Check out this episode from the SWN Vault, originally published on February 13, 2019! This Secure Digital Life episode was hand-picked by main host Doug White.

Well, there are a lot of terms that are around in Cyber these days. I think we could do shows every week for a while and never get through them all. From AI to Zero Day Exploits, there are a plethora of terms that everyone uses all the time but maybe you don't know them yet. So, I thought we would grab some of the more common ones and try to explain.

Show Notes: https://securityweekly.com/vault-swn-21

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023.

Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview.

Show Notes: https://securityweekly.com/vault-bsw-14

In the enterprise security news,

1. Bitsight, Snyk, and Silverfort announce acquisitions
2. Tanium announces an “autonomous” endpoint security offering
3. We find out how much a smartphone costs when it is manufactured in the US
4. CISA’s leadership announces resignations
5. Ransomware is going after old versions of Excel
6. Should vendors be doing more about alert fatigue?
7. The latest cybersecurity reports
8. Using AI to mess with scammers

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-385

Why a special segment on Microsoft Ignite announcements?

1. There were a lot of announcements
2. Microsoft is the largest security vendor, in terms of revenue
3. Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry.

Show Notes: https://securityweekly.com/esw-385

Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-433

This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team.

We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important.

Show Notes: https://securityweekly.com/esw-385

Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC!

Show Notes: https://securityweekly.com/psw-852

Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety.

Show Notes: https://securityweekly.com/psw-852

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us.

We also discuss whether Secure by Design's goals are practical or not.

OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet.

Also, Watchtowr has some fun with Citrix VDI!

Show Notes: https://securityweekly.com/asw-308

In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!

Show Notes: https://securityweekly.com/bsw-373

Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-432

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:

• Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors.
• Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks.
• The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks.
• The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Show Notes: https://securityweekly.com/bsw-373

This week's interview dives deep into the state of biometrics with two Forrester Research analysts!

This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the keys to a range of engagement models of the future.

Andras Cser dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as Andras explains, there's no need to, thanks to how biometrics actually work. Then, Enza takes us through the latest on privacy in biometrics - a concern for both consumers, and businesses tasked with complying with privacy regulations and avoiding costly fines.

Finally, get a sneak peek into the upcoming Forrester Security & Risk Summit. Whether you're an industry professional or just curious about the implications of biometrics, this episode delivers insights you won't want to miss!

Show Notes: https://securityweekly.com/asw-308

This week in the enterprise security news,

1. Upwind Security gets a massive $100M Series B
2. Trustwave and Cybereason merge
3. NVIDIA wants to force SOC analyst millennials to socialize with AI agents
4. Has the cybersecurity workforce peaked?
5. Why incident response is essential for resilience
6. an example of good product marketing
7. who is Salvatore Verini, Jr. and why does he have all my data?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-384

Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today?

This will be a more standards and GRC focused discussion, covering:

1. the reasons why cross-walking doesn't work
2. the reasons why traditional TPRM approaches (e.g. questionnaires) don't work
3. opportunities for AI to help
4. risk management or sales support?

Show Notes: https://securityweekly.com/esw-384

Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-431

There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management).

Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks.

Segment Resources:

• From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams)
• From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools
• The Future of SOC Automation Platforms
• SentinelOne wants to make the autonomous SOC a reality

Show Notes: https://securityweekly.com/esw-384

We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds of tabs, color-coded cells, and JSON to create entire virtual worlds. Then we covered the rest of the security news including hacking Mazda's infotainment system and more!

Segment Resources:

• https://sans.org/holidayhack

Show Notes: https://securityweekly.com/psw-851

Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.

Show Notes: https://securityweekly.com/psw-851

In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more!

Show Notes: https://securityweekly.com/bsw-372

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response.

Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish.

Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not?

All that and more on this week's news segment.

Show Notes: https://securityweekly.com/asw-307

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.

Show Notes: https://securityweekly.com/swn-430

In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations.

We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry about.

Integrating security into the SDLC and CI/CD pipelines, infrastructure as code (IaC) trends, best of breed vs platform, and other aspects of AppSec get discussed as well!

Show Notes: https://securityweekly.com/asw-307

Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health?

Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health.

Show Notes: https://securityweekly.com/bsw-372

In the enterprise security news,

1. Some big fundings
2. no less than 4 acquisitions
3. Silencing the EDR silencers
4. ghost jobs
5. overinflated estimates on open cybersecurity jobs
6. weaponizing Microsoft Copilot
7. fun projects with disposable vapes

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-383