Podcasts about Randori

On episode 85 of Tatami Talk. We talk about how to develop your own judo development plan and use deliberate practice.* Intro / USJA National team [0:00] * USJF Nationals [28:17] * IJF Masters [37:13] * Developing your judo development plan [43:37] * Learning from doing things the wrong way on purpose [59:21] * Exploration in Randori [01:04:31] * Grips might be the problem, not the throw [01:09:37] * Varying up the training [01:14:11]------------------------------------------- Email us: tatamitalk@gmail.com Follow us on Instagram: @tatamitalk Juan: @thegr8_juan Anthony: @anthonythrowsIntro + Outro by Donald Rickert: @donaldrickertCover Art by Mas: @masproducePodcast Site: https://anchor.fm/tatamitalk Also listen on Apple iTunes, Google podcasts, Google Play Music and Spotify

Według badań około 70% organizacji zaobserwowało, że ich zewnętrzna powierzchnia ataku rozszerzyła się w ciągu ostatnich dwóch lat ze względu na rosnące wykorzystanie chmury, usług stron trzecich, IoT i zewnętrznych systemów. Jak dobrze chronione są polskie organizacje pod kątem cybernetycznym? Czy istnieje rozwiązanie, które w 100% uchroni firmę przed atakiem hakera? O tym opowie Grzegorz Porycki, Key Account Manager w Cloudware Polska. Rozmawia Paulina Kostro. Słuchając nagrania dowiesz się m.in.: • Czym jest Attack Surface Management i dlaczego z biznesowego punktu widzenia warto , pochylić się nad rozwiązaniami, które go wykorzystują? • Jakie są zalety rozwiązania Randori od IBM i czym wyróżnia się na tle innych tego typu narzędzi? • Czym jest Shadow IT i w jaki sposób rozwiązanie od IBM zapobiega temu zjawisku? • W jaki sposób sztuczna inteligencja może pomóc w ochronie cybernetycznej firm teraz i w przyszłości? Special Guest: Grzegorz Porycki.

Judo onderwijs is veelal nog traditioneel (ouderwets). Gelukkig is er veel onderzoek en ontwikkeling met betrekking tot motorisch leren en onderwijs. Ik ga een aantal podcast afleveringen maken over Judo onderwijs 2.0. Oftewel wat is achterhaald, wat kunnen we veranderen, aanpassen in het judo onderwijs om het aantrekkelijker, beter te maken voor onze judoka's. Hoe maken we betere judoka's, atleten. Allemaal met de insteek om judo leraren aan het denken te zetten en ze te dwingen verder te kijken dan het traditionele lesgeven op de tatami. De tweede podcast in deze serie zal gaan over niet lineaire methodiek voor judo onderwijs startende vanuit randori als basis van het leerproces. De podcast maakte ik in Zwolle met Engbert Flapper (judoleraar, docent opleiding JBN en docent Windesheim) en Joop Duivenvoorden (bewegingswetenschapper en docent aan CALO Windesheim). We hebben geprobeerd, zonder heel diep in te gaan op de theorie, een verhaal over ander judo onderwijs te vertellen.Joop DuivenvoordenEngbert FlapperAlle links met betrekking tot onze podcasthttps://linktr.ee/HajimeJudoPodcastHajime Judo Podcasthttp://hajimejudopodcast.nlhttps://www.facebook.com/HajimePodcasthttps://www.instagram.com/hajimepodcast

Overname Databand.ai: https://newsroom.ibm.com/2022-07-06-IBM-Aims-to-Capture-Growing-Market-Opportunity-for-Data-Observability-with-Databand-ai-Acquisition Overname Randori: https://newsroom.ibm.com/2022-06-06-IBM-Tackles-Growing-Attack-Surface-Risks-with-Plans-to-Acquire-Randori 148 Exabytes LTO verzonden in 2021: https://www.lto.org/2022/04/lto-tape-capacity-shipments-reach-new-record-in-2021/ Resource projecten: https://research.ibm.com/topics/trustworthy-ai#tools Homomorphic encryption: https://en.wikipedia.org/wiki/Homomorphic_encryption  Data Fabric oplossingen van IBM: https://www.ibm.com/analytics/data-fabric Gebruikte afkorting(en):LTO: Linear Tape OpenTSM: Tivoli Storage Manager Op- en aanmerkingen kunnen gestuurd worden naar: ofjestoptdestekkererin@nl.ibm.com

Randori, free-style practice or sparring, is an extremely important part of Judo training, and yet many Judokas have difficulty maximizing their time during randori sessions. This problem is exacerbated by the fact that there is a high injury risk in randori. How can we best utilize our randori time while staying safe? In this episode, Shintaro and Peter discuss how we should approach randori. Please support us on Patreon if you can: https://www.patreon.com/shintaro_higashi_show. Any amount helps!

Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!   Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices. Segment Resources: https://pixmsecurity.com/mobile/ This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk. Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw278

Introducing the concept of Tanium Data as a Service. When you've got a product like Tanium, that collects so much useful data - why would you want to keep it within Tanium? The 'Data-as-a-Service' model aims to increase the value of the Tanium product by safely sharing its data with other teams, tools, and groups within a customer's organization. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!   Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more! PIXM stops phishing attacks at point of click with computer vision in the browser, protecting users from phishing beyond the mailbox in any application. With the launch of PIXM Mobile, PIXM is now delivering this capability on iPhones as well as desktop devices. Segment Resources: https://pixmsecurity.com/mobile/ This segment is sponsored by Pixm. Visit https://securityweekly.com/pixm to learn more about them!   The rise in disclosed vulnerabilities, the speed they are weaponized, and the cyber talent shortage have left teams struggling to wade through a mountain of vulnerabilities. In this discussion, Mehul will discuss the need for a new way to cut through the noise to focus teams on prioritizing and fixing those critical vulnerabilities that will most reduce risk in each organization's environment. He'll also cover how Qualys is redefining risk and vulnerability management in the latest version of VMDR and share stories of how customers have leveraged this solution to dramatically reduce risk. Segment Resources: www.qualys.com/trurisk www.qualys.com/vmdr This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw278

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

Then, in the enterprise security news, CyberInt raises $28M for attack surface detection, RapidFort raises $8.5M for… pre-attack surface detection? Managing and monitoring your quantum devices? Making sure you don't lose access to your crypto wallets, IBM acquires Randori, Contrast Security makes some of their tools free, Rumble adds more interesting new features, Microsoft Defender for everyone, and more!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw278

En búsqueda de abordar los crecientes riesgos de la superficie de ataque (ASM), IBM busca adquirir la compañía Randori.

News from Lightning eMotors, Twilio, Randori, StackHawk, Red Canary, Coalfire and a lot more. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Seven Colorado Sites Make List of 150 Best Things to Do in the US This Summer Jared Polis signs law to make daylight saving time year-round in Colorado — but here's what has to happen first Colorado electric vehicle maker partners to offer autonomous passenger vans Twilio to shed downtown Denver office space as company goes remote Colorado has had a shortage of cybersecurity professionals for years. Here's how that's going.  IBM acquires offensive security startup Randori to bolster its cybersecurity toolkit National Cybersecurity Center Participates in UCCS Ribbon Cutting to Open New Cybersecurity Building, Housing Newly Formed Space ISAC Application Security Firm StackHawk Bags $20.7 Million in Series B Funding Microsoft recognizes Red Canary with its Security Trailblazer award A survey of FedRAMP's new supply chain requirements CSA Fall Summit Call for Papers is open Job Openings: Uplight - Cloud Security Engineer Uplight - Junior Security Analyst Spectrum - Director – Risk and Threat Management Granicus - Senior Director, Governance, Risk, and Compliance (GRC) Gates Corporation - Senior Manager of Cyber Security Operations Western Union - Information Security Engineer, Risk Assessment ULA - Chief Information Security Officer (CISO) Leader 6 Square - Embedded Security Engineer KP - Principal IT Engineer Infrastructure Security UCAR - Cybersecurity Risk & Compliance Analyst CoBank - Information Technology Security Architect Upcoming Events: This Week and Next: Let's Talk Software Security - Are Bug Bounty Programs Worth It? - 6/17 CSA Colorado - June Meeting - 6/21 ISC2 Pikes Peak - June Meeting - 6/22 DC303 - June Meeting - 6/24 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

REPORTE ESPECIAL sobre el inicio de la Feria Internacional de Franquicias 2022, que se realiza este 9, 10 y 11 de junio de 202. La información más relevante del mundo de los negocios: - Google anuncia compromiso de 1,200 millones de dólares en América Latina - IBM adquiere Randori, proveedor líder en ciberseguridad -Cofepris refuerza acciones contra clínicas estéticas irregulares, advierte sobre grupo empresarial presente en cinco estados - BIVA lanza programa para acelerar la adopción de criterios ASG en emisoras mexicanas -Nafin dará apoyo a inversionistas que deseen adquirir una franquicia -Franquicias, modelo de negocio que perdura en el tiempo -Grupo Somar va por educación médico gratuita ondemand -Aldo Conti, reconocida como "Marca Famosa" por el IMPI

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.  AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise.  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content. Randori's bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP.  All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

CISA and the Multi-State Information Sharing & Analysis Center (MS-ISAC), are releasing this joint Cybersecurity Advisory in response to active exploitation of CVE-2022-1388. This vulnerability is a critical iControl REST authentication bypass vulnerability affecting multiple versions of F5 Networks BIG-IP.  AA22-138A Alert, Technical Details, and Mitigations F5 Security Advisory K23605346 and indicators of compromise F5 guidance K11438344 for remediating a compromise Emerging Threats suricata signatures Palo Alto Networks Unit 42 Threat Brief: CVE-2022-1388. This brief includes indicators of compromise.  Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Threat Advisory: Critical F5 BIG-IP Vulnerability. This blog includes indicators of compromise. Note: due to the urgency to share this information, CISA and MS-ISAC have not yet validated this content. Randori's bash script. This script can be used to identify vulnerable instances of BIG-IP. Note: MS-ISAC has verified this bash script identifies vulnerable instances of BIG-IP.  All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

Among the many problems with the current social media enthusiasm for deplatforming is this question: What do you do with all the data generated by people you deplatformed?   Facebook's answer, as you'd expect, is that Facebook can do what it wants with the data, which mostly means deleting it. Even if it's evidence of a crime?  Yes, says the platform, unless law enforcement asks us to save it. The legal fight over a deplatformed group that defended historical statues (and may have shot someone in the process) will tell us something about the—law of deplatformed data as will the fight over Gambia's effort to recover evidence of deplatformed human rights evidence. In the end, though, we need a law on this question. Because, given their track record in content moderation, leaving the question to the discretion of social media will translate into platforms' preserving only evidence that hurts people they hate. Tired: Data breach reporting. Wired: Cyber incident reporting. The unanimous view of our news panelists, Paul Rosenzweig  and Dmitri Alperovitch, is that cyber policy has turned from reporting personal data breaches to reporting serious cyber intrusions no matter what data is compromised. The latest example is the financial regulators' adoption of a rule requiring banks and similar institutions to report major cyber incidents within 36 hours of determination that one has occurred.  But who will make that determination and with what certainty? Dmitri's money is on the lawyers. I think there's a great ER-style drama in the process: “OK, I'm going to call it.  No point in trying to keep this alive any longer. Time of determination is 2:07 pm.” Back after a long absence, we add an interview to the news roundup. David “moose” Wolpoff and Dan MacDonnell of Randori explain the consternation over their startup's use of a serious vulnerability to conduct realistic penetration tests of buttoned-up networks instead of reporting it right away to the software provider. They argue that the value of zero days for pentesting is great and the risk of harm low, if handled responsibly. In fact, the debate sounds a lot like the arguments around the table at a government Vulnerability Equities Process (VEP) meeting.  And that makes me wonder whether the people pushing for a stricter VEP have any idea at all what they're talking about. Dmitri lays out the surprising complexity and sophistication of the Iranian attempt to influence the 2020 election. I'm less convinced. The Iranian effort failed, after all, and it resulted in the hackers' indictment.  I dig into a recent brief by Hikvision claiming that the FCC lacks authority to bar sales of its products in the U.S. I'm only half convinced by the legal claim, but I am sure of this: The Hikvision argument has created an opportunity for some enterprising politician to sponsor quick, uncontroversial legislation giving the FCC the authority that Hikvision says it doesn't have. Dmitri explains the latest advance of the hardware hack known as Rowhammer. It may not be deployed routinely even now, he says, but the exploit makes clear that we will never entirely secure our cyber infrastructure. Paul and I agree that it's perfectly legal for the government to buy advertising data that shows citizens' locations. We more or less agree that some restraint on sales of location data—at least to the Russian and Chinese governments and maybe to anybody—are in order.  Paul and I offer muted and squeamish criticism of a Big Report claiming that child sexual abuse is exploding online. There's no doubt that it's a problem that deserves more legal and platform effort, but the authors did their cause no favors by mixing kids exchanging nude selfies with truly loathsome material. Dmitri and I perform a public service announcement about a scam that takes advantage of security habits that the banks have encouraged us to get used to. Zelle fraud is going to make us all regret those habits.  And hopefully it will finally get banks to use hardware tokens instead of text messages to verify our transactions. Germany and Mandiant are at odds in attributing the government sponsor of the Ghostwriter hacking gang. Germany, backed by the EU, says it's Russia. Mandiant says it's Belarus.  Dmitri says “Never bet against Mandiant on attribution.” I can't disagree. Finally, Dmitri joins me in an appreciation of Alan Paller, who died last week. He was a major influence in cybersecurity,  and a role model for successful entrepreneurs who want to give back using their institution-creating skills. Download the 384th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@steptoe.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

https://twitter.com/Esquiring - Fred Jennings Vulnerabilities Equity program (VEP), vuln disclosure program (VDP), and what is the best way for disclosure of 0day? (‘proper' is different and dependent) This show was inspired by this Tweet thread from @k8em0 and @_MG_https://twitter.com/k8em0/status/1459715464691535877 https://twitter.com/_MG_/status/1459718518346174465   Legal Safe Harbor? Copy-left for security researchers…? What is a VEP? Not a new concept (2014) https://obamawhitehouse.archives.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities Context: Was written when Heartbleed came out. About transparency, but within reason From the blogpost:“We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This interagency process helps ensure that all of the pros and cons are properly considered and weighed. While there are no hard and fast rules, here are a few things I want to know when an agency proposes temporarily withholding knowledge of a vulnerability: How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems? Does the vulnerability, if left unpatched, impose significant risk? How much harm could an adversary nation or criminal group do with knowledge of this vulnerability? How likely is it that we would know if someone else was exploiting it? How badly do we need the intelligence we think we can get from exploiting the vulnerability? Are there other ways we can get it? Could we utilize the vulnerability for a short period of time before we disclose it? How likely is it that someone else will discover the vulnerability? Can the vulnerability be patched or otherwise mitigated?”   Gov orgs involved in VEP: https://en.wikipedia.org/wiki/Vulnerabilities_Equities_Process   Assessing the Vulnerabilities Equities Process, Three Years After the VEP Charter   Companies have VEP (every time they issue a patch), but they aren't always transparent about it. Embargoes a plenty. https://www.redhat.com/en/blog/security-embargoes-red-hat https://xenproject.org/developers/security-policy/  (creates a caste system of ‘haves and not-haves'... important vs. not important) bad guys will target people not on the inside.   0day benefit from non-transparent VEP. https://www.randori.com/blog/why-zero-days-are-essential-to-security/   Randori had 365day… https://twitter.com/_MG_/status/1459024603263557633 https://twitter.com/JimSycurity/status/1459152870490574854 Preferred patch 8.1.17, issued october 2020   VEP does not always have to be 0day… can be solutions to issues: https://www.techdirt.com/articles/20210922/17095747614/fbi-sat-ransomware-decryption-key-weeks-as-victims-lost-millions-dollars.shtml “The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.   In a perfect world, what does disclosure look like?   Communication (easy, secure, detailed… pick 1) Separating wheat from chaff - ‘lol, i got root, pay me plz' Fear of NDAs and gag clauses Do people expect to be paid? Setup of a ‘cheap' program? What if you don't have a budget to pay out (or more accurately, mgmt won't pay out)? People won't disclose? Should you pay? Use a 3rd party?

https://twitter.com/Esquiring - Fred Jennings   Vulnerabilities Equity program (VEP), vuln disclosure program (VDP), and what is the a way for disclosure of 0day? (‘proper' is different and dependent)   This show was inspired by this Tweet thread from @k8em0 and @_MG_https://twitter.com/k8em0/status/1459715464691535877 https://twitter.com/_MG_/status/1459718518346174465   Legal Safe Harbor? Copy-left for security researchers…? What is a VEP? Not a new concept (2014) https://obamawhitehouse.archives.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities Context: Was written when Heartbleed came out. About transparency, but within reason From the blogpost:“We have also established a disciplined, rigorous and high-level decision-making process for vulnerability disclosure. This interagency process helps ensure that all of the pros and cons are properly considered and weighed. While there are no hard and fast rules, here are a few things I want to know when an agency proposes temporarily withholding knowledge of a vulnerability:   How much is the vulnerable system used in the core internet infrastructure, in other critical infrastructure systems, in the U.S. economy, and/or in national security systems? Does the vulnerability, if left unpatched, impose significant risk? How much harm could an adversary nation or criminal group do with knowledge of this vulnerability? How likely is it that we would know if someone else was exploiting it? How badly do we need the intelligence we think we can get from exploiting the vulnerability? Are there other ways we can get it? Could we utilize the vulnerability for a short period of time before we disclose it? How likely is it that someone else will discover the vulnerability? Can the vulnerability be patched or otherwise mitigated?”   Gov orgs involved in VEP: https://en.wikipedia.org/wiki/Vulnerabilities_Equities_Process   Assessing the Vulnerabilities Equities Process, Three Years After the VEP Charter   Companies have VEP (every time they issue a patch), but they aren't always transparent about it. Embargoes a plenty. https://www.redhat.com/en/blog/security-embargoes-red-hat https://xenproject.org/developers/security-policy/  (creates a caste system of ‘haves and not-haves'... important vs. not important) bad guys will target people not on the inside.   0day benefit from non-transparent VEP. https://www.randori.com/blog/why-zero-days-are-essential-to-security/   Randori had 365day… https://twitter.com/_MG_/status/1459024603263557633 https://twitter.com/JimSycurity/status/1459152870490574854 Preferred patch 8.1.17, issued october 2020   VEP does not always have to be 0day… can be solutions to issues: https://www.techdirt.com/articles/20210922/17095747614/fbi-sat-ransomware-decryption-key-weeks-as-victims-lost-millions-dollars.shtml “The FBI refrained for almost three weeks from helping to unlock the computers of hundreds of businesses and institutions hobbled by a major ransomware attack this summer, even though the bureau had secretly obtained the digital key needed to do so, according to several current and former U.S. officials. The key was obtained through access to the servers of the Russia-based criminal gang behind the July attack. Deploying it immediately could have helped the victims, including schools and hospitals, avoid what analysts estimate was millions of dollars in recovery costs.   In a perfect world, what does disclosure look like?   Communication (easy, secure, detailed… pick 1) Separating wheat from chaff - ‘lol, i got root, pay me plz'   Fear of NDAs and gag clauses Do people expect to be paid? Setup of a ‘cheap' program? What if you don't have a budget to pay out (or more accurately, mgmt won't pay out)? People won't disclose? Should you pay? Use a 3rd party?

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Watering hole attacks are getting much better How Israel's government used NSO to strengthen its diplomatic ties Randori sat on some PAN 0day. This is fine. Facebook outs state-backed ops FBi has unfortunate incident with its mail boxes Much, much more This week's sponsor interview is with HD Moore. He's the founder of Rumble, the network asset discovery scanner, and he's joining us to talk about some new tricks he's added to the product, like integrations with cloud service APIs and external discovery products like Censys. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes British news website was hacked to control readers' computers, report says Strategic web compromises in the Middle East with a pinch of Candiru | WeLiveSecurity Analyzing a watering hole campaign using macOS exploits Israel, spyware and corruption: NSO ties to Netanyahu, Bennett and other politicians - Israel News - Haaretz.com Pakistani hackers operated a fake app store to target former Afghan officials - The Record by Recorded Future Exclusive: A Cyber Mercenary Is Hacking The Google And Telegram Accounts Of Presidential Candidates, Journalists And Doctors New Moses Staff group targets Israeli organizations in destructive attacks - The Record by Recorded Future Kevin Beaumont on Twitter: "Pay attention to this one when it's out. I haven't seen it, but it's possible to use BitLocker to remotely (re)encrypt every endpoint in AD in a way that only the attacker can decrypt… and it bypasses sec solutions. So I imagine it's that." / Twitter Hacker sends spam to 100,000 from FBI email address Booking.com was reportedly hacked by a US intel agency but never told customers | Ars Technica ‘Ghostwriter' Looks Like a Purely Russian Op—Except It's Not | WIRED Emotet botnet returns after law enforcement mass-uninstall operation - The Record by Recorded Future Canadian health systems recovering from breach that forced thousands of appointment cancellations Dustin Volz on Twitter: "@riskybusiness @DAlperovitch I think folks outside government can also underestimate how much agencies rehearse talking points and in testimony like this and try to be always on the same page—unless they don't want to be. And that adds to the sense of “conflict” or “disagreement” for some of us." / Twitter CERT-PL employees rally around politically-dismissed chief - The Record by Recorded Future US detains crypto-exchange exec for helping Ryuk ransomware gang launder profits - The Record by Recorded Future Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating | Ars Technica DDR4 memory protections are broken wide open by new Rowhammer technique | Ars Technica New secret-spilling hole in Intel CPUs sends company patching (again) | Ars Technica GoCD bug chain provides second springboard for supply chain attacks | The Daily Swig ‘Add yourself as super admin' – Researcher details easy-to-exploit bug that exposed GSuite accounts to full takeover | The Daily Swig Adult cam site StripChat exposes the data of millions of users and cam models - The Record by Recorded Future Hundreds of WordPress sites defaced in fake ransomware attacks - The Record by Recorded Future

https://www.bleepingcomputer.com/news/security/us-education-dept-urged-to-boost-k-12-schools-ransomware-defenses/ https://securityaffairs.co/wordpress/124570/cyber-crime/fbi-hacked-email-server.html https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/   https://www.randori.com/blog/why-zero-days-are-essential-to-security/ https://twitter.com/_MG_/status/1459024603263557633 “Hey... did anyone notice that PAN 0day was fixed in a version that was released over a year ago?    Guess it wasn't easy to notice under all the loud opinions about ethics.”   https://twitter.com/_MG_/status/1459038747807285253/photo/1

“You're holding too tight…Ouch let go of me!” Sandra was starting to panic as her date's short squeeze had turned into a way too tight bear hug. “LET GO OF ME!' Sandra said in a commanding tone, and just like her self defense instructor Jess had taught her, Sandra drove her hips back into his center, smashed her knuckles into the back of his hand, and drove forward with her hips breaking his hold. “I said no, and no means no!” Her startled date turned bright red, quickly apologized and drove her home, accompanied by her friend. RELEASE what doesn't work. In life how many times do we either accept being held by someone, or something that doesn't work, or hold on to something that isn't working far too long? It's like the proverbial monkey trap. Monkey seen banana in jar, monkey inserts hand, grabs banana and refuses to let go. Monkey hunter easily collects monkey to live out the rest of his days in captivity. When we don't let go, or RELEASE ourselves from things that don't work, we loose life. In the monkey's case, all of it. In self defense we know that immediate reaction is superior to delayed reaction. That's why we practice getting attacked, and reaction to certain attacks over, and over to essentially learn RELEASING in what students of HAPKIDO call Randori or Kyrogi, or practice sparring. When's the best time to RELEASE? Before it happens. The next best time is as soon as you sense something, or someone you don't approve of start to take hold. Or something that isn't working begins to take hold. The worst time is when you're in a locked down, locked in, taken to the ground situation. Then it takes far more energy and precious time to RELEASE. Sounds simple right? Then why don't you do it…? If something isn't working for you RELEASE! When? Immediately, because the longer you're trapped, the more life is lost…RELEASE now! RELEASE. Allen Hughes Warrior Way Life Defense #lifedefense #release #allenhughes. Photo from Pexels --- Send in a voice message: https://anchor.fm/allen-hughes/message

In this special bonus episode, listen in on a conversation I had with former guests Randy King and Rory Miller as they travel around the United States on their epic RandRory Seminar Tour. Find out more about the tour here: https://www.facebook.com/groups/326802868398295

In this special bonus episode, listen in on a conversation I had with former guests Randy King and Rory Miller as they travel around the United States on their epic RandRory Seminar Tour. Find out more about the tour here: https://www.facebook.com/groups/326802868398295

Teressa Gehrke, Founder at PopCykol is our guest this week. Check out the PopCykol website for more information. News from United Airlines, Boom Supersonic, Datadog, JBS, Guild Education, Coalfire, Swimlane, Lares, Randori, Husch Blackwell, Red Canary, and a lot more! Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week's news: Join the Colorado = Security Slack channel Denver metro is getting a new area code next spring United Airlines buys 15 supersonic planes from Colorado-based jet startup Ransomware attack on Colorado-based JBS USA rattles beef industry, White House gets involved New York-based Datadog plans to bring 400 high-paying tech jobs to Denver Denver unicorn raises $150M Series E funding that values company at $3.75B Nearly 200 companies with Colorado customers reported data breaches in past 16 months Significantly Amended (Again) Colorado Privacy Act Passes Senate Coalfire acquires Denim Group Swimlane announces Key Additions to Leadership Team Introducing Sysmon Config Pusher Biden's Cybersecurity EO: The Wrong Issues What the White House Ransomware Memo Got Wrong What is normal? Profiling System32 binaries to detect DLL Search Order Hijacking European Commission Adopts New Standard Contractual Clauses Job Openings: Platform.sh - Security Engineer (Remote) Spectrust - SENIOR DEVSECOPS ENGINEER RxRevu - Senior DevSecOps Engineer The Trade Desk - Information Security Engineer Opentext - Senior Research Engineer - Network Security 1 Department of Energy - Information Technology Auditor (Recent Graduate) PayPal - Senior Product Security Engineer Jeffco Public Schools - Senior Information Security Analyst Oracle - Development Security Manager Ball Aerospace - Security Architect Senior Upcoming Events: This Week and Next: NCC - Cyber Patriot Camps - 6/7-25 RMISC - 6/8-10 What is Threat Modeling and why should I care? - 6/11 ASIS - PROPAGANDA AND EXTREMISM TODAY - 6/17 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

An in depth analysis of Steven Seagal's randori, and how his method translates to his movie action sequences. For more information about Spirit Aikido Online: http://spiritaikido.com/spiritaikidoonline Paypal tipjar: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=B6AX94H6N4HBG Audio Credits: Jingle Punks. Thank you for making royalty-free music available!

Cal Jones is an advanced Judo coach from North Wales. He has been exploring the application of ecological approaches since he was exposed to the approaches as a participant by a coach who he describes as 'intensely likeable'. His post graduate research saw him create an assessment tool (called an RPAT) to assess how representative a practice activity in Judo is. In this conversation Cal and I discuss the application of ecological approaches to Judo and the challenges to applying these approaches in certain contexts and against a set of culturally resilient expectations that are hardwired into the psyche of the Judo community. Its a fascinating conversation. Hope you enjoyQuick warning...there is some poor sound early in the episode but it doesn't last for long and we get it fixed...its worth persevering!

An analysis of a great clip of a randori by Mitsugi Saotome from 1970. For more information about Spirit Aikido Online: http://spiritaikido.com/spiritaikidoonline Paypal tipjar: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=B6AX94H6N4HBG

An in depth analysis of some clips of Gozo Shioda's randori. For more information about Spirit Aikido Online: http://spiritaikido.com/spiritaikidoonline Paypal tipjar: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=B6AX94H6N4HBG

This week we celebrate reaching 50 episodes! We have a quick chat about getting the most from randori and then its giveaway time. For those listening in the UK, Mizuno UK have kindly donated a set of uchikomi bands to the show to giveaway to a lucky listener! We want you to let us know your favourite Ippon. Send entries, along with a link to the score, to the podcast on facebook or twitter (@originaljudopod). Closing date for entries is Sunday 21st June, the top 5 and winner will be announced and decided on the podcast the following week. Huge thanks to Mizuno Uk for supporting the show. You can find them at judogis.co.uk

Vincent est de retour pour ce second épisode de "Randori" avec comme invité Florent Luccioni, ceinture noire de jiujitsu brésilien, historien et grand connaisseur de l'histoire de l'histoire de notre sport. Vincent et Florent passe en revu les mythes de l'histoire de la famille Gracie, depuis les origines, son importation du Japon avec Mitsuyo Maéda ; les différences et similitude entre judo et jiujitsu... La vérité sur le JJB n'est peut etre pas celle que vous croyez ! N'hésitez pas à commenter et nous faire part de votre avis ! ✔️Animateur https://www.instagram.com/vincenguyenbjj #jiujitsu #podcast #CleanHugs

Castagne FM s'agrandit et vous propose désormais une nouvelle émission, "Randori avec Vincent Nguyen" qui viendra s'ajouter à vos émissions régulières. Le principe est simple : une émission, un invité, un thème spécifique. Pour cette première émission c'est le célèbre préparateur physique Nicolas Ott qui est avec l'invité du randori. Il travaille entre autre à la MMA Factory et au CREPS. Les thèmes abordés en autre : -quelle préparation physique pour devenir champion du monde de JJB (cycles, modalités, etc) -quel est l'âge idéal pour commencer le jjb pour devenir champion -quelle prepa physique proposer à un jeune athlète (adolescent) N'hésitez pas à commenter et nous faire part de votre avis ! ✔️Invité https://www.instagram.com/smartfight.fr ✔️Animateur https://www.instagram.com/vincenguyenbjj #jiujitsu #podcast #CleanHugs

Howard Haile, VP and CISO at SCL Health is our feature guest this week. News from: Misty Robotics, Chinook Tavern, Dish Networks, CenturyLink, CyberGRX, StackHawk, Randori, Red Canary, Optiv, ThreatX and a lot more! Robots really are coming for your job Boulder’s bringing in robots to take front-desk worker jobs. Chinook Tavern blows out of town. Dish gets the “all clear” for their wireless business. CenturyLink is thinking about selling the consumer business (we hope Comcast doesn’t buy it). Colorado Inno list includes some familiar names. MIT says the Denver voting app has vulns. Randori launches. Red Canary, Optiv and ThreatX bring us blogs this week. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Boulder’s Misty Robotics has made it easier to turn its robots into front-desk workers Chinook Tavern Closes After a Quarter Century Serving German Cuisine Judge rules in favor of T-Mobile/Sprint merger, clearing way for Dish as a major national carrier CenturyLink is still considering selling its consumer business Introducing Colorado Inno's 2020 Tech Madness Finalists MIT study: voting app that Denver used could be hacked Randori introduces “Red Team” attack platform as a service PUP training: the importance of detecting potentially unwanted programs #AskOptiv: Defending Against AI Weaponized Threats OWASP TOP 10: APIS TAKE CENTER STAGE IN LATEST LIST OF PRIORITIES Job Openings: Ping Identity - Product Security Engineer Ping Identity - GRC Analyst - BCP & IR Ping Identity - Senior Infrastructure Security Analyst Centurylink - Head of Enterprise Security Centurylink - Head of Product Security Xanterra Travel Collection - Director of Information Security BofA - Senior Manager SSO Solutions BofA - Information Security Engineer Elastic - InfoSec - Risk Management Analyst Empower Retirement - Principal Security Engineer US Department of the Interior - IT CYBERSECURITY SPECIALIST deepwatch - Threat Hunter Upcoming Events: This Week and Next: CSA - February Chapter Meeting - 2/18 Emerging Tech Fan - Co-Event with IoT Colorado - 2/18 NoCo Cyber Security Professionals Meetup - 2/18 ISSA C.Springs - February Chapter Meetings - 2/18-19 OWASP - February Meeting - 2/19 DenSec - February Meetup - 2/19 ISSA Denver - Women in Security - 2/19 IAPP Denver KnowledgeNet - Mr Young AI: A case study in designing for privacy - 2/20 ISACA Denver - February Chapter - 2/20 ISSA Denver - Privacy Special Interest Group - 2/20 SecureSet - Capture the Flag for Beginners - 2/21 ISSA C.Springs - Mini Seminar - 2/22 ISSA Denver - Privacy By Design Workshop - 2/24 ISC2 Pikes Peak - February Chapter Meeting - 2/26 SOAR w/Swimlane @ Highland Tap and Burger - 2/27 Salesforce Tower Ohana Floor Tour @ RSA - 2/27 DerbyCom - February Meeting - 2/28 DC303 Monthly Meetup - 2/28 C.Springs - Cyber Space Game Jam - 2/28-3/1 Other Notable Upcoming Events SnowFROC - 3/5 RIMS 2020 - 5/3-6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Patrick Walsh, CEO of Iron Core Labs is our feature interview this week. News from: Techstars, Ibotta, Pax8, DISH, Snapdocs, Ping Identity, Randori, Red Canary, LogRhythm, Intelisecure and a lot more! Go to Denver for your next vacation! Denver is a top destination (in the world). VC money likes to find its way to town as well. Check out the biggest growing private companies in town. DISH is bringing a 2000 employee wireless HQ to Denver. Snapdocs will bring 600+ jobs from California. Ping releases brand research. Randori makes some noise. Blogs from Red Canary, LogRhythm and Intelisecure. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Denver Named One of the Best Travel Destinations in the World - 5280 $1 billion has flowed from venture investors to Front Range companies this year The rankings are in: Here are Denver’s fastest-growing private companies Dish promises 2,000-worker wireless HQ in Colorado as AG drops out of Sprint-T-Mobile merger lawsuit California mortgage tech firm Snapdocs plans to bring 635 jobs to Denver 81% of Consumers Would Stop Engaging with a Brand Online After a Data Breach, Reports Ping Identity Randori Recon acts like a hacker to reveal your weaknesses Detecting SharePoint attacks via worker process activity The Only Unlimited SIEM Data Plan in Town | LogRhythm Closing the CyberSecurity Skills Gap: Part 1 Job Openings: Velocity Global - Information Security Manager CenturyLink - Lead Security Architect Bank Of America - Secure Usability Architect PDC Energy - Senior Information Security Engineer Charter - Security Engineer – Tier 3 SOC Analyst US Department of the Interior - IT Cybersecurity Specialist, GS-2210-14 (RF-DH) Denver International Airport - Lead Information Technology Auditor Grant Thornton - Risk Advisory- Controls (IT) Sr. Associate Shutterstock - Penetration Tester PWC - Cybersecurity and Privacy Associate Upcoming Events: This Week and Next: Prologis Hosted China Cybersecurity Discussion - 10/29 SecureSet - Speaker Series: Intro to Software Security with Tremaine Island - 10/29 SecureWorld 2019 - 10/29-30 IAPP KnowledgeNet - CCPA: Updates and the top 10 things companies should focus on to comply - 10/30 Colorado Springs Cybersecurity First Friday - 11/1 SANS SEC504 Mentor (Mike Harris) - 11/1 2019 APEX Awards - 11/6 Splunk 1st Thursdays @ Top Golf - 11/7 CSA Fall Summit - 11/7 SecureSet - Extended Capture the Flag – Beginner and Professional! - 11/9 Other Notable Upcoming Events View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

Taylor Lehmann: So You Wanna Be a Healthcare CISO…?       LLLLLLLLLAAADIIIEEEEEZZZZZ aaaannnnnnd GEEEENNNNNTLLLLEMEEENNNNNN!!!!!   At 6 feet and 1 inches tall and weighing in at 230 pounds… Hailing from University at Buffalo… Managing an ecosystem made up of Over 160 THOUSAND partners and 120 MILLION patients From greater metropolitan Boston MAAAAASSSSAchusetts   YOUR Chief Information Security Officerrrrrr…   Wouldn’t it be great if that’s your day started every day as a CISO? Breaking News: Being a CISO is a hard job   You don’t get many, if any, Pro Wrestling style introductions   How hard a gig is this?   Our friends at Nominet Cybsecurity released a report this summer called Life Inside the Perimeter: Understanding the Modern CISO. It shone a harsh spotlight on the oftentimes brutal life of a CISO. Here 3 key stats to keep in mind whenever you heard the term CISO… Nearly 70% discovered malware hidden on their networks for an unknown period of time Less than a third are in their job for more than three years Nearly 17% of CISOs are either medicating or using alcohol to deal with job stress   To paraphrase Forrest Gump… being a CISO is TOUGH   Now… just to add fun and excitement… try bing a CISO for an organization who is literally handling the technology that cures disease, heals the sick and saves lives   This week on Insecurity, Taylor Lehmann returns as the newly minted CISO at athenahealth. Matt Stephenson asks Taylor about what is involved as an outgoing and incoming CISO in healthcare. They also chat about what happens when a CISO goes from managing 10,000+ patients to 100 MILLION+ patients. No pressure right?   About Taylor Lehmann Taylor Lehman (@sidechannelsec) is the Vice President and CISO at athenahealth.  In a previous life, he was the CISO at Wellforce and Tufts Medical Center. He is also in demand as advisor, working with companies including IBM Security Global , Obisidian Security and Randori, among others. Additionally, Taylor is helping to carve the future with his advisory work with graduate students at MIT and Northeastern University. Taylor is also an expert in securing software development and delivery, and is on the boards of Gartner Evanta, the HITRUST Community Extension Program, the TPA Summit, and the Business Associate Council. Somehow, he still finds time to raise 3 kids and trade punches and throws while training in mixed martial arts.   About Matt Stephenson     Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Broadcast Media team at BlackBerry, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Matt to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

Leo Valdes is an accomplished Athlete and coach. We talk about everything Grappling from kids programs to adult competition. His days as a cage fighter to his student in the UFC. 

