POPULARITY
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What's happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What's happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Show Notes: https://securityweekly.com/bsw-413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What's happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-413
In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph, SVP of Strategic Intelligence & Security at 360 Privacy, for a gripping conversation about the evolution of executive protection in the digital age. With over 30 years of experience, Chuck shares how targeted violence has shifted from physical threats to online ideation—and why it now starts with a click. From PII abuse to unregulated data brokers, generative AI manipulation, and real-world convergence of cyber and physical risks—this is a must-watch for CISOs, CSOs, CEOs, and anyone navigating modern threat landscapes. Hear real-world examples, including shocking stories of doxxing, AI-fueled radicalization, and the hidden dangers of digital exhaust. Whether you're in cyber, physical security, or executive leadership, this interview lays out the urgent need for converged risk strategies, narrative control, and a new approach to duty of care in a remote-first world. Learn what every security leader needs to do now to protect key personnel, prevent exploitation, and build a unified, proactive risk posture. This segment is sponsored by 360 Privacy. Learn how to integrate privacy and protective intelligence to get ahead of the next threat vector at https://securityweekly.com/360privacybh! In this exclusive Black Hat 2025 interview, CyberRisk TV host Matt Alderman sits down with Tom Pore, AVP of Sales Engineering at Pentera, to dive into the rapidly evolving world of AI-driven cyberattacks. What's happening? Attackers are already using AI and LLMs to launch thousands of attacks per second—targeting modern web apps, exploiting PII, and bypassing traditional testing methods. Tom explains how automated AI payload generation, context-aware red teaming, and language/system-aware attack modeling are reshaping the security landscape. The twist? Pentera flips the script by empowering security teams to think like an attacker—using continuous, AI-powered penetration testing to uncover hidden risks before threat actors do. This includes finding hardcoded credentials, leveraging leaked identities, and pivoting across systems just like real adversaries. To learn more about Pentera's proactive Ransomware testing please visit: https://securityweekly.com/penterabh Show Notes: https://securityweekly.com/bsw-413
Vi spænder pandelygterne stramt og dykker ned i det mørkeste mørke, når vi i denne episode anmelder den japanske true crime-thriller VILLAGE OF DOOM! En gribende, uhyggelig og sand historie om et lille lokalsamfund, der blev ramt af en af Japans mest chokerende forbrydelser. I denne episode anmelder vi også: BRIDGET JONES: MAD ABOT THE BOY, FLOW, FLIGHT PLAN, DEN OF THIVES 2: PENTERA, THE PROSECUTER, LAND OF BAD, THE ORDER, COMPANION, GET AWAY, GREEDY PEOPLE, CONCLAVE, BROKEN RAGE, REACHER (s3)
Jeff Morrison is the Field Engineering Team Lead at Pentera. In this episode, he joins host Heather Engel to discuss compromised credentials and active directories, including the biggest challenges organizations face in this space, poor credential hygiene, how enterprises can address credential-based threats, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
[קישור לקובץ mp3]פרק מספר 486 [פנטיום?] של רברס עם פלטפורמה, שהוקלט ב-10 בדצמבר 2024. אורי ורן מארחים באולפן בכרכור את עומר מחברת Pentera כדי לדבר על מוצר שחי On-Prem - ומעבירים אותו לענן [ספוילר - זה לא פשוט כמו שזה נשמע, במיוחד בענייני Security).
Sion Retzkin is the AVP of Channel Security Engineering at Pentera. In this episode, he joins host Charlie Osborne to discuss the topic of dynamic vulnerabilities, including the key differences between non-patchable security issues and something like a CVE, the role of red teaming, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Jason Mar-Tang is the AVP, Field CISO at Pentera. In this episode, he joins host Heather Engel to discuss measuring ROI in cybersecurity, including some of the biggest challenges, the preparations organizations will need to take, cost-effective methods, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Assaf Regev is the Director of Product Marketing at Pentera. In this episode, he joins host David Braue to discuss the DORA regulations entering into effect in the coming months, including how many organizations will be impacted, why they're so important, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io
In this episode of Breaking Badness, we dive into the rapidly evolving world of cybersecurity with three industry leaders: Raymond Dijkxhoorn, CEO of SURBL; Nabil Hannan, Field CISO at NetSPI; and Jason Mar-Tang, Field CISO at Pentera. They explore the critical role of domain reputation in combating phishing and spam, how AI is reshaping both offensive and defensive cybersecurity strategies, and the growing threat of ransomware in today's digital landscape. With insights from BlackHat and beyond, we discuss everything from the future of phishing defense to the challenges AI poses in securing sensitive data, as well as how ransomware continues to evolve. Tune in to gain actionable insights on staying ahead of cyber threats and protecting your digital domain.
Michal Brenner is the Senior Director of Product Marketing at Pentera. In this episode, she joins host David Braue to discuss the Continuous Threat Exposure Management (CTEM) framework, including what it adds to the security industry, how it's being adopted by the market, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io
Leadership in the fast-paced world of cybersecurity requires more than just technical expertise. It demands resilience, a strong vision, and the ability to inspire a team towards a common goal. Amitai Ratzon, the CEO of Pentera, embodies these qualities. His company, Pentera, has attracted funding from top-tier investors like Awz Ventures, a Canadian-Israeli VC group, Felicitas Global Partners, Delta-v Capital, and Blackstone.
Thomas Pore is the Director of Product Marketing in the Americas Region for Pentera. In this episode, he joins host Paul John Spaulding to discuss a particularly nasty cyberthreat facing organizations today: ransomware, including why it is such a successful attack vendor, how organizations respond to attacks, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
In this episode, host Charlie Osborne is joined by Shakel Ahmed, Security Engineering Team Lead at Pentera, and Tom Sams, Sales Engineer at Pentera. Together, they discuss the threat of leaked credentials, including why it's such a successful attack vector, how user behavior plays a role, and the ongoing fallout of the Snowflake breach. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Nelson Santos is a principal sales engineer at Pentera. In this episode, he joins host Paul John Spaulding to discuss cybersecurity penetration testing, including how to become a pen tester, what some challenges associated with the role are, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe. Pentera recently introduced Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will focus on the challenge of security validation and pentesting in the cloud, and how Pentera Cloud is redefining the speed and scale of pentesting in the cloud. This segment is sponsored by Pentera. Visit https://www.securityweekly.com/penterarsac to learn more about them! Jason Keirstead, Cyware's VP of Collective Threat Defense, takes us beyond the AI buzz in cybersecurity. While AI has tremendous potential for cybersecurity, Jason emphasizes its pragmatic and deliberate application to modernize security operations — not as a panacea but as a strategic ally in enhancing threat intelligence, response capabilities, and operational collaboration. We discuss the practical benefits and limitations of AI, offering insights into how security professionals can leverage AI to augment, not replace, human decision-making and creativity in the ongoing fight against cyber threats. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Anomali's AI-Powered Security Operations Platform is a cloud-native solution that delivers the industry's most comprehensive set of integrated and automated security functions. Anthony Aurigemma discusses how Anomali Copilot automates mundane tasks and enables better analytics and reasoning for today's security teams – automating half of an analyst's day, enabling them to focus on strategic work. With the ability to augment or replace legacy security systems, Anomali's Security Operations Platform helps security teams deliver intelligent, actionable, and accurate insights to their business. This segment is sponsored by Anomali. Visit https://www.securityweekly.com/anomalirsac to learn more about them! Show Notes: https://securityweekly.com/esw-361
Despite building up impressive security stacks in the Cloud, organizations are still struggling to keep their environments safe. Pentera recently introduced Pentera Cloud as the first tool to provide automated pentesting capabilities for cloud environments. This conversation will focus on the challenge of security validation and pentesting in the cloud, and how Pentera Cloud is redefining the speed and scale of pentesting in the cloud. This segment is sponsored by Pentera. Visit https://www.securityweekly.com/penterarsac to learn more about them! Jason Keirstead, Cyware's VP of Collective Threat Defense, takes us beyond the AI buzz in cybersecurity. While AI has tremendous potential for cybersecurity, Jason emphasizes its pragmatic and deliberate application to modernize security operations — not as a panacea but as a strategic ally in enhancing threat intelligence, response capabilities, and operational collaboration. We discuss the practical benefits and limitations of AI, offering insights into how security professionals can leverage AI to augment, not replace, human decision-making and creativity in the ongoing fight against cyber threats. This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to learn more about them! Anomali's AI-Powered Security Operations Platform is a cloud-native solution that delivers the industry's most comprehensive set of integrated and automated security functions. Anthony Aurigemma discusses how Anomali Copilot automates mundane tasks and enables better analytics and reasoning for today's security teams – automating half of an analyst's day, enabling them to focus on strategic work. With the ability to augment or replace legacy security systems, Anomali's Security Operations Platform helps security teams deliver intelligent, actionable, and accurate insights to their business. This segment is sponsored by Anomali. Visit https://www.securityweekly.com/anomalirsac to learn more about them! Show Notes: https://securityweekly.com/esw-361
Tune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera! Find individual descriptions for each interview on the show notes. Show Notes: https://securityweekly.com/esw-361
Tune in to hear 9 executive interviews from RSA Conference 2024, featuring speakers from Zscaler, Open Systems, Aryaka, OpenText, Hive Pro, Critical Start, Anomali, Cyware, and Pentera! Find individual descriptions for each interview on the show notes. Show Notes: https://securityweekly.com/esw-361
Jason Mar-Tang is the AVP, Field CISO at Pentera. In this episode, he joins host Charlie Osbourne to discuss Pentera's annual pentesting report, "The State Of Pentesting 2024." Findings including that 51 percent of enterprises admitted to being compromised by a cyberattack over the past 2 years, the frequency gap between the rate of security testing and the rate of organizational change, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Evolution Equity Partners today announced the final closing of Evolution Technology Fund III, LP and total capital commitments of $ 1.1 Billion to back visionary entrepreneurs building next generation cybersecurity companies that safeguard the digital world. The fund raise was oversubscribed by existing and new limited partners representing a diversified mix of leading institutions, sovereign investors, insurance companies, endowments, foundations, fund of funds, family offices, and high-net-worth individuals. The capital committed gives Evolution Equity Partners a dedicated pool of capital to pursue opportunities for investment ranging from $20 million to $150 million in cybersecurity and in companies utilizing machine learning and AI to build market leading platforms. Significant investments made to date by Evolution include SecurityScorecard, Arctic Wolf, Protect AI, Talon Cyber, Torq, Snyk, Sweet Security, Aqua Security, Oleria, Halcyon, Cybsafe, Phosphorus, DefinedAI, Carbon Black, Panaseer, AVG Technologies, OpenDNS, Pentera, and Quantexa amongst 60 portfolio companies the firm has backed. Read the Press Release: https://www.prnewswire.com/news-releases/evolution-equity-partners-closes-on-1-1-billion-for-cybersecurity-investment-in-oversubscribed-fund-raise-302117459.html
Pentera is an automated pentesting platform. Validate every attack surface in your network, and test continuously to maintain control over your true security posture. Be proactive in fixing vulnerabilities, misconfigurations, leaked credentials, and privileges before they are exploited.We speak with Jannis Utz, VP Global Sales Engineering at Pentera and get insights into Pentera's capabilities and what will be on display at Booth B20, Hall 8 at GISEC Global 2024, 23-25 April at the Dubai World Trade Centre. #Pentera #gisecglobal #mysecuritytv
In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden speaks with Jason Mar-Tang of Pentera to discuss security validation, why it's important, and how it can reduce risk. Then RH-ISAC President Suzie Squier talks with Jim Cameli who was a founding board member of the organization.
Ran Tamir is the Chief Product Officer at Pentera. In this episode, he joins host Heather Engel to discuss Pentera's new product, Pentera Cloud, including its unique aspects, how it will address today's cyber threat landscape, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Michael Belton is the Solutions Architect Team Lead at Pentera. In this episode, he joins host Heather Engel to discuss the concept of deadly defaults, including what makes them so dangerous, how organizations can handle them, and more. Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Automated Security Validation. Involving tools, scripts and platforms to emulate true-to-life attacks, Automated Security Validation is a key part of assessing the readiness of the security infrastructure and guiding prioritized remediation. But how does this implementation of automation really work to empower human expertise? How does all of this relate to compliance? And what words of wisdom can be given for those looking to level up their security strategy in 2024?In this episode of the EM360 Podcast, Analyst Jonathan Care speaks to Thomas Pore, Director of Product Marketing at Pentera, as they discuss:The pen-testing landscape How important testing and validating areEmpowering human expertise and remaining compliant
Aviv Cohen is the Chief Marketing Officer at Pentera. In this episode, he joins host Scott Schober to discuss Pentera's new cybersecurity book for children, “Castle Defenders: What Do Cyber Parents Do?” Cyber Strong is a Cybercrime Magazine podcast series brought to you by Pentera, the leader in automated security validation. Learn more about our sponsor at https://pentera.io.
Balancing resources to keep the bad guys out, improve real-time visibility, and develop quicker responses to new attacks.In what might be legendary singer Johnny Cash's most famous song, he speaks of keeping his eyes wide open all the time, and those tasked with OT security responsibilities are finding that they too need to walk the line. In the cybersecurity world this means balancing between the priorities of different operational environments, selecting tools and technologies that best match these priorities, and then understanding how all these investments can be intertwined to carry out your strategy. Unfortunately, this makes it bit more difficult to stay true to original plans. Navigating that line also entails an understanding that keeping the bad guys out is not the sole function of cyber defense, because the evolution of threats and an expanding OT attack surface has created an incredibly complex environment – a fact that is as obvious as night is dark and day is light. So, to keep us walking that line in understanding how to adapt our tools and strategies, we welcome Stephen Tutterow, a team lead at Pentera, to the show. Pentera is a leading provider of automated security validation solutions.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Join Sean Martin and Aviv Cohen as they embark on a fascinating exploration of the often misunderstood world of cybersecurity. They discuss the importance of recognizing cybersecurity professionals as the modern-day heroes they are, and the need for children to understand and appreciate their parents' roles in this field.Cohen introduces a unique tool to bridge this understanding gap - a beautifully illustrated book titled "Castle Defenders: What Do Cyber Parents Do?". The book, written in engaging rhyme, uses the metaphor of a castle needing defense to explain the complex world of cybersecurity to children. It serves not only as a bedtime story but also as a platform for parents to discuss online safety and cybersecurity literacy with their children.The book has been met with enthusiastic feedback, with parents sharing their experiences of reading it to their children, and children asking for repeated readings. It also includes ten cybersecurity rules, providing children with practical tools to stay safe online. The conversation underscores the urgent need for more cyber defenders in our world and the importance of fostering understanding and respect for this role from a young age.This episode is a must-listen for anyone interested in the intersection of technology, cybersecurity, and society, and especially for those who wish to inspire the next generation of cyber defenders.About the Book: Castle Defenders: What Do Cyber Parents Do?Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.Castle Defenders by Dana Meschiany is a charming story, filled with delightful illustrations and playful storytelling, is perfect for young minds eager to explore the captivating world of cybersecurity.Note: This story contains promotional content. Learn more.Guest: Aviv Cohen, CMO at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwCatch more stories from Pentera at https://www.itspmagazine.com/directory/penteraBook | Castle Defenders: What Do Cyber Parents Do?: https://www.amazon.com/Castle-Defenders-What-Cyber-Parents/dp/B0C51PCQ6QAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Join Sean Martin and Aviv Cohen as they embark on a fascinating exploration of the often misunderstood world of cybersecurity. They discuss the importance of recognizing cybersecurity professionals as the modern-day heroes they are, and the need for children to understand and appreciate their parents' roles in this field. Cohen introduces a unique tool to bridge this understanding gap - a beautifully illustrated book titled "Castle Defenders: What Do Cyber Parents Do?". The book, written in engaging rhyme, uses the metaphor of a castle needing defense to explain the complex world of cybersecurity to children. It serves not only as a bedtime story but also as a platform for parents to discuss online safety and cybersecurity literacy with their children. The book has been met with enthusiastic feedback, with parents sharing their experiences of reading it to their children, and children asking for repeated readings. It also includes ten cybersecurity rules, providing children with practical tools to stay safe online. The conversation underscores the urgent need for more cyber defenders in our world and the importance of fostering understanding and respect for this role from a young age. This episode is a must-listen for anyone interested in the intersection of technology, cybersecurity, and society, and especially for those who wish to inspire the next generation of cyber defenders.About the Book: Castle Defenders: What Do Cyber Parents Do?Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.Castle Defenders by Dana Meschiany is a charming story, filled with delightful illustrations and playful storytelling, is perfect for young minds eager to explore the captivating world of cybersecurity.Note: This story contains promotional content. Learn more.Guest: Aviv Cohen, CMO at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwCatch more stories from Pentera at https://www.itspmagazine.com/directory/penteraBook | Castle Defenders: What Do Cyber Parents Do?: https://www.amazon.com/Castle-Defenders-What-Cyber-Parents/dp/B0C51PCQ6QAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Today, I'm thrilled to have Aviv Cohen, the Chief Marketing Officer of cybersecurity unicorn Pentera, join us for a fascinating discussion on a topic that's crucial yet often overlooked: educating the next generation about cybersecurity. In this episode, Aviv and I dive into his unique initiative – the creation of a children's book titled "Castle Defenders: What Do Cyber Parents Do?" This Amazon #1 Bestseller is not just a book; it's a movement towards making cybersecurity a household conversation. Aviv shares the inspiration behind this innovative approach to educating children about the digital world and the importance of online safety. We start our conversation by exploring Aviv's role at Pentera, a category leader in Automated Security Validation. Pentera's platform is pivotal in enabling organizations to consistently test the integrity of their cybersecurity defenses, a mission that Aviv is deeply passionate about. The core of our discussion, however, revolves around "Castle Defenders." Aviv explains how he managed to distill complex cybersecurity concepts into a format that's not only digestible for children but also engaging and educational. We delve into how this book serves as a vital tool for parents – whether they're cybersecurity professionals or not – to educate their children about the nuances and dangers of the internet. Further into the episode, we discuss the broader implications of "Castle Defenders." Aviv and I ponder over the potential of such educational tools in inspiring future generations to pursue careers in cybersecurity. We agree that understanding and appreciating the work of cybersecurity professionals from a young age can foster a more secure digital future. The conversation also touches upon the expansion of the "Castle Defenders" series, including exciting plans for an audiobook with multiple voices and translations into various languages. Aviv highlights the role of private companies like Pentera in public education, emphasizing the importance of early education and parental involvement in cybersecurity. As we wrap up, Aviv shares insights into Pentera's mission and its impact on the cybersecurity landscape. With thousands of security professionals and service providers globally relying on Pentera for guidance in remediation and closing security gaps, Aviv's insights are invaluable for anyone interested in the current and future state of cybersecurity.
I had the distinct privilege of sitting down with the remarkable Amitai Ratzon, the visionary CEO of Pentera. Amitai's journey is nothing short of extraordinary, and our conversation delves deep into his inspiring ascent to the CEO position at the age of 40. Join us as we explore his incredible journey, from propelling Pentera from a humble beginning to a staggering $100 million enterprise to orchestrating successful fundraising campaigns exceeding $100 million and fostering a thriving team of 350 exceptional individuals. For transcript and show notes please visit this page.
The latest tools and technology needed to create and defend your data fortress.A couple of recent ransomware attacks offer perspective on evolving cybersecurity concerns within the industrial sectorGentex is a Michigan-based manufacturer of electronic safety systems for the automotive sector. They were attacked by a ransomware gang called Dunghill, which is believed to be a rebranded version of the Dark Angels ransomware gang that had historically targeted the gaming and consumer electronics industry.In early May, global industrial component and infrastructure systems manufacturer ABB confirmed that it had also been the victim of a ransomware attack. The group Black Basta reportedly hit the company's Windows Active Directory, disrupting hundreds of devices.The takeaways from these attacks are that ransomware groups continue to evolve, and in doing so are looking to hit new and more lucrative markets. The industrial sector, as you all know, certainly checks this box.These are dynamics that our guest for today's episode, Erik Alfonso Nilsen, Chief Technology Strategist at Flexxon, knows all too well.We're excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Alright, in this Sponsored Interview I'm talking with Aviv Cohen. Aviv is an engineer turned Chief Marketing Officer with Pentera, so if he sounds more technical than most CMOs, that's why. We talk about Pentera's automated Security Validation platform, which he says is similar but different to automated pen testing and attack surface management, and we discuss multiple dimensions of that, from the space they play in, the problem with existing solutions, and a lot more. And with that, there's my conversation with Aviv Cohen. https://pentera.io Become a Member: https://danielmiessler.com/subscribe/See omnystudio.com/listener for privacy information.
Vital defensive tactics that go beyond the attacker.The sensor and communication technology associated with remote monitoring has proven to be both a time-saving and productivity enhancing tool, as well as a potentially debilitating cyber defense vulnerability for the industrial sector. The issues stem from a combination of internal failures and the evolution of highly innovative criminals, which was recently assessed in Cyolo's State of Industrial Secure Remote Access report Their report shows that larger industrial organizations can have over 50 remote users every day. This quantity of off-site employees logging into industrial control systems reinforces the top three areas of deficiency – a lack of visibility, insufficient user training, and weak internal access controls.Our guest for today's episode, Kevin Kumpf, Chief OT/ICS Security Strategist at Cyolo, will offer some color on these challenges, as well as some potential solutions.We're excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
How hackers are targeting ERP systems and automating more attacks.Adding to the data supporting a surge in cyber-criminal activity is the FBI Crime Compliant Center's most recent Internet Crime Report.The IC3 data shows that while the number of reported complaints actually dipped by about five percent last year, the financial losses directly attributed with Ransomware, Phishing and other attacks increased by 49 percent – totaling over $10.3 billion.The report goes on to state that, “we know not everyone who has experienced a ransomware incident has reported to the IC3." The report also called out the top three ransomware groups as LockBit, Blackcat, and Hive – none of which are new to the Security Breach audience.These hacks, and the hackers involved, are all to familiar to JP Perez-Etchegoyen. He serves as the Chief Technology Officer for Onapsis, a leading provider of integrated cybersecurity offerings. In this episode he offers an in-depth look at new challenges and solutions focused on the ransomware pandemic. We're excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Live on-location from Infosecurity Europe 2023, Sean Martin connects with Steve Smith from Pentera to discuss the challenges and opportunities to help organizations protect against the broader scope of security risk.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Steve Smith, VP, UKI & CEE at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/stevesmithesq/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:
Live on-location from Infosecurity Europe 2023, Sean Martin connects with Steve Smith from Pentera to discuss the challenges and opportunities to help organizations protect against the broader scope of security risk.Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-storyGuest: Steve Smith, VP, UKI & CEE at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/stevesmithesq/ResourcesLearn more about Pentera and their offering: https://itspm.ag/pentera-tyuwBe sure to tune in to all of our Infosecurity Europe 2023 conference coverage: https://www.itspmagazine.com/infosecurity-europe-2023-infosec-london-cybersecurity-event-coverageCatch the full Infosecurity Europe 2023 YouTube playlist: https://www.youtube.com/playlist?list=PLnYu0psdcllTOeLEfCLJlToZIoJtNJB6BAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story____________________________If you are a cybersecurity vendor with a story to share, you can book your pre-event video podcast briefing here (https://itspm.ag/iseu23tsv) and your on-location audio podcast briefing here (https://itspm.ag/iseu23tsp).Explore the full conference coverage sponsorship bundle here: https://itspm.ag/iseu23bndlFor more ITSPmagazine advertising and sponsorship opportunities:
How increasingly complex attacks might demand taking humans out of the cybersecurity loop.First published in 2014, the National Institute of Standards and Technology (NIST) recently announced updates to its Cybersecurity Framework (CSF). The goal of version 2.0 of the CSF is to better integrate areas like supply chain risk management and governance. All of these measures would appear tailored towards greater inclusion of the industrial sector, and many of its unique challenges. And the timing couldn't be better. According to Proofpoint's 2023 Voice of the CISO report, 76 percent of industrial sector chief information security officers feel their organization is at risk for a cyber attack within the next 12 months.Our guest for today's episode is Ethan Schmertzler, CEO of Dispel, a leading provider of secure access solutions for industrial control systems.We're also excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.ioTo download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Credential harvesting, backdoor attacks and staying on top of who or what is logging into your networks.While more connection points can create more security soft spots for industrial enterprises, it's no surprise that hackers would generally prefer to log in, as opposed to break in. It's rumored that credential theft via phishing schemes is how attackers were able to infiltrate Colonial Pipeline.And as the industrial sector has added more technology, perhaps the greatest overall vulnerability is the login process. Our guest for today's episode is Venkat Thummisi, CTO and Founder of Inside-Out Defense. He offers some first-hand expertise on the hows and whys of access abuse.We're also excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
Inside the resurgence of ransomware attacks and the rise of billion-dollar "unicorn" hacker gangs.Believe it or not, there was a time in recent history when we actually experienced a reprieve in ransomware attacks. According to a report from Black Kite, a leading provider of third-party risk management and cyber intelligence, a number of factors contributed to a flattening of ransomware attack frequency in late 2021 and into 2022.Unfortunately, the bad guys evolved and ransomware attacks have surged in early 2023, with the number of ransomware victims in March of this year coming in at nearly twice that of April 2022, and 1.6 times higher than last year's highest monthly total.New players like Black Basta, as well as new strategies from well-known adversaries like LockBit once again brought manufacturing to the top of the list of favorite targets. According to the report, manufacturing represented nearly one out of every five attacks.Our guest for today's episode is Jeffrey Wheatman, a Cyber Risk Evangelist at Black Kite.We're also excited to announce that Security Breach is being sponsored by Pentera. For more information on their cybersecurity solutions, you can go to Pentara.io.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos. What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them! While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them! Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them! In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw319
On this edition of the ESW news, we're all over the place! Funding and acquisitions are a little sad right now, but AI and TikTok bans raise our spirits. The hosts are split on feelings about the new .zip gTLD, there's a new standard for scoring an "AI Influence Level" (AIL), and lessons learned from Joe Sullivan's case and other Uber breaches. Also, don't miss the new AI tool DragGAN, which enables near magical levels of ease when manipulating photos. What's even real anymore? We might not be able to tell for long... The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them! While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them! Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them! In today's hyper-connected world, devices are everywhere, people are online constantly and sensitive data has moved to the cloud. Given these trends, organizations are making digital trust a strategic imperative. More than ever, companies need a unified platform, modern architecture and flexible deployment options in order to put digital trust to work. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertrsac to learn more about them! Bill Brenner, VP of content strategy at CyberRisk Alliance, and Cisco storyteller/team leader/editor Steve Ragan discuss the issues security professionals are sinking their teeth into at RSA Conference 2023, including: Threats organizations face amid geopolitical strife (Russia/Ukraine, China, North Korea) What SOCs need to respond to a world on fire (training for cloud-based ops, XDR) Challenges of identity and access management (zero trust, MFA, hybrid work environments) Challenges of vulnerability management (finding the most critical flaws in the cloud, key attack vectors in 2023, ransomware) This segment is sponsored by Cisco. Visit https://securityweekly.com/ciscorsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw319
The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them! While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them! Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw319
The reality is no organization is insusceptible to a breach – and security teams, alongside the C-suite, should prepare now to make the response more seamless once a crisis does happen. Based on his experience working 1:1 with security leaders in the private and public sectors, Jon Check, executive director of Cyber Protection Solutions at Raytheon Intelligence & Space, will share the critical steps organizations must take to best prepare for a security breach. This segment is sponsored by Raytheon. Visit https://securityweekly.com/raytheonrsac to learn more about them! While companies utilize dozens of security solutions, they continue to be compromised and are continually searching for their real cybersecurity gaps amongst the overload of vulnerability data. A primary issue security teams face is that they lack a way to continuously validate the effectiveness of the different security solutions they have in place. Automated Security Validation is revolutionizing cybersecurity by applying software validation algorithms, for what was once manual penetration testing jobs. It takes the attacker's perspective to challenge the integrity and resilience of security defenses by continuously emulating cyber attacks against them. This segment is sponsored by Pentera. Visit https://securityweekly.com/penterarsac to learn more about them! Security teams are always on the lookout for external threats that can harm our organizations. However, an internal threat can derail productivity and lead to human error and burnout: repetitive, mundane tasks. To effectively defend against evolving threats, organizations must leverage no-code automation and free analysts to focus on higher-level projects that can improve their organization's security posture. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw319
Pentera is a company that specializes in automated security testing and vulnerability management. Its platform uses a combination of automated and manual testing techniques to identify and prioritize security vulnerabilities in an organization's infrastructure. By doing so, Pentera helps unmask hidden vulnerabilities and provide visibility into potential security threats. Their "Automated Security Validation" component continuously validates cyber defenses. It's a method of testing that is becoming increasingly more popular as attackers have become more sophisticated. In fact, it was recently recognized by Gartner as its own category.Nelson Santos, a Senior SE with Pentera, is a security professional with years of experience in both attack and defense teams. He holds multiple top-tier security certifications and has trained under some of the best known researchers in the field. His interests range from exploit development and vulnerability research to machine learning and artificial intelligence.We engage in a discussion that defines automated security validation, and why it's different from traditional methods of security testing.TIMESTAMPS:0:03:29 - Automated Security Validation: Benefits, Vendor Landscape, and Trends0:05:29 - Effect of Automated Security Validation in the Age of COVID-190:07:11 - Challenges and Best Practices0:12:39 - The Impact of Automated Security Validation Tools on DevOps Workflows0:15:54 - Automated Security Tools for Mid-Sized Enterprises0:17:22 - Automated Security Validation Tools for Enterprises 0:22:09 - Pentera's History0:23:41 - Pentera's Security Validation and Differentiators for Success0:28:07 - Trends in Cybersecurity and Threat Intelligence Integration0:30:15 - Pentera's Rap Battle at RSA and Black Hat Conferences SYMLINKSNelson's LinkedInPentera's - LinkedInPentera's - TwitterPentera's WebsiteDRINK INSTRUCTIONSCANALYZER1 oz Gin3/4 oz Lime JuiceTonic WaterFill a glass with ice. Pour in the gin and lime juice. Top off with Tonic Water.EPISODE SPONSORPenteraCONNECT WITH USBecome a SponsorSupport us on PatreonFollow us on LinkedInTweet us at @BarCodeSecurityEmail us at info@barcodesecurity.com
NCSC warns of “new class” of Russian adversaries GitHub adds Action to help open source security Used routers hold on to secrets Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io
Link to Blog Post This week's Cyber Security Headlines – Week in Review, April 17-21, is hosted by Rich Stroffolino with our guest, Shawn Bowen, CISO, World Fuel Services Thanks to our show sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io All links and the video of this episode can be found on CISO Series.com
Microsoft 365 outage blocks access to web apps and services Capita has 'evidence' customer data was stolen in digital burglary 3CX supply chain attack was the result of a previous supply chain attack Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
Elon Musk wants to develop TruthGPT Southwest's operations resume after a ‘technical issue' US, UK warn of govt hackers targeting Cisco routers Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
Ransomware comes for macOS The security considerations of low code Israeli offensive cyber company shutting down Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io
Microsoft warns of Remcos RAT campaign targeting tax accountants NCR suffers POS outage after BlackCat ransomware attack Google releases urgent Chrome update to fix actively exploited zero-day vulnerability Thanks to today's episode sponsor, Pentera This episode of Cyber Security Headlines is made possible in part by Pentera. Today over 60% of cyber attacks involve the use of exposed credentials. Now, for the first time, security teams can address this critical threat head-on. Pentera collects an organization's leaked credentials and automatically tests their exploitability across the external and internal attack surface. Pentera's customers find that leveraging the Pentera automated security validation platform as part of their exposure management strategy increases their ability to identify security gaps, improves the efficiency of remediation processes, and maximizes their security readiness. To learn more, visit Pentera.io For the stories behind the headlines, head to CISOseries.com.
All links and images for this episode can be found on CISO Series. For those security practitioners who leave a job to go work for a security vendor, please stop calling it "going to the dark side." This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Jason Mar-Tang, director of sales engineering, Pentera. Thanks to our podcast sponsor, Pentera Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale. In this episode: Why do we call security practitioners who leave a job to go work for a security vendor, "going to the dark side?" Do security professionals say this because once they go work for a vendor their motivation shifts from protecting to sales? Over the years what other small steps have we seen that have made improvements in the vendor/practitioner divide?
שלי שמורק מארחת את עומר צוקר, מנהל צוות מוצר בפנטרה. שוחחנו על ניהול מוצר בסייבר, אילו אתגרים ייחודיים יש בתפקידים האלה, על עבודה של ניהול מוצר מול אנשי מחקר בשונה מאנשי פיתוח קלאסיים, ואיך מייצרים דייברסיטי בצוותי מוצר בתחום שהנסיון שלו נתפס כצבאי מאוד בישראל. ----- מגישה בפרק: שלי שמורק עריכה: תמר הלוי הלחנה: מיכאל ינטיס
We have talked a lot about security. One of the biggest challenge is not knowing where the next attack is going to come from, and the list of vulnerabilities changes every day. Today we are going to talk with a company that is looking to help you understand what your attack surface looks like.Hey everybody, this is Chris Brandt here with Sandesh Patel, welcome to another FUTR podcast.If you don't know what your vulnerabilities are, it is very hard to protect your environment. It is also impossible to understand what your priorities should be. Pentera offers an agentless, autonomous and continuous validation of your environment, to give you the best picture of your attack surface. Pentera overlaps several of the Gartner categories, from Breach and Attack Simulation to Attack Surface Management, but it is something a little different. So today, we have with us Petera's Director of Sales Engineering, Jay Mar-Tang, to tell us all about it.Welcome JayClick Here to SubscribeFUTR.tv focuses on startups, innovation, culture and the business of emerging tech with weekly podcasts featuring Chris Brandt and Sandesh Patel talking with Industry leaders and deep thinkers.Occasionally we share links to products we use. As an Amazon Associate we earn from qualifying purchases on Amazon.
