Baber Amin is the CTO West at Ping Identity. Security has always been perimeter centric with an "US" vs "THEM" approach. Multiple factors are forcing a change to this design pattern, and exposing it's shortcomings. The concept of "zero trust" is really a concept of "defense in depth" applicable when our perimeters are ephemeral and fluid.
To learn more about Ping Identity, visit: https://securityweekly.com/ping
STEALTHbits releases StealthDEFEND 2.2, its real-time threat detection and response platform, Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration, Aqua Security buys CloudSploit to expand into cloud security posture management, and much more!
What does your business need to know about the California Consumer Privacy Act (CCPA)?, California AG: No CCPA Safe Harbor for GDPR Compliance, Canada data breach tally soars since new privacy laws arrived, Marijuana Compliance and the quandary for brokers and dealers, and much more!
Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.
Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and much more!
5 questions with Cisco's CISO, The CIO role, from IT operator to business strategist, Making the case for integrated risk management, Gartner's strategic tech trends for 2020: Part 1, augmenting skills, and much more!
Mike, Matt, and John talk about security testing.
Josh Marpet and Scott Lyons perform interviews at 2019 NACD Blue Ribbon Commission Initiative.
This week, we discuss part 1 on how Artificial Intelligence and Machine Learning can be used for Compliance, including:
- What is Artificial Intelligence (AI) and Machine Learning (ML)?
- What are the roles of AI/ML for Compliance?
- Example: Gaming
Brendon Macaraeg is the Sr. Director of Product Marketing of Signal Sciences. Focus on the people, processes and tools a dev team needs to put an effective security program in place. Discuss how to improve listener's current program and tooling to develop, release secure code and proactively protect their apps in prod. Four potential key tactics or areas to cover.
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
PwC's 2019 Annual Corporate Directors Survey, What is the Board's Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance, and 5 Updates from PCI SSC That You Need to Know.
In the Security News, Who is responsible for Active Directory security within your organization?, Apple publishes new technical details on privacy features, How to ensure online safety with DNS over HTTPS, Amazons Ring Video Doorbell could open the door of your home to hackers, and much more!
Kevin Finisterre is a Co-founder of Arcade Hustle. Josh Valentine is a Co-founder of Arcade Hustle. Josh and Kevin have spent the last year immersing ourselves in arcade platforms, games, and cabinets. There is quite a bit of cross over into the traditional security scene. There is even more to learn in the subtle differences of how each scene handles. We'd like to talk about our project Arcade Hustle, and the things we've learned during our into to the arcade scene.
Peter Smith is the Founder & CEO of Edgewise.
Tim Callan is the Senior Fellow at Sectigo. Quantum computing and what its arrival means for IT, traditional computing and infosecurity. TC expects that both architectures will live side by side, with traditional computing serving most tasks and quantum computing being employed for the specific operations where it offers improved efficiency. He will discuss expected outcome of quantum computing is that the world’s existing cryptographic infrastructure will have to change in a fundamental way and future encryption platforms need to be resistant to attacks not just from quantum computers but traditional computers as well.
Adrian is an Advocate at Thinkst, the company behind the awesome and much loved Thinkst Canary. A former practitioner, PCI QSA, penetration tester, industry analyst and entrepreneur, he has explored many angles of the security industry, attempting to understand what makes it tick and what makes it fail. Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the industry, tell stories and still sees the glass as half full.
In the news, talking about how Trustwave offers threat detection and response for Microsoft Azure, LogRhythm offers migration service to Splunk customers to address security challenges, CrowdStrikes Falcon security platform lands on AWS, and how GitLab plans to ban hires in China and Russia due to espionage concerns!
Balancing the Company’s Needs and Employee Satisfaction, Why Successful People Wear The Same Thing Every Day, What industry gets wrong about cyber insurance, and much more!
New York’s Breach Law Amendments and New Security Requirements, Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability, Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients, Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches, The Human Factor of Cyber Security, and much more!
Jeff Man, Scott Lyons, Josh Marpet, and Matt Alderman talk about PCI and how it affects the state of the union.
Alexander Niejelow is the Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard. The Cybersecurity Talent Initiative is the first-of-its-kind public-private partnership aimed at recruiting and training a world-class cybersecurity workforce. The program is a selective opportunity for students in cybersecurity-related fields to gain vital public and private sector work experience and even receive up to $75,000, inclusive of tax, in student loan assistance.
Henry Harrison is the CTO of Garrison. A contrarian in the security industry, Henry Harrison of Garrison believes the only way forward is to implement security on the foundational level through Hardsec. An evangelizing approach that emerged out of research and development from the UK’s national security, hardsec relies on hardware security executed through the use of non-turing machines digital logic – chips that are too dumb to be hacked – to eliminate cyber threats. This moves away from the generic chip sets and advocates for a more unique and specialized chip set for devices where security is paramount. During this conversation, Henry can talk about this approach and what it would take for it to become widely adopted.
Stable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awareness: Why Tools Can't Replace People, and much more!
Important security notice about your DoorDash account, How PCI DSS compliance milestones can be a GDPR measuring stick, Companies vastly overestimating their GDPR readiness, only 28% achieving compliance - Help Net Security, When Compliance Isn't Enough: A Case for Integrated Risk Management, and much more!
We interview Daniel Lowrie, who is an Edutainer at ITProTV and Justin Dennison, who is also an Edutainer at ITProTV. Dan and Justin talk about how to bridge the gap between a developer and security. Developers are faced with the challenges of working under pressure to get things done quickly, often overlooking securing their code. We'll discuss the strategies to capture interest while addressing common pitfalls.