Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2022
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 2
Jun 15, 2022

This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw198

Jun 15, 2022

Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. We'll talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw198

Jun 14, 2022

Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).

 

This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!

 

Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.

 

Segment Resources:

https://fortifydata.com/request-an-assessment

 

This segment is sponsored by FortifyData. Visit https://securityweekly.com/fortifydata to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw265

Jun 14, 2022

There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi...

 

Segment Resources:

https://identiverse.com/idv2022/ (Paul on Wednesday)

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw275

Jun 14, 2022

Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today’s world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem.

 

Segment Resources:

Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html

 

This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them!

 

The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they’re taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There’s good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization’s security posture, too.

 

This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw200

Jun 14, 2022

In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw265

Jun 13, 2022

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw200

Jun 3, 2022

In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.

 

This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw275

Jun 3, 2022

Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.

 

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw264

Jun 3, 2022

Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw276

Jun 3, 2022

This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical case studies of landmark attacks

 

Segment Resources:

"Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-papere

 

This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw743

Jun 3, 2022

This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw743

Jun 3, 2022

In the Autumn of 2019, Salesforce started on an ambitious journey - to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce’s customer to deploy new technology and to change all of their user’s behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved. Join Ian Glazer as he discusses the impetus for Salesforce’s MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce’s journey towards complete customer MFA adoption and apply it in your own organization.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw276

Jun 2, 2022

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?

 

This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw263

Jun 2, 2022

In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw263

Jun 2, 2022

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.

 

Segment Resources:

"Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper

 

This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw276

May 21, 2022

In the Enterprise Security News: The latest cybersecurity fundraising, We discuss the impact of the market downturn on the cybersecurity startup industry, Crypto muggings, Security researchers researching researchers simulating attackers, & Evil Encryption! 

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 21, 2022

In the Security News for this week: Singapore launches safety rating system for e-commerce sites, Watch Out for Zyxel Firewalls RCE Vulnerability, New Bluetooth hack that can unlock your Tesla, Hackers Compromise a String of NFT Discord Channels, a pentester’s attempt to be ‘as realistic as possible’ backfires, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 21, 2022

Migrating off passwords and legacy authentication is a journey. Nok Nok has worked with global brands to incorporate passwordless, next-generation authentication into their consumer apps leading to significant improvements in onboarding, authentication success, speed and reduction in fraud among many other benefits. Learn how these organizations have mastered the transition.

 

Segment Resources:

www.noknok.com

https://www.youtube.com/watch?v=yQIwOx2XCSE

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 20, 2022

Attack intelligence delivers customers actionable, relevant, and timely information. Learn why Collective Defense is an integral aspect of attack intelligence and hear about the cyber trends you need to watch.

 

Segment Resources:

https://www.ironnet.com/blog/what-is-attack-intelligence-and-why-do-you-need-it

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw274

May 20, 2022

In this segment Saumil Shah joins us for a discussion on Firmware Security, complete with a fascinating first-hand demonstration!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 19, 2022

The past year has been filled with incredible changes in the cyber security landscape from ICS, Mobile, Cloud, and increased threats from Ransomware. This discussion will focus on crucial and quick discussions surrounding the cyber landscape that has changed quickly and forced organizations to consider revamping many of their policies and preparations. Join us for a humorous, and insightful journey back over the past year filled with examples for practitioners, organizations, and those just starting in cyber security.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw741

May 18, 2022

This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. 

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw197

May 18, 2022

What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when trying to help future generations learn what they need to know to contribute to this industry? 

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw197

May 14, 2022

In the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua. And, in other news, all South Koreans are about to become one year younger, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw273

1 « Previous 1 2 3 4 5 6 7 Next » 126