Security Weekly Podcast Network (Video)

We welcome back Bryson Bort, who is the Founder/CEO of GRIMM. Bryson will be talking about Purple Teaming, Top Attack Simulation Scenarios, and Testing Command & Control Channels. To learn more about SCYTHE, visit: https://securityweekly.com/scythe Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly

We interview Vivek Ramachandranis the Founder & CEO of Pentester Academy. Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card. Full Show Notes: https://wiki.securityweekly.com/Episode609 Follow us on Twitter: https://www.twitter.com/securityweekly

Paul will talk about the challenges of inheriting someone else's code. Paul will discuss 5 tips: Use an IDE, Variable Usage, Jump To Implementation and Declaration, Global Search, and Inspection. Full Show Notes: https://wiki.securityweekly.com/ES_Episode142 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

In the Enterprise News, Docker desktop for Windows 10 will soon switch to WSL 2, Netskope introduces Zero-Trust secure access to private enterprise applications, 10 notable security acquisitions of 2019, and can your patching strategy keep up with the demands of open source? Full Show Notes: https://wiki.securityweekly.com/ES_Episode142 Visit https://securityweekly.com/esw for all the latest episodes!

Security in a healthcare environment takes on many unusual aspects that other industries do not typically deal with. From patient restraints to drug diversion to the highest workplace violence rates in any US industry, healthcare is one of the most complex and challenging security environments to maintain. Full Show Notes: https://wiki.securityweekly.com/ES_Episode142 Visit https://securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications Segment, the trust crisis in business, employee engagement and successful change, and 3 shocking ways to show up today! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

Jeremy Winter is the Director, Azure Management at Microsoft Azure. He joins us to talk about what CSOs & CISOs need to know about Azure + Cloud migration Tips + Mythbusting cloud security issues. This episode of Business Security Weekly will focus on what CSOs and CISOs need to know about Azure. Additionally, Jeremy will touch upon the best cloud migration tips and mythbust cloud security issues. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode132

In the Security News, the rise of purple teaming, the World's largest beer brewer sets up a Cyber-security team, a mystery signal shutting down key fobs in an Ohio neighborhood, why hackers ignore most security flaws, and warnings of real world-wide worm attacks are the real deal! Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

There's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome back Corey Thuen, Founder and CEO of Gravwell, to talk about security analytics using the new Sysmon DNS logging that dropped this week! To get involved with Gravwell, visit: https://securityweekly.com/gravwell Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

Matt and Paul talk about Seed Rounds, Equity Rounds, Debt Rounds! Discussing how to invest, how investors operate, and how to get involved with preferred stocks. Full Show Notes: https://wiki.securityweekly.com/ES_Episode141 Visit https://securityweekly.com/esw for all the latest episodes!

Peter Smith, Edgewise Founder and CEO, is a serial entrepreneur who built and deployed Harvard University's first NAC system before it became a security category. Peter comes on the show to talk about Edgewise's 1 click microsegmentation! To get involved with Edgewise, visit: https://securityweekly.com/edgewise Full Show Notes: https://wiki.securityweekly.com/Episode608 Follow us on Twitter: https://www.twitter.com/securityweekly

Do you wonder how your team can save costs by lifting and shifting your existing applications to containers, and build micro-services applications to deliver value to your users faster? Use end-to-end developer and CI/CD tools to develop, update, and deploy your containerized applications? Manage containers at scale with a fully managed Kubernetes container orchestration service that integrates with Azure Active Directory? Wherever you are in your app modernization journey, the hardest part is knowing where to begin. Full Show Notes: https://wiki.securityweekly.com/ES_Episode141 Visit https://securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications segment, 7 subconscious habits that sabotage your ability to listen - and lead, the power of writing stuff down, what really helps employees improve, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

Rapid7 is integrating access to Insight Platform Applications, Ixia releases a new Scalable, modular packet broker, Sonatype's Nexus user conference to bring 2000 DevSecOps leaders together for free, and CyberArk and CNA introduce cybersecurity insurance! Full Show Notes: https://wiki.securityweekly.com/ES_Episode141 Visit https://securityweekly.com/esw for all the latest episodes!

Unfortunately, our scheduled interview was cancelled this week, but we are working to get Brian rescheduled. Instead, we're going to discuss the state of privacy one year after GDPR. Yes, GDPR is a year old. Are things better, worse, or the same? Full Show Notes: https://wiki.securityweekly.com/BSWEpisode131

"Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, SalesForce bans customers from gun sales, what is your iPhone talking to overnight, Office retires support for old Android versions, and really how likely are weaponized cars?! Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome back Amanda Berlin, CEO of Mental Health Hackers to talk about why its important to educate technology professionals about unique mental health risks faced by people in the field, and how we can provide them with the proper support services to help! Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

Flexera Acquires RISC Networks, Security stays hot as Imperva grabs Distil Networks, EnSilo is raising a series B to monitor and remediate cyber threats, SentinelOne lands $120 mln Series D, Securonix Partner Program Targets MSSPs, Thycotic Expands Enterprise-Grade Privileged Access Management-as-a-Service Solution, SecureAuth Innovates Secure Identity Management with its Intelligent Identity Cloud Service, and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode140 Visit https://securityweekly.com/esw for all the latest episodes!

In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind. To learn more about Endgame, visit: https://securityweekly.com/endgame Full Show Notes: https://wiki.securityweekly.com/Episode607 Follow us on Twitter: https://www.twitter.com/securityweekly

Charles Thompson is the Senior Director of Product Management at Viavi. Charles will discuss the importance of response/remediation in a strong security strategy and the role wire-data plays in having the forensic detail needed to identify a breach, understand scope of impact, and confirm restoration of network performance to pre-incident baseline. To learn more about Viavi Solutions, visit: https://securityweekly.com/viavi Full Show Notes: https://wiki.securityweekly.com/ES_Episode140 Visit https://securityweekly.com/esw for all the latest episodes!

Andrew Hollister is the Chief Architect & Product Manager at LogRhythm. Andrew will talk about the Security Operations Maturity Model: How to Measure the effectiveness of your SOC. To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Paul will be giving a technical segment on Defending Your Environment Against Major Microsoft Vulnerabilities. Discussion points will consist of: Discovery, Temporary Countermeasures, Be Resilient, and Paul talks about the two things he'd change if he were in charge. Full Show Notes: https://wiki.securityweekly.com/ES_Episode140 Visit https://securityweekly.com/esw for all the latest episodes!

John McCumber is the Director, Cybersecurity Advocacy at (ISC)2. John will cover the statistics behind the cybersecurity workforce gap, and explain why what we perceive anecdotally isn't what we see in the media. Learn what is really taking place in cybersecurity hiring, training, and education. Find new opportunities in this data for your personal career growth. To learn more about ISC2, visit: https://securityweekly.com/isc2 Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

This week, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that makes you WannaCry! Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtual), network devices, and endpoints. From "day 0" provisioning to "day n" configuration drift management and compliance management, Salt can scale to automate all the most difficult and frustrating tasks. To learn more about SaltStack, visit: https://securityweekly.com/saltstack Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

Ruvi Kitov, CEO and Co-Founder of Tufin, talks about the importance of having a network-wide security policy! The discussion will be on the importance of having a network-wide security policy, the fact that most companies don't have one, and therefore lack visibility and are not compliant with regulations and even with their own policies, and finally the value that we provide with SecureTrack. To learn more about Tufin, visit: https://securityweekly.com/tufin Full Show Notes: https://wiki.securityweekly.com/ES_Episode139 Visit https://securityweekly.com/esw for all the latest episodes!

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems! Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digital hygiene if we don't have the proper education in place?, what is Digital Citizenship, and how is the Privacy playing a roll in our always-on youth? Full Show Notes: https://wiki.securityweekly.com/Episode606 Follow us on Twitter: https://www.twitter.com/securityweekly

John Strand and Paul Asadoorian discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and funding updates from Palo Alto, FireEye, and Verodin! Full Show Notes: https://wiki.securityweekly.com/ES_Episode139 Visit https://securityweekly.com/esw for all the latest episodes!

We interview Jack Jones, Chief Risk Scientist at RiskLens to talk about Understanding and quantifying cyber risk using FAIR! Full Show Notes: https://wiki.securityweekly.com/ES_Episode139 Visit https://securityweekly.com/esw for all the latest episodes!

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise News, ThreatQuotient expands integration with MITRE ATT&CK Framework, JASK launches a new Heads Up Display for security operations centers, and we have some acquisition and funding updates from Guardicore, Auth0, and KnowBe4! Full Show Notes: https://wiki.securityweekly.com/ES_Episode138 Visit https://securityweekly.com/esw for all the latest episodes!

Candy Alexander is the President of Information Systems Security Association. Ms. Alexander has 30 years of information security experience working for various high-tech companies. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a Virtual or Fractional CISO and Executive Cyber Security Consultant assisting companies large and small to improve their security programs through effective security initiatives. Full Show Notes: https://wiki.securityweekly.com/ES_Episode138 Visit https://securityweekly.com/esw for all the latest episodes!

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training! Full Show Notes: https://wiki.securityweekly.com/Episode605 Follow us on Twitter: https://www.twitter.com/securityweekly

Corey Thuen is the Co-Founder at Gravwell. Corey covers the topics: Framework for discussion: the pillars of the SOC and the 80/20 principle, Wire data, Log/Application Data, Endpoint protection/EDR, Threat Intel, Data fusion, SOAR, and much more! To learn more about Gravwell, visit: https://securityweekly.com/gravwell Full Show Notes: https://wiki.securityweekly.com/ES_Episode138 Visit https://securityweekly.com/esw for all the latest episodes!

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

Mike Shema and John Kinsella interview Cody Wood. Cody Wood is the AppSec Product Support Engineer at Signal Sciences. To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Leadership and Communications segment, don't let your expertise narrow your perspective, don't be blinded by your own expertise, and the smartest cities in the future of urban development! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

We welcome Ferruh Mavituna, Founder and CEO of Netsparker! They will be discussing the discover and scan perspective of applications, how to handle in-house written applications vs. ones that are acquired, the prioritization and planning of the applications you have, and the common practice companies should be doing to focus on the top 20% of critical apps. To get involved with Netsparker, visit: https://securityweekly.com/netsparker Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability! Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Federico Simonetti is the CTO of Xiid Corporation. Federico comes on the show to discuss How To Fix Identity & Access Management. Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Julian Zottl is the Cyber and Information Operations SME at Raytheon. Julian joins us on the show to talk about side-channel attacks! Full Show Notes: https://wiki.securityweekly.com/Episode604 Follow us on Twitter: https://www.twitter.com/securityweekly

Ferruh Mavituna is the Founder & Product Manager at Netsparker. Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing? To learn more about Netsparker, visit: https://securityweekly.com/netsparker Full Show Notes: https://wiki.securityweekly.com/ES_Episode137 Visit https://securityweekly.com/esw for all the latest episodes!