Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: March, 2021
Mar 31, 2021

The SCW hosts discuss Rafal Los' recent blog post "Vulnerability Management is Still a Mess" (https://blogwh1t3rabbit.medium.com/vulnerability-management-is-still-a-mess-27519ffcecc0). In the first segment, we will learn all about Rafal's cybersecurity background and why vulnerability management has not evolved in line with the technology.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw67

Mar 31, 2021

In the Leadership and Communications section, Being a CISO in 2021: How to Be a Business Leader in the Boardroom, Skills CISOs Need to Have in 2021, Build your cybersecurity A-team: 7 recruiting tips, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw211

Mar 30, 2021

NDR technologies such as ExtraHop are the latest tools in the CISO toolbox for combating cybersecurity threats. It enables previously unattainable speed and efficacy in detecting, identifying and responding to anomalies and malicious traffic and network events.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw211

Mar 30, 2021

Security and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of application security and application safety!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw145

Mar 29, 2021

The OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss what the plans are for the OWASP Top 10 2021, and when it will be released, and how you can get involved.

https://owasp.org/www-project-top-ten/

https://github.com/OWASP/Top10

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw145

Mar 28, 2021

Learn what redirects are, the different types, how they work and how they are exploited by attackers. Oh, also learn how to defend against redirect attacks!

Sven's Slide Deck - Open Redirects: https://securityweekly.com/wp-content/uploads/2021/03/Netsparker-Sven-Morgenroth-3-25-21-Open-Redirect.pdf

 

This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw688

Mar 27, 2021

This week in the Security News: Doom exploit wins an award, a puzzle honors Alan Turing, anyone can create a deepfake, Jabber bugs, unquoted service paths, Nim malware, Deadly sins of secure coding, & are we living in the toughest time of Cybersecurity?

 

Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class

 

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw688

Mar 27, 2021

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vulnerabilities in the programs themselves, it is unlikely to happen any time soon. That’s why patching vulnerabilities quickly is important, yet even when patches are available, companies often fail to patch promptly. We’ll discuss barriers companies face that delay patching and Qualys’ experience with creating free services that help companies detect specific vulnerabilities and patching remotely for events like the SolarWinds and Microsoft Exchange incidents. The session will include a brief demo of Qualys free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.

This segment is sponsored by Qualys.

Visit https://securityweekly.com/qualys to learn more about them!

Show Notes: https://securityweekly.com/psw688

Visit https://www.securityweekly.com/psw for all the latest episodes!

Mar 26, 2021

This week in the Enterprise News, Funding announcements from Security Scorecard, Secureframe, Axis Security, Orca, Cylera, and Vulcan Cyber. A non-funding announcement from Thinkst. Fortinet aquires ShieldX, VMware acquires Mesh7 and Copado aquires New Context. Knowbe4 files for IPO. Exabeam Launches First-ever Comprehensive Use Case Coverage, Linksys and Fortinet form an interesting partnership, Sonatype targets a more secure software supply chain with a 5-part announcement, CTO.ai Launches Serverless Kubernetes Platform and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw221

Mar 26, 2021

Jarrett Rodrick and Tyler Wall's new book, "Jump-start Your SOC Analyst Career," is meant to serve as a roadmap for those who wish to take their first steps into cyber security/SOC analyst. We discuss topics like introduction to investigative theory, prerequisite skill requirements, and cloud security monitoring. We included stories from real SOC analyst contributors to help the reader understand what challenges might lie before them. The book is available on Amazon: https://www.amazon.com/Jump-start-Your-Analyst-Career-Cybersecurity/dp/1484269039

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw221

Mar 25, 2021

- What security features does Heroku offer that the customer can control and how have these evolved over time? - How do you balance the security of the application, with the security of the deployment, with the security of the platform? - What are some tips and/or advice for deploying applications and keeping them secure during the lifecycle? (e.g. as a developer I may run applications in a secure environment, but then down the line someone runs my container with --privileged and exposes a security hole). The goal being our audience learns what to consider when choosing a platform (or platforms) to run applications from a security perspective.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw221

Mar 25, 2021

The conversation continues as the PlexTrac team, Dan DeCloss & Shawn Scott, demonstrate how PlexTrac can tackle compliance (among other things)!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw66

Mar 24, 2021

This week, Jeff, Liam Downward, Scott, & Josh talk PCI with Dan DeCloss and Shawn Scott from PlexTrac!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw66

Mar 24, 2021

In the Leadership and Communication Segment, 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business, 3 Key Tasks That Help Me Work Way Less and Accomplish More, Everything You Need to Know About Dictionary Attacks, Is Misinformation Slowing SASE Adoption, & more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw210

Mar 23, 2021

How to incorporate security into your existing medical device development process, What artifacts need to be created, & Security activities that are new.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw210

Mar 23, 2021

In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw144

Mar 22, 2021

Security is struggling to keep up with securing modern web applications and the fast pace of wild web hacks. Detectify is building automated app scanners that can think like a hacker and shorten vulnerability detection time down to minutes and hours, whilst helping ethical hackers do bug bounty/disclosures in a scalable way.

 

This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw144

Mar 21, 2021

The first episode of Security Weekly's podcast mini-series with PlexTrac "Getting the Real Work Done in Cybersecurity" starts with PlexTrac's bread and butter, Purple Teaming! The group - along with special guest Bryson Bort of SCYTHE - discuss the ins and outs of purple teaming. Topics covered on the show include the importance of collaboration within your security team, the idea of a milestone-based approach to security, purple teaming engagements, and much more.

 

This segment is sponsored by Plextrac. Visit https://securityweekly.com/plextracseries to learn more about them!

Visit https://www.securityweekly.com/series to view the entire PlexTrac Mini Series!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw687

Mar 20, 2021

In the Security News, If software got a security grade, most would get an F, SolarWinds hackers got some source code, new old bugs in the Linux kernel, hack stuff and get blown up, stop hacking "beer", weekly Chrome zero day, Mirai lives, long live Marai, how attackers could intercept your text messages, and rigging the election, the Homecoming Queen election that is.

 

Register to attend Joff Thyer's upcoming Wild West Hacking Fest course "Enterprise Attacker Emulation and C2 Implant Development": http://bit.ly/JoffsC2Class

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw687

Mar 20, 2021

Dan will run through some customer testimonials on how they are using Plextrac effectively to get the real work done in security! This segment is sponsored by PlexTrac.

 

Visit https://securityweekly.com/plextrac to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw687

Mar 19, 2021

Ilia Kolochenko, founder of ImmuniWeb, joins Paul and Adrian to discuss the challenge of discovering and handling exposed data and vulnerabilities before the bad guys do.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw220

Mar 19, 2021

This week in the Enterprise Security News: funding announcements from Coalition, HeraSoft, Cowbell Cyber, Argon, Cynet, Docker, and Cyware. Sonatype Acquires MuseDev, Sumologic Acquires DF Labs, Acronis acquires Synapsys, Lookout grabs CipherCloud and a cybersecurity SPAC. Kasada announces some new features to its bot detection offering, Rapid7 introduces an agent for CloudFront, Aqua supports ARM, and Chris Roberts joins Cynet, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw220

Mar 18, 2021

Ron joins us to cover various aspects of investing, including how to give the right pitch, what enterprises should be looking for in new technologies, are you 5% or amazing tech? Ron is also championing a new concept called data care and has launched his own podcast, Gula Tech Cyberfiction, in addition to some outstanding cybersecurity grants.

 

Gula Tech Foundation Grant Program - Data Care: https://www.gula.tech/foundation/

Gula Tech Non-Profits: https://www.gula.tech/projects/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw220

Mar 18, 2021

We're letting Priya have the bulk of the time to discuss what's on her mind in terms of legal implications of security & compliance news and events.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw65

Mar 17, 2021

We're excited to have Priya Chaudry with us today, so we are going to focus our discussion on news and events with legal implications (or the legal implications of news and events)! For starters, the U.S. Cyber Command recently held a virtual edition of its 2021 Legal Conference. The annual conference explores current law and policy issues related to offensive and defensive cyberspace operations.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw65

1 2 3 Next »