In this episode: David Wolpoff, CTO of Randori is our feature guest this week. News from: Navigant, Arrivo, Girls Go CyberStart, LogRhythm, Red Canary, and a lot more! Millenials + Autonomous Vehicles - Hyperloop = Traffic Millenials appear to like Denver. Our traffic is bad, but not as bad as a lot of other places. It doesn’t look like the hyperloop is going to help us with that at all. There are going to be a LOT of automated vehicles on the road soon which might. SANS and the State of Colorado are running a program again to get girls interested in cybersecurity. LogRhythm’s CTO has a taken on the maturity of your security operations. And finally, Red Canary talks about evasion techniques in phishing emails. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Millennials are flocking to Denver Denver’s traffic is bad, but not as bad as these other 18 cities Automated vehicle deployments expected to reach 34M by 2035 Hyperloop test track company shuts down State’s 2019 Girls Go CyberStart program to award more than $200K in prizes and scholarships A CTO's Take on the Security Operations Maturity Model Defense Evasion and Phishing Emails Job Openings: Ping Identity - Manager of Security Operations and Engineering Arrow Electronics - Senior Incident Response Security Engineer Western Union - Senior Info Security Analyst NREL - Energy Systems Cyber-Physical Security Researcher Denver Health - IS Security Analyst II Great West - Legal Counsel - Privacy CenturyLink - Information Security Engineer US Bank - Information Security Systems Architect Kaiser Permanente - Cyber Threat Intelligence Undergrad Intern Velentium - Medical Device Cybersecurity Systems Engineer Upcoming Events: This Week and Next: Managed Security Services Forum Denver - 2/26 SecureSet - Cybersecurity Career Convos: Jason Zaffuto on Pen Testing - 2/26 CTA - Tech Day at the Capitol - 2/27 ISC2 Pikes Peak - February Chapter Meeting - 2/27 NCC - NCC hosts the Smalls Meeting - 2/28 SecureSet - Capture the Flag: Cybersecurity Hackathon! - 3/1 NCC - Beyond Bitcoin: Blockchain 101 for Beginners - 3/6 SecureSet - Hacking 101: Powershell - 3/7 Other Notable Upcoming Events SnowFROC - 3/14 Rocky Mountain Information Security Conference (RMISC) - 6/4-6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

In this episode: Elaine Marino, Founder at LadyCoders is our feature guest this week. News from: Leopold Brothers, CTA, Randori, Red Canary, Secure64, root9B and a lot more! Colorado = Whiskey You don’t have to go to Kentucky to get good whiskey. Digital license plates are coming. Here are 50 startups worth keeping an eye on. Security makes a list of top tech towns. SheTech comes to town. Colorado has breaches. Colorado also has Randori. Red Canary tells us how to detect Emotet. Secure64 sees a billion points of light. And root9B had a special Valentine’s Day message for you. Support us on Patreon! Fun swag available - all proceeds will directly support the Colorado = Security infrastructure. Come join us on the new Colorado = Security Slack channel to meet old and new friends. Sign up for our mailing list on the main site to receive weekly updates - https://www.colorado-security.com/. If you have any questions or comments, or any organizations or events we should highlight, contact Alex and Robb at info@colorado-security.com This week’s news: Join the Colorado = Security Slack channel Leopold Bros. ranks among Esquire's best whiskey distilleries in America Experts believe digital license plates could be coming to Colorado Built In Colorado’s 50 Startups to Watch in 2019 CompTIA Tech Towns Research Report CTA hosts SheTech Explorer Day to inspire female techies Nearly 3 dozen cybersecurity breaches reported in Colorado since start of consumer data-privacy law Meet the Denver startup that launches cybersecurity attacks on businesses Red Canary blog - Detecting Emotet and Preventing Lateral Movement Secure64® Surpasses 1 Billion Subscriber Milestone Happy Valentine’s Day 2019 – R9B Job Openings: Ping Identity - Manager of Security Operations and Engineering Charles Schwab - Senior Analyst - Service Provider Oversight Code42 - Senior, Security Risk and Compliance Analyst Deloitte - Cyber Cloud Security Sr. Engineer (Microsoft Office 365/Enterprise Mobility & Security) Twitter- Application Security Engineer Stantec - IT Security Analyst GBProtect - Cyber Security Hunt Analyst Spectrum - Security Engineer 1 - SOC Analyst Kaiser Permanente - IT Senior Auditor Verizon - Dark Web-OSINT Investigative Research Consultant (Colorado Springs) Upcoming Events: This Week and Next: ISSA Denver Women in Security - February Meeting with Colorado = Security - 2/19 CSA CO - February Meeting - 2/19 OWASP Denver - February Meeting - 2/20 (Chinook) ASIS - Selecting a Trusted Business Partner - 2/20 CitySec - February meetup - 2/20 (Rheinhaus) SecureSet - Hacking 101: Asset Management - 2/21 Office Hours with Davis Graham & Stubbs - 2/22 Managed Security Services Forum Denver - 2/26 SecureSet - Cybersecurity Career Convos: Jason Zaffuto on Pen Testing - 2/26 CTA - Tech Day at the Capitol - 2/27 ISC2 Pikes Peak - February Chapter Meeting - 2/27 NCC - NCC hosts the Smalls Meeting - 2/28 SecureSet - Capture the Flag: Cybersecurity Hackathon! - 3/1 Other Notable Upcoming Events SnowFROC - 3/14 Rocky Mountain Information Security Conference (RMISC) - 6/4-6 View our events page for a full list of upcoming events * Thanks to CJ Adams for our intro and exit! If you need any voiceover work, you can contact him here at carrrladams@gmail.com. Check out his other voice work here. * Intro and exit song: "The Language of Blame" by The Agrarians is licensed under CC BY 2.0

David "Moose" Wolpoff, CTO of Randori, gives a glimpse into the life of a Red Team Operations professional.

We are joined on the podcast by David Wolpoff, better known as Moose, CTO at Randori. With high profile breaches making headlines every day, and enterprises spending more on tools and solutions than ever, Moose talks about how companies can create an effective security strategy and defend themselves instead of merely throwing money at the problem.

L’association de Judo Ketsugo privilégie la qualité technique et pas la performance à tout prix. L’idée du véritable Randori doit être…

Frank Mercsak und Carsten Rosengarth sprechen über Aikidō und wie dieser Sport in Deutschland praktiziert wird.

Frank Mercsak und Carsten Rosengarth sprechen über Aikidō und wie dieser Sport in Deutschland praktiziert wird.

Randori in aikido is the ultimate expression of its capabilities. This is my interest and passion, and I'm looking for like minds and people who want their aikido to include strong randori skills. For more information about Spirit Aikido Online:http://spiritaikido.com/spiritaikidoonline

This podcast discusses the roles jiyu-waza and randori play in the training spectrum.