Doing simple things consistently and at scale is hard. Today's short staffing doesn't help. Automation is the answer. To find out more and try Redseal, please visit: https://securityweekly.com/redseal

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode162

What is Risk-Based Security? How does compliance and/or security programs/points-of-view help or hinder risk-based security efforts? How can we change this? Is there a more apparent path forward to teach/educate on the importance of focusing on risk?

Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode17

In this interview segment, Mike and John interview Shaun Lamb about strategies for how best to design applications so they are "secure by default" and have fewer incidents and vulnerabilities, How DevOps or DevSecOps positively changes the relationship between security and development/operations including: the application design process, security testing, and security education programs, and the security impact of applications moving to a microservices-based architecture running on Docker/Kubernetes and the role of an API Gateway.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode95

In the Security News, Twitter fixes API bug that can reveal users, Microsoft patches flaws in Azure stack, 8 cities that have been crippled by cyber attacks and how they fought against it, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

We interview Wilson Bautista is the Founder of Jun Cyber. Wilson will talk about leadership, DevOps and Secrity working together to provide security for the business, how does that work? Building secure culture, breaking down silos, communication between teams, security working in teams, IR teams talking, Threat intel teams, pen testers, and compliance.

Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode171

Paul shows you how to create secure Docker containers and begin to deploy them to Amazon ECS. This segment focuses on the security aspects of taking a legacy/non-contanerized application to the cloud.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

Malcolm Harkins is the Chief Security & Trust Officer at Cymatic. Malcolm will discuss the security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks. Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode171

After finding her own intimate photos online without her consent, Katelyn Bowden discovered that there weren't many resources for those who find themselves victims of this sort of abuse. In response, she started B.A.D.A.S.S., a nonprofit dedicated to fighting image abuse through victim empowerment and awareness. In their 2 year existence, BADASS has accomplished a lot-from legislation to education, and there's so much more on the way.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode638

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

This week in the Enterprise Security News segment, Paul, Jeff, and Matt cover the following news stories: Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic, Wallarm announces CircleCI Orbs for Wallarm FAST, Automox raises $30 million, Radiflow Launches Business-Driven Industrial Risk Analytics Service, Check Point Delivers Unified Security Management as a Cloud Service, Now available: eSentire's 2019 Annual Threat Intelligence Report, STEALTHbits' free program helps orgs mitigate risks associated with Microsoft's pending AD update, NETSCOUT enables streamline monitoring and reduces risk, If You're Only Focused on Patching, You're Not Doing Vulnerability Management, 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products, Actionable Searching and Data Download with Vulnerability Management Dashboards, Companies and employees embrace BYOD but with compliance and risk challenges.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode171

This week in the leadership articles segment, Matt, Paul and Jason cover the following articles: Tech Isn't the Problem or Solution for Better Productivity. Instead, Look to Your Own Leadership, 9 Quotes By NBA Legend Kobe Bryant That Might Impact Our Lives Forever, Research: How to Build Trust with Business Partners from Other Cultures, Discover focusing on efficiency, brings in new CIO, CTO interview: Juan Villamil discusses changing IT culture, and For zero trust to work, machines and humans require identities.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode161

You are hedging your bets, hoping that someone else get's breached first, don't believe it's as big as an issue as people make out, keeping your insurance companies happy, telling your board "we're ok" and, basically avoiding looking in the mirror. We interview Chris Roberts to talk about bridging the gap in the learning process that companies only follow when they are breached.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode16

In this interview, David Starobinksi discusses the changes in network communications in both the wireless and IoT world, including cascading attacks, network outages, and the impact on the economy. David will also discuss software-defined radios (SDRs) and how they can help us in the new world of IoT.

Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode161

Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security.

Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode94

This week in the Application Security News, Mike, John, and Matt cover the following news stories: Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode94

In the Security News, NHS alerted to severe bulbs in GE health equipment, Ragnarok Ransomware targets Citrix ADC & disables Windows Defender, suspected Magecart hackers arrested in Indonesia, Wawa breach data was found for sale,, and so much more!

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

The recent MechaFlounder was a backdoor attack linked to Iranian threat actors who targeted Turkish entities. Similar Python-based backdoor attacks have managed to evade traditional network security defenses and propagate inside their target environments. To learn more about Edgewise, visit: https://securityweekly.com/edgewise

Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode637

In this week's episode of Paul's Security Weekly, Paul and the guys welcome back Gene Kim to interview him about his newest book "The Unicorn Project". Gene shares with us his goals and aspirations for The Unicorn Project, describes in detail the Five Ideals, along with his favorite case studies of both ideal and non-ideal, and why he believes more than ever that DevOps will be one of the most potent economic forces for decades to come.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/PSWEpisode635

This week in the Enterprise Security News, Paul and Matt cover the following stories: Cequence CQ botDefense, Optimizing Your IT Spend as You Move to the Cloud, Cybereason Launches Free Emotet-Locker Tool, Swimlane Version 10.0, Cisco Launches IoT Security Architecture, AV Vendors Continuing Support for Products Under Windows 7, Citrix and FireEye Launch IoC Scanner, StackRox Announces Google Anthos Support, Sophos Introduces Intercept X for Mobile, New Cisco/AppDynamics Integration, CloudKnox Security Raises Funding, and Magnet Forensics Unveils New Solution to Simplify Remote Forensics Investigations.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

This week in the leadership articles segment, Matt and Paul cover the following topics: Board members find cybersecurity risk an existential threat - According to a study from UC Berkeley's Center for Long-Term Cybersecurity (CLTC) and consulting firm Booz Allen Hamilton, When Community Becomes Your Competitive Advantage, The Little Things That Make Employees Feel Appreciated, Don't Stay in Your Lane: The Secret to Developing Your Career, Trust is at the Core or Software Marketing, and Chipotle, Target CISOs: Repurpose talent for cyber.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/BSWEpisode160

This week in the Security and Compliance Weekly News, Jeff, Matt, Scott, and Josh cover the following stories: Cyber insurance policies evolving to meet emerging risks - and premiums reflect it, Dallas County Acquires Cyber Insurance through ICAP, Ransomware Claims Driving Up Cyber Insurance Costs, Cowbell Cyber Demystifies Cyber Insurance with Cowbell Prime 100, The Cold Truth About Your Cyber Insurance, Cyber insurance basics, Cyber insurance costs and pitfalls, cyber insurance rates go up, and Even banks don't know what Cyber insurance means.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Edward Snowden is a prime example of an Insider Threat. Steven Bay was his manager at the time as says: "My missing employee, Edward Snowden, revealed himself to be the person behind the Top Secret NSA leaks that rocked the country in the preceding days. I felt my life came tumbling down around me. My worst day had come. I had to act - I had to lead. " We discuss insiders and why they are so dangerous and gain unique insights into the Edward Snowden story. The lessons learned we can apply to both identify and protect ourselves from such threats.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Whether you're trying to migrate a "homegrown" application or an open-source tool, getting into containers and to the cloud can be challenging. There are many ways to achieve the same goal, and as always, some not-so-great advice on the Internet. This segment will cover some of the technical details and considerations for moving applications into Docker and eventually into cloud services. We'll review Docker configurations and strategies for building, maintaining and securing containers.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ESWEpisode170

Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Michael discusses the challenges of CISOs and the differences between large enterprises and small businesses. As the role of the CISO continues to change, so do the requirements for both large enterprise and small business CISOs. We discuss the balance of communications. leadership, ownership, governance, and the board. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode160