Podcasts about senior security architect

  • 27PODCASTS
  • 35EPISODES
  • 34mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • May 27, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about senior security architect

Latest podcast episodes about senior security architect

Explain IT
Cyber Automation and Burnout

Explain IT

Play Episode Listen Later May 27, 2025 32:04


Ever wondered how we can stay ahead of cyber threats without burning out? On this edition of Explain IT, we're talking about the leveraging of advanced technology to automatically detect, investigate, and respond to cyber threats, reducing the need for constant human intervention that could lead to burnout. It's all about enhancing efficiency, speed, and accuracy in cybersecurity operations. This week, Ashleigh Baker is guest host. She is the team leader in Softcat's Architecture Services. Think of Cyber Automation as having a tireless, digital watchdog that never sleeps. With the help of our experts; Patrick Bayle, SecOps Consultant Manager at Palo Alto, and Softcat's Senior Security Architect, Mark Williams, we're talking about training that watchdog!Softcat's Explain IT podcast is the place where we discuss, debate and demystify tech in simple jargon free language.For more information visit softcat.comThis podcast is produced by The Podcast Coach. Hosted on Acast. See acast.com/privacy for more information.

TechSperience
Episode 137: Quantum Computing Threats and Countermeasures

TechSperience

Play Episode Listen Later May 5, 2025 23:43


Quantum computing represents a significant shift in computational power, offering both opportunities and challenges for securing sensitive data. Join the Connection Security Center of Excellence team as we delve into the transformative threats that quantum computing poses for cybersecurity and the countermeasures we should be considering to address those threats. We'll explore the fundamentals of quantum computing, including concepts like qubits, superposition, and entanglement, and how these principles can enhance encryption and threat detection. Quantum cryptography, quantum random number generation, and quantum machine learning are some of the promising applications that could revolutionize device security. However, quantum computing also poses risks to traditional cryptographic methods, potentially compromising data integrity, authentication protocols, and long-term data security. We'll discuss the need for quantum-resistant cryptographic algorithms and the importance of transitioning to quantum-safe technologies to protect against future quantum-enabled threats. Join us as we navigate the exciting yet complex landscape of quantum computing and security, highlighting the advancements, challenges, and future directions that will shape the approach to cybersecurity in the quantum era.  Speakers John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection   Kimberlee Coombes, Security Solution Architect, Connection Lindsay Nelmes, Microsoft Solution Sales Executive, Connection Show Notes 00:00 Introduction to Quantum Computing and Cybersecurity 02:31 Real-World Impacts of Quantum Computing 04:49 The Timeline for Quantum Threats 06:29 Industries at Risk and Proactive Measures 08:36 Understanding Quantum Resistant Algorithms 09:59 Leveraging Quantum for Cybersecurity Improvements 12:08 AI and Quantum Computing Synergy 14:07 Microsoft's Role in Quantum Security 15:30 Future Milestones in Quantum Computing 18:02 Misconceptions About Quantum Computing 20:12 Final Thoughts and Takeaways For more information on how to better secure your environment, visit Connection.com/Cybersecurity.

TechSperience
Episode 135: Unveiling the Hidden Threats in Hyperconnected Healthcare (A Cyber-Thriller's Take on IoMT Security)

TechSperience

Play Episode Listen Later Feb 18, 2025 19:31


In a world where hospitals rely on interconnected medical devices to save lives, there are continuous hidden vulnerabilities lurking beneath the surface. This podcast dives into the realities of IoMT security with John Chirillo, Principal Security Architect and author of the newly released novella Silent 1ntrusions, alongside cybersecurity expert Rob Di Girolamo, to break down the threats, the lessons, and what we can do to defend against them. We'll delve into topics Silent 1ntrusions' main character, Dr. Kristi Chiro experiences as she battles a relentless hacker. A pacemaker's glitch, insulin pumps go haywire, and an entire hospital teeters on the edge of collapse. In an era of hyperconnected healthcare, how safe are we really? Speakers: John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection Kimberlee Coombes, Security Solution Architect, Connection Show Notes:  00:00 Introduction to IOMT Security and Silent Intrusions 02:46 Real-World Inspirations Behind Silent Intrusions 06:10 Exploring IOMT Vulnerabilities in Healthcare 08:49 Challenges in Securing IOMT Devices 11:46 Attack Scenarios and Realistic Threats 14:50 Key Takeaways for Healthcare Professionals 18:08 Future Threats in Healthcare Security

TechSperience
Episode 134: AIOps – The Future of Threat Detection and Response

TechSperience

Play Episode Listen Later Jan 29, 2025 27:34


Artificial intelligence for IT security operations (AISecOps) is revolutionizing cybersecurity. In this episode, we discuss how AI and machine learning are used to analyze IT data, allowing organizations to: Proactively identify and respond to threats: Detect anomalies, predict outages, and automate incident response. Improve efficiency: Streamline security operations and optimize resource allocation. Enhance threat detection: Uncover complex attack patterns and stay ahead of emerging threats. We'll cover real-world applications of AISecOps, the challenges in implementing this technology, and future trends in AI-driven security. Finally, we'll provide actionable insights for organizations looking to strengthen their security posture with AISecOps. Speakers: John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection Kimberlee Coombes, Security Solution Architect, Connection Show Notes:  00:00 Introduction to AIOps and Cybersecurity 03:07 The Role of AIOps in Threat Detection 06:01 Adapting to Evolving Cyber Threats 08:58 AI in Proactive Threat Hunting 11:55 Challenges in AIOps: False Positives and Data Quality 14:51 The Future of AIOps and Self-Healing Systems 17:45 AI and Zero Trust Strategies 21:07 AIOps for Small and Medium Businesses 23:52 Final Thoughts and Recommendations

TechSperience
Episode 133: From Chaos to Clarity – AI Security Tools at Work

TechSperience

Play Episode Listen Later Dec 19, 2024 26:26


In this episode, our Security Center of Excellence team delves into a real-world cybersecurity mystery and its unexpected solution. This incident is a perfect storm, highlighting the complexities of modern IT environments and how seemingly unrelated actions can cascade into significant business disruptions and major security incidents. But here's where it gets fascinating: what appeared to be a sophisticated cyber-attack turned out to be something far more mundane, yet equally dangerous. The hero of this story is an AI-powered assistant, still in its proof-of-concept phase, that cracked the case. Join us as we unravel the mystery of the Phantom Brute Force attack and the AI detective that solved it. This isn't just a mere cautionary tale about the complexities of modern IT environments; it serves as a stark reminder of how easily security can be compromised in unexpected ways. Speakers: John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection Kimberlee Coombes, Senior Security Architect, Connection Show Notes: 00:00 Introduction to Cybersecurity Challenges 01:02 The Incident Unfolds: A Case Study 03:51 Utilizing AI Tools for Incident Resolution 10:29 The Role of AI in Cybersecurity 15:35 Bridging Theory and Practice in Cybersecurity 18:00 Best Practices: Hard-Coded Passwords and Change Management 23:43 Empowering Users with AI Tools  

AI in Action
Hacking generative AI: Limiting security risk in the age of AI

AI in Action

Play Episode Listen Later Nov 26, 2024 22:28


While 81% of executives stress the importance of secure and trustworthy AI, only 24% of AI projects are secure. Is it ever ok to prioritize innovation over security when it comes to AI? Listen to Chris Thompson, Global Head of IBM X-Force Red, and Moumita Saha, Senior Security Architect at AWS talk about the generative AI attack surfaces, risks and how we can secure AI models. The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

TechSperience
Frontline Cybersecurity: Trends, Impacts, and Zero Trust Insights

TechSperience

Play Episode Listen Later Nov 25, 2024 34:26


In the ever-evolving world of cybersecurity, staying ahead isn't just an option—it's a necessity. In this episode, we peel back the layers of the latest attack vector trends and take you into the heart of a recent cyber incident that challenged conventional defenses. This isn't just about technology; it's about the human element—everyday people navigating an invisible battlefield.  We'll break down the anatomy of a sophisticated malware attack that slipped past traditional security measures with ghost-like precision. Discover the tools, strategies, and decisions that led to its eventual detection, containment, and remediation.  Beyond the technical deep dive, we'll explore the critical role of Zero-Trust principles in building resilient defenses and highlight how fostering a culture of awareness and vigilance can be the ultimate game-changer. Whether you're an industry veteran or just starting your cybersecurity journey, this episode is packed with insights and actionable takeaways to fortify your defenses and stay ahead of emerging threats. Speakers: John Chirillo, Principal Security Architect, Connection Rob Di Girolamo, Senior Security Architect, Connection Pam Kennedy, Senior Cybersecurity Engineer, Connection Kevin Knapp, Senior Cybersecurity Engineer, Connection Show Notes: 00:00 Introduction to Cybersecurity Trends 02:50 Ransomware Evolution and Tactics 06:07 AI's Role in Cyber Threats 09:01 Critical Infrastructure Vulnerabilities 11:52 Supply Chain and Vendor Attacks 15:11 Identity-Based Attacks and Authentication Challenges 18:05 Key Takeaways for Organizations 20:57 Case Study: The Wave Browser Incident 27:12 Post-Incident Analysis and Lessons Learned

ITSPmagazine | Technology. Cybersecurity. Society
The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Sep 14, 2024 24:19


Guest: Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future [@RecordedFuture]On Linkedin | https://www.linkedin.com/in/allan2On Twitter | https://twitter.com/uuallan____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses.The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean's engagements.Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations.A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack.The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes.The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference.In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics.____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasOn YouTube:

Redefining CyberSecurity
The Ransomware Threat and the Resilience Imperative | A HITRUST Collaborate 2024 Conversation with Allan Liska | On Location Coverage with Sean Martin and Marco Ciappelli

