Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: June, 2021
Jun 16, 2021

This week, In the Leadership & Communications articles: Attracting Talent During a Worker Shortage, CISOs Say Application Security is Broken, Three Steps to Harden Your Active Directory in Light of Recent Attacks, Demystifying RockYou2021, & more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw220

Jun 15, 2021

Are Secure Web Gateways doing their job to keep businesses safe in 2021? Recent survey results from ESG reveal 1 in 10 are not happy with their secure web gateway (SWG) and/or web security. Yet by 2024, the SWG market is projected to grow to 10.9 billion. As this year continues to twist and turn, complexity for an IT security professional continues to rise. Security professionals need to expect more from their security tools so they can stop running from one fire to another, and can simplify daily management. Join us to learn what you can do to get more effective threat detection and reliable, fast secure access. We’ll look at ways you can cut complexity, reduce risk exposure, and improve performance with a cloud-delivered, secure internet gateway.

 

This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw220

Jun 15, 2021

This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw154

Jun 14, 2021

We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level. A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th.

 

Segment Resources:

- https://owaspsamm.org/

- https://github.com/OWASPsamm

- https://app.slack.com/client/T04T40NHX/C0VF1EJGH

- https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g

- https://twitter.com/OwaspSAMM

- https://www.linkedin.com/company/18910344/admin/

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw154

Jun 13, 2021

This week, In the Security News Paul & the crew discuss: Microsoft Patches 6 Zero-Days Under Active Attack, US seizes $2.3 million Colonial Pipeline paid to ransomware attackers, the largest password compilation of all time leaked online with 8.4 billion entries, How to pwn a satellite, One Fastly customer triggered internet meltdown, and I got 99 problems, but my NAC ain't one, and more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw698

Jun 12, 2021

What does it mean to protect the attack surface? What's the difference between attack surface protection vs. attack surface management? Rob Gurzeev, CEO and Founder at Cycognito, joins us to discuss why attack surface monitoring needs to run across the entire infrastructure. It's not just about open ports, but finding the assets that are exposed or exploitable, or abandoned, that create the greatest risk.

 

This segment is sponsored by CyCognito. Visit https://securityweekly.com/cycognito to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw698

Jun 12, 2021

OpenWRT is a mature and well supported project. It is supported on many hardware platforms and available as production-level products. OpenWRT has developed into a platform that is filled with enterprise level features, making it a successful product for enterprise uses. Due to the fact that it will run on many IoT platforms, including home gateways, and has an easy-to-use web interface, it is also a great platform to use to start building a lab.

Segment Resources:

Company Website Link: xcapeinc.com

Topic Link: openwrt.org

Commercial Product for Topic Link: gl-inet.com

Personal CI/CD Projects Link: gitlab.com/fossdevops

Personal GitLab Link: gitlab.com/geneerik

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw698

Jun 11, 2021

“Behind the scenes of the cyber fight” – talking about the good on the defender side, taking down cyber criminal supply chains, partnerships, taking down ransomware gangs.

This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!

 

Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework.

This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw230

Jun 11, 2021

This week in the Enterprise News: Proofpoint unveils people-centric innovations across its three platforms, Citrix Secure Internet Access Simplifies Hybrid Workforce Challenges, CyberArk : Advances Industry-Leading Identity Security Platform, AI-powered cybersecurity provider ExtraHop to be acquired for $900M, New Israeli Unicorn Exabeam Hits $2.4 Billion Valuation, Microsoft acquires ReFirm Labs to boost its IoT security offerings, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw230

Jun 10, 2021

Traditional options of acquiring network detection and response (NDR) solutions have their individual pros and cons. SaaS or On-Premises NDR solutions allow you to customize it to your environment but require costly care and feeding such as detection tuning that distracts your SOC/IR teams from hunting adversaries. If you go with a Managed NDR you have predictable costs but receive generic detections and response options in a one-size fits all model. Join Stephen Newman, VP of Product Marketing to see how ThreatINSIGHT Guided-SaaS NDR combines a purpose-built NDR platform for adversary detection and response with Gigamon SOC/IR human talent dedicated to delivering guided expertise to your security team… together closing the SOC visibility gap, removing distractions, and providing advisory guidance when it matters most.

 

Segment Resources: https://www.gigamon.com/content/dam/resource-library/english/solution-brief/sb-gigamon-threatinsight.pdf

 

This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw230

Jun 10, 2021

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework.

 

Segment Resources:

Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/

Official Site of the CMMC Program: https://cmmcab.org/

Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw75

Jun 9, 2021

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework.

 

Segment Resources:

Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/

Official Site of the CMMC Program: https://cmmcab.org/

Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw75

Jun 9, 2021

In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw219

Jun 8, 2021

CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn’t be viewed as a controlling organ - then it will stall innovation and become a blocker for deploying new techniques. Implemented and evaluated correctly, new security tools should speed up the development processes and enable innovation. So how do you measure success in app sec? There are several methods that define the success of a new tool. New tools have to live up and in most instances exceed the existing solutions in place and should help developers to do their job more efficiently. Here we can discuss the relevance of pre-planning and the definition of clear success criteria to get the most out of any solution decided upon. We draw parallels to real world examples of companies that have found success by optimising the time spent on evaluating and implementing new tools.

 

This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw219

Jun 8, 2021

This week in the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authentication bypass postmortem, M1RACLES, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw153

Jun 7, 2021

While web application security is a highly researched topic with a lot of subject familiarity among security professionals, it’s still not easy for security and development teams to navigate modern threats, and understand the differences, and more importantly, the similarities between securing web apps and securing APIs. In the endless battle to keep networks and applications safe, organizations need to rely on real-time data to better understand the differences between attacker behavior and legitimate traffic. Join this discussion with Daniel Hampton for a look inside a unified and collaborative approach to the modern tools and processes needed to monitor for and stop real-time web application and API security threats, and clarify the complexities teams often navigate.

This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw153

Jun 6, 2021

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware’s most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw697

Jun 5, 2021

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility.

Segment Resources:

View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38

Read our CEO’s blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security

Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management

 

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw697

Jun 5, 2021

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before.

 

Segment Resources:

phobos.io/orbital

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw697

« Previous 1 2