
Security Weekly Podcast Network (Video)
4,876 episodes — Page 59 of 98

Work from home securely - PSW #644
The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode644

RSAC Micro Interview - SaltStack and Synopsys - ESW #176
SaltStack: Managing Configuration & Patches with SaltStack - Mehul Revankar - RSAC 2020 Offering open-source and commercial solutions for configuration, patch, and vulnerability management, SaltStack is a must-have! Mehul Ravankar provides us with details about the various products and new features including the ability to import vulnerability scan data and remediate! To request a demo with SaltStack, visit: https://securityweekly.com/saltstack Synopsys: Enabling Developers Without Negatively Impacting Their Velocity - Utsav Sanghani - RSAC 2020 Utsav Sanghani, Senior Product Manager from Synopsys, discusses the latest efforts to enable developers in ensuring that software security is accounted for in their work without negatively impacting their velocity. To get a demo of Synopsys, please visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

A holistic view of meeting compliance requirements - Part 2 - Matt Allen - SCW #21
Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a 'holistic' view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA's theme this year: 'the human factor'. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21

Enterprise News - ESW #176
Fortinet Introduces Self-Learning AI Appliance for Sub-Second Threat Detection Enterprise IT World, GreatHorn Offers Free Email Protection for 60 Days, ZeroNorth raises $10M to further expand engineering, customer support and sales, WordPress to get automatic updates for plugins and themes, and more!! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode176

A holistic view of meeting compliance requirements - Part 1 - Matt Allen - SCW #21
Compliance requirements and SecOps frameworks like NIST - checking boxes rather than a 'holistic' view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA's theme this year: 'the human factor'. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode21

Where the Law Thinks Your Data Lives - Steve Black - BSW #166
What data compliance regulations apply to a Las Vegas hospital with California patients? One major compliance fine can lead to a big financial hit and a complete loss of customer trust, so understanding 'where your data lives' and how the law shifts based on the location of data collection, storage and transfer is paramount. With no overarching federal data law, each state can (and does) require different duties from organizations that collect and keep data. A big challenge for compliance teams is figuring out which state (or states) claim your data. Unfortunately, the legal world of intangible data property is complicated and sometimes even contradictory. I will also preview my InfoSec World 2020 session - Cyberlaw Year in Review. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166

Bottlerocket, Supply Chain Casualty, DevOps Sweet Spot - ASW #100
Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1). Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100

DevSecOps / Scaling Security - Clint Gibler - ASW #100
Due to a combination of a) development teams embracing Agile and DevOps and b) that security teams are often outnumbered by developers 100:1 or more in many companies, there's been a fundamental shift in how security teams need to operate. I've spent a significant amount of time studying how security teams at companies, large and small, have attempted to adapt to this new reality. There are a number of interesting trends in how work is prioritized, continuous code scanning (static and dynamic), scaling threat modeling and detection & response, investing in secure defaults, asset inventory, self-healing cloud environments, and more. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode100

Drowning in a Sea of Alerts, CIO News, and More! - BSW #166
In the leadership and communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166

Connected devices security - Dorit Naparstek - PSW #643
Hacks performed on connected & IoT devices, such as routers, security cameras, smart meters, etc. are increasingly common, and revealing major vulnerabilities in existing security measure. This vicious cycle of hack & patch can be broken by adopting a new approach that introduces the role of flash memory in securing devices. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

Protecting Data on Employee 0wned PCs - Gabe Gumbs - PSW #643
COVID-19, among other things, has deemed it necessary for many to work from home. There are several security concerns that need to be raised, such as those who work from home still require access to data and services. How many will store sensitive information on their personal computers? How will attackers change their strategy to target those working from home? Tune in to this segment for the full discussion! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

Girls Who Hack and Secure Open Vote - Bianca Lewis - PSW #643
Girls Who Hack teaches classes primarily to middle school girls on hacking and making. Secure Open Vote is an end to end, open source election system that is in the design stages. www.BiaSciLab.com www.GirlsWhoHack.com www.SecureOpenVote.com Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode643

RSAC Micro Interviews - ExtraHop and Bandura - Corey Bodzin, Todd Weller - ESW #175
ExtraHop - Agents and logs don't play well in an IoT environment, however the network doesn't lie. Looking at the behaviors of IoT devices through the lens of the network traffic can help build an asset inventory help detect attacks. Corey Bodzin is the VP of Product Management for ExtraHop and discusses how network visibility can help with IoT security. To try RevealX Cloud for Free visit: https://securityweekly.com/extrahop Bandura - Todd Weller, Chief Strategy Officer at Bandura Cyber, provides an update on Bandura Cyber and discusses the latest trends and dynamics in threat intelligence. To find out more about Bandura Cyber, please email [email protected] Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Drink all the booze, log all the things. - Corey Thuen - ESW #175
The pain caused by bad pricing models in cybersecurity and analytics tools Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Neustar, Fortinet, WatchGuard, Panda Security - ESW #175
Neustar's enhanced UltraDNS capabilities boast greater capacity, global reach and security, WatchGuard acquires Panda Security to expand endpoint capabilities, Ping Identity launches two hybrid IT focused solution packages, and Fortinet updates FortiOS & launches next-gen firewall product! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode175

Categorization of Information Security - BSW #165
How we breakdown the categories in information security. We look at the major areas of infosec and how they relate to your security programs and the vendors/technologies in each category. Our category breakdown will be used to label each segment we produce and allow subscribers to select categories of interest! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode165

Where do you Stand? Part 2 - Winn Schwartau - SCW #20
The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode20

Where do you Stand? - Winn Schwartau - SCW #20
The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks - how to navigate compliance to promote security; for compliance folks - to expose them to the depth of research/knowledge/capabilities of the hacker community. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode20

CISOs, CVE, DevOps, Gandalf - ASW #99
CVE-2020-0688 Losing the keys to your kingdom, which is why Multiple nation-state groups are hacking Microsoft Exchange servers, Revoking certain certificates on March 4 and Why 3 million Let's Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, CISOs Who Want a Seat at the DevOps Table Better Bring Value. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode99

CISOs ready to move, How CISOs manage stress, and more! - BSW #165
In the leadership and communications section, CISOs who leave after 2 years may not finish what they start, Most CISOs ready to move jobs if something better comes along, A New Framework for Executive Compensation, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode165

Guy Podjarny, Snyk - Guy Podjarny - ASW #99
Guy Podjarny (@guypod) is Snyk's Founder and President, focusing on using open source and staying secure. Guy was previously CTO at Akamai following their acquisition of his startup, Blaze.io, and worked on the first web app firewall & security code analyzer. Guy is a frequent conference speaker & the author of O'Reilly "Securing Open Source Libraries", "Responsive & Fast" and "High Performance Images". Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode99

Tomcat, AWS Malware, Hacker Movies - PSW #642
Apache Tomcat AJP exploit, malware in AWS, hacker movies and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

Mark Cooper, PKI Solutions - Mark Cooper - PSW #642
How SHAKEN/STIR and PKI will end the global robocall problem Link to an article Mark wrote for Dark Reading: https://www.darkreading.com/endpoint/shaken-stir-finally!-a-solution-to-caller-id-spoofing/a/d-id/1336285 Link to landing page with more info: https://www.pkisolutions.com/shakenstir/ Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

Active Directory, Azure and Windows Security - Sean Metcalf - PSW #642
Active Directory & Microsoft Cloud (Azure AD & Office 365) Security, including a breakdown of Microsoft's security offerings and recommendations for cloud migrations for Active Directory. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode642