Redefining CyberSecurity

Play Episode Listen Later Sep 14, 2024 24:19


Guest: Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future [@RecordedFuture]On Linkedin | https://www.linkedin.com/in/allan2On Twitter | https://twitter.com/uuallan____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this episode of the On Location with Sean and Marco podcast, recorded for the HITRUST Collaborate Conference in Dallas, TX, hosts Sean Martin and Marco Ciappelli engage in a dynamic conversation around the theme of cybersecurity in healthcare, specifically focusing on ransomware resilience. Sean and Marco are joined by Allan Liska for an insightful discussion on the current state of ransomware and the importance of proactive defenses.The episode begins with Sean and Marco acknowledging the hectic nature of their schedule, emphasizing their excitement for the upcoming events. Sean mentions his active participation at the HITRUST conference, working closely with risk management and compliance experts, while Marco expresses his envy yet supports Sean's engagements.Allan Liska, the guest of this episode, brings a wealth of knowledge as an intelligence analyst specializing in ransomware research at Recorded Future. Allan delineates the ongoing challenges faced by organizations, particularly in healthcare, in mitigating ransomware threats. He highlights the increase in law enforcement activities targeting ransomware groups, which has led to more internal drama within the cybercriminal community, making the topic more relatable and urgent for organizations.A substantial part of the conversation revolves around the significance of tabletop exercises in preparing organizations for ransomware incidents. Allan stresses that effective tabletop exercises must involve representatives from across the entire organization, ensuring comprehensive preparedness. The exercises should be engaging and realistic, incorporating lessons learned to update incident response plans continually. Allan also recommends keeping out-of-band communication methods ready, such as using Signal, to ensure seamless operations during a ransomware attack.The importance of leadership buy-in is underlined, with Allan explaining how having senior leaders understand and support these exercises can significantly enhance the overall security posture. The discussion touches on common pitfalls, such as the assumption that backups alone will suffice, highlighting the necessity of regular, holistic testing of recovery processes.The hosts also reflect on the collaborative aspect of the HITRUST conference, noting that it provides an invaluable opportunity for participants to network, share best practices, and learn from each other's experiences. That's precisely the spirit Allan hopes to capture during his session at the conference.In conclusion, this episode is a deep dive into the complexities of ransomware defense, offering practical advice and underscoring the collective effort required to protect healthcare systems against cyber threats. Sean and Marco invite listeners to stay engaged and informed through their podcast series, promising more enlightening discussions on critical cybersecurity topics.____________________________This Episode's SponsorsHITRUST: https://itspm.ag/itsphitweb____________________________Follow our HITRUST Collaborate 2024 coverage: https://www.itspmagazine.com/hitrust-collaborate-2024-information-risk-management-and-compliance-event-coverage-frisco-texasOn YouTube:

Hashtag Realtalk with Aaron Bregg
Episode 96 - The 'Unnatural' Side of Security Sales - Buyers Beware!

Hashtag Realtalk with Aaron Bregg

Play Episode Listen Later Nov 15, 2023 40:24


*Disclaimer* Thoughts and opinion in this episode are solely myself or my guests and not necessarily reflective of our employers.In this episode I had a chance to sit down with Matt Nelson and do the podcast from a very cool location.  Matt is a Senior Security Architect for Guidepoint Security. The topic of our rant was centered around all of the things 'wrong' with cybersecurity sales and why it hurts everyone.Talking Points Include:Ineffective Bad Behavior - You are doing you and your company a disservice Improper In-person Event EtiquetteDo Social Engineering for Good!What you as a Customer can do to help set expectationsThe importance of building relationshipsSpecial shout outs to Maril Vernon, Michelle Beracy and Anthony Coggins!

sales security buyers unnatural matt nelson expectationsthe senior security architect guidepoint security
Dark Mode Podcast
#51 - Defending Against Digital Extortion & Ransomware - Allan Liska

Dark Mode Podcast

Play Episode Listen Later Jun 11, 2023 51:11


In this episode @GabeMarzano & @BenSullivan host Allan Liska who is a Senior Security Architect & Ransomware Specialist at Recorded Future. With 20+ years of experience in information security, Allan has helped many companies improve their security posture through intelligence and ransomware-related counsel. Allan also sits on national ransomware task forces, speaks at global conferences, and is the author of various best-selling books on intelligence, ransomware and digital extortion. // SUPPORT THIS CHANNEL //

Secure Talk - Cybersecurity
The Endpoint Management Vulnerability Gap

Secure Talk - Cybersecurity

Play Episode Listen Later Mar 23, 2023 46:50


Graham Brooks, Senior Security Architect at Syxsense, discusses the recently released research from Syxsense and Enterprise Strategy Group (ESG) that shows that unmanaged device utilization is resulting in an increasing number of security incidents. Graham also talks about the "must haves" for any endpoint management platform and explains how IoT devices, including those with a Human-Machine Interface (HMI), can be managed. Syxsense https://www.syxsense.com/ The Secure Talk Cybersecurity Podcast https://securetalkpodcast.com/

vulnerability iot endpoint management senior security architect
Cloud Ace
Joshua Makinen: Building and Breaking Secure DevOps

Cloud Ace

Play Episode Listen Later Nov 2, 2022 43:01


Brandon Evans reunites with his former co-worker, Josh, a Senior Security Architect at Snowflake, as they discuss how to build security into DevOps organizations and how he was able to identify vulnerabilities in cloud DevOps tooling.Our Guest - Joshua MakinenJoshua Makinen is a security expert based out of Seattle who has been working in security design and penetration testing for 6 years. Currently, he works with Snowflake to decompose and mitigate the risks associated with Snowflake's infrastructure and public-facing offerings as a Data Cloud. During his time as a Security Consultant with NCC Group, he was exposed to a multitude of different organizations and was fascinated by the wide variety of problems they faced, technologies they used, and the approaches to cloud security they chose as a result. While much of his career accomplishments are not public, he once released a container image registry scanning tool called go-pillage-registries and also (accidentally) discovered and responsibly disclosed a couple of high-severity bug-bounty findings and CVE-2021-3583 in Ansible. Internal threats to an organization's supply chain and management interfaces for sensitive environments remains as one of Josh's favorite topics to consider in security. Follow JoshuaTwitterLinkedInWebSponsor's Note:Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs.Focus on where the cloud is going, not where it is today. Your organization is going to need someone with SPONSER NOTE: Support for Cloud Ace podcast comes from SANS Institute. If you like the topics covered in this podcast and would like to learn more about cloud security, SANS Cloud Security curriculum is here to support your journey into building, deploying, and managing secure cloud infrastructure, platforms, and applications. Whether you are on a technical flight plan, or a leadership one, SANS Cloud Security curriculum has resources, training, and certifications to fit your needs. Focus on where the cloud is going, not where it is today. Your organization is going to need someone with hands-on technical experience and cloud security-specific knowledge. You will be prepared not only for your current role, but also for a cutting-edge future in cloud security. Review and Download Cloud Security Resources: sans.org/cloud-security/ Join our growing and diverse community of cloud security professionals on your platform of choice: Discord | Twitter | LinkedIn | YouTube

Dark Rhino Security Podcast
SC S7 E7 Imposter Syndrome

Dark Rhino Security Podcast

Play Episode Listen Later Sep 9, 2022 54:55


#SecurityConfidential #DarkRhinoSecurity Rafael is a Mentor, Motivational Speaker, Veteran, and an accomplished information and cybersecurity executive. He has many skills such as Risk Mitigation, Encryption, Vendor Collaboration, and PCI/DSS. Rafael has worked as an IT security manager and Principal Information Security Analyst for Lowes, vCiso of Fortalice Solutions, and Senior Security Architect for Sirius Computer Solutions. He is the Founder of RAYA Cyber Solutions LLC and Co-Founder of Carolinas CISO RoundTable. 00:00 Introduction 01:30 Rafaels Background 05:40 How Rafael remained positive 08:00 Motivation for everyone 09:40 Imposter Syndrome 12:20 Firing up that ego 14:00 How to motivate yourself 16:08 “It takes an entire village to keep your data safe” 21:44 Keeping Employees/Humans aware 29:41 Vulnerabilities 32:35 Friction Security 36:00 Target breach 39:29 Third Party Risk 43:30 Zero Trust and SASE 45:50 Corporate Failure 51:08 Personal Failure 53:03 Connecting with Rafael To learn more about Rafael visit https://www.linkedin.com/in/rafael-nunez-jr-167347148/ To learn more about Dark Rhino Security visit https://www.darkrhinosecurity.com SOCIAL MEDIA: Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio! Instagram: https://www.instagram.com/securityconfidential/ Facebook: https://m.facebook.com/Dark-Rhino-Security-Inc-105978998396396/ Twitter: https://twitter.com/darkrhinosec LinkedIn: https://www.linkedin.com/company/dark-rhino-security Youtube: https://www.youtube.com/channel/UCs6R-jX06_TDlFrnv-uyy0w/videos

ITSPmagazine | Technology. Cybersecurity. Society
A Conversation With Podcaster And Senior Security Architect Chris Glanden | The Hacker Factory Podcast With Phillip Wylie

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Aug 12, 2022 36:36


While Chris shares is journey into cybersecurity, his advice on getting started, we take a deep dive into podcasting. Content creation has become a great resource in helping people get into the field of cybersecurity, and Chris shares his experience and advice on podcasting and content creation._______________________GuestChris GlandenFounder and Host of BarCode PodcastOn Twitter | https://twitter.com/ChrisGlitzOn LinkedIn | https://www.linkedin.com/in/chrisglanden/______________________HostPhillip WylieOn ITSPmagazine  

The Hacker Factory
A Conversation With Podcaster And Senior Security Architect Chris Glanden | The Hacker Factory Podcast With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Aug 12, 2022 36:36


While Chris shares is journey into cybersecurity, his advice on getting started, we take a deep dive into podcasting. Content creation has become a great resource in helping people get into the field of cybersecurity, and Chris shares his experience and advice on podcasting and content creation._______________________GuestChris GlandenFounder and Host of BarCode PodcastOn Twitter | https://twitter.com/ChrisGlitzOn LinkedIn | https://www.linkedin.com/in/chrisglanden/______________________HostPhillip WylieOn ITSPmagazine  

Hybrid Identity Protection Podcast
Is Cloud Security an Oxymoron

Hybrid Identity Protection Podcast

Play Episode Listen Later Aug 11, 2022 19:42


Is cloud security an oxymoron? In this panel session, originally recorded at the inaugural HIP Europe event, Sean Deuby talks with Semperis Chief Technologist Guido Grillenmeier; Jorge de Almeida Pinto, Lead Identity/Security Consultant, IAM Technologies; Tony Redmond, Owner and Principal at Redmond & Associates; and Jan De Clercq, Senior Security Architect and Distinguished Technologist at Hewlett Packard Enterprise. Listen in as they discuss the evolution of enterprise trust in cloud security and the effect of cloud-service breaches on user trust.

owner principal oxymoron cloud security hewlett packard enterprise senior security architect distinguished technologist
Hybrid Identity Protection Podcast
Is Cloud Security an Oxymoron?

Hybrid Identity Protection Podcast

Play Episode Listen Later Aug 11, 2022 19:43


Is cloud security an oxymoron? In this panel session, originally recorded at the inaugural HIP Europe event, Sean Deuby talks with Semperis Chief Technologist Guido Grillenmeier; Jorge de Almeida Pinto, Lead Identity/Security Consultant, IAM Technologies; Tony Redmond, Owner and Principal at Redmond & Associates; and Jan De Clercq, Senior Security Architect and Distinguished Technologist at Hewlett Packard Enterprise. Listen in as they discuss the evolution of enterprise trust in cloud security and the effect of cloud-service breaches on user trust.

Smart Energy International Podcast
Episode #18: Cybersecurity and utilities - how to solve and prevent cyber attacks

Smart Energy International Podcast

Play Episode Listen Later Oct 1, 2021 35:08


As electricity systems around the world digitalise in order to transition to renewable energy sources, they become increasingly vulnerable to cybersecurity attacks. How do we address these cyber security vulnerabilities? Experts from Networked Energy Services (NES), OSGP Alliance and the Danish utility Cerius share their insights in this podcast episode. Policymakers and utility operators are fighting a much-sophisticated battle in order to keep any potential threat far away from their systems and customers. Which are the most common threats and what is the new profile of your average cybercriminal? And more importantly, is your utility ready to prevent a cyberattack? Our host, Smart Energy International editor and Enlit Europe content director, Areti Ntaradimou, speaks with: Jon Wells | Chairman of the OSGP Alliance | Technical Committee The OSGP is a global non-profit association dedicated to promoting the adoption of the Open Smart Grid Protocol (OSGP) and infrastructure for smart grid applications towards a future proof modern smart grid. Jon has 25 years of experience in the telecommunications industry, moving into the similar industry of smart grid a 5 years ago. Through this time, Jon was involved in helping telecommunications network operators align to the relevant O&M standards, including TeleManagement Forum (TMF) and IT Infrastructure Library (ITIL). He can bring the experience of the telecommunications industry into the arena of smart grids, quickly drawing upon the parallels to assess opportunities for cost reduction, efficiency improvement and customer experience improvement through the application of standards and use this to develop relevant and practical business cases for DSOs. Jon has held director roles in technical consulting, business consulting, and business development and is currently VP of Customer Solutions for Networked Energy Services. Emil Gurevitch | Senior Security Architect | Networked Energy Services (NES) Emil is a member of the OSGP Alliance, the global non-profit association dedicated to the adoption of the Open Smart Grid Protocol. He helps promote, architect, and deploy secure smart grids. Emil has over 18 years of experience in identifying and remediating cybersecurity vulnerabilities in critical systems, most recently in power grids. Emil was Smart Grid Security Lead at a large utility in Europe, helped develop cryptographic security solutions at IBM, and holds an MSc in Computer Science specialising in Information Security. Today, he is Senior Security Architect at NES, where he helps develop secure Smart Grid products and threat detection solutions. Bo Danielsen | Head of Metering and Installation | Cerius Bo has been in the utility industry for the last 10 years working on the implementation and rollout of smart meters and relates headend and MDM systems. He has a technical background as a certified electrician and has been working in the industry for his entire 30 years career in different positions. He also holds a bachelor degree on the commercial and business side Today, Bo serves as Head of Meters and Installations at th Danish utility Cerius and is responsible for 1,4 million meters together with the customers' support. This podcast is brought to you in partnership with Networked Energy Services (NES). More about cybersecurity To learn more about defending the smart grid from cyber attacks in six st

OldGuyTalksToMe
96. Hacking Into The Secret Service, Bryan Seely

OldGuyTalksToMe

Play Episode Listen Later Aug 18, 2021 38:09


  Bryan Seely is a world-famous hacker, Cybersecurity expert, author, international keynote speaker and former U.S. Marine. Seely became one of the most famous hackers in 2014 when he became the only person to ever wiretap the United States Secret Service and FBI. Shockingly he told the 2 agencies before he was caught, and instead of being sent to maximum security prison, the Secret Service called him a hero and praised his courage and integrity.   He has appeared in the New York Times, Wall Street Journal, Washington as well as television appearances on Closing bell on CNBC, CNN, FOX News, ABC, NBC and TMZ with Harvey Levin. Bryan is passionate about fighting for consumers rights, privacy and educating the public about how to stay safe in a constantly changing technology landscape. He currently works as a Senior Security Architect for Cyemptive Technologies and is the cofounder / CISO of a startup named Mobileyme. Bryan is also professional keynote speaker, podcast host and full-time single father of 2 usually-adorable children.  Hackers and criminals are proving to be increasingly effective at breaching corporate networks and gaining footholds. Many companies that are hit with ransomware were not ready and the rate that companies are paying out millions is going up at a steady pace.   Whether you are a small business or a large multi-national conglomerate, your company is a target.   Learn how to significantly reduce your risk to the most prominent attacks that your company faces so that you can sleep more peacefully at night.    Connect with Bryan Seely: www.bryanseely.com     Testimonials: “Bryan, Thanks for making me safer! ”  -Steve Young – Hall of Fame Quarterback 2005, San Francisco 49ers & Founder HGGC  “I like working with them [Bryan and team] . They look to help rather than exploit. We have learned from them and I think their experience will be valuable to other app publishers and networks as well.”  -Mark Cuban Owner of Dallas Mavericks & Star of Sharktank on ABC    "Bryan is an outstanding addition to the MGT Hacker Advisory Board as a renowned ethical hacker. He thinks entirely out of the box, and has consistently looked to leverage his skills for the good of society"  -John McAfee Founder of McAfee Antivirus and Technology Icon    Keto Diet/Intermittent Fasting/ Vegan Friendly Wine  Get a bottle for a penny with your initial order using this link  Go Here www.oldguytalks.com/dryfarms    Questions asked: What is the most important thing you've done today? How did you get into cyber security?  What is the danger in doing a Google search and what is map jacking?  Talk about the locksmith scam, can you tell us anything about Mark Baldino's law suit against Google?  How do people create bogus Google listings?  What is Google doing to protect customers?  You had to use your skills to rescue your daughter. Tell us about that.  Tell us about your book.    Contact Orest: Website: https://www.oldguytalks.com/ Facebook: https://www.facebook.com/orest.kman https://www.facebook.com/oldguytalks Instagram: https://www.instagram.com/oldguytalks/ Twitter: https://twitter.com/oldguytalks Youtube: https://www.youtube.com/results?search_query=orest+k-man LinkedIn: https://www.linkedin.com/in/orestkomarnyckyj?lipi=urn%3Ali%3Apage%3Ad_flagship3_profile_view_base_contact_details%3Baip2cJZmSwC4cjkwclnYGg%3D%3D     #oldschool #guy #men #dude #male #gentleman #masculinity #masculine #manhood #antiaging #gentlemanmodern #gentlemanlife #gentlemanrules #gentlemanguide #podcasterthoughts #podcastersoninstagram #podcasterslife #relationshippodcast #fitnessworldwide #podcastersofig #podcastersunite #podcastersofcolor #sexpodcast #babyboomerstyle #fitnesspodcast #agingwell #podcasthost #podcastlove #podcastshow #sixfigures #sixfigureincome #betterlifestyle 

The Azure Security Podcast
Zero Trust at Microsoft

The Azure Security Podcast

Play Episode Listen Later Jul 28, 2021 46:18


In this episode Michael, Sarah, Gladys and Mark talk with guest Carmichael Patton, a Senior Security Architect in the Digital Security and Resiliency group at Microsoft about Microsoft's journey to Zero Trust and some of the lessons learned along the way.We also discuss Azure Security news about: Azure Sentinel, Azure Automation, Azure SQL DB and Always Encrypted withe Secure Enclaves, App Insights, App Service and Functions, Azure Active Directory, Azure Firewall, Azure Kubernetes Service, Azure Security Center, Azure Bastion. Mark also talks about some Open Group actitivites and recent Microsoft security acquisitions.

Risky Business
Risky Business #623 -- Ransomware threatens US energy security

Risky Business

Play Episode Listen Later May 12, 2021


On this week’s show Patrick Gray, Adam Boileau and Chris Krebs discuss the week’s security news, including: An analysis of the Colonial pipeline ransomware attack More ransomware news UK and US expose APT29’s preferred exploits (again) IntrusionTruth drops a new post 128m Apple devices were hit by XCodeGhost Much, much more This week’s sponsor interview is with Aaron Parecki, a Senior Security Architect at Okta. He’s also been a spec editor and member of the oath working group at IETF for nearly 11 years, so he knows a thing or two about OAuth. He’ll be joining me after the week’s news to talk through the latest OAuth guidance the IETF is going to release. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Biden: No evidence Russian government is involved in Colonial ransomware attack | The Record by Recorded Future 15% of 2020 ransomware payments carried a sanctions violations risk | The Record by Recorded Future A Closer Look at the DarkSide Ransomware Gang – Krebs on Security US fuel pipeline hackers 'didn't mean to create problems' - BBC News FBI blames DarkSide ransomware operators for Colonial Pipeline incident - CyberScoop Experts suggest French insurer AXA's plan to shun ransomware payouts will set a precedent - CyberScoop US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules - CyberScoop Pipeline Hackers Say They’re ‘Apolitical,’ Will Choose Targets More Carefully Next Time Ransomware Infection on Colonial Pipeline Shows Potential for Worse Gas Disruption - Zero Day The Colonial Pipeline Hack Is a New Extreme for Ransomware | WIRED City of Tulsa hit by ransomware over the weekend | The Record by Recorded Future Wave of Avaddon ransomware attacks triggers ACSC, FBI warning | The Record by Recorded Future Ransomware crooks post cops’ psych evaluations after talks with DC police stall | Ars Technica Court Authorizes Service of John Doe Summons Seeking Identities of U.S. Taxpayers Who Have Used Cryptocurrency | OPA | Department of Justice UK and US share more vulnerabilities exploited by Russia's APT29 hackers | The Record by Recorded Future Intrusion Truth details work of suspected Chinese hackers who are under indictment in US SolarWinds says fewer than 100 customers were impacted by supply chain attack | The Record by Recorded Future US spy agencies review software suppliers' ties to Russia following SolarWinds hack Apple Execs Chose to Keep a Hack of 128 Million iPhones Quiet | WIRED 'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani FragAttacks: Security flaws in all Wi-Fi devices WiFi devices going back to 1997 vulnerable to new Frag Attacks | The Record by Recorded Future An estimated 30% of all smartphones vulnerable to new Qualcomm bug | The Record by Recorded Future New TsuNAME bug can be used to DDoS key DNS servers | The Record by Recorded Future Google to make multi-factor authentication its default mode Chinese military unit accused of cyber-espionage bought multiple western antivirus products | The Record by Recorded Future Data leak makes Peloton’s Horrible, No-Good, Really Bad Day even worse | Ars Technica DOD expands vulnerability disclosure program, giving hackers more approved targets Google and Mozilla will bake HTML sanitization into their browsers | The Daily Swig Scammer Used Fake Court Order to Take Over Dark Web Drug Market Directory

20 Minute Leaders
Ep382: Bryan Seely | Senior Security Architect & Evangelist, Cyemptive Technologies Inc

20 Minute Leaders

Play Episode Listen Later Apr 19, 2021 23:48


Bryan is an international keynote speaker, world-famous hacker, Cybersecurity expert, author and former U.S. Marine. Seely became one of the most famous hackers in 2014 when he became the only person to ever wiretap the United States Secret Service and FBI. Shockingly he told the 2 agencies before he was caught, and instead of being sent to a maximum-security prison, the Secret Service called him a hero and praised his courage and integrity. 

