Security Weekly Podcast Network (Video)

In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a need for a customized identifying threat process. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw678

When you roll-out the Mimecast Awareness Training best practices to your organization and embrace your employees, you will achieve something magical - employees who become an extension of your security team. Remember security is a team sport which requires the hearts of your employees and the minds of all. So, when do you that you're successful? One, would be when your employees recognize threats and share it with others in the office to not click on malicious items, creating community defense. The other, is when your employees are taking their best practices home to train their families. More importantly, it is when your company as a whole is excited about cyber security and see it as an enabler and fun! This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw211

As organizations come to terms with continued uncertainty in 2021, Martyn will discuss the importance of hybrid network visibility in building an IT infrastructure that can meet the needs of this environment. Specifically, how visibility is the key to supporting and securing the fluid workforce in the post-COVID world even with budget constraints and limited resources. This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw211

This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw211

We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw56

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching "PCI" context to this discussion. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw56

For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult 2020 and discuss the changes we'll make in 2021 to be better leaders. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw200

How are CISOs of the Global 500 automating risk and compliance assessments by 90%, saving millions of dollars per year, and creating a unified strategy around cyber risk in the wake of Digital Transformation? Those on the cutting-edge of risk and compliance see a massive opportunity to ingest the telemetry coming from the security tech stack to bring a new level of automation to control compliance and risk management across all frameworks and standards. In this segment, we discuss how COVID-19 and rapid Digitalization have pushed risk and compliance teams to innovate internally, and how they're doing so with real-life examples. How is it even possible to eliminate nearly all manual effort around IT GRC? What is the latest strategy behind cross-walking frameworks and dynamically lighting up controls in an environment? You'll learn how some of the largest organizations in the world are proving compliance in real-time, empowering their teams to manage even the most unprecedented risks, and how risk and compliance programs get a clear view into risk likelihood, impact, solution-cost modeling and more. Listen in if you too are working to transform your cyber risk and compliance program to support Digital Transformation. This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaintsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw200

FireEye shares supply chain subterfuge, researchers show repeated mistakes in TCP/IP stacks, Google open sources Python fuzzing, Cisco and Microsoft patch their patches for vulns in Jabber and printer modules. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw134

We built OSS Teleport to provide a Unified Access Plane that consolidates access controls and auditing across all environments - infrastructure, applications, and data. This segment is sponsored by TelePort. Visit https://securityweekly.com/teleport to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw134

Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology? This segment is sponsored by Innocent Lives Foundation. Show Notes: https://securityweekly.com/psw677 Visit https://securityweekly.com/ilf to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions. This segment is sponsored by RiskSense. Show Notes: https://securityweekly.com/psw677 Visit https://securityweekly.com/risksense to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments. This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed. This segment is sponsored by Polarity. Visit https://www.polarity.io/esw to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw210

These days, we're all learning about human immunology from the headlines. What are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don't really have a network immune system? This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw210

This week in the Enterprise News, How Kali Linux creators plan to handle the future of penetration testing, Tenable founders launch cybersecurity foundation to hand out grants, FireEye cybersecurity tools compromised in state-sponsored attack, Bitdefender launches cloud-based endpoint detection, response platform for companies, and Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw210

We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick "Flee" Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square. We'll spend some time getting to know Flee and his background, pepper him with questions, talk shop, all the while engaging in the usual mayhem. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw55

In this segment, we discuss how COVID-19 and rapid Digitalization have pushed risk and compliance teams to innovate internally, and how they're doing so with real-life examples. How is it even possible to eliminate nearly all manual effort around IT GRC? What is the latest strategy behind cross-walking frameworks and dynamically lighting up controls in an environment? You'll learn how some of the largest organizations in the world are proving compliance in real-time, empowering their teams to manage even the most unprecedented risks, and how risk and compliance programs get a clear view into risk likelihood, impact, solution-cost modeling and more. This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaintsecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw55

In the leadership and communications section, Darth Vader Week - Leadership from the Dark Side, Compassionate Leadership Is Necessary — but Not Sufficient, 3 Steps to Run Better and More Effective Meetings, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw199

When the COVID-19 pandemic suddenly forced the global workforce into remote work, many wondered if we'd ever go back to the office. While some businesses have announced the option for 100% remote work, the vast majority of businesses will likely allow or encourage employees to alternate their work between home and office. However, shifting between the home and corporate networks could cause a new breed of security challenges. Sri Sundaralingam joins Security Weekly to discuss the challenges of hybrid workforce and what security professionals should start thinking about as they begin planning for a return to the office in 2021. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw199

An old security bug in the Play library still affects 8% of apps in Google Play, Project Zero researcher spends six months to reboot an iPhone (in an epic manner), GitHub looks at the security of repos within its Octoverse, the OWASP Web Security Testing Guide gets a minor bump, and XS-Leaks get more attention. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw133

Mike Manrod, CISO of Grand Canyon University, joined by John Delaroderie, Security Solutions Architect at Qualys, will discuss his approach to web application security with an emphasis on improving knowledge of web application vulnerabilities and the external attack surface, and his approach to reducing the number of opportunities an attacker has to compromise our information and infrastructure. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw133

Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

Ensure all your data is secure, without impacting the business. This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

More computers, more software, and faster development cycles lead to more vulnerabilities. The security and IT teams are put under immense pressure to tackle the growing number of vulnerabilities with the same old tools that can't keep up with the requirements. New technologies emerged to bridge that gap and allow the security team to solve the whole problem, end-to-end, in a seamless manner. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw676

How bad is the diversity problem in the Cybersecurity industry? Have we made any progress or is it all talk? In this special Enterprise Security Weekly segment, we are joined by industry professionals to learn where have we been, where do we need to be, and how do we get there? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw209

Before you go picking technologies, you have to have a plan. How does one create that plan? Ferruh will focus on some concrete steps to create an AppSec plan using Netsparker's simple framework. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw209

This week in the Enterprise Security News, securing Amazon EKS, Attivo Networks announces a new integration, a cloud security mapping startup comes out of Stealth, recent funding announcements from DefenseStorm, GoSecure, EclecticIQ and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw209

We're taking on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. We continue our discussion in the 2nd segment, but turn our focus on suggestions of how to fix the problem. We can all do something, join us and find out what you can do! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw54

We're going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He's also co-founder and CEO of a company called ByteChek whose tagline is "We Make Compliance Suck Less" so I think we're in store for a fascinating discussion. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw54

In the leadership and communications section, Your Title Doesn't Make You a Leader, The New Nine to Five: How Traditional Hours Are Holding Your Business Back, Building a Better Workplace Starts with Saying "Thanks", and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw198

App, User, and Data, but it's all about the data! Discovering and classifying data to protect it is tough. What if you can protect all of your data? Jeff Capone, CEO and Co-founder at SecureCircle, joins us to discuss how to protect all of your data and stop asking "Where's your data?". If we can protect everything, who cares where it is, as you continue to maintain control! This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw198

Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw132

The security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw132

Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don't factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw208

It's widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We'll talk through the benefits and drawbacks of each and explore why Microsoft's director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw208

This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry's first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw208

Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we'd bring it up as a compliance topic. We'll define what we're talking about when it comes to Cyber Credit Scores - what they are intended to do and for whom. Then we'll pick it apart, SCW style! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw53

The rapid shift to distributed work, along with radical changes in human behavior, is expanding digital risk for organizations and creating new opportunities for malicious actors. As such, organizations are rethinking how they define trust in securing critical data and resources. This interview will cover how capabilities and trends, such as XDR and passwordless authentication, are empowering organization to "never trust" and "always verify" leveraging unprecedented visibility and insight to protect what matters most. This segment is sponsored by RSA Security. Visit https://securityweekly.com/rsasecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw53

In the Leadership and Communications segment, we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw197

Key Points: Being Strategic is vital and relevant to a successful Cybersecurity Program Understanding Organization Status of controls in real-time is a competitive advantage Cybersecurity tools are tactical – Risk Management is strategic Connecting Cybersecurity to Risk Management ensures to business goals and objectives are maximized to achieve corporate success Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw197

In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw131

We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw131

In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems. This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

Jamie and Karsten join us for a discussion about recent attack trends, threat actors, and campaigns carried out by malicious threat actors. Everything from gift card scams to the latest techniques used by attacks for successful phishing campaigns! This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675

Osquery has grown in popularity because of its broad applicability in enterprise environments. In this tech segment, Ganesh Pai and Julian Wayte from Uptycs will talk about how organizations are using osquery to solve thorny problems such as fleet visibility, compliance and audit, and threat detection and investigation (including MITRE ATT&CK coverage). This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw207

The recent surge of ransomware attacks has highlighted a shift in tactics employed by threat actors looking to extort organizations. Their methodology has changed from a quick, opportunistic attack to a prolonged, targeted approach. This shift in methodology presents threat groups with the opportunity to encrypt more critical data, but also presents security teams with the opportunity to detect activity before data is encrypted. In this talk we'll explore how this allows security analysts to use network detection and response capabilities to discover malicious activity between initial compromise and encryption. This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw207

In the Enterprise News, the all new AWS Network Firewall, Zero Trust for kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw207

We're continuing the discussion with Adrian Sanabria and exploring if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw52