POPULARITY
Hosted by kenna security
7 episodes with kenna security
6 episodes with kenna security
5 episodes with kenna security
3 episodes with kenna security
3 episodes with kenna security
3 episodes with kenna security
3 episodes with kenna security
3 episodes with kenna security
The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.
Learn more about Jeffrey Pfeffer and where you can buy or listen to his books: JeffreyPfeffer.com Ep 22 – Dafina Toncheva, General Partner, USVP SHOW NOTES: Dafina Toncheva, General Partner at USVP, discusses how she's strategically used the Rules of Power concepts to manage her career. From a small town in Bulgaria to now being a major figure in Silicon Valley, she has succeeded in an industry that has not traditionally welcomed women. Join us and learn how the principles of power apply to women and men, and how to use those principles of power to navigate an extraordinarily successful career for yourself. You'll learn from Dafina: Where she's from, how she got to the U.S., and her career trajectory What political forces led her to desire to look for opportunities abroad How she ultimately ended up at Harvard and the only way she knew to get there Her path between college and her current career The lens she used to decide to join USVP in 2012 The use of power in her career to make the most impact The importance of aligning your success goals with the company's goals How she navigated in a less-than-welcoming business environment How she has stood up for herself and put the Rules of Power into action The importance of developing constructive professional relationships with board members A surprising take on what is as important as the investments that are made How managing the narrative of the firm is incredibly important GUEST BIO: Dafina Toncheva (dafina@usvp.com), a general partner at USVP, invests in emerging technologies in the enterprise space with focus on Enterprise SaaS applications and security. She has led investments in and joined the boards of Luma Health, Arkose Labs, Raken, Percepto, Carrot Fertility, Nfinite, Sepio Systems, Trust Lab and Surgical Safety Technologies. Dafina served on the board of Prevoty, a leader in application security, who was acquired by Imperva where USVP was the lead investor and largest shareholder. Prior to joining USVP, Dafina was a principal investor with Tugboat Ventures. Before that, she spent two years at Venrock helping to expand the firm's investments in SaaS, virtualization, security, infrastructure and enterprise applications. Dafina led the first institutional investment round in Cloudflare (NYSE: NET). Her other investments included Aria Systems, Kenna Security (acquired by Cisco) and Matrixx Software. Before becoming an investor, Dafina held positions in development and product management at Microsoft focusing on authentication systems, digital signatures and business workflow. She has co-authored several key patents. Dafina holds an MBA from Stanford Graduate School of Business and a BS in Computer Science, magna cum laude, with special focus on cryptography, efficient algorithms and database systems from Harvard University. Linkedin: https://www.linkedin.com/in/dafinat/ Produced by The MunnAvenuePress.com
Ed Bellis is the co-founder and Chief Technology Officer of Kenna Security, a cybersecurity company that pioneered the risk-based vulnerability management space, and was acquired by Cisco last year. On today's episode, Jon Sakoda speaks with Ed about his journey from skateboarder to cybersecurity expert, including his advice for first-time founders anxious about always getting it right the first time.Turning Pain Points Into Passion Projects [09:38 - 11:00] - When Ed made the switch from Chief Security Officer to Founder, he was determined to fix the issues he ran into as a practitioner. Without this passion, Ed doesn't think he would have been successful as a first-time founder. If you're looking to make the jump to founder, listen to hear why you have to be all in.Get Comfortable With Being Uncomfortable [11:32 - 12:30] - As a first-time founder, the journey will be full of hurdles and questions so Ed advises all founders to come to terms with the fact that you won't have the answers to everything. Listen to learn how to take advantage of your relationships and not be afraid to ask for help. Partnerships Can Solve Big Pain Points [15:32 - 20:35] - Kenna had two incredible partnerships that changed the trajectory of the company. The first solved their product-market fit challenges, and the second unlocked their go to market. Listen to how quickly a startup's fortune can change through key partnerships. Why Founder Doesn't Always Equal CEO [26:07 - 28:48] - Ed always knew that he wouldn't be the CEO of Kenna Security forever as he believed being a founder didn't mean always being the boss. Prioritize bringing in a professional CEO that understands the needs of the company and fills the holes that the founders and organization may have. Listen to hear how giving up some control could be the best decision for your startup.
The recently disclosed vulnerability in F5 BIG-IP took security Twitter by storm two weeks ago, and continues to make headlines now. It immediately prompted warnings from CISA and security researchers everywhere warning users to patch as soon as possible. Of course, it's important to patch. But maybe we started panicking a little too early that this was going to be the next PrintNightmare. On this week's episode of Talos Takes, Jon is joined by Jerry Gamblin from Kenna Security to talk about the ins and outs of this vulnerability and while it is serious, it's incredibly unlikely that an attacker can or would exploit it in the wild.
Continuing the “Kenna 101” series over at Talos Takes, Ed Bellis re-joins the show to talk about patching and mitigation strategies. So far, we've talked about how to tell when you should take a CVE seriously. But what if there's no patch for it? Or what if you have to patch 50 vulnerabilities in the same product? We talk about how Kenna can help security teams of all sizes prioritize their patching strategies and create mitigation strategies in the worst-case scenario. For the other entries in our Kenna 101 series, listen here and here.
Today we welcome two guests to the Security Stories pod. Firstly Martin Lee from Talos drops by to give us an update on wiper malware, and how it's been playing a part in cyber attacks on Ukrainian organizations and infrastructure.We talk about the history of wiper malware, where it's cropped up before, it's role in the kill chain and possible threat actor motivations, as well as what organizations can be doing to prevent this type of attack.Secondly, we welcome Jerry Gamblin, Director of Security Research at Kenna Security to join us for an in depth chat about his career. Jerry's story is a really interesting one, from starting out on the IT helpdesk, to working on security networks at the Misouri House of Representatives, and onto his role at Kenna where he has built several tools to help people understand the different types of vulnerabilities and how to mitigate them.We discuss Jerry's approach – how he inspires his team to think differently, and how personally he's driven a sense of thinking outside of the job description. We also discuss how organizations can deal with the ever growing list of new vulnerabilities, and how you can prirotise them. Head here for Kenna's Prioritization to Prediction reportHead here for Jerry's vulnerability analysis and graphing CVE.ICU
We're kicking off a new series of episodes called “Kenna 101” highlighting Cisco's newest partner, Kenna Security. Kenna is a risk management platform for vulnerabilities that allows users to view what vulnerabilities exist in their environment and helps them create a plan for patching and mitigation. We're starting things off with the CTO of Kenna, Ed Bellis, to talk about the basics of Kenna and its risk scores.
So, you’ve got ABM plays running — and maybe they’re working — but what if they can get better? And what do you do next? In this B2BMX session replay, three-time ABM practitioner and implementer Jeremy Middleton will share an ABM foundation framework that he used at Kenna Security, including how it worked versus sales expectations, how to use the foundation to identify full funnel improvements and how to work with sales to make it all work. He’ll uncover unique insights such as: Look at your tools after having a process in place — is it time to change or simplify? Be picky at what tactics you run, and what tools to use to make them work. Never change your strategy; you only improve it. You only change your process. If you can’t make sense of your data, you’re starting too big. RELATED LINKS Learn more about Kenna Security Check out the new B2BMX: Next-Level ABM event
SDxCentral 2-Minute Weekly Wrap Podcast for May 21, 2021 Plus, cybercrime is a big industry, and Palo Alto Networks boosts zero trustCisco SecureX to gain Kenna boost, warns of cybercrime's financial impact; Palo Alto Networks updates its zero-trust security posture. Cisco Scoops Up Kenna Security Cisco CEO: Cybercrime Damages Hit $6 Trillion Palo Alto Networks Zeroes In On Zero-Trust Security Learn more about your ad choices. Visit megaphone.fm/adchoices
Punchy and Grumpy are back at it starting with a discussion on GoSDL and how it integrates with developer workflows. Followed by a discussion on language choice/experience, Cisco's acquisition of Kenna Security, and more dependency confusion in gem files.
Cisco has been busy on the acquisition front this week, and today the company announced it was buying threat assessment platform Kenna Security, the third company it has purchased this week. The two companies did not disclose the purchase price. With Kenna, Cisco gets a startup that uses machine learning to sort through the massive […]
Cisco has been busy on the acquisition front this week, and today the company announced it was buying threat assessment platform Kenna Security, the third company it has purchased this week. The two companies did not disclose the purchase price. With Kenna, Cisco gets a startup that uses machine learning to sort through the massive […]
The CEO of Kenna Security, Mr. Karim Toubba, appears on Task Force 7 Radio to unpack the state of vulnerability management in the Cyber Security industry. Mr. Toubba breaks down how risk based vulnerability management has transformed how efficient and effective companies are in responding to critical vulnerabilities. He also discusses what winning looks like in the VM space, as well as how important it is to operationalize your vulnerability management program to promote standardization and consistency amongst various IT Teams. Toubba wraps up by explaining the importance of data science in making critical business decisions and what those CVSS scores really mean. Don't miss one of our most educational episodes ever on Episode #178 of Task Force 7 Radio...
The CEO of Kenna Security, Mr. Karim Toubba, appears on Task Force 7 Radio to unpack the state of vulnerability management in the Cyber Security industry. Mr. Toubba breaks down how risk based vulnerability management has transformed how efficient and effective companies are in responding to critical vulnerabilities. He also discusses what winning looks like in the VM space, as well as how important it is to operationalize your vulnerability management program to promote standardization and consistency amongst various IT Teams. Toubba wraps up by explaining the importance of data science in making critical business decisions and what those CVSS scores really mean. Don't miss one of our most educational episodes ever on Episode #178 of Task Force 7 Radio...
Link to Blog Post This week’s Cyber Security Headlines - Week in Review, February 15-19, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Mike Johnson, co-Host CISO Vendor Relationship Podcast. Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC)², participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst. All links and the video of this episode can be found on CISO Series.com
Security bugs left unpatched in Android app with one billion downloads LastPass will restrict free users to only one type of device starting next month North Korea accused of hacking Pfizer for Covid-19 vaccine data Thanks to our episode sponsor, Kenna Security In just one hour, learn how to prioritize your riskiest vulnerabilities and lower your cyber risk through Kenna Katalyst, the newest on-demand educational series from Kenna Security designed to kickstart your risk-based vulnerability management program and equip you with expert tips you can implement today. Backed by (ISC)², participants can earn 1 CPE credit. Start now at kennasecurity.com/katalyst. For the stories behind the headlines, head to CISOseries.com
France links Russian Sandworm hackers to hosting provider attacks Privacy problems with Azure and Canonical Microsoft estimates thousands of developers touched SolarWinds malware Thanks to our episode sponsor, Kenna Security Kenna Katalyst is Kenna Security’s newest on-demand educational series designed to help you shift gears to risk-based vulnerability management. Get the six key steps you need to go risk-based along with actionable tips to help your team focus on the risks that matter most. Participants can earn 1 CPE credit through (ISC)². Learn more at kennasecurity.com/katalyst.
What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show. This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw681
This week, we welcome back Michael Roytman from Kenna Security, for a discussion on 'XDR and Vitamins'!What is XDR? How do we know the security protections we're investing in are working?! Dan DeCloss from PlexTrac returns to join us for a technical segment titled 'How Tall Do You Have to Be to Ride the Ride'? In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc! Show Notes: https://securityweekly.com/psw681 Visit https://securityweekly.com/plextrac to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
What is XDR? How do we know the security protections we're investing in are working? All this and Paul's CBD Pineapple Pizza Drink on this week's show. This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw681
This week, we welcome back Michael Roytman from Kenna Security, for a discussion on 'XDR and Vitamins'!What is XDR? How do we know the security protections we're investing in are working?! Dan DeCloss from PlexTrac returns to join us for a technical segment titled 'How Tall Do You Have to Be to Ride the Ride'? In the Security News, why privacy is like bubble wrap, South African government releases its own browser just to re-enable flash support, former Lulzsec hacker releases VPN zero-day used to hack hacking team, how a researcher broke into Microsoft VS code’s Github, & how criminals use a deceased employee’s account to wreak havoc! Show Notes: https://securityweekly.com/psw681 Visit https://securityweekly.com/plextrac to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Kenna Security recently celebrated its 10-year anniversary on Dec. 10th, 2020; so we decided to do what we do best and take a data-based (and rare) review of the top vulnerabilities from the past decade, year-by-year.
Kenna Security recently celebrated its 10-year anniversary on Dec. 10th, 2020; so we decided to do what we do best and take a data-based (and rare) review of the top vulnerabilities from the past decade, year-by-year.
Subscribe | Transcript | Comment The Episode in 60 Seconds Despite thousands of incoming digital signals each day, each of us is still a physical creature. We long for personal mail, place trinkets on our desks, long for presents on our birthdays, and keep ticket stubs and other physical memories. How do we effectively integrate the physical with the digital? Tactile Marketing Automation (TMA) is a growing category and includes its own software TMA fulfills the marketing fundamentals A well-timed physical presentation gives you a moment of undivided attention Our Guest Nick Runyon is the CMO of PFL, a company that has grown from on-demand printing to a mature marketing automation company specializing in Tactile Marketing Automation which inserts direct mail, swag, and other physical objects into the nurture process. He is also a current member of Revenue Collective and founder of Media Tractor, a marketing agency. He has been a podcast host, and a senior executive for global non-profits [here and here] which have reached over a billion individuals worldwide. Show Notes Whenever you involve multiple channels in your buyer journey, you get up to an 8 - 10% response rate. When you coordinate direct mail with multiple channels, we see response rates spike over 20%. — Nick Runyon In episode 11, we heard how Kenna Security used direct mail for their greatest trade show appointment conversion ever:
In this episode, we talk about Amazon Sidewalk, and SaleForce’s acquisition of Slack. Then we speak with Jerry Gamblin, Manager of Security and Compliance at Kenna Security, about the U.S. Supreme Court hearing arguments this week about the Computer Fraud and Abuse Act, which has major implications for ethical hackers. Finally, we chat with Sara Golemon, Core Developer and Release Manager on the PHP team, about the new release of PHP 8.0. Show Notes DevDiscuss (sponsor) Triplebyte (sponsor) CodeNewbie (sponsor) Vonage (sponsor) Salesforce Signs Definitive Agreement to Acquire Slack Introducing Amazon Sidewalk Computer Fraud and Abuse Act PHP 8.0 Released!
Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems. This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675
Michael takes us through some of the common AI and ML methods of data science and how they apply to our InfoSec problems. This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw675
This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea! Show Notes: https://securityweekly.com/psw675 Visit https://securityweekly.com/mimecast to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea! Show Notes: https://securityweekly.com/psw675 Visit https://securityweekly.com/mimecast to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
We discuss the sixth and latest report in our ongoing dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 6: The Attacker-Defender Divide looks at exploitation events from 2019 to analyze the momentum shifts between cybersecurity hackers and the teams defending organizations from attack.
We discuss the sixth and latest report in our ongoing dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 6: The Attacker-Defender Divide looks at exploitation events from 2019 to analyze the momentum shifts between cybersecurity hackers and the teams defending organizations from attack.
We discuss the fifth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 5: In Search of Assets at Risk.
We discuss the fifth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 5: In Search of Assets at Risk.
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding on the scope of exposures and how risk informs remediation strategies This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203
This week, first we talk Enterprise News, discussing how Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! In our second segment, we welcome Ed Bellis, Co-Founder and CTO at Kenna Security, to discuss Prioritization to Prediction Vulnerability Research Series! In our final segment, we welcome back Corey Bodzin, CTO at deepwatch, to talk about deepwatch Lens Score and Series B! Show Notes: https://securityweekly.com/esw203 Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, first we talk Enterprise News, discussing how Palo Alto Networks announces cloud native security platform, Akamai launches new API security tool, SentinelOne secures patent for unique approach to uncovering exploits in their initial payload stage, Splunk helps security teams modernize and unify their security operations in the cloud, and Agile1 Predictive Analytics Risk Scoring helps orgs identify, prioritize and quantify cybersecurity risks! In our second segment, we welcome Ed Bellis, Co-Founder and CTO at Kenna Security, to discuss Prioritization to Prediction Vulnerability Research Series! In our final segment, we welcome back Corey Bodzin, CTO at deepwatch, to talk about deepwatch Lens Score and Series B! Show Notes: https://securityweekly.com/esw203 Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will: Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge A breakdown in performance factors by industry and platforms Lay out several factors that drive better remediation performance Provide a deeper understanding of the scope of exposures and how risk informs remediation strategies This segment is sponsored by Kenna Security. Visit https://securityweekly.com/kennasecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw203
We discuss the fourth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 4: Measuring What Matters In Remediation.
We discuss the fourth report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 4: Measuring What Matters In Remediation.
All links and images for this episode can be found on CISO Series (https://cisoseries.com/whether-its-vulnerabilities-or-children-we-like-to-pick-favorites/) While you do have to claim all of your vulnerabilities and your children, you don't have to like all of them. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Ben Sapiro, global CISO, Great-West LifeCo. HUGE thanks to our sponsor, Kenna Security. With Kenna Security, companies efficiently manage the right level of risk for their business. Our Modern Vulnerability Management model eliminates the friction between Security and IT teams about what to patch, providing clear prioritization based on real-time threat intelligence and guidance applied to each customer’s unique environment across infrastructure, applications and IoT. On this week's episode Why is everybody talking about this now Do you have a clear overall picture of how you're protecting your environment? The Cyber Defense Matrix, an open source tool created by Sounil Yu, a former guest, offers a simple five-by-five grid with the x-axis being the five operational functions of the NIST Cybersecurity Framework and the Y-axis are the five asset classes cyber professionals are trying to secure (devices, applications, networks, data, users). The idea is you are supposed to fill in all 25 squares as best as possible to see where you might have gaps in your security program. Ross Young, CISO, Caterpillar Financial Services Corporation, and a recent guest on this show, has adapted the matrix, by changing the Y-axis to four risks of phishing, ransomware, web app attacks, third party risks. So what's a better way of building out at your security program: by the assets that you're trying to protect or the risks that you're facing? What are the pros and cons of each method? Can you change Mike's mind On a previous show Mike said he is NOT a fan of security through obscurity. Utku Sen of HackerOne argues that security through obscurity is underrated. His argument was that adding "obscurity" is often costless and it adds another layer in your defense in depth program. It is far from bulletproof, but obscurity reduces the likelihood which lowers your overall risk. Examples he included were obfuscating your code in your program, and/or using random variables in the code. Can we change Mike's mind? Is there a level of security through obscurity he has deployed and/or would consider? What's Worse?! What's better? Good and bad data or no data? Please, enough! No, more. Today's topic is vulnerability management, or specifically, vulnerability remediation. What have you heard enough of on vulnerability management, and what would you like to hear a lot more? Question for the board What misconceptions does the board have of the role of the CISO? On LinkedIn, Amar Singh of Cyber Management Alliance Limited, listed off what the CISO is and, isn't, and what inappropriate demands are made on them. He said the CISO is -NOT a super-being or a magician -NOT there to fix IT blunders -NOT the only guardian of the realm -Unable to STOP all cyber-attacks. -NOT a scapegoat/sacrificial lamb -NOT accountable but responsible We often get the sense that CISOs do play these roles as they come in and out. What can be done to temper these beliefs? "
We discuss the third report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 3: Winning the Remediation Race looks at (1) how quickly and (2) how many vulnerabilities a given organization can handle. Answering two key questions: Can organizations remediate all of the new vulnerabilities in their environments? If not, can organizations remediate all of the new High-Risk vulnerabilities in their environments?
We discuss the third report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction volume 3: Winning the Remediation Race looks at (1) how quickly and (2) how many vulnerabilities a given organization can handle. Answering two key questions: Can organizations remediate all of the new vulnerabilities in their environments? If not, can organizations remediate all of the new High-Risk vulnerabilities in their environments?
All links and images for this episode can be found on CISO Series (https://cisoseries.com/i-want-to-but-i-just-cant-trust-your-single-pane-of-glass/) I've already got a view into my company's security. It's going to take a lot to get me to to dump it for your solution. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Joshua Scott (@joshuascott94), former CISO, Realtor.com. HUGE thanks to our sponsor, Kenna Security. With Kenna Security, companies efficiently manage the right level of risk for their business. Our Modern Vulnerability Management model eliminates the friction between Security and IT teams about what to patch, providing clear prioritization based on real-time threat intelligence and guidance applied to each customer’s unique environment across infrastructure, applications and IoT. On this week's episode First 90 days of a CISO How do you define the likelihood of impact? Yaron Levi, CISO, Blue Cross Blue Shield of Kansas City, shared an article by Brian Spanswick of Splunk who discussed this process of building out a company's security program, and that mission should be "mitigate the likelihood and potential business impact of a breach while supporting an organization's strategic goals and business objectives." Our guest was Realtor.com's first CISO. He built their cybersecurity program from scratch. We talked about how he reduced impact while staying keen to the organization's objectives. How do you go about discovering new security solutions In the last three years, where have our guests successfully innovated in cybersecurity? Why did they do it? And where do they think they need the next innovation? What's Worse?! How much battle damage do you want your CISO to have? Can you change Mike's mind Mike inspired me to ask this question on Twitter, "What would a single pane of glass need to have for you to dump your current pane of glass?" This was has major argument that each single pane of glass requires him to dump his current one. The question is what type of mountain does a security vendor need to climb for him to unload his current view of his security program. What Is It and Why Do I Care? Today's topic is threat detection and I'm a little loose on this as I got slight variations on threat detection from insider threats, to SIEM, to just threat detection. I'm lumping them all into the umbrella of threat detection, but it'll be obvious which is which. Vendors send various pitches explaining their category and also explaining what differentiates them. Mike and our guest will determine which is the best and from that and I will announce the winners, but only the winners.
We discuss the second report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction, Volume 2: Getting Real About Remediation picks up on the overall vulnerability landscape analysis from Volume 1 and dives deep into the vulnerability landscape from within actual enterprise networks (a little over 500 of them to be exact).
We discuss the second report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction, Volume 2: Getting Real About Remediation picks up on the overall vulnerability landscape analysis from Volume 1 and dives deep into the vulnerability landscape from within actual enterprise networks (a little over 500 of them to be exact).
All links and images for this episode can be found on CISO Series (https://cisoseries.com/request-a-demo-of-our-inability-to-post-a-demo/) It's really easy to include "Request a Demo" button on our site. But potential buyers would actually like to just watch a demo on our site. Should we actually expend just a little more effort to record a demo and upload it to our site? This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Ross Young, CISO, Caterpillar Financial Services Corporation. Thanks to our sponsor, Kenna Security. With Kenna Security, companies efficiently manage the right level of risk for their business. Our Modern Vulnerability Management model eliminates the friction between Security and IT teams about what to patch, providing clear prioritization based on real-time threat intelligence and guidance applied to each customer’s unique environment across infrastructure, applications and IoT. On this week's episode Why is everybody talking about this now? Our guest posted about the 10+ daily product pitches he receives and he suggested that vendors place a product demo on their site. It just so happens, I also posted about this on LinkedIn. I am astonished that not every vendor spends their first marketing dollars on creating a product demo and posting that video. If a security practitioner is interested in a company, how do they begin their research? What do they look for? Do they watch product demo videos? Do they click the "request a demo" button? First 90 Days of a CISO Our guest shared a study from PWC that points out what management thinks are the most important roles for a CISO. Eighty four percent considered the ability to educate and collaborate across the business was critical making it the top most skill they look for in a CISO. At the same time, it appears investing in a talent management program for leadership was the least important with only 22 percent responding. What I read from this is management wants you to lead, and get the whole company on board, but do it alone. Plus, they expect you to be a perfect cybersecurity leader out of the box. Is that feasible? Is this why we're having so much burnout of CISOs? It's not just the pressure of protecting, but taking on all leadership responsibilities with no ongoing support? What's Worse?! How are you advertising for new hires? There’s got to be a better way to handle this Turns out half of employees are cutting corners on security when working from home. This includes using home computers for corporate work, emailing sensitive documents from personal accounts. It's not malicious, but the distractions of work from home life and demands to deliver quickly are forcing employees to take the less secure route. Also, being away from the watchful IT and security gives them the breathing room to be less careful. Tip of the hat to Gina Yacone of Agio for posting this article from ZDnet about Tessian's work from home study. How can security leaders stay in contact with employees so they don't stray? How CISOs are digesting the latest security news What makes a security podcast valuable? What elements does a cybersecurity podcast need to have for you to say to yourself, "I'm glad I spent the time listening to that"?
Both the bane and salvation of security teams, and the start of a month-long fix cycle for IT teams, Microsoft's Patch Tuesday is a consistent reminder that nothing keeps us more secure than good old fashioned cyber-hygiene. Kenna Security's Head of Research, Jcran walks us through his Patch Tuesday ritual and gives us some tools, tips, and tricks along the way.
Both the bane and salvation of security teams, and the start of a month-long fix cycle for IT teams, Microsoft's Patch Tuesday is a consistent reminder that nothing keeps us more secure than good old fashioned cyber-hygiene. Kenna Security's Head of Research, Jcran walks us through his Patch Tuesday ritual and gives us some tools, tips, and tricks along the way.
Negocios Now announced today the special awards for the Latino 40 Under 40 Class of 2019. Awards go to Ximena Cortez, 25, Youngest Latino Award; Commissioner María S. Bocanegra, Rising Star Award; and Dr. Emilio Carrillo, Leader of the Pack Award. This announcement comes one day before the virtual celebration of Latinos 40 Under 40 on July 17 at 5:30 pm. “We couldn't be more proud of having them for our special award recipients this year. Ximena, Maria, and Emilio are fantastic representatives of a generation of young Latinos who make a visible difference in this country with their talent and achievements as young professionals,” said Clemente Nicado, publisher of Negocios Now. Dr. Emilio Carrillo is the founder of the FMR Center and FMR Chicago. He graduated in 2014 with a doctor of dental surgery (DDS) degree after achieving honors in aesthetic dentistry at New York University, a top dentistry school. Ximena Cortez is currently working toward her master's degree in cybersecurity at DePaul University and works as a junior quality-assurance engineer for Kenna Security. She and her family immigrated to the U.S. in 2005 and settled on the Southwest Side of Chicago. Well-respected attorney Maria S. Bocanegra was appointed to the Illinois Commerce Commission by Gov. JB Pritzker on April 8, 2019, and confirmed by the Illinois Senate on May 31, 2019. As an ICC commissioner, she regulates public utilities, transportation and telecommunications entities. Remy Martin Award During the virtual celebration, Remy Martin will recognize two members of the community with the Remy Martin Centaur Award. These individuals are exceptional leaders and are dedicated to the community and the world at large. Remy celebrates their success with this award and honors their endeavors by donating $1,000 to a charitable organization of their choice. The award recipients are Ivette Trevino, senior director of business development and strategy at the Illinois Hispanic Chamber of Commerce, and Mark Vargas, president of Licentiam. Trevino is responsible for managing and building relationships with corporate partners and community leaders. And she provides opportunities for the community to build and foster relationships. Vargas is a trusted adviser and close confidante to some of the highest-profile political and business leaders in America. He is widely respected as a tech entrepreneur in healthcare, as a political opinion writer and media strategist, and appears regularly in local and national media.
The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.
The first in a multi-part dive into the Prioritization to Prediction (P2P) research series by Kenna Security and The Cyentia Institute - guests Ed Bellis and Wade Baker discuss P2P Volume 1 which quantifies the performance of vulnerability prioritization and remediation strategies for the very first time.
Nicholas Holland breaks things. Then he builds them better than before. His role at HubSpot puts him in the cockpit with SMB and Enterprise CMOs who are trying to fly their marketing jets to new heights. He's heard their struggles and tries to give them tools for powering their futures This interview powers through topics including: Why your existing customers are the biggest catalysts for future business Why integration between sales and marketing really breaks down How to amp up marketing automation and personalization How to sit at the revenue table in confidence The next two years of marketing Our Guest Nicholas Holland is a product maker, entrepreneurial dreamer, and lover of mixed martial arts. He's the General Manager and Vice President of Marketing Hub at HubSpot. He founded and exited from several SaaS companies in the Nashville area before joining forces with HubSpot to run their marketing labs endeavor. Listen starting at 3:00 to discover more of Nicholas' career journey and lessons learned. Show Notes When Nicholas was a SaaS leader, he considered HubSpot for his CRM and marketing automation platform, but ended up going with someone else. Find out at about 4:30 why he made that decision. HubSpot set themselves apart and continued to iterate and innovate through imprinting their culture throughout. Explore this slide deck to learn more. Nicholas recommends Drive by Daniel Pink as a guide to help identify and define autonomy, mastery, and purpose. Every single system that you stitched together has a small coefficient of drag on how fast you can go. - Nicholas Holland The Flywheel HubSpot departed from the idea of a funnel and adopted a flywheel. Why? What brought it about? Listen at 17:00 to join in the debate. Nicholas illustrates the flywheel by considering your net promoter score. Integration between sales and marketing breaks down, as does the true power of marketing data, at this point: when you aren't willing to invest in connecting all your systems together, you'll never truly understand what your customer is thinking and feeling. The Ultimate Reason You Need a Marketing Automation Platform Can I sit at the revenue table with the sales leader? And can I show the points I've put on the board? That's it. You want to crack open a CMOs brain, ask them to sit down and have a frank discussion about how much revenue they should get credit for versus the sales org, versus the service org. - Nicholas Holland At about 23 minutes, Nicholas talks about how to truly integrate your systems to get better vision into your customer. He also talks about better, more highly refined governance and ABM. The Next Twenty-Four Months Customer communication will be a challenge. You're just not your audience anymore. - Nicholas Holland The emergence of the CDP, a customer data portal. Leveraging personalization. Building a Team for the Next Two Years 1. You will need someone to oversee the entire journey. Be sure to listen to the story at 38 minutes about when Nicholas made a new hire in this area. She had an outrageous request. 2. An OPS person whether Marketing Ops, Revenue Ops, or Data Ops [Caroline Japic at Kenna Security knows the power of the marketing ops role. That's why she hired Jeremy Middleton. Listen to how they work together in episode 11.]
The Episode in 60 Seconds What can a brand new CMO do to grow a company in the first six months? Caroline Japic, CMO of Kenna Security, faced this challenge head-on with energy and drive. This interview covers: How Kenna reduced the size of their MarTech stack and cut their annual cost in half How to build a team that works and works together The marketing efforts that have changed and those that have stayed steady Five pieces of advice to new CMOs Our Guests Caroline Japic brings 12 years of senior marketing executive experience to Kenna Security as CMO. Kenna is a vulnerability management scanner that searches for threats to your organization, infrastructure, applications then delivers it in a cloud platform by user reducing friction between security and IT. She has also served as CMO at Pramata and Tidemark and was a senior marketing executive for HP, Bunchball, Taleo, and Polycom. Caroline has been commended throughout her career for building winning teams and moving marketing programs ahead quickly. Jeremy Middleton is Caroline's trusted right hand. Their paths have crossed before at Pramata and HP. Jeremy understands how to uncover, use, and analyze data to support and tweak marketing efforts. He's a proven manager and marketing tactician. Show Notes What does it take to transform and grow a marketing program? Team Building Caroline came in and analyzed the team, found the holes (and filled them), and realigned the team to be more efficient. Listen at 5:00 minutes to discover the biggest changes she made and 7:00 for the qualities she looks for in marketing experts. Message Building What are we telling the world about Kenna? Does it make sense? Is it concise? - Caroline Japic Overhauling the Marketing Stack Jeremy cut the MarTech tools from twenty down to seven and cut their budget in half. Find out what tools they are using at 13:00. We have a simpler set of tools which means less raw data which results in less noise. We can more easily make sense out of the information we have. - Jeremy Middleton What is Old is New Again Kenna Security developed a physical direct mail package and have received a 10% meeting schedule rate. Listen throughout the episode to find out how and why it works plus a measuring stick of how effective it really is. Understanding Your Customer More Deeply than Ever Caroline is passionate about knowing and learning more about Kenna's customers. Find out how she builds her empathetic understanding at 20:00. The Fundamental Underpinnings We explore what Caroline and Jeremy see as the basic building blocks for their marketing program. (23:00) Technology doesn't solve problems Do you really know who you're targeting? How accurate is your data? Can you stop what isn't helping? Maintaining High Standards While Motivating the Team Caroline has built a loyal and high-performing team. She breaks down some of her thought process of management at 30:00. What has changed in marketing Metrics are much more sophisticated and tell a greater story. CMOs must feel like and act like they own the entire funnel from lead to close... and beyond. Sometimes, it is "arts and crafts marketing." We say, "This would be fun. Let's do this thing." Afterward, we ask, "Well, did it work?" We don't know. We ask, "Did everyone like it?" - Caroline Japic Advice for New CMOs You need a big win fast Build your dashboard first Talk to your sales leader every single day Put a framework in place. You need a written plan. Market the marketing Build relationships and maintain alignment
Kenna Security (https://www.kennasecurity.com/) . He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dascena and former advisor to SecurityScoreboard.com, Dharma, and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (https://www.amazon.com/Beautiful-Security-Leading-Experts-Explain/dp/0596527489) . He is also a frequent speaker at industry conferences such as RSA, BlackHat, and many others. In this episode, we discuss vulnerability management maturity, how to focus on remediation, inventory management, securing cloud services, IoT devices in the enterprise, entrepreneurship, hiring the right people, and so much more. Where you can find Ed: LinkedIn (https://www.linkedin.com/in/bellis/) Twitter (https://twitter.com/ebellis) Kenna Security Blog (https://www.kennasecurity.com/blog/)
Darin and Kim are pleased to welcome Ed Bellis to the show. Ed Bellis is a security industry veteran and expert and was once named Information Security Executive of the year. He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Bellis is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. Kenna Security is a software-as-a-service Risk and Vulnerability Intelligence platform that accurately measures risk and prioritizes remediation efforts before an attacker can exploit an organization’s weaknesses. Kenna automates the correlation of vulnerability data, threat data, and 0-day data, analyzing security vulnerabilities against active Internet breaches so that InfoSec teams can prioritize remediations and report on their overall risk posture. For more information, visit kennasecurity.com.
This week, we talk Enterprise News, to discuss how Ping Identity's PingID multi-factor authentication is now available in AWS Marketplace, 8,000 Unprotected Redis Instances Accessible From Internet, Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces, Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns from Ixia, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder of Netsparker, to talk about the Time to Measure Security Improvement in Application Security! In our final segment, we air a pre recorded interview from RSAC 2020 with Ed Bellis, Co-Founder and Chief Technology Officer at Kenna Security, discussing Moving Towards Modern Vulnerability Management! To learn more about Netsparker, visit: https://securityweekly.com/netsparker Show Notes: https://wiki.securityweekly.com/ESWEpisode178 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to discuss how Ping Identity's PingID multi-factor authentication is now available in AWS Marketplace, 8,000 Unprotected Redis Instances Accessible From Internet, Tufin Announces Free Firewall Change Tracker to Enhance Network Security and Connectivity for Remote Workforces, Simple Advanced Persistent Threat Emulation with BreakingPoint Attack Campaigns from Ixia, and more! In our second segment, we welcome back Ferruh Mavituna, CEO and Founder of Netsparker, to talk about the Time to Measure Security Improvement in Application Security! In our final segment, we air a pre recorded interview from RSAC 2020 with Ed Bellis, Co-Founder and Chief Technology Officer at Kenna Security, discussing Moving Towards Modern Vulnerability Management! To learn more about Netsparker, visit: https://securityweekly.com/netsparker Show Notes: https://wiki.securityweekly.com/ESWEpisode178 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In a recent episode of Rapid7’s podcast, Security Nation, we talked with Jonathan Cran, Head of Research at Kenna Security, about his side project, Intrigue, and how security professionals are spending their time while on coronavirus lockdown. And, in our Rapid Rundown news segment, Tod and Jen discuss electronic surveillance and contact tracing in the time of COVID-19.
