Podcasts about silver bullet security podcast

Machine Learning appears to have made impressive progress on many tasks including image classification, machine translation, autonomous vehicle control, playing complex games including chess, Go, and Atari video games, and more. This has led to much breathless popular press coverage of Artificial Intelligence, and has elevated deep learning to an almost magical status in the eyes of the public. ML, especially of the deep learning sort, is not magic, however.  ML has become so popular that its application, though often poorly understood and partially motivated by hype, is exploding. In my view, this is not necessarily a good thing. I am concerned with the systematic risk invoked by adopting ML in a haphazard fashion. Our research at the Berryville Institute of Machine Learning (BIIML) is focused on understanding and categorizing security engineering risks introduced by ML at the design level.  Though the idea of addressing security risk in ML is not a new one, most previous work has focused on either particular attacks against running ML systems (a kind of dynamic analysis) or on operational security issues surrounding ML. This talk focuses on the results of an architectural risk analysis (sometimes called a threat model) of ML systems in general.  A list of the top five (of 78 known) ML security risks will be presented. About the speaker: Gary McGraw is co-founder of the Berryville Institute of Machine Learning. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Software Security, Exploiting Software, Building Secure Software, Java Security, Exploiting Online Games, and 6 other books; and he is editor of the Addison-Wesley Software Security series.  Dr. McGraw has also written over 100 peer-reviewed scientific publications. Gary serves on the Advisory Boards of Code DX, Maxmyinterest, Runsafe Security, and Secure Code Warrior.  He has also served as a Board member of Cigital and Codiscope (acquired by Synopsys) and as Advisor to Black Duck (acquired by Synopsys), Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). Gary produced the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine for thirteen years. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean's Advisory Council for the Luddy School of Informatics, Computing, and Engineering.

Gary McGraw is the Vice President of Security Technology at Synopsys, the best-selling author of "Software Security" and 11 other books, and the man behind the Silver Bullet Security Podcast. In this episode, Ben Wilde interviews him about everything from the BSIMM and OWASP Top 10 to software security best practices and how to get companies to start thinking about security early and often. https://www.garymcgraw.com/ https://www.bsimm.com/ https://cybersecurity.ieee.org/center-for-secure-design/ https://www.maxmyinterest.com/

Dr. Gary McGraw is the Vice President of Security Technology at SearchSecurity (http://www.techtarget.com/contributor/Gary-McGraw) , is frequently quoted in the press, and regularly speaks at major cyber security conferences. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Max Financial, NTrepid, and Ravenwhite. He has also served as Advisor to Dasient (acquired by Twitter), Fortify Software (acquired by HP), and Invotas (acquired by FireEye). Gary holds a dual PhD in Cognitive Science and Computer Science from Indiana University where he serves on the Silver Bullet Security Podcast (https://www.garymcgraw.com/technology/silver-bullet-podcast/) for IEEE Security & Privacy Magazine (syndicated by SearchSecurity). Gary is also a self described "alpha geek" and a pioneer in the field of computer security. However, Gary also is a big proponent of life out side of tech. He lives on a farmhouse in Virginia, collects art, plays several musical instruments, an experienced cook, and shares a hobby of mine, craft cocktails. I am truly honored to have him on the show. In this episode we discuss giving back to your community (https://www.garymcgraw.com/life/philanthropy/) , and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Gary: GaryMcgraw.com (https://www.garymcgraw.com) Twitter (https://twitter.com/cigitalgem) Cigital Blog (https://www.cigital.com/blog/author/gem/) Books: Software Security (https://www.amazon.com/gp/product/0321356705/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321356705&linkCode=as2&tag=cybersecur030-20&linkId=417ecc37df732e8ad6383b6c4ec155ae) Exploiting Software (https://www.amazon.com/gp/search/ref=as_li_qf_sp_sr_tl?ie=UTF8&tag=cybersecur030-20&keywords=0201786958&index=aps&camp=1789&creative=9325&linkCode=ur2&linkId=224bfb88103109010acfd8b5cd660acc) Building Secure Software (https://www.amazon.com/gp/product/0321774957/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=0321774957&linkCode=as2&tag=cybersecur030-20&linkId=3df2b736994d4194703778d4bcfa64ea) Java Security (https://www.amazon.com/Java-Security-Gary-McGraw/dp/047117842X/ref=as_sl_pc_qf_sp_asin_til?tag=cybersecur030-20&linkCode=w00&linkId=500e0538eb5e7eb3a8c32a0c6464deaa&creativeASIN=047117842X) Exploiting Online Games (https://www.amazon.com/Exploiting-Online-Games-Massively-Distributed/dp/0132271915/ref=as_sl_pc_qf_sp_asin_til?tag=cybersecur030-20&linkCode=w00&linkId=2b3efa27084aed29604adbe958d64c41&creativeASIN=0132271915) Amazon author page for Gary (http://amzn.to/2ljjgaJ) The Liberal Cocktail 1 1⁄2 oz Rye 1⁄2 oz Sweet vermouth 1⁄4 oz Amer Picon (Note: (https://cybersecurityinterviews.com/contact/) for substitution reccomendations) 1 ds Orange bitters Instructions: Stir, strain, straight up, cocktail glass

As part of our ongoing discussion about the #SDLC and getting security baked in as far left as possible, Joe Gray, host of the  Advanced Persistant Security #Podcast (find it at https://advancedpersistentsecurity.net/), Mr. Boettcher, and I sat down with Dr. Gary McGraw, author of "Software Security: Building Security In" to discuss his book. We are also doing this book as part of the Brakeing Security Book Club (check out our #Slack channel for more information). Gary walks us through the 7 Kingdoms of getting more security in, including doing automated and manual code audits, proper penetration testing of the application at various stages (testing), documentation (if you don't know it works, how can you test it?), and your Security Operations people, monitoring for things once it goes into production.  Also, find out what Chapter he thinks you should skip altogether... the answer may surprise you... :) Join Mr. Gray, Mr. Boettcher, and I for a discussion with a true leader in the software and application security industry. Buy the book on Amazon: https://www.amazon.com/Software-Security-Building-Gary-McGraw/dp/0321356705 Check out Gary's Website at https://www.garymcgraw.com/, and check out Gary's own podcast the Silver Bullet Security Podcast at https://www.garymcgraw.com/technology/silver-bullet-podcast/ Gary's twitter is @cigitalgem Joe Gray's twitter is @C_3PJoe Special deal for our #BrakeSec Listeners: "If you have an interesting security talk and fancy visiting Amsterdam in the spring, then submit your talk to the Hack In The Box Amsterdam conference, which will take place between 10 to 14 April 2017. The Call For Papers (#CFP) is open until the end of December, submission details can be found at https://cfp.hackinthebox.org/. Tickets are already on sale, with early bird prices until December 31st. And the 'brakeingsecurity' discount code gets you a 10% discount". Brakeing Down Security thanks Sebastian Paul Avarvarei and all the organizers of Hack In The Box (#HITB) for this opportunity! Direct Link: http://traffic.libsyn.com/brakeingsecurity/2016-048-Gary_McGraw_Securing_Your_SDLC_and_guest_host_Joe_Gray.mp3 iTunes:  https://itunes.apple.com/us/podcast/2016-048-dr.-gary-mcgraw-building/id799131292?i=1000378548363&mt=2 YouTube: https://www.youtube.com/watch?v=x65yL5_Hpi4 Join our Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969 #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback, or Suggestions?  Contact us via Email: bds.podcast@gmail.com #Twitter: @brakesec @boettcherpwned @bryanbrake #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

As a discipline, software security has made great progress over the last decade. There are now at least 46 large scale software security initiatives underway in enterprises including global financial services firms, independent software vendors, defense organizations, and other verticals. In 2008, Brian Chess, Sammy Migues and I interviewed the executives running nine initiatives using the twelve practices of the Software Security Framework as our guide. Those companies among the nine who graciously agreed to be identified include: Adobe, The Depository Trust and Clearing Corporation (DTCC), EMC, Google, Microsoft, QUALCOMM, and Wells Fargo. The resulting data, drawn from real programs at different levels of maturity was used to guide the construction of the Building Security In Maturity Model (BSIMM). This talk will describe the observation-based maturity model, drawing examples from many real software security programs. A maturity model is appropriate because improving software security almost always means changing the way an organization works---people, process, and automation are all required. While not all organizations need to achieve the same security goals, all successful large scale software security initiatives share common ideas and approaches. Whether you rely on the Cigital Touchpoints, Microsoft's SDL, or OWASP CLASP, there is much to learn from practical experience. Since its March release, the BSIMM is being expanded to include BSIMM Europe, BSIMM II, and BSIMM Lite. Use the BSIMM as a yardstick to determine where you stand and what kind of software security plan will work best for you. About the speaker: company: http://www.cigital.compodcast: http://www.cigital.com/silverbulletpodcast: http://www.cigital.com/realitycheckblog: http://www.cigital.com/justiceleaguebook: http://www.swsec.compersonal: http://www.cigital.com/~gemGary McGraw is the CTO of Cigital, Inc., a software security and quality consulting firm with headquarters in the Washington, D.C. area. He is a globally recognized authority on software security and the author of eight best selling books on this topic. His titles include Java Security, Building Secure Software, Exploiting Software, Software Security, and Exploiting Online Games; and he is editor of the Addison-Wesley Software Security series. Dr. McGraw has also written over 100 peer-reviewed scientific publications, authors a monthly security column for informIT, and is frequently quoted in the press. Besides serving as a strategic counselor for top business and IT executives, Gary is on the Advisory Boards of Fortify Software and Raven White. His dual PhD is in Cognitive Science and Computer Science from Indiana University where he serves on the Dean¹s Advisory Council for the School of Informatics. Gary served on the IEEE Computer Society Board of Governors, produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT), and produces the Reality Check Security Podcast for CSO Online.