PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 37 of 98

Digital Identity: The Cornerstone of Our Digital World - Andrew Hindle - ESW #271

Digital identity is key to modern security architectures; enables privacy-preserving, trusted services; and drives customer-oriented experiences. Key trends like passwordless, verified credentials, and personal identity will have a profound effect on enterprise security. Discover how you can make the most of these evolutions, and learn how you can support the industry and its professionals. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw271

Apr 30, 202227 min

Silk Road Seizure, Psychic Signatures, Twitter Algorithms, & Linux Desktops - PSW #738

This week in the Security News: Java's "psychic paper", Musk's plans for Twitter's algorithm, Bossware, What Google is getting wrong about expired domains, & NFT Tweet Auctions, Silk Road Seizures, 0-Days, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw738

Apr 30, 20221h 16m

The Turbulent Cloud Security Market - Rich Mogull - ESW #271

Cloud security is confusing enough these days, but a complex product landscape doesn't make it any easier. In this segment we'll talk about what's driving this, how to make sense of it, and where to find things that actually help. To register for our upcoming webcast with Rich Mogull on Deploying Cloud Applications Securely, visit https://attendee.gotowebinar.com/register/3131398543024475915?source=esw Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw271

Apr 29, 202244 min

Cryptography Collecting & Japanese Typewriters - Marcus Sachs - PSW #738

Marcus Sachs, the Deputy Director for Research at the McCrary Institute for Cyber and Critical Infrastructure Security, joins to discuss his cryptography collection, service for the US Army & Government, Antique Typewriters, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw738

Apr 29, 20221h 10m

Security Blind Spots: Are You Protected? - Michael Aminov - PSW #738

The need to communicate, collaborate and do business on a global level has created a proliferation of cloud based applications and services. Email. Cloud Storage. Messaging platforms. CRM. Digital Apps and Services. Organizations continue to add new cloud channels to support their business needs. But with new channels come new security blind spots that must be addressed. In this session we'll discuss: Cyber attack trends in the collaboration channel ecosystem The (yet) unsolved challenges of email security – the main channel of targeted attacks The rising threat of cloud collaboration and the growing risk of content-borne attacks ...And we will walk though three use cases, their challenges and their deployments. Segment Resources: Request a demo and get a FREE coffee on us: https://hubs.la/Q0156lpK0 This segment is sponsored by Perception Point. Visit https://securityweekly.com/perceptionpoint to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw738

Apr 29, 202253 min

What Does Software Supply Chain Security Threat Mean to Developers? - Dr. Chenxi Wang - ASW #194

How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a more-protected consumer. Dr. Wang will offer her perspectives on the above question as well as address: - How companies can set their developers up for security success - The importance of implementing micro-learnings - What should CISOs' expectations be of developers and developers' expectations of CISOs after Feb. 6 and beyond? - How corporate boards should be aware of implications of developer's pervasive development and software security and how they should work together Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw194

Apr 27, 202234 min

Cybersecurity Metrics, Litigation Risks, and 10 Critical People Skills for CISOs - BSW #260

In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America's Boardrooms, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw260

Apr 27, 202229 min

Forrester's Top Security Program Recommendations for 2022 - Jess Burn - BSW #260

Security leaders are using their hard-won influence with senior leadership to take on challenges related to emerging threats and unrelenting attackers. Yet plenty of old problems remain and are piling up. In this session, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues. Segment Resources: Blog post: https://www.forrester.com/blogs/our-2022-top-recommendations-for-your-security-program-cisos-get-an-offer-they-cant-refuse/?ref_search=604835_1649953578273 Full report: https://www.forrester.com/report/top-recommendations-for-your-security-program-2022/RES177270?ref_search=604835_1649953578273 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw260

Apr 26, 202228 min

Java's ECDSA for Nought, Writing a Kernel RCE, Okta's Conclusion, Log4Shell Hot Patch - ASW #194

Java's ECDSA implementation is all for nought, writing a modern Linux kernel RCE, lessons learned from the Okta breach, lessons repeated from a log4shell hot patch, a strategy for bug bounties, Microsoft finally disables SMB1 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw194

Apr 26, 202235 min

Startup Failures, Thoma Bravo, Fortress InfoSec, SEC & CISOS, & Squirrely Medicine - ESW #270

This week in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya's breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time - how many security vendors are on the list? Is the SEC forcing CISOs into the boardroom, Better, but harder to collect, security metrics, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw270

Apr 23, 202239 min

Grasping Logitech Lift, Lenovo Malware, CISA Warns of Print Spooler, & 0-Day Holes - PSW #737

Logitech's Lift is a vertical mouse that's easier to grasp, CISA warns of attackers now exploiting Windows Print Spooler bug, Google tracked 58,exploited zero-day security holes in 2021, For Russian tech firms, QNAP urges customers to disable UPnP port forwarding on routers Putin's crackdown ended their global ambitions, & Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737

Apr 23, 20221h 9m

State of the Market With a VC - Will Lin - ESW #270

This is a recurring segment, in which we bring on a VC to provide an investor's point-of-view on all this activity. It's hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! We're very excited to have Will back on and are looking forward to discussing: - Huge valuations and potential pricing/market resets and corrections - Interesting new security categories: DSPM, SaaS Security, Enterprise Browsers - Why security startups seem to be more resilient than in other markets (for reference: https://www.cbinsights.com/research/biggest-startup-failures/) Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw270

Apr 23, 202253 min

A Deep Dive into HP SureClick Enterprise - Dan Allen - ESW #270

Learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization. This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them! Segment Resources: https://threatresearch.ext.hp.com/zero-trust-in-reverse-why-the-current-definition-of-zero-trust-is-only-half-full/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw270

Apr 22, 202234 min

The Law, War Crimes, & the Foreign Legion - Capt. John Alfred, Thomas Lonardo - PSW #737

Considering that history has always had foreign legions, from Lord Byron fighting in Greece (well fighting might be a bit much), to For Whom the Bell Tolls, to the Flying Tigers, to the Layfayette Escadrille, foreign fighters have often entered war zones for a wide variety of reasons. Today, well, you can join up to a virtual cause and fight for whatever cause you are seeking and fight from the comfort of your own gaming chair. No selling your estates and dashing off to attack Lepanto, although you can do that too if you like. In this segment, we discuss, the computer fraud and abuse act, what it means to be a member of the foreign legion, and revisit the whole idea of hacking back as a security technique! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737

Apr 22, 202259 min

The Development of Cyber Crime Fighting Units - Capt. John Alfred - PSW #737

John Alfred is a retired Police Officer that directed a Computer Crimes unit for years. This segment will discuss how that unit got developed, what kinds of skills might be useful to develop in your own units, and what sorts of mistakes are often made trying to operate computer crimes units! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw737

Apr 22, 20221h 0m

10 Signs, 4 Horsemen, and 3 Ways to Control Your Career - BSW #259

In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw259

Apr 20, 202234 min

Navigating the Complexities of Policy and Compliance in Hybrid Clouds - Tim Woods - BSW #259

With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever. Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw259

Apr 19, 202230 min

OAuth Tokens Taken, Vulns in Medical IoT, Scoring a Proactive Security Culture - ASW #193

OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw193

Apr 19, 202238 min

Appsec (and adjacent) Metrics - ASW #193

We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them? Segment resources - https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics - https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw193

Apr 18, 202238 min

DuckDuckGo for Mac, Juniper Networks, Future of InfoSec, & Subpar Products - ESW #269

This week in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

Apr 16, 202247 min

Forensic Challenges for Security Professionals - Justin Tolman - ESW #269

Security professionals face a variety of challenges on a daily basis. The cybersecurity talent shortage and the so-called Great Resignation can lead to gaps in security, an increase in insider threats and overworked employees, not to mention external threats like hacking and ransomware. Digital forensics can help alleviate these challenges with solutions that collect evidence properly, automate workflows, function in Zero Trust environments and detect and mitigate insider threats. Segment Resources: FTK Over the Air podcast: https://www.exterro.com/ftk-over-the-air-podcast FTK Feature Focus weekly videos: https://youtube.com/playlist?list=PLjlGL4cu_NaM0e7h1RCTJwNnZb-dyUf3B This segment is sponsored by Exterro. Visit https://securityweekly.com/exterro to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

Apr 16, 202233 min

Bullseye OS, Unicode Mystery, 'Bearded Barbie' CatPhishing, & NginxDay - PSW #736

This week in the Security News: Hackers have found a clever new way to steal your Microsoft 365 credentials, Former Ethereum Developer Virgil Griffith Sentenced to 5+ Years in Prison for North Korea Trip, An update to Raspberry Pi OS Bullseye, Bearded Barbie hackers catfish high ranking Israeli officials, & Nginxday! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

Apr 16, 20221h 26m

The Role of Automation in Pen Testing - Bob Erdman - ESW #269

With cybersecurity attacks continually on the rise, security teams are under more pressure than ever. It's imperative to use your pen testing resources wisely, leveraging automation capabilities where it makes sense to save time and help conduct more impactful engagements. During this interview, Bob Erdman will discuss how to find the right balance between the reliability and efficiency of pen testing automation with the astuteness and logic of human intervention. Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

Apr 15, 202237 min

Amanda Berlin - PSW #736

Amanda Berlin joins us to discuss what she's been up to since her last appearance on the show. It's only been a couple of years, but a lot has changed in that time. Tune in to hear about what changes the pandemic brought to the vision and operations of Mental Health Hackers, and how they pivoted to a virtual environment during this time. The crew talks about their experience going from traveling to 15-20+ conferences a year, down to hardly any conferences during Covid, and what their future plans are now that in-person events are coming back around. Amanda fills us in on her current role at Blumira, other business ventures, and where you can find her speaking/running a village in the near future! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

Apr 15, 20221h 0m

Third Party Risk Research - Mike Wilkes - PSW #736

Mike Wilkes CISO at SecurityScorecard joins us to discuss third party risk research! This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecard to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

Apr 15, 202259 min

Cybersecurity is IT's Job, Why CISOs Fail, & Create a Culture of Security - BSW #258

In the Leadership and Communications section: Cybersecurity is IT's Job, not the Board's, Right?, Why Some CISOs Fail, How JetBlue creates a culture of security, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw258

Apr 13, 202229 min

Actionable High Resolution Threat Intelligence - Derek Manky - BSW #258

By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques. FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries' goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware's methods for attack entirely in some situations. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw258

Apr 12, 202227 min

SSRF at a FinTech, Zoom's Bounties, SLSA Build Provenance, & Raspberry Pi Credentials - ASW #192

In the Application Security News: SSRF at a FinTech leads to admin account takeover, Zoom's bounty payouts for 2021, SLSA demonstrates Build Provenance, Go's supply chain philosophy, Raspberry Pi credentials, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw192

Apr 12, 202241 min

Service Mesh & Zero Trust Kubernetes Security - William Morgan - ASW #192

The zero trust approach can be applied to almost every technology choice in the modern enterprise, and Kubernetes is no exception. For Kubernetes network security particularly, adopting a zero trust model involves some radical changes, including moving from a security perimeter defined by firewalls, IP addresses, and cluster boundaries to a granular approach that treats the network itself as adversarial and moves the security boundary down to the pod level. William will discuss why the zero trust approach is increasingly necessary for comprehensive Kubernetes security, the dos and don'ts when adopting Kubernetes, the implications for operators and security teams, and where tooling like service mesh plays a role. Segment Resources: - https://github.com/linkerd - https://linkerd.io/ - https://buoyant.io/mtls-guide/ - https://buoyant.io/service-mesh-academy/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw192

Apr 11, 202235 min

Editing Tweets, Lithuanian Unicorn (NordVPN), Trust Issues, & Ubiquity Legal Battle - ESW #268

Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of "Say" and "Do", Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

Apr 11, 202246 min

Teen Hackers, WTF Apple, Finding iPhones, & Getting Wise to Wyze - PSW #735

In the Security News for this week: Ransomware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iPhone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, ranking endpoint detection, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735

Apr 9, 20221h 8m

Why Learning Offensive Security Makes You A Better Defender - Catherine Ullman - ESW #268

Defensive and Offensive skills have never been mutually exclusive, but the value in training across disciplines has often been overlooked. Catherine joins us today to explain why familiarity with offensive skills, tools, and the attacker's mindset is such a huge benefit for defenders. A few of the highlights we'll cover in this interview include: - How to get started, learning offensive tools and techniques - What it means to be an 'Active Defender' - How to get into the head of the attacker - How to avoid 'tool-focused tunnel vision' Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

Apr 9, 202233 min

Hacking Kubernetes - Jay Beale - PSW #735

Jay comes on the show to talk about container and Kubernetes architecture and security (or lack thereof). Segment Resources: Peirates, a Kubernetes penetration testing tool: https://www.inguardians.com/peirates/ Free Kubernetes workshops: https://inguardians.com/kubernetes/ DEF CON Kubernetes CTF https://containersecurityctf.com/ Jay's Black Hat Kubernetes Attack and Defense Training https://www.blackhat.com/us-22/training/schedule/index.html#abusing-and-protecting-kubernetes-linux-and-containers-26473 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735

Apr 8, 20221h 12m

Common Sense Steps for Implementing Shields Up - Josh Snow - ESW #268

In the recent Shields Up advisory, CISA released guidance advising enterprises to prepare for an influx of malicious cyber activity. The advisory includes best practices for reducing the likelihood of a damaging cyber intrusion and how to detect and respond to potential incidents from nation state-sponsored actors. Josh Snow joins Enterprise Security Weekly to provide additional, practical advice for analysts who are on the front lines of the developing cyber conflict. He will dive into the specific practices and protocols that defenders should shore up, as well as behavioral indicators that signal active exploitation attempts. Segment Resources: A Practical Guide for Shields Up: https://www.extrahop.com/resources/papers/shields-up-guidance-for-organizations/ Free Shields Up Assessment: https://www.extrahop.com/lp/free-shields-up-assessment/ This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

Apr 8, 202235 min

Identity Security Challenges - Active Directory, Azure AD, & Okta Oh My! - Sean Metcalf - PSW #735

Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735

Apr 8, 20221h 5m

Leaders Must Build Trust, 600,000 Open US Jobs & Cybersecurity Retention Issues - BSW #257

In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw257

Apr 6, 202231 min

How Endpoint Isolation Can Solve the Hybrid/Remote Work Challenges - Jonathan Gohstand - BSW #257

As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw257

Apr 5, 202226 min

Escaping from BlastDoor's Sandbox, Spring RCE, Old Zlib Flaw, Startup Security - ASW #191

FORCEDENTRY implications for the BlastDoor sandbox, Spring RCE, Zlib flaw resurfaces, security for startups, verifying Rust models, two HTML parsers lead to one flaw Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

Apr 5, 202239 min

Democratizing Software Security - Eric Allard - ASW #191

Making a positive impact to how we package software to make developer's lives easier in how they have to manage security. Segment Resources: - https://app.soos.io/demo - https://soos.io/ - https://youtu.be/Y8jvhCHGQg8 This segment is sponsored by soos.io. Visit https://securityweekly.com/soos to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

Apr 4, 202239 min

Zimperium, Crypto Heists, NPM Attack, $11B For CyberSec, & a Threat to SPACs - ESW #267

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Apr 2, 202253 min

Clearing the Air on Zero Trust - Steven Turner - ESW #267

Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because: 1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc) 2. a vendor is using 'zero trust' as a metaphor (small z, small t) 3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t) 4. the CMO said it needs to be somewhere on the website for SEO 5. someone told a founder to put it in the sales and/or pitch deck Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend. Segment Resources: NIST SP 800-207 https://csrc.nist.gov/publications/detail/sp/800-207/final UK NCSC ZT Guidance https://github.com/ukncsc/zero-trust-architecture USA CISA/OMB ZT Guidance https://zerotrust.cyber.gov/ DOD ZT Reference Architecture https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf Microsoft ZT Guidance https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Apr 2, 202236 min

Breaking into Cyber - Perspective from a High School - Tim Cathcart - ESW #267

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Apr 1, 202234 min

Teenage Masterminds, Hacking Civics, Journalists Sued, UPS Attacks, & Spyware - PSW #734

This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

Apr 1, 20221h 36m

State of the SOC - Mark Boltz-Robinson - PSW #734

Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general! Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

Apr 1, 202256 min

Training the Next Gen of Cybersecurity Experts to Protect K-12 Schools - Hanine Salem - PSW #734

With an alarming increase in K-12 cybersecurity attacks, districts are considering new ways to protect their students and staff. With the need to increase the cybersecurity talent pipeline, the solution to the problem is much larger than just increasing protective technology measures to keep schools safe. Schools must also be proactive in training the next generation of cybersecurity experts. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

Mar 31, 202255 min

Cyber Risk Quantification, Enterprise Security Metrics, & Fixing Hiring - BSW #256

In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Mar 30, 202226 min

Forecasting Risk - What Every CISO and CIO Needs to Know - Charlene Deaver-Vazquez - BSW #256

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. Segment Resources: https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4 https://fismacs.com/blog/ https://portal.fismacs.com/p/p-rmod4cyber https://fismacs.com/white-paper-mhp-ip4cyber/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Mar 29, 202228 min

How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190

Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what's actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. Segment Resources: - https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program - https://www.forbes.com/sites/forbestechcouncil/2022/02/14/what-organizations-get-wrong-about-developer-first-application-security/?sh=1dad6eb58e7c - https://www.tromzo.com/state-of-modern-application-security Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

Mar 29, 202235 min

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

Mar 29, 202242 min

TrevorC2 - David Kennedy - PSW #733

Check out our latest interview with our good friend Dave Kennedy! When not pumping iron Dave is hard at work understanding and implementing C2 infrastructure. TrevorC2 is a really cool framework that allows for some pretty stealthy C2 communications. Tune-in to learn more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733

Mar 26, 202243 min