Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Oct 17, 2023

In the leadership and communications section, Is Your Board Cyber-Ready?, Chief security officers' salary growth slowing, The Secret to Making Difficult Decisions, and more!

Show Notes: https://securityweekly.com/bsw-324

Oct 16, 2023

Do we sound like a broken record? Leadership, communication, and risk management skills are key traits of the Chief Information Security Officer. But don't just take our word for it, Jason Loomis, CISO at Freshworks, joins Business Security Weekly to discuss why companies should be hiring CISOs for their leadership talent, not their technical talent.

Segment Resources: Switch

Five Dysfunctions of a Team

Drive

Extreme Ownership

Simon Sinek

Show Notes: https://securityweekly.com/bsw-324

Oct 13, 2023

As long as there are profits to be made, cybercriminals will continue to monetize enterprise assets—whether they be devices, applications, data, or users. It only takes one weak or unknown asset to compromise an entire organization. Brian will discuss why enterprises need to move away from assumption-based approaches to asset data and decision making to evidence-based asset intelligence to secure their environments quickly, easily, and at scale.

This segment is sponsored by Sevco Security. Visit https://www.securityweekly.com/sevcoisw to learn more about them!

In this ISW interview, CRA's Bill Brenner catches up with Kevin Johnson of Secure Ideas for a chat about application security.

In this segment from ISW, Dakota State COO and General Counsel Stacy Kooistra talks to Bill Brenner about the university's effort create more cyber warriors.

Show Notes: https://securityweekly.com/esw-335

Oct 13, 2023

This week Dr. Doug talks: Microsoft, SeroxenRAT, Smart Links, Vogons, ToddyCAT, ShellBot, Hidden servers, Aaran Leyland, and More on the Security Weekly News!

Show Notes: https://securityweekly.com/swn-333

Oct 13, 2023

There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program.

This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them!

Threat actors don’t think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs’ newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it’s important to “shift up,” and what Mike is most excited about in his new role.

This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them!

Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry.

Show Notes: https://securityweekly.com/esw-335

Oct 12, 2023

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely.

Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with.

Interview Resources:

Show Notes: https://securityweekly.com/esw-335

Oct 12, 2023

In the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world’s largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul’s Security Weekly!

Show Notes: https://securityweekly.com/psw-802

Oct 12, 2023

Resources we mentioned:

* The Hardware Hackers Handbook is a great start
* Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking 
* Take some classes
* Do some Arduino stuff: https://www.arduino.cc/ 
* Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-engineering-and-computer-science-i-spring-2011/  (And here: https://www.tinkerforge.com/en/doc/  and here: https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU )

Building a lab - The list:

* Soldering iron (and tools and parts such as Solder, Flux, Tweezer, Soldering wick, Cutter, Wire stripper)
* Hot air rework station (can be bundled with soldering iron)
* Multi-meter (and lots of associated cables)
* Jumper and pinout wires
* Breadboard
* USB microscope
* Bench power supply
* Specific lighting (e.g. my document camera has an LED light that works great)
* Magnification - magnifying lenses and a headset (esp. if you are old, like us)
* USB serial devices (or Bus Pirate if you fancy)

Show Notes: https://securityweekly.com/psw-802

Oct 10, 2023

Anticipating Curl's upcoming patch for a high severity flaw, the Looney Tunables flaw in Glibc, ShellTorch flaw hits PyTorch and lots of AI, lessons from some X.Org security patches, eBPF security, and more!

Show Notes: https://securityweekly.com/asw-258

Oct 10, 2023

This week Aaran Leyland rants: about Google, 23andMe, Facebook, GitHub's Secret Scanning, MGM Resorts, Grindr, More News, and is joined by the notorious Jason Wood on the Security Weekly News!

Show Notes: https://securityweekly.com/swn-332

Oct 10, 2023

What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days. Successful DevSecOps approaches can be so much more than just vulns and so much more than just tools. Sure, tools are useful for identifying known vulns in dependencies and new vulns in code, but teams that emphasize people and culture will find it easier to shift their attention to the security of their product and creating secure designs.

Segment Resources: Shift Everywhere is the bullet-train to secure software: https://www.forrester.com/blogs/shift-everywhere-is-the-bullet-train-to-secure-software/?refsearch=35020611696872306356 Forrester Software Composition Analysis (SCA) Wave: https://www.forrester.com/report/the-forrester-wave-tm-software-composition-analysis-q2-2023/RES178483?refsearch=35020611696863504716 Forrester Static Analysis Security Testing (SAST) Wave: https://www.forrester.com/report/the-forrester-wave-tm-static-application-security-testing-q3-2023/RES178489?scrollTo=FHqjnkXmzX

Show Notes: https://securityweekly.com/asw-258

Oct 9, 2023

In the leadership and communications section, The Data Your Board Actually Wants to Hear About When Valuing Cybersecurity Investments, Cybersecurity is a CFO issue, Must-know insights when navigating the CISO career path, and more!

Show Notes: https://securityweekly.com/bsw-323

Oct 9, 2023

CEOs and boards struggle with their digital transformation process. Does their operations hinder or align with business initiatives? Has their security operations scaled to meet the data and digital demands to protect against business risk? In today’s episode, we’re talking to Chris Morales, CISO at Netenrich, who’ll provide compelling insights towards security transformation. Security organizations all face similar security challenges of too much data, siloed teams, underperforming legacy tools, and time-consuming and laborious threat investigation work. We’ll discuss the approach enterprises need to consider in advancing their security maturity. It’s one that’s data-driven, adaptive, and predictive.

Show Notes: https://securityweekly.com/bsw-323

Oct 6, 2023

Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization.

This segment is sponsored by DeleteMe. Visit https://www.securityweekly.com/deletemeisw to learn more about them!

With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solutions to meet and implement this need!

This segment is sponsored by Ridge IT Cyber. Visit https://www.securityweekly.com/ridgeitisw to learn more about them!

Why are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we’ll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers.

We’ll also discuss the growing demand for Threat Exposure Management (TEM). Why does a leading analyst describe this as a transformation technology and how can you quickly visualize your environment the way the attackers do?

Segment Resources: https://www.viavisolutions.com/en-us/ptv/solutions/threat-exposure-management https://www.viavisolutions.com/en-us/ptv/solutions/high-fidelity-threat-forensics-remediation

This segment is sponsored by VIAVI Solutions. Visit https://www.securityweekly.com/viaviisw to learn more about them!

Show Notes: https://securityweekly.com/esw-334

Oct 6, 2023

This week Dr. Doug talks: Feet, Google, Apple, Predator vs. Lemurs, r77, Qualcomm, qakbot, deepfakes, More News and with the exotic Aaran Leyland!

Show Notes: https://securityweekly.com/swn-331

Oct 6, 2023

On this week's news segment, we go down a bit of a rabbit hole on data lakes and have a GREAT conversation about where security data wrangling might or might not go in the future. We also discuss Nord Security's funding and $3B valuation, try to figure out what Synqly is doing, and discuss IronNet's demise.

We also find out which email solution is more secure (at least, according to insurance claim data), Google or Microsoft!

We wrap up, learning that forms of CAPTCHAs are apparently broken now, $3800 gets you a gaming PC in the shape of a sneaker, and someone has created the DevOps equivalent of dieselgate!

Show Notes: https://securityweekly.com/esw-334

Oct 5, 2023

In this segment, we'll explore some of the most useful lessons and interesting insights to come out of the last year's worth of breaches and data leaks! We'll explain why we will NOT be covering MGM in this segment. The breaches we will be covering include:

  • Microsoft AI Research Data Leak
  • Microsoft/Storm-0558
  • CommutAir
  • Riot Games
  • Lastpass
  • CircleCI
  • RackSpace
  • Drizly (yes, this breach is older, but the full story just wrapped a year ago!)

Show Notes: https://securityweekly.com/esw-334

Oct 5, 2023

In the Security News: No Flipper Zero for you!, your glibc is hanging out and other Looney Tunables, and it vulnerable, for no reasons, other than the obvious ones, a Russian firm will pay $20m for Android or iPhone 0days, you do what you do and other Exim vulnerability stories, yet another way to become root on Linux, if you ever wanted to read the source code for Sub7, well, now you can, more people want to trash bug bounties (and they are wrong), Curl has something coming, and its not good, tricking AI with your dead grandma’s locket, GPU driver vulnerabilities could lead to something, and the path to the cloud is filled with holes. All that and more on this episode of Paul’s Security Weekly!

Show Notes: https://securityweekly.com/psw-801

Oct 5, 2023

Anuj joins us to discuss recent trends in malware. What are the malware authors up to lately? What are the latest techniques for reverse engineering malware? Learn about the latest tools and techniques from Anuj! Anuj is a Principal Threat Researcher at Blackberry, where he performs malware research and reverse engineering. He has more than 15 years of experience in malware analysis and incident response. Anuj also brings his problem-solving abilities to his position as a SANS Certified Instructor and author, which gives him the opportunity to impart his deep technical knowledge and practical skills to students.

Segment Resources: https://www.youtube.com/@sonianuj

Show Notes: https://securityweekly.com/psw-801

Oct 3, 2023

Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more!

Show Notes: https://securityweekly.com/asw-257

Oct 3, 2023

Minority Report, NSA, WS_FTP, Exim, Sextortion, BunnyLoader, CISA, More News, and Jason Wood.

Show Notes: https://securityweekly.com/swn-330

Oct 3, 2023

Communication is a skill that doesn't appear on top 10 lists, rarely appears as a conference topic, and doesn't appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even our own Security Weekly site falls a little short with only a podcast category for "Training" instead of more options around communication and collaboration.

Lina shares her experience presenting to executives and boards in high-stress situations, as well as training incident responders on real-world scenarios.

Segment resources

Show Notes: https://securityweekly.com/asw-257

Oct 2, 2023

In the leadership and communications section, The CISO Carousel and its Effect on Enterprise Cybersecurity, CISOs are struggling to get cybersecurity budgets, Respectfully, I Disagree, and more!

Show Notes: https://securityweekly.com/bsw-322

Oct 2, 2023

As we move more infrastructure into the cloud, the traditional concepts of risk start to change. It's no longer just about networks and servers, but also needs to address identities and not just human identities. Cloud infrastructure introduces additional identity types that need to be addressed as part of your risk management program. Eric Kedrosky, CISO at Sonrai Security, joins us to discuss how to think differently about risk in the cloud.

Show Notes: https://securityweekly.com/bsw-322

Sep 29, 2023

This week, we changed things up a bit for the news segment and Allie Mellen joins us as a surprise guest host! We discuss Cisco's Splunk acquisition and what it means for Splunk customers, and "The Blob" - Allie's term describing the negative forces responsible for much of the overhyped marketing, silly trends, and substandard products we see in the industry.

Segment Resources:

Allie's blog on Cisco/Splunk:  https://www.forrester.com/blogs/splunk-is-good-for-cisco-but-cisco-needs-to-convince-splunk-customers-that-cisco-is-good-for-them/

Allie's blog on The Blob:  https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/

Show Notes: https://securityweekly.com/esw-333

1 « Previous 7 8 9 10 11 12 13 Next » 52