Costanoa Ventures back tenacious and thoughtful founders who change how business gets done. The firm's investments include companies such as Alation, Demandbase, Directly, Kenna Security, Return Path, Roadster, and Quizlet. Mark Selcow is a partner at the early-stage investor in enterprise software. Mark invests in companies like LivelyHSA, Quizlet and Skedulo. Prior to joining Costanoa, Mark was a serial entrepreneur and operator, who led organizations in the enterprise software and consumer Internet sectors. He co-founded and served as President of two companies-- Merced Systems and BabyCenter. BabyCenter was sold to Johnson and Johnson in 2001 and Merced Systems was sold to NICE Systems in 2012. As a former founder of two startups and now investor, I invited him onto the podcast to learn how raising VC money previously as a founder has impacted his investment style and process and why he invests in enterprise technology versus consumer. We also discuss the interesting industries and trends he's tracking today. (areas where technology is helping workers become better and more adaptive performers; how and why technology is reinventing the financial and insurance markets).
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management! Show Notes: https://wiki.securityweekly.com/ESWEpisode166 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we talk Enterprise News, to talk about how MITRE updates ATT&CK for the cloud, Ping Identity builds and matures Zero Trust Infrastructures, SaltStack integrates with ServiceNow to deliver Closed-Loop IT and Security Automation, and some acquisition updates from Fortinet, CyberSponse, Guardsquare, Zimperium, and more! In our second segment, we discuss Unifying DevOps and SecOps, exploring the people and process challenges of DevSecOps and Where to integrate Security Seamlessly in the DevOps Pipeline! In our final segment, we welcome Jason Rolleston, Chief Product Officer at Kenna Security, and Michael Roytman, Chief Data Scientist at Kenna Security, to discuss Risk-Based Vulnerability Management and Threat and Vulnerability Management! Show Notes: https://wiki.securityweekly.com/ESWEpisode166 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Jason Rolleston, Chief Product Officer at Kenna Security & Michael Roytman, Chief Data Scientist at Kenna Security join Paul, Matt, and Jeff on this week's episode of ESW to discuss how risk-based vulnerability management is transforming the vulnerability management industry by enabling enterprises to understand the true risk of their infrastructure and applications, saving them time and resources by prioritizing efforts around actions that reduce the most risk. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
Jason Rolleston, Chief Product Officer at Kenna Security & Michael Roytman, Chief Data Scientist at Kenna Security join Paul, Matt, and Jeff on this week's episode of ESW to discuss how risk-based vulnerability management is transforming the vulnerability management industry by enabling enterprises to understand the true risk of their infrastructure and applications, saving them time and resources by prioritizing efforts around actions that reduce the most risk. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode166
Most people change jobs every 5 years. And most have a favorite tech tool, but they don’t cancel it when they leave. Suddenly you have four digital ad tools when you only need one. On this episode, I interview Jeremy Middleton, Head of Marketing Strategy & Operations at Kenna Security, about drowning in tech tools. On this episode, he discusses: Why siloism causes a glut of tech tools. The process for knowing whether you need to buy tech tools or not. Explaining context when you share your vision. Proper transition planning. Listen to this and all other episodes of Marketing: Behind the Curtain at Apple Podcasts, Spotify, or our website.
When we recruit senior OHS professionals, often one of the key responsibilities is to brief the board on health and safety issues. So, to help senior (and aspiring) HSE professionals better understand the board's expectations and thinking on OHS, Helen invited non-executive director, Karen Smith-Pomeroy, to share her insights on the podcast. Karen is a former Suncorp banking executive and current non-executive director of Infigen Energy, Kenna Security, Infocus wealth management, Stanwell Corporation and Queensland Treasury Corporation. In addition, she chairs the National Affordable Housing Corporation. In this podcast, Karen shares her experience on what's important for boards in terms of health and safety including: The structure of boards and the role of sub-committees The role of the board to oversee risk and processes to mitigate risk Leadership on safety from the top How OH&S leaders need to present to the board The importance of disclosure
This week, in our first segment, we talk Enterprise News, discussing how Tripwire unveils a new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security! In our second segment, we welcome Paul Claxton, COO and Managing Partner at Elite Holding, Co., Valiant Consulting, and Reciprocity ROI LLC, to talk about the Top Cyber Threats for COO's, CMO's, and CISO's! In our final segment, we welcome Matt Wyckhouse, Co-Founder and CEO at Finite State, to talk about Supply Chain Security in the IoT Era! Show Notes: https://wiki.securityweekly.com/ESWEpisode156 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, in our first segment, we talk Enterprise News, discussing how Tripwire unveils a new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security! In our second segment, we welcome Paul Claxton, COO and Managing Partner at Elite Holding, Co., Valiant Consulting, and Reciprocity ROI LLC, to talk about the Top Cyber Threats for COO's, CMO's, and CISO's! In our final segment, we welcome Matt Wyckhouse, Co-Founder and CEO at Finite State, to talk about Supply Chain Security in the IoT Era! Show Notes: https://wiki.securityweekly.com/ESWEpisode156 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In the news, we discuss how ripwire unveils new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode156
In the news, we discuss how ripwire unveils new version of Tripwire Connect, Infrastructure management at scale with Netshield, Five Trends Shaping the Future of Container Security, and some funding updates from BurstIQ and Kenna Security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode156
I’ve know Martina Lauchengco for more than 2 decades, and she is one of the smartest product marketers there is. As the Marketing Operating Partner at Costanoa Ventures she advises the firm’s portfolio on everything go to market. Costanoa’s security investments include BugCrown, Elevate Security, Kenna Security and others. Martina and I talk about what it takes to be a successful start-up marketing and what investors look for in go to market approaches and investments. If you’re 3 pillar messages are “Protect, Monitor, Secure” than Martina will tell you you are in good company, in a bad way! Martina talks about communicating what you do, how it’s different and why you are different and getting to the next layer down. We talk about story-telling, why Reddit is a good early radar system for investors to find the buzz, atomic narrative nuggets, category strategy, fitting in and standing out, and how investors check out the “real story” not the one you are telling. And don’t miss how Martina explains how fundamentally founders and executives don’t understand marketing, creating market pull, positioning, sequencing investments and why spending more doesn’t always equal success, and the alignment and accountability between sales and marketing. Martina recommends that you check out portfolio member Elevate Security’s website for a shift in messaging that excites an investor. Martina recommends all marketers read Chip and Dan Heath’s Made to Stick and that you follow @BenThompson of stratechery.com . You can find Martina on Twitter with her handle @mavinmartina and on Linked In here. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week's conversation is with Molly Struve of Kenna Security! We discuss her path to tech, how her team worked to fix their on-call rotation and more! Molly Struve is the Lead Site Reliability Engineer at Kenna Security. She joined Kenna in 2015 and has had the opportunity to work on some of the most challenging aspects of Kenna’s code base. This includes scaling Elasticsearch, sharding MySQL databases, and creating an infrastructure that can grow as fast as Kenna's business. When not making code run faster, she can be found fulfilling her need for speed by riding and jumping her show horses. Transcript: https://aka.ms/AA5q313 https://www.mollystruve.com/ https://twitter.com/molly_struve/
Ben Edwards recently joined Cyentia, and joins Jay and Wade on his first podcast. They talk about research for RiskRecon briefly discuss Ternary plots and heirarchical models (the research will be out soon). They also cover the Prioritization to Prediction Volume 3 research recently released in partnership with Kenna Security.
Condolences to the city of Paris and the people of France. And, alas, expect fraud to follow fire. A compromise may have turned a company’s networks against its customers. Denial-of-service in Ecuador. A look at Brazil’s cyber criminals. Selling a keylogger, complete with terms of service. Facebook’s attitude toward data. The EU finalizes its controversial copyright law. Huawei’s prospects. And what did the algorithm know, and when did the algorithm know it? Emily Wilson from Terbium Labs with their Fraud Guides 101 report. Guest is Ed Bellis from Kenna Security on their latest research report focused on vulnerability remediation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_16.html Support our show
Karim Toubba, the CEO of Kenna Security, discusses why the root cause of so many breaches are coming back to unpatched systems, what companies should do when they learn they are vulnerable to the same type of attacks that are crippling other organizations in the news, and he provides his analysis of how effective tactics used by companies have been thus far in mitigating known vulnerabilities in their systems. Toubba also gives his thoughts on how close we are to automating the remediation of vulnerabilities, how effective are the most popular vulnerability scanning tools used in the marketplace, and how organizations need to properly evaluate risk to understand their real priorities. Host George Rettas also provides commentary on the crippling ransomware attack on the City of Atlanta and the public safety consequences they will face if they decide not to pay the ransom to the attackers.
Is there such a thing as breach fatigue? When have we had enough? Seth and Ken are joined by Jerry Gamblin of Kenna Security to discuss recent breaches and AWS Re:Invent.
Is there such a thing as breach fatigue? When have we had enough? Seth and Ken are joined by Jerry Gamblin of Kenna Security to discuss recent breaches and AWS Re:Invent.
Before you listen to this podcast ... go grab this report: https://www.kennasecurity.com/prioritization-to-prediction-report/ from Kenna Security and the Cyentia Institute. Read it. Think about it. Then listen to this show. Highlights from this week's show include... A high-level walkthrough of the model that authors developed, and the many interesting insights Why what you're doing now is probably as good as random chance A deeper discussion on cause and effect of patches, and trying to do everything So much more! While you're listening to the show, hit us up on Twitter using the hashtag #DtSR or tweet to @DtSR_Podcast! Guests Jay Jacobs ( @JayJacobs ) Wade Baker ( @WadeBaker ) Michael Roytman ( @MRoytman )
Karim Toubba, the CEO of Kenna Security, discusses why the root cause of so many breaches are coming back to unpatched systems, what companies should do when they learn they are vulnerable to the same type of attacks that are crippling other organizations in the news, and he provides his analysis of how effective tactics used by companies have been thus far in mitigating known vulnerabilities in their systems. Toubba also gives his thoughts on how close we are to automating the remediation of vulnerabilities, how effective are the most popular vulnerability scanning tools used in the marketplace, and how organizations need to properly evaluate risk to understand their real priorities. Host George Rettas also provides commentary on the crippling ransomware attack on the City of Atlanta and the public safety consequences they will face if they decide not to pay the ransom to the attackers.
CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more in this week’s Enterprise News! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode32 Visit http://securityweekly.com/esw for all the latest episodes!
Lior Frenkel of Waterfall Security joins us. In the Enterprise News, CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more. Stay tuned!
CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more in this week’s Enterprise News! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode32 Visit http://securityweekly.com/esw for all the latest episodes!
Lior Frenkel of Waterfall Security joins us. In the Enterprise News, CyberArk beefs up its cloud security, Kenna Security partners with Exodus, Gigamon is eliminating network blind spots, and more. Stay tuned!
Episode 29 In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security. Power Laws Probability Distributions
© 2020-2025 Ivy Podcast Discovery LLC
