POPULARITY
Richard Gearhart and Elizabeth Gearhart, co-hosts of Passage to Profit Show interview Jessica Dante from Dante Media and the "Love and London" brand, "The Mind Whisperer" Dawna Campbell from The Healing Heart, Inc. and Ian L. Paterson from Plurilock™. In this episode, we chat with Jessica Dante, founder of Dante Media and the savvy travel guru behind the viral “Love and London” brand. From uncovering classic tourist scams to dishing out honest advice on what to skip (sorry, Madame Tussauds!), Jessica shares how she built a million-strong following by helping travelers have smarter, more authentic adventures in London and Paris. Read more at: Love and London website: https://loveandlondon.com/, Youtube: https://www.youtube.com/user/loveandlondon, Instagram: https://www.instagram.com/loveandlondon/?hl=en, Love and London's free 101 Guide: https://loveandlondon.com/london-101-guide-main/ Dawna Campbell is the CEO and Founder of The Healing Heart, Inc., an international business that provides life-changing services to clients all over the world. Dawna is widely recognized as The Mind Whisperer for her unparalleled ability to reprogram the subconscious brain for instant money creation, enabling her clients to manifest a life of happiness, prosperity, and love. Read more at: Read more at: https://www.dawnacampbell.com/ Ian L. Paterson is the CEO of Plurilock™ and is a data entrepreneur with more than 15 years of experience in leading and commercializing technology companies focused on data analytics and cybersecurity. Plurilock™ is a global cyber solutions provider and maker of Plurilock AI, leading platform for SSO, CASB, DLP, AI identity + AI safety. Read more at: https://plurilock.com/ Whether you're a seasoned entrepreneur, a startup, an inventor, an innovator, a small business or just starting your entrepreneurial journey, tune into Passage to Profit Show for compelling discussions, real-life examples, and expert advice on entrepreneurship, intellectual property, trademarks and more. Visit https://passagetoprofitshow.com/ for the latest updates and episodes. Chapters (00:00:00) - Start Your Business Now(00:00:25) - Passage to Profit(00:01:38) - How to Spot Unsightly Opportunities as an Entrepreneur(00:03:28) - How to Spot Unseen Opportunities?(00:05:06) - Spotting Unsightly Opportunities(00:06:13) - The Importance of Identifying Unsightly Opportunities(00:07:25) - Meet Jessica Dante(00:10:05) - Love and London(00:11:51) - Tutorial on How to Make a Living on YouTube(00:15:36) - Have All the Attention Made You a Better Manager?(00:17:28) - Oprah on Her Own Career(00:18:13) - The challenges of running a small business(00:19:20) - Jessica Alba on Meet and Focuses(00:20:12) - How to Make a Money on YouTube With Shorts(00:24:01) - Small Business Health Insurance(00:25:01) - Travel Guides for London(00:27:10) - Intellectual Property News: AI and Copyright(00:30:31) - Do Authors Own AI Content?(00:36:57) - Home Warranty: How to Prosper Yourself(00:38:57) - Richard and Elizabeth Gearhart(00:39:22) - What's Going On With Your Projects?(00:41:07) - Carb and colorectal cancer risk(00:41:55) - How to Read Your Mind's Quantum Field(00:45:53) - How to Stop Resisting in Your Life(00:48:58) - Does Money Play a Role in Healing?(00:50:34) - What Made Me Who I Am(00:53:20) - Where Do You See Your Practice Taking You?(00:54:50) - Cybersecurity in the Elevator(00:55:56) - How to Outrun Cyber Threats(01:01:30) - Top 5 tips for cyber security(01:06:40) - Is there anything really exciting coming down the pike in cybersecurity?(01:09:34) - Tax Doctor(01:10:55) - What is Your Secret to Success?(01:13:37) - Ian L. Patterson on Networking(01:15:11) - Passive to Profit
On today's Packet Protector episode we talk with sponsor Bowtie about its secure network access offering. If you think secure network access is just another way to say ‘VPN,' you'll want to think again. Bowtie's approach aims to provide fast, resilient connectivity while also incorporating zero trust network access, a secure Web gateway, CASB, and... Read more »
On today's Packet Protector episode we talk with sponsor Bowtie about its secure network access offering. If you think secure network access is just another way to say ‘VPN,' you'll want to think again. Bowtie's approach aims to provide fast, resilient connectivity while also incorporating zero trust network access, a secure Web gateway, CASB, and... Read more »
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Matt Muller, field CISO, Tines. In this episode: Seeking the early AI adopters Taking the SOC back to basics Changing our automation expectations Communicate risk Thanks to our podcast sponsor, Tines! Build, run, and monitor your most important workflows with Tines. Tines' smart, secure workflow platform empowers your whole team regardless of their coding abilities, environment complexities, or tech stack. From low code, no code to natural language, anyone can get up and running in minutes – not days or weeks. Learn more at Tines.com.
Send us a textWhat if Artificial General Intelligence (AGI) could be the job creator of the century? Buckle up for a hilarious yet thought-provoking exploration of this bold idea as we dissect the potential economic impact of AGI development alongside Chris, who aspires to up his Blue Sky game inspired by his brother Tim. We dive into compelling articles like the one from CRN, spotlighting Palo Alto Networks' maneuver to streamline their product offerings into a singular platform akin to the Apple ecosystem. This opens up the age-old debate about vendor lock-in, and we can't help but chuckle at the similarities with Cisco's approach. We'll also navigate through the labyrinth of product names, specifically Palo Alto's Prisma, and the challenges of achieving true platform integration.Cloud security is a jungle of acronyms and complexity, but fear not—we've got our machetes ready! Join us as we untangle the web of CSPM, CNAP, CIEM, and CASB, piecing together the puzzle of multi-cloud environments highlighted by a Fortinet report. While we question some of the report's methodologies, it undeniably underscores a trend towards centralized security dashboards. With businesses of all sizes grappling with diverse cloud security challenges, we set the stage for an upcoming segment about our own company's stance in this arena. Expect a mix of skepticism, humor, and serious conversation as we navigate this intricate landscape.Finally, we journey into the realm of AGI and job creation, challenging the narrative of inevitable AI-driven job losses. We speculate on the logistics behind such job creation, pondering the international AI race, and throwing in some humor about genetically modified apples for good measure. We wrap up with some playful banter about Tim's personal details and offer heartfelt thanks to our listeners. We hope you subscribe, follow us on social media, and visit our website for the full scoop. Our discussion is as juicy as a genetically modified apple, and you won't want to miss a bite!Wake up babe, a new apple just dropped:https://www.kissabel.com/Check out the Fortnightly Cloud Networking Newshttps://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/Visit our website and subscribe: https://www.cables2clouds.com/Follow us on Twitter: https://twitter.com/cables2cloudsFollow us on YouTube: https://www.youtube.com/@cables2clouds/Follow us on TikTok: https://www.tiktok.com/@cables2cloudsMerch Store: https://store.cables2clouds.com/Join the Discord Study group: https://artofneteng.com/iaatj
Take a Network Break! This week we cover a new Juniper announcement and discuss how the company is bringing its security portfolio under its AI umbrella, Aryaka adding CASB to its SASE menu, and whether the FTC’s prescriptive security requirements for Marriott will actually lead to better security. Cisco invests in a GPU-as-a-Service startup, stealthy... Read more »
Take a Network Break! This week we cover a new Juniper announcement and discuss how the company is bringing its security portfolio under its AI umbrella, Aryaka adding CASB to its SASE menu, and whether the FTC’s prescriptive security requirements for Marriott will actually lead to better security. Cisco invests in a GPU-as-a-Service startup, stealthy... Read more »
Take a Network Break! This week we cover a new Juniper announcement and discuss how the company is bringing its security portfolio under its AI umbrella, Aryaka adding CASB to its SASE menu, and whether the FTC’s prescriptive security requirements for Marriott will actually lead to better security. Cisco invests in a GPU-as-a-Service startup, stealthy... Read more »
In this episode of CISO Tradecraft, hosted by G Mark Hardy, you'll learn about four crucial tools in cloud security: CNAPP, CASB, CSPM, and CWPP. These tools serve various functions like protecting cloud-native applications, managing access security, maintaining cloud posture, and securing cloud workloads. The discussion covers their roles, benefits, key success metrics, and best practices for CISOs. As the cloud security landscape evolves, understanding and integrating these tools is vital for keeping your organization safe against cyber threats. Transcripts: https://docs.google.com/document/d/1Mx9qr30RuWrDUw1TLNkUDQ8xo4xvQdP_ Chapters 00:00 Introduction to Cloud Security Tools 02:24 Understanding CNAPP: The Comprehensive Cyber Defense 08:13 Exploring CASB: The Cloud Access Gatekeeper 11:12 Diving into CSPM: Ensuring Cloud Compliance 13:40 CWPP: Protecting Cloud Workloads 15:08 Best Practices for Cloud Security 15:54 Conclusion and Final Thoughts
Secure Access Service Edge, or SASE, combines SD-WAN with cloud-delivered security services including next-gen firewall, CASB, secure web gateway, and others. You can mix and match your SD-WAN and cloud security, but today Rajesh Kari from Palo Alto Networks is here to advocate for the benefits of their single-vendor option. We talk performance, security, and... Read more »
Secure Access Service Edge, or SASE, combines SD-WAN with cloud-delivered security services including next-gen firewall, CASB, secure web gateway, and others. You can mix and match your SD-WAN and cloud security, but today Rajesh Kari from Palo Alto Networks is here to advocate for the benefits of their single-vendor option. We talk performance, security, and... Read more »
Is the policy review process somewhat confusing? CASB's Policy Specialists, Kristina Gutierrez and Holly Burg, break it down into steps so you know how to organize your board meeting agenda, who should have input into policy updates, and depending on your board policy BG, how many meetings you are required to have in order to adopt policy and/or policy updates.
Secure Access Service Edge, or SASE, combines SD-WAN with cloud-delivered security services including next-gen firewall, CASB, secure web gateway, and others. You can mix and match your SD-WAN and cloud security, but today Rajesh Kari from Palo Alto Networks is here to advocate for the benefits of their single-vendor option. We talk performance, security, and... Read more »
Guest: Arie Zilberstein, CEO and Co-Founder at Gem Security Topics: How does Cloud Detection and Response (CDR) differ from traditional, on-premises detection and response? What are the key challenges of cloud detection and response? Often we lift and shift our teams to Cloud, and not always for bad reasons, so what's your advice on how to teach the old dogs new tricks: “on-premise-trained” D&R teams and cloud D&R? What is this new CIRA thing that Gartner just cooked up? Should CIRA exist as a separate market or technology or is this just a slice of CDR or even SIEM perhaps? What do you tell people who say that “SIEM is their CDR”? What are the key roles and responsibilities of the CDR team? How is the cloud D&R process related to DevOps and cloud-style IT processes? Resources: Video version of this episode Cloud breaches databases EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? 9 Megatrends drive cloud adoption—and improve security for all “Emerging Tech: Security — Cloud Investigation and Response Automation (CIRA) Offers Transformation Opportunities” (Gartner access required) “Does the World Need Cloud Detection and Response (CDR)?” blog
If you're a new board member you may be a bit overwhelmed with the policy coding system. This podcast shares the why and the what to the system so you can become familiar with your board policies in no time. Make sure to access CASB's top 20 policies board members should know, which is available on our website at www.casb.org.
SaaS Applications support large companies, small startups. We inevitably accumulate SAAS applications to manage our employees, payroll, communication with things like Workday, Slack, Salesforce and now even things like ChatGPT. But how do you find out what you have and if they are secure. We spoke about all things SSPM with Max Feldman who has done Product Security for years at companies like Slack, Salesforce and now AppOmni. Thank you to our episode sponsor AppOmni You can get a copy of their SaaS Security Posture Management Report 2023 here Guest Socials: Max's Linkedin (@maxfeldman14) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Questions asked: (00:00) Introduction (04:20) A bit about Max (04:48) What is a SaaS application? (05:45) What is SSPM? (09:33) When to consider a SSPM? (15:45) SaaS and the Cloud (16:39) SaaS Attack Surface (19:34) CASB vs SSPM (24:00) Is ChatGPT a SaaS application? (25:07) SSPM vs CSPM + CNAPP (27:33) SSO and Onboarding (29:21) Starting a SaaS Security Program (36:48) Challenges with SaaS Security Program (41:50) Where you can find Max!
Guest: Adrian Sanabria, Director of Valence Threat Labs at Valence Security, ex-analyst Topics: When people talk about “cloud security” they often forget SaaS, what should be the structured approach to using SaaS securely or securing SaaS? What are the incidents telling us about the realistic threats to SaaS tools? Is the Microsoft 365 breach a SaaS breach, a cloud breach or something else? Do we really need CVEs for SaaS vulnerabilities? What are the least understood aspects of securing SaaS? What do you tell the organizations who assume that “SaaS vendor takes care of all SaaS security”? Isn't CASB the answer to all SaaS security issues? We also have SSPM now too? Do we really need more tools? Resources: VIdeo (LinkedIn, YouTube) EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? Valence 2023 State of SaaS Security report DHS Launches First-Ever Cyber Safety Review Board Enterprise Security Weekly podcast CloudVulnDb and another cloud vulnerability list Cyber Safety Review Board (CSRB) by CISA
Cloud environments often have poor visibility and monitoring, and sensitive corporate data can be placed in many different locations – object stores, databases, and so on. Maintaining access control is hard, and managing compliance and governance on that access and data is a real problem. And each cloud has its own proprietary security tools that... Read more »
Cloud environments often have poor visibility and monitoring, and controlling access to sensitive corporate data is difficult. We speak with sponsor Palo Alto Networks about how it integrates CASB and Data Loss Prevention to control Web access and prevent sensitive information from leaking from your organization. The post HN709: Protecting Data, Apps With Cloud DLP And CASB (Sponsored) appeared first on Packet Pushers.
Cloud environments often have poor visibility and monitoring, and sensitive corporate data can be placed in many different locations – object stores, databases, and so on. Maintaining access control is hard, and managing compliance and governance on that access and data is a real problem. And each cloud has its own proprietary security tools that... Read more »
Cloud environments often have poor visibility and monitoring, and controlling access to sensitive corporate data is difficult. We speak with sponsor Palo Alto Networks about how it integrates CASB and Data Loss Prevention to control Web access and prevent sensitive information from leaking from your organization. The post HN709: Protecting Data, Apps With Cloud DLP And CASB (Sponsored) appeared first on Packet Pushers.
Cloud environments often have poor visibility and monitoring, and controlling access to sensitive corporate data is difficult. We speak with sponsor Palo Alto Networks about how it integrates CASB and Data Loss Prevention to control Web access and prevent sensitive information from leaking from your organization. The post HN709: Protecting Data, Apps With Cloud DLP And CASB (Sponsored) appeared first on Packet Pushers.
Cloud environments often have poor visibility and monitoring, and sensitive corporate data can be placed in many different locations – object stores, databases, and so on. Maintaining access control is hard, and managing compliance and governance on that access and data is a real problem. And each cloud has its own proprietary security tools that... Read more »
Susana Cordova is Colorado's newest Commissioner of Education and she brings of wealth of education knowledge with her to this position. Susana is not new to Colorado or education. Get to know her and her hopes and dreams for the education system in our state that benefits all students regardless of where they live.
Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Andrew Storms, VP of security, Replicated Thanks to our show sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni. All links and the video of this episode can be found on CISO Series.com
GPUs vulnerable to pixel-stealing attacks Info-stealing commits hit GitHub Alleged Sony hackers hit NTT Docomo Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
Mixin Network loses $200 million Kia and Hyundai exploit linked to massive car thefts Stress testing voting equipment Thanks to today's episode sponsor, AppOmni Are you confident in your organization's SaaS security? AppOmni surveyed 600+ security practitioners globally and 71% answered yes. But 79% experienced SaaS cybersecurity incidents. What's behind this disconnect? CISOs believe they have a mature level of SaaS cybersecurity using CASB, MFA, and IdP. But these solutions lack unified risk visibility. Without SSPM, they're blind to the true extent of their SaaS attack surface risk. Don't gamble with your data. Get the visibility and insights you need to protect your SaaS environment with AppOmni.
Peter Sheahan, well known leadership consultant and speaker, is joining CASB for their 83rd Annual Convention on Friday, December 8, 2023 to speak on AI, K12 education, and student mental health. Hear what Peter has in mind for his keynote address and why you should attend.
In a digital age marked by rapid technological advancements and increased global connectivity, ensuring cybersecurity for large corporations can often seem daunting. Today, I am joined by Doug Shepherd, Senior Director of Offensive Security and Global Insider Risk for Jones Lang LaSalle (JLL). This leading, billion-dollar real-estate services company spans 80 countries. JLL's challenges are multifaceted: ensuring the safety of a decentralized workforce, navigating the complex terrains of diverse privacy laws and regulations across continents, and maintaining real-time visibility into an impressive 100,000 endpoints. During our insightful chat, we delved deep into the previous security issues faced by JLL. The intricacies of having endpoint checks just every 75 days, coinciding with password changes, posed significant risks. Doug sheds light on the dynamics of managing security across different jurisdictions, emphasizing the importance of local expertise and overarching global strategies. Together, we explore the prevalent cyber threats that JLL and other organizations of its stature grapple with. Doug shares the transformative impact of real-time endpoint monitoring on JLL's cybersecurity posture, highlighting its role in enhancing incident response capabilities. The broader industry has its challenges. Doug and I discuss the relentless pace of the cybersecurity sector, the balancing act between data privacy and augmented security measures, and the critical symbiosis between security and business. The episode also touches on innovative training programs and technologies, such as Immersive Labs and CASB, that are ushering in a new era of cybersecurity preparedness. Wrapping up, Doug, with his rich background as a former 'spook' and red team leader, offers a nuanced perspective on the pressing need to find the middle ground between rigorous data collection and upholding privacy. Join us in this riveting episode as we journey through the cyber labyrinths of a global giant and uncover the strategies, challenges, and solutions that shape the future of organizational security.
Our guest for the show is Sandro, Sandro is a cybersecurity veteran with over 20 years of experience architecting network, cloud, CASB, and remote access security. Sandro manages the technical tasks of the Mammoth Cyber Customer Engagement programs. Before Mammoth Cyber, Sandro launched cloud and network security solutions and customer success services at Valtix, Palo Alto Networks, and Fortinet. Season 4 KickOff episode with Chase • Season 4 Kickoff ... White Paper Link: https://d7qns16l91y68.cloudfront.net/... Demo: https://mammothcyber.com/contact About Sando: A cybersecurity veteran with over 20 years of experience architecting network, cloud, CASB and remote access security, Sandro manages the technical tasks of the Mammoth Cyber Customer Engagement programs. Before Mammoth Cyber, Sandro launched cloud and network security solutions and customer success services at Valtix, Palo Alto Networks and Fortinet. About Mammoth: Mammoth Cyber's Enterprise Access Browser is a new approach with unsurpassed visibility, context and control to provide secure access to remote users and contractors.
Guest: Steve Riley, Field CTO, Netskope, ex-Gartner Research VP Topics: Analysts (well, like Steve and Anton in the past?) say that “cloud is secure, but clients just aren't using it securely”, what is your reaction to this today? When clients hear “use cloud securely”, what do you think comes to their minds? How would you approach planning for secure use of the cloud or using cloud securely? What is your view of cloud defense in depth (DiD) or layered defenses? How do you suggest clients think about it? What about DiD for SaaS? What are your thoughts on the evolution of zero trust? How has it changed since its introduction back in 2010? Awareness of and interest in SSE and SASE is growing. But at the same time, plenty of folks seem deeply perplexed by these. How would you explain them to someone not deeply immersed in the details? Resources: Video (LinkedIn, YouTube) Bruce Schneier books Netskope blog “Deploy Security Capabilities at Scale: SRE Explains How” (ep85) “Zero Trust: Fast Forward from 2010 to 2021” (ep8) “Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?” (ep76) “How to Approach Cloud in a Cloudy Way, not As Somebody Else's Computer?” (ep115) "Use Cloud Securely? What Does This Even Mean?!" "How to Solve the Mystery of Cloud Defense in Depth?"
Join Tracie Rainey, Executive Director at the Colorado School Finance Project, Matt Cook, CASB's Director of Public Policy & Advocacy, Leslie Bogar, CASB's Director of Professional Learning, and Bryce Reedy, CASB's Communications Specialist, as they dive into Proposition HH and everything that goes along with it. Below you will find the resources discussed in the podcast. "Use our calculator to determine what your new property tax bill would be under the Colorado legislature's relief plan"- Jesse Paul, Colorado Sun, May 3, 2023. "What the 10-year Colorado property tax proposal would mean for you"- Andrew Kenney, CPR, May 4, 2023 Property Tax Talking Points Background Information
Guest: Ian Glazer, founder at Weave Identity, ex-Gartner, ex-SVP of Products at Salesforce, co-founder of IDPro Topics: OK, tell us why Identity and Access Management (IAM) is exciting (is it exciting?) Could you also explain why IAM is even more exciting in the cloud? Are you really “one IAM mistake away from a breach” in the cloud? What advice would you give to someone new to IAM? How to not just “learn IAM in the cloud” but to keep learning IAM? Is what I know about IAM in AWS the same as knowing IAM for GCP? What advice do you have for teams operating in a multi-cloud world? What are the top cloud IAM mistakes? How to avoid them? Resources: Video (LinkedIn, YouTube) IDPro association and BoK SCIM v2 standard EP60 Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM? EP76 Powering Secure SaaS … But Not with CASB? Cloud Detection and Response? EP94 Meet Cloud Security Acronyms with Anna Belak
Show Topic Summary (less than 300 words) Insider threat still exists, Lynsey Wolf talks with us about HR's role in insider threat, how prevalent investigations are in the post-pandemic work from home environment. Questions and potential sub-topics (5 minimum): What is the difference between insider threat and insider risk? Motivators of insider threat (not much different than espionage,IMO -bryan) (MICE: Money, Ideology, Compromise, and Ego.) https://thestack.technology/pentagon-leaks-insider-threat-sysadmin/ 75% of all insider threats are being kicked off by HR departments. In short, it's proactive. “How did HR figure that out?” How are investigations normally initiated? What tools are they implementing to check users or predicting a disgruntled employee?” UEBA? CASB? Employee surveys that are ‘anonymous'? Someone who reported others and it was dismissed? What if HR ‘gets it wrong' or ‘it's a hunt to find people no into ‘groupthink' or ‘not a culture fit'? https://www.cbsnews.com/news/french-worker-fired-for-not-being-fun-at-work-wins-lawsuit-cubik-responds/ How can organizations be mindful of how and what data is collected to mitigate risk without affecting employee trust? And who watches the watchers to ensure data is handled responsibly? Are there any privacy guidelines companies need to understand before they implement such a system? (GDPR? CCPA? Privacy notices? Consent to monitoring on login? https://securiti.ai/blog/hr-employee-data-protection/ ) Are companies causing the thing they are protecting against? (making an insider threat because they've become repressive?) (hoping there's an ‘everything in moderation idea here… finding the happy medium between responsible ‘observability' and ‘surveillance') Lots of ‘insider threat' tools, including from EDR companies. Do companies do a good job of explaining to employees why you need EDR? Quiet Quitting - latest term for companies to use to describe “employee has a side gig”. How does this figure into insider threat? Is it assumed that people only have one ‘thing' they do, or did the lack of a commute give people more time during the pandemic to diversify? Solutions for employees? Separate their work and private/side gig? Learn what their contract states to keep conflicts of interest or your current/past employer from taking your cool side project/start-up idea away from you? Solutions for companies? Additional information / pertinent Links (would you like to know more?): (contact info for people to reach out later): https://www.cisa.gov/detecting-and-identifying-insider-threats https://venturebeat.com/data-infrastructure/how-observability-has-changed-in-recent-years-and-whats-coming-next/ https://ccdcoe.org/library/publications/insider-threat-detection-study/ https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454627.pdf (insider threat ontology) https://www.intelligentcio.com/apac/2022/08/01/survey-reveals-organizations-see-malicious-insiders-as-a-route-for-ransomware/ https://www.helpnetsecurity.com/2022/04/08/organizations-insider-threats-issue/ https://www.fortinet.com/resources/cyberglossary/what-is-ueba https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs https://thecyberwire.com/glossary/mice https://qohash.com/the-high-price-of-trust-the-true-cost-of-insider-threats/ https://abc7chicago.com/classified-documents-jack-teixeira-air-national-guard-arrest/13126206/ (Air National Guardsman accused in military records leak makes 1st court appearance - story still developing as of 16 April 2023) https://www.theverge.com/2020/8/4/21354906/anthony-levandowski-waymo-uber-lawsuit-sentence-18-months-prison-lawsuit Show Points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @bryanbrake@mastodon.social Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec Youtube: https://youtube.com/c/BDSPodcast
Join Leslie Bogar, CASB's Director of Professional Learning, Lindley McCrary, CASB's President-Elect, and Brian Ewert, Littleton Public Schools Superintendent, as they discuss rural advocacy from the larger school district dias.
In the enterprise security news, A light week in funding, after last week's mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House's updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw308
In this episode, we talk about application security with guest Tanya Janca. Hear our discussion on the tension between authentication and authorization, the prevalence of API security flaws, the upcoming open comment period for the new version of the OWASP Top Ten, and the inadequacy of API security measures. We also discussed the importance of designing an effective security program for different industry companies, the differences between CSPM and CASB, the use of tools, and the importance of keeping up with updates. Read the associated short blog on Application Security: https://www.horangi.com/blog/exploring-the-challenges-of-application-security - About Horangi Cybersecurity -- More information about the Ask A CISO podcast: https://www.horangi.com/resources/ask-a-ciso-podcast About Horangi Cyber Security: https://www.horangi.com - About the Guest -- Tanya's LinkedIn: https://www.linkedin.com/in/tanya-janca/ SheHacksPurple: https://shehackspurple.ca/ - Get Tanya's book here -- https://a.co/d/cY33RL0
Navindra Yadav is the co-founder and CEO of Theom, the cloud data security leader. He and the team recently raised a $16M series A from an impressive group of investors including Microsoft's M12 venture fund and Ridge Ventures. Prior to Theom, Navindra was the founder and CEO at Tetration and prior to that he was a distinguished engineer at Cisco. Navindra's work has received more than 182 patents.For full disclosure, Dan is an investor in Theom. Thanks to Patty Hatter, great former guest, for introducing us to Navindra.Listen and learn... What CISOs least understand about the security of enterprise data Why CASBs (Cloud Access Security Brokers) are inherently vulnerable The hardest technical problem Theom has solved How to assign a “criticality score” to data How to use NLP (natural language processing) to detect PII (personally identifiable information) How to protect from unauthorized data access through social engineering Why data stores like Snowflake, Databricks, and Confluent don't already monitor data inappropriately leaving their platforms? When consumers will be able to trust that data they provide SaaS vendors is secure. The security startup Navindra and Dan are ready to fund! References in this episode… Navindra's company: Theom.ai Patty Hatter on AI and the Future of Work Congressman Ted Lieu on the creation of an “FDA” equivalent to regulate AI
You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!). This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more! Looking at topics around go-to-market strategy and product management, including: how building products is unique in cybersecurity compared to other industries, what is product-led growth and what shape it takes in security, and how to do it right. Touching on the broader and adjacent topics of writing, supporting cybersecurity startups, investing, and the like. Segment Resources: Venture in Security blog: https://ventureinsecurity.net/ Venture in Security Angel Syndicate: https://www.visangels.com/ Building Cyber Collective: https://ventureinsecurity.net/p/buildingcyber Top Venture in Security Articles: https://ventureinsecurity.net/p/top-posts Finally, in the enterprise security news, A light week in funding, after last week's mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House's updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw308
You know SBOMs can help you keep track of your software assets and therefore, their vulnerabilities. Despite even the White House pressing the issue, many vendors aren't forthcoming with SBOMs, and you can't afford to wait. With Tanium's Roland Diaz, we'll discuss the most important considerations when generating your own SBOMs (which is now something their product can also do!). This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more! Looking at topics around go-to-market strategy and product management, including: how building products is unique in cybersecurity compared to other industries, what is product-led growth and what shape it takes in security, and how to do it right. Touching on the broader and adjacent topics of writing, supporting cybersecurity startups, investing, and the like. Segment Resources: Venture in Security blog: https://ventureinsecurity.net/ Venture in Security Angel Syndicate: https://www.visangels.com/ Building Cyber Collective: https://ventureinsecurity.net/p/buildingcyber Top Venture in Security Articles: https://ventureinsecurity.net/p/top-posts Finally, in the enterprise security news, A light week in funding, after last week's mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House's updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw308
In the enterprise security news, A light week in funding, after last week's mega raises from Wiz and Sandbox AQ HP acquires some Zero Trust and CASB with Axis Security InfoSec-themed Table Top gaming is really catching on The White House's updated cybersecurity strategy is more of an update than a game changer I go a bit nuts with AI news and essays, but a lot of it is really worth your time, I promise Doing evil things with chrome extensions Women in cybersecurity Letting strangers call you, on purpose All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw308
In our first 3 eipisodes, Joe Bombagi, Director of SASE Systems Engineering in EMEA at Palo Alto Networks and Arrow's David Smith discussed the technologies that are part of the Prisma SASE solution, including ZTNA 2.0, next-generation CASB, SD-WAN and Prisma Access. In our 4th and final episode of this exclusive series, we look at the overall value to partners of a fully unified SASE. Joe and David discuss exactly what's in it for the partners, the sorts of projects partners will discover, the kinds of services available, how these are broken down, and most importantly, what is the customers view on what role the partner or managed service provider plays when it comes to SASE. We also have a free guide to download and keep to accompany the series. Get your copy of this brilliant eBook today and listen back to all four episdodes of the podcast. Visit our microsite today: https://secure-eugo.arrow.com/Prisma_SASE
SASE is a networking and security model first outlined by Gartner. It supports cloud-focused organisations by merging networking and network security services into a single, cloud-delivered solution. This third episode featuring Palo Alto Networks' Joe Bombagi, EMEA Director of SASE Systems Engineering looks at the newer capabilities and the expansion opportunities of Prisma SASE, including Next-generation CASB and Prisma Access. In this exclusive podcast, Joe also discusses the capabilities of SD-WAN and Palo Alto Networks' approach to the solution. If you missed our first two episodes of the Arrow Bandwidth Podcast, you can listen or watch them for free now. We also have a free guide to download and keep to accompany the series. Get your copy of this brilliant eBook today. Visit our microsite today: https://secure-eugo.arrow.com/Prisma_SASE
Brandon Evans and fellow cloud security podcaster Ashish Rajan, host of the Cloud Security Podcast and Principal Cloud Security Advocate for Snyk, chat about developer-first security, multicloud abstraction layers, cybersecurity conferences, and the 5 Cs of cloud security products (CASB, CIEM, CNAPP, CSPM, and CWPP).Our Guest - Ashish RajanAshish Rajan is the host of the wildly popular Cloud Security Podcast, a CISO, CyberSecurity Influencer, a SANS Trainer for Cloud Security and an outspoken opinion leader on all things Cloud Security & DevSecOps. He is a frequent contributor on topics related to public cloud transformation, DevSecOps, Future Tech and the associated security challenges for practitioners and CISOs.Follow AshishTwitterLinkedInWebSponsor's Note:Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security.Review and Download Cloud Security Resources: sans.org/cloud-security/Join our growing and diverse community of cloud security professionals on your platform of choice:Discord | Twitter | LinkedIn | YouTubeSPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube
Data is a cornerstone of modern business, but it's no longer confined to the local enterprise network. Rather, data must be shared for business to function and files which contain highly sensitive data increase business risk significantly. Returning to the podcast is Seclore's Vice President of Partner and Channel Sales, Keith Mozena. Together, we'll discuss the shift in modern data-centric security practices, how to address today's data challenges without sacrificing on security, accessibility or trackability, and how these practices complement data loss prevention (DLP) and cloud access security broker (CASB) products. About Today's Guest Keith Mozena is the Vice President of Partner and Channel Sales at Seclore Inc. He is an avid saltwater fisherman who has spent over 20 years working for innovative software companies to address challenging business data problems. Currently, he is solving one of the toughest cybersecurity problems around –protecting unstructured data anywhere it needs to be used, internally and with 3rd party partners. Keith has built dynamic partner communities across several technology companies, including: Saviynt, Symantec, Calico Commerce, EY, KPMG, and IBM. About Your Host Mackenzie King is the Go-To-Market Product Business Manager (PBM) for cloud vendors and the host of TD SYNNEX CloudSolv's podcast, The Vibe! Mackenzie is an avid Dawg fan as a graduate of the University of Georgia with both a Marketing and International Business degree. She also recently completed a certificate program through Harvard Business School Online in Economics, Accounting and Data Analytics. For More Information Check out these resources for more information on accelerating your cloud practice with TD SYNNEX and Seclore: TD SYNNEX and Seclore Website Seclore Infographic: Who is Protecting the Data in Your Organization? Seclore Video: Understanding Data Centric Security
Is it difficult to keep up with all the fast-paced changes in the network security space these days? At the end of the day, you just want to make sure your network and users are protected but acronym overload is high! Join Meraki for a network security discussion. Learn where they are headed and how the Cisco MX product—powered by the robust threat intelligence engine, Cisco Talos—can protect your organization. Questions addressed How does MX firewall play into the cloud? Where do you begin? How do you create a consistent experience for remote and in-office users? How can organizations leverage zero trust? How does ISE, Umbrella, and other security products tie together? (Hint: Cisco SecureX and Meraki Dashboard) Are there different integrations that exist that can be used? How can I leverage systems manager to make sure non-compliant software doesn't access my firewall/ corporate network? What are the data loss prevention features? How can CASB help with protecting data in cloud-based platforms? How can we begin to use APIs to make our lives easier? Learn more https://meraki.cisco.com/products/security-sd-wan/?dtid=opdcsnc001469 Follow us https://twitter.com/CiscoChampion Cisco Champion Hosts Evan Mintzer (twitter.com/evanmintzer), Ashfield Healthcare, Information Security Manager Len Ledford, Cerium Networks, Technical Solutions Architect Zoe Rose (twitter.com/RoseSecOps), Canon EMEA, Regional and Supplier Information Security Guest Chris Weber, Cisco, Engineering Product Manager, Meraki Moderator Amilee San Juan (twitter.com/amileesan1), Cisco, Customer Voices and Cisco Champion Program
Guest: Dr Anna Belak, Director of Thought Leadership at Sysdig, former Gartner analyst Questions: Analysts (and vendors) coined a log of “C-something acronyms” for cloud security, and two of the people on this episode were directly involved in some of them. What do you make of all the cloud security acronym proliferation? What is CSPM? What gets better when you deploy it? What is CWPP? Does anything get better when you deploy it? What is CNAPP? What gets better when you deploy it? What is CIEM, Anton's least fave acronym? Now, what about CDR? Resources: Gartner acronym glossary “Container Security: The Past or The Future?” (ep54, with Anna as well) “Automate and/or Die?” (ep3) “Impersonating Service Accounts in GCP and Beyond: Cloud Security Is About IAM?” (ep60) “Powering Secure SaaS … But Not with CASB? Cloud Detection and Response?” (ep76) “Does the World Need Cloud Detection and Response (CDR)?” “Announcing Virtual Machine Threat Detection now generally available to Cloud customers” Sysdig Threat Report Blog 2022 Sysdig Cloud-Native Threat Report Anatomy of Cloud Attacks
Guest: Ben Johnson, CTO/co-founder @ Obsidian Security Topics: Why is there so much attention lately on SaaS security? Doesn't this area date back to 2015 or so? What do you see as the primary challenges in securing SaaS? What does a SaaS threat model look like? What are the top threats you see? CASB has been the fastest growing security market and it has grown into a broad platform and many assume that “securing SaaS = using CASB”, what are they missing? Where would another technology to secure SaaS fit architecturally, inline with CASB or as another API-based system? Securing IaaS spanned a robust ecosystem of vendors (CWPP, CSPM, now CNAPP) and many of these have ambitions for securing SaaS, thus clashing with CASB. Where do you fit in this battle? For a while, you were talking more about CDR - what is it and do we really need a separate CDR technology? Resources: Obsidian Security blog and Resource Center Does the World Need Cloud Detection and Response (CDR)? blog Does the world need Cloud Detection and Response (CDR) as a new market segment? poll MITRE ATT&CK for SaaS matrix CISA SCUBA resource “Essentialism” book.
On today's Tech Bytes podcast, sponsored by Palo Alto Networks, we're going to talk about how a SASE architecture and a next-generation CASB, or Cloud Access Security Broker, can help security teams manage SaaS risks.
On today's Tech Bytes podcast, sponsored by Palo Alto Networks, we're going to talk about how a SASE architecture and a next-generation CASB, or Cloud Access Security Broker, can help security teams manage SaaS risks.