Security Weekly Podcast Network (Audio)
2,816 episodes - English - Latest episode: about 1 month ago - ★★★★ - 202 ratingsThis feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Batman, Microsoft, War Driving, OpenAI, DevDrive, The Dead, Aaran Leyland, and More - SWN #363
February 16, 2024 17:56 - 34 minutes - 36.6 MBBatman, Microsoft, War Driving, OpenAI, DevDrive, Scams, The Dead, Aaran Leyland, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-363
Material: cybersecurity word of the year, thanks to the SEC - Amer Deeba - ESW #350
February 15, 2024 23:45 - 1 hour - 101 MBIn this segment, featuring guest Amer Deeba, we'll explore how the SEC's new breach reporting rules will affect companies. We've got a ton of questions: What behavior has to change? What additional preparation needs to take place? How does this rule affect data security? How does it affect crisis communications? And most importantly, when is an incident "material"? This is almost a special episode on crazy new products. For the first half of the show, we discuss startup funding, market f...
Physical Security and Social Engineering - Hacker Heroes: Toby Miller - PSW #817
February 15, 2024 10:00 - 2 hours - 120 MBIn this segment, we discuss topics related to physical security and social engineering. We also touch on the challenges and strategies for implementing effective security measures. The discussion highlights the importance of understanding the relationship between physical security and social engineering. The panel emphasizes the need for a comprehensive approach to security, acknowledging that social engineering and physical security often go hand in hand. We stress the significance of testi...
Proactive Compliance, Improving Cybersecurity Culture, and Hiring The Right Skills - BSW #338
February 14, 2024 22:43 - 33 minutes - 32 MBIn the leadership and communications section, SEC’s Enforcement Head: It’s Time for ‘Proactive Compliance’, Improving cybersecurity culture: A priority in the year of the CISO, Breaking Down Barriers: 6 Simple Measures to Overcome Communication Barriers, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-338
Creating Code Security Through Better Visibility - Christien Rioux - ASW #273
February 13, 2024 18:46 - 1 hour - 115 MBWe've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be. Segment Resources: https://www.lacework.com/blog/introducing-a-new-approach-to-code-security/ LLMs improve fuzzing coverage, the Shim vuln threatens Linux secure boot, considerin...
Angry mobs, Azure, Avanti, Rhysida, Warzone, Flipper Zero, Josh Marpet, and More - SWN #362
February 13, 2024 18:04 - 27 minutes - 27 MBAngry mobs, Azure, Avanti, Rhysida, Warzone, Flipper Zero, Bitlocker, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-362
Zero-Trust is Meaningless if Your Cryptography is Flakey - Vincent Berk - ESW #349
February 09, 2024 18:01 - 1 hour - 87.4 MBLegacy systems are riddled with outdated and unreliable cryptographic standards. So much so that recent proprietary research found 61 percent of the traffic was unencrypted, and up to 80% of encrypted network traffic has some defeatable flaw in its encryption No longer can enterprises take their cryptography for granted, rarely evaluated or checked. Knowing when, where and what type of cryptography is used throughout the enterprise and by which applications is critical to your overall se...
RoboJoe, SHIM, Fortinet, FaceOff, Simswap, sudo in Windows, Aaran Leyland, and More - SWN #361
February 09, 2024 18:01 - 35 minutes - 36.2 MBRoboJoe, SHIM, Fortinet, FaceOff, Simswap, sudo in Windows, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-361
You Can’t Defend What You Can’t Define - Sergey Bratus - PSW #816
February 08, 2024 17:43 - 3 hours - 168 MBAs a computer-smitten middle-schooler in the former Soviet Union in the 1970s, to his current and prominent role in the cybersecurity research community, Bratus aims to render the increasingly prevalent and perilous software, hardware, and networks in our lives much safer to use. His fascination with computer security started for real in the 1990s as a mathematics graduate student when a computer he was programming and responsible for at Northeastern University in Boston was taken over by a ...
Teens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more - SWN #360
February 06, 2024 18:20 - 34 minutes - 35.6 MBTeens Gone Wild, Nintendo, Anydesk, RUST, Google, Deepfakes, Jason Wood, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-360
Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272
February 06, 2024 15:05 - 1 hour - 102 MBWe can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the creation of appsec programs, whether you're on your own or part of a global org. Segment Resources: https://owasp.org/www-project-product-security-capabilities-framework/ https://github.com/OWASP/ps...
Security Money/Pick Your Battles To Avoid Overconsolidation - Jess Burn, Jeff Pollard - BSW #337
February 05, 2024 21:19 - 57 minutes - 54.5 MBIt's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan I...
E-Coli, Mercedes, Cloudflare, Ivanti, VT, GIGO, AI, Congress, Aaran Leyland and more - SWN #359
February 02, 2024 18:10 - 33 minutes - 31 MBE-Coli, Mercedes, Cloudflare, Ivanti, Volt Typhoon, GIGO, AI, Congress, Aaran Leyland, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-359
The Elephant in the Pipeline: Securing the Wild, Untamed Software Supply Chain - Pete Morgan - ESW #348
February 02, 2024 10:00 - 1 hour - 98.2 MBWe've seen general users targeted with phishing, financial employees targeted for BEC scams, and engineers targeted for access to infrastructure. The truly scary attacks, however, are the indirect ones that are automated. The threats that come in via software updates, or trusted connections with third parties. The software supply chain is both absolutely essential, and fragile. A single developer pulling a tiny library out of NPM can cause chaos. A popular open source project changing hand...
Identifying Bad By Defining Good - Danny Jenkins - PSW #815
February 01, 2024 22:29 - 2 hours - 203 MBWhen an RCE really isn’t, your kernel is vulnerable, calling all Windows 3.11 experts, back to Ebay, Turkish websites and credentials, 10 public exploits for the same vulnerability, hacking Bitcoin ATMs, another vulnerability disclosure timeline gone wrong, Flipper Zero tips and how you should not use it to change traffic lights, Windows 11 S mode, and you’re dead (but like in the movie Hackers dead), and more! Danny Jenkins, CEO & Co-Founder of ThreatLocker, a cybersecurity firm providing...
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
January 30, 2024 19:01 - 1 hour - 109 MBWe return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do to foster better presentations and new voices? Segment resources: https://bsidessf.org https://infosec.exchange/@worldwise001/111280163638514582 https://www.youtube.com/watch?v=1lVIeh5f4Rg Vulns in Jenkins c...
Google, WhiteSnake, Outlook, NSA, Juniper, Jason Wood, and More - SWN #358
January 30, 2024 18:21 - 27 minutes - 34.7 MBThis week in the Security Weekly News: the NSA admits to secretly buying your internet browsing data, malicious Google ads target Chinese users, Juniper releases update for Junos OS flaws, Outlook could be leaking your NTLM passwords, WhiteSnake malware on Windows, Jason Wood discusses new guidance on the Microsoft "Midnight Blizzard" attack, and more! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-358
Cyber Readiness: Train As You Fight - William Hutchison - BSW #336
January 29, 2024 20:55 - 55 minutes - 71.6 MBHow do you prepare for a cyber incident? You train as you fight, but in what environment? William "Hutch" Hutchinson, CEO and co-founder of SimSpace, joins BSW to share cyber best practices and why testing in your operational environment not a good idea. Learn what it takes to be Cyber Ready. In the leadership and communications section, A tougher balancing act in 2024, the year of the CISO, CISOs Struggle for C-Suite Status Even as Expectations Skyrocket, Want to Be a Better Leader? Stop ...
Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More - SWN #357
January 26, 2024 19:00 - 31 minutes - 43.1 MBVisa RB Cash AP Formula 1 Team, Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-357
What Smart CISOs and Mature Orgs Get That Others Don’t About Cyber Compliance - Matt Coose - PSW #814
January 25, 2024 22:00 - 3 hours - 186 MBMatt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS). CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations...
2024: The Year Cross-Platform Endpoint Management Finally Gets Good? - Zach Wasserman - ESW #347
January 25, 2024 00:00 - 1 hour - 130 MBWe interview the co-founder and CTO of Fleet to understand why good, cross platform MDM/EMM has been such a challenge for so many years. Want good Windows device management? You're probably going to compromise on MacOS management. Ditto for Windows if you prioritize your Macs. Want good Linux device management? It doesn't exist. Hopefully, Fleet can change all that in 2024, as they aim to complete their support for all major platforms, using the open source OSQuery project as their base. ...
RoboJoe, Apple, VMWARE, AI, Confluence, Scarcruft, Microsoft, Jason Wood, and More - SWN #356
January 23, 2024 19:30 - 30 minutes - 42.8 MBRoboJoe, Apple, VMWARE, AI Vision, Confluence, Scarcruft, Microsoft, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-356
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
January 23, 2024 16:00 - 1 hour - 126 MBWhere apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user credentials, but that will also hoard inventory and increase fraud. Sandy shares her recent research as we talk about bots, API security, and what developers can do to deal with these. Segment resources https://www.forrester.com/blogs/avoid-a-bot-waterloo/ https://www.forrester.com/blogs/are-your-bot-management-tools-up-to-date-to-handle-...
Say Easy, Do Hard, Hiring a CISO, Part 2 - BSW #335
January 22, 2024 10:00 - 29 minutes - 41.9 MBInspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals? In part 2, we get our hands dirty by addressing CISO hiring from the individual CISO. What should you look for in a CISO role? What questions should you be asking during the interview process? What are the non-negotiable items that must be part of the offer? Visit https://www.securityweekly....
Google, Pax, LeftOverlocals, Mint Sandstorm, DJI, Colossus, Aaran Leyland, and More - SWN #355
January 19, 2024 18:04 - 34 minutes - 48 MBGoogle, Pax, LeftOverlocals, Mint Sandstorm, DJI, Colossus, JelloRain, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-355
Creating Trust in Biometric Authentication for Identity Verification - Sabrina Gross - ESW #346
January 19, 2024 15:41 - 1 hour - 130 MBThe general public has varied opinions of biometric authentication, and an increasingly reluctant relationship with it, as more and more facial recognition is forced upon us (especially those of us that travel frequently). Facial recognition doesn't work for everyone, so what other options do we have? In this interview, we'll explore accessibility in identity verification and the viability of voice-based authentication. How big an issue are AI-powered voice imposters? How will companies li...
K-12 Cybersecurity - Brian Stephens - PSW #813
January 18, 2024 18:41 - 2 hours - 222 MBWith a recent increase in government attention on K–12 cybersecurity, there is a pressing need to shed light on the challenges school districts face in implementing necessary security measures. Why? Budgeting constraints pose significant obstacles in meeting recommended cybersecurity standards. Brian Stephens of Funds For Learning will discuss: The financial constraints K–12 schools face and the critical role of funding from federal and state governments in addressing cybersecurity concerns...
Atari 400, Gitlab, Sonicwall, Juniper, Stats, Ivanti, Sharepoint, Jason Wood and More - SWN #354
January 16, 2024 19:35 - 31 minutes - 44.9 MBAtari 400, Gitlab, Sonicwall, Juniper, Ransomware stats, Ivanti, Sharepoint, Jason Wood, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-354
Smart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News - SWN #353
January 16, 2024 18:32 - 31 minutes - 43.8 MBSmart Cars, Microsoft, Layoffs, PyTorch, Mandiant, SEC, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-353
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
January 16, 2024 18:31 - 35 minutes - 48.9 MBIt's time to start thinking about CFPs and presentations for 2024! Eve shares advice on delivering technical topics so that an audience can understand the points you want to make. Then we show how developing these presentation skills for conferences helps with presentations within orgs and why these are useful skills to build for your career. Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: ht...
Say Easy, Do Hard, Hiring a CISO, Part 1 - BSW #334
January 15, 2024 10:00 - 28 minutes - 40.1 MBInspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals? In part 1, we discuss the challenges of hiring a CISO from the organization's perspective. Do I need a CISO? What are the responsibilities of a CISO? Who should the CISO report to? Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/...
GenAI Threats and Concerns, Building a Security Business Around Open Source - Ev Kontsevoy, Greg Notch - ESW #345
January 11, 2024 23:57 - 2 hours - 206 MBGenAI hype is still at peak levels, but clearly some of the hopes and dreams pinned on it will fail, while other use cases we haven't even imagined will become commonplace. Greg Notch joins us to share his thoughts on what security leaders and the general public should be more or less worried about when it comes to GenAI. Many founders and early stage startups closely guard product details and information about their roadmap and go-to-market plan. Is it a bad idea then to build a company b...
The Evolution of Purple Teaming - Jared Atkinson - PSW #812
January 11, 2024 19:13 - 2 hours - 227 MBJared would like to discuss the evolution of purple teaming. Put bluntly, he believes traditional purple team approaches don’t test enough variations of attack techniques, delivering a false sense of detection coverage. He would like to talk about: The shortcomings of red team assessments and why most purple team assessments are too limited. How the testing landscape and requirements have changed (especially as organizations now look to validate vendor tools defense claims). How purple team ...
Jobs, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood - SWN #352
January 09, 2024 18:09 - 32 minutes - 46 MBJobs and Money, QNAP, NIST, Spectral Blur, Stuxnet, Swatting, Volkswagen, Jason Wood, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-352
What's in Store for 2024? - ASW #268
January 09, 2024 16:37 - 1 hour - 98 MBWe kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses to "appsec in three words" and set our sights on a new theme for 2024. In the news, 23andMe shifts blame to users for poor password practices, abusing Google's OAuth2 through a MultiLogin endpoint, Rustls is memory safe and fast, AI enters OSINT, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twi...
Best Practices for Moving Sensitive Data into the Cloud - Mike Scott - BSW #333
January 08, 2024 20:48 - 52 minutes - 66.6 MBResearch shows that 26% of US workers currently work remotely, and there are expected to be 32.3 million American employees working remotely by 2025. To support these workers, organizations are adopting cloud solutions and migrating data to these cloud solutions. However, many businesses lack visibility into who has access to what data and when, especially in these cloud solutions. How should organizations reconcile the disconnect between data access and data security? Mike Scott, CISO at ...
Former US Congressman talks about Cybersecurity and Emerging Technologies - Jim Langevin - SWN Vault
January 05, 2024 17:00 - 38 minutes - 19.5 MBJim Langevin served as a US congressman for many years and retired to become the executive director of the Institute for Cybersecurity and Emerging Technologies at Rhode Island College. Jim has been on quite a number of times and today we talk about State funded institutes and well, Cybersecurity issues. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly...
2023 End-of-Year Wrapup - ESW Vault
January 04, 2024 17:24 - 49 minutes - 25.3 MBThis is a special episode of ESW: our year-end wrapup for 2023. Want to make sure you didn't miss any big stories in 2023? This is the episode to check out! In under an hour, we'll summarize 2023, covering things like: our mindset coming into 2023 from 2022 how 2023 kicked off some special themed episodes we recorded in 2023 the state of the fragile and recovering startup market key acquisitions in 2023 and some acquisition rumors that never led to anything breach post-mortems and...
Hacker Heroes - Casey Ellis - PSW Vault
January 03, 2024 21:00 - 1 hour - 33 MBUnleashing the Power of Crowdsourced Cybersecurity: A Conversation with Casey Ellis, Founder of Bugcrowd ️Meet Casey Ellis, the visionary entrepreneur who has redefined the landscape of cybersecurity through the groundbreaking platform he built – Bugcrowd. As the Founder and Chief Technology Officer of Bugcrowd, Casey Ellis has not only revolutionized the way organizations approach cybersecurity but has also championed the concept of crowdsourced security testing. With an innate passion ...
New Year's Resolution - SWN Vault
January 02, 2024 17:00 - 35 minutes - 19.8 MBI know, you thought we were going to renounce cigars, bourbon, and overeating, but wrong. This show is all about security. So, while we join the thousands who are walking off the pounds during their soon-to-be last visit to our new gym, join us as we provide you with something that (hopefully!) has a little more lasting power. This week, we get our year off to a secure start with our 2019 list of new security resolutions on SDL. Visit https://www.securityweekly.com/swn for all the latest e...
The Booming Business of Cybersecurity - Robert Herjavec - BSW Vault
January 01, 2024 17:00 - 36 minutes - 17.5 MBRobert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Face...
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault
January 01, 2024 10:00 - 33 minutes - 16.8 MBHTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-asw-7
Doug and Russ together again, one night only. - SWN Vault
December 29, 2023 17:00 - 42 minutes - 22.1 MBDoug and Russ return to the stage to talk about Living with AI in the coming years and some of the impacts. Russ is always interested in modern problems and AI is probably going to be one. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-swn-8
MegatronAL on Kicking in the Door to Cybersecurity - Angela Marafino - ESW Vault
December 28, 2023 17:00 - 28 minutes - 13.1 MBI once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree in either. Turns out, that was fine - the industry valued experience and results over academic achievement. Today's guest has two degrees, one in fine arts, one in pre-law, and that's also fine. If there's anything I've learned in InfoSec, it's the mind that matters most, less so the degrees or certs...
Interview with Dr. Whitfield Diffie - PSW Vault
December 27, 2023 21:00 - 43 minutes - 20.8 MBDr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of "Privacy on the Line: The Politics of Wiretapping and Encryption". Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-psw-6
Crypto Identity - SWN Vault
December 26, 2023 17:00 - 24 minutes - 18.7 MBDoug and Russ talk about digital fingerprints, hashing, digital DNA, and passwords. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/vault-swn-7
Security Maturity: From Hostage Negotiator to Business Leader - Sandy Dunn - BSW Vault
December 25, 2023 17:00 - 24 minutes - 11.5 MBThroughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions. Visit https://www.securityweekly.com/bsw for all the late...
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault
December 25, 2023 10:00 - 34 minutes - 15.9 MBWe will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity...
Deepfakes, China, Strangest Scams, NordVPN, Russia, Aaran Leyland & More - SWN #351
December 22, 2023 18:03 - 25 minutes - 34.1 MBJoin us for our last live episode of the year as we navigate the 2023 cybersecurity landscape, covering global initiatives, deepfake concerns in the UK, NordVPN's cyber insurance expansion, China's major cyber attack on US infrastructure, successful ransomware takedowns, and the year's most bizarre scams according to Which Consumer Magazine. It's a rapid-fire exploration of the top stories shaping the digital defense narrative. Show Notes: https://securityweekly.com/swn-351
2023 Funding, SASE Certification - Mike Privette, Pascal Menezes - ESW #344
December 22, 2023 16:28 - 2 hours - 264 MBWe're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week. In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insigh...