Security Weekly Podcast Network (Video)

Michael and Paul ask Jason how to become a better business. Jason explains how to run your security team as in a 'fish bowl', and how to apply this technique to your clients and their business. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode101

Michael and Paul discuss the tools that have helped them in their business. They talk about the books they've read, the interviews that helped them the most, and the journey from Startup Security Weekly to Business Security Weekly!

In the security news, Russian Hackers use Malware that can survive OS reinstalls, Facebook's 2-Factor authentication With a phone number isn't only for security, it's used for ads ,FBI warns companies about hackers increasingly abusing RDP connections, NSA employee who brought hacking tools home sentenced to 66 months in prison, new Linux Kernel Bug affects Red Hat, CentOS, and Debian Distributions, and Baddies just need one email account with clout to unleash phishing hell, and more! Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

Carlos Perez delivers the Technical Segment on How to Operate Offensively Against Sysmon. He talks about how SysMon allows him to create rules, and track specific types of tradecraft, around process creation and process termination. He dives into network connection, driver loading, image loading, creation of remote threats, and more! Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

Mike Nichols is the VP of Product Management at Endgame, and he manages the Endgame endpoint protection platform. Keith McCammon is the Chief Security Officer and Co-Founder of Red Canary, and he runs Red Canary's Security Operation Center. Shawn Smith is the IT Security Manager at Panhandle Educators Federal Credit Union. They discuss the problems Shawn had that led him to choose Red Canary and Endgame as his solution, skill shortages in vendors, what he did to convince his management to approve of this solution, and what his process for testing the effectiveness of these solutions was. Full Show Notes: https://wiki.securityweekly.com/Episode577 Visit https://www.securityweekly.com/psw for all the latest episodes!

In the Enterprise News this week, Bomgar to be renamed BeyondTrust after acquisition from PAM vendor, Rapid7 looks to SOAR with InsightConnect Automation Platform, DigiCert, Gemalto, and ISARA Partner on Quantum-Safe Encryption, Symantec extends Data Loss Prevention Platform with DRM, ExtraHop announces the availability of Reveal(x) for Microsoft Azure, Attivo brings cyber security deception to containers and serverless, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode108 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit http://securityweekly.com/esw for all the latest episodes!

Paul and Matt sit down this week to discuss Threat and Vulnerability Management, the value it has, and the different players that deal with it in the Enterprise. They delve into Cloud and Application Security's impact on vendors, and who they need to look at for potential integrations or acquisitions. Full Show Notes: https://wiki.securityweekly.com/ES_Episode108 Visit https://www.securityweekly.com/esw for all the latest episodes! Visit http://securityweekly.com/esw for all the latest episodes!

In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly

Ron started his cybersecurity career as a network penetration tester for the NSA, and is the Founder of Tenable and Gula Tech Adventures. He joins Keith and April for an interview to talk about security in the upcoming elections, how to maintain separation of duties, attack simulation, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33 Follow us on Twitter: https://www.twitter.com/securityweekly

In the second part of Scott's interview, Michael and April talk with him about ICS security, communication, and building relationships! They discuss the best practices to understand how these systems work, holding accountability, common goals, and how legal and security share common goals! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Scott brings a unique mixture of hands-on experience in incident response, penetration testing, forensics, operations, architecture, engineering, and executive leadership as a former Chief Information Security Officer (CISO) to the Rapid7 Advisory team. He talks about his role at Rapid7, why he joined the company, how to integrate security better into an organization, and what he recommends to people who need to break the ice and get their first meeting started! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode100

Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US Military given the power to hack back and defend forward,and AmazonBasics Microwave works with Alexa! Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Apollo Clark goes through inventory management, access management, config management, patch management, automated remediation, logging and monitoring, and deployment tools. Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Mike Ahmadi oversees IoT security solutions and technical implementations for DigiCert customers across various verticals that include industrial, transportation, smart city, consumer devices and healthcare. Full Show Notes: https://wiki.securityweekly.com/Episode576 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Cisco aims to make security foundational throughout its business, Fidelis looks to grow cyber-security platform, How artificial intelligence can improve human decision-making in IoT apps, Crossmatch announces the availability of DigitalPersona v3.0, and video fingerprinting. Full Show Notes: https://wiki.securityweekly.com/ES_Episode107 Visit http://securityweekly.com/esw for all the latest episodes!

Doug White and Matt Alderman talk about audit mistakes. Don't get into the mindset of ticking the box to satisfy audit. - What is this control and why are using it? - What does it control? Full Show Notes: https://wiki.securityweekly.com/ES_Episode107 Visit http://securityweekly.com/esw for all the latest episodes!

Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly

Michael Santarcangelo joined by special guest Ron Gula from Gula Tech Adventures, talk with Chris Brenton about how do you take someone with a basic level certification and give them access to the tool? Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Michael Santarcangelo returns! Michael is joined by Matt Alderman and Ron Gula to interview Chris Brenton. They discuss what is threat hunting, what does this actually mean, is there a level of maturity required (organization, security team, individuals)? Full Show Notes: https://wiki.securityweekly.com/BSWEpisode99

Microsoft accidentally lets encrypted Windows 10 out the the world, Kernel exploit discovered in macOS, PowerShell obfuscation ups the anty on anti virus, Google outlines incident response process, BombGar buys BeyondTrust, and Neil DeGrasse Tyson speaks on Elon Musk saying: Let the man Get High! All that and more, on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode575 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Eyal Neemany describes how to bypass Linux Pluggable Authentication Modules provide dynamic authentication support for applications and services in a Linux or GNU/kFreeBSD system. Eyal Neemany is the Senior Security Researcher for Javelin Networks. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Brian Coulson is a Senior Security Research Engineer in the Threat Research Group of LogRhythm Labs in Boulder, CO. His primary focus is the Threat Detection Modules such as UEBA, and NTBA. →Full Show Notes: https://wiki.securityweekly.com/Episode575 →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

Proofpoint automates email security with CLEAR, Demisto releases state of SOAR 2018 report, OneLogin and Netskope partner to expand cloud security for enterprises, RedSeal launches remote administrator managed service, Corelight expands network security platform with virtual edition, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit http://securityweekly.com/esw for all the latest episodes!

David Maestas, also known as Dave, is the Co-Founder and Chief Technology Officer at Bandura Systems. David talks about how to phase out the bad tools and companies in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ES_Episode106 Visit http://securityweekly.com/esw for all the latest episodes!

U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly

Imperva acquires app security firm Prevoty in $140 million deal, Allstate accelerates expansion into Identity Protection with acquisition of InfoArmor, Sonatype receives $80 million investment from TPG, Very Good Security makes data unhackable with $8.5 million from Andreessen, Lacework raises $24 million for AI-based cloud security platform, Synapsefi raises over $17 million in Series A funding, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

In the security news, Spanish driver tests positive for every drug test, vulnerabilities found in the remote management interface of Supermicro servers, Apache Struts 2 flaw in the wild, HTTPS crypto-shame, and how to manipulate Apple's podcast charts! Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Michael and Paul interview Gabriel Gumbs from STEALTHbits. They talk about moving from detection to prevention, and protecting your data! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode98

Beacon analysis is an integral part of threat hunting. If you are not looking for beacons you take the chance of missing compromised IoT devices or anything that does not have a threat mitigation agent installed. I'll talk about what makes beacon hunting so hard, and how the open source tool RITA can simplify the process. ***Powerpoint Slides in Full Show Notes*** Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Wim Remes from Wire Security bvba comes on the show to talk about pentesting, SDLC, the state of security, life of a (virtual) CISO, and certifications. Full Show Notes: https://wiki.securityweekly.com/Episode574 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Paul talks with Bret Settle, the CEO of ThreatX about shifting the focus to the hacker. Check out this interview and learn about innovative endpoint defenses and how attackers use covert signaling technologies (such as pulsing cooling fans!) to exfiltrate data. Full Show Notes: https://wiki.securityweekly.com/ES_Episode105 Visit http://securityweekly.com/esw for all the latest episodes!

Paul interviews Marc French the SVP Chief Trust Officer of Mimecast. He also interviews Ofer Maor the Director of Solutions for Synopsys. Ofer talks about the problem Synopsys solves, the deployment for the static analysis tool, and about the open source libraries from Synopsys. Full Show Notes: https://wiki.securityweekly.com/ES_Episode105 Visit http://securityweekly.com/esw for all the latest episodes!

How the Department of Defense is using Open Source, BitSight launches forecasting capability, SentinelOne teams up with Sumo Logic, Swimlane supports McAfee's advanced security operation, Fortinet releases new IoT security controller, and Secureworks opens up proprietary UEBA through partner programme. Full Show Notes: https://wiki.securityweekly.com/ES_Episode105 Visit http://securityweekly.com/esw for all the latest episodes!

In the Security News this week, Zero-Day Windows exploits, How to hide sensitive files in encrypted containers, Misfortune Cookie vulnerability returns, and bank robbers faked Cosmos backend to steal 13.5$ million. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

John is a Senior Product Manager at DFLabs, where he performs a wide variety of tasks from product management to content development and partner management. Prior to joining DFLabs John worked for a global security services provider, performing a wide variety of incident response consulting services. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects. Full Show Notes: https://wiki.securityweekly.com/Episode573 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise News this week, VMWare launches Blockchain project, lacework raises new funds to extend Cloud Security capabilites, Minerva Labs achieves certified integration with McAfee ePO, CrowdStrike helps advance malware searches on hybrid analysis portal, Atos named a leader in IoT services by global analyst firm NelsonHall, and more! Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit http://securityweekly.com/esw for all the latest episodes!

John Strand delivers the Technical Segment this week on Office 365 User Behavior Analytics. The idea is if you have a user account simultaneously logged in to multiple computer systems, that may be abnormal. Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit http://securityweekly.com/esw for all the latest episodes!

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Rick Holland has more than 15 years' experience working in information security. Paul and John talk to Rick about vulnerability management, WAFs, and advice to enterprise marketing. Full Show Notes: https://wiki.securityweekly.com/ES_Episode104 Visit http://securityweekly.com/esw for all the latest episodes!

Join Paul, Doug White, and Todd to talk about Security Innovation that includes: AlienVault, Cloudera, Splunk, Fortinet, CA and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776 - How the 3 Ways of DevOps can guide us toward better security practices - Shared Version Control - Test Environments - Shared Ticketing - ChatOps - Buying Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

The Untold story of NotPetya, New Apache Struts RCE Flaw, How door cameras are creating dilemmas for police, Google gets sued for tracking you even when your location history is off, and Artificial Whiskey is coming, and one company is betting you'll drink up. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Todd talks about his journey in the security industry. Todd also explains what Bandura Systems does for the security industry and how they sell their solution to companies. Full Show Notes: https://wiki.securityweekly.com/BSWEpisode97 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He comes on the show to discuss PHP Type Juggling Vulnerabilities. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Tod Beardsley is the Director of Research at Rapid7. Paul talks to Tod about his recent projects Sonar and Heisenberg. They also discuss Tod's Under the Hoodie pentest report. Full Show Notes: https://wiki.securityweekly.com/Episode572 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

Mike leads the Product Management, Product Marketing, UX, and Business Development efforts at DomainTools. He brings over 20 years of experience in the security industry, and has a real passion for building products that customers love and driving significant growth for the product lines he leads. Full Show Notes: https://wiki.securityweekly.com/ES_Episode103 Visit http://securityweekly.com/esw for all the latest episodes!

Paul Asadoorian and Matt Alderman compare and contrast the enterprise security vendors that were at Black Hat and DEF CON 2018. Full Show Notes: https://wiki.securityweekly.com/ES_Episode103 Visit http://securityweekly.com/esw for all the latest episodes!