
Security Weekly Podcast Network (Video)
4,876 episodes — Page 52 of 98

Cybersecurity Forecast: Cloudy With a Chance of Turbulence - Mike Lloyd - BSW #195
All our networks are hybrid now. Some old security challenges were solved by cloud migration, but we've just swapped them for some new ways to get things wrong. What's the best way forward? This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw195

Security Is a Feature - Keith Hoodlet - ASW #129
What does it take to manage security teams and security initiatives? Find out the importance of people in security, whether it's keeping a team engaged or encouraging a team to rethink how they approach security. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw129

China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129
China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw129

Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - PSW #673
In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

Proactive Security Using Runbooks - Dan DeCloss - PSW #673
Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases. This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

Abusing JWT (JSON Web Tokens) - Sven Morgenroth - PSW #673
Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers! This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw673

Why Network Detection/Response Belongs In Your 2021 Strategy - Mike Campfield - ESW #205
The sudden shift to remote work rocked IT teams around the world–disrupting systems that had been carefully designed to keep the business secure almost overnight. As remote work continues, IT teams will need complete visibility of their network more than ever. ExtraHop's Mike Campfield joins Security Weekly to make the case for why Network Detection and Response (NDR) should have a place in security strategies in 2021. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

Massive Cyberattack Spreading Across 68% of Organizations - Kevin O'Brien - ESW #205
A current and active cyberattack is spreading rapidly across organizations, propagating via open redirector domains and subsidiary domains belonging to multiple global brands. The comprehensive and multi-layered attack is delivered via phishing emails, attempting to steal corporate email credentials and deploy malware. Find out how organizations detect this attack. And, we'll discuss how this attack compares to the Proud Boys phishing campaign. This segment is sponsored by GreatHorn. Visit https://securityweekly.com/GreatHorn to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

The Benefits of Online, On-Demand Training For Teams - Mike Gruen - ESW #205
Offsite-training is expensive and inefficient. It takes key resources away from their jobs and then demands even more time from them by requiring that they then train the rest of the team on what they learned. On-demand training for the entire team through platforms like Cybrary enables leads to train and simultaneously develop training programs for the rest of the team that focus on hands-on skill development in the areas that are relevant and tailored. This segment is sponsored by Cybrary. Visit https://cybrary.it/solved to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw205

Cloud Computing Compliance: Intelligent vs Basic Automations, Part 2 - Frank Macreery - SCW #50
The conversation continues on how intelligent automations can simplify cloud computing compliance. This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw50

Cloud Computing Compliance: Intelligent vs Basic Automations, Part 1 - Frank Macreery - SCW #50
Cloud computing services have become the norm for companies — even on-prem die-hards are using hybrid models. This leads to an increased need for compliance evidence. There are more controls in frameworks like SOC 2 and ISO 27001 related to cloud computing services than ever before, which means more effort to prove compliance. Join our session to learn how intelligent automations can simplify cloud computing compliance beyond what you're doing today. This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw50

The Dark Side, CISO Transition, & Communicate in Bursts - BSW #194
In the Leadership and Communications section, The Dark Side Of Authentic Leadership, Why CISOs must be students of the business, Top IT certifications and degrees to help you advance your career, and more. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw194

How to Develop Your Cybersecurity Skills - Marie Ketner - BSW #194
Marie Ketner from Cybrary joins BSW to discuss how to develop your cybersecurity skills to address your key use cases, including: 1. Skills Development 2. On-boarding 3. Industry Certifications 4. Career Paths This segment is sponsored by Cybrary. Visit https://cybrary.it/solved to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw194

Lax IoT, Adobe Flash Croaks, Link Preview Vulns, & Security Theatre! - ASW #128
Lax IoT security exposes smart-irrigation systems, Adobe Flash goes truly end of line in one last update, confidential computing gets a turbo boost with Nitro, link previews show security and privacy problems, and security theatre gets an encore! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw128

Azure App Service & Cloud-Native Signal Sciences Deployments - Alfred Chung - ASW #128
Discussing what enterprises have to do while adapting legacy apps in to Azure, while doing in a secure, steady way without leaving any gaps. Signal Sciences site extension makes sure your apps are covered across the board, and will protect any app in Azure. This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw128

JavaScript Web Tokens, NVIDIA GeForce Experience Vulns, & Hacking Coffee Pots - PSW #672
In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

How Computer Vision Balances Thoroughness & Speed - PSW #672
Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed. This segment is sponsored by Polarity. Visit https://securityweekly.com/polarity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

Determining Vulnerability Exploitation With Real Software Activity - PSW #672
Only integrating vulnerability characteristics to determine risk leaves half the prioritization canvas empty. Observing and analyzing user interaction and other surrounding software characteristics provide the rich contextual clues to complete the picture. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672

Attacking & Defending Cloud Infrastructure - Alexi Papaleonardos - ESW #204
CrowdStrike's broad visibility into incidents at organizations from every sector, around the globe has yielded insights into current trends in security incidents related to public clouds such as AWS, Azure, and Google Cloud. In this segment we'll discuss recent trends in breaches related to use of the public cloud, and what organizations can do to better prepare and protect themselves. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

Conditional Data Access for Endpoints - Jeff Capone - ESW #204
Most folks think about using Conditional access for SaaS applications or access to specific data sources. However, once that data is accessed how do you continuously enforce conditional access "to the data" on an endpoint. This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

Blackpoint RISK, GrammaTech CodeSentry, & Fortinet Secure SD-WAN - ESW #204
Blackpoint Cyber introduces insurance for customers and MSPs, Qualys Extends Integration with Microsoft Azure Defender, GrammaTech CodeSentry now identifies third party code vulnerabilities, AttackIQ integrates with Microsoft Azure Sentinel, Aqua Security announces Kubernetes-native security capabilities and funding updates from Artic Wolf, StackHawk, Eagle Eye Networks and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw204

Logging, Monitoring, and SIEM, Oh My! - Alain Espinosa - SCW #49
Security monitoring tends to be a topic that companies either avoid, because it sounds too complicated or they tried it and were inundated with data. With proper tuning and asset clarification, security monitoring can save companies money, time and resources. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw49

Third Party Risk Assessment: What's in Your Supply Chain? - Frank Price - SCW #49
An introduction to CyberGRX and how to get companies working together safely and efficiently. Topics: - Third-party risk management and importance for your organization - The nature of bilateral relationships between vendors and enterprises - The evolution of PCI assessments This segment is sponsored by CyberGRX. Visit https://securityweekly.com/cybergrx to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw49

Board Risks, Selling Lemons, & 4 Critical Strategies - BSW #193
In the leadership and communications section, Cybersecurity, a risk to all board of directors , Is The Cybersecurity Industry Selling Lemons? Apparently Lots Of Important CISOs Think it Is, 4 critical strategies for tech leaders in Gartner's CIO agenda, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw193

Scale Your SOC: Protecting Against Browser-Based Threats - Matt Ashburn - BSW #193
Silo is a cloud-based web isolation platform that separates the things you care about from the things you cannot trust. In this segment, former CIA cyber security officer Matt Ashburn will demonstrate how Silo protects organizations from malicious web-based content, from ransomware to advanced persistent threats. We'll also see how Silo enables incident response and SOC analysts through security, managed attribution and unified insight into user behavior. This segment is sponsored by Authentic8. Visit https://securityweekly.com/authentic8 to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw193

Cyber Risk in Industrial IoT, Firefox 'Site Isolation', & Chrome 0-Day Bug - ASW #127
NSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters user testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw127

Cyber Resiliency Through Self-Healing Cloud Infrastructure - Cesar Rodriguez - ASW #127
With the increased development velocity in cloud environments, cyber resilience is now more important than ever. To achieve cyber resiliency, security needs to be codified through the development life-cycle and security controls need to be implemented through self-healing infrastructure. This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw127

Discord Vulnerabilities, Chrome 0-Day, & Severe WordPress Flaw - PSW #671
In the Security News, Testing firm NSS Labs closes up shop, stringing vulnerabilities together to pwn the Discord desktop app, a Wordpress plugin aimed at protecting Wordpress does the opposite, the FDA approves the use of a new tool for medical device vulnerability scoring, 8 new hot, steamy, moist cybersecurity certifications, and 5 things you can do to secure your home office without hiring an expert! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw671

Hackers Hitting Below The Belt - Scott Scheferman - PSW #671
In 2020 attackers are increasingly targeting firmware and hardware - going below the operating system to hide from traditional security solutions and gain persistence. Both nation state actors and criminals are exploiting vulnerable, exposed firmware on network and VPN devices, and recently a new UEFI rootkit dubbed #MosaicRegressor was found in the wild. We'll discuss how and why attackers are targeting firmware and hardware, and the steps security professionals can take to gain visibility into this attack surface and protect enterprise devices. This segment is sponsored by Eclypsium. Show Notes: https://wiki.securityweekly.com/psw671 Visit https://securityweekly.com/eclypsium to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

Sysmon Endpoint Monitoring, Now w/ Clipboard Voyeurism - Corey Thuen - PSW #671
Sysmon is a free endpoint monitoring tool published by Microsoft in their sysinternals suite. It generates process creations, network connections, file creations, DNS, and now clipboard monitoring with v12. We'll discuss what's in the events and how to easily visualize and search them with Gravwell's new Sysmon Kit. This segment is sponsored by Gravwell. Show Notes: https://wiki.securityweekly.com/psw671 Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes!

deepwatch Lens Score & Series B - Corey Bodzin - ESW #203
deepwatch formally launched its Lens Score app on October 20th. Corey joins us to discuss the app, its future, and how it helps CISOs achieve their security outcomes. Corey will also discuss the deepwatch Series B and how we plan to invest the funds. This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Prioritization to Prediction Vulnerability Research Series - Ed Bellis - ESW #203
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can't possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding on the scope of exposures and how risk informs remediation strategies This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

Prisma Cloud 2.0, Blackpoint RISK, & Tenable Lumin - ESW #203
Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203

How Backdoors Lead To Breaches & GRC Compliance Issues - David Mundhenk, Ivan Tsarynny - SCW #48
The client-side or the front end of web applications, aka 'digital user experience', actively ingests customer/user information via forms. As the web app's front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw48

Integrated Risk Management & Operational Resiliency - Steve Schlarman - SCW #48
2020 has been the perfect storm for risk management planners and practitioners. Steve Schlarman, Director of Product Marketing and GRC Strategist for RSA Archer will provide anecdotes and lessons learned about how Risk management programs have been challenged this year, and how they need to adapt moving forward. This segment is sponsored by RSA Security. Visit https://securityweekly.com/rsasecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw48

CISO Stressbusters, Infosec Hiring, & Narrowing Communication Gaps - BSW #192
In the Leadership and Communications segment, 96% of Cybersecurity Professionals are Happy With Their Roles, 4 Tips for Effective Virtual Collaboration, What's Really Happening in Infosec Hiring Now?, 5 Signs That Point to a Schism in Cybersecurity, Tactical vs Strategic: CISOs and Boards Narrow Communication Gap, and CISO Stressbusters: 7 tips for weathering the cybersecurity storms! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw192

Security Money - BSW #192
This week we update you on the Security Weekly 25 Index... Here's the companies we're tracking: Symbol Company Name SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc NLOK NortonLifeLock Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Networks, Inc. ZS Zscaler Inc PFPT Proofpoint Inc FEYE FireEye Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc SAIL Sailpoint Technologies Holdings Inc MIME Mimecast Ltd NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc SUMO Sumo Logic Inc RDWR Radware Ltd. PING Ping Identity Holding Corp Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw192

Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - ASW #126
Patch Your Windows - "Ping of Death" bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and 'BleedingTooth' Bluetooth flaw! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw126

The Future of Application Security Testing (AST) - Taylor McCaslin - ASW #126
Join Taylor McCaslin, Security Product Manager at GitLab to discuss current trends in the application security testing industry. We'll chat about where the industry is at today and discuss advances in the field and what the future might hold. We've seen an explosion of security offerings from traditional security testing vendors to general source code management platforms, we'll discuss current pain points and opportunities for developers, security experts, and executives navigating all these tools in their pursuit of building secure software. Topics will include SAST, data science, DevSecOps, "shift-left", and vulnerability management. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw126

'BleedingTooth' Vulnerability, Zoom Rolls Out E2EE, & 50,000 Cameras Compromised - PSW #670
In the Security News, Microsoft Uses Trademark Law to Disrupt Trickbot Botnet, Barnes & Noble cyber incident could expose customer shipping addresses and order history, Zoom Rolls Out End-to-End Encryption After Setbacks, Google Warns of Severe 'BleedingTooth' Low to Medium risk vulnerabilities, 5 Signs That Point to a Schism in Cybersecurity, and Using nginx to Customize Control of Your Hosted App! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw670

Democratizing & Saasifying Security Operations - Patrick Garrity - PSW #670
Threats are no longer only a concern of large sophisticated organizations and there is a continued need to democratize security operations and controls so they are accessible to organizations of any size or skill level. Security services and tools need to be plug-in play for anyone with IT skills without requiring security expertise. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw670

Prioritize This, Prioritize That, Prioritize With Context! - Roi Cohen, Shani Dodge - PSW #670
Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren't doing much to save them, either. A new advancement in threat prioritization offers relief, integrating the vulnerabilities' surrounding characteristics to identify the most severe risks. This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw670

SWVHSC Micro Interviews: CYRISMA & Mimecast - Liam Downward, Matthew Gardiner - ESW #202
Simplifying The Process Of Identifying, Assessing & Mitigating Risks: Liam Downward, CEO of CYRISMA, talks about burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People. This segment is sponsored by CYRISMA. Visit https://securityweekly.com/cyrisma to learn more about them! Get 10% off your monthly bill when you sign up! Visit: https://www.cyrisma.com Summarizing the BlackHat Threat Intelligence Report: Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastbh to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

Social Engineering Attacks Through Vishing & Phishing - Whitney Maxwell - ESW #202
Learn about some of the latest techniques attackers are using when phishing and vishing, including how to protect your users! This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

Datadog Deployment Tracking, 'Bad Neighbor' Vulnerability, & Aqua's Trivy - ESW #202
Bad Neighbor Vulnerability, FireEye Announced 'Mandiant Advantage: Threat Intelligence' SaaS-based Offering, Aqua's Trivy Now Available as a GitHub Action, Datadog adds Deployment Tracking to its APM to prevent outages related to bad code deploys, and Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw202

CMMC - SCW #47
While we're on the topic of doing business with the federal government, we'll provide an update on the goings on of Cybersecurity Maturity Model Certification (CMMC). We've invited Mike Brooks to stay with us for this conversation to talk about the status, success, (failure?) of this new program designed to provide a maturity path for cybersecurity programs of organizations wishing to conduct business with the federal government. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw47

Turning Cybersecurity Challenges Into a Competitive Advantage - Mike Brooks - SCW #47
Mike Brooks will talk to us about his transition from cybersecurity roles in the DoD to roles in the private sector. He currently works as vCISO for Abacode, a company that is providing a next-generation Managed Cybersecurity & Compliance Provider (MCCP) service. Leveraging a unified platform that automates not only security controls but compliance reporting. Mike will discuss his experiences, his views, and his take on various compliance disciplines, particularly what is required to conduct business with the federal government as well as what lends itself to automation. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw47

The 4 C's of Leadership with Michael Santarcangelo - BSW #191
In the Leadership and Communications section, we go off script. Michael Santarcangelo joins me for a discussion on leadership. I want to review the 4 C's of Leadership: 1. Culture 2. Collaboration 3. Communication 4. Cultivation Michael shares some of his approaches and ideas. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw191

Navigating Complexity: Orienting Your Security Solutions - Mike Lloyd - BSW #191
Typical security teams have 20-50 technologies, and enough staff to be expert in about 3 of them. This makes taming complexity very challenging - the short staffing is showing no signs of letting up. How do we choose which defensive technologies are truly essential? This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw191

Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - ASW #125
Redefining Impossible: XSS without arbitrary JavaScript, API flaws in an "unconventional" smart device, Facebook Bug Bounty Announces "Hacker Plus", Anti-Virus Vulnerabilities, and Chrome Introduces Cache Partitioning! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw125