Podcasts about apisecurity

summaryIn this episode, the conversation begins with a significant data breach at Star Health Insurance, affecting over 31 million individuals. The discussion delves into the complexities of insider threats, particularly focusing on the alleged involvement of the company's CISO. The episode transitions to an introduction of Dr. Sunny Ware, a web application penetration tester, who shares her journey from software development to cybersecurity. Dr. Sunny discusses her role in penetration testing, the importance of understanding application logic, and the use of AI in her work. The episode concludes with a lifestyle polygraph segment, where Dr. Sunny shares personal insights and experiences, emphasizing the importance of mentorship in cybersecurity.  takeawaysStar Health Insurance experienced a major data breach affecting millions.Insider threats are predicted to be a significant risk in 2025.Dr. Sunny Ware transitioned from software development to cybersecurity.Understanding application logic is crucial in penetration testing.AI can be a valuable tool in penetration testing.Bug bounty programs offer focused opportunities for security testing.Mentorship is important for the next generation of cybersecurity professionals.Dr. Sunny emphasizes the creativity involved in coding and security.Vulnerability disclosure programs differ from bug bounty programs.Dr. Sunny's passion for teaching and sharing knowledge is evident.titlesThe Star Health Insurance Data Breach: A Deep DiveInsider Threats: The New Face of Cybersecurity RisksMeet Dr. Sunny Ware: A Cybersecurity TrailblazerThe Art of Penetration Testing with Dr. SunnyExploring AI's Role in Cybersecuritysound bites"Star Health Insurance suffered a significant data security incident.""There's a hacker and then there's this kind of cool insider twist.""The alleged hackers claimed that Star Health's CISO facilitated the breach.""Insider threats are going to be the risk to prepare for in 2025.""I came from very humble beginnings.""I think coding is like making a painting on a blank canvas.""I want to capitalize on the experience I already have in web API.""I use AI almost every day on every pen test.""I actively do bug hunting.""I want to make sure that if there's anything I can share to help."chapters00:00 Data Breach at Star Health Insurance06:06 Insider Threats and Whistleblowers07:05 Introduction to Dr. Sunny Ware30:14 Dr. Sunny's Career Path and Penetration Testing37:00 Lifestyle Polygraph with Dr. Sunny48:55 Key Takeaways and Closing Thoughts

This week, CEO, Nicole Salazar and Founder, Dr. Baljeet Malhotra of TeejLab join Megan and Brad to discuss all things Open Source and API Risk Management. Along with a brief review of Dr. Malhorta's background, the group discusses TeejLab's origins and discuss a new API workshop. About FRSecure https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

Colin Domoney, CTO and co-founder of Thinking of U, shares his career journey in cybersecurity and his expertise in API security. He started as a kid building electronics and crypto systems, which led him to develop battle-hardened defense systems. He gravitated towards software and eventually got into AppSec, diving into the deep end and fixing a million AppSec vulnerabilities. Colin emphasizes the importance of developers having security skills and offers advice on how to build something cool that is also secure. He discusses the unique challenges and opportunities in API security and the role of AI in the industry.TakeawaysDevelopers with security skills are highly sought after in the industry.API security requires a different approach compared to standard web app security.API security encompasses a wide range of tools and techniques, from shift left to runtime protection.Colin's book, Defending APIs, is aimed at anyone tasked with defending APIs, with a focus on developers.AI is a powerful tool that accelerates learning and problem-solving in various areas, including cybersecurity.AI creates both opportunities and challenges in the industry, and it is important to stay informed and adapt to its impact.

API Security for EveryoneListen to Agent of Influence with Buchi Reddy, Founder & CEO, of Levo.ai to dive deep into proactive API security measures and how to simplify API inventory. + + +Find more episodes on YouTube or wherever you listen to podcasts, as well as at netspi.com/agentofinfluence.

SummaryIn this episode, the hosts discuss the importance of representation in cybersecurity, highlighting a documentary that showcases the experiences of women and underrepresented groups in the industry. They are joined by Confidence Stavely, founder of the CyberSafe Foundation, who shares her personal journey from a victim of cybercrime to a leader in promoting digital safety and inclusion in Africa. The conversation explores themes of overcoming challenges, the significance of passion in career choices, and the responsibilities of leadership in creating opportunities for others. Confidence also discusses her creative approach to making complex topics accessible through her YouTube series, API Kitchen, and emphasizes the importance of mobilizing resources to empower the next generation in tech.TakeawaysThe documentary highlights the importance of representation in cybersecurity.There are solutions to the challenges faced by underrepresented groups.Personal experiences can drive a passion for change in the industry.Education is a key factor in overcoming barriers to entry in tech.Leadership should focus on values and empowering team members.Creativity can be a powerful tool in communicating complex ideas.API Kitchen was created as a response to gender stereotypes in tech.Cybersecurity skills can significantly change lives and communities.It's essential to hold the door open for others in the industry.Passion is a driving force behind career success.Chapters00:00 The Impact of Representation in Cybersecurity05:47 Confidence Stavely's Journey and CyberSafe Foundation12:00 Overcoming Challenges and Pursuing Passion18:00 Leadership and Responsibility in Cybersecurity24:12 Creativity and Communication in Tech29:46 Personal Growth and Future Aspirations

Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJoin us on this episode of Cyber Work with Katie Paxton-Fear, an API hacker and technical marketing manager at Traceable, known for her YouTube channel InsiderPhD. Dive into API security, common defense mistakes and bug bounty insights. Listen as Paxton-Fear shares her academic journey blending tech and linguistics, her pioneering NLP work on insider threats and tips on becoming an API security expert. Learn about detecting insider cyber threats, the role of AI in securing APIs and essential resources to enhance your cybersecurity skills. Plus, explore the dynamic world of freelance ethical hacking, the role of a technical marketer and the significance of resonant content creation. Stay tuned for a comprehensive guide to elevating your API security know-how and cybersecurity career!View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast00:00 - Introduction to Katie Paxton-Fear01:48 - Katie's journey into tech and cybersecurity05:23 - Combining tech and language15:34 - From academia to YouTube21:30 - API security: challenges and insights26:38 - The role of AI in API security30:28 - API key management and security31:08 - Common API key breaches32:15 - Preventing API key leaks33:39 - The importance of key rotation34:31 - Getting started in API security35:36 - Recommended resources for API security37:32 - Hands-on API hacking45:28 - The bug bounty community50:32 - Role of a technical marketing manager53:45 - Career advice and final thoughtsAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

In this episode of Breaking Badness, we dive deep into the critical world of API security and governance, uncovering key strategies to keep data safe in today's threat landscape. Special guests Matthias Friedlingsdorf (iVerify), Tristan Kalos (ESCAPE), and Aqsa Taylor (Gutsy) join the conversation to share their experiences with detecting advanced threats like Pegasus, the importance of API governance, and the powerful role bug bounty programs play in identifying critical vulnerabilities. Whether you're an API developer, cybersecurity professional, or someone navigating the risks of mobile device exploits, this episode will arm you with the knowledge to better protect your digital assets.

In our latest podcast episode featuring Jeremy Snyder, Founder & CEO of FireTail.io, we explored the evolving cybersecurity landscape and the crucial role of API security in protecting modern enterprises and IoT devices.

In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/lebin/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Summary:In this episode, Gene discusses management principles and leadership strategies for senior leaders and aspiring entrepreneurs with Tom Heiser, previously CEO of ClickSoftware, EVP at EMC, and President at RSA the cyber division of EMC. They cover topics such as opening the aperture, balancing strategy and tactics, embracing change, connecting the dots, and more. The conversation emphasizes the importance of learning from tough times, setting a clear vision, and problem-solving with a positive mindset.TakeawaysBalancing strategy and tactics is crucial for success in leadership roles.Embracing change and learning from tough times are essential for personal and professional growth.The rule of 15 degrees emphasizes the importance of iteration and continuous improvement in business strategies.Asking 'why' five times to find the root cause is a valuable problem-solving technique.Maintaining a positive mindset and focusing on the achievable is key to overcoming challenges in leadership and business.Setting a clear vision and connecting the dots between current state and desired state is essential for success in business and leadership.

In this Brand Story episode, hosts Sean Martin and Marco Ciappelli welcome Lebin Cheng from Imperva to discuss the ever-important topic of API security. As the head of the API security team at Imperva, Lebin Cheng offers a nuanced view into the challenges and solutions involved in protecting sensitive data facilitated by APIs. A central theme of the discussion revolves around API security's complexity due to APIs' role in digital transformation, cloud migration, and data integration. APIs act as a gateway for data interaction and integration, offering flexibility but also introducing significant security risks.Cheng underscores that as APIs provide open access to critical data, they become prime targets for sophisticated cyber threats. These threats exploit vulnerabilities in API deployments, making robust security measures indispensable. Cheng highlights the importance of securing APIs not as a one-time effort but as an ongoing process. He discusses how Imperva employs real-time monitoring and behavioral analysis to enhance API security. By establishing a baseline of what constitutes normal behavior, Imperva can quickly detect and respond to anomalies. This approach goes beyond traditional, static security measures, which often fall short against dynamic threats that evolve alongside technology.Additionally, the conversation touches on the notion of 'security by design.' Cheng advocates for integrating security considerations from the earliest stages of API development. This results in more resilient applications capable of withstanding sophisticated attacks. The discussion also notes the growing trend of DevSecOps, which emphasizes the collaboration between development, security, and operations teams to embed security throughout the software development lifecycle. Real-world applications of these principles are evident in various sectors, including open banking.Cheng explains how open banking initiatives, which allow smaller financial institutions to access larger banks' data via APIs, highlight the necessity of strong API security. A breached API could expose sensitive financial data, leading to significant financial and reputational damage. The hosts and Cheng also explore how Imperva's innovation in API security involves leveraging artificial intelligence and machine learning. These technologies help in identifying and mitigating potential risks by analyzing vast amounts of data to detect unusual patterns that might indicate a security threat.In closing, Cheng emphasizes the importance of continuous innovation and vigilance in the field of API security. He invites organizations to adopt a proactive stance, continuously updating their security measures to protect their data assets effectively. This episode serves as a compelling reminder of the critical role API security plays in today's interconnected digital world.Learn more about Imperva: https://itspm.ag/imperva277117988Note: This story contains promotional content. Learn more.Guest: Lebin Cheng, VP, API Security, Imperva [@Imperva]On LinkedIn | https://www.linkedin.com/in/lebin/ResourcesLearn more and catch more stories from Imperva: https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Jim Alkove, CEO and co-founder of Olaria, shares his career journey and insights on cybersecurity training and becoming a board advisor. He emphasizes the importance of starting at the beginning and gaining experience in software engineering during his time at Microsoft. Alkove highlights the need for a more diverse pool of candidates and situational training to meet the workforce demands of the cybersecurity industry. He also discusses the significance of company culture and values in building successful teams. Alkove provides advice on moving laterally to gain broader skills and transitioning to advisory roles in early-stage companies.Key TakeawaysMove laterally to gain broader skillsets while in early-stage of careers.Training needs to be more accessible to a diverse pool of candidates in order to meet the demands of the cybersecurity industry.Company culture and values are crucial in building successful teams.Write down your goals, be humble, and be open to learning and criticism.

Send us a textCan API gateways really be the ultimate shield against cyber threats? Prepare to uncover the secrets of API security as we dissect CISSP Domain 8.5 in this episode of the CISSP Cyber Training Podcast. We'll walk you through practice questions that decode the most common API vulnerabilities and why denial of service isn't always the primary threat. Discover how an API gateway centralizes security and learn about essential authentication mechanisms like OAuth for secure token-based exchanges. We'll also discuss best practices for securely managing API keys and the critical role of input validation in fending off SQL injection attacks.Ever wondered how to forge strong alliances to combat cyber threats? Explore the extensive capabilities of Reduce Cyber Risk in our segment on Cyber Risk Reduction Partnerships. With our deep-rooted experience in IT, we detail how our tailored cybersecurity solutions, from penetration testing to insider risk training, can fortify your defenses. Learn how our strategic partnerships with IT professionals enhance our service offerings, providing customized security assistance and training. Tune in and elevate your cybersecurity game with actionable insights and expert advice.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

In this episode, Gene Fay interviews Ed Adams, President and CEO at Security Innovation, about his journey into cybersecurity and his work in advancing software security practices. Ed shares his story of transitioning from quality assurance in software at Rational Software to founding Security Innovation, a company focused on application security and training. Ed also dives into his book, See Yourself in Cybersecurity Careers Beyond Hacking, which highlights the many career paths available in the cybersecurity industry beyond hands-on keyboard roles. He discusses the cybersecurity talent shortage, particularly how it affects underrepresented groups, and the need for organizations to rethink how they hire and retain talent.Takeaways:There are many ways to start a career in cybersecurity, even from non-technical backgrounds.Security is an integral part of software quality can help developers and organizations create more secure, reliable applications.The book, See Yourself in Cybersecurity Careers Beyond Hacking, focuses on educating the next generation of cybersecurity professionals and promoting diversity in the field.The cybersecurity talent shortage is not about the lack of skilled individuals, but about outdated hiring practices and insufficient investment in talent development.

Do security tests and APIs leave you confused? Expert Bas Dijkstra makes API testing look easy and shares the essentials every dev ops professional needs to know.You'll learn how to spot and fix common API vulnerabilities, including sneaky JavaScript injections to the all-too-common broken object-level authorization. With hands-on demos and practical advice, you'll discover how to fortify your APIs against real-world threats. But that's not all—Bas also gives us a sneak peek into his upcoming contract testing course, perfect for anyone looking to master integration testing and ensure seamless API communication.❓What did you think of the show? Leave your anonymous feedback:https://forms.gle/Df5sDABiNMQn4YSj7CONNECT WITH BAS DIJKSTRA

Joe Ohr and Joe Lynch discuss cyber threats and solutions in the supply chain. Joe Ohr is the Chief Operating Officer at The National Motor Freight Traffic Association (NMFTA), a nonprofit membership organization that represents the interests of less-than-truckload (LTL) carriers. Summary: Cyber Threats and Solutions in the Supply Chain Joe Ohr and Joe Lynch discuss cyber threats and solutions in the supply chain. Joe Ohr is the Chief Operating Officer at The National Motor Freight Traffic Association (NMFTA), a nonprofit membership organization that represents the interests of less-than-truckload (LTL) carriers. Joe and Joe discuss the critical role of cybersecurity in the supply chain, transportation, and logistics space. In our digital era, cyber threats like ransomware from organized, state-sponsored groups pose significant risks to global supply chains. With extensive connectivity across multi-tier supplier networks, stringent authentication, encryption, and zero-trust models are crucial for secure data sharing and mitigating vulnerabilities. The rise of cargo theft through cybersecurity loopholes demands robust countermeasures like two-factor authentication and restricted access controls. As cybersecurity becomes a necessity for critical industries, we explore strategies, predictions, API security, and securing legacy maintenance software. This information offers valuable insights for cybersecurity professionals. The NMFTA Cybersecurity Conference, happening October 27-29, 2024, is the premier event for trucking and supply chain cybersecurity professionals. Join industry leaders to discuss and learn about the latest threats, solutions, and best practices to protect North America's vital supply chain. #CybersecurityInLogistics #SupplyChainResilience #FightingRansomware About Joe Ohr Joe Ohr has more than two decades of experience in technical operations, customer success management, IT, customer support, and product support. Currently serving as the Chief Operating Officer for the National Motor Freight Traffic Association, Inc. (NMFTA)™, he plays a pivotal role in helping to advance the industry through digitization, classification, and cybersecurity. Prior to Ohr's role at NMFTA, he served as in numerous IT, engineering and operations positions at Qualcomm and Eaton, and most recently held the position of Senior Vice President of Operations/Customer Experience at Omnitracs. Throughout his career, Ohr has provided strategic guidance, vision, and a roadmap for addressing long-term customer challenges. He has played a key role in accelerating revenue growth and has collaborated closely with IT, product, and engineering teams to foster stronger partnerships with strategic customers and peers. Additionally, Ohr has overseen post sales customer support and service teams, as well as operations, managing a workforce of over 400 individuals. He holds multiple certifications such as CCNA from Cisco and MCSE from Microsoft and earned his Bachelor of Science in Education from the Ohio State University. Due to his contributions to the industry, he earned a spot in the Inner Circle in 2015 and 2018 from Qualcomm and Omnitracs. About NMFTA The National Motor Freight Traffic Association, Inc. (NMFTA™) is a non-profit membership organization headquartered in Alexandria, Virginia. It is the world's leading organization representing the interests of less-than-truckload (LTL) carriers. The association's membership is comprised of motor carriers operating in interstate, intrastate, and foreign commerce. NMFTA provides critical services to the industry in the form of classification standards, identification codes, digital operation standards, and support for cybersecurity within the industry. Key Takeaways: Cyber Threats and Solutions in the Supply Chain Insights into cyber threats and solutions in the supply chain industry NMFTA's role in promoting and advancing trucking through research, education, and lobbying Cybersecurity leader Joe Ohr's journey from teaching to IT and nonprofit cybersecurity Ransomware as a major cyber threat in transportation and logistics Increasing cybersecurity risks in global supply chains due to API connectivity Cargo theft risks through cybersecurity loopholes and mitigation strategies Cybersecurity becoming mandatory, with companies facing compliance challenges Timestamps (00:00:02) Cyber Threats and Solutions in Supply Chain (00:06:41) Continuing Business Operations After Cyber Attack (00:10:39) Joe Ohr's Background and Career Path (00:15:56) Ransomware Risks and Compliance Concerns (00:20:15) API Security and Deployment Challenges (00:24:51) Offshoring Considerations and Trimble Insight Conference (00:27:45) Cargo Theft and Cybersecurity Connections (00:33:40) NMFTA Cybersecurity Conference Overview (00:40:53) Data Sharing Concerns and Supply Chain Impacts (00:43:02) Compliance Mandates and Industry Expectations (00:46:38) Trimble Sponsorship and Conference Details (00:50:58) Closing Remarks on NMFTA Conference Learn More About Cyber Threats and Solutions in the Supply Chain Joe Ohr | Linkedin NMFTA | Linkedin NMFTA | Facebook NMFTA | Twitter/X NMFTA | Instagram NMFTA | YouTube Channel NMFTA NMFTA Cybersecurity Conference Simplifying the Complex: NMFC to Undergo Major Changes in 2025 with Keith Peterson | The Logistics of Logistics Episode Sponsor: Trimble Transportion 2024 Insight Tech Conference Revolutionizing the Road: Trimble's Tech Solutions with Kelly Williams | The Logistics of Logistics The Logistics of Logistics Podcast If you enjoy the podcast, please leave a positive review, subscribe, and share it with your friends and colleagues. The Logistics of Logistics Podcast: Google, Apple, Castbox, Spotify, Stitcher, PlayerFM, Tunein, Podbean, Owltail, Libsyn, Overcast Check out The Logistics of Logistics on Youtube

This week, Tony Bryan, Executive Director of CyberUp, sat down with a true cybersecurity trailblazer—Jeremy Snyder, CEO and Founder of FireTail! We talked about the critical role of API security in today's digital world. Did you know that APIs are the backbone of modern digital ecosystems? In this episode, Tony and Jeremy will dive into why API security is more important than ever, how to protect these vital connections from hacks, and what you need to know to stay ahead in your cybersecurity career.Whether you're looking to bolster your skills or simply stay informed, this is a conversation you won't want to miss!Tune in and Level Up Your Cyber Game!#LevelUpCyber #APISecurity #Cybersecurity #TechTalk #CareerGrowth

The exposed and public nature of application programming interfaces (APIs) come with risks including the increased network attack surface. Zero trust principles are helpful for mitigating these risks and making APIs more secure. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), McKinley Sconiers-Hasan, a solutions engineer in the SEI CERT Division, discusses three API risks and how to address them through the lens of zero trust.    

In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment.Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations.The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape.A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards.Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem.The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively.The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors.For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets.Learn more about Akamai: https://itspm.ag/akamaievkiNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai [@Akamai]On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this Brand Story episode as part of the On Location Podcast series, Sean Martin speaks with Rupesh Chokshi, who leads the application security business at Akamai. Connecting directly from Black Hat in Las Vegas, the discussion provides an in-depth look into the world of application security, APIs, and the challenges organizations face in today's technology-driven environment.Rupesh Chokshi starts by highlighting Akamai's evolution from an innovative startup focused on improving internet experiences to a global leader in powering and protecting online activities. He emphasizes that Akamai handles trillions of transactions daily, underlining the massive scale and importance of their operations.The conversation shifts to the pivotal role of APIs in the digital economy. With every company now being an 'app company,' APIs have become the lifeline of digital interactions, from financial services to entertainment. Chokshi points out that many organizations struggle with cataloging and discovering their APIs, a critical step for ensuring security. Akamai assists in this by employing scanning capabilities and data flow analysis to help organizations understand and protect their API landscape.A significant part of the discussion focuses on the security challenges associated with APIs. Chokshi details how attackers exploit APIs for data breaches, financial fraud, and other malicious activities. He cites real-world examples to illustrate the impact and scale of these attacks. Chokshi also explains how attackers use APIs for carding attacks, turning businesses into unwitting accomplices in validating stolen credit cards.Chokshi emphasizes the importance of proactive measures like API testing, which Akamai offers to identify vulnerabilities before code deployment. This approach not only bolsters the security of APIs but also instills greater confidence in the enterprise ecosystem.The discussion also touches on the broader implications of API security for CISOs and their teams. Chokshi advises that the first step is often discovery and cataloging, followed by ongoing threat intelligence and posture management. Using insights from Akamai's extensive data, organizations can identify and mitigate threats more effectively.The episode concludes with Chokshi reinforcing the importance of data-driven insights and AI-driven threat detection in safeguarding the API ecosystem. He notes that Akamai's vast experience and visibility into internet traffic allow them to provide unparalleled support to their clients across various sectors.For anyone looking to understand the complexities of API security and how to address them effectively, this episode offers valuable insights from two leaders in the field. Akamai's comprehensive approach to application security, bolstered by real-world examples and expert analysis, provides a robust framework for organizations aiming to protect their digital assets.Learn more about Akamai: https://itspm.ag/akamaievkiNote: This story contains promotional content. Learn more.Guest: Rupesh Chokshi, SVP & General Manager, Application Security, Akamai [@Akamai]On LinkedIn | https://www.linkedin.com/in/rupeshchokshi/ResourcesLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiView all of our Black Hat USA  2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode, Gene Fay interviews Sammy Migues, Principal at Imbricate Security, about his journey into cybersecurity and his work on the Building Security in Maturity Model (BSIMM). Sammy shares his experience starting in computer science in the late 1970s and how he became a computer security professional. He explains the motivation behind creating the BSIMM and how it helps organizations measure and improve their software security practices. Sammy also discusses the trifecta for career success, which includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization. Finally, Sammy shares his thoughts on the cybersecurity shortage and the challenges in hiring and retaining skilled professionals.TakeawaysStarting a career in cybersecurity can begin with a degree in computer science and a willingness to adapt and learn as the industry evolves.The Building Security in Maturity Model (BSIM) is a framework that helps organizations measure and improve their software security practices.The trifecta for career success in management includes setting a strategy, translating business objectives into actionable steps, and contextualizing skills within the organization.The cybersecurity shortage is not just a lack of professionals, but also a result of challenging hiring processes and unrealistic job requirements.

Makes best-in-class API protection available for free to organizations of all sizes. “What we figured is, okay, let's just make it super easy for anybody within an organization,” says Jeremy Snyder, CEO of FireTail. FireTail has announced a free version of its enterprise-grade API security tools, making them accessible to developers and organizations of all sizes. “No need for bureaucracy, approvals, process, whatever. You want to understand if there's a risk and what that risk is, just on board, just get started. And that's where we really feel like the value of the free plan is. You can connect any of your existing cloud environments where you've started to build and run APIs in about 10 to 15 minutes. And in under half an hour, you'll have a clear picture of what some of the top risks to your environment are. And if you leave it running for even a little bit longer, you'll start to be able to observe behaviors and detect malicious activity as it's happening across your environment.” In June, FireTail, a disruptor in API security, unveiled free access for all to its cutting-edge API security platform. This initiative opens the door for developers and organizations of any size to access enterprise-level API security tools. In this podcast we learn: FireTail's unique combination of open-source code libraries, inline API call evaluation, security posture management, and centralized audit trails helps eliminate vulnerabilities and protect APIs in real-time. The free plan covers up to 5 APIs, includes 1M API call logs per month, offers 7 days of data retention, and provides clear developer support. “They hear these promises about ephemeral infrastructure and scale up and scale down and scale out and scale in and really only consume the exact amount of infrastructure that you need. But what they're finding is that if they don't change their apps to make that possible, they're just running servers on somebody else's platform. As they go through that second transformation, inevitably, they come across a point where they have to start making decisions about architectures and APIs start bubbling up to the forefront. They take monolithic applications; they break them down into components that all talk over APIs. They take third-party integrations that they are starting to bring on board, and that all happens over APIs.” Perfect for developers and small to medium-sized organizations needing to secure up to 5 APIs, FireTail's free tier includes comprehensive API security features such as discovery, inventory, assessment, detection and response, and inline runtime protection. See press release here.

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies: CSOs/CISOs for their focus on security CTOs for their focus on innovation CIOs for their focus on operational efficiency Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results. Segment Resources:  www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/bsw-354

Summary:In this episode, Gene Fay interviews Jeff Hudesman, CISO at Pinwheel, about his career in cybersecurity. Jeff shares his journey from starting as an intern at Memorial Sloan Kettering Cancer Center to working at Sony and eventually joining Pinwheel. He discusses the differences between working in large companies like Sony and startups, highlighting the ability to be impactful and the agility of startups. Jeff also shares an anecdote about a security incident at a water treatment facility and emphasizes the importance of planning in cybersecurity.Takeaways:Working in both large companies and startups can provide valuable experiences in cybersecurity.Startups offer the opportunity to be impactful and make a significant difference.Cybersecurity incidents can occur even in critical infrastructure facilities like water treatment plants.Planning is indispensable in cybersecurity, as threats are dynamic and constantly changing.

On this episode of The Cybersecurity Defenders Podcast, we talk API security with Jeremy Snyder, Founder and CEO at FireTail.io.FireTail.io is a pioneering company specializing in end-to-end API security. With APIs being the number one attack surface and a significant threat to data privacy and security, Jeremy and his team are at the forefront of protecting sensitive information in an increasingly interconnected world.Jeremy brings a wealth of experience in cloud, cybersecurity, and data domains, coupled with a strong background in M&A, international business, business development, strategy, and operations. Fluent in five languages and having lived in five different countries, he offers a unique global perspective on cybersecurity challenges and innovations.FireTail.io's data breach tracker.vacuum - The world's fastest OpenAPI & Swagger linter.Nuclei - Fast and customisable vulnerability scanner based on simple YAML based DSL.

