Podcasts about integrating security

In this episode of the PFC podcast, Dennis, Andrew, and Rick delve into the critical topic of triage in emergency medicine. They explore the complexities of triage during mass casualty situations, emphasizing the importance of quick decision-making and prioritization of patient care. Andrew shares his experiences as an emergency medicine physician, highlighting the chaotic nature of triage and the necessity of using intuitive methods to assess patients effectively. The conversation covers various triage categories, techniques, and the significance of clinical judgment in determining patient needs during emergencies. This conversation delves into the complexities of triage in emergency medical situations, emphasizing the importance of decision-making under pressure, the role of medical leadership, and the integration of security measures. The speakers discuss the dynamic nature of triage, the ethical dilemmas faced in resource allocation, and the necessity of effective communication and collaboration among medical teams and command structures during mass casualty events. This conversation delves into the complexities of triage in high-pressure medical situations, particularly in military contexts. The speakers discuss the importance of effective training, the management of mass casualty scenarios, and the need for a comprehensive approach that includes both medical and non-medical personnel. They emphasize the necessity of adapting training to reflect real-world challenges and the importance of leadership in ensuring successful outcomes during emergencies.TakeawaysTriage is never perfect; it's chaotic and unpredictable.Use the simplest methods for triage in emergencies.Identify who is dying now versus who is stable.Focus on life-saving interventions first.Triage is a continuous process, not a one-time event.Utilize all available resources during a mass casualty.Clinical judgment is crucial in triage decisions.Trust your instincts when assessing patient urgency.Most patients in mass casualty scenarios are routine or priority.Effective communication and organization are key in triage situations. Triage decisions must be made quickly and efficiently under pressure.Assessing patient stability is crucial for effective resource allocation.Medical leaders must maintain situational awareness during triage.Communication between medical and non-medical leaders is essential.Security measures must be integrated into medical response plans.Triage is a dynamic process that requires constant reassessment.Ethical dilemmas arise when deciding how to allocate limited resources.Collaboration with surgical teams is vital for patient outcomes.Training should address both medical and security aspects of triage.Effective management of patient flow can improve overall care during crises. Triage in high-volume situations requires strategic patient distribution.Chapters00:00 Introduction to Triage and Its Importance03:05 Understanding Triage Categories09:01 Triage Techniques and Strategies11:59 Evacuation Categories and Decision Making14:59 Clinical Judgment in Triage21:20 Assessing Patient Stability and Resource Allocation25:19 Security Considerations in Mass Casualty Events29:27 Integrating Security and Medical Response38:50 Triage in High-Volume Situations41:53 Managing Mass Casualty Scenarios44:48 Command and Control in Triage45:57 Defining Success in Mass Casualty Training51:05 Improving Triage Processes57:59 Final Thoughts on Triage and Training Thank you to Delta Development Team for in part, sponsoring this podcast.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠deltadevteam.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠For more content, go to ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.prolongedfieldcare.org⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Consider supporting us: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠patreon.com/ProlongedFieldCareCollective⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ or ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠www.lobocoffeeco.com/product-page/prolonged-field-care⁠

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: Bridging the Gap: IT vs. OT Challenges and Solutions in Cybersecurity with Chris RobertsonPub date: 2025-02-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow welcomes Chris Robertson, CISO at Apogee Defense, to discuss the evolving landscape of cybersecurity, focusing on the distinction and strategy behind Virtual CISO (vCSO) roles.  Chris shares insights from his dual roles at Apogee Defense and as a virtual chief security officer for various companies. The conversation dives into the intricacies and responsibilities of vCSOs, the importance of understanding IT and OT risks, and the necessity of integrating cybersecurity deeply into business practices.  Chris and Aaron explore practical solutions for businesses, emphasizing adaptability and continuous improvement in security measures, drawing parallels between accounting a century ago and cybersecurity today.  They also touch on future trends, the impact of AI on security, and the importance of setting aside egos to foster a culture of learning and collaboration.  Join them as they navigate the challenges and opportunities at the intersection of IT and OT cybersecurity, offering actionable advice and anecdotes from their extensive experience in the field. Key Moments:  00:00 Outsourcing Risk Management Expertise 08:22 Hiring External Experts: Cost-Effective Strategy 12:04 Understanding OT Risks in Cyber Leadership 20:36 MBA Curriculum Needs Security Focus 23:31 Integrating Security in Legacy Systems 27:47 Tech Efficiency and Shadow IT Challenges 35:56 Optimizing Inefficient Appointment Systems 39:08 Bridging Tech and Business Worlds 45:43 Simplifying Risk Communication 51:52 Joe Rogan's Impact and Risks 57:09 AI Evolution: Professionals Riding the Wave 01:05:53 "Embrace Vulnerability, Seek Help" About the guest :  Chris Robertson is a seasoned cybersecurity expert, currently serving as the Chief Information Security Officer (CISO) at Apogee Defense. In addition to this role, Chris extends his expertise as a virtual CISO for various companies across multiple sectors. He specializes in implementing robust security solutions that Apogee Defense delivers to its clients, predominantly within the Small and Medium Business (SMB) space.  With a keen focus on the defense industrial base, Chris's work also spans various other industries, enabling businesses to strengthen their cybersecurity frameworks. He is highly regarded in the industry for facilitating vital connections and contributing to advancing cybersecurity practices. How to connect Chris: https://www.linkedin.com/in/christophersrobertson/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Send us a textUnlock the secrets of integrating security within every phase of software development as we tackle Domain 8 of the CISSP exam. Our exploration begins with a deep dive into the software development lifecycle (SDLC) and its various methodologies like Agile, Waterfall, DevOps, and DevSecOps. Through a gripping tale of a Disney World IT insider's digital manipulation, we underscore the critical importance of safeguarding systems, especially when skilled employees exit the stage. This episode promises to arm you with the knowledge to fortify your organization's cybersecurity posture effectively.We then navigate the contrasting landscapes of software development models, weighing the structured order of the Waterfall model against the adaptive flexibility of Agile and the risk-focused Spiral model. Each approach comes with its own set of challenges and benefits, particularly concerning security integration and usability. Through the lens of iterative feedback and prototype development, we highlight how these methodologies can help refine requirements and minimize ambiguities, ensuring that security and functionality walk hand in hand.Finally, explore how the IDEAL model can transform your organization's security practices. Designed to improve cybersecurity and risk management, this structured improvement approach offers clear phases: Initiating, Diagnosing, Establishing, Acting, and Learning. We also discuss the impactful mission behind CISSP training, where proceeds support a nonprofit for adoptive children. This initiative not only enhances your cybersecurity skills but also contributes to a cause greater than yourself. Join us as we unpack these strategies, providing insights that could significantly shape your cybersecurity career.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

  Is your software security strategy an impenetrable fortress or a crumbling wall of illusions?   In this episode of The Liquid Lunch Project, Matthew R. Meehan and Luigi Rosabianca sit down with Brittany Greenfield, the CEO and founder of Wabbi, a continuous Security Platform based in Boston. Wabbi's mission is to simplify the integration of security into the software development lifecycle. By providing scalable application security solutions that seamlessly integrate into DevOps pipelines, Wabbi empowers rapid development teams to bridge the gap between security and development without sacrificing velocity or agility.   Brittany shares her journey from being a tech industry rock star to creating a groundbreaking company that integrates security into the software development lifecycle. With a mix of humor and hard-hitting truths, she dives into the importance of embracing imperfections, the realities of cybersecurity, and the critical decisions small and medium-sized businesses must make to protect themselves.   Recognized by the Boston Business Journal as a 40 Under 40 honoree and awarded as a top woman in cyber by Cyber Security Excellence and Cyber Defense Magazine, Brittany is a true pioneer in the cybersecurity field.   Episode Highlights:   The challenges of integrating security into the software development lifecycle. The surprising advice Brittany gives to small business owners about cybersecurity.Real-life examples of cybersecurity breaches and how to prevent them. Her candid take on why she chose to become a founder instead of joining tech giants. Brittany explains the concept of Wabi Sabi and its significance to her company's philosophy.   Brittany's insights are invaluable for anyone looking to understand the complexities of cybersecurity in today's digital landscape. Tune in to discover why securing your software is crucial and learn practical steps to protect your business from cyber threats.  Favorite Quote:   “Starting a business is where overachievers go to fail 99% of the time. Accept that this journey is inherently imperfect.”   Connect with Brittany: https://www.brittanygreenfield.com/  https://www.linkedin.com/in/brittanygreenfield/   Stay Connected: Connect with Matt and Luigi on Instagram: @matthew.r.meehan @luigi_rosabianca @theLiquidLunchProject @ShieldAdvisoryGroup Visit The Liquid Lunch Project website and subscribe to The Weekly, our Friday morning newsletter, for all the latest in the world of finance, tech, small business, and more. www.theliquidlunchproject.com Make sure you never miss an episode — check out The Liquid Lunch Project on Apple Podcasts, and don't forget to subscribe, rate, and review.      

Chan Hsien Hung, Vice President of Integrated Enterprise Services and Sustainability at SJ's member company AETOS, speaks about unlocking the value of integrated facilities management to help clients and asset owners enhance operational efficiency, reduce costs, and meet sustainability targets through data-driven insights. Tune in to discover how digitalisation and AI are reshaping the built environment industry.This podcast is brought to you by SJ.

Application Programming Interfaces (APIs) play a vital role in modern software development, enabling the integration of services and facilitating the exchange of information. The ubiquity of APIs is a testament to their success in supporting many functions. However, their prominence has also made APIs a target for cyberattacks. Jeremy Snyder, Founder & CEO of Firetail.io, joins me in discussing how to secure APIs effectively. Our discussion revolves around the following questions:What do we need APIs for? Why do we need API security? What are the consequences of lax API security?What are the risks of APIs today? How can we remedy current API security issues?Time Stamps00:02 -- Introduction00:49 -- Setting the Stage and Context for the Discussion02:26 -- Guest's Professional Highlights04:37 -- Overview of APIs09:12 -- Common API Security Risks and Vulnerabilities12:29 -- Design with security in mind13:23 -- Securing APIs13:36 -- Integrating Security into the Development Process13:52 -- Different Ways of Security Testing APIs17:08 -- Vulnerability Monitoring and Promptly Acting on Alerts19:22 -- Role of Humans in Acting on Vulnerability Alerts21:33 -- Staying on the Right Side of the Law23:37 -- Significance of Maintaining Logs25:36 -- Selecting Robust APIs27:59 -- Key Takeaways28:57 -- API Governance30:25 -- Zero Trust Approach32:10 -- Use of APIs in Leveraging Large Language Models (AI)33:41 -- API Governance and Taking Ownership36:12 -- Final ThoughtsMemorable Jeremy Snyder Quotes/Statements"Application Programming Interface (API) -- It's basically the way two pieces of software talk to each other, that can be to send data from system A to system B, or that can be for system A to request system B to process something for it.""We've got sensitive data crossing the wires over an API, but we've also got critical business functions like processing credit card transactions over an API.""API's are pretty much happening behind the scenes, they enable a huge volume of interactions and transactions every day.""So we've been cataloging the API data breaches for the last couple of years, these breaches go back about a decade or started about a decade ago, or let me say started to be recognized about a decade ago. And as we've catalogued them, we've kind of categorized them as well, to try to understand in each of these breach scenarios, what was the primary error or breach vector? How was the API breached? And if there's a secondary cause, or things like that, we look at that as well. Two of the main things that we see are are really authentication and authorization." "Authorization turns out to be the number one root cause of data breaches around API's. And this has been true for many years now.""Proactive security is always much cheaper than reactive security.""From the proactive standpoint, the number one thing that any provider of an API can do is actually just check the API's before they go live.""You should actually pen test your API's before they go live.""Very often, we find that API's get shipped into production environments without going through either the static code analysis, or the pre launch testing." "The average time that a vulnerability existed in a production environment before being patched and updated, was around 180 days.""The best practice that we recommend to customers about reacting to the logs or the alerts or the suspicious conditions that you're seeing in your logs

In today's episode, which was recorded together in the studio — a rare and happy occurrence when we're able to be together in person — ISF CEO Steve Durbin and producer Tavia Gilbert discuss the future of the security leader, including the characteristics of security leaders today compared to those likely to be required in the future, as well as the future operating model of the security function. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

In today's episode, which was recorded together in the studio — a rare and happy occurrence when we're able to be together in person — ISF CEO Steve Durbin and producer Tavia Gilbert discuss the future of the security leader, including the characteristics of security leaders today compared to those likely to be required in the future, as well as the future operating model of the security function. Mentioned in this episode: ISF Analyst Insight Podcast Read the transcript of this episode Subscribe to the ISF Podcast wherever you listen to podcasts Connect with us on LinkedIn and Twitter From the Information Security Forum, the leading authority on cyber, information security, and risk management

GuestAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode's SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcEdgescan | https://itspm.ag/itspegweb___________________________Episode NotesWe've come a long way in software development, moving from a months-long waterfall model to a software development lifecycle (SDLC) that's all about continuous improvement and continuous delivery (CI/CD). Has security testing kept up, and how can it fit in? Let's find out during this chat with Data Security Architect, Andy Rappaport.____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?

GuestAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode's SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcEdgescan | https://itspm.ag/itspegweb___________________________Episode NotesWe've come a long way in software development, moving from a months-long waterfall model to a software development lifecycle (SDLC) that's all about continuous improvement and continuous delivery (CI/CD). Has security testing kept up, and how can it fit in? Let's find out during this chat with Data Security Architect, Andy Rappaport.____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?

Tyson Aiken is a former executive at Nike with an intelligence background from the CIA. He left Nike and went on a journey exploring different opportunities in the commercial marketplace. When I spoke with him before and during his “sabbatical”, I discovered that his purpose and passion could never be realized in a typical security executive role. I felt he needed to be ‘at the executive table', like many of his peers but with one striking difference: he needed an organizational model anchored with core values and a mission he could believe in. He found one with the Wildlife Conservation Society (WCS), a global company with over 4,000 people, many who are thought leaders in their field. Navigating risk and the opportunity to save endangered species and the world, WCS could be classified as a “security and safety” organization for animals and its people. This great conversation explores .com, .gov, and .org business models, the way growth and profit can obstruct good judgement, and the integration of the business model with a data driven security model. Enjoy the conversation!

Likely on the phone in your hand, while you're playing this very podcast, is an app or site using Akamai in the background, so that you can listen, search, and discover new information as fast as you can think, type, or speak. Accelerating the delivery of the right content and blocking potentially harmful content are the nitty-gritty details that Akamai solves to give you a safe and seamless experience. Leading the charge to improve security and accelerate connectivity is Dr. Robert Blumofe, Executive Vice President and CTO of Akamai. Main TakeawaysPower and Protect Together: A common problem with security is that it slows things down for users and causes them to want to avoid using the security measures in the first place. To solve this problem, Dr. Blumofe explains that Akamai has integrated security and performance products on its platform so that they can work cooperatively. The lesson here for any sort of business is to constantly be considering how security and performance can function seamlessly so that neither is hindered by the other,Endpoint to Endpoint Mindset: Since the world is becoming more remote and more open, security must adapt to this environment. According to Dr. Blumofe, this means the framework of being on a network versus off a network is no longer really applicable. Instead, it is more helpful to consider how apps are connected together from one endpoint to another.The Office as a Coffee Shop: You can think about a new problem, like an increase in remote work, as being stressful, or as a chance to reframe it as an opportunity. Dr. Blumofe points out that returning to the office for face-to-face time will be even more purposeful — sort of like hanging out at the coffee shop with colleagues. He describes solving for the new remote office network as a high-performance coffee shop as being a “freeing and enabling concept.” The new perimeter-less architecture of access can actually facilitate collaboration.IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform

Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster. Join this podcast to learn how security can be imbedded into agile software development to produced fast and secure code.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Glenn_Kapetansky_Article.pdf Kapetansky, G. 2019. Integrating Security with SDLC/Agile Development In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 27. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In this episode of Semaphore Uncut, Justin Cormack, Senior Security Engineer at Docker and member of the Technical Oversight Committee at CNCF, shares insights from the security industry. We talk about why it’s important to think about what could go wrong when building software, how hackers are now exploiting vulnerabilities before shipping your code to production, and what companies can really do and use to secure their products.Key takeaways:Security – a matter of software qualityThe threat modeling practice – understanding the potential security threatsUsing the experience of expertsSupply-chain securitySecurity integration into CI/CD pipelinesImportant vs. overhyped practices in the security industryAbout Semaphore UncutIn each episode of Semaphore Uncut, we invite software industry professionals to discuss the impact they are making and what excites them about the emerging technologies.

