Security Weekly Podcast Network (Video)

Check out this interview from the PSW Vault, hand picked by main host Paul Asadoorian! This segment was originally published on February 4, 2013. Dr. Spafford is one of the senior, most recognized leaders in the field of computing. He has an on-going record of accomplishment as a senior advisor and consultant on issues of security and intelligence, education, cybercrime and computing policy to a number of major companies, law enforcement organizations, academic and government agencies... [With] over three decades of experience as a researcher and instructor, Professor Spafford has worked in software engineering, reliable distributed computing, host and network security, digital forensics, computing policy, and computing curriculum design. Dr. Spafford is a professor with an appointment in Computer Science at Purdue University, where he has been a member of the faculty since 1987. Spaf's new book, Cybersecurity Myths and Misperceptions, is available at https://informit.com/cybermyths Show Notes: https://securityweekly.com/vault-psw-4

In the leadership and communications section, The SEC Let The Boardroom Off The Hook On Cybersecurity, Turns Up Heat On CISOs And CEOs, How CISOs can become board-ready, How to Be a Purpose-Driven Leader Without Burning Out, and more! Show Notes: https://securityweekly.com/bsw-314

Check out this interview from the SDL Vault, hand picked by main host Doug White! This segment was originally published on January 22, 2019. Today, we begin the journey to the quantum realm on SDL. Marketing is telling us, everything is quantum now, don't be fooled, let us tell you how it works on SDL. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-3

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. Show Notes: https://securityweekly.com/vault-asw-4

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on March 15, 2021. In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-4

In this interview, Raghu discusses the specific challenges in securing the cloud and how to overcome them. He shares how to make your life easier by making security a team sport, how to gain the visibility you need across clouds, data centers, and endpoints, and how to get a return on your cloud security investments. This segment is sponsored by Illumio. Visit https://securityweekly.com/illumiobh to learn more about them! It's no secret that the attack surface is increasing and the best defense is one that's matched to the most relevant risks. Through proactive and reactive research, The SafeBreach Labs team helps customers discover their most critical threats and security gaps by building the industry's most current and complete playbook of attacks. In this session, SafeBreach Director of Research Tomer Bar will share how attacks are conducted, which APT group have been the most active, and how breach and attack simulation can help teams think like an adversary and leverage recent vulnerabilities to gain accurate insights. Segment Resources: https://www.safebreach.com/safebreach-labs/ This segment is sponsored by SafeBreach. Visit https://securityweekly.com/safebreachbh to learn more about them! Show Notes: https://securityweekly.com/esw-330

This week, Dr. Doug talks: AI vs. Hunter Thompson, Sandstorm, BGP, Earth Estries, DOE, VMWare Aria, Key Group, DSA, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-323

There's still serious, late stage funding for compelling tech in cybersecurity, SpyCloud proves with it's $110M Series D. We discuss the SentinelOne/Wiz merger rumors. Sadly layoffs and even company failures are still occurring, thought Tyler thinks the market downturn is close to bottoming out. NordVPN spins off an AI skunkworks called NordLabs. The Browser Company has a great company vision page that's worth checking out. Two interesting LLM prompt-related tools to check out are PIPE and promptmap (both on github). Brazilian phone spyware WebDetetive (sic) gets hacked and all victim data deleted. US takes down QakBot and *removes* it from infected systems! Finally, a homing pigeon proves that birds are faster than gigabit Internet :D Show Notes: https://securityweekly.com/esw-330

Having direct visibility into your access data is crucial for two reasons: 1. Simplifying audit preparation and 2. Managing progress of your identity program to ensure peak performance. Internal auditors and compliance managers need easy access to granular data points to understand and demonstrate compliance to external agencies. Gaining access to real time data creates a great deal of autonomy for audit and identity teams to be able to delve deep into their identity programs and prove compliance. However, making the data available even internally can put organizations at risk for data leaks and data policy violations. Erik will outline how companies can gain access to their current identity search and dashboard data and be able to query in their preferred BI tool based on their own data privacy policies and business needs, significantly reducing risk. This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpoint to learn more about them! Show Notes: https://securityweekly.com/esw-330

In the Security News: How not to send all your browser data to Google, apparently Microsoft needs pressure to apply certain fixes, the mutli-hundred-billion-dollar-a-year industry that tries to secure everything above the firmware, security through obscrurity doesn't work, should you hire cybersecurity consultants, pen testing is key for compliance, defense contractor leaks, inside a McFlurry machine, Barracuda is still chasing hackers, why Linux is more secure than windows, more details on WinRar and middle-out compression, a Wifi worm?, CVE-2020-19909 is almost everything that is wrong with CVE, Tacos, and hacking through a Fire stick! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-797

Amanda joins us to discuss aspects of incident response, including how to get the right data to support findings related to an incident, SMB challenges, cloud event logging, and more! Amanda works for Blumira and is the co-author of "Defensive Security Handbook: Best Practices for Securing Infrastructure." Show Notes: https://securityweekly.com/psw-797

Mystery, Qakbot, Crates.io, VDP, NetScaler, Entra ID, SynthID, FreeBSD, More News, and Jason Wood on the Security Weekly News. Show Notes: https://securityweekly.com/swn-322

We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in training and usage. But there are also areas where security tools are starting to address these concerns as well as areas where security tools are adopting AI themselves. We'll share where we see AI showing promise, as well as where we suspect it's still premature. Segment resources: https://www.forrester.com/blogs/defending-ai-models-from-soon-to-yesterday/ https://www.forrester.com/blogs/generative-ai-goes-mainstream-in-security-with-microsoft-security-copilot/ https://www.forrester.com/blogs/chatgpt-cybersecurity-ramifications-beyond-malware/ https://www.forrester.com/report/securing-generative-ai/RES179497 https://www.forrester.com/report/generative-ai-what-it-means-for-security/RES179522 Show Notes: https://securityweekly.com/asw-253

A Go Crypto presentation from Real World Crypto, Excel releases support for Python, protecting users from malware like the Luna Grabber and WinRAR RCE, DARPA's V-SPELLS project, and more! Show Notes: https://securityweekly.com/asw-253

In the leadership and communications section, A CISO's Actionable Strategy for Success, Security basics aren't so basic — they're hard, Building a Culture Where Employees Feel Free to Speak Up, and more! Show Notes: https://securityweekly.com/bsw-318

The metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators. Metawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse. What if we can longer rely on our senses to determine what is real and what is fiction? Winn's research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering Winn's own Metanoia, which had a profound impact on the entire Metawar Thesis. Winn joins Business Security Weekly to share his Metanoia. Show Notes: https://securityweekly.com/bsw-318

During this segment, Jon will explore today's ransomware economy players from IABS to RaaS affiliates, to money launders and now C2Ps. For the discussion, Jon will leverage Halcyon's latest research, which demonstrates a new technique to uncover how C2Ps, like Cloudzy, are used to identify upcoming ransomware campaigns and other advanced attacks. The research revealed that Cloudzy, knowingly or not, provided services to attackers while assuming a legitimate business profile. Threat actors that leveraged Cloudzy include APT groups tied to the Chinese, Iranian, North Korean, Russian, Indian, Pakistani, and Vietnamese governments; a sanctioned Israeli spyware vendor whose tools are known to target civilians; several criminal syndicates and ransomware affiliates whose campaigns have spurred international headlines. This segment is sponsored by Halcyon. Visit https://securityweekly.com/halcyonbh to learn more about them! In this session, Snehal will discuss several real-world examples of what autonomous pentesting discovered in networks just like yours. You'll hear more about how fast and easy it was to safely compromise some of the biggest (and smallest) networks in the world - with full domain takeover in a little more than a few hours. Learn how you can safely do the same in your own network today! This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3aibh to learn more about them! In this Black Hat 2023 interview, CRA's Bill Brenner and Sophos' John Shier discuss the company's latest research on the Royal ransomware gang. Though Royal is a notoriously closed off group that doesn't openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities. This segment is sponsored by Sophos. Visit https://securityweekly.com/sophosbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329

Openfire, Firepower, Barracuda, CosmicBeetle, Lazarus, Encryption, Network Tourism, India's on the Moon, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-321

Record funding levels over the last two weeks top 2023 and the same time last year. We discuss Palo Alto's plans for the future, CISA's analysis of the LAPSUS$ hacking group, and the uselessness of Quantum Security pitches. Chrome adds the ability to alert users about malicious extensions. A great post from Thinkst has us talking about why vendors (and buyers) need to be careful about default behaviors and documentation. You won't want to miss the excellent squirrel story - a front end for Reddit that looks like Microsoft Outlook. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329

Incredibly, the seemingly simple task of managing corporate-owned devices is still a struggle for most organizations in 2023. Maybe best MDM for Mac doesn't work with Windows, or the best MDM for Windows doesn't work with Mac. Maybe neither have Linux support. Perhaps they don't provide enough insight into the endpoint, or control over it. Whatever the case, security leaders never seem satisfied with their MDM solution and are always investigating new ones. Now, Kolide has stepped in with a unique approach to device management, combining the flexibility and industry support for OSQuery and built to integrate with IdP giant Okta. We discuss Kolide's entrance into the device management space and the current state of MDM - what's wrong with it, and how does Kolide propose to fix it? This segment is sponsored by Kolide. Visit https://securityweekly.com/kolide to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-329

In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-796

Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/blog/ https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true https://www.microsoft.com/bluehat/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-796

Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't -- come with XSS flaws, an approachable article on AI, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-252

Cold Fusion Flaw, EncroChat, sneaky Amazon and Google, Spoofing Apple devices, Telsa data breach, Space and Jason Wood on this episode of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-320

Modern applications are transforming how businesses serve their customers, employees, and partners. But they also challenge security teams with limited to no visibility or control while expanding an organization's attack surface. Jason Rolleston, vice president and general manager of VMware Carbon Black, discusses how security teams can enable their companies to safely adopt modern application environments. Segment Resources: https://blogs.vmware.com/security/2023/07/announcing-cloud-native-detection-and-response-for-carbon-black.html This segment is sponsored by VMWare Carbon Black. Visit https://securityweekly.com/vmwarebh to learn more about them! In today's mobile-first world, where Android and iOS apps are crucial for customer engagement, companies often overlook the vulnerability of their applications - which poses a growing risk to the enterprise. While business cybersecurity measures are robust, hackers exploit the app path to circumvent server-side security. To help you understand the risks and safeguard your mobile apps and your customer PII, Asaf Ashkenazi will talk about the top mobile app attacks, the real-world implications, the blind spot in many company security teams, and easy ways to protect, detect and respond to this growing threat. Segment Resources: [Asaf Ashkenazi introduces Verimatrix XTD](https://youtu.be/j3mJoc8OSY8) [Verimatrix XTD](https://www.verimatrix.com/cybersecurity/verimatrix-xtd/) [Verimatrix's Triple-Threat Initiative Enhances Mobile App Security](https://www.itsecurityguru.org/2023/04/13/verimatrixs-triple-threat-initiative-enhances-mobile-app-security/) This segment is sponsored by Verimatrix. Visit https://securityweekly.com/verimatrixbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-252

Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration. Segment Resources: https://www.zscaler.com/press/zscaler-2023-ransomware-report-shows-nearly-40-increase-global-ransomware-attacks https://www.zscaler.com/blogs/security-research/2023-phishing-report-reveals-472-surge-phishing-attacks-last-year This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerbh to learn more about them! The security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to significantly harden organizations' cyber defenses, and even unveils the latest, cutting-edge tools to be added to IRONSCALES' growing AI suite of capabilities. Meet IRONSCALES' Themis Co-Pilot for Outlook and learn how your team can use artificial intelligence to tip the scales back in your favor. Segment Resources: https://ironscales.com/company/news-awards/news/ironscales-announces-themis-copilot Video: https://youtu.be/ayn8ecsNgKY This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/ironscalesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-317

The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-317

The rapid growth of APIs used to build microservices in cloud-native architecture has left many enterprises in the dark when it comes to knowing where, how many, and what types of APIs they have. With multiple teams creating their own API endpoints without shared visibility or governance, exposed APIs can become a critical threat vector for hackers to exploit. Edgio's new advanced API security capabilities give customers integrated and unparalleled protection at the edge, protecting APIs that are critical to modern businesses. Edgio delivers these services as part of its fully integrated holistic Web Application and API protection solutions giving customers the ability to respond to threats quicker. An edge-enabled holistic security platform can effectively reduce the attack surface, and improve the effectiveness of the defense while reducing the latency of critical web applications via its multi-layered defense approach. Edgio's security platform "shrinks the haystacks" so that organizations can better focus on delivering key business outcomes. This segment is sponsored by Edgio. Visit https://securityweekly.com/edgiobh to learn more about them! Offensive security is a proactive approach that identifies weaknesses using the same exploitation techniques as threat actors. It combines vulnerability management with pen testing and red team operations to "expose and close" vulnerabilities before they are exploited. This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrabh to learn more about them! Join us at Black Hat as we delve into the world of Managed Detection and Response (MDR) providers. In this podcast, we'll explore the critical factors to consider when selecting an MDR provider, uncover the common shortcomings in their services, and discuss the necessary evolution required to ensure ongoing effectiveness and enhanced value for customers. Get ready to unravel the complexities of MDR and gain insights into the future of this vital cybersecurity solution. This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

Elon Throttling, Dilithium, Africa, Suse, Citrix, QR Codes, AI Meetings, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-319

As more organizations explore edge computing, understanding the entire ecosystem is paramount for bolstering security and resiliency, especially within a critical industry like healthcare. In this segment, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, will provide a deep dive into the state of edge computing—specifically, how it is revolutionizing healthcare. This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecuritybh to learn more about them! With Active Directory (AD) exploited in 9 out of 10 cyberattacks, delaying AD modernization—especially after a merger or acquisition—can compound security risks. Security is the most compelling reason to migrate to a pristine AD forest or perform an AD forest or domain consolidation, but many organizations delay such projects due to the effort and planning they require. We talk with Mickey Bresman about the keys to a smooth and secure AD modernization strategy. This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisbh to learn more about them! Security organizations are increasingly adopting data lakes and cloud services as additions or alternatives to traditional SIEMs, but face challenges like scarcity of data engineering expertise and high data ingestion and cloud compute costs. To overcome these, a new security data stack is emerging, guided by models like SecDataOps and supported by solutions like Tenzir. In this segment, we will be talking about what is driving the heavy use of data in security operations, why that is stressing traditional security operations tools and processes, and what some early-adopter organizations are doing to meet these challenges. This segment is sponsored by Tenzir. Visit https://securityweekly.com/tenzirbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

In the enterprise security news, Check Point buys Perimeter 81 to augment its cybersecurity 2023 Layoff Tracker: SecureWorks Cuts 300 Jobs Hackers Rig Casino Card-Shuffling Machines for 'Full Control' Cheating 'DoubleDrive' attack turns Microsoft OneDrive into ransomware NYC bans TikTok on city-owned devices Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-328

In the Security News: You should read the NIST CSF, JTAG hacking the original Xbox, tricked into sharing your password, attacking power management software, the vulnerability is in the SDK, tearing apart printers to find vulnerabilities, a pain in the NAS, urllib.parse is vulnerable, hacking the subway, again, how not to implement encryption from OSDP, Intel does a good job with security, and hacking card shuffling machines! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-795

The 2020 Armenian war with Azerbaijan called into action over 100 volunteer incident responders from across the country (and the globe) into action. Our guest for this segment was one of the leads during the 40-day conflict and helped organize teams that responded to everything from websites being attacked and country-wide Internet outages. [120K Project](https://www.120kproject.com/en) Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-795

DARPA unleashes an AI Cyber Challenge to find flaws, CISA asks for input on securing open source software and memory safety, what five years of vuln research shows for vuln management programs, siphoning security tokens from VS Code, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-251

A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, the ability to tell a story and engage an audience is a skill that doesn't appear on top ten lists and that doesn't come up in secure coding checklists. Josh shares his path to becoming a presenter on technical topics, including stumbles he's made along the way and how he helps others develop their skills for slides. Resources: https://www.joshuakgoldberg.com/blog/how-i-apply-to-conferences https://www.joshuakgoldberg.com/blog/how-i-apply-to-conferences-faqs https://www.joshuakgoldberg.com/blog/how-i-apply-to-conferences-faqs/#what-are-your-favorite-conference-talks-youve-seen https://www.youtube.com/watch?v=mPPZ-NUnR-4&t=25743s&ab_channel=JSWORLDConference Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-251

DEFCON, ScrutisWeb, DoubleDrive, GitHub, npms, AI Cheating advice, More news and Jason Wood Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-318

The modern web browser is the single most commonly used application by enterprises worldwide. Its power, simplicity, and usability makes it an essential tool at work. And yet, the browser is not an enterprise application. It lacks the fundamental controls enterprises require to ensure proper security, visibility, and governance over critical apps and data. As a result, we surround the browser with a massive security ecosystem in an attempt to manage the intersection between users, web applications, and the underlying data. In the process, our technology stack becomes complex, expensive, and fragile to maintain, while end users are left with a frustrating experience. All because the consumer browser was not designed with enterprise needs in mind. The question is: What if there was a browser designed exclusively for the enterprise? This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more about them! Hear from Karim Toubba, CEO of LastPass, on LastPass' journey to passwordless, the importance of a passwordless world and why authentication is becoming more complex and facilitating the ease of authentication for users at work and at home. This segment is sponsored by LastPass. Visit https://securityweekly.com/lastpassbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-316

In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-316

We discuss Ian Amit's background and what led him to want to leave the CISO life to create a startup! It's one thing for a security product to report problems to a security team. Everyone has these tools, but the problem is that someone has to analyze and triage all those findings, leading to alert fatigue and not a lot getting fixed. Gomboc is proposing to address this gap by auto-generating the fix. https://www.blackhat.com/us-23/spotlight.html Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-327

Creepy AI, Codesys, Kyber768, .net, Gootloader, DARPA, EvilProxy, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-317

This week, we discuss Kubernetes attacks and CPU attacks. We also have a better idea of what valuation losses might be for security startups, thanks to the Check Point/Perimeter 81 acquisition. MITRE releases, ATLAS, an ATT&CK-style framework for machine learning models. Bloodhound's new rearchitected Community Edition is out, and Las Vegas's Sphere hasn't been hacked... yet. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-327

Binarly is one of only a few startups focused on highlighting security issues in firmware. The company has discovered a remarkable number of vulnerabilities in firmware in a very short time. Its' founder, Alex Matrosov, joins us to discuss insights discovered along his company's journey to convince vendors that firmware is worth securing. https://www.blackhat.com/us-23/spotlight.html Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-327

In the Security News: Hacking your Tesla to enable heated seats (and so much more), The Downfall of Intel CPUs, The Inception of AMD CPUs, that's right we're talking about 3 different hardware attacks in this episode! Intel issues patches and fixes stuff even though its hard to exploit, Rubber Ducky you're the one, history of Wii hacking, don't try this at home Linux updates, we are no longer calling about your vehicle warranty, cool hardware hacking stuff including building your own lightsaber, you Wifi keys are leaking again, the evil FlipperZero, Buskill, complaining publically works sometimes, these are not the CVSS 10.0 flaws you are looking for, when side channel attacks, dumpster diving for plane ticks, and go ahead, try and hack a robotaxi! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-794

Just how prepared are you for the next cybersecurity incident? Depending on the definition, security incidents likely happen daily at most enterprises. Because we can't prevent everything, the key to success is to be in a constant state of readiness. This means regular training with a focus on preparation. Gerard will walk us through tips and tricks to keep our incident response teams in tip-top condition. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-794

Zap gets a jolt of new support, using Clang for security research, LLM attacks learn models, Rust visualizes dependencies, a National Cyber Workforce and Education Strategy, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-250

BilDad the Shuhite, Points.com, Papercut, Prospect Medical, SMS, Microsoft, DAAS, Chatbots, More News, and Jason Wood. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-316

Mature shops should be looking to a security architecture process to help scale their systems and embrace security by design. We talk about what it means to create a security architecture process, why it's not just another security review, and why it requires security to dig into engineering. Segment Resources: https://www.lacework.com/ciso-boardbook/ciso/merritt-baer Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-250

In the leadership and communications section, How CISOs can engage the C-suite and Board to manage and address cyber risk, CISOs Need Backing to Take Charge of Security, It's OK to Fail, but You Have to Do It Right, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-315

On July 31st, 2023, the Biden administration released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative. The National Cyber Workforce and Education Strategy focuses on four major pillars: equipping every American with cyber skills, transforming cyber education, expanding and enhancing the national cyber workforce and strengthening the federal cyber workforce. The strategy relies heavily on non-governmental and private sector entities to provide funding, internship and apprenticeship programs to increase the number of workers with cybersecurity skills. One of those entities referenced in the strategy is Dakota State University. Dr. José-Marie Griffiths joins us to discuss education's role in the strategy, but offers other insights, including: immigration policies and how it limits the current cyber workforce, diversity, equity, and inclusion initiatives and the reduction of women in the cyber workforce, and what can the cyber community do to help. Segment Resources: https://www.dsucyber27.com/ https://dsu.edu/programs/artificial-intelligence-bs.html https://dsu.edu/programs/computer-science-artificial-intelligence.html Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-315

This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-326