PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 42 of 98

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171

Oct 26, 202138 min

Security Champions in an Online First World - Ashish Rajan - ASW #171

Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud. Segment Resources: www.cloudsecuritypodcast.tv Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171

Oct 25, 202135 min

Wild Hippos, Chrome FTP, L0phtCrack Is Open-Source, Win 11 Pentium, & Legacy Systems - PSW #715

This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cyber hygiene?, Gummy browsers, the Internet is safe now, a particular kind of crack is open-source, sysmon: Now for Linux, Windows 11 and lies, and cocaine Hippos! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw715

Oct 24, 20211h 40m

Scanning For Default Credentials With Python - PSW #715

We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, and send a Slack message if it finds anything. The initial release is here: https://github.com/SecurityWeekly/netslackbot Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw715

Oct 23, 202132 min

Evolution & Maturity of the Cybersecurity Industry - Maxime Lamothe-Brassard - PSW #715

The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the similar trend that occurred in IT for the last decade? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw715

Oct 23, 202159 min

What We've Learned From Interviewing Cybercriminals - Adam Janofsky - ESW #247

Over the last year, The Record has published several interviews between security analysts and cybercriminals. This includes representatives from REvil, BlackMatter, and Marketo. The interviews have uncovered the gangs' motivations, targets, and tactics, and have been cited by officials including White House Deputy National Security Advisor Anne Neuberger. This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw247

Oct 22, 202140 min

Query.AI, Tenchi Security, HelpSystems, CrowdStrike, & Snowcat Scanner for Istio - ESW #247

This Week in the Enterprise Security News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw247

Oct 22, 202121 min

First Jobs in Cybersecurity: The Analyst Role - Joshua Copeland - ESW #247

There are tons of cybersecurity job openings for folks with 3-5 years of experience, but where are the junior roles? How are people getting their initial 3-5 years in? Josh and the ESW hosts discuss the finer points and challenges of breaking into InfoSec via the analyst path. - As mentors: where do we struggle with our mentees? - There are a million certs and degree programs - which are worth the time and money? - How can folks learn and hone cybersecurity skills prior to getting a job in InfoSec? We've even included a handy cheat sheet full of recommendations and resources: https://securityweekly.com/wp-content/uploads/2021/10/Starting-a-Cybersecurity-Career-Cheat-Sheet.pdf This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw247

Oct 21, 202128 min

Excited About PCI DSS 4.0? What to Expect & How to Prepare, Part 2 - Chris Pin - SCW #91

We're getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they're important. And, while PCI 3.2.1 won't be retired until 2024, it's a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw91

Oct 21, 202145 min

Excited about PCI DSS 4.0? What to Expect & How to Prepare, Part 1 - Chris Pin - SCW #91

We're getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they're important. And, while PCI 3.2.1 won't be retired until 2024, it's a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw91

Oct 20, 202134 min

Building Your Zero Trust Architecture: Stronger, Simpler Access Controls - Jason Garbis - BSW #236

Zero Trust has quickly become a cybersecurity mandate and also the most abused term in the industry. The core tenants of Zero Trust are rooted in the ability to deliver secure access, which is arguably the foundation and fundamentals of any Zero Trust architecture. Hence the rise of Zero Trust Network Access and demise of legacy access solutions like VPNs. In this episode, we discuss the role of Zero Trust Network Access in strengthening and simplifying access controls for today's hybrid workforce as they connect from anywhere to multi-cloud, on-premises and even legacy applications. This includes how to reduce the attack surface due to digital sprawl and even reduce complexity for improved user-experience and operational efficiency. This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw236

Oct 20, 202127 min

Security Money - The Index Hits a Turkey (3 Records in a Row) - BSW #236

The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the public and private markets! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw236

Oct 19, 202126 min

View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170

This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw170

Oct 19, 202137 min

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170

There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier. This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw170

Oct 18, 202138 min

IoT Rickroll, Suing Over Disclosures, K-12 Cybersecurity Act, & SS7 Signaling - PSW #714

This week in the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

Oct 17, 20211h 31m

GraphQL - Sven Morgenroth - PSW #714

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

Oct 16, 2021

Open Source Endpoint Security with Osquery & Fleet - Zach Wasserman - PSW #714

The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigation on endpoints. This open-source strategy eases deployment, reduces cost, improves trust, and provides flexibility to meaningfully improve security on the endpoint. Segment Resources: https://osquery.io https://fleetdm.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

Oct 16, 202154 min

Wiz Valuation, Facebook OSS Tools, Gretel.ai, & Yubico Biometric Keys - ESW #246

In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw246

Oct 15, 202129 min

Why Less Is More for Static Application Scanning - Surag Patel - ESW #246

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security! Segment Resources: Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw246

Oct 15, 202130 min

A Plea for Better Press Releases - ESW #246

A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous, full of hyperbole, or just plain unreadable. We talk about why so many press releases are like this (there are legit reasons!) and how they could be improved. What's wrong with press releases? 1. Frivolous Press Releases 2. Unintelligible Press Releases 3. Bending the Truth 4. Excessive hyperbole; death by adjective 5. FUD Why are they like this? 1. Feeding the SEO beast 2. Written by committee 3. Need to appear successful 4. Need to show growth/progress 5. Need to differentiate from the competition 6. "if it bleeds it leads" Fixing Press Releases - When should you put out a press release? - What should go into a press release? - How should you write a press release? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw246

Oct 14, 202137 min

Social Engineering Deep Dive, Part 2 - Perry Carpenter - SCW #90

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure. Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw90

Oct 14, 202145 min

Social Engineering Deep Dive, Part 1 - Perry Carpenter - SCW #90

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure. Segment Resources: The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw90

Oct 13, 202136 min

Top Cybersecurity Statistics/Trends/Facts, Zero Trust, & Hiring Strategies - BSW #235

In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team, & more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw235

Oct 13, 202130 min

The Human Element of Security Awareness - Brian Reed - BSW #235

It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the way. Brian Reed, Cybersecurity Evangelist from Proofpoint, joins Business Security Weekly to discuss the security awareness journey and how the human elements can help motivate us. Brian will discuss how personalized content and gamification can help achieve better outcomes for organizations and the individual. This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw235

Oct 12, 202130 min

Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169

This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurity program, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw169

Oct 12, 202138 min

Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169

SBOM: What does it really tell you and the importance of having one for your organization. - Finding and fixing known vulnerabilities in dependencies and container images - Building a source of truth for packages to avoid malicious packages getting through - Combining continuous packaging and security into a CI/CD pipeline - Establishing Trust & Provenance in your Software Supply Chain - Visibility in your Software Supply Chain with upstreams and signatures This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw169

Oct 11, 202135 min

LANtennas, ESXi & Python, Twitch Leaks, Facebook BGP, & iPhone Is Always On - PSW #713

This week in the Security Weekly News: Brushing that data breach under the rug? Get sued by the US Government!, all your text messages belong to someone else, beware of the Python in your ESXi, Twitch leaks, when LANtennas attack, zero-trust fixes everything, recalled insulin pumps, Apache 0-day, you iPhone is always turned on, Apple pay hacked, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Oct 10, 20211h 34m

Up & Running With Security Onion - PSW #713

There are many options to choose from when setting up The Security Onion. The use cases are vast, including a NIDS (Zeek, Suricata), HIDS (Beats, Wazuh, osquery) and standalone instances for a SOC workstation and static analysis. I really like SO as a platform to collect all kinds of data from the network and from your systems (some even use the word XDR). Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Oct 9, 202141 min

Survey Says: Improve Your Security Posture by Purple Teaming - Dan DeCloss - PSW #713

Today Dan DeCloss, CEO of PlexTrac, joins the panel to share results from a CyberRisk Alliance survey of 315 security practitioners in the U.S. and Canada. This research, sponsored by PlexTrac, shows a correlation between purple teaming and program maturity, which emphasizes the importance of adversary emulation in today's security landscape. Tune in to get the scoop on the survey results and MUCH more! This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw713

Oct 9, 202148 min

Privacy Engineering Firms, Facebook Outages, Orca Series C, & Gravwell - ESW #245

In the Enterprise Security News for this week: Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw245

Oct 8, 202142 min

Shifty Adversaries, Shifting Tactics - Ryan Kalember - ESW #245

Once again, it is Cybersecurity awareness month and we'll be talking with Ryan Kalember about the latest threats and other activities he and Proofpoint have going on this month. When it comes to threats, some tactics aren't changing, though they're still effective. There are some notable shifts though: - Crews using Office 365 for lateral movement - FIN7 reborn - A sudden interest in exploits - Increased patience and increased focus on the individual as the key to an attack - SMB attacks look very different from large enterprise campaigns This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw245

Oct 8, 202127 min

Better Sales, Worse Relationships? - Richard Reinders - ESW #245

Sales teams are under more pressure than ever to locate and bring in new customers. The methods they use can range from clever to questionable. While some of the more ethically questionable methods can produce results, we wonder: do vendors realize what these methods could be potentially costing them? Richard Reinders joins us today to discuss how he handles one of the toughest challenges any security leader will have to face: interacting with vendors. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw245

Oct 7, 202132 min

ISO27001, Part 2 - Wim Remes - SCW #89

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this special listener requested topic! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw89

Oct 7, 202140 min

ISO27001, Part 1 - Wim Remes - SCW #89

This week we're talking all things ISO27001 with Wim Remes! We're starting with what it is, the who, what, where, when, why etc. then we'll talk about the bad and the good. Tune in for this special listener requested topic! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw89

Oct 6, 202138 min

CISA's Initiatives, Partnerships, and Cybersecurity Awareness Month - Alaina Clark - BSW #234

We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in Chief at SC Media, joins Business Security Weekly for this special interview covering: CISA's Initiatives, Public-Private Partnerships, Cybersecurity Awareness Month, and their 4th annual Cyber Summit. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw234

Oct 6, 202126 min

Medical Device Security - Dan Purvis - BSW #234

With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to discuss the challenges of embedded device security, but also the ramifications to public health. Dan will discuss how to address vulnerabilities in code and firmware, plus the importance of secrets and the software bill of materials. Segment Resources: https://www.velentium.com/cybersecurity-training?hsCtaTracking=55e5cb87-6198-4b79-8652-a7ce03738c75%7C94d6bbbb-613b-4377-a95d-b679c8acc53b Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw234

Oct 5, 202128 min

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168

In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw168

Oct 5, 202137 min

The Power of Developer-First Security - Hillary Benson - ASW #168

Developers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. We will discuss GitLab's views on what it means to provide developer-first security and see how these views manifest in GitLab's security offerings. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw168

Oct 4, 202133 min

Pickpocketing Apple Pay, Mandatory Breach Reporting, Huawei Fears, & Cyber Criminals - PSW #712

In the Security News, Microsoft adds automated mitigations for Exchange servers, Senior US cyber officials support mandatory breach reporting, 2021 has broken the record for 0days, but maybe that's a good thing? Speaking of which, Apple patches some 0days, Lithuania warns against using Huawei and Xiaomi phones, the FCC pays companies to ditch Huawei and ZTE gear, the latest on Cybercrime, UK researchers find a way to pickpocket Apple Pay, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw712

Oct 2, 20211h 27m

Defense Strategies to Combat Sophisticated Ransomware - Mehul Revankar - PSW #712

To defend themselves, companies need to detect ransomware attacks early, gather the intelligence to understand the attack, and prevent the attacks from occurring in the future. Qualys' Mehul Revankar will discuss ransomware trends, defensive maneuvers and discuss the inspiration and research behind Qualys' new ransomware exposure dashboard that provides companies with personalized plan to remediate the vulnerabilities in their environment. Segment Resources: www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw712

Oct 2, 20211h 4m

Startup Post Mortems, Live Security Statuses, LG Acquires Cybellum, & Coalition - ESW #244

In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor "live security status page", 386 startup post mortems, and don't forget to stick around for Adrian's curveball "Squirrel of the Week" story at the end! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244

Oct 1, 202136 min

The Importance of Identity Detection and Response (IDR) - Joseph Salazar - ESW #244

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security. Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf https://attivonetworks.com/what-is-identity-detection-and-response-idr/ https://attivonetworks.com/solutions/identity-security/ This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244

Oct 1, 202132 min

How Good CISOs Build Bad Security Programs - Juliet Okafor - ESW #244

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives. Segment Resources: RevolutionCyber - www.revolutioncyber.com Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw244

Sep 30, 202137 min

Compliance and "The Crowd", Part 2 - Casey Ellis - SCW #88

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw88

Sep 30, 202149 min

Compliance and "The Crowd", Part 1 - Casey Ellis - SCW #88

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw88

Sep 29, 202136 min

CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO - BSW #233

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say "No" After Saying "Yes", Decode different types of business interruption insurance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw233

Sep 29, 202125 min

Building Security from Scratch: One Year as CISO at a Start-up - Guillaume Ross - BSW #233

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge. Segment Resources: Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/ Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw233

Sep 28, 202133 min

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167

This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw167

Sep 28, 202134 min

AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167

In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, "high-priority" category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw167

Sep 28, 202137 min

Renting Your Phone, Public-Key Explained, Toilet Identification, & AutoDiscover Bug - PSW #711

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange AutoDiscover bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more! Show Notes: https://securityweekly.com/psw711 Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 26, 20211h 20m