Guests: Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/On Twitter | https://x.com/HoutMadeleinPaul McKay, Vice President, Research Director at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Human Side of CybersecurityInfosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.Reimagining Cybersecurity: Back to the FutureThe episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.The Reality of Cybersecurity InnovationMadeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.API Security: A Case for ConsolidationBoth Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.The Human Element and Mental HealthOne of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."Training and Educating Future TalentThe conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.Cybersecurity's Future: More Than Just a Business ProblemMadeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.Data-Driven Decision Making: The Key to Security's EvolutionSean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.Conclusion: A Call for Innovation and HumanityThe episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Guests: Madelein van der Hout, Senior Analyst Security & Risk at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/madelein-van-der-hout-65452025/On Twitter | https://x.com/HoutMadeleinPaul McKay, Vice President, Research Director at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/paul-mckay-5304a115/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Human Side of CybersecurityInfosecurity Europe 2024 in London brought together some of the industry's most knowledgeable professionals. Marco Ciappelli and Sean Martin, your hosts, were joined by Madeline Van Der Hout, Paul McKay, both from Forrester, and various other experts to discuss the latest trends, challenges, and solutions within the cybersecurity landscape. This exciting episode of "On Location With Marco and Sean" dives deep into essential topics such as the significant role of the human element in cybersecurity, skill shortages, industry fragmentation, and future trends.Reimagining Cybersecurity: Back to the FutureThe episode begins with a nostalgic touch as Sean Martin and Marco Ciappelli discuss the iconic movie "Back to the Future". Drawing a parallel between the film's theme of time travel and the evolving cybersecurity landscape, they emphasize how the industry might benefit from lessons of the past while anticipating the future.The Reality of Cybersecurity InnovationMadeline Van Der Hout and Paul McKay shed light on the changing dynamics of cybersecurity events. Paul mentions that events like Infosecurity Europe must now compete with other regional events like CyberSec Europe in Brussels. This healthy competition fosters localized insights and innovations.Madeline adds that cybersecurity innovation often stems from startups. She believes these events stimulate larger vendors to communicate with smaller startups, thus supporting the entire ecosystem.API Security: A Case for ConsolidationBoth Paul and Madeline reflect on the notable presence of API security vendors at the conference. Madeline points out the consolidation in the market driven by various approaches to API security. CISOs today expect API security to be an integral part of their infrastructure, driving the conversation towards prioritization and efficient resource management.The Human Element and Mental HealthOne of the crucial points discussed was the significant skill shortage in the cybersecurity industry. Madeline stresses the need for more conversations around mental health and burnout prevention among cybersecurity professionals. Paul supports this by highlighting common hiring challenges where organizations are often looking for the "purple squirrel" or the "five-legged sheep."Training and Educating Future TalentThe conversation moves towards the barriers to entry for new talent in the industry. Both experts agree that focusing on certifications alone can create a class divide. Paul argues that this practice restricts access to the industry for those unable to afford costly certifications.Madeline emphasizes the need to work closely with HR departments to create better job profiles and hiring practices. This could alleviate some of the industry's talent shortages.Cybersecurity's Future: More Than Just a Business ProblemMadeline takes a broader view by asserting that cybersecurity is not just a business problem. It's a civilian issue as well, affecting everyone with a digital footprint. She encourages leveraging the power of informed voting and education to address cybersecurity at a societal level.Data-Driven Decision Making: The Key to Security's EvolutionSean Martin concludes by discussing the immense data available in the cybersecurity sector. He emphasizes the potential for the industry to drive businesses by making better, data-driven decisions. Paul agrees, pointing out the need for cybersecurity to evolve similarly to how the CIO function has over the years.Conclusion: A Call for Innovation and HumanityThe episode wraps up by reinforcing the focus on the human element. Marco highlights the need to utilize existing resources effectively rather than being distracted by the latest technological gadgets. Madeline's call to talk more about humans in every cybersecurity breach serves as a profound takeaway.As the conversation echoes through the media room at Infosecurity Europe 2024, it's clear that the journey forward in cybersecurity involves a blend of technology, human touch, and innovative thinking.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageOn YouTube:

Hello, cybersecurity enthusiasts! Welcome to a brand-new episode of "On Location with Sean Martin and Marco Ciappelli" at InfoSecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks.The High Energy at InfoSecurity Europe 2024Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at InfoSecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead.The Importance of ResilienceIn recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems.The Rise in DDoS AttacksTransitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact.The Role of Akamai in Protecting Against DDoSRichard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (POPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands.Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems.Evolution of DDoS AttacksSean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks.The Financial Sector: A Prime TargetThe financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence.Comprehensive Protection StrategyRichard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats.In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable services to their customers.For more in-depth insights, be sure to check out Akamai's latest report and explore their extensive back catalog of valuable cybersecurity resourcesLearn more about Akamai: https://www.akamai.com/Note: This story contains promotional content. Learn more.Guest: Richard Meeus, Director, Security Technology and Strategy, Akamai [@Akamai]On LinkedIn | https://www.linkedin.com/in/richard-meeus/ResourcesFighting the Heat: EMEA's Rising DDoS Threats: https://itspm.ag/akamaievkiLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Welcome to a brand-new episode of On Location with Sean Martin and Marco Ciappelli at Infosecurity Europe 2024 in London. Today, Sean hosts a very special guest, Richard Meeus, Director of Security Technology and Strategy, EMEA at Akamai, who will provide us with valuable insights into cybersecurity resilience and the evolving landscape of distributed denial of service (DDoS) attacks.The High Energy at Infosecurity Europe 2024Sean Martin kicks off the conversation by highlighting the vibrant atmosphere at Infosecurity Europe. With a bustling crowd and high energy, it's the perfect setting to look and discuss pressing cybersecurity topics. Richard Meeus appreciates the opportunity to be part of this lively event and shares his excitement for the discussions ahead.The Importance of ResilienceIn recent months, Sean has noticed a growing emphasis on the concept of resilience in cybersecurity conversations. Notably, both Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) are prioritizing resilience to safeguard their organizations. Richard shares his perspective, emphasizing the critical importance of resilience, especially in Europe. He points out that new legislations like NIST 2 and DORA are driving organizations to focus on maintaining the availability of their systems.The Rise in DDoS AttacksTransitioning to the main topic, Sean and Richard discuss the alarming increase in DDoS attacks observed in EMEA (Europe, the Middle East, and Africa). Over the past few years, there has been a significant surge in such attacks, with notable activity driven by hacktivists rather than traditional criminal actors. Richard explains that hacktivists use DDoS attacks to make a statement, often targeting high-profile organizations to maximize their impact.The Role of Akamai in Protecting Against DDoSRichard explains Akamai's pivotal role in defending against DDoS attacks. He highlights Akamai's extensive cloud protection service, boasting a global network with 2,400 points of presence (PoPs). This vast infrastructure allows Akamai to protect some of the world's largest and most prominent brands.Richard explains the importance of shifting the burden of DDoS defense to the cloud to handle the massive attack traffic. Akamai's scrubbing centers, strategically located worldwide, meticulously clean the incoming traffic, ensuring only legitimate requests reach the client's systems.Evolution of DDoS AttacksSean invites Richard to provide an overview of how DDoS attacks have evolved over the years. While some traditional tactics like sin floods remain prevalent, there has been a resurgence of older techniques like water torture attacks targeting DNS. Richard emphasizes that organizations must protect their entire infrastructure, including APIs, which are increasingly becoming the target of such attacks.The Financial Sector: A Prime TargetThe financial sector is frequently targeted by DDoS attacks, according to Richard. He stresses that the trust customers place in financial institutions is heavily reliant on the availability of their digital services. Any disruption can erode this trust and have a significant material impact on the organization's reputation and customer confidence.Comprehensive Protection StrategyRichard underscores the importance of a comprehensive protection strategy for organizations facing the threat of DDoS attacks. By leveraging Akamai's global network and sophisticated scrubbing techniques, organizations can effectively mitigate the impact of these attacks. The combination of automated defenses and skilled SOC teams ensures real-time protection and rapid response to evolving threats.In this conversation, Sean and Richard reiterate the significance of maintaining trust and resilience in the face of growing cyber threats. With the right strategies, partnerships, and technologies, organizations can safeguard their digital presence and continue to deliver reliable services to their customers.For more in-depth insights, be sure to check out Akamai's latest report and explore their extensive back catalog of valuable cybersecurity resourcesLearn more about Akamai: https://itspm.ag/akamaievkiNote: This story contains promotional content. Learn more.Guest: Richard Meeus, Director, Security Technology and Strategy, Akamai [@Akamai]On LinkedIn | https://www.linkedin.com/in/richard-meeus/ResourcesFighting the Heat: EMEA's Rising DDoS Threats: https://itspm.ag/akamaievkiLearn more and catch more stories from Akamai: https://www.itspmagazine.com/directory/akamaiView all of our InfoSecurity Europe 2024 coverage: https://www.itspmagazine.com/infosecurity-europe-2024-infosec-london-cybersecurity-event-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation spans James's career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. The discussion concludes with insights into James's initiative, Latio Tech, which aims to help security professionals evaluate and understand application security products better. James Berthoty's LinkedIn post: AppSec Kool-Aid Statements I Disagree Withhttps://www.linkedin.com/posts/james-berthoty_appsec-kool-aid-statements-i-disagree-with-activity-7166084208686256128-tb1U?utm_source=share&utm_medium=member_desktopWhat is Art by Leo Tolstoyhttps://www.gutenberg.org/files/64908/64908-h/64908-h.htmFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Send us a Text Message.Todays episode contains basics of API Security. The podcast covers the following topics:00:00 Introduction00:51 What is API?04:53 Common Terms Associated with API09:23 API Landscape10:58 What is API Security?12:32 API Security Risks15:02 OWASP Top 10 for API Security15:39 API Attack Workflow18:29 Story of Real API related Security Incident19:17 API Security Best Practises20:21 API Security Market Landscape24:41 Appsec vs API SecurityLink to my blog on "API Security Checklist" https://thecyberman.substack.com/p/api-security-checklistSupport the Show.Google Drive link for Podcast content:https://drive.google.com/drive/folders/10vmcQ-oqqFDPojywrfYousPcqhvisnkoMy Profile on LinkedIn: https://www.linkedin.com/in/prashantmishra11/Youtube Channnel : https://www.youtube.com/@TheCybermanShow Twitter handle https://twitter.com/prashant_cyber PS: The views are my own and dont reflect any views from my employer.

“The more that we distribute, the more that we decentralize, the more that we fragment, the more that we go down pathways of things like no code low code, the more that we go down serverless. We're just creating a distributed environment that is a target rich environment for the bad actors and an incredibly difficult landscape for us to manage from a security standpoint.”  - Richard Bird--------Time Stamps(14:39) Cognitive dissonance in cybersecurity (26:01) The role of Zero Trust in a decentralized world(30:51) Misconceptions about Zero Trust(40:48) What does Zero Trust have to do with API Security?(56:36) The future of Zero Trust and API Security --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Richard on LinkedIn

In this episode of 'Cloud Talk', Jeff DeVerter interviews Jeremy Snyder, the founder and CEO of Firetail, a company that specializes in end-to-end API security. Jeremy discusses the evolution of Firetail, from its beginnings as an open-source code library for inline authentication and authorization checks for APIs, to its current platform that includes API discovery and assessment features. Jeremy also talks about Firetail's customers, which include cloud-native, API-centric companies in various verticals, as well as enterprises undergoing cloud transformation. Jeremy shares his excitement about the future of Firetail, including the integration of AI capabilities into their platform, and the potential for integrating their tool with developers' IDEs. Jeff and Jeremy also discuss the challenges of organizational change and the importance of communication between teams. The conversation concludes with Jeremy discussing the future of Firetail and the potential for growth in the API security space.

Eyal Solomon, CEO and co-founder of Lunar.dev, joins SE Radio's Kanchan Shringi for a discussion on tooling for API consumption management. The episode starts by examining why API consumption management is an increasingly important topic, and how existing tooling on the provider side can be inadequate for client-side issues. Eyal talks in detail about issues that are unique to API consumers, before taking a deep dive into the evolution of middleware built by teams and companies to address these issues and the gaps. Finally they consider how Lunar.dev seeks to solve these issues, as well as Eyal's vision of lunar.dev as a open source platform. This episode is sponsored by WorkOS.

Today, we discuss the recent Chirp Systems smart lock vulnerability, Delinea's rapid response to a critical API flaw, and the ongoing debate over ransomware payment policies. Explore the implications of these security breaches and the strategies to enhance digital safety without compromising on the details. Keywords: Cybersecurity, Chirp Systems, Delinea, Ransomware Payment Ban, Smart Locks, API Vulnerability, U.S. Cybersecurity & Infrastructure Security Agency Sources: Chirp Systems Smart Lock Issue: krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak Delinea Secret Server SOAP API Vulnerability: helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability Ransomware Payment Ban Debate: cybersecuritydive.com/news/ransom-payment-ban-pushback/713206 Feel free to let me know if there are any tweaks you'd like to make! Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: Cybersecurity, Chirp Systems, Delinea, Ransomware, Smart Lock Security, API Vulnerability, Digital Safety, Cyber Attack, Security Breach, Tech News Search Phrases: Chirp Systems smart lock security issues Delinea SOAP API vulnerability fix Ransomware payment policy debate Cybersecurity latest news Smart lock vulnerabilities and solutions How to secure digital locks from hackers API security breaches and responses Impact of ransomware payment bans Expert analysis on Chirp Systems breach Preventing unauthorized access in smart devices Transcript: Apr16 Welcome back to the Daily Decrypt. Chirp system's smart locks are compromised With hard coded credentials, potentially unlocking 50, 000 U. S. homes remotely, warns the U. S. Cybersecurity Infrastructure Security Agency, highlighting severe oversight in digital security protocols. What can be done to secure these smart locks and prevent unauthorized remote access? Delinea acted swiftly to patch a critical vulnerability in their secret server SOAP API, which could have allowed attackers to gain administrative access and seize sensitive data. And finally, ransomware victims in the US shelled out 1. 5 billion between May 2022 and June of 2023 amidst heated debates over the effectiveness of ransomware payment bans, as highlighted by the Institute for Security and Technology. What strategies are cybersecurity experts recommending to reduce ransom payments without implementing a ban? In a recent warning issued by the U. S. Cybersecurity and Infrastructure Security Agency, or CISA, an estimated 50, 000 smart locks across the country are vulnerable to breaches due to hard coded credentials that allow remote access. These locks, developed by Chirp Systems, have been criticized for storing sensitive access information within their source code, making them susceptible to unauthorized entries with a CVSS severity rating of 9. 1 out of 10. Despite these concerns, Chirp Systems has yet to respond or collaborate with CISA to address these vulnerabilities. The issue first came to light when Matt Brown, a senior systems development engineer at Amazon Web Services, detected the flaw. Brown, while installing the Chirp app to his Access His Apartment, opted to scrutinize the app's security. He discovered that the app stored passwords and private keystrings in a decodable format, leaving residence doors wide open to potential hackers. In response to his findings, Brown approached his leasing office, which provided him with a 50 NFC key fob as a workaround. However, Brown pointed out that the FOB still transmitted the credentials in plain text, vulnerable to cloning via NFC enabled devices. The parent company of Chirp Systems, RealPage, Inc., is currently facing legal challenges including a massive lawsuit supported by the U. S. Department of Justice and multiple state attorneys general. The suits accuse RealPage of using its software to artificially inflate rents through collusion with landlords, employing algorithms that limit negotiation and push maximum possible rents on tenants. In a swift response to a security breach, Delinea, a leading provider of privileged access management solutions, recently addressed a critical vulnerability in their secret server SOAP API. The company first became aware of the issue late last week and took immediate action by blocking SOAP endpoints for its cloud customers. This precaution was necessary to mitigate any potential unauthorized access. while the cloud service was patched on the same day. By Saturday, Delenia confirmed their awareness of the vulnerability and assured that their engineering and security teams had conducted thorough investigations, revealing no evidence of compromised customer data or attempts to exploit the flaw. By Sunday, the company had released an update for Secret Server on premises, version 11. 7. 000001. Effectively fixing the vulnerability and announcing forthcoming patches for earlier versions upon completion of testing. Moreover, Delinea has provided a guide for customers using on premise versions to help determine if their systems were compromised. This includes instructions to generate custom reports to trace potentially unauthorized access, particularly from unfamiliar IP addresses which could indicate malicious activity. Kevin Beaumont, a security researcher, noted that the temporary unavailability of Delinia's secret server cloud last Friday stemmed from a published blog post by security engineer Johnny Yu, who discovered the vulnerability. Yu's post, which included a proof of concept for creating a golden token allowing admin access, was crucial in prompting the company's rapid response. Delinia has also established a continuous monitoring process updates on their service status to ensure ongoing security for their users. They urge all users to review any unusual audit records and verify the authenticity of the secret server mobile application access as part of their comprehensive security measures. In a report issued this past Wednesday, the Institute for Security and Technology's Ransomware Task Force has decided against the need for a ransomware payment ban. The report highlights several reasons, including concerns that a ban might discourage victims from reporting ransom payments, potentially pushing these transactions underground, and the complexity of any Exempting critical infrastructure. Instead of implementing a ban, the task force recommends focusing on 16 milestones they believe will effectively reduce ransom payments. And there's a quote from the RTF co chairs from an email that says, while a ban may be an easier policy lift than activities designing to drive preparedness, it will almost certainly create the wrong kind of impact. They noted a decline in organizations making payments, suggesting that current strategies may already be making an impact. Despite the resistance to a payment ban, the task force revealed that more than half of their proposed measures are already in progress or completed. These include significant policy changes like the requirement for publicly traded companies to report substantial cyber incidents, and the upcoming rule from CISA mandating that US critical infrastructure entities quickly report cyber attacks and ransom payments. The discussion on how best to tackle ransomware continues to evolve. While the Biden administration previously steered clear of a complete ban on ransomware payments, there are renewed calls for reconsidering this policy. Brett Callow, a threat analyst at Emsisoft, is an outspoken supporter of a ban, suggesting that even if attackers may not be aware of state level bans, a national policy might have a significant deterrent effect. The Ransomware Task Force, by figures like Kemba Walden, the former acting National Cyber Director, advocates for bolstering existing efforts rather than imposing new bans, indicating a strategic commitment to enhance cybersecurity resilience amidst ongoing debates. That's all I got for you today. Thanks for tuning in to this quick, news focused episode. Be sure to tune in later this week for a discussion on HackspaceCon, which just took place last weekend in Florida at Kennedy Space Center. Still working on editing that episode, but dogespan and I discussed our key takeaways and we wanted to share them with you. So stick around for that.

Hosts Sean Martin and Marco Ciappelli delve into the complexities of business logic attacks, with a particular focus on vulnerabilities within APIs. They engage with Luke Babarinde, Global Solutions Architect at Imperva, in a detailed conversation about how cybersecurity threats have evolved in tandem with business processes, tapping into Sean Martin's introduction of the novel concept of a "Workflow Bill of Materials," underlining the necessity of comprehending each step within complex business tasks to defend against potential misuse and abuse.The discussion explores the mechanisms through which attackers leverage business logic for sophisticated, hard-to-detect attacks that pose significant risks to organizations. Through examples, Babarinde illustrates how automated bots and malicious actors can inflict substantial financial damage by exploiting publicly accessible services, highlighting the paramount importance of identifying and counteracting these threats. Moreover, the episode addresses the impact of artificial intelligence and machine learning in enhancing cybersecurity defenses while also expanding attackers' arsenals. The conversation reflects on the dual effects of these technologies, especially concerning API usage, which now dominates a considerable volume of internet traffic and is integral to digital services.Babarinde also emphasizes the crucial role of human interaction in cybersecurity, advocating for substantive dialogue between security experts and business leaders to align on strategies and comprehend the motivations behind attacks. This human-centered approach, augmented by the technological solutions offered by entities like Imperva, is portrayed as the foundation of effective cybersecurity strategies amid continuously evolving threats.Overall, the episode offers an exhaustive overview of both the challenges and strategies associated with business logic attacks, promoting a collaborative and informed stance on cybersecurity in the face of progressing threats.Top Questions Addressed:What are business logic attacks and why are they important to understand?How do artificial intelligence and machine learning impact cybersecurity strategies?Why is collaboration between security experts and business leaders crucial in combating cyber threats? Note: This story contains promotional content. Learn more. Guest: Luke Babarinde, Global Solution Architect at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/lbabs/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Report: The State of API Security in 2024: https://itspm.ag/imperv7szgWhat is business logic?Rise in API Usage and Attacks Putting Businesses at Risk in 2024Protect applications from business logic abuseCatch more stories from Imperva at https://www.itspmagazine.com/directory/impervaAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & Control Over Your API Attack Surface This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security! Show Notes: https://securityweekly.com/esw-354

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & Control Over Your API Attack Surface This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security! In the enterprise security news, Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-354

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & Control Over Your API Attack Surface This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security! In the enterprise security news, Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-354

While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: API Security Basics - Everything You Need to Know Graylog API Security - Gain Visibility & Control Over Your API Attack Surface This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security! Show Notes: https://securityweekly.com/esw-354

A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-276

A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they're a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps organizations can take to protect their APIs. This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them! Show Notes: https://securityweekly.com/asw-276

Doug Hudson is our feature interview this week. News from American Ninja Warrior, Vinyl Media Pressing, Ball Aerospace, Techstars, Colorado Public Defender's Office, Invictus Systems,Todyl, Red Canary, Ping Identity, zvelo and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel American Ninja Warrior Adventure Park opening in Denver Inside the River North Art District's new vinyl-record-making plant Ball Aerospace now called Space & Mission Systems, but company's base to remain Colorado Techstars moving HQ out of Colorado and ending its Boulder accelerator Colorado shows a highly educated population isn't a safeguard against falling victim to fraud Cyberattack shuts down Colorado public defender's office Virginia-based cybersecurity firm expands to Colorado, set to bring up to 130 jobs Denver cybersecurity startup raises $50M to double headcount, open new offices Introducing Red Canary's multicloud launch Is MFA Enough to Stop Adversary-in-the-Middle Attacks? Malicious AI: The Rise of Dark LLMs Job Openings: Pax8 - Sr Director of Security Operations Pax8 - Trust & Security Program Operations Bank of America - Senior Cyber Crime Specialist Bank of America - Information Security Mainframe Security Engineering Team Manager Colas - Information Security Manager NREL - Chief Cybersecurity Engineer CommonSpirit Health - Cybersecurity Sr Engineer Penetration Tester Pulte Mortgage - Manager of Information Security Operations Maxar - Cybersecurity Vulnerability Management Analyst Jefferson County - Cybersecurity Analyst II Upcoming Events: This Week and Next: ISSA Denver - March Chapter Meeting, "Better Together: Why Leaders Make Good Privacy Champions" by Mike Pedrick - 3/13 CSA Colorado - March Meeting: A Pentester's Guide to API Security - 3/19 ISSA Denver - Women in Security presents: An Evening with Gail Coury - 3/20 ISACA Denver - March Chapter Meeting: The Human Factors of Security, Compliance, and Risk Management - 3/21 ISC2 Pikes Peak - March Meeting - 3/27 ISSA COS - Cyber Focus Week - 3/27-29 Let's Talk Software Security - Application Security Posture Management: Rebrand or Revolution? 3/28 Red Canary Live - 4/6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Yoav Nathaniel, co-founder and CEO, Silk Security. In this episode: Why does it seem like securing APIs is so hard? Is it just a matter of complexity?  Why does it seem like we can't go a week without hearing reports of a data leak caused by a failure in API security? Why do organizations struggle with API security? Thanks to our podcast sponsor, Silk Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

In this episode of CISO Tradecraft, host G Mark Hardy converses with Cassie Crossley, author of the book on software supply chain security. Hardy explores the importance of cybersecurity, the structure of software supply chains, and the potential risks they pose. Crossley shares her expert insights on different software source codes and the intricacies of secure development life cycle. She highlights the significance of Software Bill of Materials (SBOM) and the challenges in maintaining the integrity of software products. The discussion also covers the concept of counterfeits in the software world, stressing the need for continuous monitoring and a holistic approach towards cybersecurity. Link to the Book: https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2 Transcripts: https://docs.google.com/document/d/1SJS2VzyMS-xLF0vlGIgrnn5cOP8feCV9 Chapters 00:00 Introduction 01:44 Discussion on Software Supply Chain Security 02:33 Insights into Secure Development Life Cycle 03:20 Understanding the Importance of Supplier Landscape 05:09 The Role of Security in Software Supply Chain 07:29 The Impact of Vulnerabilities in Software Supply Chain 09:06 The Importance of Secure Software Development Life Cycle 14:13 The Role of Frameworks and Standards in Software Supply Chain Security 17:39 Understanding the Importance of Business Continuity Plan 20:53 The Importance of Security in Agile Development 24:01 Understanding OWASP and Secure Coding 24:20 The Importance of API Security 24:50 The Concept of Shift Left in Software Development 25:20 The Role of Culture in Software Development 25:52 Exploring Different Source Code Types 26:19 The Rise of Low Code, No Code Platforms 28:53 The Potential Risks of Generative AI Source Code 34:24 Understanding Software Bill of Materials (SBOM) 41:07 The Challenge of Spotting Counterfeit Software 41:36 The Importance of Integrity Checks in Software Development 45:45 Closing Thoughts and the Importance of Cybersecurity Awareness

Navigating modern application security in a world of Cloud, DevSecOps and now AI is getting rather complex. We spoke to Idan Plotnik, who has 24 years of cybersecurity experience under his belt and is the Co-Founder of Apiiro about world of Application Security Posture Management (ASPM) and their relevance in both large and small organizations. Idan speaks about the challenges faced in managing vast quantities of repositories and tackles common misconceptions about ASPM, confirming that it's not intended to replace existing security pipelines. Guest Socials: Idan Plotnik Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (04:58) A bit about Idan Plotnik (05:56) Application Security tools explained (08:09) Why Application Security Orchestration Correlation (ASOC) didn't work? (09:14) Difference between Cloud Security and Application Security Tools (14:51) Why is there a growing need for Application Security Tools today? (19:07) Do Small to Medium size businesses need Application Security Tools? (21:46) Managing Cybersecurity Tools (26:08) API Security for Applications (30:29) Dealing with Regulatory Requirements in Cybersecurity (34:16) Evolving Goals in Application Security (35:49) Deciphering MTTR in Cybersecurity (37:54) The Fun Questions (39:37) Where you can connect with Idan?

Join Matt Watson and Jeremy Snyder, Founder and CEO of FireTail, for an inside look into API security. Matt and Jeremy discuss IT, cybersecurity, and the rising API security risks. They also talk about what it is like to sell to developers and IT people, the value of listening to customer feedback, and rethinking assumptions during the product development process.   Find Startup Hustle Everywhere: https://gigb.co/l/YEh5   This episode is sponsored by Full Scale: https://fullscale.io   Learn more about FireTail: https://www.firetail.io  See omnystudio.com/listener for privacy information.