This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
1
Risk Management Insights: What CEOs and Boards Really Need - Jeff Recor - BSW #357
32:39
32:39
Play later
Play later
Lists
Like
Liked
32:39
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline,…
…
continue reading
1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
36:04
36:04
Play later
Play later
Lists
Like
Liked
36:04
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…
…
continue reading
1
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
34:16
34:16
Play later
Play later
Lists
Like
Liked
34:16
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-400
…
continue reading
1
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar - BSW #357
39:09
39:09
Play later
Play later
Lists
Like
Liked
39:09
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us…
…
continue reading
1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
42:23
42:23
Play later
Play later
Lists
Like
Liked
42:23
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…
…
continue reading
1
Rumored Wiz Deal Would be HISTORIC (if it happens), redefining shared responsibility - ESW #368
54:43
54:43
Play later
Play later
Lists
Like
Liked
54:43
In this week's enterprise security news, Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we’ll discuss What does “shared responsibility” actually mean? Palo Alto probably isn’t going to buy your startup Snowflake-related breaches continue getting …
…
continue reading
1
What's wrong with the cybersecurity industry and what we can do about it - Richard Hollis - ESW #368
36:47
36:47
Play later
Play later
Lists
Like
Liked
36:47
On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups …
…
continue reading
1
Book Discussion: Jump-start Your SOC Analyst Career - Jarrett Rodrick, Tyler Wall - ESW #368
34:39
34:39
Play later
Play later
Lists
Like
Liked
34:39
Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry…
…
continue reading
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use d…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
1:03:50
1:03:50
Play later
Play later
Lists
Like
Liked
1:03:50
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291
35:58
35:58
Play later
Play later
Lists
Like
Liked
35:58
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more! Show Notes: https://securityweekly.com/asw-291
…
continue reading
1
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398
29:20
29:20
Play later
Play later
Lists
Like
Liked
29:20
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-398
…
continue reading
1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
33:06
33:06
Play later
Play later
Lists
Like
Liked
33:06
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…
…
continue reading
1
Board and CEO Understanding of CyberSecurity as CISOs Grapple with the C-Suite - BSW #356
30:55
30:55
Play later
Play later
Lists
Like
Liked
30:55
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more! Show Notes: https://securityweekly.com/bsw-356
…
continue reading
1
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
35:29
35:29
Play later
Play later
Lists
Like
Liked
35:29
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach …
…
continue reading
1
Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397
34:19
34:19
Play later
Play later
Lists
Like
Liked
34:19
Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-397
…
continue reading
1
More Vulnerability Shenanigans - PSW #834
2:21:14
2:21:14
Play later
Play later
Lists
Like
Liked
2:21:14
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Show Notes: https://securityweekly.com/psw-834…
…
continue reading
1
Rockyou2024 is a scam, Google has a whoopsie, and AI is giving folks indigestion - ESW #367
58:01
58:01
Play later
Play later
Lists
Like
Liked
58:01
In this week's enterprise security news, Seed rounds are getting huge Lots of funding for niche security vendors Rapid7 acquires Noetic Cyber but Rapid7 is also rumored to sell itself! Slack battles infostealers The loss of Chevron deference impacts cyber Should cybersecurity put up a no vacancy sign? Figma and Google both make some embarrassing mi…
…
continue reading
1
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367
33:10
33:10
Play later
Play later
Lists
Like
Liked
33:10
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and …
…
continue reading
Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars. Segment Resources: Youtube channel - https://www.youtube.com/@iceman1001 Proxma…
…
continue reading
1
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland... - SWN #396
34:11
34:11
Play later
Play later
Lists
Like
Liked
34:11
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland, and more, are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-396
…
continue reading
1
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
38:12
38:12
Play later
Play later
Lists
Like
Liked
38:12
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous sp…
…
continue reading
1
Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290
34:30
34:30
Play later
Play later
Lists
Like
Liked
34:30
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more! Show Notes: https://securityweekly.com/asw-290
…
continue reading
1
Bringing the Boardroom to the Cyber Battlefield as CISOs Navigate the Role - BSW #355
21:53
21:53
Play later
Play later
Lists
Like
Liked
21:53
In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more! Show Notes: https://securityweekly.com/bsw-355
…
continue reading
1
Technology Rationalization in Cybersecurity - Max Shier - BSW #355
38:42
38:42
Play later
Play later
Lists
Like
Liked
38:42
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size? Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss tech…
…
continue reading
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on July 20, 2017. Doug talks about how to count from zero to one! Show Notes: https://securityweekly.com/vault-swn-18
…
continue reading
1
Hacker Heroes - Joe Grand - PSW Vault
1:43:58
1:43:58
Play later
Play later
Lists
Like
Liked
1:43:58
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. …
…
continue reading