To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!

Redline Production Podcasts

Redline Production public [search 0]
More
Download the App!
Get it on App Store Get it on Google Play
show episodes
 
Artwork

1
Funding is the Matter

Sarah Michelle Lee Bartley Productions

Unsubscribe
Unsubscribe
 Monthly+
 
Funding is the Matter is a podcast that talks about the surplus of issues caused by the racial wealth gap. I tackle different science and policy issues on the local, state, and federal levels. Within each section, I am going to have a policy memo episode. A policy memo is a document that provides analysis and/or recommendations for a particular audience regarding a particular situation or problem. This is a podcast to educate and empower us all to take our future into our own hands. For the ...
  continue reading
 
Loading …
show series
 
Artwork

1
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347 1:04:41

Play Pause
1:04:41
Play Pause
  Play later
  Play later
  Lists
  Liked
1:04:41
 
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementati…
  continue reading
 
Artwork

1
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358 1:47:19

Play Pause
1:47:19
Play Pause
  Play later
  Play later
  Lists
  Liked
1:47:19
 
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann a…
  continue reading
 
Artwork

1
PCI 4.0 - Winn Schwartau - PSW #825 2:07:44

Play Pause
2:07:44
Play Pause
  Play later
  Play later
  Lists
  Liked
2:07:44
 
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for a…
  continue reading
 
Artwork

1
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281 1:03:23

Play Pause
1:03:23
Play Pause
  Play later
  Play later
  Lists
  Liked
1:03:23
 
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt…
  continue reading
 
Artwork

1
From Idea to Success: How to Operationalize a Startup from Zero to Exit - Seth Spergel - BSW #346 55:40

Play Pause
55:40
Play Pause
  Play later
  Play later
  Lists
  Liked
55:40
 
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well. In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how …
  continue reading
 
Artwork

1
Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357 1:42:25

Play Pause
1:42:25
Play Pause
  Play later
  Play later
  Lists
  Liked
1:42:25
 
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (check out Andy Greenberg's amazing story on Mirai on Wired). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more …
  continue reading
 
Artwork

1
Digging Into Supply Chain Security - James McMurry - PSW #824 3:00:28

Play Pause
3:00:28
Play Pause
  Play later
  Play later
  Lists
  Liked
3:00:28
 
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write s…
  continue reading
 
Artwork

1
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280 1:00:18

Play Pause
1:00:18
Play Pause
  Play later
  Play later
  Lists
  Liked
1:00:18
 
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel…
  continue reading
 
Artwork

1
Understanding the Cybersecurity Ecosystem - Ross Haleliuk - BSW #345 1:00:53

Play Pause
1:00:53
Play Pause
  Play later
  Play later
  Lists
  Liked
1:00:53
 
In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you ho…
  continue reading
 
Artwork

1
XZ - Backdoors and The Fragile Supply Chain - PSW #823 2:52:20

Play Pause
2:52:20
Play Pause
  Play later
  Play later
  Lists
  Liked
2:52:20
 
As most of you have probably heard there was a scary supply chain attack against the open source compression software called "xz". The security weekly hosts will break down all the details and provide valuable insights. https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor https://gynvael.coldwind.pl/?id=782 http…
  continue reading
 
Artwork

1
Getting Vulnerability Management Back on the Rails - Patrick Garrity - ESW #356 1:57:23

Play Pause
1:57:23
Play Pause
  Play later
  Play later
  Lists
  Liked
1:57:23
 
NVD checked out, then they came back? Maybe? Should the xz backdoor be treated as a vulnerability? Is scan-driven vulnerability management obsolete when it comes to alerting on emerging threats? What were some of the takeaways from the first-ever VulnCon? EPSS is featured in over 100 security products, but is it properly supported by those that ben…
  continue reading
 
Artwork

1
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279 1:00:57

Play Pause
1:00:57
Play Pause
  Play later
  Play later
  Lists
  Liked
1:00:57
 
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most dislik…
  continue reading
 
Artwork

1
CISO Soul Searching: Navigating the Evolving Role of the CISO - Harold Rivas - BSW #344 56:52

Play Pause
56:52
Play Pause
  Play later
  Play later
  Lists
  Liked
56:52
 
Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the…
  continue reading
 
Artwork

1
Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355 1:45:43

Play Pause
1:45:43
Play Pause
  Play later
  Play later
  Lists
  Liked
1:45:43
 
Many years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity. Diversity of pe…
  continue reading
 
Artwork

1
Are we winning? - Jason Healey - PSW #822 3:00:55

Play Pause
3:00:55
Play Pause
  Play later
  Play later
  Lists
  Liked
3:00:55
 
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames even…
  continue reading
 
Artwork

1
Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343 1:03:21

Play Pause
1:03:21
Play Pause
  Play later
  Play later
  Lists
  Liked
1:03:21
 
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…
  continue reading
 
Artwork

1
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278 1:09:03

Play Pause
1:09:03
Play Pause
  Play later
  Play later
  Lists
  Liked
1:09:03
 
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life eas…
  continue reading
 
Artwork

1
Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354 1:45:52

Play Pause
1:45:52
Play Pause
  Play later
  Play later
  Lists
  Liked
1:45:52
 
While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myth…
  continue reading
 
Artwork

1
Securing All The Things - Josh Corman - PSW #821 3:08:27

Play Pause
3:08:27
Play Pause
  Play later
  Play later
  Lists
  Liked
3:08:27
 
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the u…
  continue reading
 
Artwork

1
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277 1:13:20

Play Pause
1:13:20
Play Pause
  Play later
  Play later
  Lists
  Liked
1:13:20
 
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit …
  continue reading
 
Artwork

1
How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Tom Parker, Dave Dewalt - BSW #342 1:02:23

Play Pause
1:02:23
Play Pause
  Play later
  Play later
  Lists
  Liked
1:02:23
 
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifi…
  continue reading
 
Artwork

1
Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353 1:57:11

Play Pause
1:57:11
Play Pause
  Play later
  Play later
  Lists
  Liked
1:57:11
 
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'…
  continue reading
 
Artwork

1
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820 2:48:36

Play Pause
2:48:36
Play Pause
  Play later
  Play later
  Lists
  Liked
2:48:36
 
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-meas…
  continue reading
 
Artwork

1
Protecting Executives: Why The Home Is The New Battle Ground - Chris Pierson - BSW #341 59:15

Play Pause
59:15
Play Pause
  Play later
  Play later
  Lists
  Liked
59:15
 
When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and fam…
  continue reading
 
Artwork

1
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276 1:12:17

Play Pause
1:12:17
Play Pause
  Play later
  Play later
  Lists
  Liked
1:12:17
 
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps org…
  continue reading
 
Artwork

1
What can we do today to prevent tomorrow's breach? - Michael Mumcuoglu - ESW #352 1:47:13

Play Pause
1:47:13
Play Pause
  Play later
  Play later
  Lists
  Liked
1:47:13
 
Defenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks? Wait for the annual pen test? Probably not a good idea. In this segment, we'll talk with Michael Mumcuoglu about…
  continue reading
 
Artwork

1
Facing the Reality of Risk Prioritization - Bianca Lewis (BiaSciLab), Dan DeCloss - PSW #819 3:05:15

Play Pause
3:05:15
Play Pause
  Play later
  Play later
  Lists
  Liked
3:05:15
 
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding cont…
  continue reading
 
Artwork

1
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275 1:19:26

Play Pause
1:19:26
Play Pause
  Play later
  Play later
  Lists
  Liked
1:19:26
 
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms …
  continue reading
 
Artwork

1
The Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340 58:43

Play Pause
58:43
Play Pause
  Play later
  Play later
  Lists
  Liked
58:43
 
The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting n…
  continue reading
 
Artwork

1
Hacktivism Unveiled: Insights into the Footprints of Hacktivists - Pascal Geenens - ESW #351 1:59:04

Play Pause
1:59:04
Play Pause
  Play later
  Play later
  Lists
  Liked
1:59:04
 
Pascal Geenens from Radware joins us to discuss the latest research findings relating to hacktivists an other actors using volumetric and other network-based attacks. We'll discuss everything from the current state of DDoS attacks to use in the military and even the impact of cyberattacks on popular culture! You can find the report Pascal mentions …
  continue reading
 
Artwork

1
Social Engineering: AI & Living Off The Land - Jayson E. Street - PSW #818 2:53:31

Play Pause
2:53:31
Play Pause
  Play later
  Play later
  Lists
  Liked
2:53:31
 
Jayson joins us to discuss how he is using, and social engineering, AI to help with his security engagements. We also talk about the low-tech tools he employs to get the job done, some tech tools that are in play, and the most important part of any security testing: Talking to people, creating awareness, and great reporting. The latest attacks agai…
  continue reading
 
Artwork

1
Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274 56:59

Play Pause
56:59
Play Pause
  Play later
  Play later
  Lists
  Liked
56:59
 
Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project is trying to solve. For this kind of project to be successful -- as in making a positive impact to …
  continue reading
 
Artwork

1
AI Risks, Application Performance - Padraic O'Reilly, Shibu George - BSW #339 1:05:51

Play Pause
1:05:51
Play Pause
  Play later
  Play later
  Lists
  Liked
1:05:51
 
Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk …
  continue reading
 
Artwork

1
Two-Factor Authentication - SWN Vault 31:43

Play Pause
31:43
Play Pause
  Play later
  Play later
  Lists
  Liked
31:43
 
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on November 2, 2018. This week, Dr. Doug and Russ talk about the mysterious world of Two-Factor Authentication. This is something you hear all the time, and more and more sites are requiring and supporting it. The real question is…
  continue reading
 
Loading …

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox