Security Weekly Podcast Network (Video)

Ferruh Mavituna is the Founder & Product Manager at Netsparker. Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing? To learn more about Netsparker, visit: https://securityweekly.com/netsparker Full Show Notes: https://wiki.securityweekly.com/ES_Episode137 Visit https://securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications segment, Transformational leadership style inspires 'moonshot goals', How to Deal With Information Overload, The surprising secret of success: it's not about winning, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

Paul will be giving a technical segment on firewalls. Paul talks about an enterprise open-source firewalls? Full Show Notes: https://wiki.securityweekly.com/ES_Episode137 Visit https://securityweekly.com/esw for all the latest episodes!

In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Jon Fredrickson, Information Security Officer at Blue Cross & Blue Shield of Rhode Island. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode128

This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains. Derek is the VP and DevOps Advocate at Sonatype. Derek is the world's foremost researcher on the topic of DevSecOps and securing software supply chains. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly

The top 5 mistakes that create field days for hackers, WordPress 5.2 brings new security features, a discontinued Insulin pump with security a security flaw in high demand, and how to communicate privately in the age of digital policing! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

Chris Sanders is the Founder of Applied Network Defense & Rural Technology Fund. He is also the Director of the Rural Technology Fund, a non-profit that donates scholarships and equipment to public schools to further technical education in rural and high poverty areas. Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

We have a Security Industry Briefings Update, where we talk about 42Crunch, Viridium, Whitecanyon, and Eclypsium! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://securityweekly.com/esw for all the latest episodes!

Lesley Carhart is the Principal Threat Analyst at Dragos Inc.. Lesley has been performing digital forensics and incident response on unconventional systems and advanced adversary attacks for over a decade. Lesley will be discussing her transition from IT security to OT security, DFIR in ICS - What is it like doing forensics in this environment? Firmware? Micro-code?, and much more! Full Show Notes: https://wiki.securityweekly.com/Episode603 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise news, Secureworks launches new cybersecurity analytics app, StackRox Kubernetes Security Platform Receives Red Hat Container Certification, SIEM Solutions Firm Exabeam Raises $75 Million, and Serverless monitoring startup Espagon expands to cover broader microservices TechCrunch, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://securityweekly.com/esw for all the latest episodes!

Nik Whitfield is the CEO at Panaseer. He joins us to talk about Continuous Controls Monitoring! Full Show Notes: https://wiki.securityweekly.com/ES_Episode136 Visit https://securityweekly.com/esw for all the latest episodes!

Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and security. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Leadership and Communications segment, How to build a startup, You Don't Have To Be Nice To Be Respected. Boeing and the Importance of Encouraging Employees to Speak Up, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

Sven joins us to talk about securing our applications, how confident can we be about the security of web applications, and how we can make it easier to build applications that we don't need to worry about the OWASP top 10 because of secure defaults. To learn more about Netsparker, visit: https://securityweekly.com/netsparker Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60 Follow us on Twitter: https://www.twitter.com/securityweekly

Matt, Jason, and Paul do a recap on the Global Cyber Innovation Summit that was held in Baltimore last week! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode127

We welcome Philip Niedermair from National Cyber Group. Philip is the CEO at National Cyber Group and he joins us to discuss the National Cyber Education Program! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise news, ThreatConnects new features make creating security playbooks easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine! Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://securityweekly.com/esw for all the latest episodes!

Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders! Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications segment, 5 Myths about Strategy, The making of a technology leader, Want Fewer Employees to Quit? Listen to Them, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

A self-described "Nerd with a big mouth" Jay is an 18-year startup veteran specialized in pre-IPO, hyper-competitive environments with a focus on new technology introduction, partner/customer acquisition. Jay joins us to discuss Patch management struggles and how to overcome them! To get involved with Automox, visit: https://securityweekly.com/automox Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://securityweekly.com/esw for all the latest episodes!

Craig Sandman is the President and Co Founder of Symbol Security, a Cyber Security SaaS company with a mission to reduce corporate risk through Security Awareness Education. Craig will discuss Security Awareness, Education, and Training! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode126

In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly

Serious vulnerabilities found in Fujifilm x-ray devices, Facebook could be fined 5 billion over privacy violations, preinstalled malware on bootleg streaming devices, hackers using SIM swapping to steal cryptocurrency, and how a 29 year old computer scientist created the algorithm that took the first ever picture of a black hole! Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Guru Pandurangi is the CEO and Founder of Cloudneeti, to talk about how their SaaS product is delivering continuous cloud security and compliance assurance to businesses migrating or using cloud providers such as Azure, AWS, Office365, to develop and host their applications! To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Haroon Meer is the CEO and Researcher at Thinkst. He is coming on the show to talk about why hackers should create companies, and some of the technical details behind Thinkst' tool Canary! To get started with Canary, visit: https://securityweekly.com/canary Full Show Notes: https://wiki.securityweekly.com/Episode601 Follow us on Twitter: https://www.twitter.com/securityweekly

Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community! A great conversation between two security legends and long time best friends! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://securityweekly.com/esw for all the latest episodes!

In the Enterprise news, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://securityweekly.com/esw for all the latest episodes!

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN. Francis Dinha is the CEO of OpenVPN. Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://securityweekly.com/esw for all the latest episodes!

In the Leadership and Communications segment, 5 Ways to Find Natural Leaders for Your Team, Business Wisdom Learned From Bomb Squad Experts And Their Commanders, Why Rest Is Essential To High Performance, 4 Ways Working Dads Can Make More Time for Family, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125

Adam Fletcher is the Chief Information Security Officer for Blackstone. As a security professional with over 18 years of experience, Adam has worked with global security organizations large and small including McAfee, Nokia, VeriSign, ISS and Accuvant. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode125 Please join Adam and other CISOs at the Global Cyber Innovation Summit by visiting https://globalcybersummit.org/request-information to request your invitation.

In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58 Follow us on Twitter: https://www.twitter.com/securityweekly

Thomas is the creator of the Salt open source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and IoT. To learn more about SaltStack, visit: https://securityweekly.com/saltstack Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58 Follow us on Twitter: https://www.twitter.com/securityweekly

We interview Patrick Tierney, the Sales Engineer at Endgame. To get involved with Endgame, visit: https://securityweekly.com/endgame Full Show Notes: https://wiki.securityweekly.com/ES_Episode133 Visit http://securityweekly.com/esw for all the latest episodes!

In the news, OpenVPN and JumpCloud Partner to Bring Secure Cloud-based Authentication and User Management to VPN, IdenTrust and Device Authority Collaborate to Deliver Secure Lifecycle Management to the IoT, Tufin Prices NYSE IPO at $108 Million, Bad security hygiene still a major risk for enterprise IT networks and much more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode133 Visit http://securityweekly.com/esw for all the latest episodes!

Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC Intel: Wire, Logs, Endpoint! To get involved with ExtraHop, vist: https://securityweekly.com/extrahop Full Show Notes: https://wiki.securityweekly.com/ES_Episode133 Visit https://securityweekly.com/esw for all the latest episodes!

Will is a Partner and a Founding Investor at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor's degree from the University of California, Berkeley. Full show Notes: https://wiki.securityweekly.com/BSWEpisode124

This week we have our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update the Security Weekly 25 index. Let's understand how the security market is doing. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode124

3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

In the news, Bitcoin mining ban considered by China's economic planner, Yahoo strikes $117.5 million data breach settlement, Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords, WikiLeaks Founder Julian Assange arrested and charged in US with computer hacking conspiracy, and How HTML5 Ping Is Used in DDoS Attacks. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Merissa Villalobos is the North America Talent Acquisition Leader for NCC Group, a global security consulting firm and has been recruiting in security for 10 years. She got her start in Virginia, at a Federal Government contractor, filling roles for the intelligence community and various Government Agencies. Jessica Gulick leads Katzcy Consulting, a growth hacker company that helps tech firms grow through strategy, market research, and digital marketing. With 20+ years in cybersecurity, she is a seasoned cybersecurity manager, marketer, consultant, and expert with a substantial network of technical and executive peers. If anyone has questions, they can visit our website at https://womenscyberjutsu.org/ or reach out to me directly, I'm always happy to help! Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Gabriel Gumbs is the VP of Product Management at Spirion where his focus is on the strategy and technology propelling Spirion's rapidly-growing security platform. A cybersecurity industry veteran with a 19 year tenure in CyberSecurity, he has spent much of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker. Full Show Notes: https://wiki.securityweekly.com/Episode600 Follow us on Twitter: https://www.twitter.com/securityweekly

Mike Weber is the Vice President of Coalfire and Rebecca Larson is the Director, Vulnerability Assessment Operations of Coalfire. Coalfire ASV Scanning: - ASV program (love, praise, struggle) - Development and growth of scanning, 1-5 person team, partnership, marketing position - Published opinion piece, getting knowledge, supporting the industry - Scan platform - RISE - movement in the company, coalfire programs, development at Coalfire - Limitations of scanning, pen testing? To learn more about Coalfire, visit: https://securityweekly.com/coalfire Full Show Notes: https://wiki.securityweekly.com/ES_Episode132 Visit http://securityweekly.com/esw for all the latest episodes!

In the last segment, we air the Security Briefing from Secure World Boston! Paul and Matt review the vendors at SecureWorld Boston 2019! Full Show Notes: https://wiki.securityweekly.com/ES_Episode132 Visit http://securityweekly.com/esw for all the latest episodes!

In the news, Cloud security company Bitglass raises $70M in late-stage round, Lockpath Announces Significant Updates to Keylight Platform, TrustBuilder Identity Hub introduces simple and scalable access management for Docker, Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners, RedSeal raises more than $60 million for its cybersecurity tools, Google expands cloud security capabilities, including simpler configuration, and Sysdig Unites Cloud-Native Visibility and Security in Platform Update. Full Show Notes: https://wiki.securityweekly.com/ES_Episode132 Visit http://securityweekly.com/esw for all the latest episodes!

This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco! To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly