Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2020
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Page 2
Sep 5, 2020

Loveable Security: Flee's approach to cybersecurity is that is should be "loveable." He thinks cybersecurity perpetuates a myth of an elite, isolated team of stealth insiders who are seen as enforcers, instead of as enablers who accelerate innovation by removing obstacles. Data Privacy + CCPA: Flee believes that tech companies should operate as data custodians, instead of data owners, and that CCPA should be the bare minimum that companies do to ensure data privacy.

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw665

Sep 4, 2020

This year we’ve seen organizations accelerate their so-called digital transformation almost overnight. Now we’re getting to the point where security leaders and business owners need to stop and take stock of what happened, what’s a temporary band aid, and figure out how to build their strategy without the luxury of getting yelled at by vendor booths in Mandalay Bay. This segment is sponsored by CrowdStrike. Visit https://securityweekly.com/crowdstrike for a totally free trial! CrowdStrike at Black Hat USA 2020 https://www.crowdstrike.blog/join-crowdstrike-at-black-hat-2020/

 

All applications use APIs—they’re nothing new to the development world. But are organizations factoring API security into their broader security strategy effectively? We’ve seen high-profile breaches at well-known companies stemming from their exposure or use of insecure API endpoints. This raises the question of how your software security initiative addresses the controls you need to ensure the APIs you use and produce are secure. Within this segment, Michael Borohovski will discuss key considerations when designing APIs, along with security controls and security testing that could make or break your software. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 4, 2020

deepwatch Lens Score - The first SecOps maturity benchmarking and planning app. Answers CISO Questions: How mature is my Security Program? How do I compare to my peers? What one thing should I do next? This segment is sponsored by deepwatch. Visit https://www.deepwatch.com/lens-score/ to try deepwatch Lens Score for free!

 

Every organization gets compromised - it’s how you fast you detect and respond that counts. Trends like the overnight move to remote work and the subsequent increase in phishing attacks, the acceleration of cloud adoption, and proliferation of enterprise IoT have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or incident from becoming a full-scale data breach. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! For a free trial of Reveal(x)360 visit: www.extrahop.com/swbh

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 3, 2020

Proofpoint's $300 Million buyback program, LogRhythmn Power Users share their use cases, Bitdefender Enhances MDR Service to Increase Proactive Protection and Advanced Detection, Anchore Unveils Enterprise 2.4 With Expanded & Updated Capabilities, and Auth0's new bot detection!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw197

Sep 3, 2020

Recent criminal charges against the CSO and CEO of Uber.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw41

Sep 2, 2020

Recent criminal charges against the CSO and CEO of Uber.

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw41

Sep 2, 2020

In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw186

Sep 1, 2020

Organizations need a highly skilled security chief to drive fundamental initiatives and align activities to address pressing enterprise needs. Proven CISOs (Chief Information Security Officers) are hard to find and essentially they could become challenging to retain and afford. Flexible Virtual CISO model is an excellent choice to achieve your enterprise goals in terms of security. Companies usually face diverse challenges in term of cost, retention, limited talent in a particular location, etc. The solution to achieve operational excellence and drive highly successful security programs at a fraction of the cost, is to hire a vCISO. A Virtual CISO will occupy the same place in the organization a full-time CISO would, but in a more cost-effective way. A vCISO will provide strategy, guidance, and oversight to achieve operational success in security. Operating with an independent voice, they often can escape the internal politics that plague some organizations.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw186

Sep 1, 2020

A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw120

Aug 31, 2020

What are challenges for companies moving to the cloud in forms of security? Marc Tremsal, Director of Product Management - Security at Datadog, will discuss these challenges and how he helps security teams overcome them throughout their cloud transformation.

 

This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw120

Aug 30, 2020

The growth in software vulnerability exploitation creates a need for better prediction capabilities. Over time, there have been shifts in the ways of discovering vulnerabilities in binary code. Research and development of new tools enables security pros to adopt innovative techniques to scale the process.

 

This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw664

Aug 29, 2020

Most analysts will tell you that they balance between being thorough and getting the job done quickly. Paul Battista asked the security community to weigh in on this debate. He’ll share what they thought and explain why it’s no longer necessary to choose between the two. This segment is sponsored by Polarity. Visit https://www.polarity.io/sw to learn more about them!

Take the Polarity Challenge! Get your free community edition by visiting: www.polarity.io/sw

 

Dynamic application security testing (DAST) for web applications has come a long way, establishing a niche market with a variety of offerings. In this segment Ferruh will discuss the big differences in DAST solutions available and help you understand which one is a pure DAST that you could rely on the most in this day and age. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to get a trial of the best dynamic application scanning solution on the market!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw664

Aug 29, 2020

Google Researcher Reported 3 Flaws in Apache Web Server Software, Medical Data Leaked on GitHub Due to Developer Errors, Experts hacked 28,000 unsecured printers to raise awareness of printer security issues, Tesla Is Cracking Down On Performance-Enhancing Hacks For The Model 3, Former Uber CSO Charged Over Alleged Breach Cover-Up, and Researchers Sound Alarm Over Malicious AWS Community AMIs!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw664

Aug 28, 2020

A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security. Today, Patrick Carey will join us to talk about how organizations are working to build security into their development toolchains and processes.

 

This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 28, 2020

Penetration testing is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7 just released it's 2020 "Under the Hoodie" report which looks at the last 12 months of data exploring the hows and whys of penetration testing, covering mainly internal and external network compromises, with some supplementary data on social engineering and red team simulations. During this podcast we'll talk about some of the key findings and ways you can better secure yourself in the following areas: -Internal network configuration and patch management -Password management and secondary controls - VPNs and internet-based applications

 

This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 27, 2020

Checkmarx Announces GitLab Integration, Panaseer Automates IRM with Archer Integration, How Attivo Networks Strengthens Active Directory Defense, Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack, VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 27, 2020

The SCW Hosts continue the conversation about how to create pragmatic approaches to maturing your cybersecurity program.

 

Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw40

Aug 26, 2020

There are a lot of ways to measure/assess the level of organizational maturity of security programs. But, how do you mature your organization? We will discuss practical steps, like prioritizing the to-do list, the balance between people, process, and technology, as well as the balance between policies, standards, procedures vs. technical controls, to develop a pragmatic approach to mature your cybersecurity program.

 

Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw40

Aug 26, 2020

Ed Amoroso spent over 30 years with AT&T and was frustrated with the security research and advisory firms. We all have our stories, but Ed decided to do something about it. He created TAG Cyber to democratize world-class cyber security research and advisory services.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw185

Aug 25, 2020

In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw185

Aug 25, 2020

The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw119

Aug 24, 2020

Mid-markets do have AppSec expertise, the current AppSec products are focused on large enterprises and require AppSec expertise. Sken.ai is the new and the only AppSec scan tool, focused on mid-markets where DevOps can get started without any AppSec expertise.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw119

Aug 23, 2020

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020

 

Deral Heiland, Principal Security Research IoT at Rapid7 will focus on the subject of IoT security and hacking, IoT testing and testing methods and related research topics. This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Rapid7

Rapid7 Segment Resources: https://www.rapid7.com/research/%0D%0Ahttps://blog.rapid7.com/author/deral-heiland/

To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit: https://www.rapid7.com/research/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 2020

New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 2020

Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection.

 

This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

1 « Previous 1 2 3 4 5 6 7 Next » 91