Info

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: September, 2024
Sep 30, 2024

The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.

Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:

  • Blocking Untrusted Software,
  • Ringfencing™ Applications, and
  • Dynamically Controlling Network Traffic

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/bsw-366

Sep 28, 2024

In the Enterprise News, the hosts discuss various trends and challenges in the cybersecurity landscape, including the evolution of terminology, funding trends, the emergence of new startups, and the impact of AI on security practices. They also explore the challenges faced by CISOs, the importance of humor in the industry, and the future of quantum readiness. The conversation highlights the need for clarity in cybersecurity messaging and the potential for consolidation in the market.

Show Notes: https://securityweekly.com/esw-377

Sep 27, 2024

We've been hearing a lot lately about how the talent gap in cybersecurity is much more complex than some folks have been making it out to be. While making six figures after going through a six week boot camp might be overselling the cybersecurity job market a bit, it is definitely a complex space with lots of opportunities.

Fortunately, we have folks building passion projects like My Cyber Path. When Jason transitioned into cyber from the military, he took note of the path he took. He also noticed how different the path was for many of his peers. Inspired by NIST NICE and other programs designed to help folks get a start in cyber, he created My Cyber Path.

My Cyber Path has a very organized approach. There are 12 paths outlined, which fall into 4 main areas. After taking a personality test, this tool suggests the best paths for you. Hmmm, this sounds a lot like the sorting hat in Harry Potter, and there are 4 "houses" you could get put into... coincidence?

Segment Resources: My Cyber Path has a free account where people can get matched to a cybersecurity work role based on their interests and personality traits and get access to free areas in the platform without having to save a credit card.

Show Notes: https://securityweekly.com/esw-377

Sep 27, 2024

Passwords, CUPS, KIA, Gilbert Gottfried, Salt Typhoon, Rob Allen from ThreatLocker, and More on the Security Weekly News.

Segment Resources: https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

Show Notes: https://securityweekly.com/swn-417

Sep 27, 2024

The SIEM market has undergone some significant changes this summer. This is a great opportunity to talk about the current state of SIEM! In this conversation, we'll discuss:

  • market changes and terminology: security analytics, data lakes, SIEM
  • what is SOAR's role in the current SIEM market?
  • machine learning and generative AI's role
  • strategies for implementing a SIEM
  • common mistakes that still lead to SIEMs becoming shelfware
  • and much more!

Both Seth and Adrian have a long history when it comes to SIEMs, so this conversation will be packed with anecdotes, stories, and lessons learned!

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

Show Notes: https://securityweekly.com/esw-377

Sep 26, 2024

Kayla Williams, Chief Security Information Officer at Devo, discussed the role of AI in cybersecurity and the ongoing issue of burnout for SOC analysts. Working with Wakefield Research, Devo discovered that 83% of IT professionals feel burnt out due to stress, lack of sleep, and anxiety. Many also report that their burnout leads to breaches.

This segment is sponsored by Devo . Visit https://securityweekly.com/devo to learn more about them!

Segment Resources: SOC Analyst Appreciation Day: https://www.socanalystday.com/ Kayla's LinkedIn: https://www.linkedin.com/in/kaylamwilliams1/

Show Notes: https://securityweekly.com/psw-844

Sep 26, 2024

This week in the security news, Dr. Doug and Larry explore various technological advancements and their implications with a healthy dose of nostalgia, particularly focusing on health monitoring through Wi-Fi signals, the misconceptions surrounding 5G connectivity, the importance of understanding internet speed needs, and the cybersecurity threats facing water systems. They also discuss the potential chaos that could arise from infrastructure failures and the vulnerabilities present in automated tank gauges, emphasizing the need for better asset management and security measures.

Show Notes: https://securityweekly.com/psw-844

Sep 24, 2024

Fuzzing network traffic in OpenWRT, parsing problems lead to GitLab auth bypass, more fuzzing finds vulns in a JPEG parser, and more!

Show Notes: https://securityweekly.com/asw-300

Sep 24, 2024

C3pbot, Kaspersky, Octo2 Electric Boogaloo, Honkai: Star Rail, ServiceNow, LinkedIn, IoT, Josh Marpet, and more on the Cyber Security News.

Show Notes: https://securityweekly.com/swn-416

Sep 24, 2024

APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their widespread use has made them prime targets for attackers, especially those deploying sophisticated bots. When these bots exploit business logic, they can cause considerable financial and reputational damage. In this discussion, David Holmes offers insights into the latest trends in API and bot attacks and provides strategies to defend against these threats.

Segment Resources:

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

Show Notes: https://securityweekly.com/asw-300

Sep 24, 2024

AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.

Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.

Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Show Notes: https://securityweekly.com/bsw-365

Sep 23, 2024

In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!

Show Notes: https://securityweekly.com/bsw-365

Sep 21, 2024

This week, the cybersecurity industry's most basic assumptions under scrutiny. Following up our conversation with Wolfgang Goerlich, where he questions the value of phishing simulations, we discuss essays that call into question:

  • the maturity of the industry
  • the supposed "talent gap" with millions of open jobs despite complaints that this industry is difficult to break into
  • cybersecurity's 'delusion' problem

Also some whoopsies:

  • researchers accidentally take over a TLD
  • When nearly all your customers make the same insecure configuration mistakes, maybe it's not all their fault, ServiceNow finds out

Fortinet has a breach, but is it really accurate to call it that?

Some Coalfire pentesters that were arrested in Iowa 5 years ago share some unheard details about the event, and how it is still impacting their lives on a daily basis five years later.

The news this week isn't all negative though! We discuss an insightful essay on detection engineering for managers from Ryan McGeehan is a must read for secops managers.

Finally, we discuss a fun and excellent writeup on what happens when you ignore the integrity of your data at the beginning of a 20 year research project that resulted in several bestselling books and a Netflix series!

Show Notes: https://securityweekly.com/esw-376

Sep 20, 2024

In this episode, we explore some compelling reasons for transitioning from traditional SOAR tools to next-generation SOAR platforms. Discover how workflow automation and orchestration offers unparalleled speed and flexibility, allowing organizations to stay ahead of evolving security threats. We also delve into how advancements in AI are driving this shift, making new platforms more adaptable and responsive to current market demands.

Segment Resources:

This segment is sponsored by Tines. Visit https://securityweekly.com/tines to learn more about them!

Show Notes: https://securityweekly.com/esw-376

Sep 20, 2024

Shroombots, pagers, Tor, Raptor Train, GRU, Blue Light, Aaran Leyland, and More on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-415

Sep 20, 2024

Back to the office serfs, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland, and more on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-414

Sep 20, 2024

A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days.

He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast.

I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'?

And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out."

Segment Resources:

Show Notes: https://securityweekly.com/esw-376

Sep 19, 2024

Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley, in this episode of Below the Surface. Learn how KEV was created, where the data comes from, and how you should use it in your environment.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Show Notes: https://securityweekly.com/psw-843

Sep 19, 2024

Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attackers, the story of a .MOBI Whois server, a better bettercap, and when not to trust video baby monitors.

Show Notes: https://securityweekly.com/psw-843

Sep 18, 2024

A takeover of the MOBI TLD for $20, configuring an LLM for a CTF, firmware flaw in an SSD, Microsoft talks kernel resilience, six truths of cyber risk quantification, and more!

Show Notes: https://securityweekly.com/asw-299

Sep 17, 2024

When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to understand why there was so little interest and why appsec should reconsider its approach to awareness. Dustin Lehr discusses how appsec can better engage and better deliver security concepts in a way that makes developers not only feel like their time is well used, but that the content appeals to them.

Segment Resources: - The Security Champion Program Success Guide -- A free guide that includes all steps necessary to build a successful security champion program, with real-world recommendations and examples: https://securitychampionsuccessguide.org/ - Let's Talk Software Security -- A free global virtual community where we host monthly open discussions on appsec topics: https://www.meetup.com/lets-talk-software-security/

Show Notes: https://securityweekly.com/asw-299

Sep 17, 2024

In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!

Show Notes: https://securityweekly.com/bsw-364

Sep 16, 2024

Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:

  • the use of Watsonx to generate their new KnightVision report
  • how to use graphical node networks to model cybersecurity data
  • the future of AI models to prioritize recommendations from all the data

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Show Notes: https://securityweekly.com/bsw-364

Sep 14, 2024

Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team.

For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three.

A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did!

Segment Resources:

Show Notes: https://securityweekly.com/esw-375

Sep 13, 2024

We are a month away from Oktane -- the biggest identity event of the year. Okta is bringing thousands of identity industry thought leaders, IT and security executives, and other tech leaders together on October 15-17 to discuss the changing landscape for security and identity, how organizations are putting identity first, new Okta products, and more. Harish Peri, Senior Vice President of Product Marketing, joins Enterprise Security Weekly to discuss what people should expect from Oktane this year, the conversations that will take place at the event and why it’s important for security professionals to attend/tune in.

This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!

Show Notes: https://securityweekly.com/esw-375

1 2 Next »