RSAC Micro Interview - Plextrac & Gravwell - Corey Thuen, Daniel DeCloss - ESW #174
Dashboards are a great way to enable junior security analysts to be more effective when trying to discover security events. Cory Thuen is the Founder and CEO of Gravwell, and they want to your logs, all of your logs. Gravwell's solution allows you to run queries and create dashboards that lead to actionable events. Cory explains how this works and even how customers are using Gravwell to collect logs on-premise and in the cloud. Vulnerabilities and exposures come from many different sources. Plextrac allows you to bring in data from anywhere and track those findings across your entire organization. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174

RSAC Micro Interview - Elastic & Rapid7 - Mike Nichols, Tod Beardsley - ESW #174
It is no secret that elections are under constant attack. Attacks take many shapes and forms, from dis-information to malware to denial of service, its all in play as adversaries look to disrupt enemy infrastructure. Tod Beardsley, Director of Research at Rapid 7 brings unique and insightful perspectives on this topic as he is analyzing data from scans of the entire Internet and monitoring over 250 honeypots.Mike Nichols, Head of Product at Elastic, discusses election security and their partnership with the DDC to offer 2020 campaigns free security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174

Enterprise News - ESW #174
News from Nozomi Networks, Code42, CrowdStrike, SCYTHE, Palo Alto Networks, Gurucul, SentinelOne and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode174

Compliance News - SCW #19
Health compliance measures to improve pandemic recovery and reduce issues, World Bank pandemic awareness, Is coronavirus not a flu?, Dear passwords: Forget you. Here's what is going to protect us instead, Cyber insurance coverage reflects a changing threat landscape, and the greatest contest ever – privacy versus security. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode19

Reflections On RSAC - SCW #19
Reflections on RSAC! Let's talk about the grand festival of infosec consumerism that is RSA Conference! Was it worth catching the Coronavirus? And if so, did you use a lime!? Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode19

InfoSec World Workshop: DevSecOps and Cultural Transformation - Dan Petit - ASW #98
Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a "deep survey" into all things DevSecOps. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode98

Ghostcat, Apache, Networks, Starliner - ASW #98
CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol. IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple's Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode98

Cool Things We Found At RSAC 2020 - PSW #641
We found some cool stuff at RSAC 2020! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Protect Ya Data - Gabe Gumbs - PSW #641
Gabriel Gumbs and the Security Weekly crew discuss strategies for protecting your data. We will explore practical use-cases for needing to manage access and protect your data as it pertains to security and compliance. Protect what matters most. Visit https://securityweekly.com/spirion for more information. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Tales From The Crypt...Analyst - Jeff Man - PSW #641
There are many myths, legends and fables in hacker history. One of the themes of these legends surrounds some of the first red team hackers working for the US Government out of NSA. The building where they worked was called "The Pit". Jeff Man sits with us for this segment to talk about, where he can, the history and events that transpired during his tenure with the NSA. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode641

Shadow Risk Elimination - Rob Gurzeev - BSW #164
This interview will cover the idea of Shadow Risk and why it's something your organization can't ignore. Specifically, we'll talk about why your security efforts have to start with mapping and managing your attack surface, how that's gotten harder with digital transformation, and how legacy approaches to addressing the problem -- including vulnerability management and penetration testing -- and even more recent approaches like Security Ratings Services, are out of touch with your IT infrastructure and, worse still, lag behind the way attackers operate. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode164

Jinan Budge, Forrester - CISO Leadership, Culture, and the Evolving Role - Jinan Budge - BSW #164
Jinan Budge, Principal Analyst at Forrester, discusses CISO Leadership, Security Culture, and the Evolving Role of the CISO. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode164

Application News - RSA Conference News and Activities - ASW #97
6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Development and DevOps Environments, and more RSA Conference News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode97

Chris Eng Interview - What's New with Veracode - Chris Eng - ASW #97
Chris Eng, Chief Research Officer at Veracode, provides an update on Veracode including 2019 growth, new product announcements, Veracode Security Labs, and booth activities at RSA Conference 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode97

