Hey everyone, Welcome to the Infosec Prep Podcast. We aim to bring you weekly Infosec news and bring some people on to interview! Join our discord at https://discord.gg/9xTqKTY
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Reducing Supply Chain Risk & What’s lurking in your phone? - Danny Jenkins, Nikos Kiourtis - ASW #295
34:30
34:30
Play later
Play later
Lists
Like
Liked
34:30
In complex software ecosystems, individual application risks are compounded. When it comes to mitigating supply chain risk, identifying backdoors or unintended vulnerabilities that can be exploited in your environment is just as critical as staying current with the latest hacking intel. Understand how to spot and reduce the risk to your environment…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet... - SWN #406
29:13
29:13
Play later
Play later
Lists
Like
Liked
29:13
DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-406
…
continue reading
![Artwork](/static/images/128pixel.png)
1
When Appsec Needs to Start Small - Kalyani Pawar - ASW #295
34:22
34:22
Play later
Play later
Lists
Like
Liked
34:22
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's needs while keeping it secure. Kalyani Pawar shares her experience at different ends of an appsec maturity spectrum. Show Notes: https://securityweekly.com/asw-295…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Cybersecurity Leadership Crisis, Is It Time to Pivot Your Strategy? - BSW #360
31:34
31:34
Play later
Play later
Lists
Like
Liked
31:34
In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more! Show Notes: https://securityweekly.com/bsw-360
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Security Money: Crowdstrike Crashes the Index - BSW #360
31:44
31:44
Play later
Play later
Lists
Like
Liked
31:44
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity pu…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
More AI funding, Crowdstrike ripples continue, GPT yourself - ESW #371
1:02:40
1:02:40
Play later
Play later
Lists
Like
Liked
1:02:40
, in the enterprise security news, AI is still getting a ton of funding! Netwrix acquires PingCastle Tenable looks for a buyer SentinelOne hires Alex Stamos as their new CISO Crowdstrike doesn’t appreciate satire when it’s at their expense Intel begins one of the biggest layoffs we’ve ever seen in tech Windows Downdate RAG poisoning GPT yourself Th…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Interviewing Black Hat Startup Spotlight Winner, Knostic - Sounil Yu - ESW #371
34:46
34:46
Play later
Play later
Lists
Like
Liked
34:46
We chat with Sounil Yu, co-founder of LLM access control startup, Knostic. We discuss both the experience of participating in Black Hat's startup competition, and what his company, Knostic, is all about. Knostic was one of four finalists for Black Hat's Startup Spotlight competition and was announced as the winner on August 6th. References DarkRead…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More... - SWN #405
30:49
30:49
Play later
Play later
Lists
Like
Liked
30:49
0.0.0.0, Blacksuit, OpenAI, AWS, Cisco Phones, Win 10, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-405
…
continue reading
![Artwork](/static/images/128pixel.png)
1
AI Red Teaming and AI Safety - Amanda Minnich - ESW #371
41:17
41:17
Play later
Play later
Lists
Like
Liked
41:17
In this interview we explore the new and sometimes strange world of redteaming AI. I have SO many questions, like what is AI safety? We'll discuss her presence at Black Hat, where she delivered two days of training and participated on an AI safety panel. We'll also discuss the process of pentesting an AI. Will pentesters just have giant cheatsheets…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Things Not to Miss at BH/DC/Bsides - PSW #838
1:03:32
1:03:32
Play later
Play later
Lists
Like
Liked
1:03:32
Learn what is most interesting at hacker summer camp this year! Show Notes: https://securityweekly.com/psw-838
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Downgrades and Attacking Security Things - PSW #838
2:04:44
2:04:44
Play later
Play later
Lists
Like
Liked
2:04:44
This week, Downgrade attacks, bootloader fun, check your firmware before you wreck your firmware, you've got mail server issues, Ivanti is the new Rhianna, you should update your BIOS, Openwrt dominates, and attacking the security tools for fun and profit! Show Notes: https://securityweekly.com/psw-838…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Dead Code, CrowdStrike's Kernel Lessons, VMs & Security Boundaries, SLUBStick Attack - ASW #294
33:55
33:55
Play later
Play later
Lists
Like
Liked
33:55
The code curation considerations of removing abandoned protocols in OpenSSL, kernel driver lessons from CrowdStrike's crash, choosing isolation primitives, cross-cache attacks made possible by SLUBStick, and more! Show Notes: https://securityweekly.com/asw-294
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet... - SWN #404
33:03
33:03
Play later
Play later
Lists
Like
Liked
33:03
Fake IDS, Storm Bamboo, uBlock, Rhysida, Snake, Delta, TikTok, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-404
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Building Successful Security Champions Programs - Marisa Fagan - ASW #294
36:24
36:24
Play later
Play later
Lists
Like
Liked
36:24
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successful. Marisa shares her experience in building these programs to foster a positive security culture within companies. She explains the incentives and rewards that lead to more engagement from champions …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Say Easy, Do Hard - Job Search Strategies for CISOs - Part 2 - Merlin Namuth, Brad Rager - BSW #359
28:25
28:25
Play later
Play later
Lists
Like
Liked
28:25
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem. Show Notes: https://securityweekly.com/bsw-359…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Say Easy, Do Hard - Job Search Strategies for CISOs - Part 1 - Merlin Namuth, Brad Rager - BSW #359
28:47
28:47
Play later
Play later
Lists
Like
Liked
28:47
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring? Show Notes: https://securityweekly.com/bsw…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Funding, Cato, Code42, DoS Robots, and Blackhat Prep - ESW #370
51:43
51:43
Play later
Play later
Lists
Like
Liked
51:43
This week, in the enterprise security news, over half a billion in funding, as everyone gets their pre-Blackhat announcements out! Mimecast picks up Code42 Will Cato Networks IPO? Canarytokens update We still have some crowdstrike fallout to discuss CISO responses to SEC rules Making things secure without security tools tips for going SOCLess denia…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
10 Security Researcher Qualities Marketers Should Adopt - Dani Woolf - ESW #370
50:01
50:01
Play later
Play later
Lists
Like
Liked
50:01
There's plenty of content out there detailing how vendors fall short: scummy, aggressive sales tactics overuse of jargon and buzzwords sneaky sales tactics dumping on competitors products that fall far short of claims ambulance chasing So what should they doing? In this episode, we chat with Dani Wolff, about how marketers can adopt the skills and …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, Aaran Leyland, and More... - SWN #403
31:35
31:35
Play later
Play later
Lists
Like
Liked
31:35
Taco Bell AI, Azure, Scams, AI Emails, IBM, Crowdstrike, I try to be more succinct, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-403
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Cybersecurity's Love Affair with Distractions - Fred Wilmot - ESW #370
36:36
36:36
Play later
Play later
Lists
Like
Liked
36:36
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized n…
…
continue reading
Hacking traffic lights (for real this time), the Docker API strikes again, access Github deleted data, using EDR to elevate privileges on Windows, computers I need in my life, failed experiments and Raspberry PI access points, sitting ducks and TuDoor - its always DNS times 2, null sessions and a blast from the past, chaining UEFI vulnerabilities, …
…
continue reading
![Artwork](/static/images/128pixel.png)
1
PK Fail - John Loucaides - PSW #837
1:12:22
1:12:22
Play later
Play later
Lists
Like
Liked
1:12:22
John is one of the foremost experts in UEFI and joins us to talk about PK Fail! What happens when a vendor in the supply chain accidentally loses a key? It's one of the things that keeps me up at night. Well, now my nightmare scenario has come true as a key has been leaked. Learn how and why and what you can do about it in this segment! Show Notes:…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
Forever mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More... - SWN #402
32:07
32:07
Play later
Play later
Lists
Like
Liked
32:07
Forever Mouse, RPC, WhatsApp, NIST, PKFail, 0Auth, Josh Marpet, and More, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-402
…
continue reading
![Artwork](/static/images/128pixel.png)
1
A CISO's Perspective on AI, Appsec, and Changing Behaviors - Paul Davis - ASW #293
45:18
45:18
Play later
Play later
Lists
Like
Liked
45:18
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's modern because appsec is meeting developer needs and supporting the business. Paul Davis talks about how AI is (and isn't) changing appsec, the KPIs that reflect outcomes rather than being busy, and the…
…
continue reading
![Artwork](/static/images/128pixel.png)
1
The Evolving Role of the CISO - Allan Alford - BSW #358
32:54
32:54
Play later
Play later
Lists
Like
Liked
32:54
The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the …
…
continue reading