PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 41 of 98

4 Things Boards Should Know, 4 in 10 Orgs Don't Have a CISO, & Creating Culture - BSW #241

In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw241

Nov 24, 202122 min

Preventing Attacks Through Risk Management & Governance - Kevin Powers, Padraic O'Reilly - BSW #241

As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age. This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw241

Nov 23, 202127 min

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

Nov 23, 202135 min

wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175

CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely. Segment Resources: - https://webassembly.org/ - https://wasmcloud.com/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

Nov 22, 202134 min

Congress Goes Cyber-Crazy, Emotet Returns, SnapAttack, & Netography - ESW #251

This week in the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

Nov 20, 202143 min

Suing Satoshi, Trojans in IDA, FBI Spam, Beg Bounties, & UPNP Strikes Again - PSW #719

This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

Nov 20, 20211h 21m

Skill Building: CTFs & Computer Fundamentals - Derek Rook - PSW #719

Derek and the hosts will discuss technologies to build CTFs as well as what types of things to consider while doing so. They will also talk about the computer fundamentals that are often undervalued when entering security. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

Nov 19, 20211h 2m

Understanding Cyber Insurance Trends & Changes - ESW #251

Jeffrey joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

Nov 19, 202134 min

The Real Costs of Ransomware in 2021, 2022, & Beyond - Mike Campfield - ESW #251

Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem––everyone from cyber insurance providers to the federal government have taken note. ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

Nov 19, 202131 min

Building Vulnerable Docker Containers (On Purpose) - PSW #719

I needed to create some vulnerable targets for testing exploits and my default password finder I wrote in Python (featured in previous episodes). I found a few useful projects, including Vulhub, that made the task of building an insecure lab environment pretty easy. I've made several additions and improvements to the available code, which I will run through in this segment. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

Nov 19, 202150 min

CISA Guidance for MSPs and SMBs, Part 2 - Chris Loehr - SCW #95

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers' networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business. Segment Resources: https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw95

Nov 18, 202138 min

CISA Guidance for MSPs and SMBs, Part 1 - Chris Loehr - SCW #95

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers' networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business. Segment Resources: https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw95

Nov 17, 202135 min

4 Attributes of a Great Leader & 5 Myths About Management & Cybersecurity - BSW #240

In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw240

Nov 17, 202128 min

Protecting Identity Services - Tony Cole - BSW #240

Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defenders for a myriad of reasons. Discussion will entail how this attitude can and should change. This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw240

Nov 16, 202126 min

PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

Nov 16, 202138 min

Mobile Application Security - Ryan Lloyd - ASW #174

Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. This segment is sponsored by Guardsquare. Visit https://securityweekly.com/quardsquare to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

Nov 15, 202132 min

Record Unicorns, SCYTHE Series A, SPAC Fails, McAfee Worth $14B, & Hashicorp IPO - ESW #250

In the Enterprise Security News for this week: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

Nov 13, 202142 min

Building a Risk Based Security Program That Actually Works - Nick Leghorn - ESW #250

Risk based security programs are all the rage, from managers looking to "trim" the security budget to regulatory bodies looking for excuses to fine your company. Nick is a security pro who has seen it all -- programs done well, programs done poorly, and implemented one or two of them himself, and would love to share the lessons learned from those experiences. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

Nov 13, 202131 min

MegatronAL on Kicking in the Door to Cybersecurity - Angela Marafino - ESW #250

I once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree in either. Turns out, that was fine - the industry valued experience and results over academic achievement. Today's guest *has* two degrees, one in fine arts, one in pre-law, and that's also fine. If there's anything I've learned in InfoSec, it's the mind that matters most, less so the degrees or certs on your wall. Angela Marafino gets cybersecurity and understands what makes it tick. Using this knowledge, she has built a personal brand, network, and career in an impressively short time. She is simultaneously mentor and mentee. Today, we'll explore Angela's path into the industry as well as some of her views on challenges, like imposter syndrome. https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome https://www.itspmagazine.com/focal-point-podcast https://twitter.com/hackerbookclub1 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

Nov 12, 202132 min

MAVSH - Sachin Mahajan - PSW #718

Over the course of 2020 and 2021 new UAV regulations and restrictions, such as Remote Identification, have threatened UAV hobbyist's ability to fly freely. These new regulations did leave hobbyists with one loophole: building a sub 250g quad. After this realization, I set out to build a sub250g quad which can be flown for fun, or as one of the first remotely accessible war-flying devices. Segment Resources: http://mav.sh/ https://github.com/0xkayn/Valkyrie https://www.youtube.com/watch?v=CJZ2gCLopyU Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718

Nov 12, 202155 min

TIPC Kernel Vulns, SBDCs, Truckloads of GPUs, & Hardcoded SSH Keys - PSW #718

This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and testing if your high! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718

