Info

Security Weekly Podcast Network (Video)

Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
December
November
October
September
August
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 10
Jul 9, 2024

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.

Segment resources

Show Notes: https://securityweekly.com/asw-290

Jul 9, 2024

In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!

Show Notes: https://securityweekly.com/bsw-355

Jul 9, 2024

Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!

Show Notes: https://securityweekly.com/asw-290

Jul 9, 2024

On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size?

Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization.

Show Notes: https://securityweekly.com/bsw-355

Jul 5, 2024

Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on July 20, 2017.

Doug talks about how to count from zero to one!

Show Notes: https://securityweekly.com/vault-swn-18

Jul 3, 2024

Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin

Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field.

As a seasoned security professional, Joe has contributed significantly to the cybersecurity community through his expertise and innovation. With a career spanning decades, he has become a go-to resource for insights into the intricacies of hardware security, emphasizing the critical intersection between hardware and software vulnerabilities.

In our podcast interview, we delve into Joe's journey – from his early forays into hacking to his current role as a thought leader in cybersecurity. Gain a unique perspective on the evolving challenges faced by security professionals, especially in the context of hardware-based threats.

Joe's expertise extends beyond theoretical knowledge, as he has been actively involved in hands-on research and development. As a co-founder of Grand Idea Studio, he has played a pivotal role in developing cutting-edge hardware security tools, contributing to the arsenal of cybersecurity professionals worldwide.

Join us as we explore the world of hardware hacking, reverse engineering, and the broader cybersecurity landscape with Joe Grand. Whether you're an aspiring hacker, a seasoned security professional, or simply curious about the intricacies of cybersecurity, this podcast episode promises deep insights into the mind of a true cybersecurity luminary.

Show Notes: https://securityweekly.com/vault-psw-11

Jul 2, 2024

Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on March 6, 2017.

Have you ever wondered what phishing is? Do you know what spear phishing attacks are? Doug and Russ explain how to protect yourself from phishing scams in the inaugural episode of Secure Digital Life!

Show Notes: https://securityweekly.com/vault-swn-17

Jul 1, 2024

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.

As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.

Show Notes: https://securityweekly.com/vault-bsw-12

Jun 29, 2024

We've made a slight tweak to the news format, only focusing on the most interesting funding and acquisition stories. As always, you can go check out Mike Privette's Return on Security newsletter for the full list of funded and acquired companies every week.

This week, we discuss two $100M+ rounds, from Huntress and Semperis. We also discuss NetSPI's acquisition of Hubble, and the future of the CAASM market.

We focus on the important of detection engineering, echoing some of Martin Roesch's thoughts from our interview with him just before the news. One story is from the excellent DFIR report, a website and newsletter you should absolutely be subscribed to if detection engineering is important to you. The other story is from Thinkst, and showcases their ability to create file share honeypots with file listings that can now be tailored to specific industries.

We discuss the results of some polls that RSnake ran on Twitter, to get feedback from folks on what they think about these models where CISOs are reportedly getting kickbacks for buying products from companies they advise.

We also discuss the latest whistleblower insights about Microsoft and the state of security there, and the recent Polyfill.io incident that targeted over 100k websites with malware.

Finally, we spend the rest of the news segment discussing the current state of Generative AI, from our own perspectives, but also through the lens of Bruce Schneier's latest blog post, a year old post from Marc Andreesen, and a rage-fueled rant from an angry Aussie.

Don't miss the squirrel story - we highly recommend sending it to all your PhD friends (or not, if they're easily insulted and/or likely to hold a grudge).

Show Notes: https://securityweekly.com/esw-366

Jun 28, 2024

For decades, security teams have been focused on preventing and detecting threats, only to find themselves buried so deep in alerts, they can't detect anything at all! We clearly need a different approach, which will be the topic of our conversation today with Marty. We'll be discussing a shift in philosophy and tactics. We'll discuss whether SecOps has a hoarding problem, and possible paths out of the current situation preventing today's teams from successfully detecting attacks. Finally, we'll discuss the impact AI has on all this (if any).

Segment Resources:

Show Notes: https://securityweekly.com/esw-366

Jun 28, 2024

Healthcare and malware, MoveIT, Chrome won't trust Entrust, the discovery of Volt Typhoon, & more on this episode of the Security Weekly News!

Segment Resources: https://therecord.media/volt-typhoon-targets-underestimated-cisa-says

Show Notes: https://securityweekly.com/swn-395

Jun 28, 2024

We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their products. We discuss:

  • What to be aware of when deploying GenAI
  • Key use cases and successes organizations are having with GenAI
  • Some of the risks to be aware of
  • How to prepare employees for GenAI
  • Best practices to prepare for evolving threats

Show Notes: https://securityweekly.com/esw-366

Jun 27, 2024

Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities.

Show Notes: https://securityweekly.com/psw-833

Jun 27, 2024

This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate!

Show Notes: https://securityweekly.com/psw-833

Jun 25, 2024

Thoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more!

Show Notes: https://securityweekly.com/asw-289

Jun 25, 2024

Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-394

Jun 25, 2024

OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.

Segment Resources:

Show Notes: https://securityweekly.com/asw-289

Jun 25, 2024

In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:

  • CSOs/CISOs for their focus on security
  • CTOs for their focus on innovation
  • CIOs for their focus on operational efficiency

Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.

Segment Resources: 

 www.okta.com/resources/whitepaper-ai-at-work-report/

www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

Jun 24, 2024

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

Jun 21, 2024

Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor.

Tim will describe the importance of implementing a Zero Trust framework that evaluates each command, query, and configuration change in real-time, and how that delivers the most effective and complete security solution. Doing so involves the application of fine-grained authorization policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.

Segment Resources: https://www.strongdm.com/blog/pam-was-dead-strongdm-just-brought-it-back-to-life https://www.strongdm.com/whitepaper/technical-overview

This segment is sponsored by StrongDM. Visit https://securityweekly.com/strongdmidv to learn more about them!

Traditional IGA solutions are not risk-focused by design, and as audit and compliance focus continues to expand beyond core ERP systems and into line of business apps and point solutions, organizations must plan holistically how to address risk across their application landscape. It’s never too late to start kicking off your risk reduction journey, and utilizing an innovative, unified platform for both identity and access risk governance has significant, compounding benefits and helps organizations realize faster time to value, lower TCO and longer term consistent risk exposure reduction. Ensuring access to all of your business-critical applications is provisioned seamlessly, efficiently, and cost-effectively while meeting risk, audit and compliance requirements should be the primary goal of any identity and access risk governance solution implementation.

Segment Resources: https://get.pathlock.com/demo-sem-kuppingercole-access-control-tools-multi-vendor-lob https://pathlock.com/learn/access-provisioning/ https://pathlock.com/compliant-provisioning-copy/ https://pathlock.com/learn/what-is-identity-governance-and-administration/ https://pathlock.com/distressed-iga-deployments/

This segment is sponsored by Pathlock. Visit https://securityweekly.com/pathlockidv to learn more about them!

Remote identity verification is one of the biggest challenges in the digital age, especially with the use of AI-generated deepfakes which are now impossible to distinguish from real imagery with the human eye. AI-powered biometrics have emerged as the most robust defense against deepfakes - and therefore, the only reliable method for remote identity verification.

Segment Resources: iProov.com https://www.iproov.com/ iProov Threat Intelligence Report 2024: The Impact of AI on Remote Identity Verification - https://www.iproov.com/reports/iproov-threat-intelligence-report-2024

This segment is sponsored by iProov. Visit https://securityweekly.com/iproovidv to learn more about them!

The criminal opportunity shaping the landscape today and how authoritative, accurate and automated processes are helping others increase their conversion rates by 20% while preventing 99% of all fraudulent attempts. What is the Criminal Opportunity facing us all right now? Data breaches and mail theft have resulted in a record level of available compromised Identity Information, payment information, and login information and even stolen checks. It has been said that ’At this point, all of our information is out on the dark web and it's now just a matter of when is it going to be used against us.’ Combined with inadequate fraud strategies, fraudsters have the key to the castle, it’s a perfect scenario of having the answers to the quiz ahead of time.

This segment is sponsored by Intellicheck. Visit https://securityweekly.com/intellicheckidv to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-12

Jun 21, 2024

Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on June 19, 2018.

This week, Doug and Russ interview Matthew Silva, President and Founder of the Cybersecurity and Intel Club at Roger Williams University! They talk about majoring in Cybersecurity vs. Computer Science, gaining experience vs. book learning, and more on this episode of Secure Digital Life!

Show Notes: https://securityweekly.com/vault-swn-16

Jun 21, 2024

FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market.

Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80

This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them!

While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality.

This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them!

Cyberattacks, fraud and breaches, we’ve all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward.

This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them!

Show Notes: https://securityweekly.com/vault-esw-12

Jun 20, 2024

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are:

-40 years old, with little innovation

-Haven’t solved the problem.

In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different:

-Prove bugs, rather than trying to list all of them.

-Zero false positives, which leads to better autonomy.

Segment Resources:

Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge

Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them

Example vulns discovered:

https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot

https://github.com/forallsecure/vulnerabilitieslab

Show Notes: https://securityweekly.com/vault-esw-12

Jun 19, 2024

Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel

Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth of knowledge and strategic insights to our discussion.

As the Founder and CEO of Immunity Inc., a leading cybersecurity company, Dave has played a pivotal role in shaping the cybersecurity landscape. Join us as we delve into his journey, from his early experiences in cybersecurity to the strategic decisions that have defined his role as a thought leader in the field.

In this episode, we explore Dave's perspectives on the ever-evolving threat landscape, offensive security strategies, and the intricate balance between security and privacy. Gain valuable insights into the methodologies and philosophies that underpin his approach to addressing the challenges posed by cyber threats.

Dave Aitel's expertise extends beyond technical domains; he is also recognized for his contributions to policy discussions on cybersecurity. Discover how his experiences and viewpoints contribute to the broader discourse on cybersecurity policy, technology, and the future of digital defense.

Whether you're a cybersecurity professional, an industry enthusiast, or someone keen on understanding the strategic dimensions of cybersecurity, this podcast episode with Dave Aitel is bound to offer thought-provoking perspectives and strategic insights.

Tune in to explore the intersection of technology, security, and strategy with one of the industry's strategic minds, Dave Aitel.

Show Notes: https://securityweekly.com/vault-psw-10

Jun 18, 2024

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023.

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking, observability, and security. Let's explore eBPF and understand its value for security, and how it's used to secure network connectivity in the Cilium project, and for runtime security observability and enforcement in Cilium's sub-project, Tetragon.

Segment Resources:

Download "Learning eBPF": https://isovalent.com/learning-ebpf Buy "Learning eBPF" from Amazon: https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121 Cilium project: https://cilium.io Tetragon project: https://tetragon.cilium.io/

Show Notes: https://securityweekly.com/vault-asw-11

1 « Previous 7 8 9 10 11 12 13 Next » 174