Podcasts about secbiz

The BizSec Podcast is THE podcast that brings information security concepts and news into the boardroom, translating geek into business. Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. We’re glad to have you subscribed on iTunes, Youtube or however you’re finding us and we always appreciate your 5-star reviews. Follow the conversation with us on Twitter @bizsecpodcast and find more information, links and show notes at BizSecPodcast.com. In this episode we will cover the recent news in information security, and go over the recent mergers and acquisitions in this area. Find out more at: http://www.bizsecpodcast.com/2014/02/18/recent-mergers-acquisitions-information-security-companies/ 

The BizSec Podcast is THE podcast that brings information security concepts and news into the boardroom, translating geek into business. Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. We’re glad to have you subscribed on iTunes, Youtube or however you’re finding us and we always appreciate your 5-star reviews. Follow the conversation with us on Twitter @bizsecpodcast and find more information, links and show notes at BizSecPodcast.com. This episode: Our friend Zlatko Unger talks about his recent trip to Beijing and Shanghai with his MBA classmates What are the advantages of leveraging resources and assets in China? How safe is intellectual property? What are some techniques of leveraging the advantages of producing in China, while keeping your IP safe? Find more over here: http://www.bizsecpodcast.com/2014/01/18/a-journey-from-the-west/ ‎

Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. The big story this episode is the news that the NSA intentionally weakened encryption standards and products, allowing them … and who else … to get access to what you thought was protected. For details visit our show notes: http://www.bizsecpodcast.com/2013/09/12/business-security-podcast-critical-crypto-compromise/

Each episode we’re going to be talking about information security and technology security issues that matter to business, not just the technologists. Our first podcast, episode 0, is a brief introduction to us, our background, the podcast and why you should subscribe. For more detail see our show notes: http://www.bizsecpodcast.com/2013/08/26/introducing-the-bizsec-podcast/

In this episode... Live (live-to-tape) from 44Con, London, England. It's amazing, listening to this episode recorded at 44Con last fall, how little the landscape of enterprise security has changed. I took some time during the busy conference to sit down with Ian Amit and Dennis Groves to discuss Ian and my talks (which were perfectly aligned, and completely unplanned!) on the state of security in the enterprise. It's always interesting to get the perspective from 2 industry-well-known speakers and thinkers. We discuss the topics of #SecBiz including the role of security in the enterprise, the challenges business security professionals face, metrics and why we have some of the crazy change management failures in security. We laugh, we almost start to cry - but ultimately come to the realization that we need change. Ian and Dennis and I are working on driving that change! Guests Iftach Ian Amit ( @iiamit ) - Seasoned manager in the security and software industry with vast experience in a myriad areas of software (from enterprise security, through retail oriented, to end user software and large back-end systems). Highly experienced in leading marketing opportunities, and translating technical innovation into marketable concepts that increase sales and exposure. Information Security expert with vast experience ranging from low level technical expertise and up to corporate security policy, regulatory compliance and strategy. BlackHat and DefCon speaker, with vast experience in public speaking and private customer focused seminars. Founding member of the PTES (Penetration Testing Execution Standard), IL-CERT, and the Tel-Aviv DefCon group (DC9723). Dennis Groves - Dennis's work focuses on a multidisciplinary approach to risk management. He is particularly interested in risk, randomness, and uncertainty. He holds an MSc in Information Security from the University of Royal Holloway where his thesis received a distinction. He is currently a UK expert for the UK mirror of ISO subcommittee 27, IT Security Techniques, working group 4, Security Controls and Services at the British Standards Institute. He is most well known for co-founding OWASP.

Synopsis Security has an interesting view on "business decisions", and in this podcast episode recorded at GrrCon 2012 in Grand Rapids, MI I sit down with some of the talent behind MISEC and we discuss #SecBiz topics of interest including the ugly phrase "it's a business decision" and why we say that. We also dive into how decisions are made, and why security and business are still often at odds on goals and acceptable 'risks'... and why our recommendations and guidance still falls on seemingly deaf ears. We sample some of the sage wisdom of J.W. Goerlich as he runs his IT and security organization, and how he asks his security employees to think business, and put themselves into the frame of reference of the business when making decisions. Jen Fox brings up Miller's Law, and teachs us to ask "What is that true of?" when framing discussions in the business context with non-technologists. Jen makes us think about frames of reference. She tells us that we must assume that a statement someone makes is true ... from their frame of reference and we simply must get inside their frame of reference to understand their thinking. Steven Fox gives us a little bit of a glimpse into the government world where you can't always go sit down with the decision maker, and have to depend on your relationships, cooperation, and sometimes back-room politics to get things done. I invite you to listen in, this is a timeless discussion that everyone should participate in. Guests J.W. Goerlich - @JWGoerlich - Information Systems and Information Security Manager. Regular InfoSec practitioner, occasional speaker and writer. INTJ. #MiSec, #BSidesDetroit, #CSA, #Owasp Jen Fox - @J_Fox - Making security accessible to the end user. Independent consultant, biz analyst, tech-to-biz translator, and diplomat. CIPP/IT and locksport enthusiast. Steven Fox - @Securelexicon - I am a Security Architect at the U.S. Dept of the Treasury & Penetration Tester passionate about security as a business value and differentiator.

Synopsis   This month's cal lkicks off 2012 with a big question - "Do security professionals follow their own policies?" ... and as we talk through this issue we discover that there are other subtleties to this question.  Does it make sense for Information Security to have separate accounts for general and administrative access?  Does a securit policy fail if it does not account for 'exceptions' to that policy - legitimate exceptions?  What about an exception policy that allows information security professionals to navigate complex policy issues and receive 'allowances' to do their jobs without being limited by the general user policy?   These are complex questions that we tackle, and offer some guidance for ... and in the end, things aren't as simple and black-and-white as we'd all like ... you'll just  have to listen to hear the advice we dispense! Guest [Co-Host] Michelle Klinger of EMC Consulting joins me to co-moderate the first SecBiz 2012 monthly call.  Michelle is currently a consultant with EMC.

Synopsis   My guest David Elfering (@icxc on Twitter) and I go all over the map covering various SecBiz related topic, and come up with a fantastic set of quotes including: "No matter how long you hold the light bulb up, the world will not revolve around InfoSec" and other gems.  We talk through how to present to a business group or executive, the communication and written skills required and various other topics related with bridging the business - security gap.  This is a great episode to listen to - we cover a lot of ground. Guest David Elfering (@icxc) - David is the Senior Director of Information Security over at Werner Enterprises out of Omaha, NB.  David is a verteran of the IT industry providing leadership at corporate level, building and leading the security program and infrastructure for a two billion dollar, multi-national corporation. Experience at community, state and national levels with FBI Infragard, Nebraska Infrastructure Protection Council and the SANS Institute. Able to translate information security practices to business advantage. Experienced speaker, instructor and mentor. Member ISSA CISO Executive Forum. CRISC #1115272

Synopsis   This is a special episode for anyone who's feeling like "Information Security" in their small business is impossible.  My guests and I talk through how to make information security a proper entity that can both serve the business need, and be respected; more than just survival, it's about making security thrive in the small business.  Michael potificates on what makes the security community such a valuable resource to security managers in his position, and we go into what advice you could give a vendor selling into a small business ... what a fascinating discussion! Guests J.W. Goerlich - Network and Security Manager for a midwestern financial organizationWolfgang has 15 years in IT, with a InfoSec focus for the past 5 years. He has a deep background in risk management and business continuity for SMB firms. Michael Allen - Information Systems Security Officer for a Jamaican-based financial Institution. Michael has over 8 years experience in IT, with a focus on Infosec during the last 4 years. He has a strong background in application development with a keen interest in penetration testing, software security assurance and network security. Links The "SecBiz" group on LinkedIn: http://www.linkedin.com/groups/SecBiz-4001160?gid=4001160&trk=hb_side_g

This is the inaugural podcast episode of Down the Rabbithole. Our podcast focuses on security, but from a business perspective and shines a light on the often misunderstood connection between Information Security and "business". Today's guests were: Chris Nickerson - Founder, Lares Consulting Will Gragido - Lead Researcher, HP TippingPoint DV Labs Martin McKeay - Security Evangelist, Akamai The topic for today's podcast was the question: "Everyone's getting hacked, should I panic?" ...and we also mention the HP TippingPoint DVLabs 1st Half 2011 Cyber Threat Report. Links: Chris Nickerson mentions his "12-step blog post" > http://www.laresblog.com/2010/04/confessions-of-secaddict.html Martin McKeay mentions Sony's "lawyer approach" > http://arstechnica.com/gaming/news/2011/09/mandatory-ps3-update-removes-right-to-join-in-a-class-action-lawsuit.ars HP TippingPoing DV Labs 2011 Mid-Year Top Cyber Security Risks Report > http://www.hpenterprisesecurity.com/collateral/report/CyberSecurityRisksReport.pdf