Many banks are still running on decades-old sets of legacy technologies, but the security and performance advantages cloud-native systems offer is changing that. Today, we're going into the future of banking technology with Neil Drennan, CTO at 10x Future Technologies. His firm is building the first cloud-native banking platform that can be used by large-scale banks in order to solve the cost and security related problems caused by their legacy systems. Neil fills listeners in about his role in the overall mission at 10x before diving right into the topic of how they integrate security into their development practices. Often security and development teams find it difficult to integrate into each other because they are kept in separate silos from the outset. Things are different at 10x though as Neil explains, talking about the back and forth conversations between his different teams and their use of vulnerability dashboards to keep things transparent. Neil weighs in on the necessity for 10x to get security right, but the benefits of working with banks as clients because of their high level of insight into potential threats. We hear all sorts of amazing improvements for threat monitoring that cloud-native solutions can provide, making the legacy moat model look outdated indeed. A key takeaway from Neil today is the importance of building security into development from the ground up, so tune in to hear how he manages best practices at 10x.10x is looking for more talent to join its team with roles in the UK in London and Leeds. You can see their latest roles here Show notes and transcript can be found here 

This week, Matt and Paul interview Gurpreet S. Sachdeva, the Assistant Vice President of Technology for Altran! Gurpreet will be discussing "Integrating Security into DevOps"! In the Application Security News, A PNG Android Vulnerability, 620 million stolen accounts for sale on the dark web, how shifting security left speeds development, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Matt and Paul interview Gurpreet S. Sachdeva, the Assistant Vice President of Technology for Altran! Gurpreet will be discussing "Integrating Security into DevOps"! In the Application Security News, A PNG Android Vulnerability, 620 million stolen accounts for sale on the dark web, how shifting security left speeds development, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Gurpreet S. Sachdeva is the Assistant Vice President of Technology for Altran. Gurpreet Sachdeva will be discussing "Integrating Security into DevOps"! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Gurpreet S. Sachdeva is the Assistant Vice President of Technology for Altran. Gurpreet Sachdeva will be discussing "Integrating Security into DevOps"! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly

Part 2 of a discussion with Terry Gold of D6 Research on integrating physical and cybersecurity efforts.

ISF Podcast: The challenges integrating security into the product development process by Information Security Forum

ISF Podcast: The challenges integrating security into the product development process by Information Security Forum

The term "software security" often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road blocks to fast development and release. To secure software, developers must follow numerous guidelines that, while intended to satisfy some regulation or other, can be very restrictive and hard to understand. As a result, a lot of fear, uncertainty, and doubt can surround software security. In this podcast, Hasan Yasar discusses how the Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems. Listen on Apple Podcasts.

Much of InfoSec and Compliance is all about processes, procedures, controls, audits, and the proper management of all of these.  To do so, you need a proper framework to make these as seamless as possible. ITIL is one of these types of frameworks. We introduce Mr. Tim Wood on the podcast, who has over 20 years of ITIL experience and began ITIL implementations in banks and Healthcare systems in the United Kingdom. He currently works with different industries to change culture and make an ITIL a reality. This week, we go over the History of ITIL, and understand the various incarnations from v1.0 to v3.0. You quickly understand where security will start fitting into all those facets of the ITIL framework.   Tim Wood's Presentation: https://drive.google.com/file/d/0B-qfQ-gWynwiVS0zLTZidml0VzA/view?usp=sharing (view only)

Responding to an e-discovery request involves many of the same steps and roles as responding to a security incident. Related Course Managing Computer Security Incident Response Teams Listen on Apple Podcasts.

Louise Arbour, the former High Commissioner for Human Rights at the United Nations, lays out a strategy for integrating security, development and human rights around the world in this talk to the Joan B.Kroc Institute for Peace & Justice at the University of San Diego. Series: "Peace exChange -- Kroc School of Peace Studies, University of San Diego" [Public Affairs] [Show ID: 15126]

Louise Arbour, the former High Commissioner for Human Rights at the United Nations, lays out a strategy for integrating security, development and human rights around the world in this talk to the Joan B.Kroc Institute for Peace & Justice at the University of San Diego. Series: "Peace exChange -- Kroc School of Peace Studies, University of San Diego" [Public Affairs] [Show ID: 15126]

By taking a holistic view of business resilience - similar in many ways to classical engineering - business leaders can help their organizations stand up to known and unknown threats. Related Course Introduction to the CERT Resiliency Engineering Framework Listen on Apple Podcasts.