Application security company
POPULARITY
Mozilla patches Firefox flaw similar to actively exploited Chrome vulnerability. Russia-based RedCurl gang deploys ransomware for the first time. Ukraine's railway operator recovers from cyberattack. India cracks down on Google's billing monopoly. Morphing Meerkat's phishing kit abuses DNS mail exchange records. 300,000 attacks in three weeks. Our guest is Chris Wysopal, Founder and Chief Security Evangelist of Veracode, who sits down with Dave to discuss the increase in the average fix time for security flaws. And Liz Stokes joins with another Fun Fact Friday. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Chris Wysopal, Founder and Chief Security Evangelist of Veracode, discussing increase in the average fix time for security flaws and percent of organizations that carry critical security debt for longer than a year. Selected Reading After Chrome patches zero-day used to target Russians, Firefox splats similar bug (The Register) Microsoft fixes Remote Desktop issues caused by Windows updates (Bleeping Computer) Firefox fixes flaw similar to Chrome zero-day used against Russian organizations (The Record) RedCurl's Ransomware Debut: A Technical Deep Dive (Bitdefender) Ukraine's state railway restores online ticket sales after major cyberattack (The Record) Google App Store Billing Policy Anti-Competitive, India Court Rules (Bloomberg) Morphing Meerkat PhaaS Platform Spoofs 100+ Brands - Infosecurity Magazine (Infosecurity Magazine) Fresh Grandoreiro Banking Trojan Campaigns Target Latin America, Europe (SecurityWeek) Malware distributed via fake DeepSeek ads on Google (SC Media) GorillaBot Attacks Windows Devices With 300,000+ Attack Commands Across 100+ Countries (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this OODAcast, Chris Wysopal shares his insights from decades in cybersecurity, detailing his journey from the early hacking collective "The L0pht" to co-founding Veracode. Wysopal reflects on the evolution of cybersecurity, highlighting his early contributions to vulnerability research and advocating the importance of adversarial thinking in security practices. He emphasizes the transition from traditional vulnerability testing to comprehensive application risk management, recognizing the increased reliance on third-party software and the escalating complexity of securing modern applications. Wysopal also discusses how generative AI technologies are significantly accelerating application development but simultaneously creating substantial security challenges. He stresses that while AI-generated applications multiply rapidly, their vulnerability density remains comparable to human-written code. To manage this growing risk, Wysopal underlines the necessity of integrating automated, AI-driven vulnerability remediation into the software development lifecycle. Looking forward, Wysopal advocates for embedding security deeply within the application creation process, anticipating that AI will eventually assist in producing inherently secure software. However, he also underscores the enduring threat of social engineering attacks, urging enterprises to prioritize comprehensive security awareness programs to bolster their overall cybersecurity posture and resilience. The conversation examines some very interesting correlations between the mindset of the great hackers and the success of great entrepreneurs. Both take a good bit of grit, an ability to focus and be creative and perhaps most importantly: Persistence. Learn more about Chris Wysopal's approaches and the company he founded at Veracode. For insights into reducing your organization's attack surface see: State of Software Security 2025
X-Twitter had multiple waves of outages yesterday. Signal's president warns against agentic AI. A new lawsuit alleges DOGE bypassed critical security safeguards. Is the Five Eyes Alliance fraying? The Minja attack poisons ai memory through user interaction. Researchers report increased activity from the SideWinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients' data. New York sues Allstate over data exposure in insurance websites. CISA warns of critical Ivanti and VeraCode vulnerabilities. FTC to refund $25.5 million to victims of tech support scams. On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. The UK celebrates a record-breaking CyberFirst Girls Competition. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. Selected Reading Hackers Take Credit for X Cyberattack (SecurityWeek) X users report login troubles as Dark Storm claims cyberattack (Malwarebytes) Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues (TechCrunch) Lawsuit Says DOGE Is Ignoring Key Social Security Data Rules (BankInfo Security) As Trump pivots to Russia, allies weigh sharing less intel with U.S. (NBC News) MINJA sneak attack poisons AI models for other chatbot users (The Register) SideWinder APT Group Attacking Military & Government Entities With New Tools (Cyber Security News) Critical Veritas Vulnerability Let Attackers Execute Malicious Code (Cyber Security News) Kansas healthcare provider says more than 220,000 impacted by cyberattack (The Record) Allstate sued for exposing personal info in plaintext (The Register) CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities (Infosecurity Magazine) FTC will send $25.5 million to victims of tech support scams (Bleeping Computer) Record Number of Girls Compete in CyberFirst Contest (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Forecast = Ransomware storms surge with an 87% spike in industrial attacks—brace for ICS strikes from GRAPHITE and BAUXITE! Infostealers hit healthcare and education, while VPN vulnerabilities pour in—grab your digital umbrella! It's report season and today the crew kicks things off with a breakdown of Veracode's State of Software Security 2025 Report, highlighting significant improvements in OWASP Top 10 pass rates but also noting concerning trends in high-severity flaws and security debt. Next, we take a peek at Dragos's 2025 OT/ICS Cybersecurity Report, which reveals an increase in ransomware attacks against industrial organizations and the emergence of new threat groups like GRAPHITE and BAUXITE. The report also details the evolution of malware targeting critical infrastructure, such as Fuxnet and FrostyGoop. The Huntress 2025 Cyber Threat Report is then discussed, showcasing the dominance of infostealers and malicious scripts in the threat landscape, with healthcare and education sectors being prime targets. The report also highlights the shift in ransomware tactics towards data theft and extortion. The team also quickly covers a recent and _massive_ $1.5 billion Ethereum heist. We *FINALLY* cover some recent findings from Censys, including their innovative approach to discovering non-standard port usage in Industrial Control System protocols. This segment also touches on the growing threat posed by vulnerabilities in edge security products. We also *FINALLY* get around to checking out VulnCheck's research, including an analysis of Black Basta ransomware group's tactics based on leaked chat logs, and their efforts to automate Stakeholder Specific Vulnerability Categorization (SSVC) for more effective vulnerability prioritization. The episode wraps up with mentions of GreyNoise's latest reports on mass internet exploitation and a newly discovered DDoS botnet, providing listeners with a well-rounded view of the current cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian. The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389
In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Show Notes: https://securityweekly.com/esw-389
In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode's acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Show Notes: https://securityweekly.com/esw-389
This week, we dive into the state of SBOMs, what's going on with Harness, and the ongoing collision of tech and politics. Plus, Coté finds himself a stranger in the Texas he once called home. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/Gy02kkQjolI?si=TS_H8x4duNuGr8Ph) 501 (https://www.youtube.com/live/Gy02kkQjolI?si=TS_H8x4duNuGr8Ph) Runner-up Titles Who knows what's going to happen on that side of the planet? There are no hacks in The Netherlands. I know it's not the quality. An explosion of Eggnog The resident American American This topic will be boring Thank goodness it's part of my existing vendor relationship It's a webhook, knock yourself out They unlocked Ayn Rand Hacking it on the mainland Rundown Rust Will Explode, SBOMs Will Be Duds: Open Source Predictions (https://thenewstack.io/rust-will-explode-sboms-will-be-duds-open-source-predictions/) Harness CEO Jyoti Bansal on "startups within startups" (https://www.thestack.technology/harness-ceo-jyoti-bansal-the-stack-interview/) Marc Andreessen on Trump, the vibe shift, and what's after wokeness (https://youtu.be/l8X8jecivWw?si=fgNzX7OXqupKcbiM) A (https://www.youtube.com/watch?v=sgTeZXw-ytQ) 2 (https://www.youtube.com/watch?v=sgTeZXw-ytQ)- (https://www.youtube.com/watch?v=sgTeZXw-ytQ)hour interview with Andreessen (https://www.youtube.com/watch?v=sgTeZXw-ytQ) Relevant to your Interests Penpot unfolds their new open-source business model (https://youtu.be/STNomD9GUJY) Apple and Meta go to war over interoperability vs. privacy (https://techcrunch.com/2024/12/19/apple-and-meta-go-to-war-over-interoperability-vs-privacy/?guccounter=1&guce_referrer=aHR0cHM6Ly9uZXdzLmdvb2dsZS5jb20v&guce_referrer_sig=AQAAAGg73b-roDi-nW16voQhBVF4F0F4VDFNb2FTUXI-FSDE7EWV_BurzrSR-HtNljvccHZNYFZG9R73FB5FiHgK5nyQxCvXY_EPzMscjo-ytoIOS9uXtc4xFfCE5fZxpnhYnqbKjf2Bl5O4pUl7GGoAAXV4xV4C1fczloKtGC7K72tA) 15 predictions for 2025 (https://www.platformer.news/2025-tech-predictions-ai-google-threads-bluesky/) Ray-Ban Meta Crosses 1-Million Mark (https://www.counterpointresearch.com/insight/post-insight-research-notes-blogs-rayban-meta-crosses-1million-mark-success-indicates-promising-future-for-lightweight-ar-glasses/) Google Slashes 10% Of Managerial Staff In Hunt For 'Googleyness': Report (https://www.ndtv.com/world-news/google-layoffs-google-sundar-pichai-slashes-10-of-managerial-staff-in-hunt-for-googlyness-report-7292782) Resilience in Software Foundation (https://bsky.app/profile/resilienceinsoftware.org/post/3ldr56jnuqu2x) Amazon Delays RTO Mandate for Thousands of Workers Due to Space (https://www.bloomberg.com/news/articles/2024-12-18/amazon-delays-return-to-office-mandate-for-thousands-of-workers) Community plans to fork Puppet, unhappy with Perforce changes to open-source project (https://devclass.com/2024/12/18/community-plans-to-fork-puppet-unhappy-with-perforce-changes-to-open-source-project/?td=rt-3a) 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension (https://www.securityweek.com/5-6-million-impacted-by-ransomware-attack-on-healthcare-giant-ascension/) Yoast CEO calls for a 'federated' approach to WordPress repository (https://techcrunch.com/2024/12/23/yoast-ceo-calls-for-a-federated-approach-to-wordpress-repository/) Netflix sues Broadcom in California federal court (https://www.reuters.com/legal/litigation/netflix-sues-broadcoms-vmware-over-us-virtual-machine-patents-2024-12-23/>
In the spirit of the end of the year, I decided to put together some highlights from a handful of episodes over the course of 2024. This episode will feature a select few snippets from five different episodes over the course of the year including Chris from RADICL and LogRhythm, Gil from Orca, Chris from Veracode, Andy from BreachRx, and Kabir from Leen. There will be a mix of stories of unique crossroads, general entrepreneurial advice, and cybersecurity-specific challenges. Thank you to all the listeners this year! Sponsor: Vulncheck
In episode 41 of The BlueHat Podcast we bring you the BlueHat 2024 day 1 keynote address given by Chris Wysopal, also known as Weld Pond, founder and Chief Security Evangelist at VeraCode, and founding member of the L0pht. Chris' talk - A Clash of Cultures Comes Together to Change Software Security - recounts the early days of “hacking” and how the industry evolved to embrace vulnerability discovery and coordinated, responsible disclosure. Chris presentation provides a fascinating reflection on a tumultuous period for Microsoft around 2001, marked by significant vulnerability discoveries, which ultimately led to the establishment of the Organization for Internet Safety and the consultancy AtStake, transforming the security landscape and professionalizing the role of hackers. Watch Chris' BlueHat 2024 Day 1 Keynote here: https://youtu.be/w6SAqT4ZQik Resources: View Chris Wysopal on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts
Hot on the heels of Bugcrowd recently achieving Unicorn status, following their recent USD $102 million fund raise, Bugcrowd's CEO Dave Gerry and founder and Chief Strategy Officer, Casey Ellis outline Bugcrowd's vision for the future and plans for growth and expansion throughout the Asia Pacific region in 2024/5 and beyond.Dave Gerry has been in the AppSec market for nearly a decade and has held key leadership positions within several cybersecurity companies such as WhiteHat Security, Veracode, Sumo Logic, and The Herjavec Group. Dave is passionate about building programs that are repeatable, scalable, and predictable, helping to drive customer business outcomes and technical value.Casey Ellis was originally a hacker before becoming an entrepreneur, pioneering crowdsourced cybersecurity. He has advised the US Department of Defence, Australian and UK intelligence communities, plus US House and Senate legislative initiatives including pre-emptive protection of cyberspace ahead of the 2020 presidential elections.To join the series visit https://mysecuritymarketplace.com/bugcrowd-register-to-access/#bugcrowd #mysecuritytv
Veracode's CRO Andre Cuenin joins CXO Conversations and shares his journey from sales to the C suite. He doesn't like the title Chief Revenue Officer as it puts the focus on him versus the customer. Andre moved from presales to sales by having a post presentation conversation with a customer; he casually asked for the signature. During the conversation, Andre shares his three core management philosophies: Authenticity; be more authentic, gain and share experiences and value wisdom Importance of having a plan; don't chase the money- chase the dream Go the extra mile; there's no traffic jam there Andre discusses the value and importance of always being curious and learning. Key take aways from the conversation with Andre: Be who you are and be truthful to yourself Go outside your comfort zone Passion gives you confidence In addition to Veracode, Andre has served in C level roles for Rapid7, Cherwell Software and President for the Americas and Europe for IR. Andre also led worldwide sales for StrataVia until it was acquired by HP and held many leadership roles for CA in both Europe and the US. He earned his BSC in Computer Science from the University of Applied Sciences and Arts Northwestern Switzerland.
In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan's journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity […] The post Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac appeared first on Shared Security Podcast.
Join Michael Mitchel for a sneak peek into the upcoming season of CXO Conversations. We've lined up a stellar lineup of guests who share their invaluable perspectives and experiences on leadership, innovation, and success. From Dave Wynne, CFO of Hootsuite, discussing the power of internal sponsorship, to Carlos Abisambra, former CEO of Travelers Haven, sharing insights on scaling a business successfully. Abbas Udawala, CFO of Hexagon Digital Wave, dives into building trust and transparency, while Andre Cuenin, CEO of Veracode, shares his management philosophies. Get ready for a season packed with actionable advice and inspiring stories. Stay tuned! More episodes and resources: https://ocns.co/podcast/ Thank you to ACG Denver for being a sponsor of CXO Conversations Podcast. Association for Corporate Growth in its role as the hub of the middle market business community for quality networking, education and events. Connections are made, deals are formed and thought leadership is exchanged. Enjoy the show? Leave us a review on iTunes – thanks!
Chris is co-founder and CTO of Veracode, an application security powerhouse which was last valued at 2.5 billion in march 2022. The company was founded in 2005 as a code review automation platform, and it has since evolved to be one of the gold standard application security tools. Before founding Veracode, Chris worked as a security researcher and engineer for a decade where he grew frustrated with the manual source code review process. In the episode, we discuss how long it took Chris to believe he had really created something special, the important technical decisions the team made both early on and later in the company's life, and how the DevSecOps movement and new entrants impacted Veracode's market positioning. Veracode: https://www.veracode.com/ Sponsor: https://vulncheck.com/
Google postpones third-party cookie deprecation Brocade SAN appliances and switches exposed to hacking ICICI Bank exposes credit cards to wrong users Thanks to this week's episode sponsor, Veracode Don't miss out on this opportunity to elevate your cybersecurity strategy. Build and scale secure software from code to cloud with speed and trust. Visit our booth #2045 at RSAC 2024 to discover how Veracode is shaping the future of Application Security in the AI era. For the stories behind the headlines, head to CISOseries.com.
Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products Thanks to our show sponsor, Veracode Get ready to experience the future of application security at RSAC 2024 with Veracode. Join us as we unveil cutting-edge innovations and insights to tackle today's most pressing security challenges. From live demos showcasing our newest products to engaging discussions with industry experts. See you at RSAC! All links and the video of this episode can be found on CISO Series.com
Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws. Even seasoned programmers struggle to spot errors, with incorrect AI-generated answers abound. Veracode knows the stakes. While AI accelerates coding, relying on hunches won't suffice. Trust multi-faceted, data-driven insights to mitigate risk from the start. Don't compromise on security. Choose Veracode, your security partner in the AI-driven era of development.
Iranian nationals charged with hacking U.S. companies and agencies Siemens working to fix device affected by Palo Alto firewall bug Russian hackers claim cyberattack on Indiana water plant Thanks to this week's episode sponsor, Veracode Are you truly listening to both your security and development teams? Make informed decisions with Veracode. Our developer-friendly security tools integrate with your existing tech stack to secure code from the start. Bridge the gap between security and development for more efficient operations and stronger defenses. Visit veracode.com for a collaborative approach to security. For the stories behind the headlines, visit CISOseries.com.
TikTok ban passes the US House Sandworm targets critical Ukrainian orgs North Koreans animating streaming shows Thanks to this week's episode sponsor, Veracode AI coding companions assist in generating high-quality code snippets, while Veracode swoops in to conduct thorough security assessments, identifying and fixing vulnerabilities quickly. With this dynamic duo, developers can innovate with confidence, knowing their code is both efficient and secure. Secure more code with Co-Pilot or any AI coding companion and Veracode. We'll be your wingman anytime.
RedLine stealer GitHub connection MITRE's breached was through Ivanti zero-day vulnerabilities Researchers find dozens of fake E-ZPass toll websites following FBI warning Thanks to this week's episode sponsor, Veracode Imagine your intelligent coding companion, backed by the robust security expertise of Veracode. Together, we form the ultimate duo, empowering developers to write better code while ensuring it's secure from the get-go. Learn more at RSAC 2024 with Veracode. For the stories behind the headlines, head to CISOseries.com
Chris Wysopal is the Founder and CTO of Veracode, a $2.5 billion software supply chain security company that pioneered the field of application security and was one of the first companies to embrace software as a service. On today's episode, Jon Sakoda speaks with Chris on his early fame as a cybersecurity researcher and the highs and lows of building Veracode across three decades:How a Hacking Group Became Celebrities [11:50 - 15:35] - Chris was a member of the famous “L0pht” hacker group who became famous for discovering vulnerabilities in Lotus and Microsoft software. Shining a light on the issue ultimately gave the group widespread media attention and internet fame, drawing much needed attention to security issues in commercial software.Launching a Cloud Product in the Desktop Era [27:55 - 32:50] - In 2006, Veracode was one of the first companies in the security industry to pioneer “software as a service” which is widely used today. Chris relives the journey of convincing customers of the benefit of leveraging the cloud during the era of client / server code repositories.Surviving and Thriving Through Cycles [38:51 - 40:10] - Veracode has been a wildly successful company, but has had to survive many moments of crisis that might have killed weaker startups. The company had a broken financing in the first financial crisis and has been through numerous cycles through the years.
This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Show Notes: https://securityweekly.com/esw-357
This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Show Notes: https://securityweekly.com/esw-357
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly! What is An Application-Layer DDoS Attack, and How Do I Defend Against Them? 2023 DDoS Statistics and Trends https://en.wikipedia.org/wiki/Killnet This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-357
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: Understanding DDoS Attacks: What is a DDoS Attack and How Does it Work? - I know the title makes this blog post sound rather basic, but it will get you up to speed on all the latest DDoS types, actors, and terminology pretty quickly! What is An Application-Layer DDoS Attack, and How Do I Defend Against Them? 2023 DDoS Statistics and Trends https://en.wikipedia.org/wiki/Killnet This week, Tyler and Adrian discuss Cyera's $300M Series C, which lands them a $1.4B valuation! But is that still a unicorn? Aileen Lee of Cowboy Ventures, who coined the term back in 2013, recently wrote a piece celebrating the 10th anniversary of the term, and revisiting what it means. We HIGHLY recommend checking it out: https://www.cowboy.vc/news/welcome-back-to-the-unicorn-club-10-years-later They discuss a few other companies that have raised funding or just come out of stealth, including Scrut Automation, Allure Security, TrojAI, Knostic, Prompt Armor. They discuss Eclipsium's binary analysis tooling, and what the future of fully automated security analysis could look like. Wiz acquired Gem, and Veracode acquired Longbow. Adrian LOVES Longbow's website, BTW. They discuss a number of essays, some of which are a must read: Daniel Miessler's Efficient Security Principle Subsalt's series on data privacy challenges Lucky vs Repeatable, a must-read from Morgan Housel AI has Flown the Coop, the latest from our absent co-host, Katie Teitler-Santullo Customer love by Ross Haleliuk and Rami McCarthy We briefly cover some other fun - reverse typosquatting, AI models with built-in RCE, and Microsoft having YET ANOTHER breach. We wrap up discussing Air Canada's short-lived AI-powered support chatbot. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-357
Hey everyone, welcome back to Application Paranoia! Colin Bell, Rob Cuddy, and Kris Duer are excited to kick off season 5!For our first episode of 2024, we're joined by a special guest: Mike Khusid! Mike is the new Head of Product Management for HCL AppScan, and he brings a wealth of experience from companies like Codacy, Contrast, Red Hat, Akamai, Veracode, and Zerto. We're thrilled to have him on the show!In this episode, we're diving deep into the hottest application security trends for 2024. Get ready for insights from a seasoned pro and buckle up for a season packed with valuable information!
Once claiming to the US Senate that he could ‘take down the internet in 30 minutes', this week's guest gives us insight into the underbelly of the cyberworld. Chris Wysopal, founder and CTO of Veracode, tells us all about his experience as an ethical hacker and how he and his team at L0pht pioneered the way for cybersecurity. From taking an interest in the potential of cyber hacking at the start of the online era, to being a trailblazer in the discovery of IT vulnerability as a whole; Chris and his team were at the forefront of raising cyber risk awareness. Determined to battle the ‘bad guy image' in cybersecurity, the L0pht team were on a mission to showcase the fallibility of big vendors, such as Microsoft, and evidence they need for effective security measures. Now, Chris' colourful past shapes the security-led solutions of Veracode, a platform that detects flaws and vulnerabilities at every stage of the modern software development lifecycle. This interview is a deep dive into the depths of cyber security and is not to be missed! Timestamps What does Good Leadership means to Chris? (02:20) Pioneering the start of cybersecurity (04:20) Starting a hacker collective (07:18) L0pht's biggest cybersecurity breakthroughs (12:47) Challenging the US Senate with cyber risks (18:00) Are governments doing enough to prevent cyber-attacks? (22:12) GenAI's role in cybersecurity (32:00) An introduction to Veracode (34:24) Chris' advice to his 21-year-old self (43:24)
In this episode of the Business of Tech, three important topics are discussed. First, the recent federal agency compromise serves as a wake-up call for the importance of patching and security vigilance. Next, the use of AI and MSP tools is highlighted as a reflection of industry trends. Lastly, Microsoft's commitment to ethical advancements in technology, specifically in relation to AI as a co-pilot, is explored. Research by Veracode reveals that thousands of businesses are still vulnerable to log4j exploits, emphasizing the need for regular updates and security vigilance. Additionally, an unidentified threat actor gained access to a U.S. federal government agency by exploiting a previously patched vulnerability in Adobe ColdFusion.Three things to know today00:00 Federal Agency Compromise: A Wake-Up Call for Patching and Security Vigilance04:52 AI in MSP Tools: N-able's Latest Move Mirroring Industry Trends07:30 AI as Co-Pilot: Microsoft's Ethical Commitment in Technology AdvancementSupported by:https://timezest.com/mspradio/https://rfcode.com/mspradio/ CODE MSPRADIO for 30% off at checkoutWant to take my class? https://www.itspu.com/all-classes/classes/navigating-emerging-technologies-for-msps/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftech
A sales career should be anything but stagnant. While many will begin as entry-level sales reps, that merely serves as the launchpad for the rest of their career endeavors. After all, once you take that first step in sales, the opportunities for growth are truly inexhaustible. In this episode of Tech Sales is for Hustlers, Max Hufft, now a Senior Solutions Architect at Veracode, explores his journey from being a memoryBlue SDR to transitioning into his present position, while discussing how the SDR position prepared him for his role and taught him the importance of believing in his company's product.
Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog) Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record)
Chris Wysopal, CTO and founder of Veracode, joins Dennis Fisher to dive into the new White House National Cybersecurity Strategy and discuss what's missing, how practical the pillars are, and when these ideas may be implemented.
The best Social Engineers do a tremendous amount of research before engaging a target. As luck would have it, we get to speak with one of them today! Chris and I talk about the pivotal role of OSINT in preparing for an SE engagement and also get a "peek behind the curtain" in relation to OSINT sources during a Social Engineering "capture the flag" style competition. Chris Kirsch is the CEO of runZero (www.runzero.com), a cyber asset management company he co-founded with Metasploit creator HD Moore. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering capture the flag competition at DEF CON, the world's largest hacker conference. If you'd like to learn more about Chris and the organizations he advocates for: Defcon 2022 OSINT & vishing research: https://medium.com/@chris.kirsch/top-osint-sources-and-vishing-pretexts-from-def-cons-social-engineering-competition-8e08de4c8ea8 Winning call from DEF CON SECTF 2017: https://www.youtube.com/watch?v=yhE372sqURU External perimeter recon using runZero: https://www.runzero.com/blog/external-scanning/ Competitive Intelligence talk at Layer 8 Conference: https://www.youtube.com/watch?v=NB-wLadJ3hk Facebook Talent Intelligence Collective: https://www.facebook.com/groups/talentintelligencecollective National Child Protection Task Force (NCPTF): https://www.ncptf.org/ Twitter profile: https://twitter.com/chris_kirsch Mastodon profile: https://infosec.exchange/@chris_kirsch LinkedIn profile: https://www.linkedin.com/in/ckirsch/ Chris' company: https://www.runzero.com/ Want to learn more about Open Source Intelligence?Follow us on Twitter: @TraceLabsJoin our Discord server: https://tracelabs.org/discordCheck out the site: https://tracelabs.org
A Phishing campaign impersonates DHL. Conscription and mobilization provide criminals with phishbait for Russian victims. Norton LifeLock advises customers that their accounts may have been compromised. Trends in data protection. Veracode's report on the state of software application security. Ben Yelin looks at NSO group's attempt at state sovereignty. Ann Johnson from Afternoon Cyber Tea speaks with Microsoft's Chris Young about the importance of the security ecosystem. And Ukraine calls for a "digital United Nations." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/10 Selected reading. Cloud 9: Top Cloud Penetration Testing Tools (Bishop Fox) Our Top Favorite Fuzzer crowdsourcing pen testing tools (Bishop Fox) DHL Phishing Attack. Simply Delivered. (ArmorBlox) Credential phishing campaign impersonates DHL. (CyberWire) Phishing scam invites Russian Telegram users to check ‘conscription lists' to see if they'll be drafted in February (Meduza) NortonLifeLock warns that hackers breached Password Manager accounts (BleepingComputer) Norton LifeLock says thousands of customer accounts breached (TechCrunch). NortonLifeLock notifies thousands of users about compromised Password Manager accounts (Computing) Data Protection Trends Report 2023 (Veeam) Trends in data protection. (CyberWire) How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services (Orca Security) Orca describes four Azure vulnerabilities. (CyberWire) State Of Software Security (Veracode) A look at the state of software security. (CyberWire) Ukraine calls for ‘Cyber United Nations' amid Russian attacks (POLITICO)
Chris Kirsch is the CEO of runZero, a company he co-founded with Metasploit creator HD Moore to help companies solve their asset inventory challenges. Chris started his career at an InfoSec startup in Germany and has since worked for PGP, nCipher, Rapid7, and Veracode. He has a passion for OSINT and Social Engineering. In 2017, he earned the Black Badge for winning the Social Engineering Capture the Flag competition at DEF CON, the world's largest hacker conference.Connect with Behind Company Lines and HireOtter Website Facebook Twitter LinkedIn:Behind Company LinesHireOtter Instagram Buzzsprout
Chris Eng, chief research officer at Veracode, joins Dennis Fisher to discuss the company's new State of Software Security report, whether we're getting better at fixing bugs, and the fragility of open source projects an the software supply chain.
Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories! Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw300
Security teams struggle with managing cyber risk across cloud workloads, services, resources, users, and applications. Parag will discuss the issues this presents and how Qualys' new TotalCloud solution allows organizations to see all their cloud resources, relationships between resources, the external attack surface, and attack path mapping all delivered via one platform. Segment Resources: Qualys TotalCloud free trial: https://www.qualys.com/forms/totalcloud/ TotalCloud Video: https://vimeo.com/765771406 Blogs: https://blog.qualys.com/product-tech/2022/11/01/introducing-totalcloud-cloud-security-simplified https://blog.qualys.com/product-tech/2022/11/01/why-is-snapshot-scanning-not-enough This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! A brief roundup of our favorite news, trends, and interviews in 2022! See what Adrian, Katherine, and Sean have to say about 2022's best interviews and news stories! Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022. Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw300
Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw300
Finally, in the last Enterprise Security News of 2022, We see our first Security Unicorn with a down round, A few new fundings and new companies emerging, Ninjas emerge from stealth, Proofpoint acquires deception detection vendor Illusive, Veracode picks up Crashtest Security, Apple encrypts more consumer data, Passkeys introduced in Chrome, Texas bans TikTok, A great post-mortem of the Joe Sullivan case, Infragard gets hacked, KringleCon 2022. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw300
This week our host Brandi Starr is joined by Tyler Shields, CMO at JupiterOne. Tyler advises, guides, and operates high tech start-ups primarily in the B2B cyber security space. As a former market analyst, engineer, product manager, marketing leader, and partnership manager, Tyler builds and grows businesses – in all aspects. He is a board advisor or board member at multiple firms and an investment advisor for multiple venture capital and debt firms and his experience includes starting, leading, and growing companies including JupiterOne, CA Technologies, Sonatype, Signal Sciences, Veracode, Symantec, LURHQ, Secureworks, and @Stake. As a well-known leader in entrepreneurship and innovation in the cyber security market, and having spoken at many major industry conferences, his expert commentary has been referenced online and in print by publishers such as Rolling Stone, Bloomberg, Forbes, Reuters, and the LA Times. In this week's episode, the first of Revenue Rehab's my journey series, Brandi and Tyler discuss his unique path to the present in My Journey with Tyler Shields: Analyst, Investor, CMO. Links: Get in touch with Tyler Shields on: LinkedIn Twitter JupiterOne Cyber Therapy Podcast Enterprise Security Podcast Subscribe, listen, and rate/review Revenue Rehab Podcast on Apple Podcasts, Spotify, Google Podcasts , Amazon Music, or iHeart Radio and find more episodes on our website RevenueRehab.live
"There's no easy way to make hard decisions." - Jacques Lopez Are you a leader who has to sell to/collaborate with leaders outside your organization? If so, the latest episode of The New Leader Podcast is for you! My guest today is Jacques Lopez, Sr Director North American Channels at Veracode. Jacques holds a BSc from Northeastern University and a MBA from Dalhousie University. And, we used to work as doormen at a campus bar way back when. It was a blast to trade a few stories back and forth, as well as hear Jacques' keen insight on how to work successfully with leaders outside your organization. In this episode you'll learn: The importance of knowing exactly what you want (and how to create a partner profile) How to ensure you're working at the right level (where decision-making happens) The power of a "frame of reference" and how to create one that works effectively… and much more! Getting on the right foot If you have an idea of what's the ideal partner profile or what the ideal relationship would look like, having that as a starting point is very helpful. Because if you don't know what you want, you can spend a lot of time running circles around people that have interest but don't have a good alignment with the company, or the value proposition you have for them just won't land. Choosing the right person to work with Make sure you're working with someone at the right level to accomplish the goals that you have. You can't go too low or too high. If you go too low, somebody may not have the authority to try and get other people involved in the company, to help build out a better alignment. And if you go too high, you get connected to other people but, things aren't necessarily happening at the tactical level when you're dealing with a strategic CEO. So that's something you need to be aware of as well. One critical lesson in relationship building Not everybody operates the way you operate. There are some people that are more relationship based, some are very detailed when it comes to numbers. You have to meet people where they're at and help them be successful the way they do things. Links and Resources Connect with Jacques: LinkedIn, Email The Exceptional Presenter Goes Virtual by Timothy J. Koegel (book) The Productivity Game PDF Package
Bill Brown is an accomplished information technology and information security leader with experience leading M&A Security Due Diligence Response and Remediation, and leading global teams in start-up, mid-size, and Fortune 1000 companies. Currently he is CISO and CIO at Abacus Insights and an advisory board member to ThreatWarrior. He has also held security leadership positions in ClickSoftware, Houghton Mifflin Harcourt, Veracode, and Iron Mountain. LinkedIn: https://www.linkedin.com/in/billbrownusa/ HIPPA: https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act Hiitrust: https://en.wikipedia.org/wiki/HITRUST PII: https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII Cyber Warrior: https://www.cyberwarrior.com/ Cloud Security Alliance: https://success.impartner.com/English/Customer/home.aspx
Chris Wysopal is Co-Founder and Chief Technology Officer at Veracode, which pioneered the concept of using automated static binary analysis to discover vulnerabilities in software. In the 1990's, Chris was one of the original vulnerability researchers at The L0pht, a hacker think tank, where he was one of the first to publicize the risks of insecure software. Chris started his career as software engineer that first built commercial software and then migrated to the specialty of testing software for vulnerabilities. He has led highly productive and innovative software development teams and has performed product strategy and product management roles. Chris is a much sought-after expert on cybersecurity. He has been interviewed for most major technology and business publications, including New York Times, The Washington Post, WSJ, Forbes, Fortune, AP, Reuters, Newsweek, Dark Reading, MIT Tech Review, Wired, and many networks, including BBC, CNN, ABC, CBS, CNBC, PBS, Bloomberg, Fox News, and NPR. He has keynoted cybersecurity and technical conferences on 4 continents.Link: Chris Wysopal LinkedInLink: Cult of the Dead Cow by Joseph Menn
In this week's episode, we welcome the VP Global Sales of Skyline ATS, Mark Strutner as he shares some insights about establishing a team. KEY TAKEAWAYS FROM THIS EPISODE: The advantages of having work experience from both small and large companies Important factors to consider in creating a team The Key things to motivate and get the best of your team Top three tips to have a successful team and business THIS WEEK'S GUEST Mark Strutner is the VP Global Sales of Skyline ATS - the leading provider of advanced technology adoption, utilization and enablement solutions, and formerly VP Worldwide Sales of Lastline, who are now part of VMWare and successfully led sales teams at early stage cyber security vendors including Resolution 1, who were acquired by Fidelis, Veracode, who were acquired by CA, and ArcSight who were acquired by HP and are now part of MicroFocus. Before his time in sales leadership Mark had sales positions with Symantec, IBM and Oracle. For more information, or to get in touch with Mark, check out: LinkedIn: https://www.linkedin.com/in/markstrutner1 Website: https://www.skyline-ats.com/ A MESSAGE FROM SIMON On February 24, 2022 Russia invaded Ukraine, in an unprovoked and unjustified attack. At the time I am writing this, I personally know people who, are trying to survive in bomb shelters in Kyiv, and others who have taken up arms to defend this country. Here at The Conference Room our thoughts and prayers are with our friends and colleagues and the whole of the Ukrainian people. But thoughts and prayers are not enough. As President Kennedy said in the name of Thomas Burke, all it takes for evil to succeed is for good men to do nothing. So, let's do something. In the shownotes for this episode, and for every episode while the people of Ukraine are fighting for their country, we'll post links of how you can help: reputable organizations you can donate to that will help the Ukrainian people and reliable sources of information about what's happening on the ground. As individuals, we may not be able to stand up to Putin ourselves, but let's all do something and not let evil triumph on our watch. Thank you. Telegram Channel for real time information: English: https://lnkd.in/dqY7X4Ue Spanish: https://lnkd.in/dVCs7qNw German: https://lnkd.in/dVgdD-aG French: https://lnkd.in/dC_cedbc Resources for reputable charities: https://www.charitywatch.org/charity-donating-articles/top-rated-charities-providing-aid-in-ukraine https://www.nbc15.com/2022/02/25/heres-how-donate-credibly-ukraine-relief-organizations/
As CEO of Veracode, Sam King credits both vision and passion for propelling the company from zero to over 2,600 customers worldwide. In this week's episode, Sam shares the importance of networking, trusting your instinct, and why Veracode has adapted to the "new norm" of becoming a remote-first organization.
As cloud costs continue to become a bigger business expense, it's increasingly important to have a proactive strategy for managing and understanding cloud costs rather than waiting for a call from the CFO! In this episode, Erik shares his experiences with tracking and managing cloud costs at Veracode before founding CloudZero and his experiences in shifting awareness of cloud costs left. PARTNERThanks to our partner CloudZero — Cloud Cost Intelligence Platform. Control cost and drive better decisions with CloudZero cloud cost intelligence. The CloudZero platform provides visibility into cloud spend without the typical pitfalls of legacy cloud cost management tools, like endless tagging or clunky Kubernetes support. Optimize unit economics, decentralize cost data to engineering, and create a shared language between finance and technical teams. CloudZero helps you organize cloud spending better than anyone else.Join companies like Drift, Rapid7, and SeatGeek by visiting cloudzero.com/ctoconnection to get started.
In this episode, our host TJNull chats with Rey Bango (@reybango), Sr. Director, Developer and Security Relations at Veracode. They cover many topics, starting with Rey's story of how he got into InfoSec, transitioning from being a full-time developer. Rey talks about his favorite programming languages and why he likes each one. They also talk about helping those getting into the field, what languages they should learn, and other skills to develop. Since Rey's been a developer for a long time, they discuss common coding practices that Rey believes developers should be doing. Additionally, they cover the one change in the InfoSec community that Rey would like to see, plus much more. Enjoy!
Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President's directive on software security and so, so many more topics. You really don't want to miss this one, folks. – Download our FREE ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:10 - Origin story5:05 - Ground floor of cybersecurity 7:54 - The “aha!” moments 12:30 - Point were you thought industry would grow14:28 - Changes implemented at Veracode19:52 - Nation's approach to cybersecurity24:10 - Federal government security 26:25 - Government oversight 28:14 - Secure coding practices 31:52 - Veracode's app security report40:04 - How to learn web application security 43:46 - Mistakes to avoid when applying 47:13 - Bringing in more diverse candidates 51:36 - Maintaining Veracode's edge54:25 - Advice to move into a new cybersecurity role56:24 - Outro Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company's growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women's Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.