Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2021
March
February
January


2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2021
Mar 5, 2021

This week, In the Enterprise Security News Thycotic and Centrify join forces, Netwrix acquires Strongpoint, SentinelOne plans for IPO, Qomplx plans to go public, and funding announcements from Axonius, HYAS, Armorblox and platform9. Attivo Networks Announces Continuous Assessment and Enforcement for AD, cPacket Networks announces cCloud, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw218

Mar 5, 2021

LexisNexis Risk Solutions recently released its biannual Cybercrime Report covering July 2020 through December 2020, which details how the evolving threat landscape created new opportunities for cybercriminals around the world, particularly as they targeted new online users. Analysis shows that the under 25 age group is most vulnerable to fraud attacks while the oldest age group is second most vulnerable and loses the most money. The stark risk at both ends of the age spectrum emphasizes the importance for companies to protect both new-to-digital and vulnerable customers when transacting online in 2021. The report also provides a full year review which highlights how 2020 saw an overall decline in human-initiated attacks, while bot attacks accelerated.

 

Press release: https://risk.lexisnexis.com/about-us/press-room/press-release/20200223-biannual-cybercrime-report

The LexisNexis Risk Solutions Cybercrime Report: https://risk.lexisnexis.com/insights-resources/research/cybercrime-report

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw218

Mar 4, 2021

Many security teams have accepted their Intrusion Detection Systems (IDS) as little more than a compliance check-off. IDS reliance on bi-modal signatures is brittle, easily evaded by attackers, and often referred to as an alert canon. In this talk, we'll be discussing what is missing from traditional IDS and how to easily fill the security gaps with NG-IDS capabilities with modern network detection and response (NDR).

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw218

Mar 4, 2021

Assuming Nickel and Mike survived the first segment, we're asking them for practical advice in this segment on how to consider and ultimately select the right cyber insurance program for you. We're looking for the usual suspects, gotchas, and recommended actions.

Suggested reading:

- https://www.psafinancial.com/2020/03/covid-19-5-cybersecurity-risks-you-need-to-consider/

- https://www.psafinancial.com/2019/06/psa-insurance-financial-services-launches-turnkey-cyber-risk-management-solution-for-smbs/

- https://www.psafinancial.com/2018/04/cyber-insurance-your-backstop-in-your-cyber-incident-response/

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw63

Mar 3, 2021

Nickel Lietzau and Mike Volk have heard that we are not huge fans of cyber insurance on SCW, and they have graciously agreed to subject themselves to our scrutiny. In the first segment we'll touch on common myths and misconceptions about Cyber Insurance and let Nickel and Mike set us straight.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw63

Mar 3, 2021

In the leadership and communications section, Financial Targets Don’t Motivate Employees, Texas power outage flags need to revisit business continuity, Security job candidate background checks: What you can and can't do, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw207

Mar 2, 2021

What are some best practices for preparing for a security incident? David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security incident and how to develop a communications plan that's simple and effective.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw207

Mar 2, 2021

This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw141

Mar 1, 2021

In looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for. Plus, we highlight how doing security right also means shifting left in terms of addressing security issues in the design phase. And throughout all this is the importance of being able to communicate security principles and how your design and testing reduces risk.

 

Register for the DevSecOps eSummit for which Ted will be a panelist: https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=5673DA7C-B8C2-4A3E-B675-C6BBF45DC04F

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw141

Feb 28, 2021

This week In the Security News, Nvidia tries to throttle cryptocurrency mining, Digging deeper into the SolarWinds breach, now with executive orders, NASA's secret message on Mars, vulnerabilities in Python and Node.js, hacking TVs and AV gear, nation state hacking galore, patch your VMWare vCenter, and is a password manager worth your money!?!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw684

Feb 27, 2021

Bryan will talk about how and why he wire-tapped the US Secret Service and FBI, how he used his Marine Corps training, cyber abilities, social engineering, and OSINT to rescue his foster daughter from being trafficked. Bryan will then explain what he does with Cyemptive, his day job.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw684

Feb 27, 2021

Peter will tell the story behind the story of his new book "Confessions of a CIA Spy - The Art of Human Hacking" including key highlights from the book regarding data protection. Peter's new book is available on Amazon: https://amazon.com

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw684

Feb 26, 2021

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs’ Ganesh Pai and Amit Malik will discuss this evaluation round, which focuses on the threat groups Carbanak and FIN7. They’ll also talk about how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations.

 

This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw217

Feb 26, 2021

The 2020 SOC Survey results are in and the author, Chris Crowley, will discuss the detailed results in the report and how they can help individuals and organizations reduce the drag on our global community due to insecure information systems. Effective security operations rely on monitoring your data and being prepared to defend yourself and your organization. Chris will explain why he believes that the classic SOC will move, over the next few years, to MSSPs and how to be ready when threats are detected.

Download the report: https://soc-survey.com/

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw217

Feb 25, 2021

This week in the Enterprise News: LasPass is no longer free, Tenable helps with dynamic assets, Security Scorecard and the Score Planner, Trend Micro XDR, & Imperva launches sonar! Funding announcements from: PerimeterX, SPHERE, Red Canary, 1Kosmos, & Strata Identity! In the Acquisition news: Sailpoint to Acquire Intello, Crowdstrike to Acquire Humio, Palo Alto to acquire Bridgecrew, Kaseya to Acquire Rocket Cyber, & more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw217

Feb 25, 2021

The world of hacking and the threat actors that do that sort of thing. What are the implications on comp sec in 2021 for persons, corporations, nation states and maybe even your cat?

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw62

Feb 24, 2021

Jeff, Flee, & Scott talk to John Threat about his background and what led him to becoming a hacker.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw62

Feb 24, 2021

In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw206

Feb 23, 2021

Dutch Schwartz, Cloud Security Strategist at AWS, discusses cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw206

Feb 23, 2021

This week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw140

Feb 22, 2021

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference.

 

This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them!

To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw140

Feb 14, 2021

“Wheel” was part of the team that discovered the heap overflow vulnerability in SUDO, Baron Samedit (CVE-2021-3156), that impacted major Unix-like operating systems included Linux, macOS, AIX and Solaris. He’ll provide an overview of the vulnerability and then dive into a technical discussion of the research.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw683

Feb 13, 2021

This week in the Security News, Police Playing copyrighted music to stop video of them being posted online, Border agents can search phones freely under new circuit court ruling, Microsoft warns enterprises of new 'dependency confusion' attack, Old security vulnerability left in millions of IoT devices, A 'Simple And Yet Robust' Hand Cipher, Zero Trust in the Real World , Clubhouse And Its Privacy & Security Risks, Google launches Open Source Vulnerabilities database, Hacker Tries to Poison Water Supply , Cyberpunk 2077 makers CD Projekt hit by ransomware hack, Multiple Security Updates Affecting TCP/IP, Microsoft’s Remote Desktop Web Access Vulnerability, & more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw683

Feb 13, 2021

In this segment we'll unpack "Zero Trust", what does it mean and how can it be applied as a concept to information security today? It certainly begs the question what and who do you trust? Often without too much thought, we trust software, machines, and people. Each time you run an "apt upgrade" (using sudo!), you are implying trust. When you deploy that enterprise monitoring software (*cough* Solarwinds *cough*), you have to trust it, but to what degree? Tune in to find out more!

 

This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscaler to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw683

Feb 12, 2021

Kelley will discuss his investment thesis in security, his opinions on the cybersecurity investment market in general. He will also review some good and bad investments, stories from the real world, and what companies he likes going forward.

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw216

1 2 3 4 Next »