Security Weekly Podcast Network (Video)

FORCEDENTRY implications for the BlastDoor sandbox, Spring RCE, Zlib flaw resurfaces, security for startups, verifying Rust models, two HTML parsers lead to one flaw Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

Making a positive impact to how we package software to make developer's lives easier in how they have to manage security. Segment Resources: - https://app.soos.io/demo - https://soos.io/ - https://youtu.be/Y8jvhCHGQg8 This segment is sponsored by soos.io. Visit https://securityweekly.com/soos to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because: 1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc) 2. a vendor is using 'zero trust' as a metaphor (small z, small t) 3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t) 4. the CMO said it needs to be somewhere on the website for SEO 5. someone told a founder to put it in the sales and/or pitch deck Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend. Segment Resources: NIST SP 800-207 https://csrc.nist.gov/publications/detail/sp/800-207/final UK NCSC ZT Guidance https://github.com/ukncsc/zero-trust-architecture USA CISA/OMB ZT Guidance https://zerotrust.cyber.gov/ DOD ZT Reference Architecture https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf Microsoft ZT Guidance https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general! Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

With an alarming increase in K-12 cybersecurity attacks, districts are considering new ways to protect their students and staff. With the need to increase the cybersecurity talent pipeline, the solution to the problem is much larger than just increasing protective technology measures to keep schools safe. Schools must also be proactive in training the next generation of cybersecurity experts. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. Segment Resources: https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4 https://fismacs.com/blog/ https://portal.fismacs.com/p/p-rmod4cyber https://fismacs.com/white-paper-mhp-ip4cyber/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw256

Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what's actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. It makes sense why developers view security as something that just gets in their way and slows them down. To make application security easy, we must make it developer-first. This is the future of AppSec. Segment Resources: - https://techbeacon.com/devops/5-steps-building-developer-first-application-security-program - https://www.forbes.com/sites/forbestechcouncil/2022/02/14/what-organizations-get-wrong-about-developer-first-application-security/?sh=1dad6eb58e7c - https://www.tromzo.com/state-of-modern-application-security Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

Check out our latest interview with our good friend Dave Kennedy! When not pumping iron Dave is hard at work understanding and implementing C2 infrastructure. TrevorC2 is a really cool framework that allows for some pretty stealthy C2 communications. Tune-in to learn more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733

In the Enterprise Security News for this week: Island raises another $115M to build a secure web browser, less than 2 months after raising $100M, Bionic raises $65M for application intelligence, Israeli startup HUB Security merges with a SPAC to go public on the NASDAQ at a $1.28B valuation, Cybersecurity now has 53 unicorns, which are the most interesting to follow? New data shows VCs pulling back on Series A, B, and C, but is this data any good? Over 90% of orgs had an incident tied to a third party last year, the SEC might require public companies to report hacks and hand over details, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266

Since IT network secrets unlock access to highly privileged systems and data, securing secrets is just as critical to preventing cyberattacks as securing end-user passwords. One study found that 75% of ransomware attacks involve compromised credentials – most of the time, RDP credentials. However, secrets management is a challenge for IT teams, who must mitigate secrets sprawl, hardcoded and embedded credentials, and duplicative data stores in hybrid cloud and multi-cloud environments. Keeper Secrets Manager (KSM) is a fully cloud-based, Zero-Knowledge platform for managing IT infrastructure secrets such as API keys, database passwords, cloud access keys, certificates, SSH keys, service account passwords, and any other type of confidential data. KSM seamlessly integrates into nearly any data environment, with no additional hardware or cloud-hosted infrastructure required. It offers out-of-the-box integrations with a wide variety of DevOps tools, including Github Actions, Kubernetes, Ansible and more. Segment Resources: https://www.keepersecurity.com/en_GB/secrets-manager.html This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266

In the Security News: insiders inside NASA, BIND is in a bind again, Lapsus$ is on a tear, ripping at Microsoft and Okta, anonymous hacks printers, The UEFI security rabbit hole goes DEEP, Microtik and Tickbot, Browser-in-the-Browser attacks, Nestle gets attacked for not wanting to hurt babies, just another sabotage, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733

With all of your focus and investment on 3rd party risk management, there is likely still a blind-side that remains unaddressed. It is an area that should be moved to the top of your priority list - both for its potential to cause material losses in the form of response costs and fines and judgements, and for the ease in which it can be mitigated. It is a risk introduced by the 3rd party vendors you rely upon (and the nth parties they work with) to power and enhance your website. The threat of JavaScript based attacks - click-jacking, digital skimming, formjacking, defacement, "Magecart" - exists for any organization collecting sensitive data or conducting transactions through their web properties. Attacks of this type have done damage to some of the biggest brands in the world - costing household names like British Airways tens of millions - and they happen by the hundreds per month. Already in 2022, we've seen headlines of major client-side attacks like the one that hit Segway - potentially impacting nearly a million consumers. This is an area of exposure introduced through your own code, and by your partners, that can only be addressed at the client-side. It remains widely unaddressed, as focus in website security to this point has been on securing the server side. Join us for an exploration of the threat of these attacks, real-world examples of the material impact they have caused, and dialogue on the approaches to mitigating this risk with pros and cons of each. Segment Resources: Our core whitepaper https://info.sourcedefense.com/event/client-side-white-paper-2022?leadsource=White%20Paper Blog on the blind side topic https://sourcedefense.com/resources/blog/wheres-the-blind-side-in-your-3rd-party-risk-its-on-the-client-side/ Free risk report on attendee's web properties https://sourcedefense.com/check-your-exposure/ This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw733

The uptick in cyber incidents- and in particular ransomware- offer an opportunity if not serve as a clarion call for cyber insurance industry adaptation. In short, risk transfer that meets the needs of both industry and insurers demands more effective coordination of infosec controls, more complete and continuous optics, and more robust risk modeling. Segment Resources: - https://www.linkedin.com/posts/ekenneally_cybersecurity-cyberinsurance-cyberrisk-activity-6831288006494814208-PVtE?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ransomware-a-darwinian-opportunity-for-cyber-activity-6763127736304201728-RriU?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.linkedin.com/posts/ekenneally_ai-artificialintelligence-cyberrisk-activity-6857351155295514624-Sp2j?utm_source=linkedin_share&utm_medium=member_desktop_web - https://www.dhs.gov/sites/default/files/publications/3950_CYRIE_Report_FINAL508.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw266

The most recent trends in social engineering, the latest methods attackers are using to trick their victims, and the best practices to protect your business from these evolving threats. Segment Resources: https://assets.barracuda.com/assets/docs/dms/Spear-phishing-vol7.pdf This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw255

In the Leadership and Communications section: What the Newly Signed US Cyber-Incident Law Means for Security, How to plan for increased security risks resulting from the Great Resignation, The 5 Pillars of Growth, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw255

Past research such as JNDI Injection, Unsafe deserialization, Struts RCEs - OSS security: CodeQL, Dependabot, collaboration between researchers and developers, OWASP Top Ten Proactive Controls, CVD for OSS Segment Resources: - [Write more secure code with the OWASP Top 10 Proactive Controls] https://github.blog/2021-12-06-write-more-secure-code-owasp-top-10-proactive-controls/ - [An analysis on developer-security researcher interactions in the vulnerability disclosure process] https://github.blog/2021-09-09-analysis-developer-security-researcher-interactions-vulnerability-disclosure/ - [Building security researcher and developer collaboration] https://www.securitymagazine.com/articles/97066-how-to-build-security-researcher-and-software-developer-collaboration - [Coordinated vulnerability disclosure (CVD) for open source projects] https://github.blog/2022-02-09-coordinated-vulnerability-disclosure-cvd-open-source-projects/ - [GitHub Advisory Database now open to community contributions] https://github.blog/2022-02-22-github-advisory-database-now-open-to-community-contributions/ - [Blue-teaming for Exiv2: creating a security advisory process] https://github.blog/2021-11-02-blue-teaming-create-security-advisory-process/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw189

This week in the AppSec News: A great escape isn't always as great as it sounds, Solana cryptocurrency logic isn't always as great as intended, some people's idea of "peace" isn't that great at all, and some great security suggestions for package maintainers. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw189

This week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, & \Incident Reporting Signed into Law, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw265

Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems. Segment Resources: [ Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf [Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw265

In the Security News: Secret Keys in Samsung Source Code, Conti (tries) to go legit, Cracking crypto keys with a 300 year old algorithm, CISA's must patch list, FTC fines CafePress over Data Breach, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw732

Teleseer makes cyberspace easy to see, just like watching security footage. It lets users builds interactive network maps in seconds with data they already have. We can inventory thousands of assets or protocols and show their connections in a multi-layer map. No installing agents, no scanning. Teleseer gives you the visibility to make smart cyber decisions faster. Segment Resources: https://teleseer.com https://cyberspatial.com https://www.youtube.com/c/cyberspatial Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw732

The segment will cover a brief overview of the attack surface market - what it is, why it's necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify's unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Segment Resources: https://detectify.com/external-attack-surface-management https://detectify.com/crowdsource/what-is-crowdsource This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw265

G Mark's Law states "Half of what you know about security will be obsolete in 18 months." But sometimes you have to let go to move forward. If you're the smartest person in the room, chances are you're not the boss. Let's talk about that and other dilemmas in our security career journey! Segment Resources: https://www.cisotradecraft.com https://www.gmarkhardy.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw732

In the Leadership and Communications section: CISOs are still chiefs in name only, Defining "Reasonable" Cybersecurity: Lessons from the States, Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw254

It doesn't matter how much security technology you have, how much you spend on security: security outcomes are achieved by doing all the little things right. You can spend $10M on network security technology from any vendor, but you will fail to effectively secure your enterprise if you don't properly manage the policy enforced by those firewalls. That sounds really simple, but simple doesn't scale. If you only have a few firewalls with policies consisting of tens of rules, it may be simple. But imagine an enterprise that has 2,000 firewalls, each firewall has a policy with an average of 500 rules, each rule has an average of 15 objects, each source and destination object represent an average of 50 IP addresses. This enterprise is managing, 2,000 firewalls, 1 million rules, 125 million connections, representing over 300 billion access paths. And just 1 wrong rule could expose the network to compromise. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw254

This week in the AppSec News: Dirty Pipe vuln hits the Linux Kernel, AutoWarp vuln hits Azure Automation, TLStorm hits critical infrastructure, & hacking the Mazda RX8 ECU! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw188

Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience with software development or inner workings of modern application architectures. As the world turns Digital at a rapid pace accelerated by the recent pandemic, applications become common place in our lives, providing attackers more opportunities to exploit these poorly protected applications. As such, it is important to know what is actually required to build and run software securely, and how to do application security right. Segment Resources: https://forwardsecurity.com/2022/03/07/application-security-for-busy-tech-execs/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw188

In the Enterprise Security News for this week: Google intends to acquire Mandiant HelpSystems to pick up Alert Logic - at least their 11th security acquisition in the past 3 years, Rumor that Abnormal Security could be our next security unicorn, Axonius raises a $200M Series E, A number of AppSec and cloud security startups raise their first big rounds, SEC requires public companies to report breaches within 4 days,Did we mention Google is buying Mandiant? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw264

There's a LOT of noise in the security industry. We've catalogued over 10,000 cybersecurity products and each of the companies behind these products has a marketing team, a twitter account, a blog, and a ton of content to blast at enterprise security buyers. There's an interesting connection between GreyNoise's product, founder, and principles. While building a product that filtered out the noise that wastes most security operations teams' time, Andrew was dead set against building a startup that resembled the typical security startup. We'll discuss Andrew's unique path to market, the latest features of GreyNoise, and where the lines are drawn between malicious and benign scanning. Segment Resources: GreyNoise Visualizer (free web tool for researching scanner IPs): https://www.greynoise.io/viz/query/?gnql=last_seen%3A1d GreyNoise Trends for Apache Log4j Exploit Attempts: https://www.greynoise.io/viz/tag/apache-log4j-rce-attempt Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw264

This Security News segment will include a discussion with OSHEAN CEO David Marble about the upcoming Security Conference to be held at Bryant University on March 15th. This week in the Security News: Dirty pipes, UEFI firmware flaws, strange social engineering, command Amazon devices to hack themselves, TLStorms, article 45.2 and why its a bad idea, misconfiguration leads to compromise, 10 signs of a poor leader, when power supplies attack, attacking SATCOMs, and the campus master key Segment Resources: https://www.oshean.org/events/EventDetails.aspx?id=1589105&group= Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw731

Managing firewall rule reviews, especially for PCI-DSS, can be complex but it doesn't have to be. Hear from Jeff Styles as he talks about how you can automate this process to keep you compliant and secure. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw264

Unix-like systems are growing rapidly. Sometimes we forget to learn from the past and sometimes the past haunts us. We talk about how the rapid change in Unix-like systems affected it's security state. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw731

In a world with rapidly-changing technology, it can be tempting to constantly reach for the newest, shiniest security tools/techniques at both the program management and engineering levels. But even given unusual circumstances like startup hypergrowth or Web3 applications, sometimes we should focus on more basic issues. We can learn a lot about where to start with some of these basics when thinking about recent current events, especially related to widely-reported vulnerabilities or specific security incidents. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw731

In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let's see if those align), CISO Checklist for Offboarding Security Staff, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw253

Something is seriously wrong with our current approach to cybersecurity––the more we spend, the worse the situation becomes. In an industry plagued by a chronic talent shortage, one thing is clear: simply throwing another tool in the mix isn't the path to better security. If we're going to solve the security paradox, we're going to need a cross-functional, in-depth analysis of the problem and a structured approach to fixing it. Michael McPherson joins Business Security Weekly to share tactical questions that security leaders can ask themselves and their teams in order to build a better overall approach to defense. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw253

In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw187

As the volume of API traffic increases, it becomes a greater threat to an organization's sensitive data. Motivated attackers will increasingly target APIs as the pathway to the underlying infrastructure and database. Imperva API Security is a new product that delivers rapid API discovery and data classification -- helping an organization truly protect all paths to the data, without slowing down the application development lifecycle. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw187

Finally, in the Enterprise Security News, BlueVoyant raises a $250M Series D to become security's newest unicorn (baby unicorn, awww), Balbix raises a $70M Series C, Scope Security announces a $20M Series A to specifically focus on monitoring and defense for healthcare, Palo Alto introduces a new product aiming to disrupt the SIEM market, Third Party Risk Management vendors come together to forge the one ring of standards to rule all of cyber (less forge, more rubber stamp though), Signal Science founder, former Etsy CISO, and honorary level 80 DevOps wizard Zane Lackey is now a general partner at Andreesen Horowitz (A16Z), All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

Rich joins us to discuss the differences in managing security policies between on-premises network environments and the cloud and the impacts that has on companies that are 100% cloud-based. He'll also be discussing the additional considerations that these organizations need to consider if they are considering SASE and SD-WAN to expand network access for their users. This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw730

If you are amongst the legions transitioning into a cybersecurity career, mock interviews serve as critical preparation for your job hunt. Alissa has delivered over 50 of these practice sessions over the last 4 months. Get some pointers from her on how to stand out from the crowd of entry-level applicants. Segment Resources: Alissa's class with Antisyphon InfoSec Training **Advanced Endpoint Investigations** - https://www.antisyphontraining.com/advanced-endpoint-investigations-w-alissa-torres/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw730

90% of cloud runs on Linux, but current countermeasures are focused on addressing Windows-based threats, leaving multi-cloud deployments vulnerable to attacks. So, is it any wonder that malware is propagating in multi-cloud environments under the radar? Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

We'll cover the cutting-edge recommendations in the US federal governments January 2022 memo on their "transition to zero trust". Then we'll talk about what the standard definition of "zero-trust" means in our industry, and why it doesn't mean "trust zero things". Finally, we'll chat about architectures that can get us closer to actually trusting zero things. Segment Resources: Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

In the Security News for this week: Was it Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw730

In the leadership and communications section, Answer this question to assess your leadership, Partner Across Teams to Create a Cybersecurity Culture, The Future of Cyber Insurance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw252

Ransomware developments we saw over the past year—along with a look ahead at what to expect in 2022. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw252