Podcasts about core security

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Faraday chief executive Federico 'Fede' Kirschbaum joins the show to talk about building a startup in the vulnerability management space, the intricacies of the Argentinian hacking culture, stories of exploit writers and mercenary hackers, and the overwhelming U.S.-centric view of the cybersecurity industry.

Three things to know today   00:00 Managed Services Adoption on the Rise, with Focus Shifting from Infrastructure to Core Security and Business Process Automation 02:09 Kaseya's IT Operations Report: Increased Outsourcing and Demand for Security Training Among IT Organizations 03:38 Widening Wage Gap in Tech: New Data Shows Disparity Grows for Underrepresented Groups     Advertiser:  https://linode.com/mspradio/       Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/   Support the show on Patreon:  https://patreon.com/mspradio/   Want our stuff?  Cool Merch?  Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com   Follow us on: Facebook: https://www.facebook.com/mspradionews/ Twitter: https://twitter.com/mspradionews/ Instagram: https://www.instagram.com/mspradio/ LinkedIn: https://www.linkedin.com/company/28908079/  

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing's role, helping to determine how these services, tools, and skills must evolve.   Segment Resources: https://www.fortra.com/resources/guides/2023-pen-testing-report   This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw313 

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing's role, helping to determine how these services, tools, and skills must evolve.   Segment Resources:  https://www.fortra.com/resources/guides/2023-pen-testing-report   This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!   Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly regulated industries such as government, finance, and energy sector. This session will cover how RegScale is leading a RegOps movement to bring the principles of DevOps to compliance with the world's first real-time GRC system that enables compliance as code via NIST OSCAL. RegOps seeks to shift compliance left to make it real-time, continuous, and complete so that paperwork is always up to date, self-updating, and takes less manual resources to manage.  Segment Resources: Website – https://www.regscale.com Documentation/Learn More – https://regscale.readme.io   In this news segment, we discuss the art of branding/naming security companies, some new cars just out of stealth, 5 startups just out of Y Combinator, and Cybereason's $100M round from Softbank. We also talk new features (Semgrep's new GPT-4 use case), new newsletters, and new reports. We break down Nexx's broken vulnerability disclosure program and its broken products. We also discuss the FDA's new ability to block device certification for security reasons. Android announces rules to make it easier for consumers to delete accounts and remove data when they uninstall apps. IT and Security professionals everywhere are asked not to report breaches, but in some countries more than others. CISOs are more prone to drinking problems, and finally, for our squirrel stories, we discuss a crazy app called Newnew and new ideas in prosthetics.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw313 

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing's role, helping to determine how these services, tools, and skills must evolve.   Segment Resources:  https://www.fortra.com/resources/guides/2023-pen-testing-report   This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!   Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly regulated industries such as government, finance, and energy sector. This session will cover how RegScale is leading a RegOps movement to bring the principles of DevOps to compliance with the world's first real-time GRC system that enables compliance as code via NIST OSCAL. RegOps seeks to shift compliance left to make it real-time, continuous, and complete so that paperwork is always up to date, self-updating, and takes less manual resources to manage.  Segment Resources: Website – https://www.regscale.com Documentation/Learn More – https://regscale.readme.io   In this news segment, we discuss the art of branding/naming security companies, some new cars just out of stealth, 5 startups just out of Y Combinator, and Cybereason's $100M round from Softbank. We also talk new features (Semgrep's new GPT-4 use case), new newsletters, and new reports. We break down Nexx's broken vulnerability disclosure program and its broken products. We also discuss the FDA's new ability to block device certification for security reasons. Android announces rules to make it easier for consumers to delete accounts and remove data when they uninstall apps. IT and Security professionals everywhere are asked not to report breaches, but in some countries more than others. CISOs are more prone to drinking problems, and finally, for our squirrel stories, we discuss a crazy app called Newnew and new ideas in prosthetics.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw313 

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing's role, helping to determine how these services, tools, and skills must evolve.   Segment Resources: https://www.fortra.com/resources/guides/2023-pen-testing-report   This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw313 

Christian Wenz works as a consultant, trainer, and author with a focus on web technologies and is the author or co-author of over 100 computer books. He regularly contributes to various IT magazines and speaks at conferences around the globe. Christian holds a "Diplom" (the German equivalent of a master's degree) in Computer Sciences, and one in Business Informatics. In his day job, he is one of the founders of the web agency Arrabiata Solutions (http://www.arrabiata.com/) with offices in Munich, Germany, and in London, UK. He also frequently works with development teams to make their applications better performing, more secure, and more reliable.   Topics of Discussion: [2:51] Has Christian really written over 100 computer books? Christian talks about the books and the high points of technology that he has worked in. [7:16] What is the OWASP (Open Web Application Security Project) Top 10 list? [10:33] You always have to be aware that something may go wrong, and have a security mindset. [12:05] Again and again, make sure that you understand the fundamentals of web app security, because eventually, you will make a mistake in your code. [12:30] What is insecure design? [13:43] Christian talks about the enumeration scheme CWE: common weakness enumeration, which basically assigns a number to each risk or attack. [17:00] How should people be logging into their web sessions now with .NET7? [18:31] The major mistake you can make these days is to write your own authentication mechanism. [23:57] What is Christian's favorite mechanism today for securing HTTP web services? [31:05] What are some of the tools Christian always reaches for, and how do we differentiate between static auditing and dynamically auditing an application?   Mentioned in this Episode: Clear Measure Way Architect Forum Software Engineer Forum Programming with Palermo — New Video Podcast! Email us programming@palermo.network Clear Measure, Inc. (Sponsor) .NET DevOps for Azure: A Developer's Guide to DevOps Architecture the Right Way, by Jeffrey Palermo — Available on Amazon! Jeffrey Palermo's Twitter — Follow to stay informed about future events! Architect Tips — Video podcast! Azure DevOps Christian Microsoft Profile ASP.NET Core Security Christian's Books on Amazon OWASP Identity Server Dependabot Security Code Scan Configuring Code Scanning for a Repository   Want to Learn More? Visit AzureDevOps.Show for show notes and additional episodes.

Former Federal Agent Joe Bezotte, the CEO and Founder of Core Security Consulting joined the podcast to discuss all things Genesis Ranch, the upcoming Oktoberfest celebration at the Ranch, the high-level courses he offers, the Core Security training culture, the Miles Dei Youth program and more!Facebook and Instagram: Genesis Ranch and Core Security Consultingwww.coresecuritymn.comwww.genesisranch.org#fightthegoodfightSupport the show

Did you know there has been a fundamental restructuring of cybercrime cartels thanks to a booming dark web economy of scale? Powerful cybercriminal groups now operate like multinational corporations and are relied upon by traditional crime syndicates to carry out illegal activities such as extortion and money laundering. As a result, cybercrime cartels are more organized than ever before and often enjoy greater protection and resources from the nation-states that view them as national assets. A recent report from VMware found that 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year. Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code. Tom Kellermann, Head of Cybersecurity Strategy, joins me on Tech Talks Daily to discuss the findings in the report and share his insights. About Tom Kellermann Tom Kellermann is the Head of Cybersecurity Strategy for VMware Inc. Previously, Tom held the position of Chief Cybersecurity Officer for Carbon Black Inc. Before joining Carbon Black, Tom was the CEO and founder of Strategic Cyber Ventures. In 2020, he was appointed to the Cyber Investigations Advisory Board for the United States Secret Service. Additionally, on January 19, 2017, Tom was appointed the Wilson Center's Global Fellow for Cyber Policy. Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro; Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008 Tom was appointed a commissioner on the Commission on Cyber Security for the 44th President of the United States. In 2003 he co-authored the Book “Electronic Safety and Soundness: Securing Finance in a New Age.”

With cybersecurity attacks continually on the rise, security teams are under more pressure than ever. It's imperative to use your pen testing resources wisely, leveraging automation capabilities where it makes sense to save time and help conduct more impactful engagements. During this interview, Bob Erdman will discuss how to find the right balance between the reliability and efficiency of pen testing automation with the astuteness and logic of human intervention.   Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

With cybersecurity attacks continually on the rise, security teams are under more pressure than ever. It's imperative to use your pen testing resources wisely, leveraging automation capabilities where it makes sense to save time and help conduct more impactful engagements. During this interview, Bob Erdman will discuss how to find the right balance between the reliability and efficiency of pen testing automation with the astuteness and logic of human intervention.   Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

In our first segment, we welcome Bob Erdman, Director of Development at HelpSystems to discuss The Role of Automation in Pen Testing! Then, Justin Tolman, Forensic Evangelist at Exterro joins us to discuss Forensic Challenges for Security Professionals! Finally in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck? Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Segment Resources: FTK Over the Air podcast: https://www.exterro.com/ftk-over-the-air-podcast FTK Feature Focus weekly videos: https://youtube.com/playlist?list=PLjlGL4cu_NaM0e7h1RCTJwNnZb-dyUf3B This segment is sponsored by Exterro. Visit https://securityweekly.com/exterro to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw269

In our first segment, we welcome Bob Erdman, Director of Development at HelpSystems to discuss The Role of Automation in Pen Testing! Then, Justin Tolman, Forensic Evangelist at Exterro joins us to discuss Forensic Challenges for Security Professionals! Finally in the Enterprise News: Datto to be Acquired by Kaseya for $6.2 Billion, with Funding Led by Insight Partners, Perforce Software Puppet, Synopsys acquires Juniper Networks, Managed detection and response startup Critical Start lands $215M in funding, Thinking About the Future of InfoSec, DuckDuckGo launches Mac app in beta, How I automated my presence in video calls for a week (and nobody knew), Why Do So Many Cybersecurity Products Suck? Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Segment Resources: FTK Over the Air podcast: https://www.exterro.com/ftk-over-the-air-podcast FTK Feature Focus weekly videos: https://youtube.com/playlist?list=PLjlGL4cu_NaM0e7h1RCTJwNnZb-dyUf3B This segment is sponsored by Exterro. Visit https://securityweekly.com/exterro to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw269

This week, in our first segment we're joined by Johanna Ydergard, VP of Product at Detectify joins us to cover a brief overview of the attack surface market - what it is, why it's necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify's unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Next, Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems! Finally, this week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, Incident Reporting Signed into Law, & more!   Show Notes: https://securityweekly.com/esw265 Segment Resources: https://detectify.com/external-attack-surface-management https://detectify.com/crowdsource/what-is-crowdsource [Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf [Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf   Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment we're joined by Johanna Ydergard, VP of Product at Detectify joins us to cover a brief overview of the attack surface market - what it is, why it's necessary to have an additional tool along with DAST, SAST. It will also cover how Detectify's unique advantage of crowdsourcing is a true differentiator in the EASM market and how the model differs from the big Bug Bounty Platforms. It will detail on how Detectify collaborates with ethical hackers to crowdsource security research from the forefront of the industry, so you can check for 2000+ common vulnerabilities. Next, Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems! Finally, this week in the Enterprise News: Quincy man rescues coworker from Ukraine, Cloudflare Email Security Tools, New CISA Vulns, RSA Conference Acquired, Massive Rounds, Incident Reporting Signed into Law, & more!   Show Notes: https://securityweekly.com/esw265 Segment Resources: https://detectify.com/external-attack-surface-management https://detectify.com/crowdsource/what-is-crowdsource [Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf [Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf   Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems.   Segment Resources: [ Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf [Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw265

Learn how a proactive cybersecurity program can be a game changer for an organization's success through continuously assessing risk and evolving to stay ahead of threats. Join us as we discuss impactful ways to stay one step ahead with Pablo Zurro, Product Manager at Core Security, by HelpSystems.   Segment Resources: [ Guide] Taking Back Control: A Proactive Approach to Advance Your Security Maturity - https://static.helpsystems.com/core-security/pdfs/guides/cs-advancing-your-security-maturity-gd.pdf [Video] Core Impact Pen Testing Software Overview - https://www.coresecurity.com/resources/videos/core-impact-overview https://static.helpsystems.com/hs/pdfs/2022/datasheet/hs-security-maturity-matrix-ds.pdf   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw265

Risk-based vulnerability management is more than just a vulnerability scan or assessment. It incorporates relevant risk context and analysis to prioritize the vulnerabilities that pose the greatest risk to your organization This segment will explore the elements of a successful vulnerability management program and impactful ways to build upon your foundation.   Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw693

Risk-based vulnerability management is more than just a vulnerability scan or assessment. It incorporates relevant risk context and analysis to prioritize the vulnerabilities that pose the greatest risk to your organization This segment will explore the elements of a successful vulnerability management program and impactful ways to build upon your foundation.   Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw693

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Discord, the always popular Chinese APTs, exploits you should be concerned about, job expectations, westeal your crypto currency, quick and dirty python (without lists), new spectre attacks, Github says don't post evil malware and more!   Show Notes: https://securityweekly.com/psw693 Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/   Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on Cyber! In the Security News, Pingback is back, was it ever really gone?, damn QNAP ransomeware, anti-anti-porn software, Qualcomm vulnerabilities, spreading pandas on Discord, the always popular Chinese APTs, exploits you should be concerned about, job expectations, westeal your crypto currency, quick and dirty python (without lists), new spectre attacks, Github says don't post evil malware and more!   Show Notes: https://securityweekly.com/psw693 Segment Resources: https://www.coresecurity.com/blog/how-mature-your-vulnerability-management-program https://www.coresecurity.com/blog/when-use-pen-test-and-when-use-vulnerability-scan https://www.digitaldefense.com/blog/infographic-risk-based-vulnerability-management/   Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

When we're considering the security properties of something, whether it's a building, an app, an API, a network, or really anything else, there is a core set of concepts that we lean on to inform our evaluation. These core concepts provide a foundation to reason about whether the security provided by the entity in question is sufficient and, in the case that it's not, how you can mitigate the risks posed by its flaws. In this first episode on core security concepts we discuss authentication vs. authorization, the principle of least privilege, some flaws of human behavior, security vs. usability, and the elusive notion of perfect security. With these concepts in hand you will be better equipped to consider the risks of everything you interact with in your day-to-day life.

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments.   This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw677

In this episode, we had the honor to co-create a conversation with Chris Dorris who focuses on guiding leaders and companies to become mentally tough. He has worked with companies like Salesforce, American Express, Nike, Core Security, NBC, Bank of America, PGA Golf, PWC, and even Apple. Where Apple's CFO wrote Chris a letter sharing that he was Wizard, which is STELLER for those of you who know about the Magical Creature Oracle Card Deck I created, I'm also known as a Wizard too. Yet in this conversation, we go through Chris's work starting out in social work getting paid around $17k per year to now being a lead trainer and coach to incredible companies and athletes. We go through his journey where he always stayed committed to the path of helping people and how everything worked out for him to end up doing exactly what he is meant to do, empowering people to understand mental toughness and do what it takes to manifest their dream life. Tune in to receive the frequency.And make sure to subscribe to his daily mental toughness notes.Colleenhttps://christopherdorris.com/https://www.facebook.com/chrisdorrishttps://www.instagram.com/thementalcoach/https://www.colleengallagher.cohttps://www.instagram.com/iamcolleengallagherhttps://www.facebook.com/thecolleengallagherhttps://www.amazon.com/gp/product/B0875NR64K?pf_rd_r=ZV5DM0Q9PMW82G4N8540&pf_rd_p=edaba0ee-c2fe-4124-9f5d-b31d6b1bfbee

This week, Cute robot dogs available for sale, T-Mobile was down all day, lightbulbs can be bugged, DARPA bug bounties, Ebay is going to get ya, and Bob Erdman from Core Security talks about Ransomware!   Show Notes: https://wiki.securityweekly.com/SWNEpisode43 To learn more about Core Security, visit: https://securityweekly.com/coresecurity   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Cute robot dogs available for sale, T-Mobile was down all day, lightbulbs can be bugged, DARPA bug bounties, Ebay is going to get ya, and Bob Erdman from Core Security talks about Ransomware!   Show Notes: https://wiki.securityweekly.com/SWNEpisode43 To learn more about Core Security, visit: https://securityweekly.com/coresecurity   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Cute robot dogs available for sale, Tmobile was down all day, lightbulbs can be bugged, DARPA bug bounties, Ebay is going to get ya, and Bob Erdman from Core Security talks about Ransomware!   To learn more about Core Security, visit: https://securityweekly.com/coresecurity Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SWNEpisode43

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choose between the two. But that’s not the case. This segment will cover why and how pen testing can be used to validate vulnerability scanner results.   To learn more about Core Security, visit: https://securityweekly.com/coresecurity Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647

Many people inaccurately use vulnerability scans or vulnerability assessments as terms that are synonymous with penetration tests. Those that do know the difference often think you have to choose between the two. But that’s not the case. This segment will cover why and how pen testing can be used to validate vulnerability scanner results.   To learn more about Core Security, visit: https://securityweekly.com/coresecurity Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode647

This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself!   To learn more about Core Security, visit: https://securityweekly.com/coresecurity To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes!   Show Notes: https://wiki.securityweekly.com/PSWEpisode647 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Wade Woolwine, Principal Threat Intelligence Researcher at Rapid7 to talk about Threat Intel Program Strategies! In our second segment, we welcome Magno Gomes, Director of Sales Engineering at Core Security (a HelpSystems Company), to discuss Penetration Testing to Validate Vulnerability Scanners! In the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state hackers behind San Francisco airport hack, and Macs Are More Secure, and Other Jokes You Can Tell Yourself!   To learn more about Core Security, visit: https://securityweekly.com/coresecurity To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7 Visit https://www.securityweekly.com/psw for all the latest episodes!   Show Notes: https://wiki.securityweekly.com/PSWEpisode647 Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Microsoft starts disabling authentication, New ransomware called PwndLocker is out and about, and a secret-sharing app called Whisper is "the safest place on the internet. James Adams from Core Security, a Help Systems Company joins us today talking about "How to think and act like a hacker."   Show Notes: https://wiki.securityweekly.com/SWNEpisode17 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Microsoft starts disabling authentication, New ransomware called PwndLocker is out and about, and a secret-sharing app called Whisper is "the safest place on the internet. James Adams from Core Security, a Help Systems Company joins us today talking about "How to think and act like a hacker."   Show Notes: https://wiki.securityweekly.com/SWNEpisode17 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Microsoft dumps legacy protocols, Whisper leaks all your secrets and ranks predators, malware developers unimpressed with Chrome 80, and James Adams from Core Security. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SWNEpisode17

This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns!   Visit http://hacknaked.tv to get all the latest episodes! Show Notes: https://wiki.securityweekly.com/HNNEpisode242

This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns!   Show Notes: https://wiki.securityweekly.com/HNNEpisode242 To learn more about Core Security, a HelpSystems company, visit: https://securityweekly.com/helpsystems   Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Vulnerabilities in Android Camera Apps Exposed Millions of Users to Spying, what to do if surveillance has you worried, GitHub launches Security Lab to boost open source security, Disney+ Credentials Land in Dark Web Hours After Service Launch, and 146 security flaws uncovered in pre-installed Android apps! In the expert commentary, we welcome Bob Erdman, Sr. Manager of Product Management at Core Security, a HelpSystems Company, to talk about Effective Phishing Campaigns!   Show Notes: https://wiki.securityweekly.com/HNNEpisode242 To learn more about Core Security, a HelpSystems company, visit: https://securityweekly.com/helpsystems   Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond, has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal. To learn more about Core Security, visit: https://securityweekly.com/coresecurity Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!

Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond, has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal. To learn more about Core Security, visit: https://securityweekly.com/coresecurity Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, in the Enterprise News, Splunk buys SaaS startup Omnition, Stage Fund buys Israeli cybersecurity co Cymmetria, Trustwave platform brings more visibility and control cloud security, and more! Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal. To learn more about Core Security, visit: https://securityweekly.com/coresecurity We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium. Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!

This week, in the Enterprise News, Splunk buys SaaS startup Omnition, Stage Fund buys Israeli cybersecurity co Cymmetria, Trustwave platform brings more visibility and control cloud security, and more! Steve Laubenstein is the VP - Cyber Threat Products Group at Core Security - a HelpSystems Company. Steve will be discussing the need to understand your system's resilience to attacks, and your people's ability to quickly identify and respond has never been higher. Yet, we live in an IT world that is increasingly becoming borderless. We will be discussing the role of pen testing where mobile, cloud, IoT and network sprawl are the new normal. To learn more about Core Security, visit: https://securityweekly.com/coresecurity We interview Dan Cornell, the Founder & CTO the at DenimGroup.Next, Bryson Bort, the Founder & CEO at SCYTHE. Last, Yuriy Bulygin, the Founder & CEO at Eclypsium. Full Show Notes: https://wiki.securityweekly.com/ES_Episode153 Visit https://www.securityweekly.com/esw for all the latest episodes!

Sebastián comenzó a programar cuando tenía unos 8 años con una computadora Apple II. Cofundó CoinFabrik en 2014 y Nektra Advanced Computing en 2003. CoinFabrik desarrolla soluciones seguras de blockchain y criptomonedas y Nektra se especializa en componentes internos de Microsoft Windows, ingeniería inversa y desarrollo de soluciones de seguridad personalizadas. Antes trabajó en el campo de la seguridad informática en Core Security y AFIP. Obtuvo su licenciatura en Sistemas de Información en la Universidad Centro de Altos Estudios en Ciencias Exactas y anteriormente terminó la escuela secundaria técnica ORT orientada al desarrollo de software.

While reading about our latest technological advances, such as digital license plates and self-driving cars, I wondered about our industry’s core security principles that set the foundation for all our innovation. However, what about user agreements? We’re able to create incredible new advances, however we can’t get our user agreements right. Even though the agreements are for the users, it’s rare that they want to read the legalese. It’s just easier to click ‘accept’. As the author suggests, there must be a better way for end users to interact with tech companies.

My guest in this episode of Tough Talks is the was the CEO of Core Security, and currently is President & GM, One Identity, David Earhart. Core is a private computer and network security company. David is a lifelong disciple of mental training. --- He's been practicing meditation for decades, he was the captain of the tennis team at Texas Tech, and he is and always has been committed to personal and physical growth and empowering people. His commitment to perpetual growth and service are two of his main keys to his incredible success on ALL levels. --- He has a beautiful family, loves cycling, and is a master fly fisherman. You're gonna be fascinated by his wisdom and soothed by his energy and transparency. I'm blown away by his ability to choose peace amidst chaos. Enjoy! --- https://christopherdorris.com/tough-talks-david-earhart-ceo-core-security/ --- If you enjoyed this content and you are not getting notifications of new posts, then I invite you to signup to my list. Please also share this with the people in your world that would also dig this post and benefit from it. --- https://christopherdorris.com/lists --- Send in a voice message: https://anchor.fm/mental-toughness-podcasts/message

How does security work in ASP.NET Core? Carl and Richard talk to Roland Guijt about the security features of ASP.NET Core - many of which are the same as the original .NET, but there are some significant changes! The conversation starts out dealing with the idea that retrofitting security at the end of a project is fraught with perils that ultimately endanger your application and users. It's worth taking some time to figure out how security is going to be part of your app from the beginning. Roland talks about what makes sense to build directly into your ASP.NET Core app and what can be externalized with tools like Identity Server. And there are claims - lots of claims!Support this podcast at — https://redcircle.com/net-rocks/donations

How does security work in ASP.NET Core? Carl and Richard talk to Roland Guijt about the security features of ASP.NET Core - many of which are the same as the original .NET, but there are some significant changes! The conversation starts out dealing with the idea that retrofitting security at the end of a project is fraught with perils that ultimately endanger your application and users. It's worth taking some time to figure out how security is going to be part of your app from the beginning. Roland talks about what makes sense to build directly into your ASP.NET Core app and what can be externalized with tools like Identity Server. And there are claims - lots of claims!Support this podcast at — https://redcircle.com/net-rocks/donations

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Andres-Blanco-802.11-Massive-Monitoring-UPDATED.pdf 802.11 Massive Monitoring Andres Blanco Sr Researcher, Core Security Andres Gazzoli Sr Developer, Core Security Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels? In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to solve this problem. Andrés Blanco is a researcher at CoreLabs, the research arm of Core Security. His research is mainly focused on wireless, network security and privacy. He has presented at Black Hat USA Arsenal, Hacklu and Ekoparty, and has published several security advisories. Twitter: @6e726d Andrés Gazzoli works at Core Security and is part of the Core Impact Pro developer team. He is a C++ developer with extensive experience in UI development. He enjoys everything related to wireless technologies and privacy.

In this episode... We revisit some of the topics Eric & I talked about nearly 2 years ago at ISSA International, Baltimore. Eric discusses the paradigm shift that needs to happen in security We talk about shifting resources (in the defensive) from "everything" to something more reasonable Eric and I discuss how CISOs must re-allocate resources to survive in a post-breach reality Guest Eric Cowperthwaite ( @e_cowperthwaite ) - Vice President, Advanced Security and Strategy at CORE Security, a Boston-based security vendor. CORE is the leading provider of predictive security intelligence solutions for enterprises and government organizations. We help more than 1,400 customers worldwide preempt critical security threats throughout their IT environments, and communicate the risk the threats pose to the business. Our patented, proven, award-winning enterprise solutions are backed by more than 15 years of applied expertise from CoreLabs, the company's innovative security research center.Eric was formerly the CSO of Providence Health & Services, a healthcare delivery organization with $12.5 billion in revenue, 32 hospitals and more than 65,000 employees, headquartered in Seattle, WA. 

Tom Kellermann is the Vice President of Security and Government Affairs for Core Security. In this role, he is responsible for helping industry and government partners reduce risk and improve security practices and policies. He is also a Professor at American University's School of International Service. In this podcast, Mr. Kellermann discusses cyber risk and financial institutions with Katrina Timlin.