Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2020
Oct 17, 2020

Software vulnerabilities are exploding in growth at an unprecedented rate, and security teams are struggling to stay afloat. Lifebuoys (i.e. CVSS base scores) aren’t doing much to save them, either. A new advancement in threat prioritization offers relief, integrating the vulnerabilities’ surrounding characteristics to identify the most severe risks.

 

This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw670

Oct 16, 2020

Simplifying The Process Of Identifying, Assessing & Mitigating Risks: Liam Downward, CEO of CYRISMA, talks about burdensome technologies that generate bloat within any organization, high licensing costs along with the long deployment times. All of these affect the ROI on organizational resources Time, Money, and People. This segment is sponsored by CYRISMA. Visit https://securityweekly.com/cyrisma to learn more about them!

Get 10% off your monthly bill when you sign up! Visit: https://www.cyrisma.com

 

Summarizing the BlackHat Threat Intelligence Report: Matthew Gardiner, Principal Security Strategist, from Mimecast will provide and overview of Mimecast and the results of their Threat Intelligence Report, BlackHat USA Edition, August 2020. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecastbh to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw202

Oct 16, 2020

Learn about some of the latest techniques attackers are using when phishing and vishing, including how to protect your users!

 

This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw202

Oct 15, 2020

Bad Neighbor Vulnerability, FireEye Announced ‘Mandiant Advantage: Threat Intelligence’ SaaS-based Offering, Aqua’s Trivy Now Available as a GitHub Action, Datadog adds Deployment Tracking to its APM to prevent outages related to bad code deploys, and Tenable and the Center for Internet Security Enter Partnership to Bolster Cyber Hygiene Across Public and Private Sectors!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw202

Oct 15, 2020

While we're on the topic of doing business with the federal government, we'll provide an update on the goings on of Cybersecurity Maturity Model Certification (CMMC). We've invited Mike Brooks to stay with us for this conversation to talk about the status, success, (failure?) of this new program designed to provide a maturity path for cybersecurity programs of organizations wishing to conduct business with the federal government.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw47

Oct 14, 2020

Mike Brooks will talk to us about his transition from cybersecurity roles in the DoD to roles in the private sector. He currently works as vCISO for Abacode, a company that is providing a next-generation Managed Cybersecurity & Compliance Provider (MCCP) service. Leveraging a unified platform that automates not only security controls but compliance reporting. Mike will discuss his experiences, his views, and his take on various compliance disciplines, particularly what is required to conduct business with the federal government as well as what lends itself to automation.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw47

Oct 14, 2020

In the Leadership and Communications section, we go off script. Michael Santarcangelo joins me for a discussion on leadership. I want to review the 4 C's of Leadership: 1. Culture 2. Collaboration 3. Communication 4. Cultivation Michael shares some of his approaches and ideas.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw191

Oct 13, 2020

Typical security teams have 20-50 technologies, and enough staff to be expert in about 3 of them. This makes taming complexity very challenging - the short staffing is showing no signs of letting up. How do we choose which defensive technologies are truly essential?

 

This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw191

Oct 13, 2020

Redefining Impossible: XSS without arbitrary JavaScript, API flaws in an "unconventional" smart device, Facebook Bug Bounty Announces "Hacker Plus", Anti-Virus Vulnerabilities, and Chrome Introduces Cache Partitioning!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw125

Oct 12, 2020

Managing passwords is a critical developer task. Developers tasked with building or augmenting legacy authentication systems have a daunting task when facing modern adversaries. This session will review some of the changes suggested in NIST SP800-63b the "Digital Identity Guideline on Authentication and Lifecycle Management regarding password policy".

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw125

Oct 11, 2020

US Air Force slaps Googly container tech on yet another war machine to 'run advanced ML algorithms', Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs, Hackers exploit Windows Error Reporting service in new fileless attack, HP Device Manager vulnerabilities may allow full system takeover, Malware exploiting XML-RPC vulnerability in WordPress, and it's the 10 year anniversary of Stuxnet: Is Your Operational Technology Safe?

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw669

Oct 10, 2020

Assembling an infosec home lab is great way to learn more about the ever-changing programs and systems in the cyber world. However, it can get complicated to figure out what you really need to get your own home lab assembled and running. In this segment Tony will go over the the things you need to think about and the resources he uses to build an infosec home lab.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw669

Oct 10, 2020

Tempesta FW is an open source hybrid of an HTTPS accelerator and a firewall aiming to accelerate web resources and protect them against DDoS and web attacks. The project is built into the Linux TCP/IP stack to provide performance comparable with the kernel bypass approaches (e.g. using DPDK), but still be well-integrated with the native Linux networking tools. We'll talk about Tempesta FW integration with IPtables/nftables to filter network traffic on all the layers and other tools to protect agains layer 7 DDoS and web attacks.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw669

Oct 9, 2020

Falcon OverWatch, the CrowdStrike® elite team of threat hunters, has the unparalleled ability to see and stop the most sophisticated threats, leaving adversaries with nowhere to hide. In this segment we'll discuss the OverWatch team’s key threat hunting findings from the first half of 2020, as described in the 2020 Threat Hunting Report. The report reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. Download the full report https://www.crowdstrike.com/resources/reports/threat-hunting-report-2020/ Learn about the latest trends in cyber crime and take a deep dive into some of the tactics, techniques and procedures in use by specific cyber crime groups!

 

Visit https://securityweekly.com/crowdstrike to learn more about them!

Visit https://www.securityweekly.com/esw

for all the latest episodes!

Show Notes: https://securityweekly.com/esw201

Oct 9, 2020

The appearance of safety and actual security often do not align as closely as we would like to think. As enterprise security products get "smarter", the access that they require to your most sensitive data grows. What are some of the risks associated with common classes of security products?

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw201

Oct 8, 2020

Anchore Rolls Out Open Source DevOps Tools, Rapid7 Cloud Identity and Access Management Governance Module for DivvyCloud, Digital Shadows launches access key alerts, Microsoft Azure customers can now implement Datadog as a monitoring solution for their cloud workloads, and Ping Identity unveils PingOne Services!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw201

Oct 8, 2020

How Security & Compliance fails and what to do about it.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw46

Oct 7, 2020

We're going to look back on our favorite episodes of the first year, reflect on how we are doing, solicit feedback from listeners, look ahead to the future/coming year - what to expect.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw46

Oct 7, 2020

Parham Eftekhari provides an overview of the Cybersecurity Collaborative and why the nation's top CISOs are rediscovering the power of true peer-to-peer collaboration.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw190

Oct 6, 2020

In the Leadership and Communications section, What it takes to be a transformational CISO, Put Your Metrics Where Your Mouth Is, 5 Simple Ways to Make Better Decisions, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw190

Oct 6, 2020

DOMOS 5.8 - OS Command Injection, 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies, Google sets up research grant for finding bugs in browser JavaScript engines, Announcing the launch of the Android Partner Vulnerability Initiative, and more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw124

Oct 5, 2020

Developers are at the center of properly securing applications. A large number of security issues bury developers. We must understand the things every developer must know about security in order to help them. We must practice developer empathy, walking a mile in their shoes.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw124

Oct 3, 2020

In the Security News, Rumored Windows XP Source Code Leaked Online, Hospitals hit by countrywide ransomware attack, China-linked 'BlackTech' hackers start targeting U.S, a 13-year-old student was arrested for hacking school computers, Who caused the 14 state Monday 911 outage, and A Return to 'Hackers' Is "Being Actively Considered," Says Director!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

Oct 2, 2020

Intrusion Detection Honeypots are fake services, data, and tokens placed inside the network to lure attackers into interacting with them to give away their presence. If you can control what the attacker sees and thinks, you can control what the attacker does.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

Oct 2, 2020

Paul will discuss his process for creating a docker container for running NGINX as an RTMP proxy for streaming video to multiple services; complete with SSL and authentication.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw668

1 « Previous 1 2 3 4 5 6 7 Next » 21