
Security Weekly Podcast Network (Video)
4,876 episodes — Page 26 of 98

Has the traditional CISO model outlived its usefulness? - Nathan Case - ESW #325
The traditional concept of the CISO may literally be 'too much', according to Nathan Case. It's based on systems of control and unrealistic assumptions that don't survive contact with real life. In this conversation, we'll discuss what the top security leadership role should be, and how it differs from the current/old school concept. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-325

Post-Breach: The Hardening Continues - Sean Metcalf - PSW #792
Once an incident has occurred and you've responded, then what? Join us for a chat with Sean Metcalf on what we can do to ensure our infrastructure remains resilient after a security incident. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-792

SSH-Agent RCE, CTFs & bug bounties, Satellite Security, Cyber Trust Mark, Bad.Build - ASW #248
RCE in ssh-agent forwarding, finding zero-days in CTFs, Node's vm2 can't be secured, NPM packaging ambiguities, privilege escalation in Google's Cloud Build, putting satellite security into low-earth analysis, FCC proposes a trust mark, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-248

Citrix, Ivanti, DOJ changes, Elon X, TETRA Radio, Google WEI, Jason Wood, and More - SWN #312
Citrix, Ivanti, DOJ changes, Elon X, TETRA Radio, Google WEI, Jason Wood, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-312

Google's AI in Newsrooms, Sergey Brin's AI Return, & State AI Hiring Rules - BSW #313
This week in the leadership and communications section: the SEC is asking for comments on Cybersecurity on Wednesday, July 26, 2023 at 10:00 a.m - Be there and tell them what you think of their cybersecurity regulations! Google has a new AI tool for journalism, Sergey Brin is back at Google, paving the path for "Blue-Collar AI" professionals, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-313

Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248
Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex architectures and work on addressing classes of vulns rather than just playing BugOps with scanner outputs. This segment is sponsored by GuidePoint. Visit https://securityweekly.com/guidepoint to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-248

Improving Diversity and Accessibility in Cybersecurity - Laurie Salvail - BSW #313
CYBER.ORG, in partnership with CISA, is helping create a diverse cyber workforce by breaking down the barriers to cybersecurity education by improving access for all K-12 students nationwide. CYBER.ORG's HBCU feeder program Project REACH was recently highlighted in CISA's 2022 Year in Review as part of the agency's commitment to improving diversity and accessibility in the field. Laurie Salvail, Director of CYBER.ORG, joins BSW to discuss: - Why the expansion of K-12 cybersecurity education is the first step toward building a diverse talent pipeline. - How CYBER.ORG has implemented initiatives to drive diversity in cybersecurity including: - Project REACH, the HBCU feeder program launched across the country to build the next-gen workforce, and its plans to expand kickoff events in 2023. - Project Access, a program for the blind and visually impaired who are in pre-employment transition (Pre-ETS), and the summer camps on the horizon. - CYBER.ORG's plans to expand diversity and inclusion efforts in the coming year to Hispanic-serving institutions. Segment Resources: To learn more about CYBER.ORG or to get involved, visit: https://www.cyber.org Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-313

Microsoft Storm, WormGPT, Century of the Linux Desktop, & IronNet's Public Run - ESW #324
Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet's public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-324

AirGaps, Slackware, Mitnick, Awareness, Microsoft, Bad API, Aaran Leyland and More - SWN #311
AirGaps, Slackware, Kevin Mitnick, Awareness, Microsoft, Bad API, JumpCloud, Megarac, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-311

Zero-ish Trust - you'll never get all the way there and that's okay - Ryan Fried - ESW #324
Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-324

How to fix the enterprise security user experience - Juliet Okafor - ESW #324
Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-324

Security Certification - Rohit Misuriya, Sumit Siddharth - PSW #791
Sumit comes on the show to teach us a little about PHP type-juggling, introduce a free online security lab, and discuss the new certifications being offered in collaboration with Blackhat. Segment Resources: Our SecOps exams: https://secops.group/cyber-security-certifications/ Black Hat's Certified Pentester exam: https://www.blackhat.com/us-23/certified-pentester.html Vulnmachines platform: https://www.vulnmachines.com/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-791

Lost Keys, LOL Drivers, Nintendo Helps FBI, Mali Mail, & Our Rap Names - PSW #791
This week, up first is the Security News: Microsoft lost its keys, LOL drivers, If you were the CSO, try to keep employees happy but remove their accounts when they leave, gaming device finds a missing child, $3 brute forcing, undocumented instructions are sometimes the best instructions, remote code on your Oscilloscope, fuzzing satellites, routers are great places to hide, typos lead to information leaks of US military emails, pwning yourself, pwning security researchers, getting pwned by a movie, and WormGPT! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-791

Scotty in Hell, CISA, S3, White House,Microsoft, Mali, Jason Wood and More - SWN #310
Scotty in Hell, CISA, S3, the White House, Risky Devices, Microsoft, Mali, Virus Total, Jason Wood, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-310

Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247
While much has been written and argued about the security of election systems - the things that do the actual ballot counting - there's other systems that have to be in place and secured before the vote can occur - voter registration databases, ballot delivery systems, etc. Might it be possible to use modern appsec concepts OWASP SAMM to secure them in a more efficient, targeted, cost-effective manner? Brian Glas joins us to talk about this and his ongoing work around providing students with a modern application security education. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-247

Say Easy, Do Hard, The Future of the CISO, Part 2 - BSW #312
If the CISO/CSO is still an executive position, then what are the requirements of this role? In part 2, we debate the requirements of the CISO/CSO role and expectations of the organization. To be a true executive role, the CISO/CSO needs to have the decision making authority with the same protections of other officers. Will they get it? We debate. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-312

Kubernetes and silentbob strike back, EV charger hacking, fake POCs - ASW #247
It's a busy news week - We explore what happens when people trust plugging cables into their EVs in public, how an APT is leveraging docker and kubernetes to build a botnet, why you should be careful running code from "researchers," and much more. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-247

Say Easy, Do Hard, The Future of the CISO, Part 1 - BSW #312
Less than 50% of the Fortune 500 have a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) listed on their executive team. Why is that? Is this role not considered an executive position? In part 1, we debate the role of the CISO/CSO and whether it is or is NOT and executive position. We've made a lot of progress over the last 20+ years, but has the role peaked? Will the role continue to get a seat at the table as a C-level executive or will it atrophy back to a VP or Director role? Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-312
17 Fundings, AI Sec, Cell Privacy, School Hacks, & Nifty Swifties - ESW #323
Finally, in the enterprise security news: We were off for a week, so there are 17 fundings to discuss! AI security startups emerge, and 8 acquisitions! Snyk loses 50% off its valuation is building security tools the wrong approach? SEC delays new cybersecurity rules, Why taylor swift fans should work in security, All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-323

Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, and Aaran Leyland - SWN #309
Microsoft, Zimbra, Rockwell, Joe Biden, Tax Software, Black Mirror, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-309

It's Time for the Traditional SIEM to Die - Eric Capuano - ESW #323
InfoSec might have a hoarding problem, but it's easy to understand why. It's almost impossible to know what logs you're doing to need, when you're going to need them, or for what reason. SIEM vendors have taken advantage of these InfoSec data hoarding tendencies, however, and are making a killing charging a premium for storage - even when the storage in question is your own on-prem hardware. There ARE alternatives, however, but it seems most folks aren't aware of this. In this interview with Eric Capuano, we'll discuss both the practical and economic shortcomings of the traditional SIEM model. We'll discuss the challenges of various SIEM use cases. Most importantly, we'll discuss the new models actively replacing them. (No, they're not branded as next-gen SIEMs) Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-323

It's Alive!, Slow Migrations, Hiding on the Net, BlackLotus Source, & Gaslighting - PSW #790
In the security news: Someone is going to get hurt, slow migrations, hiding on the Internet is hard, more Fortinet vulnerabilities, BLackLotus source code, the difficulties with roots of trust, stealthy rootkits, patching made easy?, rowhammer and gaslighting, signing with time machines, memory is complicated, and it's alive!!! It's alive!!! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-790

"Just Write a SIEM rule" isn't a detection strategy - Tim MalcomVetter - ESW #323
Tim MalcolmVetter has been alternating between blue team and red team roles for years. Moving between the two has had its advantages, giving Tim a better understanding of what works, what doesn't and why. We'll discuss a variety of topics, including the pros and cons of industry talent pipelines, Kerberoasting, and AI trends. 2023 Cybersecurity Conversations Report: https://eb1x.co/NWn0RHK Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-323

