Paul's Security Weekly TV

Follow Paul's Security Weekly TV
Share on
Copy link to clipboard

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Security Weekly


    • Dec 25, 2021 LATEST EPISODE
    • daily NEW EPISODES
    • 37m AVG DURATION
    • 2,918 EPISODES


    Search for episodes from Paul's Security Weekly TV with a specific topic:

    Latest episodes from Paul's Security Weekly TV

    ESW End-of-Year Wrap Up - ESW #255

    Play Episode Listen Later Dec 25, 2021 35:05

    In our final security weekly segment of the year, we're wrapping up by reminiscing about 2021's biggest, craziest, and most interesting stories. We'll chat about our favorite interviews of the year. Finally, we're sharing our hopes for 2022. What could make it better? Will it be the year we break free from ransomware? Will cyber insurance providers drop all their policyholders? All this, and cryptic hints from Adrian and Tyler! It has been a crazy year and we're looking forward to keeping you informed throughout 2022 as well!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

    Zip Tie Pick, Wifi/Bluetooth Bugs, Domain Controllers, & Beetle Behavior - PSW #722

    Play Episode Listen Later Dec 25, 2021 83:29

    The greatest exploit in the world, throw some more logs on the log4j fire, lock picking with a zip tie, hacking metal detectors, please disclose your vulnerabilities here, bugs in Wifi and Bluetooth have an interesting relationship, not-so-secret backdoors, taking over domain controllers, and interesting precopulatory behavior in darkling beetles!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

    Dragons & Unicorns, Phishing Training, GreyNoise, & Becoming Domain Admin - ESW #255

    Play Episode Listen Later Dec 25, 2021 44:47

    In the Enterprise Security News for this week, ZeroFox has a $1.4 billion dollar blank check, Corellium raises a $25m series A, GreyNoise makes its data free to help out Log4j sufferers, AWS suffers its third outage in a month (coincidentally hindering GreyNoise's efforts), Ditching Unicorns for Dragons, Yet another easy way to become domain admin, thanks Microsoft, New report finds that current phishing training isn't effective and is even potentially harmful, & more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

    The State Of Internet Exposed Services - John Matherly - PSW #722

    Play Episode Listen Later Dec 24, 2021 61:57

    John joins us to talk about what its like to run scans of the Internet on a regular basis. We'll talk about some trends, such as what is more exposed, what is less exposed, and how select segments of devices impact the security of Internet, such as printers, medial devices, SMB, RDP and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

    Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255

    Play Episode Listen Later Dec 24, 2021 37:16

    Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy.   Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

    Lock Picking & Physical Security - Deviant Ollam - PSW #722

    Play Episode Listen Later Dec 24, 2021 61:37

    Many of us, myself included, learned lock picking techniques from Deviant. He comes on the show to talk about physical security in a pandemic, how to train for lock picking and physical security assessments, share some war stories and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw722

    The Security Hippie, Part 2 - Barak Engel - SCW #99

    Play Episode Listen Later Dec 23, 2021 29:31

    Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview.   To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw99

    The Security Hippie, Part 1 - Barak Engel - SCW #99

    Play Episode Listen Later Dec 22, 2021 39:47

    Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview.   To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw99

    Office of the CISO, The Fearless CISO, and America's Cyber Reckoning - BSW #244

    Play Episode Listen Later Dec 22, 2021 31:09

    In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America's Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw244

    Security Maturity: From Hostage Negotiator to Business Leader - Sandy Dunn - BSW #244

    Play Episode Listen Later Dec 21, 2021 27:08

    Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw244

    Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards - ASW #178

    Play Episode Listen Later Dec 21, 2021 39:05

    Log4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, another data point on bug bounty awards, and looking at risk topics for the next year. This completes another year of the podcast! A very heartfelt thank you to all our listeners! And a special thank you and shout out to the crew that helps make this possible every week -- Johnny, Gus, Sam, and Renee. We'll keep the New Wave / Post-Punk, movie, and pop culture references coming for all the appsec and DevOps topics you can throw our way. Thanks again everyone!!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw178

    Evolving Security Testing - Dan Guido - ASW #178

    Play Episode Listen Later Dec 20, 2021 35:31

    What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully.   Segment Resources https://blog.trailofbits.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw178

    Cyber-Loaded Bills, Dazz CSPM, Janky Tech, VC Startup Valuations, & Keanu Reeves Talk - ESW #254

