We don't want to have the typical "predictions" episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)? Looking forward: -Vaccines -Anti-vaxxers -Resumption of travel? -Resumption of conferences???? -Sales and marketing changes -Societal changes -The problems we face moving forward in compliance and security
Show Notes: https://securityweekly.com/scw57
Visit https://www.securityweekly.com/scw for all the latest episodes!
We have a roundtable discussion amongst the hosts looking back on the highs and lows of 2020! Looking back: -Solarwinds (not in depth but just as part of the year) -Covid-19 -Working from home -Conferences shut down -Travel gone -The new normal of zoom calls -Kids at home
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw57
In the leadership and communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw201
Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success. Join Todd as he introduces a new Podcast featuring actionable lessons from top-notch CISOs and Cybersecurity Leaders.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw201
Microsoft purges malicious SolarWinds presence and highlights a threat model around their source code, the tl;drsec crew provides a hardening guide for Kubernetes, Apples provides a user guide for hardening accounts, Firefox provides a new storage system to defeat side channel abuse.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw135
A premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community provide for this approach to design? We take a look at the OWASP Top 10, Web Security Testing Guide, and Application Security Verification Standard to find a way forward for DevOps teams.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw135
In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ‘solarwinds123’ Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ‘Mistake’ of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw678
SolarWinds is just the latest example of how the enterprise software supply chain, when compromised, can be used successfully by attackers. These coordinated and well-managed attacks prey on trust, so how can we trust our enterprise software?
This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw678
In this world of countless vulnerabilities, we need to find a way to identify threats. Prioritizing known vulnerabilities is a step in the right direction but definitely not enough. There is a need for a customized identifying threat process.
This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw678
When you roll-out the Mimecast Awareness Training best practices to your organization and embrace your employees, you will achieve something magical - employees who become an extension of your security team. Remember security is a team sport which requires the hearts of your employees and the minds of all. So, when do you that you’re successful? One, would be when your employees recognize threats and share it with others in the office to not click on malicious items, creating community defense. The other, is when your employees are taking their best practices home to train their families. More importantly, it is when your company as a whole is excited about cyber security and see it as an enabler and fun!
This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
As organizations come to terms with continued uncertainty in 2021, Martyn will discuss the importance of hybrid network visibility in building an IT infrastructure that can meet the needs of this environment. Specifically, how visibility is the key to supporting and securing the fluid workforce in the post-COVID world even with budget constraints and limited resources.
This segment is sponsored by Gigamon. Visit https://securityweekly.com/gigamon to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw211
We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw56
The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching "PCI" context to this discussion.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw56
For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult 2020 and discuss the changes we'll make in 2021 to be better leaders.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw200
How are CISOs of the Global 500 automating risk and compliance assessments by 90%, saving millions of dollars per year, and creating a unified strategy around cyber risk in the wake of Digital Transformation? Those on the cutting-edge of risk and compliance see a massive opportunity to ingest the telemetry coming from the security tech stack to bring a new level of automation to control compliance and risk management across all frameworks and standards. In this segment, we discuss how COVID-19 and rapid Digitalization have pushed risk and compliance teams to innovate internally, and how they’re doing so with real-life examples. How is it even possible to eliminate nearly all manual effort around IT GRC? What is the latest strategy behind cross-walking frameworks and dynamically lighting up controls in an environment? You’ll learn how some of the largest organizations in the world are proving compliance in real-time, empowering their teams to manage even the most unprecedented risks, and how risk and compliance programs get a clear view into risk likelihood, impact, solution-cost modeling and more. Listen in if you too are working to transform your cyber risk and compliance program to support Digital Transformation.
This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaintsecurity to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw200
FireEye shares supply chain subterfuge, researchers show repeated mistakes in TCP/IP stacks, Google open sources Python fuzzing, Cisco and Microsoft patch their patches for vulns in Jabber and printer modules.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw134
We built OSS Teleport to provide a Unified Access Plane that consolidates access controls and auditing across all environments - infrastructure, applications, and data.
This segment is sponsored by TelePort. Visit https://securityweekly.com/teleport to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw134
Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology?
This segment is sponsored by Innocent Lives Foundation.
Show Notes: https://securityweekly.com/psw677
Visit https://securityweekly.com/ilf to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions.
This segment is sponsored by RiskSense.
Show Notes: https://securityweekly.com/psw677
Visit https://securityweekly.com/risksense to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.
This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Show Notes: https://securityweekly.com/psw677
Polarity uses computer vision that works like augmented reality for your data. It's not a new dashboard to search or a new portal to manage. Polarity augments your existing workflows, enriching your view as you do your work so you can see the story in your data without sacrificing thoroughness or speed. We'll be talking about how analysts are using Polarity to balance thoroughness and speed.
This segment is sponsored by Polarity. Visit https://www.polarity.io/esw to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
These days, we're all learning about human immunology from the headlines. What are the equivalent defenses for our networks? How do we achieve resilience at scale, when we don't really have a network immune system?
This segment is sponsored by RedSeal. Visit https://securityweekly.com/redseal to learn more about them!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
This week in the Enterprise News, How Kali Linux creators plan to handle the future of penetration testing, Tenable founders launch cybersecurity foundation to hand out grants, FireEye cybersecurity tools compromised in state-sponsored attack, Bitdefender launches cloud-based endpoint detection, response platform for companies, and Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw210
We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick "Flee" Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square. We'll spend some time getting to know Flee and his background, pepper him with questions, talk shop, all the while engaging in the usual mayhem.
Visit https://www.securityweekly.com/scw for all the latest episodes!
Show Notes: https://securityweekly.com/scw55