
Security Weekly Podcast Network (Video)
4,876 episodes — Page 46 of 98

Securing User Connections to Applications - Jonny Noble - BSW #220
Are Secure Web Gateways doing their job to keep businesses safe in 2021? Recent survey results from ESG reveal 1 in 10 are not happy with their secure web gateway (SWG) and/or web security. Yet by 2024, the SWG market is projected to grow to 10.9 billion. As this year continues to twist and turn, complexity for an IT security professional continues to rise. Security professionals need to expect more from their security tools so they can stop running from one fire to another, and can simplify daily management. Join us to learn what you can do to get more effective threat detection and reliable, fast secure access. We'll look at ways you can cut complexity, reduce risk exposure, and improve performance with a cloud-delivered, secure internet gateway. This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw220

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154
This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw154

OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154
We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level. A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th. Segment Resources: - https://owaspsamm.org/ - https://github.com/OWASPsamm - https://app.slack.com/client/T04T40NHX/C0VF1EJGH - https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g - https://twitter.com/OwaspSAMM - https://www.linkedin.com/company/18910344/admin/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw154

ANOM Bust, Ransomware Solutions, NAC, & A PCI Deathmatch! - PSW #698
This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, How to pwn a satellite, One Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

Protecting the Attack Surface - Rob Gurzeev - PSW #698
What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to discuss why attack surface monitoring needs to run across the entire infrastructure. It's not just about open ports, but finding the assets that are exposed or exploitable, or abandoned, that create the greatest risk. This segment is sponsored by CyCognito. Visit https://securityweekly.com/cycognito to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

OpenWRT for Enterprise and Labs - Gene Erik - PSW #698
OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with enterprise level features, making it a successful product for enterprise uses. Due to the fact that it will run on many IoT platforms, including home gateways, and has an easy-to-use web interface, it is also a great platform to use to start building a lab. Segment Resources: Company Website Link: xcapeinc.com Topic Link: openwrt.org Commercial Product for Topic Link: gl-inet.com Personal CI/CD Projects Link: gitlab.com/fossdevops Personal GitLab Link: gitlab.com/geneerik Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw698

BTS of the Cyber Fight and Building a Resilient Web App Security Program - ESW #230
"Behind the scenes of the cyber fight" – talking about the good on the defender side, taking down cyber criminal supply chains, partnerships, taking down ransomware gangs. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw230

FireEye 'Fire Sale', Panaseer Security Guidance, & Infoblox 3.0 - ESW #230
This week in the Enterprise News: Proofpoint unveils people-centric innovations across its three platforms, Citrix Secure Internet Access Simplifies Hybrid Workforce Challenges, CyberArk : Advances Industry-Leading Identity Security Platform, AI-powered cybersecurity provider ExtraHop to be acquired for $900M, New Israeli Unicorn Exabeam Hits $2.4 Billion Valuation, Microsoft acquires ReFirm Labs to boost its IoT security offerings, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw230

Redefining SaaS Security so SOC/IR Teams Aren't in the Dark - Stephen Newman - ESW #230
Traditional options of acquiring network detection and response (NDR) solutions have their individual pros and cons. SaaS or On-Premises NDR solutions allow you to customize it to your environment but require costly care and feeding such as detection tuning that distracts your SOC/IR teams from hunting adversaries. If you go with a Managed NDR you have predictable costs but receive generic detections and response options in a one-size fits all model. Join Stephen Newman, VP of Product Marketing to see how ThreatINSIGHT Guided-SaaS NDR combines a purpose-built NDR platform for adversary detection and response with Gigamon SOC/IR human talent dedicated to delivering guided expertise to your security team… together closing the SOC visibility gap, removing distractions, and providing advisory guidance when it matters most. Segment Resources: https://www.gigamon.com/content/dam/resource-library/english/solution-brief/sb-gigamon-threatinsight.pdf This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw230

CMMC Program and the DIB Preparation, Part 2 - Doug Landoll - SCW #75
Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework. Segment Resources: Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/ Official Site of the CMMC Program: https://cmmcab.org/ Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw75

CMMC Program and the DIB Preparation, Part 1 - Doug Landoll - SCW #75
Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework. Segment Resources: Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/ Official Site of the CMMC Program: https://cmmcab.org/ Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw75

3 Ways + 4 Measures + 5 Approaches + 5 Myths = 17 Questions - BSW #219
In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw219

Optimize Buying Criteria to Ensure Success of Your New Security Tools - Travis Isaacson - BSW #219
CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn't be viewed as a controlling organ - then it will stall innovation and become a blocker for deploying new techniques. Implemented and evaluated correctly, new security tools should speed up the development processes and enable innovation. So how do you measure success in app sec? There are several methods that define the success of a new tool. New tools have to live up and in most instances exceed the existing solutions in place and should help developers to do their job more efficiently. Here we can discuss the relevance of pre-planning and the definition of clear success criteria to get the most out of any solution decided upon. We draw parallels to real world examples of companies that have found success by optimising the time spent on evaluating and implementing new tools. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw219

HTTP Goes QUIC, Security & Humans, Amazon Sidewalk Privacy, & Product Abuse - ASW #153
This week in the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authentication bypass postmortem, M1RACLES, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw153

API Security: Understanding Threats to Better Protect Your Organization - Daniel Hampton - ASW #153
While web application security is a highly researched topic with a lot of subject familiarity among security professionals, it's still not easy for security and development teams to navigate modern threats, and understand the differences, and more importantly, the similarities between securing web apps and securing APIs. In the endless battle to keep networks and applications safe, organizations need to rely on real-time data to better understand the differences between attacker behavior and legitimate traffic. Join this discussion with Daniel Hampton for a look inside a unified and collaborative approach to the modern tools and processes needed to monitor for and stop real-time web application and API security threats, and clarify the complexities teams often navigate. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw153

CFAA Ruling, Amazon Sidewalk, Agile Security Testing, & WordPress Plugins - PSW #697
This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware's most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

Digital Transformation's Impact On IT Asset Visibility - Sumedh Thakar - PSW #697
Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility. Segment Resources: View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38 Read our CEO's blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

Attack Surface Discovery and Enumeration - Dan Tentler - PSW #697
We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before. Segment Resources: phobos.io/orbital Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

M1 Chip Flaw, Boeing 747 Hacking, Don't Blame the Intern, & John Deere - PSW #696
This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Cybersecurity Canon - Rick Howard - PSW #696
Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021. Segment Resources: https://icdt.osu.edu/cybercanon Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Polarity's Power-up Sessions, Add an Ability in 15 Minutes - Paul Battista - PSW #696
Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability to automate search and save time. Examples include, how to write basic regular expressions, how to find exploit code faster, basics of cyberchef, or how to read a malware sandbox report. Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Metrics, Training, Culture & Cloud Security Resilience - Drew Rose, Ganesh Pai - ESW #229
Metrics, Training, Culture – Why Your Phishing Program Isn't Working - Drew Rose, Living Security Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks. This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! A New Perspective on Cloud Security Resilience - Ganesh Pai, Uptycs Cloud security, the next frontier. How do we build resilient services in the cloud and secure them. Ganesh Pai, CEO at Uptycs, joins us to discuss a new perspective on cloud security resilience. This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw229

AWS Lambda New Features, ServiceNow Integration, & Zscaler Acquires Smokescreen - ESW #229
This week in the Enterprise News, Paul and the Crew talk: Secure and monitor AWS Lamba with new, not related, features from Datadog and Imperva, ServiceNow integrates with Microsoft solutions, SentinelOne wins two awards, Reducing risk with IAM, Kemp lanches Zero Trust, AWS launches another contianer product, Zscaler acquires Smokescreen, Sumo Logic acquires DF Labs, Uptycs, Salt Security and Spec Trust secure funding... & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw229

Down With SIEM, Long Live SOAR! - Nathan Hunstad - ESW #229
SIEM tools have been the bedrock of Security Operation Centers, or SOCs, for much of the history of modern security. That does not mean that they are loved: most SIEM tools are overwrought, complex, and hard to manage. In the past few years a new category of tool has emerged: SOAR. While many teams that invest in SOAR platforms are first leveraging them for automation, Code42 Principal Security Engineer & Researcher Nathan Hunstad believes that SOAR tools are also poised to finally displace SIEM at the top of the blue team tool pyramid, and rightly so. Segment Resources: https://www.code42.com/blog/is-soar-the-new-siem/ This segment is sponsored by Code42. Visit https://securityweekly.com/code42 to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw229

SBOM, Part 2 - Allan Friedman - SCW #74
What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO? Segment Resources: ntia.gov/SBOM Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw74

SBOM, Part 1 - Allan Friedman - SCW #74
What is SBOM? Who needs to think about this? Is this required today, and what might the future of compliance look like? What is in the recent EO? Segment Resources: ntia.gov/SBOM Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw74

CISOs Struggle to Cope, Cybersecurity Metrics, & Security by Design - BSW #218
This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw218

Simplify & Accelerate Patch Management - Chris Hallenbeck - BSW #218
Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn't still in their network? Segment Resources: https://site.tanium.com/rs/790-QFJ-925/images/Tanium_SolutionPaper_DistributedWorkforce_FINAL.pdf https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw218

IIS Bug, Browsers & Androids & Supply Chains Oh My! - ASW #152
This week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw152

Bringing AppSec to a Modern CI Pipeline - Manish Gupta - ASW #152
Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers? This segment is sponsored by ShiftLeft. Visit https://securityweekly.com/shiftleft to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw152

21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery - Wheel - PSW #695
Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full remote unauthenticated code execution and gain root privileges. Segment Resources: https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

Five by Five: Why the Cyber Defense Matrix Gets Great Reception - PSW #695
Five years after Sounil Yu originally introduced the Cyber Defense Matrix at the 2016 RSA conference, he just wrapped up the third workshop based on the framework. CDM has its own website, is an official OWASP project and has a forthcoming book. We talk to Sounil today to learn more about where the CDM came from, why people find it so useful and where it might be headed in the future. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

Building a Response Strategy to Advanced Threats - Mark Bowling - ESW #228
SolarWinds SUNBURST was a rude awakening for many security teams, and it won't be the last time security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With advanced threats persisting inside the network for months, security teams need a new plan. In this session, ExtraHop VP, Security Response Services Mark Bowling discusses strategies to detect, investigate, and respond to post-compromise attack activities. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop-rsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

Unplugging the Internet, Diversity, Cyber NTSB, & Best Practices - PSW #695
This week in the Security News: Is the cyber NTSB a good thing?, Russian virtual keyboard for the win, information should be free, hang on while I unplug the Internet, security MUST be taken seriously, poison the water hole to poison the water, bombing hackers, how industry best practices have failed us?, publishing exploits is still a good thing regardless of what the studies say, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw695

All the News From RSA Conference 2021 - ESW #228
The Enterprise Security Weekly crew summarizes all the news from RSA Conference 2021, including product announcement, acquisitions, funding, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

Identity Management as a Foundation for Future-Proofing your Security - John Masserini - ESW #228
The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our data? John Masserini, Global Chief Information Security Officer at Millicom (Tigo) Telecommunications, joins us to discuss the fundamentals of an identity strategy, including identity and access management, single sign-on, multi-factor authentication, and privileged access. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw228

Building a Unified Security Fabric - Johnathan Nguyen-Duy - BSW #217
What is top of mind for CISOs in a year where cyber threats are getting sophisticated? Cross platform and cross domain visibility across LAN, WAN, Cloud, and Edge. Jonathan Nguyen-Duy, Vice President, Field CISO Team at Fortinet, shares his insights from other CISOs and the need for a unified security fabric. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw217

Unified BCDR: Why Backup Alone is No Longer Enough - Joseph Noonan - BSW #217
Data is the lifeblood of business, but now lives in more places than ever before (data centers, endpoints of remote workers, in multiple clouds, and SaaS applications), is time-consuming to manage, and is under daily attack from cybercriminals and clumsy employees. To address these challenges, IT pros need a solution that can address all workloads, provides end-to-end protection against cybercrime and human error, injects automation and artificial intelligence to simplify complex system, and empowers teams to work on more important projects that move their organization forward. This segment is sponsored by Unitrends. Visit https://securityweekly.com/unitrends to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw217

CNCF Supply Chain, Frag Attacks, Securing Webhooks, & Complexity vs. Security - ASW #151
CNCF releases a whitepaper on supply chain security, Frag attacks against WiFi devices, security webhooks, trusting terraform plans, shared credentials and app access, complexity vs. security vs. design. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw151

Third Party Software Risk on the Web - Aanand Krishnan - ASW #151
Web applications are highly dependent on third party content and JavaScript. This creates a significant set of vulnerabilities that attackers are exploiting. How do you prevent a Solarwinds type hack on your website? Segment Resources: https://go.talasecurity.io/blog/data-in-the-browser-is-data-at-risk https://www.talasecurity.io/protect/#how https://go.talasecurity.io/blog/how-i-hacked-your-website This segment is sponsored by Tala Security. Visit https://securityweekly.com/talasecurity to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw151

Executive Order, New & Old Wifi Vulns, Pipeline Hack, & Distro-Less Linux - PSW #694
This week in the Security News: President Biden issues a 34-page executive order on Cybersecurity, Did you hear about the pipeline hack?, New/Old Wifi vulnerabilities, get this Apple didn't want to talk about a malware attack that exposed users, fake Amazon review database, why ad-hoc scanning is not enough, distroless linux, wormable windows bug, codered 2.0 perhaps?, and the cryptowars continue! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw694

Attack Surface Mapping w/ AMASS - PSW #694
Learn how to use Amass to collect information about your Internet exposed assets. We'll cover usage of the configuration file (heavily), then put it altogether by integrating Nmap and a screenshot tool called Eyewitness. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw694

How Hacking Naked Changed My Life - Alex Chaveriat - PSW #694
"I hack naked" - Not my best choice of a phrase to use with a prospective client though, now that it is done, might as well go through with this terrible idea... This is the story of a kick-off call I had early in my career that revealed a truth that changed the way I present myself in professional settings. Segment Resources: https://youtube.com/alexchaveriat Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw694

Accurics Terrascan, Sophos XDR Solution, & API Security Need to Know - ESW #227
This week in the Enterprise News: XM Cyber Announces Integration with Palo Alto Network's Cortex XSOAR, API Security Lessons Learned, Cycode Raises $20 Million, HelpSystems Acquires Beyond Security, Accurics Terrascan integrates with the Argo Project, Cequence Security API Sentinel 2.0, Seclore Security24 protects sensitive data, Who's Really Behind the Colonial Pipeline Cyberattack?, Forcepoint acquires Cyberinc, Sophos launches industry's only XDR solution for endpoint, server, firewall and email security?, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw227

Chart Topping Threats – How Attacks will Rage in 2021 - Artsiom Holub, Austin McBride - ESW #227
Cyberattackers have not been slowed down by the worldwide pandemic. Phishing, cryptojacking, and trojans all continue to dominate the cybersecurity threat charts. It's critical to know what security issues are most likely to crop up within your organization and their potential impacts. The challenge is that the most active threats change over time as the prevalence of different attacks ebb and flows. Register to learn about key threat trends facing businesses like yours in 2021. We'll be joined by Data Scientist, Austin McBride, and Security Researcher, Artsiom Holub. We'll tackle tough questions and take a deeper dive into recent threats to help you craft a strategy that helps you investigate threats, simplify operations, and scale security. This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw227

Florida Water Treatment Facility Hack, and the Convergence of OT & IT - Damon Small - ESW #227
What lessons can others still learn from the attack on the Florida water treatment facility? How does this incident shine a light on cybersecurity risks associated with the convergence of OT and IT? And what can be done to mitigate these risks? Segment Resources: https://newsroom.nccgroup.com/news/insight-florida-citys-water-supply-attack-420952 https://www.cnn.com/2021/02/13/us/florida-hack-remote-access/index.html Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw227

Hot Legal Topics in Privacy and Cybersecurity, Part 2 - Erik Weinick - SCW #73
A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations. Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw73

Hot Legal Topics in Privacy and Cybersecurity, Part 1 - Erik Weinick - SCW #73
A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations. Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw73

6 Ways to Engage, 5 Key Qualities of CISOs, & 4 Actions Leader Take - BSW #216
In the Leadership and Communications section, 6 ways to spur cybersecurity board engagement, 5 key qualities of successful CISOs, and how to develop them, 4 Actions Transformational Leaders Take, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw216

The Lost Year: The Impact of the Pandemic on Web App Security - Ryan Bergquist - BSW #216
The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabillties that can negatively impact your business. Segment Resources: The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/ This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw216