Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: September, 2023
Sep 29, 2023

This week, we changed things up a bit for the news segment and Allie Mellen joins us as a surprise guest host! We discuss Cisco's Splunk acquisition and what it means for Splunk customers, and "The Blob" - Allie's term describing the negative forces responsible for much of the overhyped marketing, silly trends, and substandard products we see in the industry.

Segment Resources:

Allie's blog on Cisco/Splunk:  https://www.forrester.com/blogs/splunk-is-good-for-cisco-but-cisco-needs-to-convince-splunk-customers-that-cisco-is-good-for-them/

Allie's blog on The Blob:  https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/

Show Notes: https://securityweekly.com/esw-333

Sep 29, 2023

This week Dr. Doug talks: NarcBots, Blacktech, ZenRat, Chrome, CISO Churn, lots of privacy issues, Aaran Leyland, will Dr. Doug drink the Y3K Special Edition Coke? And more on this edition of the Security Weekly News!

Show Notes: https://securityweekly.com/swn-329

Sep 29, 2023

The concept of Edge computing has evolved over the years and now has a distinct role alongside public cloud. Theresa Lanowitz, from AT&T Cybersecurity, and Chris Goettl from Ivanti join us to discuss what edge computing means for the market and for cybersecurity. Specifically, we'll discuss how:

  • Strong use cases in the market today for edge computing
  • Security's role in edge computing, as a relative newcomer to part of the broader planning process
  • Edge computing requires new thinking about security because of its distributed nature

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

Show Notes: https://securityweekly.com/esw-333

Sep 28, 2023

We ALL use SaaS. It has become ubiquitous in both our personal and professional lives. Somehow, the SaaS Security market has only recently began to emerge. Today's interview with Yoni Shohet, co-founder and CEO of Valence Security, aims to understand why it has taken so long for SaaS Security products to come to market, what that market currently looks like, and what a SaaS Security product actually does.

Show Notes: https://securityweekly.com/esw-333

Sep 28, 2023

Just what are the right skills to have or acquire to work in cybersecurity today? Kayla and the Security Weekly crew talk about it in this segment. We also touch on why we get burnt out and how to avoid it, all in anticipation for SOC Analyst Appreciation Day!

This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more about them!

Show Notes: https://securityweekly.com/psw-800

Sep 28, 2023

This week, First up its the Security News: libwebp or die: we unravel some of the details behind the webp vulnerability first fixed by Apple and Google, then, hopefully by everyone else, attackers can steal your pixels using your GPU, someone cough China cough has been hacking Cisco routers, Kia boys are still a problem, How the Cult of the Dead Cow plans to save the internet, how iOS updates could break glucose monitors, spamming the CVE database, and when a medium is really a high!

Show Notes: https://securityweekly.com/psw-800

Sep 26, 2023

A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security).

Show Notes: https://securityweekly.com/asw-256

Sep 26, 2023

The Year 3000, Sandman, ShadowSyndicate, National Student Clearing House, Apple, Predator, Xenomorph, Mixin, More News, and Jason Wood on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-328

Sep 26, 2023

Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline.

Segment resources:

Show Notes: https://securityweekly.com/asw-256

Sep 26, 2023

This week in the leadership and communications section: building a feedback-driven culture, letting go of the reins, 25 hard-hitting lessons from 17 years in cybersecurity, and more!

Show Notes: https://securityweekly.com/bsw-321

Sep 25, 2023

In this episode, we interview Jake Wilson, Western Governor University's Security Awareness Evangelist. We'll learn about how he built up and matured WGU's security awareness program, eliminating blind spots, and improving efficacy through data analysis and better reporting.

This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

Show Notes: https://securityweekly.com/bsw-321

Sep 22, 2023

This week we talk about finding, acquisitions and the state of the market. If you're interested in cybersecurity market discussion, this is the episode for you.

We also discuss what makes a cybersecurity influencer.

Show Notes: https://securityweekly.com/esw-332

Sep 22, 2023

This week on the Security Weekly News: Passkeys, bots, hotels, conning the con, TrendMicro, Pizza, Aaran Leyland, & more!

Show Notes: https://securityweekly.com/swn-327

Sep 22, 2023

If you've ever played Dungeons & Dragons, you probably know that the quality of the experience depends on how prepared, experienced, and talented the Dungeon Master is.

Today, we'll talk to InfoSec DM and practitioner extraordinaire Ryan Fried about some of the key elements that separate a good cybersecurity tabletop exercise from a bad one! This is literally his day job at Mandiant, and it doesn't hurt to have one of the world's largest libraries of attacker TTPs and the collective lessons learned from thousands of actual incident response experiences.

Show Notes: https://securityweekly.com/esw-332

Sep 21, 2023

Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research director, Merritt Maxim, will walk us through the report's most interesting insights and highlights. This is going to be considerably interesting considering some of this year's trends impacting security teams:

  • An economic downturn, resulting in layoffs and budget freezes
  • The widespread proliferation of generative AI technology
  • The relentless and resilient nature of cybercrime, despite some notable law enforcement wins
  • Ongoing discussion about the role and relevance of SOCs, CISO's, as well as the security department place in today's enterprise
  • Increased enterprise reliance on SaaS and Cloud, as vendors and service providers continue to struggle with securing their products and services

Show Notes: https://securityweekly.com/esw-332

Sep 21, 2023

In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors again, deep down the rabbit hole, the buffer overflow is in your BIOS!, what is 345gs5662d34?, a cone is all you need, we are compliant because we said so but we lied, 10 years of updates, Microsoft looks at ncurses and finds bad things, they also lost 38TB of data (Microsoft that is), when MFA isn’t really MFA, China and Russia are cyber attacking things, and MGM and Caesars are in hot water, All that and more on this episode of Paul’s Security Weekly!

Show Notes: https://securityweekly.com/psw-799

Sep 21, 2023

Nathan comes on the show to discuss LLMs, such as ChatGPT, the issues we face today and in the future. Learn about prompt injection attacks, jailbreaking, LLMs for threat actors, and more!

Show Notes: https://securityweekly.com/psw-799

Sep 19, 2023

A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more!

Show Notes: https://securityweekly.com/asw-255

Sep 19, 2023

The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this discussion, Karl Triebes shares how flaws in business logic design can leave applications and APIs open to attack and what tools organizations need to effectively mitigate these threats.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

Show Notes: https://securityweekly.com/asw-255

Sep 19, 2023

SprySocks, Lazarus, Fortinet, Juniper, CISA, Transparent Tribe, AI Art, More News, and Jason Wood on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-326

Sep 19, 2023

In the leadership and communications section, Board Members Struggling to Understand Cyber Risks, Cybersecurity Goals Conflict With Business Aims, Navigating Change: The Essence of Agile Leadership, and more!

Show Notes: https://securityweekly.com/bsw-320

Sep 18, 2023

Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting.

Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

Show Notes: https://securityweekly.com/bsw-320

Sep 15, 2023

In this news segment, we start off by discussing funding, acquisitions, and Ironnet's unfortunate demise. We discuss Gmail's new, extra verifications for sensitive actions and Lockheed Martin's Hoppr SBOM and software supply-chain utility kit. We get into CISA's roadmap to help secure open source software, and their offer to run free vulnerability scans for the United States' 150,000+ water utilities. Then, discussion turns back to some more negative items with Brazil's self-inflicted $11 billion dollar data leak, and the MGM/Caesar's ransomware attacks, which seem like they could have a common attacker and initial attack vector (a shared IT support company, perhaps). We also discuss Microsoft's post mortem on the Storm-0558 attack. Kelly Shortridge wants to know, "why are you logging into production hosts", someone is submitting garbage CVEs, and Mozilla finds that privacy policies from auto manufacturers are a privacy TRAIN WRECK. Finally, we wrap up discussing tools that can detect deepfake audio, as well as the likelihood that this will be the start of a game of leapfrog, as deepfakes get increasingly better over time. And we discuss Delphi's offer to create a 'digital clone' of you that could live on forever, haunting your descendants.

Show Notes: https://securityweekly.com/esw-331 

Sep 15, 2023

Cyberdog, Pegasus, Webex, Peach Sandstorm, SAP, Caesar, Penn State, Aaran Leyland, and More News on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-325 

Sep 15, 2023

We talk to Chris Sanders today, who has been steeped in the world of SecOps and detection/response for many years. After many years of writing books and training folks in the cybersecurity industry, he started delving into cognitive psychology and educational effectiveness. He leverages this knowledge in the training classes he builds and delivers. Today we'll discuss why it seems like defenders are still failing, despite the security industry largely (and arguably) receiving the resources it has been requesting.

Show Notes: https://securityweekly.com/esw-331 

1 2 Next »