Russell and Jim will discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode8
Russell and Jim will discuss security and compliance specifically for small businesses where they have been involved with audit and compliance including NIST 800-171, 800-53 (FISMA) and SOC, and how to achieve decent security and meet compliance requirements with limited staff and resources.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode8
Maersk CISO on NotPetya recovery, workforce harmony and what makes a security chief, Why Business Leaders Need to Understand Their Algorithms, How to Do a Digital Detox: 3 Easy Steps for Success, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode153
Nate Fick is the GM of Elastic Security. Earlier this month, Elastic announced a radical change to how endpoint protection is offered, doing away with per-endpoint pricing. We'd like to spend 5-10 mins talking about why, and the remainder of the show talking about a topic Nate has talked and written about extensively: organizational cybersecurity. Cybersecurity has historically been perceived as an enigma - a world of hackers lurking in the shadows - which reinforces the idea that the only way to stop them is with highly trained security experts at large enterprises with multi-million dollar budgets. To learn more about Elastic Security, visit: https://securityweekly.com/elastic
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode153
Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app. To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86
In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, A critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn't to blame for Capital One breach!
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628
$1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail’s AMP4Email via DOM Clobbering, and much more!
Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86
Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities.
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628
Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some lessons learned that can be shared with the wider community. The first is how to leverage automation and devsecops methodologies in your SOC and the second is how to break out of the traditional Tier 1-3 model.
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode628
Jorge Salamero is the Director of Product Marketing at Sysdig. Jorge joins us on the show to talk about Kubernetes, Project Falco, vulnerability pre-deployment, and containers.
To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162
Reuven Harrison is the Chief Technology Officer at Tufin. Reuven brings more than 20 years of software development experience, holding two key senior developer positions at Check Point Software, as well other key positions at Capsule Technologies and ECS. He received a Bachelor's degree in Mathematics and Philosophy from Tel Aviv University.
To learn more about Tufin, visit: https://securityweekly.com/tufin Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode162
In the enterprise news, discussing how Sysdig supports Google Cloud Run for Anthos to secure serverless workloads in production, StackRox Kubernetes Security Platform 3.0 Introduces Advanced Features and New Workflows for Configuration and Vulnerability Management, and some acquisition and funding updates from CyberCube, 1Password, Docker, WhiteSource, and more!
Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode162
Verizon finds payment security declines for 2nd consecutive year, Is My PCI Compliance Good Enough to Serve as a Network Cybersecurity Audit?, Getting Prepared for New York’s Expanded Security Breach and Data Security Requirements, Virginia Builds New Model for Quantifying Cybersecurity Risk, Five Cyber Program Elements Financial Services Firms Must Cover To Stay Compliant, and more!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/SCWEpisode7
CISOs left in compromising position as organisations tout cyber robustness, Why Your Organization Needs an Innovation Ecosystem, How businesses can accelerate innovation, The Highest Performing Teams Have These 4 Mindsets, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode152
Scott Petry is the CEO of Authentic8. Scott Petry has been using the cloud to disrupt the information security market for nearly 20 years. He founded Postini in 1999, which pioneered the cloud-delivered service model for email security and content compliance. After Postini was acquired by Google, Scott remained as Director of Product Management for Google Enterprise. In 2010, he co-founded Authentic8, a secure virtual browser solution designed to address the inherent lack of security in the protocols the world uses to access the web. He graduated with a B.S. from San Diego State University.
To learn more about Authentic8, visit: https://securityweekly.com/authentic8
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode152
This site maintains quick links for checking End Of Life dates for various tools and technologies, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Website, Know Thyself: What Code Are You Serving? because it might have a, Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ASWEpisode85
On SCW this week, we talk about the 2019 Verizon Payment Security Report. We discuss Why is PCI Compliance Decreasing?, why is it decreasing?, what's missing?, and what needs to change?
Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode7
Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 3.0! With this release, Sysdig Secure is the industry’s first security tool to bring both threat prevention and incident response to Kubernetes.
To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode85
Payment Security Compliance Declines - 1 in 3 Companies Make the Grade, RMC Agrees to $3M HIPAA Settlement Over Mobile Device Encryption, How Emerging Technologies Are Disrupting the Banking Compliance Landscape, and much more!
Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode6
Two security researchers earned $60,000 for hacking an Amazon Echo, Amazon Kindle, Embedded devices Open to Code-Execution, This App Will Tell You if Your iPhone Gets Hacked, Two New Carding Bots Threaten E-Commerce Sites, and much more!
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627
They answer questions like what is a security program and what is a compliance program?, Aren't they the same thing?, What are some differences?, Where do they overlap or how should they work together?, Do they compete for the same budget?, and more!
Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode6
Bryson Bort (Founder and CEO of SCYTHE) will demonstrate how to safely simulate ransomware and a multi-staged APT with lateral movement in your production environment! How would your organization protect, detect and respond to a ransomware attack? Bryson is also announcing the availability of the SCYTHE marketplace where red teams can collaboratively build and share threats and modules to extend the SCYTHE platform while also sharing market intelligence on what enterprises are looking for in their assessments. To learn more about SCYTHE, visit: https://scythe.io/securityweekly
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627
As advancements have been made in technologies new surveillance tools have been designed giving those charged with protecting citizen’s additional opportunities to prevent crimes or identify those who have violated laws or policies. While innovation has introduced a variety of new platforms there remains a concern of if the implementation of them is ethical. Additionally, there are concerns that surveillance has been and continues to be unequally applied. Our guest for this segment is Dr. Kevin Harris, the Program Director for Information Systems Security and Information Technology Management at American Public University.
Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode627
Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions. There's an abundance of potential data sources that can be found within you network. Where should you look? Which data sources offer unique perspectives and value? How can you use these data sources to speed threat identification, understand scope and impact, and aide in remediation steps to minimize impact? This segment will include a brief demonstration of how commonly available data sources can be effectively leveraged by SecOps and NetOps teams. Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/ESWEpisode161
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.
Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode4