Podcasts about capsule8

Users, threat actors, and the system design all influence—and are influenced by—one another. To design safer systems, we first need to understand the players who operate within those systems. Kelly Shortridge and Josiah Dykstra exemplify this human-centered approach in their work. In this episode we talk about:The vital role of human factors in cyber-resilience—how Josiah and Kelly apply a behavioral-economics mindset every day to design safer, more adaptable systems.Key cognitive biases that undermine incident response (like action bias and opportunity costs) and simple heuristics to counter them.The “sludge” strategy: deliberately introducing friction to attacker workflows to increase time, effort, and financial costs—as Kelly says, “disrupt their economics.”Why moving from a security culture of shame and blame to one of open learning and continuous improvement is essential for true cybersecurity resilience.Kelly Shortridge is VP, Security Products at Fastly, formerly VP of Product Management and Product Strategy at Capsule8. She is the author of Security Chaos Engineering: Sustaining Resilience in Software and Systems.Josiah Dykstra is the owner of Designer Security, human-centered security advocate, cybersecurity researcher, and former Director of Strategic Initiatives at Trail of Bits. He also worked at the NSA as Technical Director, Critical Networks and Systems. Josiah is the author of Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.During this episode, we reference:Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Sludge for Good: Slowing and Imposing Costs on Cyber Attackers,” arXiv preprint arXiv:2211.16626 (2022).Josiah Dykstra, Kelly Shortridge, Jamie Met, Douglas Hough, “Opportunity Cost of Action Bias in Cybersecurity Incident Response,” Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 66, Issue 1 (2022): 1116-1120.

## Firewall News Zu Beginn dieser Folge informieren wir über den Dynamic DNS Service "myfirewall.co" auf dem SFOS, welcher nur noch bis am 31. Januar 2022 zur Verfügung stehen wird. Zudem gibt es gute Neuigkeiten für Kunden, die von ihrer XG Firewall auf eine neue XGS Firewall wechseln und die Konfiguration übernehmen möchten. Sophos hat das EAP von SFOS 18.5.1 veröffentlicht, womit dieser Schritt nun möglich ist. ## Sophos Promos Die 100% Hardware-Rabatt Promo für Neukunden war für Sophos ein voller Erfolg. Daher wurde dieses Angebot in einem Zeitraum von über einem Jahr immer wieder verlängert. Da die XG Firewall spätestens Ende Jahr EOS geht, hat Sophos nun neue Promos vorgestellt. In dieser Podcastfolge findest du heraus, ob auch für dich ein interessantes Angebot dabei ist. ## Neue Zukäufe von Sophos im Juli Im Juli war Sophos mal wieder auf Einkaufstour und hat mit Capsule8 und Braintrace gleich zwei Firmen dazugekauft. Capsule8 ist ein Pionier und Marktführer im Bereich Schutz und Sicherheit von Linux-Systemen. Braintrace hat sich auf NDR (Network Detection and Response) Technologien spezialisiert. Was diese Zukäufe für die Produkte von Sophos bedeuten, erfahrt ihr in dieser Podcastfolge.

In today's show we are pleased to have John Viega, Founder & CEO of Capsule8, a security startup focusing on infrastructure security for VMs and containers in public and private clouds.  Prior to founding Capsule8, John held leadership roles at BAE Systems, McAfee and many other cybersecurity companies. He has co-authored 6 books on security and is an adjunct professor of Computer Science at NYU. 

Sophos, adquirió Capsule8. Impulsado por el drástico crecimiento de las plataformas en la nube, Linux se ha convertido en el sistema operativo dominante para cargas de trabajo de servidor, especialmente en aquellos que se utilizan para cargas de trabajo a gran escala, infraestructura de producción y almacenamiento de datos comerciales críticos.

A new RIG campaign is distributing WastedLocker. The US Congress considers two bills informed by the Colonial Pipeline incident, and Congressional committees are looking at the company’s response to the attack. More ransomware gangs go offline, but Conti is still trying to collect from the Irish government. Double encryption appears to be an emerging trend in ransomware. Ben Yelin looks at insurance companies clamping down on ransomware payments. Our guest is Nick Gregory of Capsule8 with thoughts on the Linux security landscape. And there’s another problem with stalkerware: third-party risk. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/95

This week, we welcome Cynthia Burke, Compliance Manager at Capsule8, to discuss Privacy, Data Security & Compliance! In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right.   In the AppSec News, Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange!   Show Notes: https://securityweekly.com/asw142 Visit https://securityweekly.com/capsule8 to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Cynthia Burke, Compliance Manager at Capsule8, to discuss Privacy, Data Security & Compliance! In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right.   In the AppSec News, Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange!   Show Notes: https://securityweekly.com/asw142 Visit https://securityweekly.com/capsule8 to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right.   This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw142

In most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors in 2021 as to and why we need to get it right.   This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw142

This week, we welcome Brandon Edwards, Co-Founder and Chief Scientist at Capsule8, to discuss Targeting, Exploiting, & Defending Linux! Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against Sudo as a timely reference. In the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more!   Show Notes: https://securityweekly.com/asw140 Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Brandon Edwards, Co-Founder and Chief Scientist at Capsule8, to discuss Targeting, Exploiting, & Defending Linux! Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against Sudo as a timely reference. In the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more!   Show Notes: https://securityweekly.com/asw140 Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference.   This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

Linux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference.   This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/1056145103342240783?source=SW.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140

Behavioral Economics has altered our perceptions of what actually motivates human beings. How do these theories about our more primitive behaviors as well as our intellectual biases apply to information security? Allan Alford & Kelly Shortridge discuss in the context of infosec programs and events in a whirlwind of conversation. Sponsored by our friends at AttackIQ Podcast: The Cyber Ranch Podcast Episode 2: Behavioral Economics and InfoSec with Kelly Shortridge On this episode of The Cyber Ranch Podcast, host Allan Alford is joined by Kelly Shortridge, VP of Product Management at Capsule8. Their conversation begins with Kelly introducing herself and her work. She works in products for a security vendor, and she's done research into applying behavioral economics to security. Kelly says she grew up with a love of computers, but was mostly about building gaming rigs side of things. Her career in information security began in the investment banking industry, which led her to fall in love with security. Next, Allan asks Kelly about her work in behavioral economics. Economics is the study of choice, behavioral economics looks at the way humans actually behave by conducting experiments and observing natural occurrences. Humans don't always behave in the rational, textbook way, but Kelly explains that often their choices are rational when you factor in competing priorities. In information security, this shows up when folks find themselves reacting to threats that have the most attention, rather than those that are proven to be the most pressing. Information security is also affected by hindsight and outcome biases. Kelly explains how our brains try to trick us into blaming a single factor in a crisis, but that is not how the real world or cyber attacks work. Now that behavioral economics has clued us in to the biases formed by what Kelly affectionately refers to as our “lizard brains,” Allan wonders if we should be optimistic about how we may think and prevent attacks in the future. Kelly isn't so sure. She explains that changing some systems to be more compatible with our lizard brain has been effective, however knowing how we think doesn't help people think differently. In InfoSec, there are opportunities to continue making the secure way the easiest way, and circumvent the lizard brain. Other industries have been designing systems and workloads based on the way people behave; Kelly says InfoSec is just behind the curve. As the episode ends, Allan asks Kelly what keeps her still in InfoSec. Kelly says it is spite. There are still inefficiencies and an industry that pats itself on the back for doing little, that makes her spiteful she says. She wants to be an industry member that adds value to organizations and highlights the user. Follow Kelly on Twitter as @swagitda_ or on LinkedIn at Kelly Shortridge Learn more about Allan and the Cyber Ranch Podcast at Hacker Valley Studio Sponsored by our good friends at AttackIQ

All links and images for this episode can be found on CISO Series (https://cisoseries.com/security-is-suffering-from-devops-fomo/) Darn it. DevOps is having this awesome successful party and we want in! We've tried inserting ourselves in the middle (DevSecOps) and we launched a pre-party (shift left), but they still don't like us. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Dayo Adetoye (@dayoadetoye), senior manager - security architecture and engineering, Mimecast. Thanks to our sponsor, Capsule8. Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure. On this week’s episode Are we making the situation better or worse? What makes a successful phish? On Sophos' blog Paul Ducklin writes about their most successful phishing emails. Ducklin noted that most of the successful phishes dealt with mundane and undramatic issues that still had a sense of importance. Looking at these examples they do seem to follow a similar pattern of something looking official that is being requested from the company and could you click here to check it out. Is that the majority of what you're testing? If so, what exactly is the value in conducting phishing tests on employees? Can the testing have a negative effect in security or even morale? There’s got to be a better way to handle this What is the right approach to threat modeling? In a blog post, Chris Romeo of Security Journey opines that formal training or tools won't work. Security needs to ask questions of developers about features and then show them how a threat evolves, thus allowing them to ultimately do it themselves. Adam Shostack of Shostack and Associates advocates for formal training. He says Romeo's informal approach to threat modeling sounds attractive, but doesn't work because you're trying to scale threat modeling across developers and if you tell one developer the information it's going to be passed down like a game of telephone where each successive person tells a distorted version of what the last person said. So what's the right approach to building threat models across a DevOps environment? What's Worse?! What's the worst place to find your company assets? Close your eyes and visualize the perfect engagement Shifting Left. DevSecOps, These are the mechanisms that have been used to infuse security into the DevOps supply chain. While noble, both concepts break the philosophy and structure of DevOps which is based on automation, speed, and delivery. But, DevOps is also about delivering quality. So rather than inserting themselves, how does security participate in a way that DevOps already loves? If you haven’t made this mistake, you’re not in security On AskNetSec on reddit, Triffid-oil asked, "What was something that you spent effort learning and later realized that it was never going to be useful?" And let me add to that, it's something either someone told you or you believed for some reason it was critical for your cybersecurity education and you later realized it wasn't valuable at all.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/enjoying-my-blissful-ignorance-of-cyber-vulnerabilities/) What keeps me up at night? Nothing! That's because I hold onto cybersecurity myths because it makes me believe I don't have a security problem. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Dustin Wilcox, CISO, Anthem. Thanks to our sponsor, Capsule8 Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure. On this week’s episode Why is everybody talking about this now Kris Rides of Tiro Security asks, "When writing a job description in cybersecurity, what's your process?" What in the job description is most important that you want potential candidates to know? And do you have any universal requirements of all candidates? Is this a cyber security disinformation campaign? Stuart Mitchell of Stott and May posted an article from FoxNews on cybersecurity myths, such as I don't have anything worth protecting, I will know when something bad happens. From this list, or possibly another myth, which one do you think is the most damaging? What's Worse?! Public or government interference? There’s got to be a better way to handle this Why are InfoSec professionals still struggling to secure their cloud environments? According to a study by Dimension Research, sponsored by Tripwire, 76 percent admit to having trouble. And only 21 percent they're assessing their overall cloud security posture in real time or near real time. What are the quarter of security professionals doing who are not struggling with securing the cloud? Close your eyes and visualize the perfect engagement Do we need more cybersecurity professionals, or do we just need our general workforce to be more cybersecurity minded? Phil Venables, Board Director - Goldman Sachs Bank, makes a good argument for the latter. Mike has mentioned that when he can make cybersecurity personal, like offering employees a password manager, they start to see the value. Assuming making security personal is the best tactic, what is the ripple effect of that? How do they approach security at your business and how do the efforts of the security team change?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/tell-me-were-secure-so-i-can-go-back-to-ignoring-security/) I don't know anything about our state of security. I don't want to know either. But I do want to know you know about security and there's nothing I have to worry about. You can do that, right? This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Dan Walsh, CISO, Rally Health. Thanks to our sponsor, Capsule8. Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure. On this week's episode Why is everybody talking about this now How do you respond to "Are we secure?" It's a loaded question that we've addressed previously. Daniel Hooper, CISO, Varo Money brought up this topic again that caused a flurry of discussion on LinkedIn. In the past Mike has mentioned that he talks about the state of his security program and where it's heading. The core of this question is anxiety about something a non-security person doesn't understand. How does a security leader break down this question into small parts, and what question should a CEO be asking if not "Are we secure?" There’s got to be a better way to handle this The engineering team at Rally Health is around 800 and our guest Dan has a security team of 30+ of which only 5 of them are application security people. Those five are definitely going to need some help if they're going to have an impact on how secure the applications are. I ask Dan Walsh what he's doing with the engineers that's turning them into application security force multipliers. What's Worse?! How damaging is a bad reputation? What do you think of this vendor marketing tactic? CISOs have ways to retalilate against aggressive sales tactics. George Finney, CISO at Southern Methodist University told a story on LinkedIn about an unsolicited sales invite that was sent to 65 people at his school. He blocked the email. He asked the community if that was too harsh. Similarly Steve Zalewski, deputy CISO of Levi's said if he sees aggressive tactics by a company, the security team has the ability to block the whole domain from their servers. Are these tactics too harsh? Have Mike and our guest taken similar tactics, and/or is there something else they do in response to extremely aggressive sales tactics? If you haven’t made this mistake, you’re not in security How prepared do you need to handle your next cyber job? A question was asked on reddit from someone who wasn't sure they should take a job because they didn't have all the skills to do the job. Most people just said, "Do it." How would Mike and our guest answer this question as an employee and a manager. What level of unpreparedness for a job is acceptable and possibly even exciting? Could too much result in imposter syndrome?

In this episode of Cyber Security Matters, Dominic and Christian talk with Kelly Shortridge. Kelly's career began in Information Security and Data Analytics in Investment Banking. Along with this, she was also interested in the Infotech space, in which she saw lapses and holes in the industry that she passionately wanted to fix. Soon after, she created a startup which was eventually acquired by a large cybersecurity company. From there, Kelly realized that she loved solving real cybersecurity problems that customers have. Kelly researches applications of behavioral economics to information security and uses this knowledge in her current role as the VP of Product Management & Strategy in Capsule8. She discusses the different problems and issues happening in the Cyber Security industry and how we can improve the quality of the security services we provide to our clients. --- Cyber Security Matters is a partnered program of Conversations That Matter. This show is produced by Oh Boy Productions, video production, podcast and vidcast specialists located in Vancouver. To find out more, go to http://www.ohboy.ca #cybersecurity #computers #cybersec

On today's episode, Guy Podjarny talks to Kelly Shortridge about security, microservices, and chaos engineering. Kelly is currently VP of product strategy at Capsule8, following product roles at SecurityScorecard, BAE Systems Applied Intelligence, as well as co-founding IperLane, a security startup which was acquired. Kelly is also known for presenting at international technology conferences, on topics ranging from behavioral economics at Infosec to chaos security engineering. In this episode, Kelly explains exactly what product strategy and management means, and goes into the relationships and tensions between dev, ops, and security and how that has changed. We also discuss container security and how it is different from any other end point security systems, as well as the difference between container security and microservices. Kelly believes that we are overlooking a lot of the benefits of microservices, as well as the applications for chaos engineering in security. Tune in to find out what changes Kelly sees happening in the industry, and see what advice she has for teams looking to level up their security!

Sarah Bowen and Merle van den Akker interview Kelly Shortridge on how behavioural science is applied to information security.Kelly Shortridge is VP of Product Strategy at Capsule8. Before that, Kelly was the Product Manager for cross-platform detection capabilities at BAE Systems Applied  Intelligence as well as co-founder and COO of IperLane.  In her spare time, she researches applications of behavioural economics to information security, on which she’s spoken at conferences internationally. Finding Kelly Shortridge: Business: https://www.linkedin.com/in/kellyshortridge/ Personal: https://swagitda.com/ Capsule8: https://capsule8.com/ Secret link: https://www.techradar.com/uk/best/password-manager Research mentioned: Verizon data breach investigations report: https://enterprise.verizon.com/resources/executivebriefs/2019-dbir-executive-brief.pdf Questioning Behaviour Socials: Facebook: @QBpodcast (https://www.facebook.com/QBPodcast) Insta: @questioningbehaviour (https://www.instagram.com/questioningbehaviour/) Twitter: @QB_podcast (https://twitter.com/QB_Podcast) LinkedIn: @Questioning Behaviour (https://www.linkedin.com/groups/8928118/) Music: Derek Clegg “You’re the Dummy” https://derekclegg.bandcamp.com/

Ransomware has become an ugly fact of life for enterprises, and incorporating it into threat models and disaster recovery plans is a must. Kelly Shortridge of Capsule8 joins Dennis Fisher to discuss her untested hypothesis that achieving an economic equilibrium with professional ransomware attackers could be beneficial for both sides. Read Kelly's piece on this hypothesis here.

Kelly Shortridge, VP of Product Strategy at Capsule8, and Cyber Work podcast host Chris Sienko discuss how for introduce security teams early into the product development process, as well as cognitive biases in security decision-making at all levels of employment from analysts to CISOs. View the transcript, additional episodes and promotional offers: https://www.infosecinstitute.com/podcast. Join us in the fight against cybercrime: https://www.infosecinstitute.com.

The Media and Entertainment industry has undeniably been heavily disrupted by changes in technology. Listen as Ayan Battacharya, Advanced Analytics Specialist Leader at Deloitte Consulting and Harini Krishnan, Data Scientist at Capsule8, share observations they've garnered from their own experience on the state of data science in Media & Entertainment, live from DSS NYC 2019.

Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8! Full Show Notes: https://wiki.securityweekly.com/ES_Episode149 Visit https://www.securityweekly.com/esw for all the latest episodes!

Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8! Full Show Notes: https://wiki.securityweekly.com/ES_Episode149 Visit https://www.securityweekly.com/esw for all the latest episodes!

Containers are a hot topic because of the simplicity they bring to the process of software development, shipping, and deployment. It is important to understand the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future. Full Show Notes: https://wiki.securityweekly.com/ES_Episode148 Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, Paul and Matt Alderman interview Mehul Revankar, Senior Product manager at SaltStack, to discuss the Sec and Ops Challenge! In the Enterprise Security News, Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8! In our final segment, we air three pre-recorded interviews with NETSCOUT, Remediant, and BitDefender from BlackHat USA 2019!   To learn more about NetScout, visit: https://securityweekly.com/netscout Full Show Notes: https://wiki.securityweekly.com/ES_Episode149   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Containers are a hot topic because of the simplicity they bring to the process of software development, shipping, and deployment. It is important to understand the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future. Full Show Notes: https://wiki.securityweekly.com/ES_Episode148 Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, Paul and Matt Alderman interview Mehul Revankar, Senior Product manager at SaltStack, to discuss the Sec and Ops Challenge! In the Enterprise Security News, Signal Sciences Rolls New Application Security Product, A10 Networks brings zero-day automated protection to DDoS defense, and we have some acquisition and funding updates from Symantec, McAfee, Cybereason, and Capsule8! In our final segment, we air three pre-recorded interviews with NETSCOUT, Remediant, and BitDefender from BlackHat USA 2019!   To learn more about NetScout, visit: https://securityweekly.com/netscout Full Show Notes: https://wiki.securityweekly.com/ES_Episode149   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we are LIVE from BlackHat 2019, as we welcome John Smith, Principal Sales Engineer of Security at ExtraHop, to discuss Network Detection & Response! In our second segment, we welcome Joe Gillespie, Enterprise Account Executive at Netsparker, to talk about Managing Vulnerabilities in the Enterprise! In the final segment, we welcome Brandon Edwards, Chief Scientist at Capsule8, to discuss the importance of understanding the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future!   To learn more about Netsparker, visit: https://netsparker.com/securityweekly To learn more about ExtraHop, visit: https://extrahop.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/ES_Episode148   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we are LIVE from BlackHat 2019, as we welcome John Smith, Principal Sales Engineer of Security at ExtraHop, to discuss Network Detection & Response! In our second segment, we welcome Joe Gillespie, Enterprise Account Executive at Netsparker, to talk about Managing Vulnerabilities in the Enterprise! In the final segment, we welcome Brandon Edwards, Chief Scientist at Capsule8, to discuss the importance of understanding the security properties of containers, how they have been escaped in the past, and how they are likely to be escaped in the future!   To learn more about Netsparker, visit: https://netsparker.com/securityweekly To learn more about ExtraHop, visit: https://extrahop.com/securityweekly Full Show Notes: https://wiki.securityweekly.com/ES_Episode148   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

My guest this week is Kelly Shortridge, VP of Product Strategy at Capsule8, and we’re talking about infosec. We get into some interesting discussion: threat modeling, foundational security defense, why you’re totally screwed if a nation-state is after you (tip: they’re probably not), and why chaos engineering and ephemeral infrastructure is actually great for security. Also, we totally crap on security vendor FUD for a bit and how to choose security tools that actually work.

Capsule8 is focused on protecting Linux infrastructure whether in the cloud, in containers or even bare metal. The team is make up of industry veterans who understand the problems security pros face, as well as the frustrations of developers, devops and sys admins deal with every day. Their approach is more of a shift right DevSecOps, focusing on detecting attacks, threats and vulnerabilities on production infrastructure. I spoke with co-founder & chief architect, Pete Markowsky in this DevOps chat. Have a listen and hopefully learn

In the Enterprise news, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://securityweekly.com/esw for all the latest episodes!

In the Enterprise news, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://securityweekly.com/esw for all the latest episodes!

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN! In the Enterprise News, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! In the final segment, Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul Asadoorian is joined by Matt Alderman, as we interview Francis Dinha, the CEO of OpenVPN! In the Enterprise News, ShieldX adds lateral movement prevention to the Elastic Security Platform for AWS, Tenable Integrates with Google Cloud Security Command Center, Capsule8 to help Google Cloud SCC members consolidate findings and speed up response, and Evident and Okta partnership simplifies identity verification and reduces risk for businesses! In the final segment, Security Legend Dave Kennedy sits down with our Founder and CTO Paul Asadoorian at InfoSec World 2019 to discuss his company Binary Defense and how they're helping the Security community!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode134 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Last year, investors poured $5 billion in cybersecurity startups. The whole industry will be worth $170 billion in three years, according to a recent estimate. There's so many infosec companies it's hard to keep track of them. And yet, are we all really secure? Is the infosec industry really keeping us safe? Is it even focusing on the right problems?Next week, tens of thousands of people will meet in San Francisco for the year's biggest information security gathering focused on business: the RSA Conference.Kelly Shortridge is the vice president of product strategy at Capsule8, a New York City-based security startup. Kelly has a background in economics, investment banking, and has studied the infosec market. She's here today to help us understand why the infosec industry is so big, and what's wrong with it. See acast.com/privacy for privacy and opt-out information.

Last year, investors poured $5 billion in cybersecurity startups. The whole industry will be worth $170 billion in three years, according to a recent estimate. There’s so many infosec companies it's hard to keep track of them. And yet, are we all really secure? Is the infosec industry really keeping us safe? Is it even focusing on the right problems?Next week, tens of thousands of people will meet in San Francisco for the year’s biggest information security gathering focused on business: the RSA Conference.Kelly Shortridge is the vice president of product strategy at Capsule8, a New York City-based security startup. Kelly has a background in economics, investment banking, and has studied the infosec market. She’s here today to help us understand why the infosec industry is so big, and what’s wrong with it. See acast.com/privacy for privacy and opt-out information.

This week we cover security updates including Firefox, Thunderbird, OpenSSL and another Ghostscript regression, plus we look at a recent report from Capsule8 comparing Linux hardening features across various distributions and we answer some listener questions.

Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit http://securityweekly.com/esw for all the latest episodes!

Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform! Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit http://securityweekly.com/esw for all the latest episodes!

This week, Paul is joined by Matt Alderman to discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! In the Enterprise Security News, Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul is joined by Matt Alderman to discuss some Funding and M&A, such as Elevate Security announces an $8 million series A to alter employee security behavior, Armorblox raises 16.5 million in series A, Bandura Cyber raises 10 million in venture funding, and much more! In the Enterprise Security News, Capsule8 expands threat detection platform for PCI DSS, BitSight unveils peer analytics for more effective security performance management, Imperva advances autonomous application protection capabilities, and Synopsys launches Polaris Software integrity platform!   Full Show Notes: https://wiki.securityweekly.com/ES_Episode128 Visit https://www.securityweekly.com/esw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  

Dino Dai Zovi, co-founder and CTO of Capsule8, joins the podcast to talk about the fallout from the Meltdown and Spectre vulnerabilities, the transition from security research to managing a VC-funded start-up and reminisce about his time as a famous Pwn2Own MacBook hacker.