Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Jun 4, 2024

Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-390

Jun 4, 2024

Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization’s infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.

Segment Resources:

Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/

Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

 

With new industry regulations, like the SEC’s Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.

Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management

https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f

This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-352

Jun 3, 2024

Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?

In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:

  • Self Awareness
  • Self Regulation
  • Motivation
  • Empathy
  • Social Skills

and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.

Show Notes: https://securityweekly.com/bsw-352

May 31, 2024

In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs.

This segment is sponsored by Swimlane. Visit https://securityweekly.com/swimlanersac to learn more about them!

The past two years have witnessed an unprecedented surge in the adoption of generative artificial intelligence (AI) across various industries. And while this presents new efficiencies, with these benefits come significant security concerns. The widespread integration of AI applications increases the risk of data breaches and intellectual property theft, while also expanding organizations' vulnerability to malicious data injection and other AI-driven cyberattacks. During this interview Jim will explore why it’s imperative to implement robust security measures to mitigate these evolving risks effectively, and how working alongside an MSSP can benefit your overall security posture.

Segment Resources: https://go.directdefense.com/2023-Security-Operations-Threat-Report

This segment is sponsored by DirectDefense. Visit https://securityweekly.com/directdefensersac to learn more about them!

In recent years, ransomware attacks have undergone a transformative evolution, shifting from indiscriminate, mass-distributed assaults to highly targeted, sophisticated campaigns. Kris Lahiri is able to discuss the dynamic landscape of ransomware and dive into the techniques he has seen cybercriminals employ, the motivations behind these attacks, and the escalating impact on individuals, businesses, and critical infrastructure.

Segment Resources: https://www.egnyte.com/solutions/ransomware-detection https://www.egnyte.com/guides/governance/ransomware

This segment is sponsored by Egnyte. Visit https://securityweekly.com/egnytersac to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-11

May 31, 2024

Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 14, 2017.

Doug and Russ talk about different types of backups, how they work and out-of-band strategies.

Show Notes: https://securityweekly.com/vault-swn-14

May 31, 2024

Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthening the security posture of every organization. TDIR aims to identify potential threats and respond before they can impact a business. A layered defense focuses on identifying threat activity, prioritizing investigations, and measuring risk. As a result, organizations can take the appropriate threat mitigation steps. These security strategies and protocols signify a step forward with a TDIR strategy where everyone from the CISO to the security analyst wins.

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylogrsac to learn more about them!

Axur is a cost-effective external cybersecurity solution that empowers security teams to handle threats beyond the perimeter. Our platform detects, inspects, and responds to brand impersonation, phishing scams, dark web mentions, threat intel vulnerabilities, and more.

This segment is sponsored by Axur. Visit https://securityweekly.com/axurrsac to learn more about them!

Segment Resources: https://www.axur.com/en-us/partners https://www.axur.com/en-us/outsourced-takedown https://www.axur.com/polaris/home

Vendors, sales channels, partners and other kinds of third parties are essential to most businesses. Ensuring that the information security risks of those other companies don't impact your own is the remit of Third Party Cyber Risk Management (TPCRM) teams. It is increasingly evident, however, that the existing practices and tools are not up to the challenge. They make the process even more adversarial than it needs to be, are focused on risk transfer and/or acceptance rather than reduction; are based on limited and low quality signals; and are often excruciatingly manual. We can do better as an industry, and in this conversation we are going to explore a new paradigm for TPCRM and its advantages for third and first parties.

Segment Resources: Alice in Supply Chains is a monthly marketing-free newsletter with curated news and commentary on TPCRM: https://www.linkedin.com/newsletters/alice-in-supply-chains-6976104448523677696/

This segment is sponsored by Tenchi Security. Visit https://securityweekly.com/tenchirsac to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-10

May 30, 2024

As a special treat for this week's vault episode, we set up a conversation with Derek Manky to discuss Fortinet's FortiGuard Labs Threat Report. This is a bi-annual report put out by FortiGuard Labs, and in my opinion, it just keeps getting better and better. The report is chock full of actionable information and insights. It answered all my questions about the current state of threats and attacks, like:

  • What is the latest big shift in strategy and focus for ransomware groups?
  • I keep hearing that attackers are getting faster and faster - how much time to defenders actually have these days (to patch a critical vuln, for example)?
  • What are the latest attack techniques being used? Which are used less, or never used?

There's not a dull moment in this conversation - I hope you enjoy listening to or watching it as much as I did making it!

Segment Resources:

Show Notes: https://securityweekly.com/vault-esw-9

May 29, 2024

Making The World A More Secure Place: Joshua Corman's Journey and Insights

Welcome to an insightful podcast episode featuring Joshua Corman, a prominent figure in the realm of cybersecurity. With a wealth of experience and a keen understanding of the evolving threat landscape, Joshua has established himself as a thought leader and influencer in the cybersecurity community.

In this episode, we explore Joshua's professional journey, from his early days in the industry to his current position as a respected cybersecurity leader. With a focus on practical strategies and real-world challenges, Joshua shares valuable insights into the complexities of modern cybersecurity and the strategies organizations can employ to navigate this dynamic landscape.

As a recognized authority on security, Joshua Corman's expertise spans a range of topics, including risk management, threat intelligence, and the intersection of security with technology and business. Join us as we delve into his experiences, lessons learned, and the principles that guide his approach to addressing the ever-present challenges of cybersecurity.

Whether you are a cybersecurity professional, technology enthusiast, or someone keen on understanding the intricacies of safeguarding digital assets, this podcast offers a unique opportunity to gain perspective from one of the industry's thought leaders. Tune in to discover the wisdom and practical advice Joshua Corman brings to the table, shedding light on the current state of cybersecurity and its future trajectory.

Show Notes: https://securityweekly.com/vault-psw-9

May 28, 2024

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”

This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!

CISOs encounter challenges in securing data amidst the rapid growth driven by Cloud and GenAI applications. In this segment, we will delve into how Bedrock Security powers frictionless data security, empowering CISOs to securely manage data sprawl, allowing their businesses to operate at optimal speed, without compromising security.

Segment Resources:

Bedrock Security: https://www.bedrock.security/

Bedrock Security X/Twitter: https://twitter.com/bedrocksec

Bedrock Security LinkedIn: https://www.linkedin.com/company/bedrocksec/

House Rx (customer) Case Study: https://tinyurl.com/35v48wx7

Introductory Whitepaper: https://tinyurl.com/5yjeu92b

Innovation Sandbox 2024:  https://www.businesswire.com/news/home/20240402284910/en/Bedrock-Security-Named-RSA-Conference-2024-Innovation-Sandbox-Finalist

 

This segment is sponsored by Bedrock Security. Visit https://securityweekly.com/bedrockrsac to learn more about them!

Show Notes: https://securityweekly.com/vault-asw-10

May 28, 2024

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023.

We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities.

Show Notes: https://securityweekly.com/vault-asw-9

May 28, 2024

Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 8, 2017.

Doug and Russ swim the warm waters of academia, college degrees, types of degrees, and whether or not you need one.

Show Notes: https://securityweekly.com/vault-swn-13

May 28, 2024

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.

This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!

While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.

This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!

Show Notes: https://securityweekly.com/vault-bsw-9

May 27, 2024

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022.

Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.

Segment Resources:

Show Notes: https://securityweekly.com/vault-bsw-9

May 24, 2024

Qwiet AI provides real time detection of security vulnerabilities in code along with the best AI generated fixes to aid developers in finding and fixing their code with the addition of AI AutoFix.

This segment is sponsored by Qwiet AI. Visit https://securityweekly.com/qwietrsac to learn more about them!

With scores of security tools implemented, configured, and integrated security teams are overwhelmed while knowing there is still a possibility for a breach. As they work to prioritize threat exposures, it is imperative for organizations to have a clear, context-rich, and up-to-date view of their security posture. Picus Security CTO and Co-founder, Volkan Ertürk, explains how consistent security validation allows security teams to pinpoint gaps, prioritize, and quantify risk so they can reduce threat exposure.

Segment Resources: Picus Red Report 2024: https://www.picussecurity.com/hubfs/Red%20Report%202024/Picus-RedReport-2024.pdf

This segment is sponsored by Picus Security. Visit https://www.securityweekly.com/picusrsac to learn more about them!

Platformization could mean reduction in innovation, reduction in the ability to be flexible, and less competition. But it doesn't have to be this way. Like the IT industry, there are ways for the cybersecurity industry to platformize, but also to have this become a net benefit to the industry as a whole.

Segment Resources: Navigating the SecOps Cloud Platform webinar recording: https://www.youtube.com/watch?v=MbzvLX-W2KY

Recon Infosec Case Study: https://info.limacharlie.io/hubfs/Case%20Studies/LimaCharlieReconInfosecMSSPCase_Study.pdf

Blumira Case Study: https://info.limacharlie.io/hubfs/Case%20Studies/LimaCharlieBlumiraCase_Study.pdf

This segment is sponsored by LimaCharlie. Visit https://securityweekly.com/limacharliersac to learn more about them!

Show Notes: https://securityweekly.com/esw-363

May 24, 2024

Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-389

May 24, 2024

The next generation of identity security is not about the popular idea of convergence, but of unification. A single, AI-driven solution that integrates PAM with identity security and access management is the clear path forward to manage and secure all enterprise data through a unified control point.

Segment Resources: • https://www.sailpoint.com/products/identity-security-cloud/atlas/ https://www.sailpoint.com/press-releases/sailpoint-accelerates-innovation-with-its-identity-security-platform-sailpoint-atlas/ https://www.sailpoint.com/press-releases/sailpoint-leads-identity-security-evolution-through-relentless-innovation/https://www.sailpoint.com/navigate/

This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them!

Over the past 15 years, identity has evolved from a perimeter-based security model with clear boundaries to one that is fluid, flexible, and permeates every aspect of digital business. Simultaneously, AI has infiltrated every enterprise, becoming a double-edged sword for defenders, and fueling fraud attacks across every sector.

In this interview, Ping Identity CEO Andre Durand will walk through the evolution of the identity attack surface, and the opportunity decentralized identity has to dramatically improve both security and experience by putting users in control. He'll also discuss the increasing threats to individuals and businesses, given the influx of AI, and why we should consider this the era of “verify more, trust less.”

This segment is sponsored by Ping Identity. Visit https://securityweekly.com/pingrsac to learn more about them!

As companies adopt new digital cloud technologies, cybercrime threats are on the rise and becoming more sophisticated. Identity has come under attack in today’s digital-first environment and is critical to ensure we can securely connect people to technology. Okta is on a mission to eliminate identity threats and clear the path for organizations to safely use any technology.

Segment Resources: https://www.okta.com/blog/2024/02/introducing-the-okta-secure-identity-commitment/

https://www.okta.com/products/okta-ai/

https://www.okta.com/blog/2024/02/okta-acquisition-advances-identity-powered-security/

This segment is sponsored by Okta. Visit https://securityweekly.com/oktarsac to learn more about them!

Show Notes: https://securityweekly.com/esw-363

May 23, 2024

Only one funding announcement this week, so we dive deep into Thoma Bravo's past and present portfolio. They recently announced a sale of Venafi to Cyberark and no one is quite sure how much of a hand they had in the LogRhythm/Exabeam merger, and whether or not they sold their stake in the process.

We also have a crazy stat Ross Haleliuk spotted in Bessemer's analysis: "13 out of 14 cybersecurity companies acquired in the past year for over $100M were from Israel". Is this an anomaly? Does it just mean that Israel wasn't shy about selling when the market was down? We discuss.

A number of new product announcements continue to trickle out post-RSA.

We'll also discuss Sam Altman and OpenAI's decision to use Scarlett Johansson's voice against her will and what it could mean for deepfakes, advanced social engineering techniques, and general big tech sliminess.

Do you know what a "product glorifier" is? How about a glowstacker? You will if you check out the second-to-last story in the show notes!

Show Notes: https://securityweekly.com/esw-363

May 23, 2024

An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs!

Show Notes: https://securityweekly.com/psw-830

May 22, 2024

The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization’s security posture!

This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them!

Show Notes: https://securityweekly.com/psw-830

May 21, 2024

The challenge of evaluating threat alerts in aggregate – what a collection and sequence of threat signals tell us about an attacker’s sophistication and motives – has bedeviled SOC teams since the dawn of the Iron Age. Vectra AI CTO Oliver Tavakoli will discuss how the design principles of our XDR platform deal with this challenge and how GenAI impacts this perspective.

Segment Resources:

  1. Vectra AI Platform Video: https://vimeo.com/916801622

  2. Blog: https://www.vectra.ai/blog/what-is-xdr-the-promise-of-xdr-capabilities-explained

  3. Blog: https://www.vectra.ai/blog/xdr-explored-the-evolution-and-impact-of-extended-detection-and-response

  4. MXDR Calculator: https://www.vectra.ai/calculators/mxdr-value-calculator

This segment is sponsored by Vectra AI. Visit https://securityweekly.com/vectrarsac to learn more about them!

In this interview, we will discuss the network security challenges of business applications and how they can also be the solution. AlgoSec has spent over two decades tackling tough security issues in some of the world’s most complex networks. Now, they’re applying their expertise to hybrid networks—where customers are combining their on-premise resources along with multiple cloud providers.

Segment Resources: https://www.algosec.com/resources/

This segment is sponsored by AlgoSec. Visit https://securityweekly.com/algosecrsac to learn more about them!

Show Notes: https://securityweekly.com/asw-286

May 21, 2024

Big Tech, Fighting a Junta, Keylogger in Microsoft , APT Hackers, Free Laundry, Joshua Marpet & more on this edition of the Security Weekly News!

Show Notes: https://securityweekly.com/swn-388

May 21, 2024

Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experience, but it also relies on code that looks familiar to developers rather than contrived or overly simplistic examples.

Segment resources:

Show Notes: https://securityweekly.com/asw-286

May 21, 2024

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She’ll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era.

This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them!

In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs.

Segment Resources:

https://www.blumira.com/customer-stories/

 https://www.blumira.com/why-blumira/

This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-351

May 20, 2024

This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies:

Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

Show Notes: https://securityweekly.com/bsw-351

1 « Previous 1 2 3 4 5 6 7 Next » 57