What are some best practices for preparing for a security incident? David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security incident and how to develop a communications plan that's simple and effective.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw207
This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw141
In looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for. Plus, we highlight how doing security right also means shifting left in terms of addressing security issues in the design phase. And throughout all this is the importance of being able to communicate security principles and how your design and testing reduces risk.
Register for the DevSecOps eSummit for which Ted will be a panelist: https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=5673DA7C-B8C2-4A3E-B675-C6BBF45DC04F
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw141
This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money!?!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw684
Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughter from being trafficked. Bryan will then explain what he does with Cyemptive, his day job.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw684
Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new book is available on Amazon: https://amazon.com
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw684
The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs' Ganesh Pai and Amit Malik explore the MITRE ATT&CK framework, its ongoing value for analysts AND future plans to extend ATT&CK to cloud and containers. They'll also show how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations in the Uptycs Security Analytics Platform.
This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw217
The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our global community due to insecure information systems. Effective security operations rely on monitoring your data and being prepared to defend yourself and your organization. Chris will explain why he believes that the classic SOC will move, over the next few years, to MSSPs and how to be ready when threats are detected.
Download the report: https://soc-survey.com/
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw217
This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, & Strata Identity! In the Acquisition news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket Cyber, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw217
The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat?
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw62
Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw62
In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw206
Dutch Schwartz, Cloud Security Strategist at AWS, discusses cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw206
This week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw140
Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference.
This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them!
To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw140
“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He’ll provide an overview of the vulnerability and then dive into a technical discussion of the research.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw683
This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left in millions of IoT devices, A 'Simple And Yet Robust' Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft’s Remote Desktop Web Access Vulnerability, & more!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw683
In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an "apt upgrade" (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (*cough* Solarwinds *cough*), you have to trust it, but to what degree? Tune in to find out more!
This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscaler to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw683
Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw216
HD has been focused on research related to network discovery and IT asset inventory for the past three years. This work has led to new techniques for device fingerprinting and topology mapping that show enterprise networks in an entirely new light. He will walk through some visualizations of public IP networks (all of Greece, Iceland, etc.) and highlight the weird and unexpected stuff you can find through clever unauthenticated scans.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw216
A new Open-source tool helps discover public Azure blobs, A New Eclypsium Integration with Kenna.VM, Armis Raises $125 Million, Okta launches its new open-source design system, Enterprise selfie biometrics solutions from Ping Identity, Bitglass announces technical integrations between SD-WAN providers and its SASE offering, Cisco AppDynamics strengthens security posture, RSA NetWitness Detect AI claims to provide advanced analytics for actionable threat detection, Jetstack Secure delivers protection and visibility of machine identities, Obsidian SaaS security solution now available on AWS Marketplace, and SentinelOne Acquires Scalyr, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw216
Our co-host, Priya Chaudry will enlighten us on several other topics of interest to our community. There might be a mention of Solarwinds, Southwest Airlines, HIQ Labs, and more.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw61
We welcome our resident legal expert and co-host Priya Chaudry to catch us up on the status of the Supreme Court case concerning the Computer Fraud and Abuse Act (CFAA) and some other legal topics.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw61
In the leadership and communications section, 9 Steps for Effective Cybersecurity Risk Management, The Big 8: How to heighten cybersecurity governance, 7 Super Bowl rings for Tom Brady, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw205
Ben Carr, Global Chief Information Security Officer at Qualys, steps in last minute to talk about his transition from Aristocrat to Qualys and the evolution of the CISO role.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw205