Join Michael Welch for a discussion on the ramifications a cyber-physical attack can have on ill prepared organizations. As a third-party expert, Michael can speak to: • The importance of being aware of the widening attack surface due to an inter-connected world of cyber-physical security. • The critical need to have the right solutions in place to thwart bad actors from gaining access to a physical system. • The security considerations organizations, specifically in the healthcare and critical infrastructure sectors, should address to circumvent cyber-physical attacks.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw704
Alyssa will discuss the growing trend of organizations implementing Business Information Security Officers. We'll talk about how the BISO builds bridges between the security and business organizations that DevSecOps shared-responsibility culture. We'll dive into Alyssa's career progression and the lessons she learned along the way the prepared her for this high level leadership role.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw704
This week in the Enterprise News: Aqua Security Introduces new Aqua Platform, Decryption Tools, Security Summit 2021: Google expands Trusted Cloud, Clearview AI raises $30M to accelerate growth in image-search technology, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
Security starts before detection, it starts before investigations. Mature security teams understand the importance of good hygiene and take proactive measures to secure themselves against the ever-increasing threat landscape. Join us this week as Stephanie Aceves, Threat Response SME Lead, talks through a holistic approach to security using the Tanium platform approach. Learn why the best security teams rely heavily on Tanium to get smarter, faster, better in responding to threats and how your organizations can do the same.
For folks interested in a trial of Tanium, check out https://try.tanium.com/
To stay connected with Tanium's Endpoint Security Specialist team, join our community site: https://community.tanium.com/s/ues-discussion-group or find us on Slack: https://docs.google.com/forms/d/e/1FAIpQLSf56reMK4BQPkoLO4MTp-QPMJsxOlJD-MqargZxhW3kNsA3dA/viewform?usp=sf_link
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
Brief chat around the rise in Ransomware attacks, campaigns against our Infrastructure, the deficit in Cyber Talent, and how we could address the issue by extending Corporate Cyber Training programs to extend past the Corporate boundary.
Segment Resources:
https://www.infragardnational.org/
https://inl.gov/critical-infrastructure-protection-training/
https://www.ymcalouisville.org/chestnut/kids-and-teens/black-achievers.html
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw236
Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and compliance. Hear ye, Hear ye! The court is now in session.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw81
Priya Chaudhry joins us today as co-host and we are eager to catch up with her and get her legal perspective on recent litigations and proposed legislation that impacts our world of security and compliance. Hear ye, Hear ye! The court is now in session.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw81
In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw225
Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot. The current companies in the Security Weekly 25 Index: SCWX PANW CHKP SPLK NLOK FTNT AKAM FFIV ZS PFPT FEYE QLYS VRNT CYBR TENB SAIL MIME NET CRWD NTCT VRNS RPD SUMO RDWR PING
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw225
This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw159
Adoption of serverless functions is rapidly growing, which means security teams will be challenged to deliver protection for data and applications in these complex environments in the coming months and years. Peter Klimek is helping Imperva customers address these challenges and will offer guidance on how to get protection for functions without slowing DevOps.
Segment Resources:
Details on Imperva Serverless Protection: https://www.imperva.com/company/press_releases/imperva-launches-new-product-to-secure-serverless-functions-with-visibility-into-the-application-layer-code-level-vulnerabilities/
Free trial of the product: https://www.imperva.com/serverless-protection-demo
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw159
This week in the Security News: Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!Trust no one, its all about the information, so many Windows vulnerabilities and exploits, so. many., Saudi Aramco data for sale, Sequoia, a perfectly named Linux vulnerability, is Microsoft a national security threat?, Pegasus and clickless exploits for iOS, homoglyph domain takedowns, when DNS configuration goes wrong and a backdoor in your backdoor!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw703
CyberMarket.com is a marketplace where CyberSecurity Consultancies and clients can find each other. There is a growing trend where CyberSecurity Consultants recognize the gap between what they are worth to a consultancy as being sold out for a daily rate compared to what they get paid. There are a number of consultants who are leaving consultancies to start the next generation of independent / boutique consultancies but they don't have a sales pipeline and sales staff like their old consultancies do. CyberMarket.com is a place to help facilitate the sales pipeline for cybersecurity consultancies of various sizes.
Segment Resources:
There is a blog at https://www.cybermarket.com/homes/blog where an article to help people to start up their own cybersecurity consultancy can be found.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw703
Safety in online dating spaces is an issue the dating industry has grappled with for some time; with the surge of dating app usage during the pandemic, the demand for dating apps to take responsibility and ensure safer online interactions is at an all-time high. RealMe is a technology platform that hopes to solve this problem on dating apps (and other online marketplaces) by providing in-app background checks that aggregate publicly available information on criminal records, sex offender status, personal reviews, and more.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw703
The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security.
This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them!
Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.
This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
In the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
Security teams relying on asset inventory from their IT counterparts can be a challenge due to a lack of security context for assets. This gap can lead to missed opportunities to identify and fix asset-centric issues like EOL or unauthorized software that they can address even before running their vulnerability management program. Ed will discuss the role asset inventory plays in your overall security strategy. This will include the importance of security context for IT assets, which teams benefit from the information, how to identify and assess the health of critical databases and how to effectively implement a cybersecurity asset management practice.
Segment Resources:
CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/
CSAM video overview: https://vimeo.com/551723071
Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/
This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw235
Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw80
Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw80
This week in the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw224
In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O'Reilly, Co-Founder and CPO of CyberSaint discusses what he's learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it's CyberStrong platform.
Segment Resources:
CyberSaint website: www.cybersaint.io
Gartner Cool vendor report: https://www.cybersaint.io/gartner-cool-vendor-in-cyber-it-risk-management-download
This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw224
This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw158
In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future.
This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw158
The White House announces a Ransomware Task Force, how much money Microsoft has paid out to security researchers last year, Amazon rolls out encryption for Ring doorbells, how a backdoor in popular KiwiSDR product gave root to a project developer for years, Trickbot Malware returns with a new VNC Module to spy on its victims, and some of the absolute funniest quotes about cyber security & tech in 2021!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw702
In this segment of Paul's Security Weekly, Paul and crew interview Jack Rhysider about how he got his start in Information Security, the projects and careers he worked on over the years, and how he transitioned from a Network Security Engineer to the host of Darknet Diaries Podcast.
Segment Resources:
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw702