Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
Oct 27, 2021

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world examples, and some real-life problems.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw92

Oct 27, 2021

In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myths and misconceptions, & more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw237

Oct 26, 2021

With today’s expanding attack surface, constantly evolving threat landscape, and growing cyber skills gap, cybersecurity leaders need actionable advice from seasoned peers more than ever. Renee along with a diverse group of accomplished experts in cybersecurity has created a book of collective learnings that brings together years of experience so that anyone in the field can leverage this insight in the face of the cyber threats and “fires” of today and tomorrow. This interview will focus on some of the takeaways and learnings.

 

Segment Resources:

https://www.barnesandnoble.com/w/fight-fire-with-fire-renee-tarun/1139924071

 

This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw237

Oct 26, 2021

This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw171

Oct 25, 2021

Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud.

 

Segment Resources:

www.cloudsecuritypodcast.tv

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw171

Oct 24, 2021

This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cyber hygiene?, Gummy browsers, the Internet is safe now, a particular kind of crack is open-source, sysmon: Now for Linux, Windows 11 and lies, and cocaine Hippos!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw715

Oct 23, 2021

We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, and send a Slack message if it finds anything. The initial release is here: https://github.com/SecurityWeekly/netslackbot

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw715

Oct 23, 2021

The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the similar trend that occurred in IT for the last decade?

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw715

Oct 22, 2021

Over the last year, The Record has published several interviews between security analysts and cybercriminals. This includes representatives from REvil, BlackMatter, and Marketo. The interviews have uncovered the gangs' motivations, targets, and tactics, and have been cited by officials including White House Deputy National Security Advisor Anne Neuberger.

 

This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw247

Oct 22, 2021

This Week in the Enterprise Security News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw247

Oct 21, 2021

There are tons of cybersecurity job openings for folks with 3-5 years of experience, but where are the junior roles? How are people getting their initial 3-5 years in? Josh and the ESW hosts discuss the finer points and challenges of breaking into InfoSec via the analyst path. - As mentors: where do we struggle with our mentees? - There are a million certs and degree programs - which are worth the time and money? - How can folks learn and hone cybersecurity skills prior to getting a job in InfoSec? We've even included a handy cheat sheet full of recommendations and resources: https://securityweekly.com/wp-content/uploads/2021/10/Starting-a-Cybersecurity-Career-Cheat-Sheet.pdf

 

This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw247

Oct 21, 2021

We’re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they’re important. And, while PCI 3.2.1 won’t be retired until 2024, it’s a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it! 

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw91

Oct 20, 2021

We’re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they’re important. And, while PCI 3.2.1 won’t be retired until 2024, it’s a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it! 

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw91

Oct 20, 2021

Zero Trust has quickly become a cybersecurity mandate and also the most abused term in the industry. The core tenants of Zero Trust are rooted in the ability to deliver secure access, which is arguably the foundation and fundamentals of any Zero Trust architecture. Hence the rise of Zero Trust Network Access and demise of legacy access solutions like VPNs. In this episode, we discuss the role of Zero Trust Network Access in strengthening and simplifying access controls for today’s hybrid workforce as they connect from anywhere to multi-cloud, on-premises and even legacy applications. This includes how to reduce the attack surface due to digital sprawl and even reduce complexity for improved user-experience and operational efficiency.

 

This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw236

Oct 19, 2021

The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the public and private markets!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw236

Oct 19, 2021

This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw170

Oct 18, 2021

There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier.

 

This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw170

Oct 17, 2021

This week in the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw714

Oct 16, 2021

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications.

 

This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw714

Oct 16, 2021

The world's top tech organizations are pursuing an open-source endpoint security strategy using osquery. We will dig into how osquery and Fleet can enable observation, collection, and investigation on endpoints. This open-source strategy eases deployment, reduces cost, improves trust, and provides flexibility to meaningfully improve security on the endpoint.

Segment Resources:

https://osquery.io

https://fleetdm.com

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw714

Oct 15, 2021

In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

Oct 15, 2021

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!

 

Segment Resources:

Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning

eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing

Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf

 

This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

Oct 14, 2021

A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous, full of hyperbole, or just plain unreadable. We talk about why so many press releases are like this (there are legit reasons!) and how they could be improved.

What's wrong with press releases?

1. Frivolous Press Releases

2. Unintelligible Press Releases

3. Bending the Truth

4. Excessive hyperbole; death by adjective

5. FUD

Why are they like this?

1. Feeding the SEO beast

2. Written by committee

3. Need to appear successful

4. Need to show growth/progress

5. Need to differentiate from the competition

6. "if it bleeds it leads"

Fixing Press Releases

- When should you put out a press release?

- What should go into a press release?

- How should you write a press release?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

Oct 14, 2021

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.

 

Segment Resources:

The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw90

Oct 13, 2021

Tune in for this discussion on social engineering and its merits on being recognized as a legitimate component of cyber security. We'll also dive into the whole notion of motive and intent as it pertains to deliberately misrepresenting yourself, or simply lying to your customer in order to get them to be more secure.

 

Segment Resources:

The Aspies Guide to Social Engineering: from DEF CON 27 Social Engineering Village: https://www.youtube.com/watch?v=5IraysvK38A

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw90

1 « Previous 1 2 3 4 5 6 7 Next » 8