Getting Control Of Your Security Data Pipeline - JP Bourget - PSW #790
Getting the correct data in the right place for incident response is challenging. JP comes on the show to talk about how he is helping companies with these challenges, getting control of the security data pipeline while helping save costs! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-790

Developer-Focused Security - Melinda Marks - ASW #246
Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and GitOps Security" and discuss trends to help security keep up with modern software development. Segment Resources: ESG Complete Survey Results: Walking the Line: GitOps and Shift Left Security: https://research.esg-global.com/reportaction/515201532/Toc Addressing the confusion around shift-left cloud security | TechTarget: https://www.techtarget.com/searchsecurity/opinion/Addressing-the-confusion-around-shift-left-cloud-security Melinda Marks's Most Recent Content: https://www.techtarget.com/contributor/Melinda-Marks Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-246

Software Trust & Adversaries - Shannon Lietz - ASW #246
Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community effort to measure software trust. She also covers threat modeling and adversary management as steps towards determining an org's resiliency and security. Segment resources: https://community.ravemetrics.com Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-246

Hairy Tongue, MoveIt redux, HCA, Apple, Threads, Jason Wood, and More on SWN - SWN #308
Green, Hairy Tongue, MoveIt redux, HCA, Apple, Threads, Jason Wood, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-308

CISO as a Business Executive, Mastering Effective Leadership & Communication Skills - BSW #311
In the Leadership and Communications section, CISO as a Business Executive: 5 areas to focus on and 5 actions you can take to run cybersecurity…, How to win the battle for cybersecurity budgets, Mastering Effective Communication Skills with the Dale Carnegie Method, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-311

The Golden Age of Email Security - Jess Burn - BSW #311
A golden age is a time of great achievement in a society or industry — a time of innovation and the furthering of new ideas via new mediums or technological advancements. Email security is now entering a golden age after stagnating for the better part of a decade. Is it time to celebrate? Customers have more choice than ever when it comes to protecting how employees, customers, and partners communicate and collaborate. Often, those customers are choosing more than one email security partner in a layered or multilayer approach to protection, as it provides greater efficacy — and peace of mind. But is that sustainable in a consolidating market? Jess Burn, Senior Analyst from Forrester Research, joins us to discuss the results of The Forrester Wave on Enterprise Email Security for Q2 2023. Segment Resources: https://www.forrester.com/blogs/announcing-the-forrester-wave-enterprise-email-security-q2-2023/?ref_search=604835_1688574622533 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-311

AI Bots - SWN Vault
Robots have always had a kind of scaling from very mechanical to autonomous devices that are self aware. On this episode of SDL, Russ and Doug discuss AI, how bots work, and botnets in general. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-2

Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack - Joseph Carson - ESW Vault
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on August 11, 2022. Following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker's techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-3

The Psychology of Training - Matias Madou - ASW Vault
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 23, 2022. Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. We'll talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-asw-3

Thoughts From A Security Legend - Dan Geer - PSW Vault
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand. At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion." So, without further ado, enjoy our interview with Dan Geer! Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-3

Killer Robots - SDL - SWN Vault
AI, machines, and killer robots, oh my! Elon Musk and 116 people sent a letter to the UN asking that Autonomous Weapons be banned. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/vault-swn-1

The Fifth Domain - Richard Clarke - BSW Vault
This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days! In the Leadership and Communications segment, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-3

Vendor Failures Coming, MDM Confusion, Cyberinsurance Mess, Tines, & an AI Camera - ESW #322
This week, for the enterprise security news, we discuss the continuing impact of the market downturn and how it might affect late stage startups. We also discuss the state of cyber insurance - is it improving? SEC is starting to get traction with new and proposed cyber rules. Enterprise browsers not living up to the hype isn't even a hot take anymore, it's merely smoldering. Valence Security's state of SaaS report is out, and finally - how much would you pay for an AI camera that has no lens? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-322

Russian Satellites, Cl0p, CISA, YouTube, ArcServ, EarlyRat, Aaran Leyland, & More - SWN #307
This week in the Security News, Dr. Doug talks: Russian Satellites, Cl0p, CISA, YouTube, ArcServ, EarlyRat, Aaran Leyland, and More on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-307

The State of IoT Security in 2023 - Paddy Harrington - ESW #322
Paddy Harrington joins us from Forrester research to discuss his findings in this year's state of IoT security report. Computers have been shoved into anything and everything, both in the home and in the workplace. Paddy will share some interesting insights from the report, and we'll discuss why some of the results seem to conflict. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-322

Digging Into DSPM & the Future of Data Security in the Cloud - Dan Benjamin - ESW #322
Securing data is hard. Business stops when data flows are hindered, stopped, sometimes even slowed. Placing controls around data traditionally leads to more friction and less productivity. Can it be a different story in the cloud? Today, we find out when we talk to Dan Benjamin about why he founded Dig and the space they're trying to fill in public cloud services. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-322

Melting Neighbors, SBOMs, DIY 2FA - PSW #789
In the security news: You got so many CVEs you need your own, dedicated, vulnerability scanner, melting your neighbors with hacking, The FDA's SBOM and OSS, when the vulnerability scanner has a vulnerability, violating CISA directives at scale, make 2FA a little easier with this device, NSA's BlackLotus mitigation guide: who needs those certificates anyhow? All that and more on this episode of Paul's Security Weekly. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-789

Pen Testing & Adversary Emulation - Carlos Perez - PSW #789
In this segment we welcome Carlos Perez back to the show! Carlos will discuss methods we can use to hide one systems and cover our tracks. We'll cover how on a system (as administrator) the blue team's struggle using default logs or even on a default install of Sysmon to detect an attacker. Attackers can selectively disable modern event log providers, take action and then re-enable. We will demo this and how to best monitor for this technique. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-789
XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245
Two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245
Win 3.1, Fortinet, Women in Cyber, Teams, IOS, Mockingjay, Jason Wood and More - SWN #306
This week in the Security News, Dr. Doug talks: Win 3.1, Fortinet, Women in Cyber nominations, Teams, IOS, Mockingjay, Jason Wood and More! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-306
Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245
Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs. Segment Resources: AppSec Indicator Spring 2023 edition: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand) This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245

CISO Burnout Prevention, Maximizing Leadership Potential, & Effective Management - BSW #310
In the Leadership and Communications section, CISO Burnout Prevention: Tips for Work-Life Balance, Maximizing Leadership Potential, The Essence of Effective Management: Commitment, Foresight, and Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-310

The Pros & Cons of Vendor Consolidation - Shawn Surber - BSW #310
In a tight economy, security budgets have been under scrutiny. Vendor consolidation strategies are real, but what are the pros and cons of this strategy? Shawn Surber from Tanium joins us to discuss how vendor consolidation is playing out and what to look for. It's not just an expense exercise, it's also a strategic alignment exercise. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-310

Cyber Directors (& Tsars!), Replace Your Hardware, Drink For PCI, & Handheld Gaming - PSW #788
In the Security News: There is no national cyber director, time to move away from MoveIT, update Microsoft IIS at least every 6 years, your security system is not secure, for that matter neither is your smart pet feeder, identity management is hard, at least for some, spies using spy gadgets to spy on spies, go ahead and just replace your hardware, secure boot is hard, bypassing the BIOS password (but don't try this at home, or work for that matter), Rob shaved his beard, what's new in PCI (drink, are we still drinking on PCI? If so, drink again), if your firmware isn't patched, no cloud updates for you, and Gigabyte has a backdoor! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-788

How Good CISOs Build Bad Security Programs - Juliet Okafor - ESW Vault
Check out this interview from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on September 29, 2021. No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/vault-esw-2

Penetration Testing - Emilie St-Pierre - PSW #788
Emilie comes on the show to talk about penetration testing and share her knowledge and stories! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-788

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent trends in policy proposals shaping the future of security. We will also talk about bug bounties and vulnerability disclosure, what are some of the industry's best practices in this area, how to implement these programs to foster security, collaboration and transparency, and how this connects to the policy momentum and its impact on security researchers. Segment Resources: Project Circuit Breaker: https://www.intel.com/content/www/us/en/newsroom/news/intel-launches-project-circuit-breaker.html Project Circuit Breaker Landing Page: https://www.projectcircuitbreaker.com/ Intel's 2021 Product Security Report: https://www.intel.com/content/www/us/en/security/intel-2021-product-security-report.html Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/vault-asw-2