Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: podcast
May 14, 2024

AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.

Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/

This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!

 

The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.

Segment Resources: https://www.silverfort.com/the-identity-underground-report/

https://www.forbes.com/sites/forbestechcouncil/2023/11/16/rethinking-the-framework-around-identity-security/

 https://techcrunch.com/2024/01/23/silverfort-now-valued-at-1b-after-raising-116m-for-its-holistic-approach-to-identity-security/

This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-350

May 13, 2024

Easy Passwords, BIG-IP, Ascension, Lockbit, Google, Poland, ZScaler, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-385

May 10, 2024

Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe. Pentera recently introduced Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will focus on the challenge of security validation and pentesting in the cloud, and how Pentera Cloud is redefining the speed and scale of pentesting in the cloud.

This segment is sponsored by Pentera. Visit https://www.securityweekly.com/penterarsac to learn more about them!

Jason Keirstead, Cyware's VP of Collective Threat Defense, takes us beyond the AI buzz in cybersecurity. While AI has tremendous potential for cybersecurity, Jason emphasizes its pragmatic and deliberate application to modernize security operations — not as a panacea but as a strategic ally in enhancing threat intelligence, response capabilities, and operational collaboration. We discuss the practical benefits and limitations of AI, offering insights into how security professionals can leverage AI to augment, not replace, human decision-making and creativity in the ongoing fight against cyber threats.

This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them!

Anomali’s AI-Powered Security Operations Platform is a cloud-native solution that delivers the industry’s most comprehensive set of integrated and automated security functions. Anthony Aurigemma discusses how Anomali Copilot automates mundane tasks and enables better analytics and reasoning for today’s security teams – automating half of an analyst’s day, enabling them to focus on strategic work. With the ability to augment or replace legacy security systems, Anomali’s Security Operations Platform helps security teams deliver intelligent, actionable, and accurate insights to their business.

This segment is sponsored by Anomali. Visit https://www.securityweekly.com/anomalirsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

May 10, 2024

The landscape of phishing attacks continues to rapidly evolve. In 2023, Zscaler ThreatLabz observed a year-over-year increase of 58.2% in global phishing attempts. This surge was characterized by emerging schemes, including voice phishing, recruitment scams, and browser-in-the-browser attacks.

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them!

In today's complex world, organizations are challenged to modernize their network while also improving their security posture to support digital transformation initiatives. Tim Roddy will talk about what is driving the need for network transformation efforts and why organizations are moving to IAM and SASE (also known as Zero Trust Edge) solutions to support these efforts. He’ll discuss the fast-growing SASE market and the demand for SASE delivered as a managed service due to talent shortages.

This segment is sponsored by Open Systems. Visit https://securityweekly.com/opensystemsrsac to learn more about them!

It’s not rocket science, it’s network security. And yet for many organizations, the road to securing employees and information often results in trade-offs to performance, agility, scalable services, and user experience. While first-generation SASE solutions promised companies a way out of this complexity, those early deployments failed to resolve the root causes of these growth pains--enter Unified SASE as a Service. Going beyond SASE learn what Unified SASE as a Service is and why you should care.

This segment is sponsored by Aryaka. Visit https://securityweekly.com/aryakarsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

May 10, 2024

Emerging threats are targeting organizations from seemingly every angle. This means security teams must expand their focus to secure as many domains as possible. OpenText is building on its holistic approach to cybersecurity with new innovations that make it easier for organizations to secure themselves against next generation threats.

This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them!

In reaction to the increasing potential of threat actors unaffected by the current state of cybersecurity measures and vulnerability management tools yielding “rarely actioned reports and long lists of generic remediations” as the attack surface continues to expand, Gartner has suggested a new program: CTEM - Continuous Threat Exposure Management. A continuous threat exposure management (CTEM) program is an integrated, iterative approach to prioritizing potential treatments and continually refining security posture improvements. Join Hive Pro’s VP of Product Marketing and former Gartner Analyst, Zaira Pirzada to better understand: - The state of the current threat landscape - The SOC pain points - What Continuous Threat Exposure Management is and best practices to implement it

This segment is sponsored by Hive Pro. Visit https://securityweekly.com/hiveprorsac to learn more about them!

Traditional Managed Detection and Response (MDR) methods, centered on threat-based security, often miss the bigger picture of evolving cyber risks. This segment explores the shift towards a proactive, risk-based MDR approach, emphasizing the importance of anticipating and mitigating risks before they escalate into threats. We'll discuss the benefits of integrating risk management into security strategies and the key factors organizations should weigh when enhancing their cyber risk reduction efforts.

This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

May 9, 2024

Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman

Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management.

Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats.

In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices.

As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets.

Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity.

Show Notes: https://securityweekly.com/psw-828

May 8, 2024

In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.

Show Notes: https://securityweekly.com/psw-828

May 7, 2024

Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, and more, on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-384

May 7, 2024

We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack of resources in testing an AI's bias. Then we discuss how organizations should approach the very different concepts of AI security and AI safety.

Segment Resources:

Show Notes: https://securityweekly.com/asw-284

May 7, 2024

A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explains why it's important to understand the different types of AI and the practical tasks necessary to secure how it's used.

Segment resources:

Show Notes: https://securityweekly.com/asw-284

May 7, 2024

Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:

  • Developing the training program
  • Practice, practice, practice
  • Imposing corrective actions
  • Constantly evaluating/reviewing the success of the training program

Show Notes: https://securityweekly.com/bsw-349

May 6, 2024

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?

Show Notes: https://securityweekly.com/bsw-349

May 3, 2024

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-383

May 3, 2024

It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features...

To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends!

Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge.

Show Notes: https://securityweekly.com/esw-360

May 3, 2024

It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs.

Resources

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

Show Notes: https://securityweekly.com/esw-360

May 2, 2024

ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips.

Show Notes: https://securityweekly.com/psw-827

Apr 30, 2024

Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more!

Show Notes: https://securityweekly.com/asw-283

Apr 30, 2024

AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-382

Apr 30, 2024

Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now they're bracing for the coming of genAI and how that will just further highlight the current struggles they're having with data security and data privacy.

Segment Resources:
Complete Survey Results: The Growing Complexity of Securing the Software Supply Chain
https://research.esg-global.com/reportaction/515201781/Toc 

Show Notes: https://securityweekly.com/asw-283

Apr 30, 2024

In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!

Show Notes: https://securityweekly.com/bsw-348

Apr 29, 2024

A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.

Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!

Show Notes: https://securityweekly.com/bsw-348

Apr 26, 2024

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.

Resources:

Show Notes: https://securityweekly.com/esw-359

Apr 26, 2024

TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-381

1 « Previous 2 3 4 5 6 7 8 Next » 59