Most leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that will let you emulate that leader. Or the lesson of book should have been written as a tweet: in 280 characters you could have learned one lesson, but instead you have to fight through 300 pages of obfuscation to decipher the lesson.
1% Leadership is the antidote to these approaches. There is no secret. Instead, 1% Leadership provides 54 distinct lessons on leadership, that apply to individuals, teams, and organizations. Each lesson is presented in a self-contained chapter, averaging under 800 words. The lessons are summarized in a tweet-length pithy summary, which is also the chapter title. The table of contents thus serves as a quick reference guide for leaders.
Segment Resources: csoandy.com/book/
Show Notes: https://securityweekly.com/bsw-329
From Russia With Love, come Doug and Russ, doing a segment on spying! Not the 007 spying, but spying when it comes to cyber warfare.
Show Notes: https://securityweekly.com/vault-swn-6
High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry?
Show Notes: https://securityweekly.com/vault-esw-5
Brian Snow spent his first 20 years at NSA doing and directing research that developed cryptographic components and secure systems. Many cryptographic systems serving the U.S. government and military use his algorithms; they provide capabilities not previously available and span a range from nuclear command and control to tactical radios for the battlefield. He created and managed NSA's Secure Systems Design division in the 1980s. He has many patents, awards, and honors attesting to his creativity.
Show Notes: https://securityweekly.com/vault-psw-5
Russ runs the show solo with the absence of Dr. Doug to talk about Travel Security! He explains different aspects such as Personal Security, Asset Security, and Digital Security! Traveling is a lot of fun, but also requires a lot of responsibility. Don't be intimidated, use common sense, adhere to all of the points we mentioned above, stay away from problem areas, and we ensure you’ll have a great time!
Show Notes: https://securityweekly.com/vault-swn-5
We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.
Segment Resources:
Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/
Show Notes: https://securityweekly.com/vault-bsw-5
Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security.
Segment Resources:
https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/
https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/
https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal
Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png
Show Notes: https://securityweekly.com/vault-asw-5
Finally, in the enterprise security news,
Show Notes: https://securityweekly.com/esw-340
Cashwarp vs. Reptar, Rackspace, BlackCat, Intel, AMD, Bots and more bots, Aaran Leyland, and More News on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-343
We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.
This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.
Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.
In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.
Segment Resources
Show Notes: https://securityweekly.com/esw-340
Cybertruck, Solarwinds, Bitcoin, Docker, Ducktail, Experian, More News and Jason Wood, on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-342
Once again, Theresa Lanowitz joins us to discuss Edge Computing, but with a twist this time, as Mani Keerthi Nagotu from SentinelOne joins us as well! As a field CISO, Mani knows all too well the struggles security leaders are going through, given the current market and threat landscape:
Segment Resources
This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!
Show Notes: https://securityweekly.com/esw-340
In the Security News: SSH under attack, IoT routers have vulnerabilities, the BLE Spam attacks still work against iPhones, there is a longer story behind BLE spam, and Larry is one of the stars, denial of pleasure via BLE, vulnerability disclosure and your blob is showing, the half-day watcher, tapping into cameras, 50 shades of vulnerabilities, Nuclear decay as a random number generator, cachewarp, reptar, attacking Danish critical infrastructure, you can’t patch a house of cards (and your bitcoin may be at risk), All that and more on this episode of Paul’s Security Weekly!
Show Notes: https://securityweekly.com/psw-807
Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control of user permissions, secure your cloud computing, and keep your customers and their users safe.
Show Notes: https://securityweekly.com/psw-807
CNCF's releases a handbook on fuzzing, OpenSSF and OWASP respond to CISA's Open Source Software Security RFI, 14 years of Go, lessons for today from an internet worm from 35 years ago, and more!
Show Notes: https://securityweekly.com/asw-263
In the rapidly evolving landscape of application security, 2023 brought significant changes with the rise of generative AI tools and an increase in automated threats. In this discussion, Karl Triebes takes a deep dive into the major trends of the past year, examining their impact on the industry and shedding light on what security professionals can anticipate moving forward into 2024.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Show Notes: https://securityweekly.com/asw-263
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?
In part 2, we get our hands dirty by walking through ways to quantify cyber risks in business terms. What risks are truly worth mitigating vs. accepting or transferring? And if we do mitigate them, how do we track progress and impact?
Show Notes: https://securityweekly.com/bsw-328
Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?
In part 1, we discuss the challenges of cyber risk management and quantification. Do risk scores really work? What do CEOs and Boards really need to understand cyber risks?
Show Notes: https://securityweekly.com/bsw-328
During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds.
We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.
Show Notes: https://securityweekly.com/esw-339
Fakes, Sysaid, Sumo, farnetwork, CPU-Z, Google, Chat-GPT, Aaran Leyland, and More News on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-341
We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for?
Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future.
Show Notes: https://securityweekly.com/esw-339
Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today.
Show Notes: https://securityweekly.com/esw-339
Do people still use mainframes? IoT and firmware security, Apple Find my, Bluetooth is the gift that keeps on giving, to hackers that is, and more!
Show Notes: https://securityweekly.com/psw-806
Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you!
Show Notes: https://securityweekly.com/psw-806
Details of the Citrix Bleed vuln, exploitation of the Atlassian improper authorization vuln, so many jQuery installations to upgrade, the price of bounties and the cost of fixes, Microsoft's Secure Future Initiative, and more!
Show Notes: https://securityweekly.com/asw-262