Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2020
December
November
October
September
August
July
June
May
April
March
February
January


2019
December
November
October
September
August
July
June
May
April
March
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: 2020
Aug 28, 2020

A recent study by Enterprise Strategy Group, commissioned by Synopsys, revealed that nearly half of the cybersecurity and development professionals surveyed indicate that their organization knowingly pushes vulnerable code into production due to time pressures. In every sector, development and security teams grapple with the competing demands of development velocity and application security. Today, Patrick Carey will join us to talk about how organizations are working to build security into their development toolchains and processes.

 

This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 28, 2020

Penetration testing is the practice of simulating a criminal breach of a sensitive area in order to uncover and fix defensive failures. Rapid7 just released it's 2020 "Under the Hoodie" report which looks at the last 12 months of data exploring the hows and whys of penetration testing, covering mainly internal and external network compromises, with some supplementary data on social engineering and red team simulations. During this podcast we'll talk about some of the key findings and ways you can better secure yourself in the following areas: -Internal network configuration and patch management -Password management and secondary controls - VPNs and internet-based applications

 

This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 27, 2020

Checkmarx Announces GitLab Integration, Panaseer Automates IRM with Archer Integration, How Attivo Networks Strengthens Active Directory Defense, Elastic Security 7.9 delivers a major milestone toward endpoint security integrated into the Elastic Stack, VMware brings Kubernetes to its VMware Fusion and VMware Workstation solutions, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw196

Aug 27, 2020

The SCW Hosts continue the conversation about how to create pragmatic approaches to maturing your cybersecurity program.

 

Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw40

Aug 26, 2020

There are a lot of ways to measure/assess the level of organizational maturity of security programs. But, how do you mature your organization? We will discuss practical steps, like prioritizing the to-do list, the balance between people, process, and technology, as well as the balance between policies, standards, procedures vs. technical controls, to develop a pragmatic approach to mature your cybersecurity program.

 

Reference Slides: https://securityweekly.com/scw-episode-40-reference-slides/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw40

Aug 26, 2020

Ed Amoroso spent over 30 years with AT&T and was frustrated with the security research and advisory firms. We all have our stories, but Ed decided to do something about it. He created TAG Cyber to democratize world-class cyber security research and advisory services.

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw185

Aug 25, 2020

In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw185

Aug 25, 2020

The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw119

Aug 24, 2020

Mid-markets do have AppSec expertise, the current AppSec products are focused on large enterprises and require AppSec expertise. Sken.ai is the new and the only AppSec scan tool, focused on mid-markets where DevOps can get started without any AppSec expertise.

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw119

Aug 23, 2020

What use cases are addressed by Threat Hunting Platforms and SIEMs? Where is the overlap and where are the differences? Corey Thuen, Founder of Gravwell, covers the high level and low-level tech that drives these differences. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Gravwell is a threat hunting platform built for ingest and search of logs and binary data sources at scale. To learn more, visit: https://www.gravwell.io/summercamp2020

 

Deral Heiland, Principal Security Research IoT at Rapid7 will focus on the subject of IoT security and hacking, IoT testing and testing methods and related research topics. This segment is sponsored by Rapid7. Visit https://securityweekly.com/rapid7 to learn more about them! Rapid7

Rapid7 Segment Resources: https://www.rapid7.com/research/%0D%0Ahttps://blog.rapid7.com/author/deral-heiland/

To gain access to our latest research (i.e. 2020 Q1 Threat Report, NICER and Under the Hoodie 2020 visit: https://www.rapid7.com/research/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 2020

New Microsoft Defender ATP Capability Blocks Malicious Behaviors, Voice Phishers Targeting Corporate VPNs, IBM finds vulnerability in IoT chips present in billions of devices, The Sounds a Key Make Can Produce 3D-Printed Replica, US firm accused of secretly installing location tracking SDK in mobile apps, and Disrupting a power grid with cheap equipment hidden in a coffee cup!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

Aug 22, 2020

Customers are concerned about protecting critical services such as Active Directory from compromise. It's game over if AD is compromised. AD environments can be heterogeneous; public cloud, on-prem data centers, clients, servers. It is operationally complex to protect this environment while ensuring smooth business operations How do you deal with changes in the environment? New apps? App updates? New systems? Harry will demo key points of Edgewise's answer to use software identity for microsegmentation and cloud workload protection.

 

This segment is sponsored by Edgewise Networks. Visit https://securityweekly.com/edgewise to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw663

Aug 21, 2020

The concept of purple teaming needs to be expanded to incorporate a culture of collaboration across all proactive and reactive activities within enterprise cybersecurity programs. Learn how PlexTrac can aid in all thing purple teaming and drive to the security posture forward for all. This segment is sponsored by PlexTrac. Visit https://securityweekly.com/plextrac to learn more about them! To get one month free, visit: https://securityweekly.com/plextrac

 

Are security operations teams prepared to respond to privacy threats? Although you can achieve security without privacy, namely keeping information safeguarded from those that should not have access, you can not keep data private without security. How can we address this challenge? This segment is sponsored by Spirion. Visit https://securityweekly.com/spirionbh to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw195

Aug 21, 2020

Matt and Anton will discuss the new integration between Tanium and Chronicle, designed for distributed IT in a remote-work world. The two will explore some of the unique challenges that security teams are facing in light of this change. They will also provide details on the new integrations, which combines comprehensive endpoint telemetry from Tanium with Chronicle s cloud-scale analytics to inform threat hunting and investigations with one year of recorded endpoint activity. This is just the beginning of the partnership between Google Cloud and Tanium. Check out the blog post on Tanium's website to learn more about the future of the partnership and what it means for security. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

 

Risk remains the top concern for organizations adopting software-as-a-service (SaaS) models and this is an issue that is only getting worse. What is needed today is the ability to remove the dependency on human behavior and human error, bringing control back to the security team. Risk in a SaaS environment is largely an identity problem. Specifically, it is a misuse of identity and the privilege access granted to that identity. Before implementing any SaaS platform, you must consider how much access is really being granted in the cloud. More importantly, how is that privilege access being used? This segment is sponsored by Vectra. Visit https://www.vectra.ai/o365 to learn more about them! To see how Vectra can detect attacks in SaaS like Office 365, please visit: https://www.vectra.ai/o365

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw195

Aug 20, 2020

ThreatConnect Integrates with Microsoft Graph Security API to Strengthen Security Automation, Sectigo unveils Sectigo Quantum Labs to help orgs prepare for quantum computers, Trend Micro to offer comprehensive network and endpoint protection for IoT and 5G private networks, Thycotic Releases Thycotic Identity Bridge, and more!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw195

Aug 20, 2020

In this episode we will discuss the overarching importance of securing privileged access throughout the organization as it relates to the overall security posture and compliance requirements. CyberArk’s Principle Solutions Engineer Matt Tarr will explain the principle of least privilege, its regulatory and security aspects, and how least privilege can be enforced in a real-life implementation. He will also discuss concepts such as just-in-time privileged access, endpoint security, multi-factor authentication, password rotation and other important aspects of managing identity security and privileged access security as it relates to regulation including PCI DSS, GBLA and others.

 

This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them!

Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/

Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw39

Aug 19, 2020

Matt discusses his position on the Solutions Engineering team at CyberArk. He talks about how his 15 years in Systems and Sales Engineering roles adds a layer of experience at CyberArk. Matt will then explain how CyberArk provides “Security for the Heart of the Enterprise” by adding a layer of security around privileged accounts.

 

This segment is sponsored by CyberArk. Visit https://securityweekly.com/cyberark to learn more about them!

Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/

Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/scw39

Aug 19, 2020

In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw184

Aug 18, 2020

Jeff Costlow, Deputy CISO at ExtraHop, will discuss the challenges of detecting and patching Ripple20. Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. There are two primary attack vectors: Internet Protocol and Domain Name Services. Jeff will discuss ExtraHop's approach to detecting these devices and provide a quick demo of the solution.

 

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/ to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/bsw184

Aug 18, 2020

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re­VoL­TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw118

Aug 17, 2020

Cesar will demonstrate breach path prediction as well as other features.

 

This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/asw118

Aug 16, 2020

It s not uncommon to find the traditional vulnerability assessment report buried under the CISO family picture, compliance books, and his latest blood pressure test. These reports highlight the never-ending battle between security and IT about what s more important: risks to servers and endpoints, or keeping the environment up-to-date and secured. There are even problems within the ranks of each unit. Dysfunctional processes, lack of efficient communication, and rudimentary tools put even more pressure on the CIO and CISO.

 

This segment is sponsored by Vicarius. Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 2020

This week, Amazon Alexa One-Click Attack Can Divulge Personal Data, Adobe tackles critical code execution vulnerabilities in Acrobat, Reader, Threat actors managed to control 23% of Tor Exit nodes, SANS Security Training Firm Hit with Data Breach, Unskilled hackers can breach about 3 out of 4 companies, TeamViewer flaw can allow hackers to steal System password, and more!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 15, 2020

Elastic believes that transparency and collaboration must be the new norm for the greater infosec community to succeed in stopping threats at scale. With many individuals now working from home, new endpoints need to be secured and IT teams are rushing years of planning into a few months to onboard distributed employees and resources – all while managing a global shift that is bringing new adversary behaviors targeting the new remote workforce. Organizations need to react fast, implement new controls, and do it all while managing existing budgets and staff. Making Elastic endpoint security completely free and open helps level the playing field for organizations that are struggling with the typically high cost and complexity of adopting effective endpoint security.

 

This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://wiki.securityweekly.com/psw662

Aug 14, 2020

Security professionals need to be thinking of the next evolution of the approach from working from home, specifically focusing on the security of the home network for both employees and third party contractors. Stephen Boyer, Co-Founder and CTO, discusses how to rate the risk of these new attack vectors using data BitSight already has... This interview is sponsored by BitSight. To learn more about them, visit: https://securityweekly.com/bitsight

ThreatLocker CEO, Danny Jenkins explains why his new approach of blocking everything that is not trusted and only allowing those applications that are approved, is a cleaner and more comprehensive approach to ensuring malware does not end up on your networks. This interview is sponsored by ThreatLocker. To learn more about them, visit: https://www.securityweekly.com/threatlocker

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw194

1 « Previous 4 5 6 7 8 9 10 Next » 21