Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2020
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: September, 2020
Sep 14, 2020

Developer friendly appsec; the people, process and culture of DevSecOps. The basics for some and struggles for others.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw121

Sep 12, 2020

We welcome special guest Lea Snyder, BSides Boston Organizer, to talk all things BSides Boston 2020 for its 10 year anniversary! In the Security News, Cisco Patches Critical Vulnerability in Jabber for Windows, Expert found multiple critical issues in MoFi routers, TeamTNT Gains Full Remote Takeover of Cloud Instances, Bluetooth Bug Opens Devices to Man-in-the-Middle Attacks, Former NSA chief General Keith Alexander is now on Amazon’s board, and the Legality of Security Research is to be Decided in a US Supreme Court Case!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw666

Sep 11, 2020

DevOps has gained momentum over the years as its methods have been used by teams worldwide to accelerate application delivery. But where we continue to struggle is in integrating security into this workflow. In this discussion, Sumedh Thakar, president and chief product officer at Qualys, will talk with the Security Weekly Team about the importance of building security into the CI/CD pipeline to ensure the quality of code and to protect the application and data infrastructure. He'll talk about Qualys' own DevOps strategy and the lessons learned as his team built out the DevOps toolchain and how it integrated security best practices within the DevOps lifecycle.

 

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw666

Sep 11, 2020

Every time you deploy a patch nothing has ever gone wrong, right? Most of us have been burned by deploying a patch, causing downtime in your environment, getting in trouble with users and management for causing an outage and having to back out a patch, then re-deploy. The team at Vicarious has a way to apply in-memory virtual patches that mitigate exploitation and do not require binaries to be altered. Tune-in for the full description and demo!

 

This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw666

Sep 10, 2020

Bradon describes Mimecast's "cloud-based resilience platform." What problem(s) they are solving. How they solve it in a unique/differentiated way and the value to the customers.

 

This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw198

Sep 10, 2020

In today’s modern enterprise, where traditional security boundaries have all but disappeared, Identity has become the new security perimeter. In this episode, CyberArk Identity Security expert Corey Williams will explore the concept identity security and its key elements, including Privileged Access Management, Multi-factor Authentication, Single Sign-on, and innovations in machine learning and AI - that are powering Identity Security today. Corey will also explore the Identity Security technology landscape and the evolution of Identity, focusing on Identity Security as an enablement tool in the age of remote work arrangements, growing cloud adoption, and everything mobile.

 

This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw198

Sep 9, 2020

Yubico Delivers New Security Key the YubiKey 5C NFC, ManageEngine ADSelfService Plus now supports MFA for VPNs to protect remote workforce, Sysdig partners with VulnDB to strengthen vulnerability intelligence reporting, 3 Signs it’s Time for a Penetration Test, and CrowdStrike Expands Support for AWS Workloads and Container Deployments!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw198

Sep 9, 2020

Ekran System is a PCI DSS compliance solution that helps you comply with key industry rules and requirements and protect your company from insider threats.

 

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw42

Sep 8, 2020

Ekran System is a universal insider threat protection platform that combines three essential insider security controls: activity monitoring, access management, and identity management. Functionality is provided in a single universal software platform delivering light-weight agents for all types of endpoints.

 

This segment is sponsored by Ekran System. Visit https://securityweekly.com/ekran to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw42

Sep 6, 2020

The NSA Makes Its Powerful Cybersecurity Tool Open Source, The bizarre reason Amazon drivers are hanging phones in trees near Whole Foods, Elon Musk Confirms Serious Russian Bitcoin Ransomware Attack On Tesla, Foiled By The FBI, Attackers are exploiting two zero-day flaws in Cisco enterprise-grade routers, and the FBI is investigating after an alarmed pilot tells the LAX tower: We just passed a guy in a jet pack!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw665

Sep 5, 2020

Successful attacks on healthcare entities are steadily increasing. Sophisticated criminals and nation states are focusing more attention on healthcare than ever before. The main goals are to steal money, data and intellectual property, execute ransomware, and attack critical infrastructure. Why do the hackers continue to succeed and what are some effective strategies and tactics to combat this scourge of ransomware?

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw665

Sep 5, 2020

Loveable Security: Flee's approach to cybersecurity is that is should be "loveable." He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw665

Sep 4, 2020

This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial! CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/

 

All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively? We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure. Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 4, 2020

deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next? This segment is sponsored by deepwatch. Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!

 

Every organization gets compromised - it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 3, 2020

Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 3, 2020

Recent criminal charges against the CSO and CEO of Uber.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw41

Sep 2, 2020

Recent criminal charges against the CSO and CEO of Uber.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw41

Sep 2, 2020

In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw186

Sep 1, 2020

Organizations need a highly skilled security chief to drive fundamental initiatives and align activities to address pressing enterprise needs. Proven CISOs (Chief Information Security Officers) are hard to find and essentially they could become challenging to retain and afford. Flexible Virtual CISO model is an excellent choice to achieve your enterprise goals in terms of security. Companies usually face diverse challenges in term of cost, retention, limited talent in a particular location, etc. The solution to achieve operational excellence and drive highly successful security programs at a fraction of the cost, is to hire a vCISO. A Virtual CISO will occupy the same place in the organization a full-time CISO would, but in a more cost-effective way. A vCISO will provide strategy, guidance, and oversight to achieve operational success in security. Operating with an independent voice, they often can escape the internal politics that plague some organizations.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw186

Sep 1, 2020

A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw120

« Previous 1 2