PLAY PODCASTS
Security Weekly Podcast Network (Video)

Security Weekly Podcast Network (Video)

4,876 episodes — Page 61 of 98

Hacking IoT Devices - Jeff Spielberg, Ryan Speers - PSW #635

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today? Importantly, security needs to be baked in while remaining lean and moving quickly towards an MVP product. Discussions will range from hardware chip selection, cryptographic protocol design, and firmware security -- both at the design and security pen test phases. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 18, 2020

What Does It Mean To Be A Hacker? - PSW #635

This is the Hacker Culture Roundtable discussion from the Security Weekly Christmas podcast marathon and features almost all of our hosts and special guests. Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem. The term purportedly originated in the 1960s, when it was used to describe the activities of certain MIT model train enthusiasts who modified the operation of their model trains. They discovered ways to change certain functions without re-engineering the entire device. These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. To the general public, a "hack" became known as a clever way to fix a problem with a product, or an easy way to improve its function. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

Jan 17, 20202h 24m

Outdated Defense Approaches - Mark Orlando - ESW #168

This week on Enterprise Security Weekly, Paul Asadoorian and Matt Alderman interview Mark Orlando on outdated defense approaches and the need to revisit traditional thinking about security operations in the enterprise. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode168

Jan 17, 202023 min

Tenable, VMRay, Tinfoil - ESW #168

This week on the Enterprise Security News segment, Paul Asadoorian, John Strand, and Matt Alderman cover the following stories: Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc, How to Create Easy and Open Integrations with VMRays REST API - VMRay, Neustar Offers Companies a Flexible Customer Identity Authentication Solution - Help Net Security, Zimperium Integrates With Microsoft Defender Advanced Threat Protection EDR - Help Net Security, PacketViper Deception360 now available for Microsoft Azure - Help Net Security, Synopsys, Inc.s Acquisition Of Tinfoil Security Global Legal Chronicle, and Say Goodbye to Windows Server 2008 and Hello to Azure. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode168

Jan 16, 202033 min

Leadership Articles - BSW #158

This week in the Leadership Articles segment of Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque cover the following articles: Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, How Corporate Cultures Differ Around the World, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds, and Forrester: Insider threats and employee rights strike tension. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode158

Jan 16, 202027 min

Security and Compliance News - SCW #13

This week in the Security and Compliance news, Matt Alderman, Scott Lyons, and Josh Marpet cover the following stories: A Risk Assessment Path to Real-Time Assurance, Culture, Integrity and the Board's Role in Guarding Corporate Reputation, Skills For the Compliance Professional in the 2020s, Four Compliance Insights For 2020 and Beyond, Compliance Officer Burnout, Why You Should Draft a Compliance Mission Statement, 3-minute Video on Big Tech Getting Into Finance, Compliance Dept is the Biggest Team at Coinsource, a Bitcoin ATM Startup, Cyber Insurance Market is HUGE!!!, Top Cyber Insurance Stories of 2019, California Rings In The New Year With A New Data Privacy Law, and Why California's Privacy Law Won't Hurt Facebook or Google. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode13

Jan 16, 202026 min

The Multiple Personalities In Compliance & Audit Engagements - Ben Rothke - SCW #13

This week on Security and Compliance Weekly, Matt Alderman, Scott Lyons, and Josh Marpet interview Ben Rothke about the multiple personalities we encounter during compliance and audit engagements. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode13

Jan 15, 202030 min

Startup Security - It's Everyone's Business - Al Ghous - BSW #158

With the growing number of Security startups, often times the need for a quick go to market supersedes developing basic Security hygiene. However, the enterprise customers that startups want to attract will not do business unless they pass their third party risk review. The question then becomes, how can startups build security within, without inhibiting their GTM strategy or increases expenditure, in order to attract enterprise customers? Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode158

Jan 15, 202029 min

Application News - ASW #91

This week on the Application Security News, Mike Shema, Matt Alderman and John Kinsella cover the following news stories: Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, Aurora, and Amazon DocumentDB (with MongoDB compatibility) Certificates. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode91

Jan 15, 202032 min

The Evolution of DevSecOps and AppSec Trends in 2020 - Hillel Solow - ASW #91

Hillel Solow is the CTO at Check Point. Much has evolved in a few short years with DevSecOps and application development and security. But just when we think we see everything clearly and have it all figured out, something new changes. Here we will discuss the unique ways organizations are leveraging serverless for their applications and how DevSecOps teams are working together to build out these architectures at a rapid pace in 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode91

Jan 14, 202036 min

Security News: January 9, 2020 - PSW #634

In the security news, Car hacking hits the streets, 4 Ring employees fired for spying on customers, MITRE presents ATT&CK for ICS, and Las Vegas suffers cyberattack on the first day of CES! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 13, 20201h 11m

The Keys to Your Kingdom: Protecting Data in Hybrid and Multiple Public Clouds - Ambuj Kumar - PSW #634

According to Gartner, 70% of businesses are adopting a hybrid cloud and multi-cloud strategy to augment their internal data centers. The challenges of protecting data and using encryption for multiple hybrid, public cloud, and on-premises environments increases complexity, cost, and security risk. As workloads and sensitive data move to the cloud, keeping cryptographic keys, shared secrets and tokens secure is critical to secure public cloud deployments and successful digital transformation. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 12, 202044 min

Improve Pen Testing Outcomes With Purple Teaming - PSW #634

Purple teaming reduces the lifespan of vulnerabilities found from pentests by facilitating knowledge transfer between red and blue teams in the remediation phase. PlexTrac provides a single interface through which red teams may report vulnerabilities and blue teams may remediate them. Visit https://www.securityweekly.com/plextrac to claim your free month of PlexTrac. Also, be sure to stop by their booth in the Early Stage Exhibit at RSA next month. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode634

Jan 11, 202057 min

RSA Conference 2020 - Britta Glade, Linda Gray Martin - ESW #167

This week on Enterprise Security Weekly Paul Asadoorian and Matt Alderman interview Britta Glade and Linda Gray Martin about RSA Conference 2020! This segment will give listeners a high-level overview of what to expect at RSA Conference 2020 and will highlight new components of content and programming like the Engagement Zone and the recently announced keynote speaker lineup. The segment will also discuss RSAC 2020's overarching theme - the Human Element - and how it will be intertwined throughout the Conference. To register for RSAC 2020 using our discount code or to book an interview with Security Weekly on-site at RSA Conference visit: https://securityweekly.com/rsac2020 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 10, 202032 min

Leadership Articles - BSW #157

This week, in the Leadership Articles segment of Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the following articles: 5 CIO and IT leadership trends for 2020, First Look: Leadership Books for January 2020, Replace Resolutions with Habits and Make Your Life Mean Something Beyond 2020, The Right Way to Form New Habits, How to Handle Speaking In Public When You're Not a Public Speaker, and 5 Questions You Can Ask to Learn About Company Culture in a Job Interview. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode157

Jan 9, 202029 min

Quantifiable Risk Metrics - Bringing Value to Your Security Program Part 2 - Ian Amit - SCW #12

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode12

Jan 9, 202026 min

Docker Container Security - Vulnerable Upon Inception - ESW #167

The Internet gives bad advice sometimes, especially when you are trying to figure out how to build container images. While you may get it to work, typically security will be left out completely. This segment will look at just one aspect of container security, specifically, the FROM directive that tells Docker which image to build from. We'll talk about how to approach this subject with your dev teams and use Anchore to review the security vulnerabilities to help you choose the most secure images! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 9, 202024 min

Enterprise News - ESW #167

This week in the Enterprise News segment, Paul Asadoorian, John Strand and Matt Alderman cover the following news stories: Pulse Secure and SecureWave Partnership, BigID raised $50 million to accelerate global sales, channel and product expansion, Tapplock introduced new enterprise fingerprint scanning padlock accessories, Cloudflare for Teams, CORRECTING and REPLACING: NetScout Wins Victory Against Patent Assertion Entity, and acquisitions including Broadcom, Symantec Enterprise Acquiring Cybersecurity Analytics Firm, Mimecast acquiring Segasec, Cloudflare acquiring stealthy startup S2 Systems. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode167

Jan 8, 202028 min

The Best and Worst of 2019 - BSW #157

This week on Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque discuss the best and worst of 2019! The best companies and performance of 2019 include Amazon, Apple, and Lululemon. The worst companies and performance of 2019 include Facebook, Boeing, and Pacific Gas and Light. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode157

Jan 8, 202026 min

Application News - ASW #90

This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs). Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode90

Jan 8, 202028 min

Quantifiable Risk Metrics - Bringing Value to Your Security Program Part 1 - Ian Amit - SCW #12

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode12

Jan 8, 202031 min

Privacy by Design - ASW #90

This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles. This discussion includes these topics: Proactive not Reactive; Preventative not Remedial, Privacy as the Default, Privacy Embedded into Design, Full Functionality - Positive-Sum, not Zero-Sum, End-to-End Security - Lifecycle Protection, Visibility and Transparency, Respect for User Privacy, and OWASP API Security Project. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode90

Jan 7, 202029 min

Security News: January 2, 2020 - PSW #633

In the security news, mysterious Drones are Flying over Colorado (watchout Mr. Alderman), 7 Tips for Maximizing Your SOC, The Most Dangerous People on the Internet This Decade, North Korean Hackers Stole 'Highly Sensitive Information' from Microsoft Users, Critical Vulnerabilities Impact Ruckus Wi-Fi Routers, & The Coolest Hacks of 2019! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 5, 20201h 3m

Diplomacy, Norms and Deterrence in Cyberspace - Chris Painter - PSW #633

Global conversations around acceptable norms of behavior in cyberspace (particularly for states), attribution, accountability, and deterrence (though we have not done well on the last one), recent attacks, and the processes that are dealing with setting rules of the road in cyberspace. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 4, 202049 min

Who is Going to Protect the Brave New Virtual Worlds and HOW? - Kavya Pearlman - PSW #633

Emerging technologies such as Virtual, Augmented and Mixed Reality are inevitably gaining momentum and helping businesses gain competitive advantage. These technological advancements are giving rise to digital transformation as well as digital risks. The bigger question is who will protect these technologies. While the world is catching up on the business aspects and the real use cases, Silicon Valley startups are already gearing up to combat the risks born alongside emerging tech's benefits. The Valley companies are utilizing the same technologies to combat the associated risks. My Quest to protect these Brave New Virtual Worlds has taken me around the world and connected me to the geniuses at Wallarm. In this segment, I will talk about WHY I believe Wallarm, XRSI and companies alike are the ones moving fast to protect the Immersive Technologies. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode633

Jan 3, 202055 min

Security History - Lessons from the past - PSW #632

The history of security can be traced back to a variety of different sources. The amount of articles on the topic is dizzying. Most will cite names of early phone phreaks, Kevin Mitnick, Kevin Poulsen, Steve Jobs, Steve Wozniak and quickly transition to many other more recent "hacks" or breaches. Our goal is to not review the history of hacking. This is the history of security. We've carefully chosen key events and research to discuss the very beginnings of security, and their impact and lessons for today's ever-evolving security landscape. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Jan 2, 20201h 13m

Security vs. Compliance - PSW #632

It was once said that if Security and Compliance were in a relationship the status would be "It's Complicated". This discussion will aim to help you understand this relationship and how it can be beneficial or a mere distraction to an organization's overall security posture. - Define "Secure" and "Compliant". - Does compliance merely raise awareness about security shortcomings? - What is the relationship between Security and Compliance? - Being Secure and being Compliant are mere points in time, how can we best develop a process to ensure we are always striving to a secure and compliant state? - How does Security impact and/or influence Compliance? - How does Compliance impact and/or influence Security? - How do you balance these extremes: "We will be Secure and ignore compliance" vs. "We will be compliant but ignore security" Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Dec 28, 20191h 1m

Holiday Hack Challenge - PSW #631

Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 26, 20191h 3m

The State of Penetration Testing - PSW #631

Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well. - What has changed in the past year with regards to penetration testing? - What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs? - How has the increased popularity of breach and attack simulation tools impacted penetration testing? - Has the MITRE attack framework impacted penetration testing? If so, how? - Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less? - With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 24, 20191h 6m

DevOps and Securing Applications - PSW #632

- Given that DevOps is a process and its execution requires many different tools, how do we get started "doing DevOps"? - What about DevOps allows us to produce more secure applications? - What concepts inside of DevOps do most people lose site of? - What are the major challenges involved in taking an application from traditional development to DevOps? - What are some of the best approaches to making an application more resilient to threats - To ORM or not to ORM? - Which services do you implement yourself vs. using a cloud service? - How do I choose the best secrets vault? - What should I use an orchestrator for and what should I not use an orchestrator for? - How do I build a secure API for my app? - Thoughts on GraphQL vs. REST security implications? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode632

Dec 23, 20191h 4m

Blue Team Tactics and Techniques - PSW #631

It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions: - How do you prioritize your defensive efforts? - How do you best detect attacks? - How do you best protect against attacks? - We always say "patch your stuff" but how often should you patch? Which systems should you patch? - What techniques work best to defend against email phishing? - How do you provide a "good enough" level of security for your Active Directory? - What are the fundamentals of defense? How do they differ per environment and organization? - How do you get management to buy-in to your security plans and spending? Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode631

Dec 23, 20191h 2m

Risk-Based Vuln. Mgmt/Threat & Vuln. Mgmt - Jason Rolleston, Michael Roytman - ESW #166

Jason Rolleston, Chief Product Officer at Kenna Security & Michael Roytman, Chief Data Scientist at Kenna Security join Paul, Matt, and Jeff on this week's episode of ESW to discuss how risk-based vulnerability management is transforming the vulnerability management industry by enabling enterprises to understand the true risk of their infrastructure and applications, saving them time and resources by prioritizing efforts around actions that reduce the most risk. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 21, 201940 min

Unify DevOps and SecOps - ESW #166

DevSecOps is all the rage, but what does it really mean? How do you achieve the integration of Security into DevOps? This segment explores the people and process challenges of DevSecOps and where to integrate security seamlessly into the DevOps pipeline. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 21, 201930 min

The Joys Of Scoping pt. 2 - Steve Levinson - SCW #11

Steve Levinsonis the Vice President - Risk, Security & Privacy at Online Business Systems. Steve's strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike. To learn more about Online Business Systems, visit: https://securityweekly.com/online Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode11

Dec 20, 201932 min

Enterprise News - ESW #166

In the Enterprise News, we talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166

Dec 20, 201933 min

Leadership Articles - BSW #156

Why Crowdsourcing Often Leads to Bad Ideas, Transforming operations for successful cloud adoption, Do You Need Charisma to Be a Great Public Speaker?, 20 Tools for More Productive Email, and Fight the skills gap with a great upskilling and reskilling strategy. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode156

Dec 19, 201940 min

The Joys Of Scoping - Steve Levinson - SCW #11

Steve Levinsonis the Vice President - Risk, Security & Privacy at Online Business Systems. Steve's strong technical and client management skills combined with his holistic approach to risk management resonates with clients and employees alike. To learn more about Online Business Systems, visit: https://securityweekly.com/online Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode11

Dec 18, 201937 min

Securing the OT - Martin Bally - BSW #156

Martin Bally is a highly accomplished senior global information security officer with more than 20 years of experience in multiple industries. Currently, he is the Chief Information Security Officer for American Axle & Manufacturing where he is responsible for Information, cyber, and product security. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode156

Dec 18, 201929 min

Binary Planting, GitLab, and DevOps Pipelines - ASW #89

Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs -- and design your app to support these types of workflows, including account recovery. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode89

Dec 18, 201939 min

API Security - Dave Ferguson - ASW #89

Dave Ferguson is the Director of Product Management, WAS at Qualys. Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers. Full Show Notes: https://securityweekly.com/qualys Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode89

Dec 17, 201932 min

Risks, Ransomware, Data Leaks, Oh My! - PSW #630

In the Security News, Reveton ransomware schemer stripped of six years of freedom, £270,000, and Rolex, Web-hosting firm 1&1 hit by almost €10 million GDPR fine over poor security at call centre, iPR Software Exposed Thousands via a Humongous Corporate Data Leak, and how the FBI assesses Russian apps may be counterintelligence threat! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 15, 20191h 18m

Backdoors & Breaches - The Card Game - PSW #630

John Strand is a Security Analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures. John will be talking about Backdoors & Breaches, the Incident Response card game. To learn more about BHIS, visit: https://securityweekly.com/bhis Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 14, 201946 min

Improving Security Requires Reducing Complexity - Jamie Butler - ESW #165

Jamie Butler is the Tech Lead at Elastic. The vast majority of breaches are not launched by nation states or foreign militaries, but individuals and cyber crime groups with varying degrees of experience, often looking for weaknesses in enterprise systems or processes. One of the primary reasons these actors are successful is the complex web of technologies deployed across enterprise networks by defenders in the search for a security panacea that does not exist. This discussion will focus on ways an organization can reduce complexity and improve security efficiency and scale. To learn more about Elastic, visit: https://securityweekly.com/elastic Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 14, 201931 min

Runtime Protection for Containers - Jorge Salamero - PSW #630

Jorge Salamero is the Director of Technical Marketing at Sysdig. Jorge enjoys playing with containers and Kubernetes, home automation and DIY projects. Currently, he is part of the Sysdig team, and in the past was a Debian developer. When he is away from computers, you will find him walking with his 2 dogs in the mountains or driving his car through a twisted road. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode630

Dec 13, 201954 min

Measuring And Maturing Security Operations Maturity - James Carder - ESW #165

James Carder is the Chief Security Officer (CSO) and Vice President at LogRhythm. Overview of our security operations maturity model (SOMM), discussion around measurement and road-map to advancing your organization's maturity level. What are mature organizations measuring, who are they reporting that to, what key uses cases are on the roadmap, etc. To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 13, 201927 min

Equifax, Data Security, & A Compliance Carol - SCW #10

Equifax nears 'historic' data breach settlement that could cost up to $3.5B, Maryland Again Amends its Data Breach Notification Law, Hidden Complexity is Biggest Threat to Compliance , Data Security Remains Top IT Concern for Small Businesses and Others, A Compliance Carol: A visit from the Ghost of Compliance Past, and more! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode10

Dec 12, 201913 min

Booz Allen, Barracuda, & Accenture - ESW #165

Barracuda launches Cloud Security Guardian integration with Amazon Detective, Booz Allen Hamilton announces support for AWS Outposts, 10 Notable Cybersecurity Acquisitions of 2019, Part 2, Sophos launches new cloud-based threat intelligence and analysis platform, and much more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode165

Dec 12, 201933 min

Orienting Younger Children to Cyber and Tech - Laura Jones - SCW #10

Laura Jones is the author of a children's book titled Cyber Ky & Tekkie Guy Manage the Risk of Being Online. She focuses on children being as 'appropriately informed' as they are comfortable with using technology. Her book introduces real terms, definitions and careers to young people. Laura joins Jeff and Scott to discuss Orienting Younger Children to Cyber and Tech! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode10

Dec 11, 201936 min

Leadership Articles - BSW #155

In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode155

Dec 11, 201932 min

The World Runs On Open-Source, But Who's Paying For Gas? - ASW #88

In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode88

Dec 11, 201930 min