Tesla Sensors, Israeli Soldiers Phished, Machine Learning - PSW #640
Nedbank Says 1.7 Million Customers Impacted by Breach at Third-Party Provider, 500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users, 5 inch piece of electrical tape can fool Tesla sensors, Israeli soldiers phished by HAMAS posing as interested women, and a simple guide to AI, Deep Learning, and Machine Learning. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Kubernetes/Container Security - Ian Coldwater - PSW #640
Ian Coldwater is the Lead Platform Security Engineer at Heroku. Ian will discuss Kubernetes and container security! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode640

Unifying SIEM And Endpoint Security - PSW #640
Elastic recently released Elastic Security 7.6 - the culmination of months of work by the security team and a monumental leap forward toward delivering a unified threat protection and security analytics solution. At the core of our solution is Elasticsearch, powering a new SIEM detection engine that automates threat detection and comes with 100+ prebuilt rules aligned with the MITRE ATT&CK framework to identify known and unknown threats. We would like to talk about these milestone features in the context of bringing SIEM and endpoint security together in a single UI. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode640

ExtraHop Customer Interview - Ben Budge, Lyle Beck - ESW #173
Ben Budge and Lyle Beck will discuss the problems they faced at Litehouse in regards to network and system monitoring and troubleshooting and how that ultimately took them to Extrahop. They will also discuss the value ExtaHop has brought to Litehouse and share some of those experiences. To learn more about ExtraHop, visit: https://securityweekly.com/extrahop Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

IBM announces RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020 - ESW #173
his week, in the enterprise news segment, IBM announces RSA Conference withdrawal, Dell Offloads RSA, 12 hottest new cybersecurity startups at RSA 2020, and lots of funding announcements. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

Red Lion is running the CTF at Infosec World 2020 - ESW #173
Scott Lyons will provide an overview of their CTF at InfoSec World 2020, including their training class, CTF 101. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode173

SweynTooth, OWASP, CRXcavator, DevSecOps - ASW #96
SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, OWASP SAMM version 2, Understanding Trusted Execution Environments and Arm TrustZone, Security Researchers Partner With Chrome To Take Down Browser Extension Fraud Network Affecting Millions of Users with a revisit to CRXcavator and a look at one of its components, RetireJS, It's the Boot for TLS 1.0 and TLS 1.1 and it's only been about six to nine years since major protocol attacks were demonstrated. How does your organization manage tech debt?, What Is DevSecOps and How to Enable It on Your SDLC? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode96

Integrated Risk Management is the New GRC - Part 2 - Jeff Recor - SCW #18
Continuation of the discussion with Jeff Recor about integrated risk management. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode18

Zero to Sixty: Making Security Programmatic and Cultural - David Sherry, Tara Schaufler - BSW #163
Our presentation in Orlando will be the rapid cultural change of security on the Princeton campus. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode163

Integrated Risk Management is the New GRC - Part 1 - Jeff Recor - SCW #18
Jeff was scheduled to be part of the 'Security vs. Compliance' Roundtable (https://securityweekly.com/shows/security-vs-compliance-psw-632-2/) recorded on Dec. 19, 2019 but got snowed out. He finally gets to enlighten us on integrated risk management. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode18

Companies Can't Sustain Privacy, Old School Paper Planner, Attracting Top Talent - BSW #163
In the leadership and communications section, Why 67% of companies fear they can't sustain privacy compliance, How Using An Old School Paper Planner Changed My Life, How to attract top talent in a competitive hiring market, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode163

Lessons Learned From The DevSecOps Trenches - Doug DePerry - ASW #96
Doug DePerry has held multiple positions in his three years at Datadog, including Director of Product Security and currently, Director of Defense. Prior to his current position, Doug lead the bug bounty program at Yahoo. Much of his 12+ years of experience in the security industry is on the offensive side, as a security researcher and consultant at Leaf SR and iSec Partners and helping establish the Yahoo red team. Prior to that he worked for various defense contractors and the US Army. Doug has presented at multiple industry conferences including Blackhat, DefCon, and multiple OWASP and DevSecCon events. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode96