In this episode of Paul's Security Weekly, we will talk with Paul Ewing of Endgame about how to close the 'breakout window' between detection and response, and hear about Endgame's recently announced technology, Reflex, that was built with customized protection in mind.

To learn more about Endgame, visit: https://securityweekly.com/endgame

Full Show Notes: https://wiki.securityweekly.com/Episode607

Follow us on Twitter: https://www.twitter.com/securityweekly

Charles Thompson is the Senior Director of Product Management at Viavi. Charles will discuss the importance of response/remediation in a strong security strategy and the role wire-data plays in having the forensic detail needed to identify a breach, understand scope of impact, and confirm restoration of network performance to pre-incident baseline.

To learn more about Viavi Solutions, visit: https://securityweekly.com/viavi

Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

Andrew Hollister is the Chief Architect & Product Manager at LogRhythm. Andrew will talk about the Security Operations Maturity Model: How to Measure the effectiveness of your SOC.

To learn more about LogRhythm, visit: https://securityweekly.com/logrhythm

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

Paul will be giving a technical segment on Defending Your Environment Against Major Microsoft Vulnerabilities. Discussion points will consist of: Discovery, Temporary Countermeasures, Be Resilient, and Paul talks about the two things he'd change if he were in charge. Full Show Notes: https://wiki.securityweekly.com/ES_Episode140

Visit https://securityweekly.com/esw for all the latest episodes!

John McCumber is the Director, Cybersecurity Advocacy at (ISC)2. John will cover the statistics behind the cybersecurity workforce gap, and explain why what we perceive anecdotally isn't what we see in the media. Learn what is really taking place in cybersecurity hiring, training, and education. Find new opportunities in this data for your personal career growth.

To learn more about ISC2, visit: https://securityweekly.com/isc2

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode130

This week, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly

In the security news, giving you the latest on thousands of infected servers from a cryptojacking campaign, an open letter to the GCHQ calling out spy agencies, and a new vulnerability that makes you WannaCry!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

David Boucha is a Sr. Engineer at SaltStack. David will be talking about how Salt Open and SaltStack Enterprise can help you automate your infrastructure including servers (cloud, on-prem, virtual), network devices, and endpoints. From "day 0" provisioning to "day n" configuration drift management and compliance management, Salt can scale to automate all the most difficult and frustrating tasks.

To learn more about SaltStack, visit: https://securityweekly.com/saltstack

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Ruvi Kitov, CEO and Co-Founder of Tufin, talks about the importance of having a network-wide security policy! The discussion will be on the importance of having a network-wide security policy, the fact that most companies don’t have one, and therefore lack visibility and are not compliant with regulations and even with their own policies, and finally the value that we provide with SecureTrack.

To learn more about Tufin, visit: https://securityweekly.com/tufin

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

Paul Asadoorian and Robert Graham from Errata Security show you how to search for the BlueKeep vulnerability, or CVE-2019-0708, that has been affecting hundreds of thousands of systems!

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

Eric Butash and Mike Klein from Highlander Institute, join us on the show to talk about, what schools are doing to protect Student Data?, how do we teach our student the importance of good digital hygiene if we don't have the proper education in place?, what is Digital Citizenship, and how is the Privacy playing a roll in our always-on youth?

Full Show Notes: https://wiki.securityweekly.com/Episode606

Follow us on Twitter: https://www.twitter.com/securityweekly

John Strand and Paul Asadoorian discuss how Okta joins forces with Secret Double Octopus, Tenable unveils new innovations for Cyber Exposure analytics, Barracuda launches bot protection feature for firewall offerings, and some acquisition and funding updates from Palo Alto, FireEye, and Verodin!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

We interview Jack Jones, Chief Risk Scientist at RiskLens to talk about Understanding and quantifying cyber risk using FAIR!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode139

Visit https://securityweekly.com/esw for all the latest episodes!

In our final segment, Doug, Jeff, Patrick, and Lee give you the latest security news to talk about a Zero Day for Windows, the battle over Huawei with the US and Google, & unpatched hardware and companies tripping themselves up!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

In our second segment, we welcome Justin Murphy, Cloud Security Engineer at Cisco, to talk about DNS in the Security Architecture!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

In the Enterprise News, ThreatQuotient expands integration with MITRE ATT&CK Framework, JASK launches a new Heads Up Display for security operations centers, and we have some acquisition and funding updates from Guardicore, Auth0, and KnowBe4!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

Candy Alexander is the President of Information Systems Security Association. Ms. Alexander has 30 years of information security experience working for various high-tech companies. She has held several positions as CISO (Chief Information Security Officer) for which she developed and managed corporate security programs. She is now working as a Virtual or Fractional CISO and Executive Cyber Security Consultant assisting companies large and small to improve their security programs through effective security initiatives.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

We welcome Matthew McMahon, Head of Security Analytics at Salve Regina University, to talk about Medical devices, Cybersecurity and Resilience, and Cybersecurity Training!

Full Show Notes: https://wiki.securityweekly.com/Episode605

Follow us on Twitter: https://www.twitter.com/securityweekly

Corey Thuen is the Co-Founder at Gravwell. Corey covers the topics: Framework for discussion: the pillars of the SOC and the 80/20 principle, Wire data, Log/Application Data, Endpoint protection/EDR, Threat Intel, Data fusion, SOAR, and much more!

To learn more about Gravwell, visit: https://securityweekly.com/gravwell

Full Show Notes: https://wiki.securityweekly.com/ES_Episode138

Visit https://securityweekly.com/esw for all the latest episodes!

Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

In the Leadership and Communications segment, don't let your expertise narrow your perspective, don't be blinded by your own expertise, and the smartest cities in the future of urban development!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

Mike Shema and John Kinsella interview Cody Wood. Cody Wood is the AppSec Product Support Engineer at Signal Sciences.

To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly

We welcome Ferruh Mavituna, Founder and CEO of Netsparker! They will be discussing the discover and scan perspective of applications, how to handle in-house written applications vs. ones that are acquired, the prioritization and planning of the applications you have, and the common practice companies should be doing to focus on the top 20% of critical apps.

To get involved with Netsparker, visit: https://securityweekly.com/netsparker

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode129

In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability!

Full Show Notes: https://wiki.securityweekly.com/Episode604

Follow us on Twitter: https://www.twitter.com/securityweekly