Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2021
Nov 11, 2021

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw94

Nov 10, 2021

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw94

Nov 10, 2021

In the Leadership and Communications section, The First 100 Days in A CISO’s Life — Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Down Cybersecurity's Hiring Problem, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw239

Nov 9, 2021

The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry friends. Suresh Balasubramanian Qualys CMO and Sara Griffith CISO at Euronet Worldwide will discuss the value of in-person cybersecurity events, how attending can reinvigorate teams, the benefits to sharing best practices with peers, and getting up to speed on the latest innovations in cybersecurity through conference presentations.

 

Segment Resources:

https://www.qualys.com/qsc/2021/las-vegas/

 

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw239

Nov 9, 2021

This week in the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw173

Nov 8, 2021

In this segment, Mike and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets.

 

This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw173

Nov 6, 2021

In the Enterprise Security News for this week: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer, HelpSystems acquires endpoint DLP vendor Digital Guardian, Crazy valuations, Questionable statistics, Analysts shine a doubtful light on Darktrace's value, Facebook gets all Meta on us, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw249

Nov 6, 2021

This week in the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw717

Nov 6, 2021

Traditionally, the red team has been seen as "fun and interesting", with blue team characterized as "all work, no play" in terms of cybersecurity career paths. Today we talk with Frank McGovern to explore the current state of blue teams and the importance of security policy. Not only has Frank been a practitioner his entire career, but he also built Blue Team Con, a labor of love designed to fill a significant gap in both the Chicago security events scene and across the wider cybersecurity events industry.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw249

Nov 5, 2021

Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. We've got a new container-based platform that is more flexible, more powerful, and more scalable than ever before. Join us to see how you can peel back the layers of your enterprise and make your adversaries cry!

 

Segment Resources:

https://securityonion.net

https://github.com/Security-Onion-Solutions/securityonion

https://securityonion.net/discuss

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw717

Nov 5, 2021

When it comes to detecting the next cyber breach, would your organization pass the test? Of course, in real life, you not only need to ace the practice exam – you need to test against the real threats. So when SE Labs recently conducted the industry’s first network detection and response (NDR) test against NSX NDR, they used a range of advanced persistent threats designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. And the result? VMware NSX Network Detection and Response (NDR) was able to detect every targeted attack and tracked each of the hostile activities that occurred during the attacks. Every. One.

 

Segment Resources: https://blogs.vmware.com/networkvirtualization/2021/10/vmware-achieves-industry-first-aaa-rating-for-network-detection-response-from-se-labs.html/

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/NDR-Solution.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-nsx-ndr-breach-response-test-report.pdf

 

This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw249

Nov 5, 2021

We've updated our script with all sorts of new features. The latest version uses the TOML configuration file format to store the vendor information and the credentials to test with. We'll focus on how to implement that as it's handy for all sorts of projects. We'll also cover some of the other updates, including testing protocols on different ports and better reporting.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw717

Nov 4, 2021

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ‘Great Resignation’), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality.

 

Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw93

Nov 3, 2021

More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break a deal. Kyle will break down key strategies to secure your small company with limited time and resources.

 

Segment Resources: https://podcasts.apple.com/us/podcast/secure-ventures-with-kyle-mcnulty/id1545294976

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw238

Nov 3, 2021

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ‘Great Resignation’), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality.

 

Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw93

Nov 3, 2021

This week, in the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support the New Hybrid Workplace, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw238

Nov 2, 2021

This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw172

Nov 1, 2021

Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems.

 

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw172

Oct 30, 2021

In our news segments, we often discuss and explore the ever-expanding vendor landscape. Funding rounds are getting huge, we're seeing upwards of 40 acquisitions each month - there's a lot of money and activity in the enterprise cybersecurity market. This is going to be a quarterly, recurring segment, in which we bring on a VC to provide an investor's point-of-view on all this activity. It's hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw248

Oct 30, 2021

This week in the Security News we talk: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw716

Oct 30, 2021

In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, A silicon valley entrepreneur wants to scan your eyes, All that and don't forget to stick around for the squirrel story on this episode of Enterprise Security Weekly!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw248

Oct 29, 2021

You may have seen the term "Incident Commander" in discussions about incident response, but do you know where that term came from and what it means? How can professionalizing your incident response using proven disaster management methodology up your game? Matt Linton is an experienced Emergency Responder and USA Region lead of Google's Security Response team. For the past decade he's been working on bringing the lessons learned from physical disaster management into the digital forensics and incident response realm.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw716

Oct 29, 2021

Use of encryption is on the rise: both by cyber defenders and the attackers they’re tasked to defend against. Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. ExtraHop’s Jamie Moles, Senior Technical Marketing Manager joins Enterprise Security Weekly to discuss the various techniques attackers are using to cover their tracks using encryption, addresses common objections about decryption, and makes the case for decryption as a path toward faster, more confident defense. Jamie shares a demonstration of how the ExtraHop Reveal(x) network detection and response platform securely decrypts network traffic in order to successfully halt a breach in progress.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw248

Oct 29, 2021

A good backup is not prevention. Its recovery. Roger A. Grimes, author of the just released Ransomware Protection Playbook (Wiley), and author of 12 other books and over 1100 articles on computer security is going to discuss how sophisticated ransomware is today, how it usually breaks in, what it does, and what every person and organization should be doing to stop it. Hint, it doesn’t involve firewalls, antivirus software, or any other super special software supposedly designed to stop every attack. Come get the straight dope in what you and your company should be doing to prevent ransomware from getting a foothold into your environment…from the guy that wrote the book on it.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw716

Oct 28, 2021

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world examples, and some real-life problems.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw92

1 « Previous 1 2 3 4 5 6 7 Next » 20