    Play Episode Listen Later Dec 18, 2021 53:20

    This week in the Enterprise News: Is the art of VC valuations a lie?, Noname Security hits unicorn status, Dazz sounds like an 80's cartoon character and is the latest to join the CSPM category with a mega Series A, LogMeIn spins out Lastpass, We'll talk about Log4Shell for a little bit, but not too much, Everyone forgot that AWS had an outage last week, at least, until they had an outage this week, 83% of IT professionals can't guarantee infrastructure is safe from ex-employees, & Senate approves cyber-loaded defense bill but stripped out incident reporting! All that and more, on this episode of Enterprise Security Weekly!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

    Printing Shellz, Block Chain For C2, Wordpress Theft, & Log4j Who? - PSW #721

    Play Episode Listen Later Dec 18, 2021 60:47

    This week in the Security News: Printing Shellz, the exploit is in the link, 42 CVEs, time to update all of your browsers again, Microsoft App spoofing vulnerability, stealing credit cards in Wordpress, using block chain for C2, MangeEngine 0day, oh and did you hear about the log4j vulnerability?   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

    The Evolution & Future of XDR & the SOC - Scott Crawford - ESW #254

    Play Episode Listen Later Dec 18, 2021 37:18

    Like our interview with Allie Mellen last week (episode 253, check it out also), we have another analyst roundtable here (all ESW hosts are former analysts), discussing one of the hottest new cybersecurity categories - XDR. This discussion will touch on why the only thing about XDR that was a surprise was maybe the name - we all saw this coming, partly due to the failure of other, less effective products and technologies. Perhaps more interesting will be to get Scott's thoughts on where we're going from a macro perspective. Distributed SOC? Automated remediation? Next-gen XDR?   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

    What to Expect in 2022 - Sinan Eren - PSW #721

    Play Episode Listen Later Dec 17, 2021 46:21

    Since it is Dec 15 - might make sense to have a discussion on what might be coming in 2022 in terms of security - topics could span Ransomware, and other threats as well as technology segments like Zero Trust and SASE, etc.   Segment Resources: Barracuda research on Ransomware trends and remote code execution vulns: https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/ https://blog.barracuda.com/2021/10/13/threat-spotlight-remote-code-execution-vulnerabilities/   This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

    Morale Is a Safety Control - Shoshana Gourdin - ESW #254

    Play Episode Listen Later Dec 17, 2021 35:24

    Not all security is complicated--many aspects boil down to noticing that something is off. Attentive and curious employees are an overlooked safety mechanism, as is handling problems in a constructive way.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw254

    All Your Holiday Hack Challenge Belong To Us - Ed Skoudis - PSW #721

    Play Episode Listen Later Dec 17, 2021 60:59

    Let's talk about the 2021 SANS Holiday Hack Challenge. Lotsa great new stuff this year, with a focus on hardware hacking in a virtual world... plus TWO cons at the North Pole.   Segment Resources: www.holidayhackchallenge.com www.counterhack.com www.sans.edu   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw721

    Everything You Wanted to Know About CISOs But Were Afraid to Ask, Part 2 - Ben Carr - SCW #98

    Play Episode Listen Later Dec 16, 2021 41:36

    Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more!   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw98

    Everything You Wanted to Know About CISOs But Were Afraid to Ask, Part 1 - Ben Carr - SCW #98

    Play Episode Listen Later Dec 15, 2021 35:08

    Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more!   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw98

    (13 Traits + 7 Strategies)/2 = 10 Effective Ways to Improve Communication - BSW #243

    Play Episode Listen Later Dec 15, 2021 32:33

    In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communication Skills, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw243

    Why Hospitals Face Unique Security Challenges - Mike Murray - BSW #243

    Play Episode Listen Later Dec 14, 2021 32:18

    -More than 25% of US hospitals have suffered at least one ransomware attack in the last two years. -Clearly, hospital IT teams, for the first time, the power to see and stop ransomware and other cyberattacks across a hospital's sprawling and fragmented ecosystem of office IT, clinical technologies, and electronic health systems. -Existing security solutions are only capable of detecting cyberthreats on office worker devices, which leaves two-thirds of a hospital's IT environment invisible and undefended.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw243

    Log4Shell, Mozilla's BigFix & New Sandbox, Rust in Linux Kernel, Path Traversal in Go - ASW #177

    Play Episode Listen Later Dec 14, 2021 35:34

    This week in the AppSec News, Mike & John talk: All about Log4Shell, Mozilla's BigFix bug and new sandbox, Rust in the Linux kernel, path traversals, reflections on the security profession, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw177

    DevSecOps, Compliance GRC, and the Future of Application Security - Francesco Cipollone - ASW #177

    Play Episode Listen Later Dec 13, 2021 34:49

    DevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challenging.   Segment Resources: - AppSec Cali 19 Talk: https://www.youtube.com/watch?v=cegMUjo25Zc - ADDO19: https://www.youtube.com/watch?v=x1p3exzkTIY - Open Security Summit 20 - https://www.youtube.com/watch?v=8myMG36gq4o, https://www.youtube.com/watch?v=mh_P1C1a-CM   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw177

    Unicorns Galore, Selling Text Messages, Spicy Takes, & Treacherous Devs - ESW #253

    Play Episode Listen Later Dec 11, 2021 59:36

    Finally, in the enterprise security news: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly!    Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253

    Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide - Vincent Berk - ESW #253

    Play Episode Listen Later Dec 11, 2021 33:52

    Riverbed's Network Security Solutions provide the full-fidelity network visibility organizations need to see everything. The rise of cloud and user mobility has increased the complexity and the reach of modern networks, expanding the risk perimeter for cyber-attacks. Riverbed enables organizations to address performance, visibility, and security holistically so they can overcome complexity and fully capitalize on their digital and cloud investments.   Segment Resources: https://visibility.riverbed.com/ https://www.riverbed.com/solutions/security.html https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html   This segment is sponsored by Riverbed Technology. Visit https://securityweekly.com/riverbed to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253

    Digging Into XDR - Allie Mellen - ESW #253

    Play Episode Listen Later Dec 10, 2021 32:41

    XDR is the buzzword practitioners can't seem to escape. Or is it? Allie Mellen, Forrester Analyst, will cover her research on what XDR is and what it isn't to help practitioners understand what it really means for them.   Segment Resources: https://www.forrester.com/blogs/announcing-the-first-and-only-evaluative-research-on-xdr-the-forrester-new-wave-extended-detection-and-response-providers-q4-2021/ https://www.forrester.com/blogs/xdr-faq-frequently-asked-questions-on-extended-detection-and-response/ https://www.forrester.com/blogs/what-security-market-definitions-tell-practitioners/   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw253

    Killing the SOC, Burger King Runes, ReliaQuest Valuation, & StrongDM - ESW #252

    Play Episode Listen Later Dec 4, 2021 44:11

    This week in the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC - is the SOC dead?, Comparing secure messaging apps, The best cities for cybersecurity professionals, and Don't miss today's Squirrel Story - it's a personal anecdote!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw252

    The 2021 Security Landscape & What Lies Ahead - Shailesh Athalye - PSW #720

    Play Episode Listen Later Dec 4, 2021 58:16

    What are the key security challenges that customers faced this year? What did attackers do differently in 2021, and why are they succeeding more often? What can we expect in 2022? Shailesh will discuss the latest defense strategies and how security teams can plan for the year ahead.   Segment Resources: https://www.qualys.com/cloud-platform/   This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw720

    Authentication Vulnerabilities - PSW #720

    Play Episode Listen Later Dec 4, 2021 37:40

    Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications.   This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw720

    First Look: Is Passwordless Really Killing the Password? - ESW #252

    Play Episode Listen Later Dec 4, 2021 37:58

    Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem to be coming at the challenge the same way. In this "First Look" segment, our goal is to define Passwordless, discuss some of the companies doing it, and how they're doing it. We'll even go through a few live passwordless demos.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw252

    Bypassing Biometrics, Hiding in Plain Sight, Hacker Cinema, & High Aspirations - PSW #720

    Play Episode Listen Later Dec 3, 2021 116:06

    In the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero Days, & why The Matrix (might be) the best hacker movie!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw720

    Are We Ever Going to Get Information Sharing Right? - Edna Conway - ESW #252

    Play Episode Listen Later Dec 3, 2021 30:49

    In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for 20 years before that! She's smart, dangerous, and has some great takes we can't wait to dive into.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw252

    Hacker Situational Awareness, Part 2 - John Threat - SCW #97

    Play Episode Listen Later Dec 2, 2021 50:38

    There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective.   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw97

    Hacker Situational Awareness, Part 1 - John Threat - SCW #97

    Play Episode Listen Later Dec 1, 2021 41:01

    There's something happening here – and what it is ain't exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We're going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what's right and what's wrong in our industry today and what can we do about it. All from a hacker's perspective.   Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw97

    Leadership Triad, Awesome CISO Tips, & CISO Demands - BSW #242

    Play Episode Listen Later Dec 1, 2021 32:36

    This week in the Leadership & Communications section, 'They Said a CISO Does What?', 5 Tips to be an awesome CISO, 9 tips for an effective ransomware negotiation, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw242

    CISO Transition: A CISO's Perspective - BSW #242

    Play Episode Listen Later Nov 30, 2021 29:05

    We cover a lot of articles about CISO leadership, communications, skills, and yes, transition. This week we discuss the CISO transition from a CISO's perspective. I will interview my co-hosts on why they made moves in 2021, what criteria did they use to analyze their next role, and what are their strategies for a successful transition.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw242

    Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176

    Play Episode Listen Later Nov 30, 2021 38:46

    This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw176

    Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176

    Play Episode Listen Later Nov 29, 2021 37:27

    In today's session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they'll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they'll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation, and training.   Segment Resources: - Veracode State of Sofware Security v11 https://www.veracode.com/state-of-software-security-report   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw176

    Security & Compliance Thru the Lens of a Technology Journalist, Part 2 - Evan Schuman - SCW #96

    Play Episode Listen Later Nov 25, 2021 42:55

    In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the interpretation and application of many of the more challenging security requirements found in PCI DSS which was reflected in its tag line, “Techniques, Tools and Tirade about Retail Technology and E-Commerce. The founder of the column, Evan Schuman, is a veteran journalist who has covered a wide range of technology, privacy and legal issues over the past three decades. Evan will give us his take on many of the issues facing the connected world -past, present, and future. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw96

    Security & Compliance Thru the Lens of a Technology Journalist, Part 1 - Evan Schuman - SCW #96

    Play Episode Listen Later Nov 24, 2021 35:24

    In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the interpretation and application of many of the more challenging security requirements found in PCI DSS which was reflected in its tag line, “Techniques, Tools and Tirade about Retail Technology and E-Commerce. The founder of the column, Evan Schuman, is a veteran journalist who has covered a wide range of technology, privacy and legal issues over the past three decades. Evan will give us his take on many of the issues facing the connected world -past, present, and future. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw96

    4 Things Boards Should Know, 4 in 10 Orgs Don't Have a CISO, & Creating Culture - BSW #241

    Play Episode Listen Later Nov 24, 2021 22:39

    In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw241

    Preventing Attacks Through Risk Management & Governance - Kevin Powers, Padraic O'Reilly - BSW #241

    Play Episode Listen Later Nov 23, 2021 27:51

    As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age.   This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw241

    CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

    Play Episode Listen Later Nov 23, 2021 35:16

    This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

    wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175

    Play Episode Listen Later Nov 22, 2021 34:24

    CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely.   Segment Resources: - https://webassembly.org/ - https://wasmcloud.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

    Congress Goes Cyber-Crazy, Emotet Returns, SnapAttack, & Netography - ESW #251

    Play Episode Listen Later Nov 20, 2021 43:45

    This week in the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

    Suing Satoshi, Trojans in IDA, FBI Spam, Beg Bounties, & UPNP Strikes Again - PSW #719

    Play Episode Listen Later Nov 20, 2021 81:06

    This week in the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

    Skill Building: CTFs & Computer Fundamentals - Derek Rook - PSW #719

    Play Episode Listen Later Nov 19, 2021 62:06

    Derek and the hosts will discuss technologies to build CTFs as well as what types of things to consider while doing so. They will also talk about the computer fundamentals that are often undervalued when entering security.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

    The Real Costs of Ransomware in 2021, 2022, & Beyond - Mike Campfield - ESW #251

    Play Episode Listen Later Nov 19, 2021 31:00

    Ransomware: the problem that everyone is talking about, yet somehow continues to get worse with each passing year. In 2021, the cost of ransomware to global businesses is estimated to reach a whopping $20B. The problem has reached such a critical mass that it can no longer be cast away as some unknowable IT problem––everyone from cyber insurance providers to the federal government have taken note. ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat.   This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

    Understanding Cyber Insurance Trends & Changes - ESW #251

    Play Episode Listen Later Nov 19, 2021 34:53

    Jeffrey joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment.   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw251

    Building Vulnerable Docker Containers (On Purpose) - PSW #719

    Play Episode Listen Later Nov 19, 2021 50:34

    I needed to create some vulnerable targets for testing exploits and my default password finder I wrote in Python (featured in previous episodes). I found a few useful projects, including Vulhub, that made the task of building an insecure lab environment pretty easy. I've made several additions and improvements to the available code, which I will run through in this segment.   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw719

    Claim Paul's Security Weekly TV

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel