This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
1
Say Easy, Do Hard - Train How You Fight, Part 1 - BSW #349
28:16
28:16
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
28:16
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during …
…
continue reading
1
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383
35:18
35:18
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
35:18
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-383
…
continue reading
1
RSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360
1:07:00
1:07:00
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:07:00
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's…
…
continue reading
1
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360
50:34
50:34
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
50:34
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Build…
…
continue reading
1
ChatGPT Writes Exploits - PSW #827
1:59:20
1:59:20
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:59:20
ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips. Show Notes: https://securityweekly.com/psw-827
…
continue reading
1
Kicking Off With Crypto - PSW #827
1:05:09
1:05:09
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:05:09
The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and more! https://www.globalsecuritymag.com/keysight-introduces-testing-capabilities-to-strengthen-post-…
…
continue reading
1
Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283
38:40
38:40
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
38:40
Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more! Show Notes: https://securityweekly.com/asw-283
…
continue reading
1
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN #382
37:23
37:23
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
37:23
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-382
…
continue reading
1
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
41:11
41:11
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
41:11
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now th…
…
continue reading
1
Board's Pivotal Role in Cybersecurity as CISO-CEO Communication Gaps Continue - BSW #348
31:48
31:48
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
31:48
In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more! Show Notes: https://securityweekly.com/bsw-348
…
continue reading
1
Meet Silver SAML: Golden SAML in the Cloud - Eric Woodruff - BSW #348
27:57
27:57
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
27:57
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, in…
…
continue reading
1
Threat Modeling and Understanding Inherent Threats - Adam Shostack - ESW #359
44:34
44:34
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
44:34
This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats. Resources: He…
…
continue reading
1
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381
38:18
38:18
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
38:18
TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-381
…
continue reading
1
How GenAI Can Improve SecOps - Ely Kahn - ESW #359
30:18
30:18
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
30:18
We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if…
…
continue reading
1
Your TV Is Scanning You - PSW #826
1:50:13
1:50:13
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:50:13
This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero can steal all your passwords, more XZ style attacks, more reasons why you shouldn't use a smart lo…
…
continue reading
1
Autonomous - I don't think that word means what you think it means - ESW #359
43:35
43:35
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
43:35
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it…
…
continue reading
1
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
1:00:46
1:00:46
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:00:46
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended a…
…
continue reading
1
XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282
38:28
38:28
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
38:28
CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more! Show Notes: https://securityweekly.com/asw-282
…
continue reading
1
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380
37:02
37:02
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
37:02
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-380
…
continue reading
1
Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282
39:29
39:29
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
39:29
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu…
…
continue reading
1
Unraveling the "Materiality" Mystery: A CISO's Guide to SEC Compliance - Mike Lyborg - BSW #347
29:45
29:45
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
29:45
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including: Quantification Mater…
…
continue reading
1
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky - BSW #347
35:07
35:07
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
35:07
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementati…
…
continue reading
1
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379
34:47
34:47
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
34:47
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-379
…
continue reading
1
Crazy money and crazy outcomes - cybersecurity acquisitions in all shapes and sizes - ESW #358
1:06:27
1:06:27
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
1:06:27
This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Tech…
…
continue reading
1
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
41:09
41:09
Lejátszás később
Lejátszás később
Listák
Tetszik
Kedvelt
41:09
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann a…
…
continue reading