.com/psw-851

Nov 14, 20241h 44m

No CVE and No Accountability - PSW #851

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest. Show Notes: https://securityweekly.com/psw-851

Nov 14, 202459 min

CISO Evolution and Leadership Paradigm as Burnout Rate Hits 93% - BSW #372

In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team's Productivity by Hiring Force Multiplier, and more! Show Notes: https://securityweekly.com/bsw-372

Nov 12, 202432 min

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not? All that and more on this week's news segment. Show Notes: https://securityweekly.com/asw-307

Nov 12, 202435 min

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more... - SWN #430

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-430

Nov 12, 202433 min

Modernizing AppSec - Melinda Marks - ASW #307

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry about. Integrating security into the SDLC and CI/CD pipelines, infrastructure as code (IaC) trends, best of breed vs platform, and other aspects of AppSec get discussed as well! Show Notes: https://securityweekly.com/asw-307

Nov 12, 202433 min

How to Combat the CISO Mental Health Crisis - Ram Movva - BSW #372

Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health? Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health. Show Notes: https://securityweekly.com/bsw-372

Nov 12, 202425 min

$200M for IoT security, 4 acquisitions, fake job openings, vapes are trash - ESW #383

In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-383

Nov 9, 202454 min

The State of DSPM, One of the Hottest New Cybersecurity Markets in Years - Todd Thiemann - ESW #383

Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation? There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out. Show Notes: https://securityweekly.com/esw-383

Nov 8, 202433 min

Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Bans, Aaran Leyland... - SWN #429

Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Banning Things, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-429

Nov 8, 202432 min

Cybersecurity Budgets: the Journey from Reactive to Proactive - Theresa Lanowitz - ESW #383

CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop. This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! Show Notes: https://securityweekly.com/esw-383

Nov 8, 202432 min

We're Not Saying "I told you so" - PSW #850

In the news: Pacific Rim, Linux on Windows for attackers, one of the worst cases of a former employee's retaliation, Zery-Day FOMO, we predicted that, hacking for fun, working hard for no PoC, an LLM that discovers software vulnerabilities, absurd fines, long usernames and Okta, and paying a ransom with dough! Show Notes: https://securityweekly.com/psw-850

Nov 7, 20242h 1m

Cybersecurity For Schools - Kayne McGladrey - PSW #850

We chatted with Kayne about education systems security, funding for cyber tools and services, and what the future of education might look like to fill more cyber roles. Show Notes: https://securityweekly.com/psw-850

Nov 7, 202445 min

Tariffs, Pygmy Goat, Schneider, SQLite, Deepfakes, Military AI, Josh Marpet... - SWN #428

Tariffs, Pygmy Goat, Schneider, SQLite and Dixie Flatline, Deepfakes, Military AI, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-428

Nov 6, 202432 min

Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306

Microsoft delays Recall AGAIN, Project Zero uses an LLM to find a bugger underflow in SQLite, the scourge of infostealer malware, zero standing privileges is easy if you have unlimited time (but no one does), reverse engineering Nintendo's Alarmo and RedBox's... boxes. Bonus: the book series mentioned in this episode The Lost Fleet by Jack Campbell. Show Notes: https://securityweekly.com/asw-306

Nov 5, 202433 min

Today's Hybrid Work Era: Integrated Approach & Implementing Identity - ESW #382

Today's cyber threat actors are capitalizing on organizations' identity vulnerabilities, such as MFA. Nearly 75% of cloud security failures now result from mismanaged identities, access, and privileges, and the identity attack surface is becoming more challenging to protect as companies expand their cloud environments and supply chains to meet their IT needs. Damon McDougald, Global Cyber Protection lead at Accenture, joins Security Weekly's Mandy Logan to share his perspective on why identity is so crucial in today's hybrid work environment, the innovations that are changing the game when it comes to cybersecurity, the top challenges companies face in implementing identity, and how identity can help keep threat actors at bay. Segment Resources: https://www.accenture.com/us-en/services/security/digital-identity Hybrid workforces are here to stay. This means protecting today's workforce requires securing access to applications from any device, anywhere, while maintaining a seamless user experience. Punit Minocha, the EVP of Business Development & Corporate Strategy at Zscaler, joins SC Media to discuss the challenges companies are facing with securing their hybrid workforces and how integrated, best-of-breed solutions from Zscaler and Okta deliver zero trust security that helps companies protect their data, infrastructure, and employees as they scale and innovate. Segment Resources: https://www.okta.com/press-room/press-releases/zscaler-and-okta-enhance-enterprise-cybersecurity-with-new-zero-trust/ This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane. Show Notes: https://securityweekly.com/esw-382

Nov 5, 202430 min

The Right CISO, with a New Security Leadership Style, to Safeguard Your Business - BSW #371

In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more! Show Notes: https://securityweekly.com/bsw-371

Nov 5, 202426 min

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost services for smaller organizations that have real appsec needs, but not a lot of means to pay for it. He founded DarkHorse, who offers VDPs and bug bounties to organizations of all sizes for free, or for as low of cost as possible. While not a non-profit, the company's goal is to make these services as cheap as possible to increase accessibility for smaller or more budget-constrained organizations. The company has also introduced the concept of "fractional pentesting", access to cyber talent when and how you need it, based on what you can afford. This implies services beyond just offensive security, something we'll dive deeper into in the interview. We don't see DarkHorse ever competing with the larger Bug Bounty platforms, but rather providing services to the organizations too small for the larger platforms to sell to. Show Notes: https://securityweekly.com/asw-306

Nov 5, 202432 min

Planning A Merger Or Acquisition? Ask These Five Cyber Questions First - Craig Davies - BSW #371

Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger. So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode. Show Notes: https://securityweekly.com/bsw-371

Nov 5, 202438 min

Funding, AI controls your PC, Cyberstarts stops Sunrise, public cyber goes private - ESW #382

This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts' sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-382

Nov 4, 20241h 4m

Recall, Russia, Win 10, Phish n Ships, Midnight Blizzard, Rob Allen, and More... - SWN #427

Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-427

Nov 4, 202436 min

What if securing buildings was as easy as your smartphone? - Blaine Frederick - ESW #382

The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking. We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures. Show Notes: https://securityweekly.com/esw-382

Nov 4, 202431 min

EDR Is Dead, EDR Is Not Dead - PSW #849

Google's cookie encryption drama, Microsoft accusing Google of shady antitrust tactics, AI shenanigans, the rejected Defcon talk and hacking traffic lights, vulnerabilities in Realtek SD card readers, the never-ending debate on quantum computing vs. cryptography, backdoors are not secrets and where we are pushing attackers, firmware leakage, more on Windows Downgrade (and UEFI locks), super nerdy Linux things, EDR is dead, well not really but more on how to make it not phone home, bypassing memory scanners, couple of Bluetooth hacking things, and a really awesome article about an IoT 0-Day that is no longer on the Internet. Show Notes: https://securityweekly.com/psw-849

Oct 31, 20241h 50m

Halloween, TikTok, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more... - SWN #426

Halloween, TikTok Rip Off, Telcos, Win 11, Five Eyes, AWS, France, ChatGPT, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-426

Oct 30, 202436 min

Shadow IT and Security Debt - Dave Lewis - PSW #849

We had the pleasure of finally having Dave Lewis on the show to discuss shadow IT and security debt. Dave shared some fascinating insights from his long career in cybersecurity, emphasizing the importance of addressing fundamental security issues and the human aspect of security. We delved into the challenges of managing shadow IT, the complexities of security debt, and the need for organizations to prioritize security practices. Overall, it was a great conversation that highlighted the ongoing struggles in our industry and the importance of learning from past mistakes to build a more secure future. Show Notes: https://securityweekly.com/psw-849

Oct 30, 202459 min

Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305

Generative AI has been the talk of the technology industry for the past 18+ months. Companies are seeing its value, so generative AI budgets are growing. With more and more AI agents expected in the coming years, it's essential that we are securing how consumers interact with generative AI agents and how developers build AI agents into their apps. This is where identity comes in. Shiven Ramji, President of Customer Identity Cloud at Okta, will dive into the importance of protecting the identity of AI agents and Okta's new security tools revealed at Oktane that address some of the largest issues consumers and businesses have with generative AI right now. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/ Today, there isn't an identity security standard for enterprise applications that ensures interoperability across all SaaS and IDPs. There also isn't an easy way for an app, resource, workload, API or any other enterprise technology to make itself discoverable, governable, support SSO and SCIM and continuous authentication. This lack of standardization is one of the biggest barriers to cybersecurity today. Arnab Bose, Chief Product Officer, Workforce Identity Cloud at Okta, joins Security Weekly's Mandy Logan to discuss the need for a new, comprehensive identity security standard for enterprise applications, and the work Okta is doing alongside other industry players to institute a framework for SaaS companies to enhance the end-to-end security of their products across every touchpoint of their technology stack. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ https://www.okta.com/press-room/press-releases/okta-is-reducing-the-risk-of-unmanaged-identities-social-engineering/ This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane. Show Notes: https://securityweekly.com/asw-305

Oct 29, 202430 min

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305

Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and whether fuzzing is better), and more! Also check out this presentation from BSides Knoxville that we talked about briefly, https://youtu.be/DLn7Noex_fc?feature=shared Show Notes: https://securityweekly.com/asw-305

Oct 29, 202453 min

Stay Ahead of Identity Threats & Addressing Cybersecurity Disparities - David Bradbury, Erin Baudo Felter - BSW #370

Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he's seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they've seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce. Segment Resources: https://www.okta.com/oktane/ This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane. Show Notes: https://securityweekly.com/bsw-370

Oct 29, 202433 min

The CISO Mindset, Top Strategies, and Mandating Office Presence Without Purpose - BSW #370

In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert's Proven Method, The Problem with Mandating Office Presence Without Purpose, and more! Show Notes: https://securityweekly.com/bsw-370

Oct 28, 202430 min

Era of Bot Battlers & Security Focused Company Culture - ESW #381

Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it's everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/ Whether it's phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta's Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link. Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass! Show Notes: https://securityweekly.com/esw-381

Oct 26, 202432 min

Cyber Security Awareness for Election and Poll Workers - Kirsten Davies - ESW #381

The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers. Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org. Show Notes: https://securityweekly.com/esw-381

Oct 25, 202448 min

Tourists, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More... - SWN #425

Tourist Abuse, Fortis, apps, TLP, AWS, Google, Chatbots, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-425

Oct 25, 202435 min

Transforming the Defender's Dilemma into the Defender's Advantage - Lenny Zeltser - ESW #381

Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here! The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender's Dilemma into the Defender's Advantage Show Notes: https://securityweekly.com/esw-381

Oct 25, 202430 min