POPULARITY
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastInfosec instructor Wilfredo Lanz joins Cyber Work Hacks to break down the critical differences between the Azure AZ-104 certification for cloud administrators and the AZ-500 certification for cloud security professionals. Wilfredo explains why these complementary certifications can supercharge your cybersecurity career and emphasizes that cloud skills aren't optional in today's tech landscape. Whether you're in government, healthcare, finance or any other sector, cloud proficiency is quickly becoming mandatory for all cybersecurity professionals.0:00 - Intro to cloud certifications 1:00 - Cybersecurity Salary Guide promo 1:35 - Meet Wilfredo Lanz and intro to Azure certs 2:06 - Azure vs. AWS and other cloud platforms4:45 - Industries favoring Azure (government, healthcare, finance) 7:00 - AZ-104 Administrator vs. AZ-500 Security Engineer certifications 9:31 - Why all cybersecurity professionals need cloud skills 10:30 - "Cloud is the present and future" — career implications11:45 - Wrap up and final thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout Infosec: Infosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Mike Fiedler, PyPI Safety and Security Engineer for the Python Software Foundation, joins the vBrownBag to talk about risks of software supply chain insecurity, and the concrete actions that software consumers & producers can take to make their software safer. Chapters: 02:12 Introducing Mike 07:20 What is software supply chain security? 08:45 Recent examples of software supply chain compromises 12:15 How do we prevent compromises in open source software? 18:57 Software consumers & software producers in the software supply chain 21:32 Recommended practices for software consumers 42:40 Recommended practices for software producers 50:15 Where to find Mike, and audience questions Resources: https://lnk.bio/miketheman https://blog.pypi.org
Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast Today on Cyber Work Hacks, Infosec Boot Camp instructor Wilfredo Lanz discusses the importance of Microsoft Azure certifications for IT and security professionals. With over 90% of businesses moving to the cloud, understanding how to administer cloud resources is crucial. Wilfredo highlights the differences between the Azure Administrator Associate and Azure Security Engineer Associate certifications and how they can enhance career opportunities in IT, cybersecurity, project management and networking. Tune in to learn how cloud certifications can future-proof your career. And don't miss out on the free cybersecurity salary guide ebook linked in the description. 00:00 - The booming IT and cybersecurity job market00:52 - Free cybersecurity salary guide01:29 - Meet Wilfredo Lanz: Azure certification expert02:20 - Azure administrator associate vs. Azure security engineer associate04:53 - Importance of cloud certifications for IT and cybersecurity professionals07:53 - Pursuing Microsoft Azure certs– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
SEASON: 5 EPISODE: 10Episode Overview:Welcome to another episode of Becoming Preferred, where we explore the latest strategies and tactics to help you level up your knowledge and improve your skills. Our guest is Scott McCrady, the CEO of SolCyber. With over 25 years of experience, Scott has been at the forefront of protecting people and businesses around the globe. In this episode, we'll delve into the misconceptions that small businesses, entrepreneurs, and business professionals have about cybersecurity, and discuss the impact of human behavior on cybersecurity breaches. Scott will also provide actionable advice on tackling ransomware threats and securing remote work environments. So, whether you are an entrepreneur, a business professional, or simply interested in learning more about cybersecurity and how to protect yourself, this episode is packed with valuable insights. Please join me for my conversation with Scott McCrady.Guest Bio: With 25 years of experience working in the networking, telecommunications, and information security space, Scott McCrady is currently serving as the CEO of SolCyber Managed Security Services. Scott has worked with large companies and start-ups, among them IBM and EDS, where he held Security Engineer and Team Leader positions (US and London).Previous to SolCyber, Scott built the Asia-Pacific-Japan business at Symantec; he ran the global Managed Security Service, and the Symantec and Accenture Joint Venture. Scott then transitioned to FireEye pre-IPO to create their global MSS and System Integrator, and traveled to Singapore to help build their APJ business. After a successful run with FireEye, Scott helped spin out SonicWall from Dell to private equity and reconstitute the business into a profitable, cash flow-positive entity.This experienced guest wants to tell start-up founders, IT Security Managers, CISOs, and other cyber risk management enthusiasts how cybersecurity is improving technology services. He simply wants to make our listeners' life easier, more successful, and safer!Resource Links:Website: https://solcyber.com/ Product Link: https://solcyber.com/security-journey/Insight Gold Timestamps:04:03 Cybersecurity has become a big business05:20 Over 50% of small businesses that get breached go out of business within 2 years after a breach05:54 What's the biggest mistake that they make when it comes to cybersecurity?07:21 What happens in cyber is everyone just sort of forgets about these layers of defense10:01 Two casinos, big casinos, in Vegas were breached13:21 T he technologies around cyber are really good13:27 The attackers generally tend to login, not break in15:43 W e used to call it the crunchy exterior with the soft gooey middle17:18 I s AI good for cybersecurity?19:54 Cyber insurance is a great thing to have, especially for small, medium businesses23:32 You can also go to third parties that have what we call vCISO, Virtual Chief Information Security Officers26:36 You can do it...Is it worth your time?30:21 The biggest problem we have right now...32:22 F or most organizations, it's probably a very good idea to use the Cloud36:53 W hat I tell everybody is, you've got to think about the vertical37:10 The thing that most companies should really think about is, what's your core vertical?39:06 Figure out what the basics are, or have somebody...
Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we're addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerability? What is the largest reward we paid? What was it for? What products get the most submissions? Is this driven by the actual product security or by trends and fashions like AI? What are the most likely rejection reasons? What makes for a very good - and exceptional? - vulnerability report? We hear we pay more for “exceptional” reports, what does it mean? In college Tim had a roommate who would take us out drinking on his Google web app vulnerability rewards. Do we have something similar for people reporting vulnerabilities in our cloud infrastructure? Are people making real money off this? How do we actually uniquely identify vulnerabilities in the cloud? CVE does not work well, right? What are the expected risk reduction benefits from Cloud VRP? Resources: Cloud VRP site Cloud VPR launch blog CVR: The Mines of Kakadûm
In this episode, we talk to Tarik Saleh Technical Leader and Security Engineer at Meta, where he focuses on threat Intelligence and Vulnerability Management. We cover how LLMs can be used for cybersecurity and where they are effective versus not. In the episode, we also cover Jellybyte. his open-source project.
Cloud security is one of the fastest-growing fields in cybersecurity, and becoming a Cloud Security Engineer is a highly rewarding career path. In this video, we break down everything you need to know to kickstart your journey as a Cloud Security Engineer, including essential skills, certifications, job roles, and career growth opportunities. Learn about key cloud security concepts, compliance frameworks, encryption techniques, and security best practices to protect cloud environments from cyber threats. We also explore top cloud security certifications like CCSP, AWS Certified Security - Specialty, Google Professional Cloud Security Engineer, and Azure Security Engineer Associate to help you gain the right credentials for career advancement. Whether you're new to cybersecurity or transitioning into cloud security, this video provides a step-by-step roadmap to help you succeed. Watch until the end for pro tips on landing your first cloud security job and advancing your career in cloud security engineering!✅ Thank you for watching this video! For more details or to get a free demo with our expert, just give us a heads up at sales@infosectrain.com Subscribe to our channel to get video updates. Hit the subscribe button. ✅ Facebook: https://www.facebook.com/Infosectrain/ ✅ Twitter: https://twitter.com/Infosec_Train ✅ LinkedIn: https://www.linkedin.com/company/infosec-train/ ✅ Instagram: https://www.instagram.com/infosectrain/ ✅ Telegram: https://t.me/infosectrains ✅ Website: https://www.infosectrain.com/
Guest: Meador Inge, Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What triggers a reassessment? How does Google operationalize threat modeling information to prioritize security work and resource allocation? How does it influence your security posture? What are the biggest challenges Google faces in scaling and improving its threat modeling practices? Any stories where we got this wrong? How can LLMs like Gemini improve Google's threat modeling activities? Can you share examples of basic and more sophisticated techniques? What advice would you give to organizations just starting with threat modeling? Resources: EP12 Threat Models and Cloud Security EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security EP140 System Hardening at Google Scale: New Challenges, New Solutions Threat Modeling manifesto EP176 Google on Google Cloud: How Google Secures Its Own Cloud Use Awesome Threat Modeling Adam Shostack “Threat Modeling: Designing for Security” book Ross Anderson “Security Engineering” book ”How to Solve It” book
APIs are the backbone of modern digital communication, but their increasing adoption comes with rising security challenges. In this episode, Rick Mischka, Security Engineer at AVANT, sits down with Tony Lauro, Senior Director of Security Technology and Strategy at Akamai. Together, they explore the growing importance of API security. They dive into the nitty gritty, discussing how attackers are exploiting common vulnerabilities and how IT buyers can protect themselves with a layered defense strategy. Plus, they cover the role AI plays in enhancing API security. Listen in now to gain insights into the future of API security and learn how organizations can gain visibility and control over their APIs to stay ahead of threats.
Topping interviews Joshua Farrow who is a security engineer at Ryan LLC. Tune in to hear Joshua's unique story from troubleshooting IT in the medical industry, to getting security clearance to perform security at the US Defense contractor to joining Ryan LLC which is one of the world most prestigious tax firms. Also learn about Joshua's fun hobbies like retro gaming from Playstation 1 to Xbox360 and more. The Topping Show is sponsored by Topping Technologies & ExpressVPN. Protect your online privacy https://www.xvuslink.com/?a_fid=toppi... also if your business needs IT assistance you can reach Topping Technologies at sales@toppingtechnologies.comFor all your business IT needswww.toppingtechnologies.comFree Flamethrower with every IT purchasehttps://toppingtechnologies.com/flamethrower
Kyle Den Hartog, Security Engineer at Brave Software, discusses emerging use cases for crypto, and their respective privacy implications. He emphasizes the urgency for innovative solutions to safeguard personal information in our digital financial systems given current privacy gaps on blockchains. Key Takeaways: The delicate balance between transparency and privacy in the blockchain era The importance of community engagement in driving technological advancements and shaping the future of decentralized commerce The role of the browser in powering the evolving standards of Web3 Guest Bio: Kyle Den Hartog, Security Engineer at Brave Software, is helping to promote a world where the Web can be more private and secure for everyone. This vision led him to be an eager contributor to the design and development of standards in W3C and IETF. With a background in security and cryptography, he has worked in domain verticals such as digital identity, Web3, and now work on browsers here at Brave. His long term focus remains on improving our symbiotic relationship with technology, and he's active in communities related to these topics. ---------------------------------------------------------------------------------------- About this Show: The Brave Technologist is here to shed light on the opportunities and challenges of emerging tech. To make it digestible, less scary, and more approachable for all! Join us as we embark on a mission to demystify artificial intelligence, challenge the status quo, and empower everyday people to embrace the digital revolution. Whether you're a tech enthusiast, a curious mind, or an industry professional, this podcast invites you to join the conversation and explore the future of AI together. The Brave Technologist Podcast is hosted by Luke Mulks, VP Business Operations at Brave Software—makers of the privacy-respecting Brave browser and Search engine, and now powering AI everywhere with the Brave Search API. Music by: Ari Dvorin Produced by: Sam Laliberte
In this episode, we're diving deep into email security with CIT's Director of Cybersecurity, Nate, & Security Engineer, Andrew, as they unravel the complexities & critical importance of DMARC (Domain-based Message Authentication, Reporting & Conformance). Rising threats in email security have prompted Nate and Andrew to explain why organizations need stronger email authentication measures now more than ever. Learn about the roles of SPF, DKIM, and DMARC in verifying sender authenticity, preserving email integrity, and defending against phishing attacks. They'll also share real-world examples, like the costly impacts of unmonitored DMARC policies and challenges in coordinating with third-party vendors. This is essential listening for anyone responsible for keeping email communications safe & secure. Learn more about Email security: https://www.cit-net.com/email-security-what-is-it/ Resources: https://www.darkreading.com/cybersecurity-operations/time-get-strict-dmarc https://www.darkreading.com/cyber-risk/most-us-political-campaigns-lack-dmarc-email-protection
In this episode of Life of a CISO, Dr. Eric Cole dives into the significant differences between security engineers and chief information security officers, a distinction many fail to recognize. He explains that merging these two roles into the same career track is one of the core issues plaguing the cybersecurity industry today. Security engineers are technical experts focused on identifying vulnerabilities and solving problems from a risk-based perspective, but a CISO's role is far more strategic. The CISO must bridge the gap between cybersecurity and business, speaking the language of the executives and aligning security initiatives with the company's overall growth and profitability goals. Many businesses struggle because their CISOs come from a deeply technical background without the necessary training in business, which causes a breakdown in communication between the executives and cybersecurity teams. Dr. Cole stresses that the career paths of a security engineer and a CISO are not just different—they require distinct mindsets. While security engineers are problem finders, world-class CISOs are problem solvers, often accepting a level of risk that technical engineers might find unacceptable. This difference in approach is critical to the success of any organization's cybersecurity efforts. Dr. Cole emphasizes the importance of retraining the industry to understand that being a CISO is not a natural progression from a security engineer role, but a separate career path that requires a deep understanding of both business and security. He encourages aspiring CISOs to embrace this mindset shift and focus on communicating security in a way that drives business success.
Data breaches can throw countless lives into disarray. With massive leaks and compromises happening on what feels like a daily basis, what can be done to protect people and services? On this episode, Sysdig Product Manager Maya Levine joins us for a discussion on the current state of affairs in the world of cybersecurity. Why do these attacks keep happening? Are they becoming too frequent? What can we do to prevent them? Maya has all the answers as well as tips to help keep you and your organization safe.Show Highlights:(0:00) Intro(0:37) Sysdig sponsor read(0:58) Product management at Sysdig(2:09) Are cyber attacks becoming more frequent in the cloud?(5:58) Urgency (or lack thereof) while under attack (10:37) Motives and methods in modern data breaches(15:57) Sysdig sponsor read(16:20) The cost (and necessity) of audit logging(18:46) “If breach is inevitable, what can people do?”(22:36) Maya's “I am Confused” talk(25:40) Stopping attacks before they spiral out of control(32:32) Where can find more from Maya and SysdigAbout Maya Levine:Maya Levine is a Product Manager for Sysdig. Previously she worked at Check Point Software Technologies as a Security Engineer and later a Technical Marketing Engineer, focusing on cloud security. Her earnest and concise communication style connects to both technical and business audiences. She has presented at many industry conferences, including AWS re:Invent and AnsibleFest. She has also been regularly interviewed on television news channels, written publications, and podcasts about cybersecurity.Links:Maya's LinkedIn: https://www.linkedin.com/in/maya-levine/Sysdig: https://sysdig.com/SponsorSysdig: https://sysdig.com/
Product Security and Cloud security guru Rami McCarthy (@ramimacisabird on X) comes on the Absolute AppSec podcast with Ken and Seth (@cktricky and @sethlaw)! To get to know Rami, you should first check out his website here to get acquainted with some of his latest prodigious activities: https://ramimac.me/. He's recently delivered a talk regarding zero-touch prod at Fwd:CloudSec and finished a stint as a Security Engineer at Figma. For folks interested in questions of security consulting, management, AWS and cloud security as well as many of the other large questions in infosec, Rami is always a great follow.
On this episode of The Cybersecurity Defenders Podcast, we talk about automating security detection engineering with Dennis Chow, Security Engineer at EY.Dennis is a multi-industry and seasoned cybersecurity operations leader. Using his experience, he helps organizations achieve their maximum security potential through hybrid training, sec ops management, engineering, and cross-disciplinary integration. He is also a published author, and a veteran of the armed forces. Dennis Chow's book on Automating Security Detection Engineering can be purchased here.Megan Rodie's book on Practical Threat Detection Engineering can be purchased here.
On this episode of The Cybersecurity Defenders Podcast, we speak with Andrew Katz, Senior Information Security Engineer at Jamf.Andrew is a seasoned security engineer with a sharp focus on security automation. Over the past nine years, Andrew has honed his expertise in Python, API development, AWS, and Docker to craft sophisticated automated security solutions. His journey includes leading the development of SOAR platforms at Jamf, which enhanced distributed alerting systems to help SOC analysts combat alert fatigue. At Tevora, he offered his skills as a consultant, conducting enterprise-level cybersecurity risk assessments. Andrew's earlier roles as a Systems Engineer at Falck and an Information Technologist at GHD laid the groundwork for his profound understanding of IT, which feeds into his current security prowess. A holder of a CISSP and a Bachelor of Science in Geographic Science and Community Planning, Andrew brings a unique blend of technical skill and strategic insight to the field of cybersecurity.The Security Engineering Newsletter can be found here: SecEng Newsletter
Dropbox's secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil's leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week's NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th anniversary of the BASIC programming language. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI's Impact in Cybersecurity'' with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You can catch Threat Vector every other Thursday on the N2K CyberWire network and where you get all of your favorite podcasts. Listen to David's full discussion with Billy and Tony here. Plus, NightDragon Founder and CEO Dave Dewalt joins us with a preview of next week's NightDragon Innovation Summit 2024 at RSAC including a look into his “State of the Cyber Union” keynote. Selected Reading Security Breach Exposes Dropbox Sign Users (Infosecurity Magazine) The US Government Is Asking Big Tech to Promise Better Cybersecurity (WIRED) CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Russian Hackers Target Industrial Systems in North America, Europe (SecurityWeek) Microsoft says April Windows updates break VPN connections (Bleeping Computer) LockBit publishes confidential data stolen from Cannes hospital in France (The Record) Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware (The Record) LabHost Crackdown: 37 Arrested In Global Cybercrime Bust (Security Boulevard) Tesla cars to be banned from Chinese government buildings amid security fears — report (Drive) The BASIC programming language turns 60 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Guests: Mary Walker, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/marywalkerdfir/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#mary-walker-47392Adrian Wood, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/adrian-wood-threlfall/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#adrian-wood-39398____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOn this episode of On Location with Sean and Marco, Sean Martin hosts the show solo, discussing supply chain attacks through machine learning models with guests Mary Walker and Adrian Wood. Mary and Adrian, both security engineers at Dropbox, share insights on their journey in cybersecurity and research on exploiting machine learning models. They delve into the implications of machine learning models being used as software programs containing malware and the risks associated with model repositories.The conversation explores the ease of poisoning machine learning models and the importance of understanding the provenance of models for risk mitigation. Mary and Adrian emphasize the need for enhanced detection mechanisms for shadow AI and proactive measures for securing model repositories. Additionally, they discuss the impact of AI standardization and the legal implications surrounding AI development.The episode concludes with a call to action for listeners to engage in discussions on supply chain attacks, join Mary and Adrian for their talk at Black Hat Asia, participate in Q&A sessions, and contribute to the open-source tools developed by the guests.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________On YouTube:
Guests: Mary Walker, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/marywalkerdfir/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#mary-walker-47392Adrian Wood, Security Engineer, Dropbox [@Dropbox]On LinkedIn | https://www.linkedin.com/in/adrian-wood-threlfall/At Black Hat | https://www.blackhat.com/asia-24/briefings/schedule/speakers.html#adrian-wood-39398____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesOn this episode of On Location with Sean and Marco, Sean Martin hosts the show solo, discussing supply chain attacks through machine learning models with guests Mary Walker and Adrian Wood. Mary and Adrian, both security engineers at Dropbox, share insights on their journey in cybersecurity and research on exploiting machine learning models. They delve into the implications of machine learning models being used as software programs containing malware and the risks associated with model repositories.The conversation explores the ease of poisoning machine learning models and the importance of understanding the provenance of models for risk mitigation. Mary and Adrian emphasize the need for enhanced detection mechanisms for shadow AI and proactive measures for securing model repositories. Additionally, they discuss the impact of AI standardization and the legal implications surrounding AI development.The episode concludes with a call to action for listeners to engage in discussions on supply chain attacks, join Mary and Adrian for their talk at Black Hat Asia, participate in Q&A sessions, and contribute to the open-source tools developed by the guests.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________On YouTube:
Welcome to the Heroes of IT podcast, hosted by Automox's Ashley Smith. In this podcast, Ashley interviews IT heroes ready to share their insights, successes, challenges, and stories from the field. Join us as we talk endpoint management tips and tricks, how to overcome hurdles, and celebrate IT heroes' contributions to modern technology.
This week we interview Mike Fiedler, the PyPI Safety & Security Engineer at the Python Software Foundation (PSF).We discuss the importance of security within the Python ecosystem and offering practical advice for Python developers to enhance their security awareness. Highlights include a deep dive into PyPI security measures, the challenges of securing the Python ecosystem, tips for Python developers, and Mike's journey to his current and previous (DevOps) roles, emphasizing the blend of technical skills and mindset needed to tackle security and solving challenges problems effectively.Enjoy this episode with Mike Fiedler!Chapters:00:00 Show intro01:20 Intro to audience and stateless testing win08:24 Transition into PyPI security and current role17:43 Challenging securing the Python ecosystem24:48 Tips for Python devs to be more security aware27:18 PDM ad segment27:44 Security tips cont'd33:16 Solving a puzzling problem in production (mindset)39:40 Psychological safe workplaces / blame vs accountability44:18 Security trends, how to prepare, and resources48:05 Books and wrap up---Pybites ad segment: apply for Python coaching here.---Show links:- pytest-randomly- pytest-socket- Brian Okken's pytest content- PyPI blog- Trusted Publishers- 2FA Required for PyPI- git annotate- Asimov Robot series- Silo- CPython 3.12.2 is SBOM-ified- Trail of Bits blog- Fastly blog- Disaster recovery for Consul clusters (now this exists!)- Bandit- Pre-commitReach out to Mike here.
In this episode of Hacker Valley Studio, we dive into the inspiring journey of Zinet Kamal, an immigrant from Ethiopia who has carved a niche for herself in cybersecurity. Despite starting her journey with limited access to technology and not having mentors until 2020, Zinet's resilience and passion led her to become a cloud security engineer at a Fortune 500 company. Her story is a testament to the human spirit's capability to overcome barriers and make significant strides in the tech industry. This episode is a story of personal growth, cultural transitions, and the drive to empower the next generation through education and cybersecurity awareness. As a mother of four, a multi-award-winning cybersecurity advocate, and a best-selling author, Zinet brings a unique perspective on the importance of diversity in tech and the role of mentorship in shaping future leaders. 00:00 - Welcome 01:32 - Introducing Guest, Zinet Kemal 03:09 - Growing up in Africa 07:12 - “I Never Had a Children's Book” 12:52 - Culture Shock 16:02 - From Legal to Cybersecurity 18:50 - CCDC Competition 21:55 - Role of Community in Resetting 24:34 - “Oh No… Hacked Again!” 30:00 - Online Safety Empowerment 34:50 - Moving up in Cyber Links: Connect with Zinet Kemal: https://www.linkedin.com/in/zinetkemal/ Zinet's LinkedIn Course: https://www.linkedin.com/learning/cybersecurity-careers-build-your-brand-in-cybersecurity/grow-your-cybersecurity-career-with-personal-branding?course Check out Zinet's Books: https://www.amazon.com/stores/Zinet-Kemal/author/B099P5B8FD Watch Zinet's TEDx Talk: https://www.youtube.com/watch?v=J61K1Gu97jM Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord
Bu sezon sponsorumuz Sanction Scanner ile tanışın, “Breaking Bad” de gördüğümüz kara para aklama sahnelerini hatırlarsınız. Senede 2 trilyon dolarlık kara para aklanıyor.İşte burada Sanction Scanner'ın yazılımı devreye giriyor. Yapay zeka ve makine öğrenmesi ile desteklenen ürünleri, banka ve benzeri finansal kuruluşlara gerçek zamanlı AML, yani Anti-Money Laundering, taramaları yaparak finansal kuruluşla iş yapmak isteyen kişi ve işlemlerin sıkıntı olup olmadığını analiz ediyor. Sanction Scanner hakkında daha fazla bilgiyi buradan ulaşabilirsin: https://sanctionscanner.com/---Brick Institute eğitimleri, deneyimli eğitmenleri ve seçkin katılımcılarıyla birlikte Ürün Yönetimi Temelleri, Ürün Analitiği ve Ürün Liderliği programları çok yakında başlıyor. Bu eğitimler, gerçek hayat uygulamaları ve vaka çalışmaları üzerine odaklanarak, ürün yönetimi alanında uzmanlaşmak, ürün geliştirme süreçlerini kuvvetlendirmek isteyenler için oluşturuldu.Kontenjan sınırlıdır, bu nedenle hemen www.brick.institute adresinden başvuru yaparak yerinizi garantileyin ve eğitime katılmak için kaydolun!----Üretim Bandı'nın Slack grubu olduğunu biliyor muydunuz? 3000'den fazla ürün yöneticisi, girişimci, yazılımcı, tasarımcının bir arada bulunduğu aktif ürün topluluğuna siz de katılın:>>> uretimbandi.com/slackİki haftada bir yayınladığımız, ürün geliştirmeyle alakalı bültenimizi de aşağıdaki linkten takip edebilirsiniz:>>> uretimbandi.com/bulten----------KONUKSena Yakut: https://www.linkedin.com/in/sena-yakut/KONUŞULANLAR(00:00) Başlangıç(05:42) Senior'un farkı ve kariyer yolu(13:00) Cloud Security alanının tanımı(17:37) Kullandığı teknolojiler(21:20) Kariyerini Amazon'a yüklemek(25:46) Günlük çalıştığı disiplinler(31:20) Takip ettiği kaynaklar(33:15) Sena'nın bir günü(38:40) Amazon Community Builder'lık(46:40) Blog yazmak, içerik üretmek(53:27) Zafiyet yaşanınca ne oldu?(55:40) Güvenlikte kendini yenilemek(58:10) Mr. Robot
Guest: Jason Solomon, Security Engineer, Google Topics: Could you share a bit about when you get pulled into incidents and what are your goals when you are? How does that change in the cloud? How do you establish a chain of custody and prove it for law enforcement, if needed? What tooling do you rely on for cloud forensics and is that tooling available to "normal people"? How do we at Google know when it's time to call for help, and how should our customers know that it's time? Can I quote Ray Parker Jr and ask, who you gonna call? What's your advice to a security leader on how to “prepare for the inevitable” in this context? Cloud forensics - is it easier or harder than the 1990s classic forensics? Resource: EP157 Decoding CDR & CIRA: What Happens When SecOps Meets Cloud EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster? EP103 Security Incident Response and Public Cloud - Exploring with Mandiant Google SRE Workbook (Ch 9) GRR Cloud Logging LibCloudForensics, Turbinia, Timesketch tools
On this episode of The Cybersecurity Defenders Podcast we speak with Adnan Khan, Lead Security Engineer at Praetorian, about a supply chain attack that was successful in poisoning Gihub's runner images.Adnan is an Offensive Security Engineer and Security Researcher with a strong development background and passion for CI/CD and supply chain security. Adnan's research can be found here.The Github Attack TOolkit can be found here.And Adnan can be found on LinkedIn here.
The NoDegree Podcast – No Degree Success Stories for Job Searching, Careers, and Entrepreneurship
High school didn't interest him much and his grades reflected that. That was until Diamond Forbes found something that was engaging. In this episode, he details how he transitioned from working in Help Desk to a Security Engineer at Google. He details his career journey from earning $14/hour to a six-figure salary, his transition from network engineer to senior security engineer, and his job application experiences at top companies. Diamond also provides insights on handling finances, dealing with workplace politics, overcoming challenges, and offers advice on career growth and self-improvement. Key Points - Having a hunger for knowledge and being curious are key traits for success in the tech industry. - Hyper-focusing on specific skills and areas of expertise can lead to career advancement. - Realistic salaries in the industry can vary based on experience and specialization. - Strategic initiatives, soft skills, and documentation are important for over-delivering in a role and building visibility. - Tech is a high-growth field that offers opportunities for financial success. - Continuous learning and self-improvement are essential for career growth in tech. - Overcoming failure and building resilience are key to achieving long-term goals. Support/Contact Diamond:- LinkedIn: https://www.linkedin.com/in/diamondforbes/ Books and resources mentioned in this podcast: - Resume course: https://bit.ly/podcastpca Need career or resume advice? Follow and/or connect with Jonaed Iqbal on LinkedIn.- LinkedIn: https://bit.ly/JonaedIqbalND Connect with us on social media!- LinkedIn: https://bit.ly/NoDegreeLinkedIn- Facebook: https://bit.ly/NoDegreeFB- Instagram: https://bit.ly/NoDegreeIG- Twitter: https://bit.ly/NoDegreeTW- TikTok: https://bit.ly/3qfUD2V- Join our discord server: https://bit.ly/NoDegreeDiscord Thank you for sponsoring our show. If you'd like to support our mission to end the stigma and economic disparity that comes along with not having a college degree, please share with a friend, drop us a review on Apple Podcast and/or subscribe to our Patreon: https://www.patreon.com/nodegree. Remember, no degree? No problem! Whether you're contemplating college or you're a college dropout, get started with your no-degree job search at nodegree.com.
If you want a high paying role in the cloud then click here⬇️https://Levelupintech.com/techEver wondered how an Air Force veteran like Lee Clayton pivots to a thriving career in tech and cybersecurity? Strap in for an enlightening journey that navigates the tightrope walk between experience and opportunity, and how roles such as security engineer are ever-evolving amidst a competitive job market. Lee's candid disclosure of his transition offers a treasure map for those plotting their own course into the tech world, be it through military service or other industries.This episode is a trove of practical guidance, from mastering job interviews with the STAR method to emphasizing company values. Lee and I dissect the nuances of job satisfaction, dissecting the catch-22 of experience versus opportunity and the importance of strategic networking. It's an honest reflection on our personal career paths, complete with reactions to cybersecurity tips from TikTok, and advice that's as fresh and relatable as if we were your savvy guides through the tech terrain.As we wrap up our tech talk, the focus shifts to the real grind behind job seeking and the dedication required to succeed in cybersecurity. We lay bare the challenges faced by aspirants, highlighting the dangers of spreading oneself too thin and the value of concentrated effort on one skill at a time. So, for anyone gearing up for a career switch or taking their first steps into the tech industry, this episode is your front-row seat to valuable perspectives and experiences seasoned with wit and genuine insight.Support the showIf you enjoyed the show don't forget to leave us a 5 star review, to help with the algorithm :) Email: henridavis@thetechtualtalk.com➡️ Need coaching help then go here (ask about our financing)⬇️https://techualconsulting.com/offerings➡️ Want to land your first IT Job? Then check out the IT course from Course careers use my link and code Techtual50 to get $50 off your course ⬇️https://account.coursecareers.com/ref/50932/➡️ Need help getting into Cybersecurity for a low price then check out Josh Madakor's Cybersecurity course at Leveld Careers and use my code TechTual10 to get 10%off your course. ⬇️https://www.leveldcareers.com/a/2147530874/RuqjrBGjIf you want a high paying role in the cloud then click here⬇️https://Levelupintech.com/techStop data brokers from exposing your information with Aura!Click the link below to try out Aura's FREE 14 day trial and see if your personal information has been compromised
This year at AWS re:Invent we are going to interview conference attendees, AWS Heroes, and AWS employees. We're asking them what they are excited about at re:Invent and what they are working on! Mike is the PyPI Safety & Security Engineer at the Python Software Foundation (PSF) Join us to hear the answer to these questions from some of the top minds in the industry!!! Resources: https://www.linkedin.com/in/miketheman/ https://hachyderm.io/@miketheman Intro music attribution: Artist - MaxKoMusic
Are you ready to unlock the gateway to high-level and impact driven roles? In this episode of the Privacy Pros podcast, Jamal Ahmed and Scott McCrady dive deep into the art of skill stacking and how it can propel you to the top of the industry!Imagine a world where you're not just good at one thing, but exceptional at several. That's the magic of skill stacking – a proven strategy that turns ordinary professionals into extraordinary assets. They discuss:Why technical skills are not enough if you want to be promoted to a senior leadership role How to leverage your strengths to stand out in a competitive job marketHow to strategically stack your skills for maximum impact The key soft skills hiring managers are looking for when hiringReady to level up your career and stack the deck in your favour? Hit play now to unlock the secret to high-paying and impactful roles.With 25 years of experience working in the networking, telecommunications, and information security space, Scott is currently serving as the CEO of SolCyber Managed Security Services. Scott has worked with large companies and start-ups, among them IBM and EDS, where he held Security Engineer and Team Leader positions (US and London). Previous to SolCyber, McCrady built the Asia-Pacific-Japan business at Symantec; he ran the global Managed Security Service, and the Symantec and Accenture Joint Venture. If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Scott on LinkedIn: https://www.linkedin.com/in/scottmccrady/Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much moreApply to join here whilst it's still free: https://www.facebook.com/groups/privacypro
Feeling frustrated by the lack of buy-in for your Privacy and Security programs? Discover how to become an influential security champion in this insightful episode!In today's ever-evolving landscape, security is no longer an afterthought, it's a business imperative. But securing buy-in for security programs can be a challenge, especially when stakeholders are focused on other priorities. In this episode, you'll uncover the secrets to becoming an influential privacy champion, effectively communicating with stakeholders, and leveraging the right tools to streamline security processes and achieve organisational buy-in.By the end of this episode, you'll have the clarity and confidence to: Assess and improve your organisation's security postureCommunicate security risks and requirements in a way that resonates with stakeholdersSimplify security management and drive buy-in across the organizatioSo if you're ready to take your organisation's security to the next level, tune in now.With 25 years of experience working in the networking, telecommunications, and information security space, Scott is currently serving as the CEO of SolCyber Managed Security Services. Scott has worked with large companies and start-ups, among them IBM and EDS, where he held Security Engineer and Team Leader positions (US and London). Previous to SolCyber, McCrady built the Asia-Pacific-Japan business at Symantec; he ran the global Managed Security Service, and the Symantec and Accenture Joint Venture. If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/Follow Scott on LinkedIn: https://www.linkedin.com/in/scottmccrady/Subscribe to the Privacy Pros Academy YouTube Channel► https://www.youtube.com/c/PrivacyProsJoin the Privacy Pros Academy Private Facebook Group for:Free LIVE TrainingFree Easy Peasy Data Privacy GuidesData Protection Updates and so much moreApply to join here whilst it's still free: https://www.facebook.com/groups/privacypro
The murders of 18-year-old Haile Kifer and her 17-year-old cousin Nicholas Brady occurred on Thanksgiving Day, November 22, 2012, when the two teenagers broke into the home of 64-year-old Byron David Smith in Little Falls, Minnesota. Once inside the home, Smith shot the teens separately, 10 minutes apart, as they each walked down the stairs to the basement. The case sparked debate over the "Castle Doctrine", which allows homeowners to defend their homes with lethal force. Join The Investigators as they examine whether or not the Castle Doctrine was a viable defense for Byron Smith and how his career as a Security Engineer for the State Department might help explain his mental state leading up to this tragic and fateful day.