SecTools Podcast Series
SecTools Podcast E23 With Steve Springett

SecTools Podcast Series

Play Episode Listen Later Oct 18, 2020 24:31


Steve Springett is the Senior Security Architect at ServiceNow, Chicago. Steve educates teams on the strategy and specifics of developing secure software. He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill-of-material specification, and participates in several related projects and working groups.- https://dependencytrack.org/- https://cyclonedx.org/- https://owasp.org/scvs

chicago cybersecurity open source servicenow infosec owasp appsec senior security architect cyclonedx securitytools
Splunk [All Products] 2019 .conf Videos w/ Slides
Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

Splunk [All Products] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146225 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker security stage ground fraud automation phantom compliance slides ignition opm shellshock brandon robinson senior security engineer senior security architect cyber security engineer luke summers level good track security splunk phantom
Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides
Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

Splunk [Security, Compliance and Fraud Track] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146216 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

speaker security stage ground fraud automation phantom compliance slides ignition opm shellshock brandon robinson senior security engineer senior security architect cyber security engineer luke summers level good track security splunk phantom
Splunk [Phantom] 2019 .conf Videos w/ Slides
Splunk Phantom Ignition: Getting Automation Off the Ground and Working for You [Phantom]

Splunk [Phantom] 2019 .conf Videos w/ Slides

Play Episode Listen Later Dec 23, 2019


Did you get more staff for heartbleed? How about Shellshock or the OPM breach? Neither did we. The threat landscape is growing faster than ever and we need to cover more bases without more people. Enter Splunk Phantom: automation and integration for the masses. This session will help you understand what you need to build an effective Phantom ecosystem. I will go over initial strategies, real world examples, and use cases, and we will also take a glance at some more robust development projects that show the power of Phantom's extensibility. Speaker(s) Mhike Funderburk, Senior Security Engineer, Stage 2 Security Brandon Robinson, Senior Security Architect, Stage 2 Security Luke Summers, Cyber Security Engineer, Stage 2 Security Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1949.pdf?podcast=1577146239 Product: Phantom Track: Security, Compliance and Fraud Level: Good for all skill levels

Down the Security Rabbithole Podcast
DtSR - This Just In - OpenText and Reveille Announcement Nov 2019

Down the Security Rabbithole Podcast

Play Episode Listen Later Nov 13, 2019 11:44


Dropping in for a quick announcement - you heard it here first! This week a few different announcements went out from OpenText, but this one caught my attention because it could honestly and truly be a game-changer for security and legal teams when it comes to breaches. Going beyond the typical EDR solution, this announcement may be able to shine light into the questions security and legal professionals need answered in the case of a breach. Check it out.   Official Name: OpenText™ Content Security for EnCase™ by Reveille. Press release: https://www.opentext.com/about/press-releases?id=6A68BD4D22384A45A910DEFBD22BECBD Guests: Paul Shomo, Senior Security Architect, OpenText   Brian Dewyer, CTO, Reveille Software

press dropping cto edr reveille opentext senior security architect encase
Medieblogger
Paneldebat: Blockchain og betalingsmodeller i mediebranchen

Medieblogger

Play Episode Listen Later Sep 6, 2019 83:31


Er blockchain en teknologi, der kan revolutionere mediebranchen, og hvordan vi betaler for indhold? Eller er det en hypet teknologi, der måske kommer til at gøre en forskel andre steder? Det var emnet for denne paneldebat, den 2. september 2019, ved DMJX Festival på Dokk1 i Aarhus. Jeg modererede debatten, og deltagerne var Jonas Lindstrøm (Senior Security Architect, Alexandra Instituttet), Simon Buchwaldt-Nissen (NETS Smart Payments), Jakob Lindmark Frier, (medstifter og chefredaktør, TechSavvy), Jakob Nielsen (chefredaktør, Altinget/Mandag Morgen) og Claes Holtzmann (data- og analyseredaktør, Jysk Fynske Medier).

er blockchain eller jeg aarhus tech savvy jakob nielsen senior security architect dokk1 jonas lindstr
Security Central
1: Her er de alvorlige cybertrusler, du skal være opmærksom på

Security Central

Play Episode Listen Later Aug 10, 2019 36:09


Cybertrusler er her, der og alle vegne. De vokser år for år. Og også helt almindelige danske virksomheder er i fare for at blive ramt – også selvom de reelt bare er tilfældige forbipasserende. Udfordringer er der nok af. Og det samme gælder it-sikkerhedsløsninger, som du hurtigt kan købe dig fattig i. Derfor har vi skabt Security Central, en podcast hvor vi sammen med en række eksperter giver gode råd om de it-sikkerhedsudfordringer, som helt almindelige danske virksomheder oplever. I denne første episode stiller vi skarpt på det aktuelle trusselsbillede. For hvordan ser it-trusselsbilledet ud lige nu for en almindelig dansk virksomhed? Er virus stadig et problem? Og hvad med cryptolockers, politisk motiverede angreb, defacing, DDOS og alle de andre sikkerhedsklassikere? Det ved denne episodes gæst, Christian Dinesen. For Christian arbejder som Senior Security Architect hos NNIT – et af Danmarks største it-firmaer – så læn dig tilbage og lyt med når Christian deler ud af sin store viden om it-sikkerhed. Værter er chefredaktør for Computerworld, Lars Jacobsen og Thomas Damsgaard, Head of Enterprise for Norden og Benelux hos Kaspersky.

The Silicon Valley Insider Show with Keith Koo
Under the Hood of Cyber Crime with John Madigan, Check Point Software

The Silicon Valley Insider Show with Keith Koo

Play Episode Listen Later Mar 1, 2019 37:55


On this week's Silicon Valley Insider, host Keith Koo is joined by guest John Madigan, Senior Security Architect at Check Point Software to talk about some of the latest developments from Check Point Research on the state of Cyber Crime. In summary, cyber crime is ever changing with hackers and bad actors increasingly using more sophisticated techniques to gain unauthorized access to systems and steal information or cause damage to infrastructure. Come hear how Check Point is leading the way in combating Cyber Crime to keep their customers and stakeholders safe. Also hear how important it is to your organization to perform periodic security risk assessments. For more information email us at info@svin.biz On this week's Cyber-Tip, Keith & John answer the question: "Ransomware: To Pay or Not to Pay?" John Madigan of Check Point software gives very practical advice on what you can do to protect yourself. On the Pivot, John give his personal story of how he went from being in the trade association as an electrician to high technology / cyber security. The Silicon Valley Insider Show with Keith Koo Listen Fridays 1-2pm on 1220AM KDOW Silicon Valley | San Francisco Download the podcast at 2pm Friday's Listen and subscribe to the "Silicon Valley Insider" Podcast ahead of time to make sure you don't miss this show. For questions or comments, email: info@svin.biz Be sure to subscribe and listen to the podcast. You can also listen to past podcasts here: Castbox: https://castbox.fm/channel/The-Silicon-Valley-Insider-Show-with-Keith-Koo-id1100209?country=us iTunes: https://itunes.apple.com/us/podcast/the-silicon-valley-insider-show/id1282637717?mt=2 Android, Spotify (and iTunes): https://omny.fm/shows/the-silicon-valley-insider-show Email us at info@svin.biz or find us here: www.svin.biz https://stitchengine.drishinfo.com/index.jsp?sId=15540&source=sh Arifitical Intelligence, AI, Blockchain, Big Data, Data Analytics, Cyberrisk, Information security, VC, Venture Capital, Angel Investments, Fundraising, Capital Raising, Investor, Human Rights, Technology for Good, UN SDGs, Emerging Technology

Vince in the Bay Podcast

Joe gray is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year on social engineering and OSINT.

Down the Security Rabbithole Podcast
DtSR Episode 253 - Defending the Small-to-Medium Enterprise

Down the Security Rabbithole Podcast

Play Episode Listen Later Jul 17, 2017 52:08


On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.   Blue Cross Blue Shield of Alabama sends out USB sticks Security elitists up in arms We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content? To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives So what do we suggest? More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against? https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/ MySpace has a major account password reset flaw, allowing account take-over Wait ... MySpace is still around? But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username How many of our sites have this problem, or worse? https://www.wired.com/story/myspace-security-account-takeover/   This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points: SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer? How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back) Other challenges - including how to achieve scale   Guest: Shon Gerber Current CISO for multinational chemical company with approximately 10K employees Recent Past Security Operations Supervisor for multi-national company 100K employees  Senior Security Architect with multi-national  Air Force Red Team - Squadron Commander Multi-Disciplinary (Physical / Network Penetration Testing of Critical Systems)

FIRST.org Podcasts
2013.4: Gavin Reid & David Jones of Cisco..."Securing Windows"

FIRST.org Podcasts

Play Episode Listen Later May 30, 2013


Chris John Riley interviews a FIRST Program Chair Alumni – Gavin Reid, Manager, Information Security CSIRT at Cisco and David Jones, Senior Information Security Architect at Cisco. Just how difficult is it to secure the Windows OS? Is the system still suffering from legacy issues? The gentlemen jump straight into conversation and provide a preface of their presentation, "Secure Windows—Mitigating Windows Vulnerabilities to Deter APTs." David is a Senior Security Architect for Cisco's InfoSec team leading technical security strategy IT and across the entire enterprise. Gavin is a computer security specialist with more than two decades of experience. Gavin has worked with the gamut of individuals – from leaders in the vanguard of infosec to hackers in the computer underground. Gavin and David present Monday, 17 June @ 16:40 under the Technical Foundations track.

windows cisco securing david jones senior security architect
Down the Security Rabbithole Podcast
Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"

Down the Security Rabbithole Podcast

Play Episode Listen Later Oct 10, 2011 30:04


Synopsis   Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance.  That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind.  While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.   In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work.  Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.   I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship. Guests Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project.  Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com.  Links No links for this podcast...