Nos acompaña Dani López, director comercial de CODEE, para hablar de la supercomputación y la optimización de código. Con: Rafa Tortajada, Carlos Valerdi y Patricia Cobo. Dirige: Carlos Lillo clickciber.com Gracias Allot, Forescout, Forcepoint, Pentera y TrendMicro --- Send in a voice message: https://anchor.fm/clickcibernews/message
Nos acompaña Dani López, director comercial de CODEE, para hablar de la supercomputación y la optimización de código. Con: Rafa Tortajada, Carlos Valerdi y Patricia Cobo. Dirige: Carlos Lillo clickciber.com Gracias Allot, Forescout, Forcepoint, Pentera y TrendMicro --- Send in a voice message: https://anchor.fm/clickcibernews/message
Los Coches Autónomos son una realidad, hoy Alfonso Calvo Orra junto con su invitado Manuel Jacinto Martínez nos hablan de sus posibilidades y riesgos. Los Ingenieros Preventas son uno de los puestos de trabajo en los que hay mayor demanda de perfiles. Nuestro invitado, Javier Pascual Izquierdo como Director de Preventa y Provisión dentro de Telefónica es quien nos cuenta su visión de estos puestos tan solicitados. Como siempre, completamos con nuestras Noticias, las Tecnoefemérides y el Concurso semanal. Con: Alfonso Calvo, Carlos Julián Valerdi y Javier Soria Pastor Dirige: Carlos Lillo. Colaboran: Allot, Trend Micro, Pentera, Forescout Technologies Inc. y Forcepoint. --- Send in a voice message: https://anchor.fm/clickcibernews/message
Los Coches Autónomos son una realidad, hoy Alfonso Calvo junto con su invitado Manuel Jacinto Martínez nos hablan de sus posibilidades y riesgos. Los Ingenieros Preventas son uno de los puestos de trabajo en los que hay mayor demanda de perfiles. Nuestro invitado, Javier Pascual como Director de Preventa y Provisión dentro de Telefónica de España es quien nos cuenta su visión de estos puestos tan solicitados. Como siempre, completamos con nuestras Noticias, las Tecnoefemérides y el Concurso semanal. Con: Alfonso Calvo, Carlos Valerdi y Javier Soria. Dirige: Carlos Lillo. Colaboran: Allot, TrendMicro, Pentera, Forescout y Forcepoint. --- Send in a voice message: https://anchor.fm/clickcibernews/message
El Black Friday representa el ecosistema perfecto para los ciberdelincuentes. Damos pistas de como evitarlos. También contamos las 7 fases de la KILL CHAIN, esquema seguido por muchos ciberataques. Además tenemos el placer de contar con el CEO de TALENTFY, empresa española que utiliza la Inteligencia Artificial para ayudar a empresas a conseguir los mejores candidatos para cubrir vacantes de Tecnología. Gracias a: ALLOT, FORESCOUT, FORCEPOINT, PENTERA y TREND MICRO. Con: Carlos Valerdi, Joan MassanetDirige: Carlos LilloProducción: ClickRadioTV
El Black Friday representa el ecosistema perfecto para los ciberdelincuentes. Damos pistas de como evitarlos. También contamos las 7 fases de la KILL CHAIN, esquema seguido por muchos ciberataques. Además tenemos el placer de contar con el CEO de TALENTFY, empresa española que utiliza la Inteligencia Artificial para ayudar a empresas a conseguir los mejores candidatos para cubrir vacantes de Tecnología. Gracias a: ALLOT, FORESCOUT, FORCEPOINT, PENTERA y TREND MICRO. Con: Carlos Valerdi, Joan Massanet Dirige: Carlos Lillo Producción: ClickRadioTV --- Send in a voice message: https://anchor.fm/clickcibernews/message
El Black Friday representa el ecosistema perfecto para los ciberdelincuentes. Damos pistas de como evitarlos. También contamos las 7 fases de la KILL CHAIN, esquema seguido por muchos ciberataques. Además tenemos el placer de contar con el CEO de TALENFY, empresa española que utiliza la Inteligencia Artificial para ayudar a empresas a conseguir los mejores candidatos para cubrir vacantes de Tecnología. Gracias a: ALLOT, FORESCOUT, FORCEPOINT, PENTERA y TREND MICRO. Con: Carlos Valerdi, Joan Massanet Dirige: Carlos Lillo Producción: ClickRadioTV --- Send in a voice message: https://anchor.fm/clickcibernews/message
¿Qué son los ataques DDoS? ¿Y los DoS? Nos acompaña Ramón Lucini, responsable comercial para España y Portugal de PENTERA. Con: Bárbara López, Rafa Tortajada, Javi Soria y Manuela Muñoz. Subdirector: Carlos Valerdi Dirige: Carlos Lillo clickciber.com
¿Qué son los ataques DDoS? ¿Y los DoS? Nos acompaña Ramón Lucini, responsable comercial para España y Portugal de PENTERA. Con: Bárbara López, Rafa Tortajada, Javi Soria y Manuela Muñoz. Subdirector: Carlos Valerdi. Dirige: Carlos Lillo clickciber.com --- Send in a voice message: https://anchor.fm/clickcibernews/message
¿Qué son los ataques DDoS? ¿Y los DoS? Nos acompaña Ramón Lucini, responsable comercial para España y Portugal de PENTERA. Con: Bárbara López, Rafa Tortajada, Javi Soria y Manuela Muñoz. Subdirector: Carlos Valerdi Dirige: Carlos Lillo clickciber.com --- Send in a voice message: https://anchor.fm/clickcibernews/message
Hoy, bajo la batuta en el estudio de Carlos Valerdi, tratamos el asunto de las Auditorías: ¿son necesarias?. Continuamos con nuestras Tecnoefemérides tan quereidas y abrimos un monográfico recurrente dedicado a los SIEM. Acabamos con una entrevista desde México con Emiliano Anguiano, de La Jaula del N00b. Con: Rafa Tortajada, Patricia Cobo y Sergio Lillo. Realizador y Subdirector: Carlos Valerdi. Dirige: Carlos Lillo. Invitado: Emiliano Anguiano de La Jaula del N00b Producción: ClickRadioTV Gracias a : Allot, Forcepoint, Forescout, Pentera y Trend Micro
Hoy, bajo la batuta en el estudio de Carlos Valerdi, tratamos el asunto de las Auditorías: ¿son necesarias?. Continuamos con nuestras Tecnoefemérides tan quereidas y abrimos un monográfico recurrente dedicado a los SIEM. Acabamos con una entrevista desde México con Emiliano Anguiano, de La Jaula del N00b. Con: Rafa Tortajada, Patricia Cobo y Sergio Lillo. Realizador y Subdirector: Carlos Valerdi. Dirige: Carlos Lillo. Invitado: Emiliano Anguiano de La Jaula del N00b Producción: ClickRadioTV Gracias a : Allot, Forcepoint, Forescout, Pentera y Trend Micro --- Send in a voice message: https://anchor.fm/clickcibernews/message
En el primer programa del otoño de 2022 empezamos con fuerza. En primer lugar, después de las habituales noticias, nos hacemos eco de una petición de la audiencia de dedicar un espacio a los Gestores de las Contraseñas. Continuamos con las Tecnoefemérides para seguir con un monográfico en el que desarrollamos la primera parte del concepto de DLP, para proteger los datos de las empresas. Acabamos con una entrevista al Vicepresidente de comunicación y portavoz de la Asociación Internacional de Víctimas de Ciberestafas y Criptomonedas. Con: Dani Vaquero, Patricia Cobo, Carlos Valerdi y Raúl Guillén. Dirige: Carlos Lillo. Gracias a Allot, Forcepoint, Forescout, Pentera y Trend Micro. --- Send in a voice message: https://anchor.fm/clickcibernews/message
En el primer programa del otoño de 2022 empezamos con fuerza. En primer lugar, después de las habituales noticias, nos hacemos eco de una petición de la audiencia de dedicar un espacio a los Gestores de las Contraseñas. Continuamos con las Tecnoefemérides para seguir con un monográfico en el que desarrollamos la primera parte del concepto de DLP, para proteger los datos de las empresas. Acabamos con una entrevista al Vicepresidente de la Asociación Internacional de Afectados por Ciberestafas. Con: Dani Vaquero, Patricia Cobo, Carlos Valerdi y Raúl Guillén. Dirige: Carlos Lillo. Gracias a Allot, Forcepoint, Forescout, Pentera y Trend Micro.
En el primer programa del otoño de 2022 empezamos con fuerza. En primer lugar, después de las habituales noticias, nos hacemos eco de una petición de la audiencia de dedicar un espacio a los Gestores de las Contraseñas. Continuamos con las Tecnoefemérides para seguir con un monográfico en el que desarrollamos la primera parte del concepto de DLP, para proteger los datos de las empresas. Acabamos con una entrevista al Vicepresidente de comunicación y portavoz de la Asociación Internacional de Víctimas de Ciberestafas y Criptomonedas. Con: Dani Vaquero, Patricia Cobo, Carlos Valerdi y Raúl Guillén. Dirige: Carlos Lillo. Gracias a Allot, Forcepoint, Forescout, Pentera y Trend Micro. --- Send in a voice message: https://anchor.fm/clickcibernews/message
This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software. Arik fused the two mindsets and had an a-ha moment that 'I can do everything that I'm doing here with people and I can do it in software. I can shrink wrap a red team in a box of software and give every enterprise in the world the ability to red team irrespective of their budget. I can give every business the power of a big red team army, delivered through software.'This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believes that it is important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.Note: This story contains promotional content. Learn more.GuestAviv CohenChief Marketing Officer at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesBe sure to visit Pentera at https://itspm.ag/pentera-tyuw to learn more about their offering.Meet Pentera Labs: https://itspm.ag/penteri67aBrowse the cybertoon series: https://itspm.ag/penttoonTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
This is a story that begins with the journey of Arik Liberzon, the founder and CTO and head of the R&D and product teams at Pentera. Arik was the head of the red team for the Israeli Defense Forces, chartered with pentesting — or red teaming — all of the strategic assets against nation state levels of threats. He did so with a great number of people, just like you would expect to do with an enterprise level red teaming program, tapping into a wealth of ethical hackers and red teamers. But he also had another part of his brain, which was all about software. Arik fused the two mindsets and had an a-ha moment that 'I can do everything that I'm doing here with people and I can do it in software. I can shrink wrap a red team in a box of software and give every enterprise in the world the ability to red team irrespective of their budget. I can give every business the power of a big red team army, delivered through software.'This story, and the broader capabilities, mission, and vision for the future at Pentera, was told to us by Aviv Cohen, Pentera's Chief Marketing Officer. Connecting the human element to software and operations, the team at Pentera believes that it is important to have a human view for the challenges organizations face when managing their security programs. This is why Pentera created a series of cyber cartoons that are specialized to represent cybersecurity life. The cartoons connect the life of cybersecurity personnel and their role in society. This is a way for us to laugh, adding some humor to reality, connecting the technology products and services that we provide to this reality.The software-enabled red team army is here and ready to join your team. Have a listen and connect with the team at Pentera to begin and continue your own red team journey.Note: This story contains promotional content. Learn more.GuestAviv CohenChief Marketing Officer at Pentera [@penterasec]On Linkedin | https://www.linkedin.com/in/avivco/ResourcesBe sure to visit Pentera at https://itspm.ag/pentera-tyuw to learn more about their offering.Meet Pentera Labs: https://itspm.ag/penteri67aBrowse the cybertoon series: https://itspm.ag/penttoonTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
VIDEO - Volvemos al estudio después de las vacaciones estivales. En esta ocasión nos acompaña Raul Breton Perez de Innovasur a hablarnos de la Ciberseguridad en Pymes. También comenzamos el repaso de las necesidades básicas de ciberseguridad tanto para entorno doméstico como para empresas. Con: Carlos Julián Valerdi, Rafael Tortajada, Daniel Vaquero y Javier Soria Pastor. Dirige: Carlos Lillo Gracias a Allot, Forcepoint, Forescout Technologies Inc., Pentera y Trend Micro --- Send in a voice message: https://anchor.fm/clickcibernews/message
Volvemos al estudio después de las vacaciones estivales. En esta ocasión nos acompaña Raul Breton Perez de Innovasur a hablarnos de la Ciberseguridad en Pymes. También comenzamos el repaso de las necesidades básicas de ciberseguridad tanto para entorno doméstico como para empresas. Con: Carlos Julián Valerdi, Rafael Tortajada, Daniel Vaquero y Javier Soria Pastor. Dirige: Carlos Lillo Gracias a Allot, Forcepoint, Forescout Technologies Inc., Pentera y Trend Micro
Volvemos al estudio después de las vacaciones estivales. En esta ocasión nos acompaña Raul Breton Perez de Innovasur a hablarnos de la Ciberseguridad en Pymes. También comenzamos el repaso de las necesidades básicas de ciberseguridad tanto para entorno doméstico como para empresas. Con: Carlos Julián Valerdi, Rafael Tortajada, Daniel Vaquero y Javier Soria Pastor. Dirige: Carlos Lillo Gracias a Allot, Forcepoint, Forescout Technologies Inc., Pentera y Trend Micro --- Send in a voice message: https://anchor.fm/clickcibernews/message
A CISO's Guide to Pentesting References https://en.wikipedia.org/wiki/Penetration_test https://partner-security.withgoogle.com/docs/pentest_guidelines#assessment-methodology https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies https://www.pcisecuritystandards.org/documents/Penetration_Testing_Guidance_March_2015.pdf https://pentest-standard.readthedocs.io/en/latest/ https://www.isecom.org/OSSTMM.3.pdf https://s2.security/the-mage-platform/ https://bishopfox.com/platform https://www.pentera.io/ https://www.youtube.com/watch?v=g3yROAs-oAc **************************** Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cyber security leader. My name is G. Mark Hardy, and today we're going to explore a number of things a CISO needs to know about pentesting. As always, please follow us on LinkedIn, and make sure you subscribe so you can always get the latest updates. Now to get a good understanding of pentesting we are going over the basics every CISO needs to understand. What is it Where are good places to order it What should I look for in a penetration testing provider What does a penetration testing provider need to provide What's changing on this going forward First of all, let's talk about what a pentest is NOT. It is not a simple vulnerability scan. That's something you can do yourself with any number of publicly available tools. However, performing a vulnerability scan, and then acting on remediating what you find, is an important prerequisite for a pentest. Why pay hundreds of dollars per hour for someone to point out what you can find yourself in your bunny slippers sipping a latte? Now let's start with providing a definition of a penetration test. According to Wikipedia a penetration test or pentest is an authorized simulated cyber-attack on a computer system performed to evaluate the security of a system. It's really designed to show weaknesses in a system that can be exploited. Let's think of things we want to test. It can be a website, an API, a mobile application, an endpoint, a firewall, etc. There's really a lot of things you can test, but the thing to remember is you have to prioritize what has the highest likelihood or largest impact to cause the company harm. You need to focus on high likelihood and impact because professional penetration tests are not cheap. Usually, they will usually cost between $10,000-$30,000 but if you have a complex system, it's not unheard of to go up to $100,000. As a CISO you need to be able to defend this expenditure of resources. So, you will usually define a clear standard that our company will perform penetration tests on customer facing applications, PCI applications, and Financially Significant Application or SOX applications once per year. My friend John Strand, who founded Black Hills Information Security, pointed out in a recent webcast that sometimes you, the client, may not know what you mean by the term pentest. Sometimes clients want just a vulnerability scan, or sometimes an external scan of vulnerabilities to identify risk, or sometimes a compromise assessment where a tester has access to a workstation and tries to work laterally, or sometimes a red team where a tester acts like a threat actor and tries to bypass controls, or a collaborative effort involving both red teams and blue teams to document gaps and to help defenders do their job better. He goes on to state that your pentest objective should be to "provide evidence of the effectiveness of current defensive mechanisms and attack detection methodologies." Please do not confuse a penetration test with a Red Team exercise. A red team exercise just wants to accomplish an objective like steal data from an application. A penetration test wants to enumerate vulnerabilities in a scoped target system so the developer can patch and remediate. It's a subtle difference but consider that a red team only needs to find one vulnerability to declare success, whereas a penetration test keeps going to help identify potentially exploitable vulnerabilities. Now, is a pentest about finding ALL vulnerabilities? I would say no – there are vulnerabilities that might require a disproportionate amount of resources to exploit for little or no value – something with a CVSS score of 4.0 or the like. Those can often be left unpatched without consequence – the cost of remediating may exceed the value of the risk avoided. There really is a “good enough” standard of risk, and that is called “acceptable risk.” So, when scoping a pentest or reviewing results, make sure that any findings are both relevant and make economic sense to remediate. Let's take the example that you want to perform a web application pentest on your public website so you can fix the vulnerabilities before the bad actors find them. The first question you should consider is do you want an internal or an external penetration test. Well, the classic answer of "it depends" is appropriate. If this website is something of a service that you are selling to other companies, then chances are those companies are going to ask you for things like an ISO 27001 certification or SOC 2 Type 2 Report and both of those standards require, you guessed it, a penetration Test. In this case your company would be expected to document a pentest performed by an external provider. Now if your company has a website that is selling direct to a consumer, then chances are you don't have the same level of requirement for an external pentest. So, you may be able to just perform an internal penetration test performed by your company's employees. I'd be remiss if I didn't mention the Center for Internet Security Critical Controls, formerly know as the SANS Top 20. The current version, eight, has 18 controls that are listed in order of importance, and they include pentesting. What is the priority of pentesting, you may ask? #18 of 18 -- dead last. Now, that doesn't mean pentests are not valuable, or not useful, or even not important. What it does mean is that pentests come at the end of building your security framework and implementing controls. Starting with a pentest makes no sense IMHO, although compliance-oriented organizations probably do this more often than they should. That approach makes the pen testers job one of filtering through noise -- there are probably a TON of vulnerabilities and weaknesses that should have been remediated in advance and could have been with very little effort. Think of a pentest as a final exam if you will. Otherwise, it's an expensive way to populate your security to-do list. OK let's say we want to have an external penetration test and we have the 10-30K on hand to pay an external vendor. Remember this, a penetration test is only as good as the conductor of the penetration test. Cyber is a very unregulated industry which means it can be tricky to know who is qualified. Compare this to the medical industry. If you go to a hospital, you will generally get referred to a Medical Doctor or Physician. This is usually someone who has a degree such as a MD or DO which proves their competency. They will also have a license from the state to practice medicine legally. Contrast this to the cyber security industry. There is no requirement for a degree to practice Cyber in the workforce. Also, there is no license issued by the state to practice cyber or develop software applications. Therefore, you need to look for relevant Cyber certifications to demonstrate competency to perform a Penetration Test. There's a number of penetration testing certifications such as the Certified Ethical Hacker or CEH, Global Information Assurance Certification or GIAC GPEN or GWAP, and the Offensive Security Certified Professional or OSCP. We strongly recommend anyone performing an actual penetration test have an OSCP. This certification is difficult to pass. A cyber professional must be able to perform an actual penetration test and produce a detailed report to get the actual certification. This is exactly what you want in a pentester, which is why we are big fans of this certification. This certification is a lot more complicated than remembering a bunch of textbook answers and filling in a multiple-choice test. Do yourself a favor and ask for individuals performing penetration tests at your company to possess this certification. It may mean your penetration tests cost more, but it's a really good way to set a bar of qualified folks who can perform quality penetration tests to secure your company. Now you have money, and you know you want to look for penetration tests from companies that have skilled cyber professionals with years of experience and an OSCP. What companies should you look at? Usually, we see three types of penetration testing companies. Companies that use their existing auditors to perform penetration tests – firms like KPMG, EY, PWC, or Deloitte (The Big 4 1/2). This is expensive but it's easy to get them approved since most large companies already have contracts with at least one of these companies. The second type of company that we see are large penetration testing companies. Companies like Bishop Fox, Black Hills Information Security, NCC Group, and TrustedSec, focus largely on penetration testing and don't extend into other areas like financial auditing. They have at least 50+ penetration testers with experience from places like the CIA, NSA, and other large tech companies. Note they are often highly acclaimed so there is often a waitlist of a few months before you can get added as a new client. Finally, there are boutique shops that specialize in particular areas. For example, you might want to hire a company that specializes in testing mobile applications, Salesforce environments, embedded devices, or APIs. This is a more specialized skill and a bit harder to find so you have to find a relevant vendor. Remember if someone can pass the OSCP it means they know how to test and usually have a background in Web Application Penetration testing. Attacking a Web application means being an expert in using a tool like Burp Suite to look for OWASP Top 10 attacks like SQL injection or Cross Site Scripting. This is a very different set of skills from someone who can hack a Vehicle Controller Area Network (CAN) bus or John Deere Tractor that requires reverse engineering and C++ coding. Once you pick your vendor and successfully negotiate a master license agreement be sure to check that you are continuing to get the talent you expect. It's common for the first penetration test to have skilled testers but over time to have a vendor replace staff with cheaper labor who might not have the OSCP or same level of experience that you expect. Don't let this happen to your company and review the labor and contract requirements in a recurring fashion. Alright, let's imagine you have a highly skilled vendor who meets these requirements. How should they perform a penetration test? Well, if you are looking for a quality penetration testing guide, we recommend following the one used by Google. Google, whose parent company is called Alphabet, has publicly shared their penetration testing guidelines and we have attached a link to it in our show notes. It's a great read so please take a look. Now Google recommends that a good penetration test report should clearly follow an assessment methodology during the assessment. Usually, penetration testers will follow an industry recognized standard like the OWASP Web Security Testing Guide, the OWASP Mobile Security Testing Guide, the OWASP Firmware Security Testing Guide, the PCI DSS Penetration Testing Guide, The Penetration Testing Execution Standard, or the OSSTMM which stands for The Open Source Security Testing Methodology Manual. These assessment methodologies can be used to show that extensive evaluation was done, and a multitude of steps/attacks were carried out. They can also standardize the documentation of findings. Here you will want a list showing risk severity level, impact from a business/technical perspective, clear concise steps to reproduce the finding, screenshots showing evidence of the finding, and recommendations on how to resolve the finding. This will allow you to build a quality penetration test that you can reuse in an organization to improve your understanding of technical risks. If I can get good penetration tests today, perhaps we should think about how penetration testing is changing in the future? The answer is automation. Now we have had automated vulnerability management tools for decades. But please don't think that running a Dynamic Application Security Testing Tool or DAST such as Web Inspect is the same thing as performing a full penetration test. A penetration test usually takes about a month of work from a trained professional which is quite different from a 30-minute scan. As a cyber industry we are starting to see innovative Penetration Testing companies build out Continuous and Automated Penetration Testing tooling. Examples of this include Bishop Fox's Cosmos, Pentera's Automated Security Validation Platform, and Stage 2 Security Voodoo and Mage tooling. Each of these companies are producing some really interesting tools and we think they will be a strong complement to penetration tests performed by actual teams. This means that companies can perform more tests on more applications. The other major advantage with these tools is repeatability. Usually, a penetration test is a point in time assessment. For example, once a year you schedule a penetration test on your application. That means if a month later if you make changes, updates, or patches to your application then there can easily be new vulnerabilities introduced which were never assessed by your penetration test. So having a continuous solution to identify common vulnerabilities is important because you always want to find your vulnerabilities first before bad actors. Here's one final tip. Don't rely on a single penetration testing company. Remember we discussed that a penetration testing company is only as good as the tester and the toolbox. So, try changing out the company who tests the same application each year. For example, perhaps you have contracts with Bishop Fox, Stage 2 Security, and Black Hill Information Security where each company performs a number of penetration tests for your company each year. You can alternate which company scans which application. Therefore, have Bishop Fox perform a pentest of your public website in 2022, then Stage 2 Security test it in 2023, then Black Hills test it in 2024. Every penetration tester looks for something different and they will bring different skills to the test. If you leverage this methodology of changing penetration testing vendors each cycle, then you will get more findings which allows you to remediate and lower risk. It allows you to know if a penetration testing vendor's pricing is out of the norm. You can cancel or renegotiate one contract if a penetration testing vendor wants to double their prices. And watch the news -- even security companies have problems, and if a firm's best pentesters all leave to join a startup, that loss of talent may impact the quality of your report. Thank you for listening to CISO Tradecraft, and we hope you have found this episode valuable in your security leadership journey. As always, we encourage you to follow us on LinkedIn, and help us out by letting your podcast provider know you value this show. This is your host, G. Mark Hardy, and until next time, stay safe.
Applications run the world. They provide an interface to the rest of the technologies and data we create, share, and make decisions with. Sometimes these interfaces come in the form of a user interface (UX), sometimes in the form of an API. In both cases, they offer a path to the systems and information we hold dear to us.In this Chats on the Road to DEF CON, we connect with the co-founders and organizers of the AppSec Village along with their keynote speaker at the village this year. This is a conversation about the real-world that you won't want to miss.About the AppSec VillageWelcome to AppSec Village, where red, blue and purple teamers, come together learn from the best of the best on how to exploit software vulnerabilities and how to secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.Our mission is to promote diverse voices and perspectives in an inclusive environment driven for and by the appsec community to increase education and awareness of application security methods and practices.About Chris Kubecka's Keynote: Wartime AppSecTo understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.Come on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestsChris KubeckaCEO at HypaSec NL [@HypaSec] and Keynote speaker at AppSec Village at DEF CON 30On LinkedIn | https://www.linkedin.com/in/chris-kubecka/On Twitter | https://twitter.com/SecEvangelismLiora HermanFounder and Queen of Details at AppSec Village [@AppSec_Village] and Head of Field and Channel Marketing, EMEA & APAC at Pentera [@penterasec]On LinkedIn | https://www.linkedin.com/in/liorarherman/On Twitter | https://twitter.com/tzionit411On Facebook | https://www.facebook.com/liorarhermanOn YouTube | https://www.youtube.com/c/AppSecVillage/Erez YalonFounder and Mayor at AppSec Village [@AppSec_Village] and VP of Security Research at Checkmarx [@Checkmarx]On LinkedIn | https://www.linkedin.com/in/erezyalon/On Twitter | https://twitter.com/ErezYalon____________________________This Episode's SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegweb____________________________ResourcesAppSec Village DEF CON Schedule: https://www.appsecvillage.com/events/dc-2022AppSec Village website: https://www.appsecvillage.com/On LinkedIn | https://linkedin.com/company/appsecvillageOn YouTube | https://www.youtube.com/c/AppSecVillage/At DEF CON: https://forum.defcon.org/node/240922____________________________For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
Applications run the world. They provide an interface to the rest of the technologies and data we create, share, and make decisions with. Sometimes these interfaces come in the form of a user interface (UX), sometimes in the form of an API. In both cases, they offer a path to the systems and information we hold dear to us.In this Chats on the Road to DEF CON, we connect with the co-founders and organizers of the AppSec Village along with their keynote speaker at the village this year. This is a conversation about the real-world that you won't want to miss.About the AppSec VillageWelcome to AppSec Village, where red, blue and purple teamers, come together learn from the best of the best on how to exploit software vulnerabilities and how to secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.Our mission is to promote diverse voices and perspectives in an inclusive environment driven for and by the appsec community to increase education and awareness of application security methods and practices.About Chris Kubecka's Keynote: Wartime AppSecTo understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.Come on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________GuestsChris KubeckaCEO at HypaSec NL [@HypaSec] and Keynote speaker at AppSec Village at DEF CON 30On LinkedIn | https://www.linkedin.com/in/chris-kubecka/On Twitter | https://twitter.com/SecEvangelismLiora HermanFounder and Queen of Details at AppSec Village [@AppSec_Village] and Head of Field and Channel Marketing, EMEA & APAC at Pentera [@penterasec]On LinkedIn | https://www.linkedin.com/in/liorarherman/On Twitter | https://twitter.com/tzionit411On Facebook | https://www.facebook.com/liorarhermanOn YouTube | https://www.youtube.com/c/AppSecVillage/Erez YalonFounder and Mayor at AppSec Village [@AppSec_Village] and VP of Security Research at Checkmarx [@Checkmarx]On LinkedIn | https://www.linkedin.com/in/erezyalon/On Twitter | https://twitter.com/ErezYalon____________________________This Episode's SponsorsCrowdSec | https://itspm.ag/crowdsec-b1vpEdgescan | https://itspm.ag/itspegwebPentera | https://itspm.ag/pentera-tyuw____________________________ResourcesAppSec Village DEF CON Schedule: https://www.appsecvillage.com/events/dc-2022AppSec Village website: https://www.appsecvillage.com/On LinkedIn | https://linkedin.com/company/appsecvillageOn YouTube | https://www.youtube.com/c/AppSecVillage/At DEF CON: https://forum.defcon.org/node/240922____________________________For more Black Hat and DEF CON Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?
Welcome to episode one of Capture the CISO, hosted by Johna Till Johnson, CEO, Nemertes. Please go to the blog post for this episode to check out the demo videos of all the contestants. Our judges are Shawn Bowen, CISO, World Fuel Services and Mike Johnson, co-host, CISO Series Podcast and CISO for Fastly. Our contestants: Christopher Gomes, head of product, Conveyor Jake Flynn, sales engineer, Pentera Aviv Grafi, founder and CTO, Votiro Huge thanks to all our contestants who are also sponsors of Capture the CISO Conveyor Conveyor makes security reviews fast, easy, and accurate for both vendors and their customers. How? By making it easy for 3rd party risk teams to get basic info on vendors, request access to their security docs (like SOC 2s and PenTests), and get their security questions answered without actually issuing a questionnaire. Check out our video to see how Conveyor can save you 71% of your time on your vendor security reviews. Pentera Pentera's Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way. Validate your tools are working effectively by safely emulating attacks & prioritize your remediation efforts with true contextual driven results. With Mitre ATT&CK framework mapping, stay on top and test your environment against adversary techniques to create an optimized process from testing to in-production. Don't just operate, validate! Votiro Can you trust the files and content entering your organization? Votiro Cloud's Zero Trust open API proactively disarms files of known, unknown, & zero-day malware threats at scale without adding friction, interrupting user or application workflows, or impacting file fidelity. Votiro reduces work, alerts, & risk for IT and security teams while enabling the seamless flow of safe files. Votiro is tool-agnostic, and provides virtually limitless auto-scale capabilities to handle any file throughput and the greatest span of file formats, preventing malicious files uploaded to web apps, portals, data management platforms, and cloud services.
Novel device registration trick enhances multi-stage phishing attacks US bans major Chinese telecom over national security risks Over 20,000 data center management systems exposed to hackers Thanks to our episode sponsor, Pentera Pentera introduces Automated Security Validation! The newly-minted unicorn out of Israel takes a whole new approach to penetration testing - allowing every organization to continuously test the integrity of all cybersecurity layers - including against ransomware - leveraging proprietary ethical exploits to emulate real-world attacks at scale. All day, everyday. This week Pentera will discuss how to identify your exploitable attack surface, so stay tuned for their ‘Tip of the Day'. Or visit pentera.io to find out more. For the stories behind the headlines, head to CISOseries.com.
In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw256
In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw256
It's a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today's show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We're looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned! Show Notes: https://securityweekly.com/esw256 Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
It's a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for 2022, today's show will be about enterprise security pitfalls and the areas corporations should focus on when planning their cybersecurity strategy for the year. Topics will include proper data hygiene; ransomware prevention and recovery techniques; challenges in securing a distributed workforce and the changing role of IT and containing data sprawl. We're looking forward to keeping you informed throughout 2022! 2021 was the most active year in federal cybersecurity policy. Ever. The Biden administration used executive orders, new regulations, public/private partnerships and novel law enforcement strategies to shore up federal systems and engage with industry. Meanwhile, an otherwise active year in Congress took a hit when several major pieces of legislation like incident reporting mandates and federal cybersecurity reform were left of the NDAA. SC Media government reporter Derek B. Johnson will discuss what came out last year's flurry and what we can expect Congress to prioritize in 2022. In the Enterprise Security News for this week: Pentera announces a $150m Series C - YAU (Yet Another Unicorn), Herjavec Group merges with Fishtech, Google acquires SOAR vendor SIEMplify, A European grocery store buys BAS vendor XM Cyber, Flashpoint acquires vuln intel vendor Risk Based Security, Recorded Future acquires SecurityTrails, Drama in the Israeli cybersecurity news, Security, Analyst is the #1 best job of 2022, Microsoft to start rolling out its own hardware security chip, & Some annoying words get banned! Show Notes: https://securityweekly.com/esw256 Segment Resources: https://www.scmagazine.com/feature/policy/every-month-has-been-cybersecurity-awareness-month-for-the-biden-administration Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Arik is an entrepreneur and advisor to startups and capital fund groups, and the President of Commit. He has over 20 years of business development experience in the global technology sector, combined with a vast knowledge of software design, development, and system architecture. Arik successfully completed a number of exits and co-founded several ventures, including Pentera (formerly Pcysys) a fully automated, self-learning penetration tests solution that mimics the hacker's mindset, and Betting Corp which provided gaming platforms and real-time transaction management.
Amitai is an experienced CEO, specializing in growing early-stage tech ventures from no revenue / early revenue to tens of millions in ARR across regions and verticals.As Pentera CEO, he's led exponential growth since January 2018, to becoming the de-facto market leader in Automated Security Validation, through 3 funding rounds, from AWZ Ventures, The Blackstone Group, and Insight Partners, the most prominent cybersecurity investor of our times.