Bonus Episode - November 1, 2023 In this bonus episode, our host, Scott Poley, engages in a riveting conversation with the multi-talented Brian Gittinger during the Information Security Summit. Tune in as Brian dives into his journey, tracing his steps from the world of a Security Engineer to the intriguing realms of 'The Dark Side,' otherwise known as Sales. Explore how he leverages his unique background to identify the perfect matches for their cutting-edge product. Discover the remarkable features of Halcyon's Anti-Ransomware and Cyber Resilience Platform, setting new standards in safeguarding your digital world. Join us for this exclusive discussion as we unravel the secrets behind Brian's transformative career and the innovations brought to you by Halcyon. *Connect with Brian – https://www.linkedin.com/in/brian-gittinger-86520a6/ *Explore Halcyon – https://www.halcyon.ai/ ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc
Talk Python To Me - Python conversations for passionate developers
Do you worry about your developer / data science supply chain safety? All the packages for the Python ecosystem are much of what makes Python awesome. But the are also a bit of an open door to your code and machine. Luckily the PSF is taking this seriously and hired Mike Fiedler as the full time PyPI Safety & Security Engineer (not to be confused with the Security Developer in Residence staffed by Seth Michael Larson). Mike is here to give us the state of the PyPI security and plans for the future. Links from the show Mike on Twitter: @mikefiedler Mike on Mastodon: @miketheman@hachyderm.io Supply Chain examples SolarWinds: csoonline.com XcodeGhost: wikipedia.org Google Ad Malware: medium.com PyPI: pypi.org OWASP Top 10: owasp.org Trusted Publishers: docs.pypi.org libraries.io: libraries.io GitHub Full 2FA: github.blog Mike's Latest Blog Post: blog.pypi.org pprintpp package: github.com ICDiff: github.com Watch this episode on YouTube: youtube.com Episode transcripts: talkpython.fm --- Stay in touch with us --- Subscribe to us on YouTube: youtube.com Follow Talk Python on Mastodon: talkpython Follow Michael on Mastodon: mkennedy Sponsors Sentry Error Monitoring, Code TALKPYTHON Talk Python Training
You may remember a recent Python Package Index (PyPI) announcement about hiring a full-time security engineer. We've also mentioned several current security initiatives from PyPI. This week on the show, we talk with Mike Fiedler about accepting this new role and securing accounts on PyPI.
Nick McLaren is a Senior Cloud Security Engineer at an Enterprise and he transitioned to this role from a Cloud Security Engineer at a Startup. On this episode he shared with us, how the roles differ between an enterprise and startup, what skills you require to become a senior cloud security engineer and what a day look like in a life of cloud security engineer. Thank you to our sponsors for the this episode Vanta - You can check them out at vanta.com/cloud Snyk - Check them out at Snyk.io/csp Guest Socials: Nick's Linkedin (Nick McLaren) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question
Interview with Joey Wilhelm, Security Engineer at Pinwheel. He talks about the benefits of open source software and gives great advice for companies who want to join the open source community. Sign up to the Level-up Engineering newsletter!In this interview we're covering:Getting to know open sourceBenefits of open source softwareOpen source vs. proprietary software from a security perspectiveCommon mistakes of releasing open source software Storytime: Becoming an open source advocateOpen source at PinwheelExcerpt from the interview:"There's a common misconception about contributing to open source projects. A lot of people will say that it's just altruism; you're expected to work on projects for free. However, that's not entirely true. By being active in the open source community, you're building a public portfolio - even if you don't work for prestigious companies like Google or Microsoft, you can contribute to their products, which improves your software engineer resume. As you build more, you'll build an impressive library of contributions, which will help you stand out from the crowd in any job application. "
This week, we're joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don't forget to bring your notebooks!
The NoDegree Podcast – No Degree Success Stories for Job Searching, Careers, and Entrepreneurship
Chris loved being in the military, but life had other plans. A back injury forced him to be discharged from military service and find a new career path.After a series of odd jobs here and there, Chris eventually found his passion working in the field of security. He is currently a senior security analyst at Anderson.Timestamps:(00:48) — Intro(01:15) — Chris' Intro(01:36) — What does a senior security engineer do?(02:51) — Chris' blueprint for success(06:58) — Backstory(09:47) — Work history(12:44) — Experience in the military(13:54) — Transitioning from the military to white-collar jobs(26:40) — First corporate role experience(32:05) — First time getting fired(34:23) — Learning about security(37:50) — First impressions at Anderson(38:51) — What growth looks like for Chris(41:00) — Mistakes made along the way(44:53) — How has the tech industry changed over time?(48:40) — The most difficult period in Chris' career journey(50:26) — What is Chris most proud of career-wise?(51:48) — Has the lack of a college degree ever held Chris back?(58:01) — Advice to 18-year-old Chris (59:25) — Realistic salary range for security engineersSupport/Contact Chris:LinkedIn: https://www.linkedin.com/in/christopher-pridemore Need career or resume advice? Follow and/or connect with Jonaed Iqbal on LinkedIn.LinkedIn: https://bit.ly/JonaedIqbalNDConnect with us on social media!LinkedIn: https://bit.ly/NoDegreeLinkedInFacebook: https://bit.ly/NoDegreeFBInstagram: https://bit.ly/NoDegreeIGTwitter: https://bit.ly/NoDegreeTWTikTok: https://bit.ly/3qfUD2VJoin our discord server: https://bit.ly/NoDegreeDiscordThank you for sponsoring our show. If you'd like to support our mission to end the stigma and economic disparity that comes along with not having a college degree, please share with a friend, drop us a review on Apple Podcast and/or subscribe to our Patreon: https://www.patreon.com/nodegree.Remember, no degree? No problem! Whether you're contemplating college or you're a college dropout, get started with your no-degree job search at nodegree.com.
Guest: Ryan Barnett, Sr Engineering Manager at FORT Robotics On LinkedIn | https://linkedin.com/in/ryan-barnett3On YouTube | https://www.youtube.com/channel/UCTrL-nZBCf7dA5RNoVV57ig________________________________Hosts:Ben SchmerlerOn ITSPmagazine
Topics covered in this episode: Differentiating between writing down dependencies to use packages and for packages themselves PythonMonkey Quirks of Python package versioning bear-type Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training Python People Podcast Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org Brian: @brianokken@fosstodon.org Show: @pythonbytes@fosstodon.org Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too. Brian #1: Differentiating between writing down dependencies to use packages and for packages themselves Brett Cannon Why can't we just use pyproject.toml and stop using requirements.txt? Nope. At least not yet. They're currently for different things. pyproject.toml There's project.dependencies and project.optional-dependencies.tests that kinda would work for listing dependencies for an app. But you can't say pip install -r pyproject.toml. It doesn't work. And that's weird. project is intended for packaged projects. requirements.txt for applications and other non-packaged projects It has specific versions works great with pip What then? Either we stick with requirements.txt Or we invent some other file, maybe requirements.toml? Or maybe (Brian's comment), add something like [application] and application.dependencies and application.optional-dependencies.tests to pyproject.toml Michael #2: PythonMonkey PythonMonkey is a Mozilla SpiderMonkey JavaScript engine embedded into the Python VM, using the Python engine to provide the JS host environment. This product is in an early stage, approximately 80% to MVP as of July 2023. It is under active development by Distributive. External contributions and feedback are welcome and encouraged. It will enable JavaScript libraries to be used seamlessly in Python code and vice versa — without any significant performance penalties. Call Python packages like NumPy from within a JavaScript library, or use NPM packages like [crypto-js](https://www.npmjs.com/package/crypto-js) directly from Python. Executing WebAssembly modules in Python becomes trivial using the WebAssembly API and engine from SpiderMonkey. More details in Will Pringle's article. Brian #3: Quirks of Python package versioning Seth Larson Yes, we have SemVer, 1.2.3, and CalVer, 2023.6.1, and suffixes for pre-release, 1.2.3pre1. But it gets way more fun than that, if you get creative Here's a few v is an optional prefix, like v.1.0 You can include an “Epoch” and separate it from the version with a !, like 20!1.2.3 Local versions with alphanumerics, periods, dashes, underscores, like 1.0.0+ubuntu-1. PyPI rejects those. That's probably good. Long versions. There's no max length for a version number. How about 1.2.3.4000000000000000001? Pre, post, dev aren't mutually exclusive: 1.0.0-pre0-post0-dev0 More craziness in article - Michael #4: bear-type Beartype is an open-source PEP-compliant near-real-time pure-Python runtime type-checker emphasizing efficiency, usability, and thrilling puns. Annotate @beartype-decorated classes and callables with type hints. Call those callables with valid parameters: Transparent Call those callables with invalid parameters: Boom Traceback: raise exception_cls( beartype.roar.BeartypeCallHintParamViolation: @beartyped quote_wiggum() parameter lines=[b'Oh, my God! A horrible plane crash!', b'Hey, everybody! Get a load of thi...'] violates type hint list[str], as list item 0 value b'Oh, my God! A horrible plane crash!' not str. Extras Brian: Python Testing with Pytest Course Bundle: Limited Pre-Release Beta Use code PYTHONBYTES now through Aug 31for 20% discount (discount extended through the end of the month) What's a pre-release beta? There's a video. Check out the link. Error-tolerant pytest discovery in VSCode Finally! But you gotta turn it on. Also, I gotta talk to them about the proper non-capitalization of pytest. We're at RC1 for Python 3.12.0 Hard to believe it's that time of year again Michael: PyPI hires a Safety & Security Engineer, welcome Mike Fiedler PackagingCon October 26-28 Cloud Builders: Python Conf (born in Ukraine): September 6, 2023 | online Joke: Learning JavaScript
Welcome back to another episode of "Accelerate Your Business Growth"! In today's episode, we have a special guest joining us - Scott McCrady. With over 25 years of experience in networking, telecommunications, and information security, Scott brings a wealth of expertise to the conversation. Together, we dive into the world of cybersecurity, exploring the different types of threats businesses face and how to stay vigilant in the ever-changing landscape. Scott shares valuable insights on the importance of having a comprehensive security program and offers a compelling alternative to the traditional in-house approach. With 25 years of experience working in the networking, telecommunications, and information security space, Scott McCrady is currently serving as the CEO of SolCyber Managed Security Services. Scott has worked with large companies and start-ups, among them IBM and EDS, where he held Security Engineer and Team Leader positions. Previous to SolCyber, McCrady built the Asia-Pacific-Japan business at Symantec; he ran the global Managed Security Service and the Symantec and Accenture Joint Venture. If you are a small business owner or salesperson who struggles with getting the sales results you are looking for, get your copy of Succeed Without Selling today. Learn the importance of Always Be Curious. Accelerate Your Business Growth is proud to be included on the list of the 45 Best Business Growth Podcasts. Each episode of this podcast provides insights and education around topics that are important to you as a business owner or leader. The content comes from people who are experts in their fields and who are interested in helping you be more successful. Whether it's sales challenges, leadership issues, hiring and talent struggles, marketing, seo, branding, time management, customer service, communication, podcasting, social media, cashflow, or publishing, the best and the brightest join the host, Diane Helbig, for a casual conversation. Discover programs, webinars, services, books, and other podcasts you can tap into for fresh ideas. Be sure to subscribe so you never miss an episode and visit Helbig Enterprises to explore the many ways Diane can help you improve your business outcomes and results. The Challenge of Keeping Up with Cyber Attacks: "And what a lot of people don't know, and candidly in small business, you don't really need to know, but a lot of the attackers are subcontracted out to government agencies at different times. and so they could be organized crime that actually is out trying to make money, but at various times, they could be co-opted into a government, to go do hacks or attacks on behalf of the government." — Scott McCrady 00:14:45 Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of The New CISO, Steve is joined by guest Suid Adeyanju, CEO and Co-Founder of RiverSafe Ltd.Although his parents dreamed of Suid becoming a lawyer or a doctor, Suid had a passion for technology. Although his path was challenging, Suid shares how he successfully transitioned from a security engineer to an entrepreneur. Tune into this week's episode to learn more about Suid's early career journey, the mindset differences between engineering and business leadership, and the catalyst for starting his business.Listen to Steve and Suid discuss navigating the corporate ladder and how security professionals can become business leaders:Meet Suid (1:39)Host Steve Moore introduces our guest today, Suid Adeyanju, a security professional and entrepreneur. At RiverSafe Ltd., Suid's team specializes in cyber security, data operations, and demo. Since childhood, Suid wanted to work in technology. Recently, he found his old yearbook from Nigeria and saw that he wanted to be a computer engineer even then. Even though that goal was unusual then, it demonstrates that Suid always wanted to be in technology.At University (6:24)While at university, Suid initially went for computer science and mathematics. After studying accounting for two years, his professor steered him toward business information systems. As much as Suid loves computers, understanding how organizations deliver their services was a better fit. Think About Impact (10:26)Steve and Suid discuss how security leaders need to consider how their security work impacts the business. If leaders focus on making the business secure, they need to work with the business and understand the risks associated with the work.The Transition (13:40)Suid reflects on his transition from engineer to entrepreneur. As an engineer, Suid saw things in black and white. To run his business, he needed a different mindset because there is a difference between working with people versus computers.Workplace Challenges (20:03)Steve presses Suid on his time at Reuters. After two years of contracting, Suid saw that he was stuck in his role while his teammates gained more responsibility. Initially, Suid believed he needed to work harder and gain his master's in information security. Now, he understands that this mindset is common with ethnic minorities and reflects on the challenges he's faced. Valuing Yourself (28:55)Suid realized that this particular work environment did not value the additional education he had gained or the extra work he put in. Without another job lined up, Suid decided to quit.Suid could take this risk because he had made good financial decisions, which gave him enough savings to rely on. Suid also had the proper professional skill set, preparing him to take a chance. Starting A Business (34:24)Suid reveals that this time led him to start his own business. Although it's challenging to transition from engineer to entrepreneur, Suid knew his team was talented and could show value to their customers.The Big Break (38:14)Suid's company got their big break when a senior manager at a major corruption chose to work with them. This manager took a chance on them with a significant project, which set Suid up for future momentum.Sound Advice (43:43)For the listeners who feel that the corporate world is not for them, Suid shares his advice. First, take a course that teaches how to set up a business. Secondly, find a mentor who can share with you valuable insight.The New Security Leader (47:21)To Suid, a new leader focuses on people. One must have empathy and...
Guest: Kevin JohnsonOn Twitter | https://twitter.com/secureideasOn LinkedIn | https://www.linkedin.com/in/kevinjohnson/On Mastodon | https://infosec.exchange/@secureideas________________________________Host: Alyssa MillerOn ITSPmagazine
In this episode, host Raghu Nandakumara sits down with Ryan Fried, Senior Security Engineer at Brooks Running, to discuss the role of cybersecurity in the manufacturing and retail sectors, building a successful Zero Trust program, and the difference between being compliant and being secure. --------“How can we go towards Zero and, I'll say, Zero-ish Trust? Actual Zero Trust is really hard to do, and I think it's really intimidating...But, for instance, what we're talking about is micro-segmentation from a Zero Trust perspective, what is the best bang for our buck that we're gonna get with being the least disruptive?” - Ryan Fried--------Time Stamps* (06:31) Mapping out your risk exposure* (10:44) Striking a balance between good security and “good enough”* (13:03) Compliance in less regulated industries* (17:22) Being compliant vs. being secure* (24:22) Zero-ish Trust in action--------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Ryan on LinkedIn
Guest: Jason HaddixOn Twitter | https://twitter.com/JhaddixOn LinkedIn | https://www.linkedin.com/in/jhaddix/________________________________Host: Alyssa MillerOn ITSPmagazine
How would you react if your data was suddenly at risk? Join us as we dive deep into the world of cybersecurity with Yasmin Abdi, a security engineering leader at Snap. We explore the importance of a proactive approach to data security and what it takes to become an expert in this ever-evolving field, from Yasmin's experiences interning at Google and Meta, to her passion for teaching computer science to young black and brown kids.Discover the role of identity and access management in a robust security strategy, and learn how misconceptions about it can lead to vulnerabilities. Yasmin shares her insights on the critical need for multiple forms of authentication and staying ahead of cyber threats. As we navigate through the complex landscape of the tech industry, we also discuss the unique challenges faced by Black professionals and the benefits of finding support in a diverse community.Get ready for an inspiring conversation as we reflect on the value of internships in shaping one's career path and the lessons Yasmin gained from her time at Snapchat, Google, and Facebook. We'll wrap up with some tips on maintaining a work-life balance, staying positive in times of uncertainty, and the importance of staying up to date with the latest trends in cybersecurity. Don't miss this opportunity to gain valuable insights and advice from an industry leader!Support the showIf you enjoyed the show don't forget to leave us a 5 star review, to help with the algorithm :) Email: henridavis@thetechtualtalk.com➡️ Get your coaching, new resume, and more here: https://techualconsulting.com/offerings ➡️ Start your cybersecurity career with Springboard's Cybersecurity Bootcamp The bootcamp is 6-months, designed for beginners and taught by industry professionals. With a comprehensive curriculum covering cybersecurity fundamentals ,with 66 projects to complete before graduation, you'll gain hands-on experience to impress future employers, and get a security+ certification. Springboard is so confident in their program that they offer a money-back guarantee if you don't find a role within 6 months of graduating. Sign up now with the link below and my code Techtual to get $1000 off your bootcamp price https://www.springboard.com/landing/influencer/techtual/ ➡️ If you're ready to get a career in Tech sales or start your IT career, then check out Course Careers! Tech Sales is one of the outlier careers that makes it easier to make 6 figures at your first tech job. ➡️ Use this link and my coupon code to get started today ...
Guest: Liz MillerOn Twitter | https://twitter.com/lizkmillerOn LinkedIn | https://www.linkedin.com/in/lizkmiller/________________________________Host: Alyssa MillerOn ITSPmagazine
On today's episode of The Cybersecurity Defenders Podcast we are joined by security engineer Adnan Khan to talk about securing the build pipeline and explore some common vulnerabilities in enterprise Github configurations.Organizations using GitHub Actions with self-hosted runners are at risk of attackers gaining an internal network foothold from the Internet if they compromise one developer's personal GitHub access token. Key configuration adjustments can secure these pipelines and limit the damage from a breach.Adnan's talk at BSidesSF: Securing the Pipeline: Protecting Self-Hosted HitHub RunnersThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Yasmin Abdi, a Security Engineering Manager at Snapchat and the CEO and Founder of NoHack, sits down to share her story on how she got to be in her amazing current roles. From a young age, Yasmin was fascinated by the overlap of cybersecurity and crime and law. In her time in college, she was able to intern at big tech companies like Snapchat, Google, and Facebook. She decided to stick with Snapchat, which had the security aspect and security composure that she wanted. In her role at Snapchat, she gets to work with her team to help take down all kinds of bad content and keep up the platform's integrity, and found she fell in love with the work along the way. Yasmin shares the sage advice to grow your community as much as you can, saying to"form a community of like-minded people. People that you can bounce ideas off of, people that can help support you when times are low. Find mentors, find people that you aspire to be like, and really find that community of people." We thank Yasmin for sharing her story.