Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2020
Oct 7, 2020

Parham Eftekhari provides an overview of the Cybersecurity Collaborative and why the nation's top CISOs are rediscovering the power of true peer-to-peer collaboration.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw190

Oct 6, 2020

In the Leadership and Communications section, What it takes to be a transformational CISO, Put Your Metrics Where Your Mouth Is, 5 Simple Ways to Make Better Decisions, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw190

Oct 6, 2020

DOMOS 5.8 - OS Command Injection, 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies, Google sets up research grant for finding bugs in browser JavaScript engines, Announcing the launch of the Android Partner Vulnerability Initiative, and more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw124

Oct 5, 2020

Developers are at the center of properly securing applications. A large number of security issues bury developers. We must understand the things every developer must know about security in order to help them. We must practice developer empathy, walking a mile in their shoes.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw124

Oct 3, 2020

In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

Oct 2, 2020

Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

Oct 2, 2020

Paul will discuss his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

Oct 1, 2020

There was a pretty extensive discussion on the Discord server during last week's show that we thought was appropriate to discuss on air. Josh kicked off the discussion by asking, "Anybody know any vulnerability remediation timeline guidance? Formalized, scientifically based stuff?" Josh further clarified, "just trying to find the science behind why and when I should give a crap about vulnerabilities". He finally stated, "I am troubled by the lack of empirically based standards of remediation timing, remediation prioritization, remediation adjustment/offsets based on compensating controls." This launched a multi-threaded conversation that touched on vulnerability management, how to pass various compliance audits/assessments, the many vendors that have latched on to "prioritization" of vulnerabilities, or simply "Risk-Based Vulnerability Management". Of course, PCI became a focal point for much of the discussion because of the mention of vulnerability management, compensating controls, remediation timing, etc. - all of which is addressed within the PCI DSS (despite what Quadling thinks). We're going to try to find consensus on the problem, possible solutions (based on recognized sources), and provide advice.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw45

Sep 30, 2020

Do we know where our sensitive data is located? Is the system that hosts this data free from vulnerabilities, and is it securely configured? How do we assign accountability through mitigation plans to meet compliance mandates?

 

This segment is sponsored by CYRISMA. Visit https://securityweekly.com/cyrisma to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw45

Sep 30, 2020

In the Leadership and Communications section, 6 types of CISO and the companies they thrive in, What are the habits of highly effective CISOs, Cybersecurity is Not a Four-Letter Word, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw189

Sep 29, 2020

What makes MDR different from MSSP? What makes a good MDR provider? How do you decide to build your own capabilities, hire an MSSP or ally with an MDR?

 

This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw189

Sep 29, 2020

6 Things to Know About the Microsoft 'Zerologon' Flaw, You can bypass TikTok's MFA by logging in via a browser, Instagram RCE: Code Execution Vulnerability in Instagram App for Android and iOS, Shopify discloses security incident caused by two rogue employees, and Microsoft Advances DevOps Agenda!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw123

Sep 28, 2020

There's a big difference between finding vulns and securing apps. When we hear the phrase "shift left", what are we actually shifting? Maybe there's something more that security can learn when we look at the vulns popularized by the OWASP Top 10 and the major breaches DevOps teams are dealing with in cloud environments.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw123

Sep 25, 2020

Data breaches and insider threats are happening, even with costly and complex data protection programs in place. A reimagined approach to data security needs to be taken.

 

This segment is sponsored by SecureCircle. Visit https://securityweekly.com/securecircle to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw200

Sep 25, 2020

As attackers grow increasingly sophisticated, artificial intelligence (AI) and machine learning (ML) applications in cybersecurity are no longer a “nice to have.” But after years of being tossed around as a buzzword, it’s time to demystify AI/ML to expose how far the technologies have come and how they can keep your business secure if leveraged correctly. We discuss what the terms mean, why they’re critical for cybersecurity, and how/when to apply different types of AI/ML (including supervised, unsupervised, and deep learning) appropriately.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw200

Sep 24, 2020

ExaGrid releases version 6.0 with Time-Lock for Ransonware Recovery Feature, Microsoft overhauls 'Patch Tuesday', Palantir to begin New York trading on September 30th, Accenture acquires SALT Solutions to build cloud-based industrial IoT platforms, and Code42 Incydr: A cloud-native product that mitigates insider data exposure and exfiltration!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw200

Sep 24, 2020

Priya and the SCW hosts take a look at the upcoming Supreme Court case that could potentially redefine or redirect the scope of the Computer Fraud and Abuse Act (CFAA).

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw44

Sep 23, 2020

Tax season happens once a year but audit preparation can happen multiple times per year for most companies dealing with SOC 2, HIPAA, ISO 27001, PCI, and more. Manual evidence collection, user access reviews, mapping controls to policies to frameworks; it's no wonder PTO time usually comes right after the audit period. Let's talk about how to really use automation within your existing systems to streamline audit preparation and reduce the manual work for your security, engineering, and legal teams.

 

This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw44

Sep 23, 2020

Michael Santarcangelo and Sam Estrella join us for this special segment to discuss the anatomy of an acquisition. A listener request, Michael will walk us through the Security Weekly acquisition by CyberRisk Alliance to understand the key criteria, processes, and challenges of an acquisition, especially during COVID-19.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw188

Sep 22, 2020

Corey Thuen, the founder of Gravwell, will join us to discuss how to drive better decision making. Context and collaboration are key, but only if you have the data. Gravwell allows the collection of unlimited data to power your business.

 

This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw188

Sep 22, 2020

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw122

Sep 21, 2020

Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that app logs contain the information needed for teams to collect useful signals and make informed decisions.

 

This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw122

Sep 20, 2020

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw667

Sep 19, 2020

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It's a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack.

 

This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw667

Sep 19, 2020

BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiatives. BSIMM11 reflects the software security practices observed across 130 firms from industries such as finserv, independent software vendors, cloud and healthcare.

 

This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw667

1 « Previous 3 4 5 6 7 8 9 Next » 22