Nov 12, 20211h 40m

Stalkerware Capabilities in the Real World - Lodrina Cherne, Martijn Grooten - PSW #718

Can using technology risk your personal safety? Tracking information can be shared with attackers and facilitate cyberstalking in multiple ways including key logging and screen sharing. Exploration of recent court cases and investigations will be shared and attendees will learn what resources can help individuals experiencing digital abuse at the hands of a technical adversary. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718

Nov 12, 20211h 0m

Governance, Risk, & Compliance...so What? - Part 2 - Allan Alford - SCW #94

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw94

Nov 11, 202127 min

Governance, Risk, & Compliance...so What? - Part 1 - Allan Alford - SCW #94

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw94

Nov 10, 202136 min

A CISO's Life, FOMO Is Real, & Cybersecurity's Hiring Problem - BSW #239

In the Leadership and Communications section, The First 100 Days in A CISO's Life — Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Down Cybersecurity's Hiring Problem, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw239

Nov 10, 202122 min

Reinvigorating Cybersecurity Teams - Sara Griffith, Suresh Balasubramanian - BSW #239

The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry friends. Suresh Balasubramanian Qualys CMO and Sara Griffith CISO at Euronet Worldwide will discuss the value of in-person cybersecurity events, how attending can reinvigorate teams, the benefits to sharing best practices with peers, and getting up to speed on the latest innovations in cybersecurity through conference presentations. Segment Resources: https://www.qualys.com/qsc/2021/las-vegas/ This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw239

Nov 9, 202130 min

Linux Kernel TIPC RCE, NPM Malware, OTP 2FA Bots, & Security Labels - ASW #173

This week in the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw173

Nov 9, 202138 min

A Standardized Approach to SBOM - Dan McKinney - ASW #173

In this segment, Mike and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets. This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw173

Nov 8, 202135 min

Facebook Gets Meta, Crazy Valuations, IBM XDR, & Analysts V.S Darktrace - ESW #249

In the Enterprise Security News for this week: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer, HelpSystems acquires endpoint DLP vendor Digital Guardian, Crazy valuations, Questionable statistics, Analysts shine a doubtful light on Darktrace's value, Facebook gets all Meta on us, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw249

Nov 6, 202145 min

Building Up the Blue Team - Frank McGovern - ESW #249

Traditionally, the red team has been seen as "fun and interesting", with blue team characterized as "all work, no play" in terms of cybersecurity career paths. Today we talk with Frank McGovern to explore the current state of blue teams and the importance of security policy. Not only has Frank been a practitioner his entire career, but he also built Blue Team Con, a labor of love designed to fill a significant gap in both the Chicago security events scene and across the wider cybersecurity events industry. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw249

Nov 6, 202124 min

Shrootless Bug, Statistic Stats, Trojan Source, Fake Students, & Clippy Returns - PSW #717

This week in the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw717

Nov 6, 20211h 54m

Peel Back the Layers of Your Enterprise with Security Onion 2 - Doug Burks - PSW #717

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. We've got a new container-based platform that is more flexible, more powerful, and more scalable than ever before. Join us to see how you can peel back the layers of your enterprise and make your adversaries cry! Segment Resources: https://securityonion.net https://github.com/Security-Onion-Solutions/securityonion https://securityonion.net/discuss Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw717

Nov 5, 20211h 6m

Detecting the Next Breach: How to Win the War With NSX NDR - Chad Skipper - ESW #249

When it comes to detecting the next cyber breach, would your organization pass the test? Of course, in real life, you not only need to ace the practice exam – you need to test against the real threats. So when SE Labs recently conducted the industry's first network detection and response (NDR) test against NSX NDR, they used a range of advanced persistent threats designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. And the result? VMware NSX Network Detection and Response (NDR) was able to detect every targeted attack and tracked each of the hostile activities that occurred during the attacks. Every. One. Segment Resources: https://blogs.vmware.com/networkvirtualization/2021/10/vmware-achieves-industry-first-aaa-rating-for-network-detection-response-from-se-labs.html/ https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/NDR-Solution.pdf https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-nsx-ndr-breach-response-test-report.pdf This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw249

Nov 5, 202132 min

Part 2: Scanning For Default Creds With Python - PSW #717

We've updated our script with all sorts of new features. The latest version uses the TOML configuration file format to store the vendor information and the credentials to test with. We'll focus on how to implement that as it's handy for all sorts of projects. We'll also cover some of the other updates, including testing protocols on different ports and better reporting. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw717

Nov 5, 202134 min

Security Industry Burnout, Part 2 - Rick McElroy - SCW #93

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the 'Great Resignation'), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality. Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw93

Nov 4, 202136 min

Easy Ways for Businesses to Become More Resilient - Kyle McNulty - BSW #238

More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break a deal. Kyle will break down key strategies to secure your small company with limited time and resources. Segment Resources: https://podcasts.apple.com/us/podcast/secure-ventures-with-kyle-mcnulty/id1545294976 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw238

Nov 3, 202127 min

Security Industry Burnout, Part 1 - Rick McElroy - SCW #93

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the 'Great Resignation'), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality. Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw93

Nov 3, 202136 min

10 Questions, 5 Personality Traits, & 3 Security Priorities - BSW #238

This week, in the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support the New Hybrid Workplace, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw238

Nov 3, 202126 min

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172

This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw172

Nov 2, 202139 min

Untangling API Security in 2022 - Peter Klimek - ASW #172

Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw172

Nov 1, 202137 min

Market Analysis With a VC - Introducing Will Lin - ESW #248

In our news segments, we often discuss and explore the ever-expanding vendor landscape. Funding rounds are getting huge, we're seeing upwards of 40 acquisitions each month - there's a lot of money and activity in the enterprise cybersecurity market. This is going to be a quarterly, recurring segment, in which we bring on a VC to provide an investor's point-of-view on all this activity. It's hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw248

Oct 30, 202140 min

Iranian Gas, Smelly Towns, View Source Legality, EBCDIC & GDPR, & Unlocking Oculus Go - PSW #716

This week in the Security News we talk: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw716

Oct 30, 20211h 33m

Piiano, Scanning Your Eyes, Rainbow Unicorns, Netflix Execs, & Yeast Milk - ESW #248

In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, A silicon valley entrepreneur wants to scan your eyes, All that and don't forget to stick around for the squirrel story on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw248

Oct 30, 202144 min

What Exactly Is an Incident Commander, Anyway - Matt Linton - PSW #716

You may have seen the term "Incident Commander" in discussions about incident response, but do you know where that term came from and what it means? How can professionalizing your incident response using proven disaster management methodology up your game? Matt Linton is an experienced Emergency Responder and USA Region lead of Google's Security Response team. For the past decade he's been working on bringing the lessons learned from physical disaster management into the digital forensics and incident response realm. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw716

Oct 29, 202154 min

Decrypt As If Your Security Depends On It - Jamie Moles - ESW #248

Use of encryption is on the rise: both by cyber defenders and the attackers they're tasked to defend against. Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender's line of sight. ExtraHop's Jamie Moles, Senior Technical Marketing Manager joins Enterprise Security Weekly to discuss the various techniques attackers are using to cover their tracks using encryption, addresses common objections about decryption, and makes the case for decryption as a path toward faster, more confident defense. Jamie shares a demonstration of how the ExtraHop Reveal(x) network detection and response platform securely decrypts network traffic in order to successfully halt a breach in progress. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw248

Oct 29, 202138 min

Focusing on Preventing Ransomware - Roger Grimes - PSW #716

A good backup is not prevention. Its recovery. Roger A. Grimes, author of the just released Ransomware Protection Playbook (Wiley), and author of 12 other books and over 1100 articles on computer security is going to discuss how sophisticated ransomware is today, how it usually breaks in, what it does, and what every person and organization should be doing to stop it. Hint, it doesn't involve firewalls, antivirus software, or any other super special software supposedly designed to stop every attack. Come get the straight dope in what you and your company should be doing to prevent ransomware from getting a foothold into your environment…from the guy that wrote the book on it. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw716

Oct 29, 202148 min

Mapping Across an Ocean of Security Frameworks, Part 2 - Thomas Sager, Tony Sager - SCW #92

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world examples, and some real-life problems. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw92

Oct 28, 202135 min

Mapping Across an Ocean of Security Frameworks, Part 1 - Thomas Sager, Tony Sager - SCW #92

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world examples, and some real-life problems. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw92

Oct 27, 202136 min

Board Tips & Tricks, Security Culture, & Zero Trust Myths - BSW #237

In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myths and misconceptions, & more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw237

Oct 27, 202128 min

Fight Fire With Fire: Proactive CyberSec Strategies for Security Leaders - Renee Tarun - BSW #237

With today's expanding attack surface, constantly evolving threat landscape, and growing cyber skills gap, cybersecurity leaders need actionable advice from seasoned peers more than ever. Renee along with a diverse group of accomplished experts in cybersecurity has created a book of collective learnings that brings together years of experience so that anyone in the field can leverage this insight in the face of the cyber threats and "fires" of today and tomorrow. This interview will focus on some of the takeaways and learnings. Segment Resources: https://www.barnesandnoble.com/w/fight-fire-with-fire-renee-tarun/1139924071 This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw237

Oct 26, 202129 min