Podcasts about cyentia

Josh and Kurt talk to Jay Jacobs about Exploit Prediction Scoring System (EPSS). EPSS is a new way to view vulnerabilities. It's a metric for the likelyhood that a vulnerability will be exploited in the next 30 days. Jay explains how EPSS got to where it is today, how the scoring works, and how we can start to think about including it in our larger risk equations. It's a really fun discussion. Show Notes Jay Jacobs on LinkedIn EPSS Jay's graph animation Cyentia's A Visual Exploration of Exploits in the Wild

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by David Severski, senior security data scientist at Cyentia Institute, to expand upon the relationship between Associate Member, RiskRecon, and Cyentia and how that connection plays a part with examining top cyber-attack techniques. Then, Alexandra Brown, senior director of operations at RH-ISAC, provides a preview of the upcoming RH-ISAC Cyber Intelligence Summit, the premier event for cybersecurity practitioners in retail and hospitality. Still deciding on whether to attend the Summit? There's still time to register today! Finally, Lee Clark, cyber threat intelligence analyst & writer at RH-ISAC, provides the latest intel briefing, specifically the recent Okta customer breach.

The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.

In this episode, the FIRST Podcasters interview Jay Jacobs, who is a co-chair of the Exploit Prediction Scoring System Special Interest Group (EPSS SIG) and one of the founders of the Cyentia Institute. Evolving over the last year and a half, EPSS works to gather as much data as possible on vulnerabilities and look for indicators that something will be exploited in the future. Scores are updated daily with new evidences gained on potential exploitations. It is nearly impossible for companies to keep up with all their vulnerabilities, so prioritization is a must. Exploitation activity helps narrow down what's important. The EPSS SIG is constantly updating and improving models to close gaps.

We hop on the line with the Cyentia Institute to discuss our latest joint research, Prioritization to Prediction, Volume 8: Measuring and Minimizing Exploitability. The new report reveals that exploitability for an organization can, in fact, be measured and reveals the best strategies to minimize it.

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Key takeaways from The Annual Cybersecurity Attitudes and Behaviors Report 2021 US Securities and Exchange Commission (SEC) fines for breaches and related news on the focus of third-party risk in stock exchange investments Analysis of a new report from RiskRecon and Cyentia on measuring the ongoing impact of multi-party breaches Discussion of Mandiant's detailed report on the FIN12 criminal gang that is actively targeting the healthcare industry The latest FBI and CISA alerts on the Conti ransomware attacks and recommendations for protecting healthcare organizations

We tackle a hotly contested debate as old as cybersecurity itself: does releasing exploit code do more harm than good?

The majority of applications contain at least one security flaw and fixing those flaws typically takes months. Automating scanning and scanning via API can help development teams fix faster by a pretty wide margin. Veracode’s Chris Eng and Cyentia’s Jay Jacobs explore what’s driving the volume of code flaws, what factors influence fix rates, how organizations with higher fix rates are tackling the problem successfully, and automation as a best practice for DevSecOps and an action developers can take to "nurture" their apps to better security. Presenters: Chris Eng, Chief Research Officer, Veracode Jay Jacobs, Co-Founder and Chief Data Scientist, Cyentia Institute Kacy Zurkus, Content Strategist, RSA Conference

We discuss the sixth and latest report in our ongoing dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 6: The Attacker-Defender Divide looks at exploitation events from 2019 to analyze the momentum shifts between cybersecurity hackers and the teams defending organizations from attack.

We discuss the sixth and latest report in our ongoing dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 6: The Attacker-Defender Divide looks at exploitation events from 2019 to analyze the momentum shifts between cybersecurity hackers and the teams defending organizations from attack.

We discuss the fifth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 5: In Search of Assets at Risk.

We discuss the fifth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 5: In Search of Assets at Risk.

We discuss the fourth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 4: Measuring What Matters In Remediation.

We discuss the fourth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 4: Measuring What Matters In Remediation.

We discuss the third report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 3: Winning the Remediation Race looks at (1) how quickly and (2) how many vulnerabilities a given organization can handle. Answering two key questions: Can organizations remediate all of the new vulnerabilities in their environments? If not, can organizations remediate all of the new High-Risk vulnerabilities in their environments?

We discuss the third report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 3: Winning the Remediation Race looks at (1) how quickly and (2) how many vulnerabilities a given organization can handle. Answering two key questions: Can organizations remediate all of the new vulnerabilities in their environments? If not, can organizations remediate all of the new High-Risk vulnerabilities in their environments?

We discuss the second report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction, Volume 2: Getting Real About Remediation picks up on the overall vulnerability landscape analysis from Volume 1 and dives deep into the vulnerability landscape from within actual enterprise networks (a little over 500 of them to be exact).

We discuss the second report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction, Volume 2: Getting Real About Remediation picks up on the overall vulnerability landscape analysis from Volume 1 and dives deep into the vulnerability landscape from within actual enterprise networks (a little over 500 of them to be exact).

The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.

The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.

Our first library update covering recent additions including research from Hacker One and Bugcrowd, ESI Thoughtlab, Audit Analytics, Hiscox and Snyk. This is the audiobook version of what we share in the library newsletter.For the newsletter sign up at https://bit.ly/cyentialibrary. As always, you can find the library at https://library.cyentia.com.

The Cyentia Library has been overhauled and the new and improved library has been released at https://library.cyentia.com/. David has done quite a bit of work on the back end (and front end) to get this working and he's joined by Ben, Wade and Jay to talk about all about the new library site. When visiting the Cyentia Library, be sure to sign up for the Library newsletter, a low-volume (estimated at once every two weeks) series of updates highlighting new content and features of the library, delivered direct to your inbox!

We welcome David Severski to both Cyentia and the podcast and discuss his outlook on security. Then we turn towards Blackhat 2019 where we have five events we are participating in! Find the full list of events we are doing at https://www.cyentia.com/events/

Listen in as Dr. Wade Baker and I talk about the origins and challenges of producing the very first of the Verizon Data Breach and Incident Reports (DBIR) in 2008. That experience taught Wade, who is a founding partner with the Cyentia Institute, a security research and data analysis firm, and who doubles as a professor in Virginia Tech’s College of Business while also serving on the Advisory Boards of the RSA Conference and FAIR Institute, the value in sharing and marketing data in the cybersecurity marketplace. It eventually led to the Cyentia Institute, where Wayne and his team help other vendors to create fact based research to support their go to market initiatives and content marketing. Wade is on a mission, as he puts it, to take Cybersecurity Marketing from “Dogma to Data”. Listen in as he shares how to do that and why he thinks it’s critical for vendors to do so. Wade of course still recommends your check out the Verizon DBIR  and also recommends The Craft of Research as must reading! You can find  Wade as @wadebaker on Twitter and and download the latest research from Cyentia here and listen to their podcast channel here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ben Edwards recently joined Cyentia, and joins Jay and Wade on his first podcast. They talk about research for RiskRecon briefly discuss Ternary plots and heirarchical models (the research will be out soon). They also cover the Prioritization to Prediction Volume 3 research recently released in partnership with Kenna Security.

Allison Miller joins Jay and Wade to discuss the first public research out of Cyentia Institute.