Podcasts about PKI

  • 174PODCASTS
  • 336EPISODES
  • 40mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Oct 2, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about PKI

Latest podcast episodes about PKI

Root Causes: A PKI and Security Podcast
Root Causes 532: Introducing Offline PKI

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Oct 2, 2025 11:04


In this episode, Jason describes how we might use the principles of PKI in a purely offline scenario.

Technology Tap
Cybersecurity Fundamentals: Crypto Shields: How Your Data Stays Secret Chapter 3 Part 1

Technology Tap

Play Episode Listen Later Sep 18, 2025 10:26 Transcription Available


professorjrod@gmail.comHave you ever wondered what invisible force protects your private messages, banking details, and personal information as they travel across the internet? The answer lies in cryptology—the fascinating science of securing information through mathematical techniques.Cryptology forms the backbone of modern cybersecurity, addressing the critical needs for confidentiality and integrity in our digital communications. Throughout this episode, Professor J-Rod breaks down complex cryptographic concepts into digestible, practical explanations that reveal how our online world maintains security.We journey through the three fundamental pillars of cryptographic security. First, symmetric encryption—the fastest method using a single shared key—powers everything from full disk encryption on your laptop to secure messaging. Next, we explore asymmetric encryption (public-key cryptography), which brilliantly solves the key distribution problem through mathematically-linked key pairs. Finally, we demystify hashing—the one-way process that creates digital fingerprints to verify data integrity without revealing the original content.Each concept comes alive through real-world examples: how your laptop protects files even if stolen, how websites establish secure connections with your browser, and why changing just one letter in a document completely transforms its hash value. The episode offers both theoretical understanding and practical knowledge about the technologies we unconsciously trust every day.Whether you're a cybersecurity novice or simply curious about how digital security works, this episode provides valuable insights into the cryptographic foundations that keep our digital lives private and secure. Subscribe to Technology Tap for part two of our Cryptology Deep Dive, where we'll explore digital signatures, PKI, certificate authorities, and applications like VPNs, TLS, and blockchain. Your digital security knowledge journey is just beginning!Support the showIf you want to help me with my research please e-mail me.Professorjrod@gmail.comIf you want to join my question/answer zoom class e-mail me at Professorjrod@gmail.comArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

Passwort - der Podcast von heise security
Probleme mit Widerrufen, Verbindungsabbrüchen und anderem

Passwort - der Podcast von heise security

Play Episode Listen Later Sep 10, 2025 137:07


Die Hosts wühlen sich weiter durch Feedback und mehr News, als eigentlich in eine Folge passen. Der Podcast nähert sich daher unermüdlich den Director's Cuts epischer Filme an – zumindest in seiner Länge. Ein Hauptgrund dafür ist die Zertifizierungsstelle Microsoft PKI Services, bei der sich tiefe Abgründe auftun. Christopher und Sylvester reden aber auch über diverse andere aktuelle Themen in- und außerhalb der PKI, etwa lehrreiche Sicherheitslücken in Coredump-Handlern und die interessante DoS-Schwachstelle MadeYouReset. - Merklemap-Kritik an Static CT: https://www.merklemap.com/documentation/static-ct - Bugreports zu Microsofts Zertifikatsnichtwiderrufen: https://bugzilla.mozilla.org/show_bug.cgi?id=1962829 und https://bugzilla.mozilla.org/show_bug.cgi?id=1965612 - Technische Details zu coredump-Lücken von Qualys: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt - Erklärung von Oracle zur systemd-coredump-Lücke: https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598 - PoC zur systemd-coredump-Lücke von CIQ https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/ - "Made you Reset"-Blogposts: https://galbarnahum.com/posts/made-you-reset-intro und https://galbarnahum.com/posts/made-you-reset-technical-details - Folgt uns im Fediverse: - @christopherkunz@chaos.social - @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

The Post-Quantum World
One PQC Playbook – with Kevin Hilscher of DigiCert

The Post-Quantum World

Play Episode Listen Later Aug 20, 2025 32:58


DigiCert is widely recognized for its expertise in PKI and as a TLS certificate authority. As you can imagine, they have a significant perspective on the quantum computing threat to encryption and the migration to post-quantum cryptography (PQC). We cover everything from the challenges of upgrading IoT devices to ML-DSA signature sizes, as well as the new DigiCert One platform the company offers to help manage the migration process. In the middle of this episode, you'll even get a clear summary of what a successful rollout to PQC looks like. Join host Konstantinos Karagiannis for a wide-ranging chat on actionable PQC steps you can take with Kevin Hilscher from DigiCert. There's even a Quantum Safe Playground to experiment with!For more information on DigiCert, visit www.digicert.com/.   Visit the Quantum Safe Playground at https://labs.digicert.com/quantum-safe.Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti on LinkedIn and Twitter: @Protiviti.     Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and X: @ProtivitiTech.             Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.  

Paul's Security Weekly
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412

Paul's Security Weekly

Play Episode Listen Later Jun 23, 2025 98:23


In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

Enterprise Security Weekly (Audio)
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - David Lee, Amit Masand, Chip Hughes, Ashley Stevenson, John Pritchard, Matt Caulfield - ESW #412

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jun 23, 2025 98:23


In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-412

Paul's Security Weekly TV
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - Chip Hughes, Ashley Stevenson, John Pritchard, Amit Masand, Matt Caulfield, David Lee - ESW #412

Paul's Security Weekly TV

Play Episode Listen Later Jun 23, 2025 98:23


In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Show Notes: https://securityweekly.com/esw-412

Enterprise Security Weekly (Video)
Rethinking Identity: IAM, PAM & Passwordless Trends from Identiverse - Chip Hughes, Ashley Stevenson, John Pritchard, Amit Masand, Matt Caulfield, David Lee - ESW #412

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 23, 2025 98:23


In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We'll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and other critical industries, check out our whitepapers on the topic: https://security.imprivata.com/putting-complex-passwords-to-work-for-you-wp.html https://www.imprivata.com/resources/whitepapers/passwordless-journey-healthcare This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivataidv to learn more about them! As digital identities multiply and certificate lifespans shrink, enterprises face growing challenges in securing trust across users, devices, and systems. This session explores why unifying PKI and IAM is essential to closing identity-related trust gaps and how platforms like DigiCert ONE—integrating PKI, DNS, and automation—help eliminate outages, streamline security operations, and future-proof organizations. This segment is sponsored by DigiCert. Visit https://securityweekly.com/digicertidv to learn more about them! Identity-related attacks are now the dominant threat vector in cybersecurity, yet most organizations remain hindered by fragmented tools, siloed data, and disconnected teams. “Multiplayer AI” offers a new model for identity security, emphasizing interoperability between human experts and AI agents to create a unified, real-time system of systems. By fostering collaboration through open standards and shared intelligence, enterprises can close security gaps, reduce attacker dwell time, and respond faster—transforming identity security from isolated defense into coordinated resilience. https://www.radiantlogic.com/blog/the-dentity-security-paradox-when-more-tools-create-bigger-blind-spots/ This segment is sponsored by Radiant Logic. Visit https://securityweekly.com/radiantlogicidv to learn more about them! In this era of technological advancements where businesses are going digital and more cloud based while preferring remote work environment, cyber threats are surprising growing at the rate never seen before. This makes Identity and Access Management (IAM) and Privileged Access Management (PAM) no more an optional thing but a core crucial requirement. These are not just IT tools anymore- they are important for the security of people, data, and operations. More and more organizations from different industries are now turning to IAM and PAM as managed services to handle the growing complexity of access control and cybersecurity. Why? Because managing identity internally is becoming harder, more expensive, and riskier. With a trusted managed service partner, businesses gain expert support, 24/7 monitoring, scalability, and peace of mind—all while staying compliant and secure. This segment will explore how IAM and PAM managed services are helping companies reduce risk, simplify operations, and stay ahead of evolving security challenges. Whether you're an IT leader, security professional, or business decision-maker, you'll learn why outsourcing identity and access management is quickly becoming a smart, strategic move for the modern enterprise https://www.idmexpress.com/blogs https://www.idmexpress.com/post/cyberark-privileged-access-management-pam-implementation https://www.idmexpress.com/iam-products This segment is sponsored by IDMEXPRESS. Visit https://securityweekly.com/idmidv to implement and manage IAM and PAM solutions tailored to your business needs. Duo's biggest announcement since push-MFA. Duo is defining the future of Identity by unveiling a solution that attackers will hate and users will love. This segment is sponsored by Cisco Duo. Visit https://securityweekly.com/duoidv to learn more about them! In this interview, we will explore the power of data-driven identity leadership and how organizations can leverage analytics to enhance their identity security strategies. Hear insights on aligning data with business goals, improving decision-making, and proactively managing risk. Learn how analytics can transform your identity program from reactive to strategic, driving measurable success. This segment is sponsored by Saviynt. Visit https://securityweekly.com/saviyntidv to learn more about them or get a free demo! Show Notes: https://securityweekly.com/esw-412

IIoT Use Case Podcast | Industrie
#172 | NIS2-Compliance und Cybersicherheit: Experten von secunet und dem cyberintelligence.institute teilen Insights | secunet & cyberintelligence.institute

IIoT Use Case Podcast | Industrie

Play Episode Listen Later Jun 11, 2025 44:53


www.iotusecase.com#NIS2 #CYBERSICHERHEIT #INFORMATIONSSICHERHEITWie sicher ist Ihr Unternehmen wirklich?In Episode 172 des IoT Use Case Podcasts spricht Gastgeberin Ing. Madeleine Mickeleit mit Prof. Dr. Dennis-Kenji Kipker, Forschungsdirektor beim Cyber Intelligence Institute, Frank Sauber, Global Head of Sales bei secunet, und Marlitt Stolz, Abteilungsleiterin Management Systems bei secunet, über die NIS2-Richtlinie und deren Auswirkungen auf Unternehmen. Sie diskutieren, wie Firmen ihre Cybersicherheit stärken können, um steigenden Bedrohungen und neuen regulatorischen Anforderungen zu begegnen. Eine spannende Folge für alle, die wissen möchten, wie man in Zeiten zunehmender Vernetzung den Überblick behält und sich absichert.Folge 172 auf einen Blick (und Klick):(14:01) Herausforderungen, Potenziale und Status quo – So sieht der Use Case in der Praxis aus(23:45) Lösungen, Angebote und Services – Ein Blick auf die eingesetzten Technologien(39:16) Übertragbarkeit, Skalierung und nächste Schritte – So könnt ihr diesen Use Case nutzenPodcast ZusammenfassungDiese Episode behandelt die NIS2-Richtlinie und ihre Auswirkungen auf Unternehmen, insbesondere in Industrie und digital vernetzten Lieferketten. Gastgeberin Ing. Madeleine Mickeleit spricht mit Prof. Dr. Dennis-Kenji Kipker, Frank Sauber und Marlitt Stolz über Herausforderungen und Lösungen für mehr Cybersicherheit.Die Experten zeigen, wie Unternehmen NIS2 praktisch umsetzen – von der Bestandsaufnahme über Risikomanagement bis zu Maßnahmen wie Penetrationstests. Wichtig ist auch eine klare Verantwortlichkeitsstruktur, besonders bei komplexen Strukturen und mehreren Standorten.Die Episode gibt außerdem wertvolle Einblicke in die notwendige Zusammenarbeit zwischen Unternehmen und Partnern, um die Informationssicherheit entlang der Lieferkette zu gewährleisten. Wenn Sie wissen möchten, wie Sie Ihr Unternehmen vor den Risiken der digitalen Zukunft schützen und gleichzeitig die Compliance sicherstellen, dann hören Sie rein – diese Folge gibt Ihnen praxisorientierte Empfehlungen für die Umsetzung von Cybersicherheit in Ihrem Unternehmen.-----Relevante Folgenlinks:Madeleine (https://www.linkedin.com/in/madeleine-mickeleit/)Dennis-Kenji (https://www.linkedin.com/in/prof-dr-dennis-kenji-kipker-51867449/)Marlitt (https://www.linkedin.com/in/marlitt-julika-stolz-932827317/)Frank (https://www.linkedin.com/in/frank-sauber-8aa0621/)Studie zur Umsetzung von NIS2 (https://cyberintelligence.institute/projekte/neue-studie-vergleich-der-umsetzung-von-nis2-fuer-alle-27-eu-mit) secunet NIS2 (https://www.secunet.com/nis-2)Cybersecurity im KRITIS-Sektor (https://iotusecase.com/de/podcast/erfolgsfaktoren-fuer-iot-projekte-im-kritis-sektor-energie-digitale-infrastrukturen-schuetzen/)PKI bei Claas (https://iotusecase.com/de/podcast/claas-digitale-landwirtschaft-mit-sicheren-identitaeten-fuer-vernetzte-maschinen/)Jetzt IoT Use Case auf LinkedIn folgen

Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Ep. 246 Thales Powers Federal Data Security Against Quantum-Era Threats

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

Play Episode Listen Later Jun 10, 2025 25:40


Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Years ago, the headline “Data Breach” was shocking; today, it is common. That may not be a problem for some, but the federal government maintains data stores that contain information about finances, health, and military matters. A recent report has shown that 50% of federal agencies have reported data breaches. It appears that it's time to find a solution. Today, we sat down with Blain Canavan from Thales Group to examine the usual suspects and the potential threats ahead. THE USUAL SUSPECTS:   MFA:  Protecting data can be accomplished with something as basic as phishing-resistant Multi-Factor Authentication. The first step in identity management can significantly reduce threats. Encryption: Deploying encryption can protect data at rest, in transit, and memory. Keys to the Kingdom: Little-known methods of managing the PKI system can help reduce risk in protecting data. THEAT DOWN THE ROAD: QUANTUM Now that you have checked the boxes for basic data protection, it is time to get a grasp on what lies ahead. We have read about quantum cryptography for twenty years. Today, we have pre-standardized quantum-resistant cryptographic algorithms available. One needs to take action a little sooner. During the interview, Blair Canavan highlights the proactive measures taken by the US federal government, including the implementation of PQC-safe digital signatures by 2025. The “down the road” also has a delimitation -- Blair emphasizes the urgency of replacing outdated cryptographic methods, such as RSA and ECC, by 2030 and 2035, respectively. Include the 2024 data threat report. = ==

The Tech Blog Writer Podcast
3301: How DigiCert Is Redefining Digital Trust

The Tech Blog Writer Podcast

Play Episode Listen Later Jun 4, 2025 32:36


In this episode of Tech Talks Daily, I sat down with Ashley Stevenson, VP of Product and Solution Marketing at DigiCert, to explore the shifting landscape of digital trust. We are living in a time where certificate-related outages still disrupt critical systems, identity management is becoming more complex, and the arrival of quantum computing is no longer a distant concern. Ashley brought clarity to these issues with a practical look at how DigiCert is helping organizations manage trust at scale. Our conversation began with the foundational role DNS and PKI play in digital infrastructure. While most users never think about them, every secure connection begins with DNS resolving a domain and PKI establishing trust. DigiCert has combined these layers in a single platform, DigiCert1, designed to automate and simplify how trust is managed across networks, users, and connected devices. We explored the increasing importance of certificate lifecycle management. With certificate lifespans moving from 398 days to just 47 by 2029, and domain validations required every 10 days, automation is no longer a convenience. It is a necessity. DigiCert1 addresses this through centralized inventory, policy enforcement, proactive notifications, and full automation from issuance to installation. Ashley also shared insights on the convergence of PKI and identity and access management. From IoT to human users, digital identities are multiplying and evolving. PKI is playing a larger role in enabling passwordless authentication and supporting verifiable credentials, especially as organizations move toward privacy-enhancing and standards-based models. Looking ahead, we discussed quantum readiness and crypto agility. DigiCert is already helping customers evaluate which systems are most vulnerable and preparing them to adopt quantum-safe algorithms when needed. Whether the concern is policy change, an unexpected breach, or emerging tech, the ability to adapt quickly is key. How do you build a strategy for trust that adapts to this pace of change? This episode offers an inside look at how DigiCert is answering that question.

Root Causes: A PKI and Security Podcast
Root Causes 495: Trust Models and Post Quantum Cryptography

Root Causes: A PKI and Security Podcast

Play Episode Listen Later May 16, 2025 7:00


We build on our Trust Models discussion to explore how organizations can structure their PKI for the transition to post quantum cryptography (PQC).

The Canadian Investor
Will This Multi-Billion Dollar Canadian Acquisition Get Blocked?

The Canadian Investor

Play Episode Listen Later May 8, 2025 57:40


In this episode, we break down Parkland’s $9.1B proposed acquisition by Sunoco and why the timing is controversial. We also cover earnings from Loblaws, TMX Group, McDonald’s, Riocan, and Spin Master. From strong retail leasing spreads to e-commerce growth and tariff headwinds, we dig into how each company is navigating the current economic environment—and what investors should watch going forward. Tickers of stocks discussed: X.TO, MCD, L.TO, REI-UN.TO, TOY, PKI.TO Check out our portfolio by going to Jointci.com Our Website Canadian Investor Podcast Network Twitter: @cdn_investing Simon’s twitter: @Fiat_Iceberg Braden’s twitter: @BradoCapital Dan’s Twitter: @stocktrades_ca Want to learn more about Real Estate Investing? Check out the Canadian Real Estate Investor Podcast! Apple Podcast - The Canadian Real Estate Investor Spotify - The Canadian Real Estate Investor Web player - The Canadian Real Estate Investor Asset Allocation ETFs | BMO Global Asset Management Sign up for Finchat.io for free to get easy access to global stock coverage and powerful AI investing tools. Register for EQ Bank, the seamless digital banking experience with better rates and no nonsense.See omnystudio.com/listener for privacy information.

Digital Transformation & Leadership with Danny Levy
Transforming Digital Security: Leadership, Innovation & the Future of Identity w/ David Mahdi

Digital Transformation & Leadership with Danny Levy

Play Episode Listen Later Apr 17, 2025 66:34


On todays episode Danny is joined by David Mahdi, Chief Identity Officer (CIO) for Transmit Security. David is a globally recognized leader in cybersecurity and digital identity, renowned for his pioneering work in establishing digital trust across complex enterprise ecosystems. With over two decades of experience, he has been instrumental in shaping the fields of identity-first security, cryptography, and machine identity management. As the CIO at Transmit Security and former Chief Strategy Officer and CISO Advisor at Sectigo, David has guided organizations through digital transformation initiatives, including the development of cryptography centers of excellence and the implementation of passwordless authentication systems. His tenure as a top-performing VP Analyst at Gartner solidified his reputation as a trusted advisor to Fortune 500 companies, where he provided insights on cybersecurity, blockchain, PKI, and IoT security. David's thought leadership extends to his contributions to the Forbes Technology Council and the Fast Company Executive Board, where he continues to influence the discourse on digital trust and cybersecurity. His holistic approach, encompassing IT, engineering, business development, and marketing, positions him uniquely to address the multifaceted challenges of today's digital landscape. In this podcast, David shares his insights on the evolving landscape of digital identity, the importance of establishing digital trust, and the future of cybersecurity in an increasingly interconnected world:The most surprising challenge David has faced in leading innovation at scaleSomething David struggles with as a leader in the tech spaceHow to maintain peak performance and keep your team motivatedThe role AI plays in the evolution of digital identity and fraud preventionHow to manage energy and focusWhat excites David most about the future of digital security and identity managementAnd more...Are you getting every episode of Digital Transformation & Leadership in your favourite podcast player? You can find us Apple Podcasts and Spotify to subscribe.

Passwort - der Podcast von heise security
News von Verschlüsselungsangriffen bis Kryptodiebstahl

Passwort - der Podcast von heise security

Play Episode Listen Later Mar 12, 2025 106:08


Passwort-Podcast ohne PKI: unvorstellbar! Daher sprechen Sylvester und Christopher in der aktuellen FOlge auch über Kritik an der automatischen Zertifikatsvergabe per ACME-Protokoll. Außerdem staunen sie ob eines Milliardendiebstahls bei der Kryptobörse Bybit, ärgern sich über verschiedene staatliche Versuche, Verschlüsselung zu schwächen und ermutigen ihre Hörer, bei der Auswahl der Testdomain umsichtig vorzugehen. - https://blog.thc.org/practical-https-interception - CertSpotter: https://github.com/SSLMate/certspotter - https://tuta.com/de/blog/france-surveillance-nacrotrafic-law - https://support.apple.com/en-us/122234 - https://www.cl.cam.ac.uk/~ah793/papers/2025police.pdf - https://www.bloomberg.com/opinion/articles/2025-03-03/citi-keeps-hitting-the-wrong-buttons - https://www.heise.de/news/BAMF-Skurrile-Testkonten-ermoeglichten-unautorisierten-Datenzugriff-10305691.html - https://github.com/jlopp/physical-bitcoin-attacks Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

PING
RPKI Views: The archive of RPKI state

PING

Play Episode Listen Later Feb 19, 2025 49:30


In this episode, Job Snijders discusses RPKIViews, his long term project to collect the "views" of RPKI state every day, and maintain an archive of BGP route validation states. The project is named to reflect route views, the long-standing archive of BGP state maintained by the University of Oregon, which has been discussed on PING. Job is based in the Netherlands, and has worked in BGP routing for large international ISPs and content distribution networks as well as being a board member of the RIPE NCC. He is known for his work producing the Open-Source rpki-client RPKI Validator, implemented in C and distributed widely through the OpenBSD project. RPKI is the Resource PKI, Resource meaning the Internet Number Resources, the IPv4, IPv6 and Autonomous System (AS) numbers which are used to implement routing in the global internet. The PKI provides cryptographic proofs of delegation of these resources and allows the delegates to sign over their intentions originating specific prefixes in BGP, and the relationships between the AS which speak BGP to each other. Why rpkiviews? Job explains that there's a necessary conversation between people involved in the operational deployment of secure BGP, and the standards development and research community: How many of the worlds BGP routes are being protected? How many places are producing Route Origin Attestations (ROA) which are the primary cryptographic object used to perform Route Origin Validation (ROV) and how many objects are made? Whats the error rate in production, the rate of growth, a myriad of introspective "meta" questions need to be asked in deploying this kind of system at scale, and one of the best tools to use, is an archive of state, updated frequently, and as for route views collected from a diverse range of places worldwide, to understand the dynamics of the system. Job is using the archive to produce his annual "RPKI Year in review" report, which was published this year on the APNIC blog (it's posted to operations, research and standards development mailing lists and presented at conferences and meetings normally) and products are being used by the BGPAlerter service developed by Massimo Candela

The Post-Quantum World
PQC Survey Says … What 4,000 Professionals Are Doing About It — with Samantha Mabey of Entrust

The Post-Quantum World

Play Episode Listen Later Feb 5, 2025 36:40


I'm always asked the same question when talking to customers about the threats of quantum computing and the move to post-quantum cryptography. What are similar companies doing about it? It's only been half a year since the NIST standards were published, but we're starting to see some traction. Join host Konstantinos Karagiannis for a chat with Samantha Mabey from Entrust about an interesting study on migration, along with some tactical advice for getting your PQC journey underway. For more information on Entrust, visit www.entrust.com/.  Read the PKI and PQ study here:  www.entrust.com/cybersecurity-institute/reports/2024-pki-and-post-quantum-trends-study.  Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech.     Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.

Passwort - der Podcast von heise security
Zertifikate sind schwierig, Malwarenamen auch

Passwort - der Podcast von heise security

Play Episode Listen Later Jan 29, 2025 87:00


Christopher und Sylvester kämpfen sich mal wieder durch einige Ankündigungen für Zertifikate und Vorfälle mit denselben. Außerdem werfen sie einen Blick auf eine Malwaregruppe, die auf andere Cyberkriminelle und Sicherheitsforscher abzielt, und besprechen, warum diese Gruppen oft so viele komische Namen haben. Zuletzt geht es noch um neue Tricks, wie Nutzer über ihre Browserengine nachverfolgt werden können – und wie man sich dagegen wehrt. * [Let's Encrypt-Ankündigung](https://letsencrypt.org/2024/12/11/eoy-letter-2024/) * [Bericht zu MUT-1244](https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/) * [Threat-Actor-Naming-RFC](https://www.misp-standard.org/rfc/threat-actor-naming.html) * [CSS-Fingerprinting](https://doi.org/10.60882/cispa.27194472.v3) * [c't-Mailclient-Übersicht](https://heise.de/-10241634) Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

Root Causes: A PKI and Security Podcast
Root Causes 453: It Turns Out Monkeys Couldn't Type Shakespeare After All

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Jan 2, 2025 14:12


The old adage states that a monkey in front of a keyboard, given enough time, could randomly type the works of Shakespeare. Apparently, someone ran the numbers and said not so much. We break it down and explain why we're discussing this on a PKI podcast.

RunAs Radio
Pen Testing Yourself with Paula Januszkiewicz

RunAs Radio

Play Episode Listen Later Oct 16, 2024 36:33


Can you pen test yourself? Paula Januszkiewicz says yes! Richard talks to Paula about taking an active role in understanding your organization's security vulnerabilities. Paula talks about the low-hanging fruit she often finds as a professional penetration tester - typically on poorly maintained infrastructure like PKI servers. The conversation digs into tooling you can use to find vulnerabilities - just make sure you trust the source of those tools. Not everyone is a good guy in open source! And, of course, there's always a time to bring in professionals to do a deeper level of testing. Don't wait until the breach happens to take some action!LinksCqurePenetration TestingGitHub Secrets ScanningHaveIBeenPwnedRecorded August 22, 2024

SAE Tomorrow Today
246. Refining SAE J3400 for Standardized EV Charging

SAE Tomorrow Today

Play Episode Listen Later Sep 26, 2024 40:19


As most EV enthusiasts know, the Tesla-developed North American Charging System (NACS) is being standardized as SAE J3400 — unlocking the ability for any EV supplier or manufacturer to use, manufacture, or deploy the J3400 connector on EVs and at charging stations across North America. . Recently, the SAE J3400 NACS Task Force voted to establish the J3400 standard as a recommended practice, marking a significant step forward in the standardization process and demonstrating the importance of collaboration in moving the EV industry forward. . To learn more, we sat down with Christian Thiele, Director, Global Ground Vehicle Standards, SAE International, and Dr. Rodney McGee, Ph.D., P.E., Chairman, SAE J3400 NACS Task Force, and Chief Engineer at the University of Delaware, to discuss how the J3400 standard is bringing industry together to build a unified and reliable EV infrastructure that supports the widespread adoption of EVs. . Join the global EV ecosystem leader! The SAE EV Charging PKI Project designed and tested an inclusive, protocol-neutral, worldwide EV charging industry PKI platform that is secure, trusted, scalable, interoperable, and extensible. View and download the program overview now. . We'd love to hear from you. Share your comments, questions and ideas for future topics and guests to podcast@sae.org. Don't forget to take a moment to follow SAE Tomorrow Today—a podcast where we discuss emerging technology and trends in mobility with the leaders, innovators and strategists making it all happen—and give us a review on your preferred podcasting platform. . Follow SAE on LinkedIn, Instagram, Facebook, Twitter, and YouTube. Follow host Grayson Brulte on LinkedIn, Twitter, and Instagram.

The CyberWire
Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

The CyberWire

Play Episode Listen Later Sep 8, 2024 7:17


Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Career Notes
Ann Johnson: Trying to make the world safer. [Business Development]

Career Notes

Play Episode Listen Later Sep 8, 2024 7:17


Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Post-Quantum World
Zero-Trust Post-Quantum Cryptography – with Richard Blech of XSOC

The Post-Quantum World

Play Episode Listen Later Jul 24, 2024 35:22


The migration to post-quantum cryptography (PQC) is about to begin and is necessary to protect against the threats of fault-tolerant quantum computing. However, critical assets like those in military, banking and government environments also require other layers of security and strategies, such as zero trust and increased encryption bit sizes. Join host Konstantinos Karagiannis as he discusses with his guest, Richard Blech from XSOC, a high-performance symmetric encryption solution that will provide defense in-depth today and after thousands of logical qubits arrive.  For more on XSOC, visit www.xsoccorp.com/ .  Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services  to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker and follow Protiviti Technology on LinkedIn and Twitter: @ProtivitiTech.  Questions and comments are welcome!   Theme song by David Schwartz, copyright 2021.   The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.

Root Causes: A PKI and Security Podcast
Root Causes 406: Certificate Discovery Is for Internal Certificates, Too

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Jul 22, 2024 18:15


When we discuss certificate discovery in CLM platforms, there is a common assumption that we're talking about public certificates exclusively. In this episode we explain the value of certificate discovery for internal PKI certificates also.

Security Masterminds
50 years of Evolution of Cybersecurity and Securing Software From Punch Cards and PKI to ChatGPT with Special Guest, Loren Kohnfelder

Security Masterminds

Play Episode Listen Later Jul 12, 2024 53:20


Do you want to gain a deeper understanding of how PKI, AI, and cryptography are shaping software development? Our special guest is Loren KohnfelderLoren Kohnfelder's journey into the world of AI and cybersecurity began with an early exposure to mainframe programming at the age of twelve. His fascination with software development grew from experimenting with basic assembly language, COBOL, Basic, Fortran, and RPG. Over the years, he witnessed the evolution of programming languages and the crucial shift towards memory safety. As he delved deeper into the world of AI, Loren's perspective on the application of AI in cybersecurity evolved, emphasizing the importance of trust and clear policies. His insightful narrative highlights the significance of automation and the need for transparency within the security industry, offering a unique and relatable perspective on the ever-changing landscape of software development and cybersecurity.Discover how artificial intelligence is revolutionizing the cybersecurity landscape and its impact on software development.Understand the critical role of trust in AI cybersecurity and how it influences decision-making in software development.Learn about the triaging approach to automating cybersecurity and its significance for software developers and IT professionals.Explore effective methods for monitoring and evaluating the performance of AI in cybersecurity to enhance software development practices.Gain insights into the importance of transparency and knowledge sharing in cybersecurity for informed decision-making in software development.I believe in challenging all this stuff because I think we have plenty of room for improvement and we need to keep going at it. We can't give up and resign ourselves to business as usual. We have to keep pushing it and asking, why is that? Why can't we do it this way? Why isn't it better? Keep trying. - Loren KohnfelderIn this episode, you will be able to:Discover how artificial intelligence is revolutionizing cybersecurity and what it means for the future of software development.Explore the triaging approach to automating cybersecurity and its potential to streamline threat detection and response.Uncover the significance of transparency and knowledge sharing in cybersecurity for fostering a more secure digital environment.Connect with Loren KohnfelderLinkedIn: https://www.linkedin.com/in/kohnfelder/Designing Secure Software Book: https://a.co/d/07h5nQnaConnect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganErich Kron: https://www.linkedin.com/in/erichkron/Music Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

The Cloud Pod
265: Swing and a WIF

The Cloud Pod

Play Episode Listen Later Jun 28, 2024 39:48


Welcome to episode 265 of the Cloud Pod Podcast – where the forecast is always cloudy! Justin and Matthew are with you this week, and even though it's a light news week, you're definitely going to want to stick around. We're looking forward to FinOps, talking about updates to Consul, WIF coming to Vault 1.17, and giving an intro to Databricks LakeFlow. Because we needed another lake product. Be sure to stick around for this week's Cloud Journey series too.  Titles we almost went with this week: The CloudPod lets the DataLake flow Amazon attempts an international incident in Taiwan What's your Vector Mysql?  A big thanks to this week's sponsor: We're sponsorless! Want to reach a dedicated audience of cloud engineers? Send us an email, or hit us up on our Slack Channel and let's chat!  General News 01:40 Consul 1.19 improves Kubernetes workflows, snapshot support, and Nomad integration Consul 1.19 is now generally available, improving the user experience, providing flexibility and enhancing integration points.  Consul 1.19 introduces a new registration custom resource definition (CRD) that simplifies the process of registering external services into the mesh.   Consul service mesh already supports routing to services outside of the mesh through terminating gateways. However, there are advantages to using the new Registration CRD.  Consul snapshots can now be stored in multiple destinations, previously, you could only snapshot to a local path or to a remote object store destination but not both.   Now you can take a snapshot of NFS Mounts, San attached Storage, or Object storage.  Consul API gateways can now be deployed on Nomad, combined with transparent proxy and enterprise features like admin partitions  01:37 Matthew- “What I was surprised about, which I did not know, was that console API gateway can now be deployed on Nomad. Was it not able to be deployed before? Just feels weird… you know, consoles should be able to be deployed on nomad compared to that. You know, it’s all the same company, but sometimes team A doesn’t always talk to team B.” 03:21 Vault 1.17 brings WIF, EST support for PKI, and more   Vault 1.17 is now generally available with new secure workflows, better performance and improved secrets management scalability.  Key new features: Workload Identify Federation (WIF) allows you to eliminate concerns around providing security credentials to vault plugins.   Using the new support for WIF< a trust relationship can be established between an external system and va

The SharePickers Podcast with Justin Waite
2620: Is this Top Performing Stock about to Drop on Forecasts?

The SharePickers Podcast with Justin Waite

Play Episode Listen Later Jun 26, 2024 11:22


Is this Top Performing Stock about to Drop on Forecasts? This company's share price has risen by over 200% in the last 8 months on very strong results but their revenune is forecast to drop by 19% this year and operating profit is due to fall by 47%. This is company looks like a quality business with good margins and a decent client base but are investors aware that this years forecasted results will not be as strong? Intercede #IGP is a cybersecurity software company specialising in digital identities, and its innovative solutions enable organisations to protect themselves against the number one cause of data breach: compromised user credentials. The Intercede suite of products allows customers to choose the level of security that best fits their needs, from Secure Registration and ID Verification to Password Security Management, One-Time Passwords, FIDO and PKI. Uniquely, Intercede provides the entire set of authentication options from Passwords to PKI, supporting customers on their journey to passwordless and stronger authentication environments. If you want to make money in the stock market, you have to avoid these two mistakes. Investors who lose money in the stock market always make these mistakes. They are relatively easy to correct. See the video below called: Investors Avoid These Two Mistakes. My name is Justin Waite, I am a UK based private investor who specialises in microcap stocks (stock with a market capitalisation of £100m). I also run The Sharepickers Investment Club which aims to teach people how to invest, or to help current investors to improve their skill. My 3-step, WHAT, WHEN, HOW strategy helps people avoid the most common investors mistakes. I also host a live weekly webinar to cover potential investment ideas and various aspects of investing. Each company looked at is analysed across 20 metrics, then scored, coloured coded and ranked on the MicroCap League. Members of The SharePickers Investment Club also receive Justin's investment book: How to become a Microcap Millionaire - A 3 Step Strategy to Stock Market Success It teaches you: WHAT are the best UK stocks to invest into using fundamental analysis WHEN is the very best time to invest using technical analysis HOW to manage your investments using portfolio management. In the book Justin explains how his Stocks and Share ISA went from £30,115 in 2009 to £2,751,467 on the 1st May 2021. On the website there's also videos on how to learn about fundamental analysis and technical analysis. To get 20% off your membership to the SharePickers Investment Club go to www.sharepickers.com/subscribe and sign up for my free cheat sheet.

Paul's Security Weekly
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault

Paul's Security Weekly

Play Episode Listen Later Jun 21, 2024 44:48


FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80 This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them! While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality. This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them! Cyberattacks, fraud and breaches, we've all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward. This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them! Show Notes: https://securityweekly.com/vault-esw-13

Enterprise Security Weekly (Audio)
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jun 21, 2024 44:48


FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80 This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them! While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality. This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them! Cyberattacks, fraud and breaches, we've all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward. This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them! Show Notes: https://securityweekly.com/vault-esw-13

Paul's Security Weekly TV
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault

Paul's Security Weekly TV

Play Episode Listen Later Jun 21, 2024 44:48


FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80 This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them! While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality. This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them! Cyberattacks, fraud and breaches, we've all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward. This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them! Show Notes: https://securityweekly.com/vault-esw-12

Enterprise Security Weekly (Video)
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault

Enterprise Security Weekly (Video)

Play Episode Listen Later Jun 21, 2024 44:48


FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShield Key Pro: Protecting Digital Identities" https://www.youtube.com/watch?v=kxtqOyZ6e80 This segment is sponsored by Swissbit. Visit https://securityweekly.com/swissbitidv to learn more about them! While AI artificial intelligence is up-and-coming, automating your organization's PKI infrastructure is very much a reality, and can help save your IT team on hardware costs and employee costs in the long term. Additionally, a powerful PKI-as-a-Service solution provides the cryptoagility your organization can rely on as artificial intelligence, post-quantum computing, and shortened certificate validity periods become reality. This segment is sponsored by HID. Visit https://securityweekly.com/hididv to learn more about them! Cyberattacks, fraud and breaches, we've all studied them, and we are all aware that identity is under attack. And if we thought it was bad up until now, we haven't fully seen the impact of GenAI based identity attacks. Going beyond just Deepfakes, GenAI-powered malicious services such as FraudGPT, lets novices craft targeted and sophisticated attacks that bypass common IAM and security controls. Identity and security leaders must brace themselves for an increase in the volume, velocity and variety of attacks ("the three V's:). In this talk, former Gartner analyst David Mahdi and CIO of Transmit Security cover what you need to know about GenAI these attacks, and what you can do about it. Specifically, the types of attacks fraudsters are conducting across the identity lifecycle, insight into their tactics and services, and finally recommendations for a path forward. This segment is sponsored by Transmit Security. Visit https://securityweekly.com/transmitidv to learn more about them! Show Notes: https://securityweekly.com/vault-esw-12

Passwort - der Podcast von heise security

In Folge 3 betrachten Christopher und Sylvester im Newsteil den Rausschmiß einer CA aus den Browsern und warum das nicht nur positiv ist. Außerdem erzählen die beiden Security-Podcaster, wie sie Microsofts Recall finden. Im Hauptteil geht es um eine teure und lästige Art der Online-Attacke: Denial of Service. Die Hosts diskutieren, welche Arten von DoS es gibt, wie Angreifer mit wenig Aufwand terabiteweise Daten auf ihre Opfer schleudern und ob man sich gegen DoS-Angriffe schützen kann.

One Rental At A Time
Buckle Up For Stagflation!

One Rental At A Time

Play Episode Listen Later Jun 6, 2024 15:10


In this episode, we delve into the pressing economic indicators suggesting stagflation and a potential recession. We review key data from auto sales, construction spending, and factory orders, and discuss the upcoming jobs report and its implications. The discussion also covers important earnings reports from companies like Cloud Strike, Dollar Tree, and Lululemon, providing insights into consumer behavior and spending patterns. Tune in as we analyze the current economic landscape and what it means for the future. [00:00:04] Overview of upcoming economic data and earnings reports. [00:00:47] Live stream announcement: Discussing the 2025 housing market bloodbath predictions. [00:01:35] Insights into the job market with upcoming JOLTS report, factory orders, and auto sales. [00:02:34] Importance of the ADP report and initial jobless claims as economic indicators. [00:03:30] Expectations for the jobs number and unemployment rate. [00:04:01] Discussion on the earnings reports from Cloud Strike, PVH, Dollar Tree, and Lululemon. [00:05:56] Analysis of PKI data and its implications for inflation and stagflation. [00:07:03] Review of Chicago PMI numbers and historical accuracy in predicting recessions. [00:10:34] Trends in consumer behavior: Trading down from high-end to lower-end retailers. [00:11:02] Introduction to the One Rental at a Time school community and its benefits. One Rental at a Time One Rental at a Time School Cloud Strike PVH Corp Dollar Tree Lululemon DocuSign Chicago PMI Thank you for tuning into this episode as we navigate the complexities of the current economic landscape. If you enjoyed this discussion, please rate, follow, share, and leave a review. Your feedback helps us continue to bring you valuable content. For more detailed discussions and to connect with industry experts, join the One Rental at a Time school community. Stay informed, stay prepared, and see you next time!

Access Control
Certificates, Keys, and Trust: The World of PKI and mTLS.

Access Control

Play Episode Listen Later Jun 6, 2024 49:44


In this episode of the Access Control Podcast, Ben Arent sits down with Ben Burkert and Chris Stolt, the founders of Anchor Security, to discuss the challenges of managing internal TLS and how private CAs can help simplify the process. Ben and Chris share their experiences dealing with certificate-related outages and the frustrations that led them to start Anchor. They provide an in-depth look at the evolution of web cryptography, from the early days of SSL to the modern era of TLS and the impact of Let's Encrypt and the ACME protocol. The conversation also covers the benefits of using private CAs for internal PKI, including shorter certificate lifetimes, enhanced security, and improved developer experience. Ben and Chris introduce Anchor's new tool, lcl.host, which streamlines local TLS setup for developers. Throughout the episode, Ben and Chris offer practical advice for teams looking to implement internal PKI and MTLS, including best practices for certificate hierarchy design, tips for getting started, and the importance of testing your incident response and key rotation processes. Whether you're a developer, ops engineer, or security professional, this episode provides valuable insights into the world of internal TLS and how private CAs can help you secure your infrastructure more effectively. Tune in to learn from Anchor's experts and discover how to simplify your internal PKI management.

One Rental At A Time
Are Consumers Broke?

One Rental At A Time

Play Episode Listen Later Jun 5, 2024 16:40


In today's episode, we delve into the question: Is the consumer broke? We analyze recent earnings reports from key retailers like Best Buy, Foot Locker, and Kohl's to understand consumer behavior amidst economic changes. We also explore trends in enterprise software spending and the implications of recent reports from Salesforce and UiPath. Additionally, we discuss the potential impact of upcoming PKI core data on the market and share insights on GDP revisions and jobless claims. Tune in for a comprehensive look at the current state of the consumer economy and what it means for the future. [00:00:00] Introduction and overview of today's topics: consumer spending, enterprise software, and the upcoming PKI core data. [00:00:51] Discussion on changes in consumer behavior post-pandemic and its impact on discretionary spending. [00:02:15] Best Buy's earnings: Miss on revenue, beating earnings, and highlighting consumer pullback on discretionary items. [00:03:15] Foot Locker's earnings: Matched revenue, beat earnings, and the CEO's focus on margins and retail pricing. [00:04:20] Kohl's earnings: Miss on revenue and earnings, guidance cut, and same-store sales down 5.3%. [00:05:36] Analysis of consumer spending trends in grocery versus discretionary items based on Target and Walmart reports. [00:06:37] Salesforce's earnings: Miss on revenue and weak forecast due to a measured buying environment. [00:08:21] UiPath's challenges: CEO resignation and weak performance report. [00:08:50] Mixed results in tech earnings: New Topic's weak guidance versus HP Inc. and Pure Storage's strong performance. [00:09:14] Conclusion on consumer spending: Differentiating between asset owners and renters, and the impact on discretionary spending. Best Buy Foot Locker Kohl's Salesforce UiPath One Rental at a Time School Thank you for joining us in today's episode as we explored the state of the consumer economy. If you found this discussion insightful, please rate, follow, share, and leave a review. Your feedback helps us bring you more valuable content. For further insights and to connect with industry experts, join the One Rental at a Time School community. See you next time!

The CyberWire
Iran's covert cyber operations exposed.

The CyberWire

Play Episode Listen Later Apr 24, 2024 42:18


The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President's desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden's liquor stores bare.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K's comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes: Cryptographic life cycle Cryptographic method Public key infrastructure (PKI). Industry Voices On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness.  Selected Reading Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers) Congress passes bill that could ban TikTok after years of false starts (Washington Post) Russian hackers claim cyberattack on Indiana water plant (The Record) Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.) Global attacker median dwell time continues to fall (Help Net Security) New Password Cracking Analysis Targets Bcrypt (SecurityWeek) North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine) ​​Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer) Sweden's liquor shelves to run empty this week due to ransomware attack (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Feds At The Edge by FedInsider
Ep. 137 Who are you – and can you prove it? Identity and Access Management

Feds At The Edge by FedInsider

Play Episode Listen Later Feb 22, 2024 59:27


The federal government poses unique challenges in identity management. They are constrained by heavy security, a surfeit of data, and, most importantly, a limited budget. Today's interview takes all three aspects into account and offers listeners creative solutions to solve the vexing crisis in federal identity management. One of the first concerns is mobility. This does not just apply to military operations which, by definition, will be all over the world. Today's civilian agencies like FEMA have emergency remote users as well as many employees and contractors working remotely. The initial secure environment includes PKI processes that work well on a desktop system; now so much on a mobile. During the interview, it was suggested that a centralized model of identity verification may be the solution that can manage circumstances that do not include desktop computers. In a nod to the human condition, it was observed that if the identity solution is not convenient or will be subverted. SailPoint's Frank Brugulio points out that once a stable initial process is designed, then one must worry about continuous monitoring. The federal government includes legacy systems that may not work with new identity management systems, and a person's attributes may change, What the first federal systems designers never imagined is a fact brought out by James Imanian from CyberArk. He states that today, we must deal with forty-five machine identities for each human. When you throw all these factors together, you must understand that we are dealing with a limited budget and staff. Well deployed artificial intelligence can do menial tasks like recognizing unauthorized devices, advanced logging analytics, some sticky compliance issues.  

What keeps you up at night? (audio feed)
What keeps the founder of Delphi, Wes Kussmaul up at night?

What keeps you up at night? (audio feed)

Play Episode Listen Later Feb 14, 2024 23:26


Wes was the sole founder in 1981 of Delphi Internet Services Corporation, "The Company That Popularized The Internet" according to Michael Woolf, and was the creator of the world's first online encyclopedia. At the time it was sold to Rupert Murdoch's News Corporation in 1993, Delphi had been profitable for years and was among the four largest social networks, along with AOL, CompuServe and Prodigy. In 1986, while CEO of Delphi, Wes launched a spinoff, Global Villages, Inc. to serve magazine publishers and business clients with their own private-label social networks. Wes focused the attention of his new team on the need for reliable identities of individuals on the Internet, starting with the development of the VIVOS Enrollment Workstation. While developing VIVOS, Wes began collecting source material for a book about a hypothetical world public key infrastructure, built upon digital certificates representing measurably reliable identities, which would bring authenticity to online interactions and privacy to individuals. As the book began to take shape Wes was introduced to a group at the International Telecommunication Union that was attempting to implement a world PKI that was similar to the one he envisioned. Wes was subsequently appointed to the High Level Experts Group at the ITU's Global Cybersecurity Agenda. In an address in 2008 to the United Nations World Summit on Information Society in Geneva, Wes introduced the City of Osmio, a new certification authority. Wes's book, entitled Quiet Enjoyment, published in 2004 with a second edition in 2014, was followed by Wes's other titles including Don't Get Norteled in 2013 and Escape The Plantation in 2014.   Scott Schober is an author, CEO of www.bvsystems.com and #cybersecurity expert that appears regularly on Bloomberg TV, Fox Business & Fox News, CCTV America, Canadian TV News, Al Jazeera America, Arise TV as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR. Scott has also authored 3 critically acclaimed cybersecurity books entitled Hacked Again, Cybersecurity is Everybody's Business and Senior Cyber all available on Amazon. @ScottBVS www.linkedin.com/in/snschober www.facebook.com/SeniorCyberBook www.instagram.com/scott_schober www.ScottSchober.com

What keeps you up at night?
What keeps the founder of Delphi, Wes Kussmaul up at night?

What keeps you up at night?

Play Episode Listen Later Feb 14, 2024 23:26


Wes was the sole founder in 1981 of Delphi Internet Services Corporation, "The Company That Popularized The Internet" according to Michael Woolf, and was the creator of the world's first online encyclopedia. At the time it was sold to Rupert Murdoch's News Corporation in 1993, Delphi had been profitable for years and was among the four largest social networks, along with AOL, CompuServe and Prodigy. In 1986, while CEO of Delphi, Wes launched a spinoff, Global Villages, Inc. to serve magazine publishers and business clients with their own private-label social networks. Wes focused the attention of his new team on the need for reliable identities of individuals on the Internet, starting with the development of the VIVOS Enrollment Workstation. While developing VIVOS, Wes began collecting source material for a book about a hypothetical world public key infrastructure, built upon digital certificates representing measurably reliable identities, which would bring authenticity to online interactions and privacy to individuals. As the book began to take shape Wes was introduced to a group at the International Telecommunication Union that was attempting to implement a world PKI that was similar to the one he envisioned. Wes was subsequently appointed to the High Level Experts Group at the ITU's Global Cybersecurity Agenda. In an address in 2008 to the United Nations World Summit on Information Society in Geneva, Wes introduced the City of Osmio, a new certification authority. Wes's book, entitled Quiet Enjoyment, published in 2004 with a second edition in 2014, was followed by Wes's other titles including Don't Get Norteled in 2013 and Escape The Plantation in 2014. Scott Schober is an author, CEO of www.bvsystems.com and #cybersecurity expert that appears regularly on Bloomberg TV, Fox Business & Fox News, CCTV America, Canadian TV News, Al Jazeera America, Arise TV as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR. Scott has also authored 3 critically acclaimed cybersecurity books entitled Hacked Again, Cybersecurity is Everybody's Business and Senior Cyber all available on Amazon. @ScottBVS www.linkedin.com/in/snschober www.facebook.com/SeniorCyberBook www.instagram.com/scott_schober www.ScottSchober.com

Blue Security
Cloudflare Hacked, Intune Suite, Apple Stolen Device Protection

Blue Security

Play Episode Listen Later Feb 6, 2024 32:08


Summary In this episode, the hosts discuss the Cloudflare and Okta breach, the response and remediation efforts, the introduction of the Intune Suite, and the new stolen device protection feature on the iPhone. Takeaways Nation-state attackers have unlimited time to find weaknesses and exploit them, highlighting the asymmetrical nature of cybersecurity. Cloudflare's response and remediation efforts, including re-imaging and rebooting all systems on their global network, were impressive. The Intune Suite offers enterprise application management, advanced analytics, and cloud PKI, providing valuable tools for device management. The stolen device protection feature on the iPhone adds an extra layer of security by requiring biometric authentication for critical changes when the device is away from a familiar location. ------------------------------------------- Youtube Video Link: ⁠⁠⁠⁠⁠⁠https://youtu.be/n9dDfmX-A9Q⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Documentation: https://blog.cloudflare.com/thanksgiving-2023-security-incident https://www.microsoft.com/en-us/security/blog/2024/02/01/3-new-ways-the-microsoft-intune-suite-offers-security-simplification-and-savings/ https://support.apple.com/en-us/HT212510 ---------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Threads: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.threads.net/@bluesecuritypodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitch: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.twitch.tv/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Andy Jaw Mastodon: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://infosec.exchange/@ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message

The Canadian Investor
Shareholder Drama and TSMC Gets a Boost from AI

The Canadian Investor

Play Episode Listen Later Jan 25, 2024 57:37


Welcome to the latest episode of the Canadian Investor podcast with your hosts, Dan and Simon. Tune in as they delve into the latest financial updates and earnings reports. In this episode, they analyze Birchcliff's significant dividend cut, break down TSMC's earnings, unpack the shareholder feud at Parkland Fuel, dissect Goldman Sachs' financial performance, and share insights from a recent interview with CIBC's Deputy Chief Economist, Benjamin Tal, featured in The Globe and Mail. Stay informed and engaged with the Canadian Investor podcast as Dan and Simon navigate through the dynamic landscape of financial news and discussions. Ticker of Stocks discussed: TSMC, GS, PKI.TO, BIR.TO Check out our portfolio by going to Jointci.com Our Website Canadian Investor Podcast Network Twitter: @cdn_investing Simon's twitter: @Fiat_Iceberg Braden's twitter: @BradoCapital Dan's Twitter: @stocktrades_ca Want to learn more about Real Estate Investing? Check out the Canadian Real Estate Investor Podcast! Apple Podcast - The Canadian Real Estate Investor  Spotify - The Canadian Real Estate Investor  Sign up for Finchat.io for free to get easy access to global stock coverage and powerful AI investing tools. Register for EQ Bank, the seamless digital banking experience with better rates and no nonsense.See omnystudio.com/listener for privacy information.

Root Causes: A PKI and Security Podcast
Root Causes 355: Should a Managed PKI Provider Do Whatever the Customer Wants?

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Jan 19, 2024 22:30


In this episode we explore whether a managed PKI provider should give complete control over PKI decisions to the end customer or if it should enforce certain minimum standards and principles regardless of what the customer asks for.

Root Causes: A PKI and Security Podcast
Root Causes 353: Why Isn't PKI Everywhere?

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Jan 9, 2024 24:09


Our hosts firmly believe that PKI is a necessary component of all digital interactions. And yet there are still gaps in PKI implementation. We discuss these gaps and why they persist.

To The Point - Cybersecurity
Don't Take Data from Strangers with Stacy Jones

To The Point - Cybersecurity

Play Episode Listen Later Jan 2, 2024 56:23


Stacy is a self starter with a passion for cyber security. Co-Founder of Connected Transport Business Unit at Irdeto. Evangelist and active speaker on cyber security for the connected transportation space. Strong and demonstrated Stacy Janes, Head of Security at Waymo technical history in cyber security areas such as PKI, authentication/authorization, end-point security and ethical hacking. Proven history of building teams to solve difficult industry problems.  For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e266

Root Causes: A PKI and Security Podcast
Root Causes 351: 2024 Predictions

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Dec 27, 2023 18:08


We look forward to 2024 and predict trends for PKI, certificates, and digital identity. We discuss shortening certificate lifespans, Multi-perspective Domain Validation (MPDV), eIDAS 2.0, OCSP, post-quantum cryptography (PQC), Certificate Lifecycle Management (CLM), passwords, root stores, and government versus encryption. Plus, will Jason be sent to the gulag for not being Canadian enough?

Secure Ventures with Kyle McNulty
Live from CVF 2023: Mike Denning, CEO of SecureG

Secure Ventures with Kyle McNulty

Play Episode Listen Later Dec 26, 2023 34:39


Mike is CEO of SecureG, which is building cryptography solutions for communications infrastructure. In the episode we discuss their work with root of trust solutions and how the company is evolving towards more unique technology in building a PKI trust infrastructure for wireless.This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://secureg.io/

Root Causes: A PKI and Security Podcast
Root Causes 350: Public Certificates and the GDPR Right to Be Forgotten

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Dec 21, 2023 15:26


GDPR provides a "right to be forgotten," whereby individuals can demand the removal of PII from IT systems. This can run directly contrary to the transparency and permanence built into the DNA of public PKI systems. We explore this conundrum.

Root Causes: A PKI and Security Podcast
Root Causes 349: 2023 Lookback - Overall Trends

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Dec 18, 2023 22:36


We look back at PKI in 2023. Trends include artificial intelligence, enterprise crypto agility, the fall of OCSP, PKI everywhere, the weakness of passwords, and government versus the internet. We also look at last year's predictions and compare them to the year's events.

Security Masterminds
Special Episode - Loren Kohnfelder

Security Masterminds

Play Episode Listen Later Dec 14, 2023 45:28 Transcription Available


Feeling the frustration of constantly battling memory-related vulnerabilities in your code? What if I told you there's an unexpected twist in the story that could change everything? Join me as we explore the captivating journey of transitioning to memory-safe languages in programming, and uncover the game-changing solution that awaits. But that's a story for another time...Our special guest is Loren Kohnfelder and joined by Roger Grimes.Loren Kohnfelder, a distinguished figure in the realm of cybersecurity, is widely regarded as a trailblazer in the development of PKI (Public Key Infrastructure). His significant contributions to the RSA algorithm and its application in real-world scenarios have solidified his position as a thought leader in digital security. With extensive expertise in encryption and network systems, Loren offers a wealth of knowledge for developers seeking to navigate the transition to memory-safe languages. His pioneering work serves as a cornerstone in understanding the complexities of cybersecurity and the pivotal role of memory-safe languages in fortifying software against vulnerabilities. Loren's profound insights and experiences make him an exceptional guest, providing a comprehensive understanding of the evolution of digital security and its relevance to memory-safe languages.I think if there are specific pieces of code that are well contained and you can rewrite those in a memory safe language, that's a fine thing to do. But, for example, if you've got a library that's in the middle of a bunch of memory unsafe language code, and you write that into memory safe code, you're going to have bridge code connecting across that boundary, because you obviously can't just slip from memory safe land into memory unsafe land, where you're now taking on risk without managing those borders. - Loren KohnfelderIn this episode, you will be able to:Uncover the secrets of PKI with Loren Kohnfelder.Learn the benefits of transitioning to memory-safe languages.Overcome the challenges of rewriting large codebases.Explore the feasibility of adopting memory-safe languages in programming.Connect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganRoger Grimes: https://www.linkedin.com/in/rogeragrimes/Erich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.com