Info

Security Weekly Podcast Network (Video)

This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
RSS Feed Subscribe in Apple Podcasts
Security Weekly Podcast Network (Video)
2024
July
June
May
April
March
February
January


2023
December
November
October
September
August
July
June
May
April
March
February
January


2022
December
November
October
September
August
July
June
May
April
March
February
January


2021
December
November
October
September
August
July
June
May
April
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 5
May 10, 2024

Emerging threats are targeting organizations from seemingly every angle. This means security teams must expand their focus to secure as many domains as possible. OpenText is building on its holistic approach to cybersecurity with new innovations that make it easier for organizations to secure themselves against next generation threats.

This segment is sponsored by OpenText. Visit https://securityweekly.com/opentextrsac to learn more about them!

In reaction to the increasing potential of threat actors unaffected by the current state of cybersecurity measures and vulnerability management tools yielding “rarely actioned reports and long lists of generic remediations” as the attack surface continues to expand, Gartner has suggested a new program: CTEM - Continuous Threat Exposure Management. A continuous threat exposure management (CTEM) program is an integrated, iterative approach to prioritizing potential treatments and continually refining security posture improvements. Join Hive Pro’s VP of Product Marketing and former Gartner Analyst, Zaira Pirzada to better understand: - The state of the current threat landscape - The SOC pain points - What Continuous Threat Exposure Management is and best practices to implement it

This segment is sponsored by Hive Pro. Visit https://securityweekly.com/hiveprorsac to learn more about them!

Traditional Managed Detection and Response (MDR) methods, centered on threat-based security, often miss the bigger picture of evolving cyber risks. This segment explores the shift towards a proactive, risk-based MDR approach, emphasizing the importance of anticipating and mitigating risks before they escalate into threats. We'll discuss the benefits of integrating risk management into security strategies and the key factors organizations should weigh when enhancing their cyber risk reduction efforts.

This segment is sponsored by Critical Start. Visit https://securityweekly.com/criticalstartrsac to learn more about them!

Show Notes: https://securityweekly.com/esw-361

May 9, 2024

Illuminating the Cybersecurity Path: A Conversation with Jeremiah Grossman

Join us for a compelling episode featuring Jeremiah Grossman, a prominent figure in the cybersecurity landscape. As a recognized expert, Jeremiah has played a pivotal role in shaping the discourse around web security and risk management.

Jeremiah's journey in cybersecurity is marked by a series of influential roles, including Chief of Security Strategy at SentinelOne and Founder of WhiteHat Security. With a focus on web application security, he has been a driving force in advocating for innovative approaches to protect organizations from cyber threats.

In this episode, we explore Jeremiah's vast experience and delve into his insights on the ever-evolving cybersecurity challenges. From his early days as a hacker to his current position as a sought-after industry thought leader, Jeremiah shares valuable perspectives on the strategies and philosophies that underpin effective cybersecurity practices.

As a pioneer in the field, Jeremiah has contributed significantly to the development of best practices for identifying and mitigating web-related vulnerabilities. Tune in to gain a deeper understanding of the evolving threat landscape and the proactive measures organizations can take to secure their digital assets.

Whether you're a cybersecurity professional, tech enthusiast, or someone eager to comprehend the complexities of online security, this podcast with Jeremiah Grossman promises to be an illuminating exploration of the past, present, and future of cybersecurity.

Show Notes: https://securityweekly.com/psw-828

May 8, 2024

In this RSAC 2024 South Stage Keynote, Mikko Hyppönen will look back at the past decade of ransomware evolution and explore how newer innovations, like AI, are shaping its future.

Show Notes: https://securityweekly.com/psw-828

May 7, 2024

Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, and more, on this Edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-384

May 7, 2024

We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack of resources in testing an AI's bias. Then we discuss how organizations should approach the very different concepts of AI security and AI safety.

Segment Resources:

Show Notes: https://securityweekly.com/asw-284

May 7, 2024

A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explains why it's important to understand the different types of AI and the practical tasks necessary to secure how it's used.

Segment resources:

Show Notes: https://securityweekly.com/asw-284

May 7, 2024

Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:

  • Developing the training program
  • Practice, practice, practice
  • Imposing corrective actions
  • Constantly evaluating/reviewing the success of the training program

Show Notes: https://securityweekly.com/bsw-349

May 6, 2024

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?

Show Notes: https://securityweekly.com/bsw-349

May 3, 2024

Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-383

May 3, 2024

It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features...

To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends!

Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge.

Show Notes: https://securityweekly.com/esw-360

May 3, 2024

It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs.

Resources

This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them!

Show Notes: https://securityweekly.com/esw-360

May 2, 2024

ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips.

Show Notes: https://securityweekly.com/psw-827

Apr 30, 2024

Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more!

Show Notes: https://securityweekly.com/asw-283

Apr 30, 2024

AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-382

Apr 30, 2024

Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now they're bracing for the coming of genAI and how that will just further highlight the current struggles they're having with data security and data privacy.

Segment Resources:
Complete Survey Results: The Growing Complexity of Securing the Software Supply Chain
https://research.esg-global.com/reportaction/515201781/Toc 

Show Notes: https://securityweekly.com/asw-283

Apr 30, 2024

In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!

Show Notes: https://securityweekly.com/bsw-348

Apr 29, 2024

A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.

Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!

Show Notes: https://securityweekly.com/bsw-348

Apr 26, 2024

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats.

Resources:

Show Notes: https://securityweekly.com/esw-359

Apr 26, 2024

TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News.

Show Notes: https://securityweekly.com/swn-381

Apr 26, 2024

We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if you're looking for some ideas!

This segment is sponsored by SentinelOne. Visit https://securityweekly.com/sentinelone to learn more about them!

Show Notes: https://securityweekly.com/esw-359

Apr 26, 2024

This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lock, and your keystrokes are showing!

Show Notes: https://securityweekly.com/psw-826

Apr 25, 2024

A clear pattern with startups getting funding this week are "autonomous" products and features.

  • Automated detection engineering
  • Autonomously map and predict malicious infrastructure
  • ..."helps your workforce resolve their own security issues autonomously"
  • automated remediation
  • automated compliance management & reporting

I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to automate things without a human in the loop.

The way LimaCharlie is going about it, with their new bi-directional functionality they're talking up right now, might work, as detections can be VERY specific and fine-grained.

We've already seen a round of fully automated guardrail approaches (particularly in the Cloud) fail, however. My prediction? Either what we're seeing isn't truly automated, or it will become a part of the product that no one uses - like Metasploit Pro licenses.

Show Notes: https://securityweekly.com/esw-359

Apr 24, 2024

On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions.

Show Notes: https://securityweekly.com/psw-826

Apr 23, 2024

CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!

Show Notes: https://securityweekly.com/asw-282

1 « Previous 2 3 4 5 6 7 8 Next » 166