POPULARITY
Join SD Times news editor Jenna Barron for a panel discussion on DeepSeek and what developers need to know about this model that has been in the spotlight for the past few weeks. The conversation covers why DeepSeek has gained so much attention, what makes it different from other models, proper data security and hygiene practices for using DeepSeek, and predictions for the future of AI innovation. The speakers include:Melissa Ruzzi, director of AI at AppOmniBratin Saha, chief product and technology officer at DigitalOceanKate O'Neill, author, speaker, and executive consultant on technology's impact on the human experienceRelated resources from our speakers:Kate's new book, What Matters Next: A Guide to Making Human-Friendly Tech Decisions - https://www.koinsights.com/books/what-matters-next-book/AppOmni's webinar on AI security and balancing the risks and benefits of AI - https://appomni.com/webinars/ai-security-balancing-business-and-saas-risks/ AskOmni, a chatbot for SaaS security - https://appomni.com/askomni/ How to Run DeepSeek R1 Large Language Models on DigitalOcean GPU Droplets - https://www.digitalocean.com/community/tutorials/deepseek-r1-gpu-droplets DigitalOcean Deploy 2025 Keynote - https://www.youtube.com/watch?v=phxuIai5cD8 The video for this conversation was also posted to our YouTube channel: https://www.youtube.com/watch?v=Zdtkj2YN4Nw
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing. We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared. Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. In the enterprise security news, Eon, Resolve AI, Harmonic and more raise funding Dragos acquires Network Perception Prevalent acquires Miratech The latest DFIR reports A spicy security product review Secure by Whatever New threats Hot takes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-379
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. Show Notes: https://securityweekly.com/esw-379
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration. There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)? These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work! Segment Resources: Aaron's blog about the ServiceNow data exposure. The ServiceNow blog, thanking AppOmni for its support in uncovering the issue. Show Notes: https://securityweekly.com/esw-379
As a security researcher who specializes in application security and AI, Joseph Thacker shares his knowledge on the growing influence of AI in various aspects of our culture. He's the principal AI Engineer at AppOmni and has helped multiple Fortune 500 companies find vulnerablities that could have cost them millions. He is incredibly knowledgable and offers great insight into this growing industry._______________________________Find Joseph Thacker onLinkedIn:https://www.linkedin.com/in/josephthacker?original_referer=https%3A%2F%2Fwww.google.com%2FX:@rez0__Instagram:@thackandforthWebsite:https://josephthacker.com/_______________________________Show hosted by Landry Fieldshttps://www.x.com/landryfieldz'https://www.linkedin.com/in/landryfields/https://www.instagram.com/landryfields_https://www.youtube.com/@landryfields_www.novainsurancegroup.com859-687-2004
On this week's episode of the Detection at Scale podcast, Jack talks with Drew Gatchell, Director, Detection Engineering at AppOmni. They discuss how to overcome the challenges to detection on SaaS platforms and how they're building strategies upon alerting and detection frameworks. They also talk about how generative AI can help with normalizing inputs, the benefits of data lakes for D&R, and why it's key to have a measurable plan for detection. Topics discussed: How AppOmni is tackling the challenges of detection in SaaS platforms and auto-logs, especially when it comes to varied latency. What frameworks Drew is working with and how he's building upon them for better detection. How signal creation starts with a hypothesis that can be turned into a plan, and why it's important to include signal redundancy. What techniques AppOmni takes to address security in real time. How they're using AI to normalize their inputs and create additional content on top of the detection rules. The benefits of data lakes and how they're a tremendous asset to D&R. Advice for security leaders on having a measurable plan for detection, why detection should be layered, and the need to continuously validate your capabilities.
SaaS Applications support large companies, small startups. We inevitably accumulate SAAS applications to manage our employees, payroll, communication with things like Workday, Slack, Salesforce and now even things like ChatGPT. But how do you find out what you have and if they are secure. We spoke about all things SSPM with Max Feldman who has done Product Security for years at companies like Slack, Salesforce and now AppOmni. Thank you to our episode sponsor AppOmni You can get a copy of their SaaS Security Posture Management Report 2023 here Guest Socials: Max's Linkedin (@maxfeldman14) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (04:20) A bit about Max (04:48) What is a SaaS application? (05:45) What is SSPM? (09:33) When to consider a SSPM? (15:45) SaaS and the Cloud (16:39) SaaS Attack Surface (19:34) CASB vs SSPM (24:00) Is ChatGPT a SaaS application? (25:07) SSPM vs CSPM + CNAPP (27:33) SSO and Onboarding (29:21) Starting a SaaS Security Program (36:48) Challenges with SaaS Security Program (41:50) Where you can find Max!
Chinese hackers stole emails from US State Dept in Microsoft breach Johnson Controls faces $51 million ransomware demand Google fixes year's fifth Chrome zero-day Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company's most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Andrew Storms, VP of security, Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni. All links and the video of this episode can be found on CISO Series.com
GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
Multiple threat actors lay claim to Sony hack Philippines health org struggling to recover from ransomware attack Canadian Flair Airlines leaked user data for months Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company's most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
Mixin Network loses $200 million Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
Car audio manufacturer Clarion hacked – ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company's most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Chinese threat actors breached Japan's cybersecurity agency Human trafficking into cyber scams China set to approve first generative AI services Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
UK network outage grounds flights The malware loader Big 3 Another spyware firm breached Huge thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
How does a sales leader drive consistent growth and navigate through the challenges of the ever-changing tech industry, including mergers and acquisitions? Join us as Brendan Conley , Chief Revenue Officer of AppOmni, shares his invaluable insights gained from a glittering 25+ year career into sales strategies, adapting to market dynamics, and successfully navigating the complexities of mergers and acquisitions in the tech world. Get ready to learn from the best and take your sales career to new heights. KEY TAKEAWAYS FROM THIS WEEK'S EPISODE Understand the unique traits of successful startup individuals and their ability to thrive in challenging environments without extensive support. Identify your ideal customer profiles and allocate resources strategically to maximize impact. Manage sales pipelines effectively, acknowledging the unpredictable nature of closing deals, and remain patient and persistent. Embrace visionary leadership and strategic acquisitions to build a strong platform in the market. Prioritize culture fit, likability, and back channel references when hiring, while demonstrating passion for the industry and a service mindset. THIS WEEK'S GUEST - BRANDON CONLEY Introducing Brandon Conley, a dynamic sales leader with an incredible career spanning over 25 years, driving growth in early stage and multinational technology businesses. Notably, he spent seven years with Aventail, which was later acquired by SonicWall, followed by five years there, until he moved on to Zenprise, acquired by Citrix, where he led the Mobility sales teams across the Americas. Brendan then made significant contributions to Netskope and Redlock, both subsequently acquired by Palo Alto Networks, where he successfully ran their global Cloud Security sales team, phenomenally scaling annual sales from $2M to $100M. As the Chief Revenue Officer of AppOmni since 2020, Brandon continues to lead with vision and passion, steering the company at the forefront of SaaS Security Management software providers. With an unwavering commitment to driving innovation and a proven history of empowering businesses,he remains an influential figure in the cybersecurity industry, inspiring growth and success at every turn. Connect with Brandon on LinkedIn, and learn more about AppOmni here. YOUR HOST Simon Lader is the host of The Conference Room, Co-Founder of global executive search firm Salisi Human Capital, and podcast growth consultancy Viva Podcasts. Since 1997, Simon has helped cybersecurity vendors to build highly effective teams, and since 2022 he has helped people make money from podcasting. Get to know more about Simon at: Website: https://simonlader.com/ Make Money from Podcasting: https://www.vivapodcasts.com/podcastpowerups Twitter: https://twitter.com/simonlader LinkedIn: https://www.linkedin.com/in/headhuntersimonlader The Conference Room is available on Spotify Apple Podcasts Amazon Music iHeartRadio And everywhere else you listen to podcasts!
Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Link to Blog Post This week's Cyber Security Headlines – Week in Review, July 24-28, is hosted by Rich Stroffolino with guest, TC Niedzialkowski, CISO, Nextdoor Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Is the problem the architecture of the applications themselves or the fact that a non-security group is bringing these applications online? Is it both? Is this problem solvable? What technical controls can you put in place to mitigate risk from apps you deem risky?
Russian court convicts cyber security executive of treason SEC to require incident disclosure Government cyber attacks rely on valid credentials Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
Vulnerability found in TETRA encryption Ryzen CPUs vulnerable to Zenbleed exploit Norwegian government breached with Ivanti zero-day Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com.
Clop moves leaked data to clearweb sites EU governments push back on centralized cyber reporting Cost of data breaches up 15% Thanks to today's episode sponsor, AppOmni SaaS cyberattacks are prevalent and often go unnoticed until data loss or breaches occur. Sign-ins from an unusual IP address. Stolen session tokens. These security risks can lurk in the shadows and put your entire SaaS estate at risk. Don't wait for a breach to secure your SaaS data. AppOmni helps security teams to detect suspicious activity, decide what activities to be alerted on, and receive guided remediation. Learn how at AppOmni.com.
Microsoft key stolen by Chinese hackers provided access far beyond Outlook JumpCloud breach traced back to North Korean state hackers DHL investigating MOVEit breach as number of victims surpasses 20 million Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
SEC notice to SolarWinds CISO and CFO roils cybersecurity industry Newly uncovered ThirdEye Windows-based malware steals sensitive data Cyber Command to expand ‘canary in the coal mine' unit working with private sector Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: What's your experience talking about security policy and procedures with business and application owners? How do security professionals engage with business and application owners? How do they have a conversation about security policy and procedures? Is there anything you learned that you didn't realize before?
AppOmni is a leader in securing SaaS applications. In this episode, Thoma Bravo Partner Tre Sayle talks with AppOmni Co-founder and CEO Brendan O'Connor about how AppOmni has tripled in size in the year since their partnership with the Thoma Bravo Growth team began.
Federal network devices fail CISA requirements US considering more AI chip export bans The scope of MOVEit vulnerability Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni. Secure your organization's most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.
Monopoly darknet operator charged Activision Blizzard games hit with DDoS 5G deadline could impact flights Thanks to today's episode sponsor, AppOmni Are you continuously monitoring the common misconfigurations occurring in your SaaS ecosystem? From inactive connected SaaS apps retaining access to sensitive data, to threat actors manipulating conditional access rules, these misconfigurations can pose a significant threat to your SaaS security. Take action with AppOmni. Secure your organization's most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
CISA adds 6 flaws to known exploited vulnerabilities catalog US military personnel report receiving smartwatches in the mail Microsoft 365 users new Outlook and Teams problems Thanks to today's episode sponsor, AppOmni Over provisioned users could expose your organization's most sensitive data. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's identity and threat detection capabilities, you can detect and respond to suspicious activities within your SaaS environment. Gain visibility into over provisioned users, the SaaS data they have access to, and receive guided remediation. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com
Weak passwords targeted on Google Cloud Potential IT snitches warned about employment stitches Discord cooperating with leaked document investigation And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment.
All links and images for this episode can be found on CISO Series. Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Kenneth Foster (@Kennethrfoster1), vp of IT governance, risk and compliance at FLEETCOR. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: Why do security tools fail? Who's at fault, the tool or the administrators who configured the tool? Is it usually because the control is ineffective or was the control misconfigured / ignored? Do InfoSec produts have an efficacy issue or an implementation issue?
Windows zero-day exploited in Nokoyawa ransomware attacks LinkedIn and Microsoft Entra introduce a new way to verify professional contacts Russian places Ukraine internet infrastructure clearly in its sights, both high tech and low And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com.
Microsoft warns of Azure shared key authorization abuse Attackers hide stealer behind AI chatbot Facebook ads OpenAI to launch bug bounty program And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, visit CISOseries.com.
Netherlands to adopt RPKI Widespread backdoor installed on WordPress sites Tracing leaked Pentagon documents And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment.
Apple releases updates to address zero-day flaws Flipper Zero banned by Amazon for being a ‘card skimming device' China to probe Micron over cybersecurity, in chip war's latest battle And now a word from our sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms, like Salseforce, Microsoft 365, or Google Workspace? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com today to request a free risk assessment. For the stories behind the headlines, head to CISOseries.com.
Budgeting for security services in 2023 might not be at the top of your list – but it should be.
Slack's private GitHub code repositories stolen over holidays CircleCI warns of security breach — rotate your secrets! NATO tests AI's ability to protect critical infrastructure against cyberattacks Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Link to Blog Post This week's Cyber Security Headlines – Week in Review, January 2-6, is hosted by Sean Kelly with our guest, Bryan Willett, CISO, Lexmark Thanks to our show sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. All links and the video of this episode can be found on CISO Series.com
‘Mudge' joins cybersecurity firm Rapid7 Meta fined $400 million by European regulator Coinbase strikes a $100 million deal with regulators Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com
FTX founder has pleaded not guilty to fraud charges LA housing authority operations disrupted by cyberattack Ukrainian authorities bust major vishing call center Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, visit CISOseries.com
Google to pay $29.5 million to settle lawsuits over user location tracking Ransomware gang cloned victim's website to leak stolen data LockBit gang apologizes, gives SickKids Hospital free decryptor Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
NETGEAR fixes a severe bug in its routers. Patch it ASAP! PyTorch discloses malicious dependency chain compromise over holidays LockBit ransomware claims attack on Port of Lisbon in Portugal Thanks to today's episode sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Alleged LockBit operator to be extradited from Canada to U.S. Musk's ends remote work and promised to fight spam. CISO Kissner quits. Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Crypto Winter comes for FTX Vulnerability found in oil and gas utilities Vulnerability found in oil and gas utilities And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
$2 billion Powerball drawing delayed by security issues Hackers leak Australian health records on dark web Hushpuppi gets 11 years in prison for cyber fraud And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
China stockpiling vulnerabilities US seizes Silk Road bitcoins DOJ takes down Z-Library And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
US Treasury thwarts DDoS attack from Russian Killnet group British government scanning all Internet devices hosted in UK Denmark trains halted by cyberattack And now a word from our sponsor, AppOmni Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.
Scale is a Silicon Valley-based venture capital investment firm with $1.3B under management. They were early investors in SaaS pioneers like Bill.com (NYSE:BILL), DocuSign (NASDAQ:DOCU), HubSpot (NYSE:HUBS), JFrog (NASDAQ: FROG) and Root (NASDAQ: ROOT). Today they are focused on the next generation of enterprise software companies building Cognitive Applications like: Comet.ml, Observe.ai, Techsee and Viz.ai. Eric Anderson is a Partner at Scale Venture Partners, where he focuses on cloud infrastructure and security investments. He is a Board member at Scale portfolio companies Datastax and Upsolver and a Board observer at Matillion, BigID, Expel, Honeycomb, Tetrate, and AppOmni. Before Scale, Eric led early Google Cloud and Amazon Web Services product teams. At Google, he was a Product Manager in the Data Analytics and Machine Learning group. He led the team that launched Cloud Dataprep and critical components of Cloud Dataflow. Previously, Eric built aircraft engines in General Electric's Operation Management Leadership Program. Eric is a go-to resource on open source (he also moonlights as the host of the Contributor podcast) and has deep expertise in cloud infrastructure, cybersecurity, and app development and contributed to the deal teams for Matillion and BigID and more recent deals like AppOmni, Comet, and Upsolver. I learn more about the early-stage VC investor that is focused on intelligent business software, and we discuss the trends he is seeing in the industry.
In this episode I talked with Dave Golding about Security Posture Management as a Service. What the heck is it? Are misconfigurations just FUD from vendor marketing teams? Dave is a Sales Executive for AppOmni.Talking Points:What the heck is Security Posture Management anyways?What is your CASB not doing (not in a bad way)?What is the biggest problem with default configuration that you are seeing with customers?What is one of the biggest surprises that you are seeing in the industry?What about best practice policies?Episode Sponsor:This episode is sponsored by AppOmni. AppOmni is a SaaS Security Management Software. They are based out of San Francisco California. As always, part of the sponsorship fees goes towards charities in West Michigan!
Google Cloud has strengthened its relations with SAP by becoming a strategic cloud partner for SAP's RISE with SAP program. The two businesses will work under the terms of the new agreement to help clients with cloud migrations and business process transformations.AppOmni, a SaaS security management provider, has extended the breadth of the SaaS platforms it covers with enhanced security, revealed a new product functionality in AppOmni Insights and increased its customer base, a press release from the company said.Datadog has announced that it will be available on the Google Cloud Marketplace to allow customers to purchase its product, monitor their applications and infrastructure health across their Google Cloud environment. Those purchasing Datadog from the Google Cloud Marketplace would benefit from consolidated billing and streamlined procurement.Tenderly, a cryptocurrency startup, has raised $15.3M in a Series A investment led by Accel Ventures. The money will go toward expanding the company's worldwide reach and hiring engineers and businesspeople in new locations. Tenderly is a small company with 14 employees based in Serbia.
Soldo raised $180M in an oversubscribed Series C round led by Temasek. Soldo is a platform that allows employers to give their workers prepaid business cards that are linked to an automatic expense management system.Vector Solutions has purchased the higher education sector of EVERFI for $100 million. Vector currently has 2,200 higher education clients, representing over half of all degree-granting schools and universities in the United States. Some of the world's most well-known companies are among EVERFI's clients.Zenput, a company focused on operational execution, has raised $27M in a Series C round led by Golub Capital. Zenput has been utilized by Chipotle, Domino's, P.F. Chang's, Five Guys, Smart & Final, and 7-Eleven, among others. Zafin and Codat team up to help financial institutions with detailed cash flow data to assist them in offering more suitable products and pricing. The partnership would help them provide better personalized services to their clients and SMBs.Pillar VC has announced the close of $192M for two of its funds – $169M for Pillar III, its third fund and $23M for Pillar Select. The venture capital firm would typically make pre-seed investments ranging between $50–500K and seed round investments worth $2M to $6M.AppOmni, a provider of SaaS security management, has announced that it would provide its services to the ServiceNow platform to help its customers get better visibility into Sas security posture, help its IT and security teams to remediate risks and configure security better.Wipro has announced the launch of its FullStride Cloud Services and commitment to invest $1B in cloud technologies, partnerships and acquisitions to create a comprehensive cloud transformation capability for its mutual clients, partners and customers.
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-configuration-fails/ Why do we hear so many stories about incidents related to poor or misconfigured cloud services? Check out this post and this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest, Brendan O'Connor, CEO, AppOmni. Thanks to our podcast sponsor, AppOmni AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they're fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data. In this episode: Why configuration drift and 3rd party access are still significant issues Are cloud providers to blame? The dynamic nature of cloud over time – we can't keep up! Who is ultimately responsible?
All links and images for this episode can be found on CISO Series. https://cisoseries.com/fear-of-automation/ Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our guest Edward Frye (@edwardfrye), CISO, Aryaka Networks and president of Silicon Valley chapter of ISSA. AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data. In this episode: Is it a fear of heavy lifting or not knowing what to lift? Is it a fear of change or a fear of cost? Is it a fear of automating human judgment?
Era Software raises $15.25M for enterprise data management. EraDB officially rebranded as Era Software as part of the Series A announcement. The new round of funding was led by Playground Global and brings total funding to Era Software up to $22 million. AppOmni raises $40 million in a Series B. The round was led by Scale Venture Partners, with Salesforce Ventures and ServiceNow Ventures, as well as previous backers ClearSky, Costanoa Ventures, Inner Loop Capital and Silicon Valley Data Capital.The company today integrates with more than 100 connectors, platforms used by developers and IT teams at companies to manage the apps that their businesses use, such as tools like Splunk and Sumo Logic. Through this, AppOmni is able to aggregate and normalize event data around those apps, in addition to deeper monitoring in cases where it can integrate with apps themselves.Per Diem raises $2.3M to help local businesses build subscription programs. The round of seed funding was led by Two Sigma Ventures. The startup is currently focused on New York, but it's already working with businesses in Phoenix and Washington, D.C.
While most companies have significantly increased their investments in SaaS, they have not updated their security controls and processes to ward off threats posed by this medium. Leaving SaaS security to Cloud Access Security Brokers (CASB) is not sufficient. The security controls need to be placed around the data, APIs, and applications that are running inside a cloud environment, not outside its perimeter. This is the kind of security that AppOmni provides and today we have its CEO, Brendan O'Connor on the show to dive deeper into the subject of SaaS security. We begin with Brendan’s journey into IT and security and hear a bit more about what makes him tick. From there, we dive into the subject of security in the cloud as it pertains to SaaS specifically. Brendan does a great job of explaining why SaaS platforms are subject to so many misconfigurations and why these are not being recognized by security teams. He gets into how the cloud infrastructure is set up and uses a few brilliant analogies to describe how an attacker might get into a SaaS platform without security ever realizing. He talks about some basic security measures companies need to take and shares more about how solutions like AppOmni can automate security. For insight into the vulnerabilities of SaaS and how to guard against them, tune in today!Key Areas From This Episode:Curiosity and a love for solving problems is Brendan’s method for keeping his edge.Brendan’s recommendations for security guardrails that always need to be in place.Hear Brendan’s argument about the need for automated SaaS security.Brendan’s recommendations for setting up and measuring SaaS security.Advice from Brendan about how security teams need to adapt in light of Solar Winds.Tweetables:“Companies have significantly expanded their SaaS investment and footprint and the SaaS applications themselves have really grown in complexity. Most companies haven't updated their security controls to support SaaS, or invested in new technology to manage this problem. That's where AppOmni comes in.” — @AppOmniSecurity [0:01:54]“I love solving puzzles. Enterprise security at scale is a hard problem. It's a puzzle. There is not a one-size-fits-all solution.” — @AppOmniSecurity [0:05:29]“SaaS applications are becoming closer to operating systems in the cloud than a single simple web app. You can't watch what every individual is doing. You have got to put guardrails in place.” — @AppOmniSecurity [0:20:30]“SaaS is a fundamentally different architecture than hosting things on-premise. You need to rethink, what is the value that you get from your security tools? How can you get that value today in an automated fashion in these new systems that support that new architecture?” — @AppOmniSecurity [0:24:44]Links Mentioned in Today’s Episode:Matt Chiodi on LinkedInMatt Chiodi on TwitterBrendan O’Connor on LinkedInAppOmniPrisma CloudComprehensive, full-stack cloud security Prisma Cloud is the industry’s only comprehensive Cloud Native Security Platform for IaaS/PaaS.