Security Weekly Podcast Network (Video)

To prepare for DEF CON and Black Hat, Paul and Matt talk about Evaluating Security Vendors! Full Show Notes: https://wiki.securityweekly.com/ES_Episode147 Visit https://www.securityweekly.com/esw for all the latest episodes!

Todd Fitzgerald is the Managing Director/CISO/Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC. Todd will be discussing his book, the CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode138 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!

In the Leadership and Communications segment, Leading with Trust, Portrait of a CISO, roles and responsibilities, Cybersecurity Risk: What does a "reasonable" posture entail and who says so?, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode138 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!

In the Security News, a phishing scheme that targets AMEX cardholders, the list of labs affected by the American Medical Collection Agency data breach continues to grow, a Silk Road drug dealer gets caught converting Bitcoin to cash, how GDPR is forcing the tech industry to rethink Identity Management and Authentication, and a Mirai-Like botnet wages massive application layer DDoS attack! Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Troels Oerting is the Head of the Global Centre for Cybersecurity established by World Economic Forum in 2018. Troels talks about Security, Privacy, Integrity through Prevention, Protection and Prosecution via People, Tech and Processes. Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about the Intro to Sense of Security, DDoS in 2019, New trends, and How to address these issues! Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/psw for all the latest episodes!

Mike is the Director of Product Management for Google Cloud Security.The concept of shared responsibility between provider and customer is core to managing security and risk as organizations move to the cloud. With the rise of hybrid and multi-cloud deployments, how do responsibilities change? Segment will cover how you can evolve your risk models and how cloud providers might help maintain and improve your security posture in a hybrid world. Full Show Notes: https://wiki.securityweekly.com/Episode613 Visit https://www.securityweekly.com/esw for all the latest episodes!

Riverbed launches Aternity to improve digital experiences, Synopsys and Ixia, a Keysight Business, Announce Collaboration to Enable Scalable Networking SoC Validation Solution, CyberArk unveils industrys most complete SaaS portfolio for privileged access security, The age of Azure is upon us: Microsoft's biggest business segment is now the one that includes its Azure cloud, OneLogin launches passwordless device authentication for Windows PCs without Active Directory, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications segment, 8 Sales Skills You Need to Learn, The Trust Crisis, Five Management Lessons From the Apollo Moon Landing, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode137 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Luis is IT Glue s VP, Product. In his native Colombia, he was in the music business, once playing keyboards on tour with Shakira. Luis will be talking about Unified IT, and the Capabilities of Kaseya's IT Complete Platform What are organizations struggling with, and how the value of a unified platform can help drive higher efficiency, deeper workflow-level integrations, and lower overall cost. To learn more about Kaseya, visit: https://securityweekly.com/kaseya Full Show Notes: https://wiki.securityweekly.com/ES_Episode146 Visit https://www.securityweekly.com/esw for all the latest episodes!

Ajit Sancheti is the CEO at Preempt. Ajit will be discussing Securing Identity with Conditional Access. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode137 To learn more about Preempt, visit: https://securityweekly.com/preempt Visit https://www.securityweekly.com/bsw for all the latest episodes!

SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!

Ian Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!

Slack Resets User Passwords After 2015 Data Breach, Hacker Breached Sprint Customer Accounts Through Samsung Website, Why 72% of people still recycle passwords Why 100% of Security Weekly hosts drink, A.I. has a bias problem and that can be a big challenge in cybersecurity I'll bet some of us agree with this and some disagree. Why? Bias., and much more! Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

They will be covering: Vulnerability Management, Patching, Asset Management, and System Hardening. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!

Jared Haggerty is the Director, Content and Curation for Databerry. Jarred comes on the show to talk about an overview of security in business where it is now and where it is headed and the use of Automox in the IT Industry. Full Show Notes: https://wiki.securityweekly.com/ES_Episode145 Visit https://securityweekly.com/esw for all the latest episodes!

David Harding is the SVP & Chief Technology Officer at ImageWare Systems, Inc. Identity authentication is more important now than at any other time in history. Today's methods such as 2-factor authentication are falling short and are not as secure as once believed. How do we secure our networks, private information, financial transactions, and healthcare data without adding friction and losing privacy? We'll address the authentication methods that exist, when they are appropriate, and how to use both 2FA and multi-factor biometric authentication to control and manage your digital identity. Full Show Notes: https://wiki.securityweekly.com/ES_Episode145 Visit https://securityweekly.com/esw for all the latest episodes!

Eric McAlpine is the Co-founder and Managing Partner at Momentum Cyber. Eric is a Founder & Managing Partner at Momentum Cyber a firm he co-founded in 2018 along with Dave DeWalt and Michael Tedesco. Momentum Cyber is the premier trusted strategic adviser to the Cybersecurity industry providing bespoke high-impact advice combined with tailored senior-level access from incubation to exit. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Vade Secure's Auto-Remediate adds automated protection for Office 365 environments, Aqua Security deepens strategic relationship with Microsoft to accelerate Azure deployments, Trend Micro's Deep Security as a Service now available on the Microsoft Azure Marketplace, DefenseStorm raises $15M to invest in employees and innovation, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode145 Visit https://securityweekly.com/esw for all the latest episodes!

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode136

Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps? Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments. To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, Zoom's RCE Vulnerability is affecting over 700,000 companies, how YouTube is trying to ban hacking videos, 1TB of police body cam footage is available online, and how the US Cyber Command warns of Outlook flaw exploited by Iranian Hackers! Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

Growth of account takeover and how to prevent it Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user s existing account, tips to protect against account takeover. Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

Employees are the weakest link in Cybersecurity and because of this 80% of businesses will adopt a Cloud-based training solution by 2020. Small to Medium sized businesses are being left behind by complex, time-consuming solutions. Resellers need MRR, simple solutions that don't require training and certifications, and need help with client renewals. SMB's face the most complex, and highest rates of online attacks ever. Technology cannot solve all their risks, most solutions are too complex, time-consuming, and costly. Open solutions like CyberHoot allow you to build automated cybersecurity programs, track employee compliance, and address critical risks we all face. Segment References: https://wiki.securityweekly.com/ES_Episode144 Visit https://securityweekly.com/esw for all the latest episodes!

Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies. To learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/Episode611 Follow us on Twitter: https://www.twitter.com/securityweekly

In the news segment, Is Broadcom buying Symantec?, Chronicle will join Google Cloud, PingID to Support FIDO-Compliant Biometric Authentication and Security Keys, and BeyondTrust Simplifies Endpoint Privilege Management with PAM Platform Integration. Full Show Notes: https://wiki.securityweekly.com/ES_Episode144 Visit https://securityweekly.com/esw for all the latest episodes!

John Strand and Matt Alderman will discuss Threat Hunting. Full Show Notes: https://wiki.securityweekly.com/ES_Episode144 Visit https://securityweekly.com/esw for all the latest episodes!

WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Leadership and Communications segment, Life Lessons of Ben Franklin, A Lesson in Leadership, How to Start a Speech: The Best (and Worst) Speech Openers, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly

Mark Brown, Senior Director of Standards Connect, from ANSI. ANSI is a nonprofit that supports U.S. voluntary standards and conformity assessment and protects the integrity of these processes. One way in which ANSI helps to enhance the global competitiveness of US businesses and quality of life, is to provide access to standards for companies worldwide. Some companies find Standards Connect, a subscription-based platform for standards management, to be their best solution to search, access, collaborate, and manage the standards they need. To learn more about ANSI, visit: https://securityweekly.com/ansi Full Show Notes: https://wiki.securityweekly.com/BSWEpisode135

In the Leadership and Communications segment, Mastercard CTO reveals must-have executive leadership traits, 10 Presentation Ideas That Will Radically Improve Your Presentation Skills, 7 tech skills managers hunt for, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Edna Conway is the Chief Security Officer, Global Value Chain at CISCO. Edna will be discussing Global Value Chain at Cisco. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode134

GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly

Nearly 100 drivers following Google Maps detour get stuck in muddy field, Breach at Cloud Solution Provider PCM Inc., Inside the West s failed fight against China s Cloud Hopper hackers, Mozilla fixes second Firefox zero-day, Trump story. More stories and links here: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Don Pezet will be discussing the new CySA+ and PenTest+ certs that ITProTV has to offer! Don has been working in the IT industry for more than 18 years and in training for more than 12 years. He is the co-founder of ITProTV. Don is certified by many vendors including Microsoft and Cisco. To learn more about ITProTV, visit: https://securityweekly.com/itprotv Full Show Notes: https://wiki.securityweekly.com/Episode610 Follow us on Twitter: https://www.twitter.com/securityweekly

Kathleen Smith is the CMO at CyberSecJobs.Com/ClearedJobs.Net. We all have cool tools, but not necessarily the best ones for career search or professional development. Why is it so hard? Many of the resources are at our fingertips, we just are using them or are too scared to reach for them. Slides: https://www.slideshare.net/CyberSecJobs/cyber-security-community-volunteering-survey-results-2018 Links to more slides here: https://wiki.securityweekly.com/Episode610 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

In our second segment, we welcome Sai Chavali, Security Strategist at ObserveIT. Most companies have preventative controls on email today, however, they are still finding that users exfiltrating sensitive data through corporate email is all too common. Currently, detection and investigation of out-of-policy user activity and security incidents are time-consuming and riddled with manual processes. Learn more on how ObserveIT helps security teams with real-time detection and take investigation time from months to minutes. To learn more about ObserveIT, visit: https://securityweekly.com/observeit Full Show Notes: https://wiki.securityweekly.com/ES_Episode143 Visit https://securityweekly.com/esw for all the latest episodes!

CyberArk opens integration ecosystem to community contributions, ExtraHop Announces Reveal(x) Cloud, McAfee announced updates to McAfee MVISION Cloud for Amazon Web Services, and Elastic expands cybersecurity push in new version of software suite! Full Show Notes: https://wiki.securityweekly.com/ES_Episode143 Visit https://securityweekly.com/esw for all the latest episodes!

API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Leadership and Communications segment, CEOs Share Their Most Helpful (and Unconventional) Career Advice, 3 Lessons From Emerging Leaders On The Power of Differing Perspectives, New breed of security vendor spells trouble for pure play firms, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

In our final segment, we welcome Britta Glade, Director of Content and Curation of RSA Conference, and Linda Gray, Director and Chief of Operations for RSAC APJ, to discuss what's coming new this year for the RSA Conference APJ! To learn more about RSAC APJ, visit: https://www.rsaconference.com/events/ap19 Full Show Notes: https://wiki.securityweekly.com/ES_Episode143 Visit https://securityweekly.com/esw for all the latest episodes!

Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly

Tom Garrubba is Senior Director/CISO at Santa Fe Group/Shared Assessments. He is an internationally recognized thought leader, lecturer, and blogger on third party risk, and is the head instructor for the Certified Third Party Risk Professional (CTPRP) program. Previously, Tom was Senior Privacy Manager at a Fortune 10 US-based Healthcare company where he implemented and managed a world-class third party risk program. He has over 20 years of experience in IT security, privacy, audit, and compliance in industry and public consulting. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode133

In the Security News, how not to prevent a cyberwar with Russia, the case against knee-jerk installation of Windows patches, U.S. customs and Border Protection data breach is the result of a supply chain attack, and a phishing scam that hacks 2 factor authentication! Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly