Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety.
Show Notes: https://securityweekly.com/psw-852
This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us.
We also discuss whether Secure by Design's goals are practical or not.
OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet.
Also, Watchtowr has some fun with Citrix VDI!
Show Notes: https://securityweekly.com/asw-308
In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!
Show Notes: https://securityweekly.com/bsw-373
Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-432
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Show Notes: https://securityweekly.com/bsw-373
This week's interview dives deep into the state of biometrics with two Forrester Research analysts!
This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the keys to a range of engagement models of the future.
Andras Cser dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as Andras explains, there's no need to, thanks to how biometrics actually work. Then, Enza takes us through the latest on privacy in biometrics - a concern for both consumers, and businesses tasked with complying with privacy regulations and avoiding costly fines.
Finally, get a sneak peek into the upcoming Forrester Security & Risk Summit. Whether you're an industry professional or just curious about the implications of biometrics, this episode delivers insights you won't want to miss!
Show Notes: https://securityweekly.com/asw-308
This week in the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-384
Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today?
This will be a more standards and GRC focused discussion, covering:
Show Notes: https://securityweekly.com/esw-384
Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-431
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management).
Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks.
Segment Resources:
Show Notes: https://securityweekly.com/esw-384
We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds of tabs, color-coded cells, and JSON to create entire virtual worlds. Then we covered the rest of the security news including hacking Mazda's infotainment system and more!
Segment Resources:
Show Notes: https://securityweekly.com/psw-851
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to issue a CVE for their end-of-life product sparked a heated debate about cybersecurity accountability and conflicts of interest.
Show Notes: https://securityweekly.com/psw-851
In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more!
Show Notes: https://securityweekly.com/bsw-372
This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response.
Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish.
Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not?
All that and more on this week's news segment.
Show Notes: https://securityweekly.com/asw-307
Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-430
In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations.
We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry about.
Integrating security into the SDLC and CI/CD pipelines, infrastructure as code (IaC) trends, best of breed vs platform, and other aspects of AppSec get discussed as well!
Show Notes: https://securityweekly.com/asw-307
Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health?
Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health.
Show Notes: https://securityweekly.com/bsw-372
In the enterprise security news,
All that and more, on this episode of Enterprise Security Weekly.
Show Notes: https://securityweekly.com/esw-383
Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation?
There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out.
Show Notes: https://securityweekly.com/esw-383
Robo-Turing, BlueNoroff, Palo Alto, German Law, Fabric, Cisco, Banning Things, Aaran Leyland, and More, on this edition of the Security Weekly News.
Show Notes: https://securityweekly.com/swn-429
CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
Show Notes: https://securityweekly.com/esw-383
In the news: Pacific Rim, Linux on Windows for attackers, one of the worst cases of a former employee's retaliation, Zery-Day FOMO, we predicted that, hacking for fun, working hard for no PoC, an LLM that discovers software vulnerabilities, absurd fines, long usernames and Okta, and paying a ransom with dough!
Show Notes: https://securityweekly.com/psw-850
We chatted with Kayne about education systems security, funding for cyber tools and services, and what the future of education might look like to fill more cyber roles.
Show Notes: https://securityweekly.com/psw-850
Tariffs, Pygmy Goat, Schneider, SQLite and Dixie Flatline, Deepfakes, Military AI, Josh Marpet, and more on the Security Weekly News.
Show Notes: https://securityweekly.com/swn-428
Today’s cyber threat actors are capitalizing on organizations’ identity vulnerabilities, such as MFA. Nearly 75% of cloud security failures now result from mismanaged identities, access, and privileges, and the identity attack surface is becoming more challenging to protect as companies expand their cloud environments and supply chains to meet their IT needs.
Damon McDougald, Global Cyber Protection lead at Accenture, joins Security Weekly's Mandy Logan to share his perspective on why identity is so crucial in today’s hybrid work environment, the innovations that are changing the game when it comes to cybersecurity, the top challenges companies face in implementing identity, and how identity can help keep threat actors at bay.
Segment Resources: https://www.accenture.com/us-en/services/security/digital-identity
Hybrid workforces are here to stay. This means protecting today’s workforce requires securing access to applications from any device, anywhere, while maintaining a seamless user experience. Punit Minocha, the EVP of Business Development & Corporate Strategy at Zscaler, joins SC Media to discuss the challenges companies are facing with securing their hybrid workforces and how integrated, best-of-breed solutions from Zscaler and Okta deliver zero trust security that helps companies protect their data, infrastructure, and employees as they scale and innovate.
Segment Resources: https://www.okta.com/press-room/press-releases/zscaler-and-okta-enhance-enterprise-cybersecurity-with-new-zero-trust/
This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.
Show Notes: https://securityweekly.com/esw-382