Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: September, 2021
Sep 30, 2021

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.

 

Segment Resources:

RevolutionCyber - www.revolutioncyber.com

Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

Sep 30, 2021

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw88

Sep 29, 2021

Crowdsourcing and multi-sourcing focus on risk identification and reduction, and they seem to be effective... but my auditor doesn't understand what it is yet - Will it meet the requirements of security compliance standards? Jeff and Casey will dig into the hits and misses of plugging novel assurance approaches into established markets.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw88

Sep 29, 2021

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Show Notes: https://securityweekly.com/bsw233

Sep 28, 2021

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.

 

Segment Resources:

Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Show Notes: https://securityweekly.com/bsw233

Sep 28, 2021

This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Show Notes: https://securityweekly.com/asw167

Sep 28, 2021

In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better.

 

This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Show Notes: https://securityweekly.com/asw167

Sep 26, 2021

This week in the Security News: What to do with your old hardware, renting your phone, "persistently execute system software in the context of Windows", sensational headline: ransomware could cause a food shortage, could someone please schedule the year of the Linux desktop?, public-key crypto explained?, malware attacks Windows through Linux, Microsoft Exchange AutoDiscover bug leaks 100k creds, and toilets that can identify you, er, from the bottom... & more!

 

Show Notes: https://securityweekly.com/psw711

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 2021

In this segment Paul and Larry attempt to confirm or deny that Nzyme performs intelligent device fingerprinting and behavioral analytics to detect rogue actors. Classic signature-based detection methods are just too easy to circumvent in WiFi environments.

 

Show Notes: https://securityweekly.com/psw711

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 25, 2021

Velociraptor is a multi-platform, open-source, endpoint forensics, monitoring, and response platform that allows security professionals to quickly and easily dig through host artifacts and perform detection and response at scale. It’s fast, precise, powerful … and free. It also supports Linux, Windows and MacOS. Velociraptor is a unique tool since it offers a query language so that users may query their endpoint flexibly in response to new threat information. In this session, we'll discuss the key components of Velociraptor, and how it can be leveraged to improve endpoint security and visibility and facilitate rapid response to large networks.

 

Show Notes: https://securityweekly.com/psw711

Segment Resources:

Please visit our documentation site where you can learn about Velociraptor https://docs.velociraptor.app/

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 24, 2021

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!

 

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/eswfor all the latest episodes!

Sep 24, 2021

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

 

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/esw for all the latest episodes!

Sep 23, 2021

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution.

 

Show Notes: https://securityweekly.com/esw243

This segment is sponsored by Probely. Visit https://securityweekly.com/probelyto learn more about them!

Visit https://www.securityweekly.com/eswfor all the latest episodes! 

Sep 23, 2021

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform.

 

Show Notes: https://securityweekly.com/scw87

Visit https://www.securityweekly.com/scw for all the latest episodes! 

Sep 22, 2021

"Hacktivism" is a controversial term with several meanings. The word was coined to characterize electronic direct action as working toward social change by combining programming skills with critical thinking. But just as hack can sometimes mean cyber crime, hacktivism can be used to mean activism that is malicious, destructive, and undermining the security of the Internet as a technical, economic, and political platform.

 

Show Notes: https://securityweekly.com/scw87

Visit https://www.securityweekly.com/scw for all the latest episodes! 

Sep 22, 2021

This Week, in the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Building a Modern Cybersecurity Partnership, & more!

 

Show Notes: https://securityweekly.com/bsw232

Visit https://www.securityweekly.com/bswfor all the latest episodes!

Sep 21, 2021

It's no surprise that Zero Trust initiatives are increasing in importance in both the public and private sectors. New cybersecurity mandates and a boom in remote work due to COVID-19 are just two of the most common factors driving this demand. While the need for adopting Zero Trust is evident, the path to success is not. In this episode, we discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment––more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases.

 

Show Notes: https://securityweekly.com/bsw232

Segment Resources: Learn more about implementing Zero Trust: https://www.extrahop.com/solutions/security/zero-trust/?uniqueid=CC07532818&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-zero-trust-backlink&utm_content=webpage&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahopto learn more about them!

Visit https://www.securityweekly.com/bswfor all the latest episodes!

Sep 21, 2021

This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more!

 

Show Notes: https://securityweekly.com/asw166

Visit https://www.securityweekly.com/aswfor all the latest episodes!

Sep 20, 2021

Modern software development demands a different approach to application security. Contrast’s developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance.

 

Show Notes: https://securityweekly.com/asw166

Segment Resources:

2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782

White Paper: Pipeline-native Scanning for Modern Application Development https://view-su2.highspot.com/viewer/612ff3e4cc0bb2392d968b25

DevSecOps Requires a Platform Approach to Application Security https://view-su2.highspot.com/viewer/612ff42ecb2d1b6cd60f3f65

This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Sep 19, 2021

This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App, Drone accidentally delivers drug paraphernalia to high schoolers, & more!

 

Show Notes: https://securityweekly.com/psw710

Visit https://www.securityweekly.com/psw for all the latest episodes!

Sep 18, 2021

Brakeman is a free static analysis security tool specifically designed for Ruby on Rails applications. It analyzes Rails application code to find security issues at any stage of development. Justin first released Brakeman in 2010. In 2018, the commercial version, "Brakeman Pro", was acquired by Synopsys. Brakeman continues to be a very popular security tool for Rails, with tens of thousands of downloads per day.

 

Show Notes: https://securityweekly.com/psw710

https://github.com/presidentbeef/brakeman

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 18, 2021

Network breaches, ransomware attacks, and remote-work challenges highlight the need for cloud-native Secure Access Service Edge (SASE) deployments.

 

Show Notes: https://securityweekly.com/psw710

This segment is sponsored by Barracuda Networks.

Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes! 

Sep 17, 2021

This week in the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roesch Joins Netography as CEO, the special "Squirrel of the Week" story, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

Sep 17, 2021

Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices, supply chain, physical access, and malicious software. We will also explore various mitigation strategies throughout the lifecycle, which separate those leaning in from those that don't.

 

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

Sep 16, 2021

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack attacks. What can you do to protect your organization? Let's talk about the first step to securing web applications - continuous web asset discovery.

 

Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/

https://www.netsparker.com/features/continous-web-asset-discovery-engine/

 

This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

1 2 Next »