Security Weekly Podcast Network (Video)

Apple's new M1 systems offer a myriad of benefits for both macOS users, and unfortunately, to malware authors as well. In this talk Patrick details the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw708

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the 'greatest DDoS attack in history', SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child. Segment Resources: The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory. Segment Resources: - https://www.deciduous.app/ - https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/ - https://swagitda.com/blog/posts/deciduous-attack-tree-app/ - https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw240

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw84

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: https://securityweekly.com/isw2021 Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw84

This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs' 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw229

Ben Carr, Qualys CISO, joins Business Security Weekly to share his views on the evolving role of the CISO. He'll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw229

This week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163

Open Source is the new mainstream of software development. However not much attention is paid on security in the upstream community for creating robust and secure software. At the LF, we are working on some initiatives and tools to help bridge the gap between functional and secure code, so that the benefits flow downstream to all users of OSS. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163

Shifting security left is good - but it's an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of breach by embracing the modern AppSec techniques, that will allow development, operations and security teams to work together in order to efficiently and effectively secure all of their applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

The Qualys Research Team discovered a size_t-to-int type conversion vulnerability in the Linux Kernel's filesystem layer affecting most Linux operating systems. Any unprivileged user can gain root privileges on a vulnerable host by exploiting this vulnerability in a default configuration. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation. Other Linux distributions are likely vulnerable and probably exploitable. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

In the Security News for this week: Buffer overflows galore, how not to do Kerberos, no patches, no problem, all your IoTs belong to Kalay, the old pen test vs. vulnerability scan, application security and why you shouldn't do it on a shoe string budget, vulnerability disclosure miscommunication, tractor loads of vulnerabilities, The HolesWarm.......malware, T-Mobile breach, and All you need is....Love? No, next-generation identity and access management with zero-trust architecture is what you need!!! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure. This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

The security industry spends a lot of time talking about the tools of the SOC, especially around making the SOC more 'autonomous'. But is this really what we need? Allie is also presenting "How to effectively manage XDR" at Maintaining Endpoint Security: New opportunities and new risks (SC Media Virtual Event) on August 24, 2021. Register Now: https://www.scmagazine.com/virtual-conference/maintaining-endpoint-security-new-opportunities-and-new-risks Segment Resources: https://go.forrester.com/blogs/stop-trying-to-take-humans-out-of-security-operations/ https://go.forrester.com/blogs/ransomware-survive-by-outrunning-the-guy-next-to-you/ https://go.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://go.forrester.com/blogs/top-5-lies-security-vendors-tell-about-the-siem/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw239

The "cybersecurity skills gap" is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecurity, but they never get the chance. Hiring managers and gatekeepers are simply unwilling to train and mentor the next generation of cybersecurity professionals, and this hurts our profession immensely. We're fighting an asymmetric war, in which one bad actor can attack multiple companies and industries. We simply don't have enough defenders and good guys in the trenches, and we need more fighters. The more fighters we have, the better chance we have at winning. Segment Resources: cybersecuritygatebreakers.org Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw83

The "cybersecurity skills gap" is a myth. There is no skills gap. There are tens of thousands of amazing, highly intelligent, passionate people around the world looking to break into cybersecurity, but they never get the chance. Hiring managers and gatekeepers are simply unwilling to train and mentor the next generation of cybersecurity professionals, and this hurts our profession immensely. We're fighting an asymmetric war, in which one bad actor can attack multiple companies and industries. We simply don't have enough defenders and good guys in the trenches, and we need more fighters. The more fighters we have, the better chance we have at winning. Segment Resources: cybersecuritygatebreakers.org Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw83

This week, in the Leadership and Communications section, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw228

Ransomware attacks have surged in 2021, with the number of attacks increasing dramatically and ransom amounts continuing to skyrocket. Cybercriminals are also expanding their targets, shifting their focus to our critical infrastructure and evolving into deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation. In the past 12 months, Barracuda researchers have identified and analyzed 121 ransomware incidents, a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw228

This week in the AppSec News: Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should log, adding security to DevOps, & manipulating natural-language models! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162

DevSecOps is an aspirational vision for many teams. With a number of macro changes occurring in modern application development, this segment will explore what tangible, practical things can be done today by security teams that add immediate value. This segment is sponsored by DisruptOps. Visit https://securityweekly.com/disruptops to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162

This week in the Security News: Accenture gets Lockbit, $600 million in cryptocurrency is stolen, and they've started returning it, Lee and Jeff's data is leaked (among other senior citizens), authentication bypass via path traversal, downgrade attacks, Apple's backdoor, super duper secure mode, re-defining end-to-end encryption and how that doesn't work out, pen testers file suit against Dallas County Sherriff's department, Fingerprinting Windows, double secret quadruple extortion, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Mythic is an open-source, multi-platform framework for conducting red team engagements. This talk will cover the automated deployment of a Mythic server, developing new "wrappers" to extend the framework, and modifying public payload types to evade signature-based detections. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

Joe will discuss his upcoming Book, "Practical Social Engineering" in addition to OSINT. He is primarily passionate about OSINT and adjacent forms of Intelligence, but will need to discuss some social engineering (conducting it or defenses). He will also mention the Trace Labs OSINT Search Party competitions (he won his 2nd one last weekend at DEFCON). Segment Resources: https://www.theosintion.com https://wiki.theosintion.com http://discord.theosintion.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw706

The reason our founder started Detectify is that they wanted to automate hacker knowledge and make it scalable. This is very different from how most hackers work today and what we believe will revolutionize hacking. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Tony "TJ Null" from Offensive Security will discuss the role of the community in learning infosec, particularly pentesting, and also in continuing education. Additionally, he will offer some practical tips on learning pentesting with help from the community. This segment is sponsored by Offensive Security. Visit https://securityweekly.com/offSec to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw238

This week in the Enterprise News: Latent AI, Optiv Security Launches Next-Gen Managed XDR, An Intriguing Update to Mandiant Advantage, ReversingLabs raises $56M to combat software supply chain, Morphisec Announces New Incident Response Services, & more! Show Notes: https://securityweekly.com/esw238 Visit https://www.securityweekly.com/esw for all the latest episodes!

As we dig into vulnerability management we uncover both old and new challenges. We still struggle with developing and maintaining an accurate asset inventory. We also, still, struggle to prioritize and execute remediation. There are many new approaches to solving these problems, from ad-hoc scanning to automation of all the things. Get our take on vulnerability management in this segment! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw238

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

Protecting digital communication and collaboration is critical to both our military and private sector industries in driving mission success. Our ability to secure the local and remote systems we rely on to share and operationalize sensitive and confidential information to and from even the most remote location is vital to national security and our economy. Unfortunately, our adversaries know this and are dedicated to infiltrating, exfiltrating, and disrupting this flow of information. They are highly motivated, well-funded, trained, and equipped, and work relentlessly to find exploitable technical or human vulnerabilities. Join Matt Erickson, VP of Solutions for SpiderOak Mission Systems to discuss the looming threats to federal and private sector communication and collaboration systems, the consequences of failure, and how emerging technologies such as Zero-Trust and Distributed Ledger can harden our defenses and protect our most valuable data. This segment is sponsored by SpiderOak. Visit https://securityweekly.com/spideroak to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw82

In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company's products?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw227

Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including: 1. Setting Expectations 2. Hiring Talent 3. Retaining Employees Visit https://www.securityweekly.com/bsw for all the latest episodes!a Show Notes: https://securityweekly.com/bsw227

This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges. Segment Resources: - Sign up for updates and be the first to know about Detectify API scanning open beta: https://www.detectify.com/api - Blog post announcing Detectify's plans to expand scanner to fuzz public-facing APIs: https://blog.detectify.com/2021/08/03/detectify-fuzzing-public-facing-apis/ This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161

This week in the Security News: PwnedPiper and vulnerabilities that suck, assless chaps, how non-techy people use ARP, how to and how not to explain the history of crypto, they are still calling about your car warranty, master faces, things that will always be true with IoT vulnerabilities, DNS loopholes, and a toilet that turns human feces into cryptocurrency! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

With Eclypsium researchers' discovery of BIOSDisconnect and their upcoming talk and demo at DefCon 29 upon us, the stakes have never been higher when it comes to protecting the foundation of computing at the firmware level. A feature meant to make updating and protecting the firmware easier for users (BIOSConnect) ends up exposing the BIOS to being bricked or implanted with malicious code operating at the highest privilege. Yet another example of the significant vulnerabilities that exist at the firmware level that attackers have been eyeing of late. Segment Resources: https://defcon.org/html/defcon-29/dc-29-speakers.html#shkatov https://eclypsium.com/2021/06/24/biosdisconnect/ https://eclypsium.com/2021/04/14/boothole-how-it-started-how-its-going/ https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

In the Enterprise News, Armis Identifies Nine Vulnerabilities in pneumatic tubes, Corelight Introduces Smart PCAPs, SolarWinds disputes lawsuit, Code42 and Rapid7 Partner, and more news from this week at BlackHat 2021! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

The RF Hackers Sanctuary is a group of experts in the areas of Information, Wifi, and Radio Frequency Security with the common purpose to teach the exploration of these technologies with a focus on security. We focus on teaching classes on Wifi and Software Defined Radio, presenting guest speakers and panels, and providing the very best in Wireless Capture the Flag games to promote learning. Segment Resources: https://rfhackers.com/ [email protected] https://discordapp.com/invite/JjPQhKy https://rfhackers.com/blog Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw705

Ransomware is flourishing and our endpoints are scattered outside the corporate network. Visibility is a challenge in this age of decentralized corporate assets. Our discussion today will explore the problem from two sides. On the endpoint, where much of the battle against ransomware tends to be fought, is prevention a lost battle? Regardless of hopes for better prevention, it is clear that the ability to detect and respond is as important as ever, so we'll discuss how security operations should be positioning themselves. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

Exfiltrate. Encrypt. Exploit. In 2021, ransomware attackers moved beyond exfiltrating and encrypting data to extract a ransom, working to compromise the victim's build server to introduce an exploit through which to launch large scale attacks. VP of Cloud Security Matt Cauthorn joins Security Weekly to walk through the lateral movements these attackers use to pull off the Cyber Hat Trick. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw237

In the Leadership and Communications section for this week: 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, state of cybersecurity survey results, destigmatizing reporting security vulnerabilities and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw226

The IT and operational technologies of critical infrastructure are under attack. The "general expectation" from the public and lawmakers is "fix it already" but we will discuss why this expectation is yet to be fully met. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw226

This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw160

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ - https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/ - https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal - https://chipsec.github.io Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw160

This week in the Security News: From a stolen laptop to inside the company network, the essential tool for hackers called "Discord", fixin' your highs, hacking DEF CON, an 11-year-old can show you how to get an RTX 30 series, broadcasting your password, to fuzz or not to fuzz, a real shooting war, evil aerobics instructors, the return of the PunkSpider, No Root for you, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being aware of the widening attack surface due to an inter-connected world of cyber-physical security. • The critical need to have the right solutions in place to thwart bad actors from gaining access to a physical system. • The security considerations organizations, specifically in the healthcare and critical infrastructure sectors, should address to circumvent cyber-physical attacks. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw704

This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236

Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Stephanie Aceves, Threat Response SME Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same. For folks interested in a trial of Tanium, check out https://try.tanium.com/ To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group or find us on Slack: https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw236