SecurityWeek podcast series. Hear from cybersecurity industry experts and visionaries. Easy listening, great insights..
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
SC Media, and our sponsor, VISO Trust, are proud to present this month's CISO Stories program. Each month, the CISO Stories Program explores a cybersecurity topic selected by CyberRisk Alliance’s CISO Community and provides content that examines that topic from a variety of perspectives. Hosted by Todd Fitzgerald, best-selling author of CISO COMPASS, the CISO Stories weekly podcast features content powered by the 1,100+ members of CyberRisk Alliance’s CISO Community.
…
continue reading
It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.
…
continue reading
It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.
…
continue reading
The Future of Cybercrime is dedicated to helping security practitioners defend their organizations by distilling insights, best practices, and actionable tips from the world’s leading cyber crime experts. This show is brought you by KELA Cyber Threat Intelligence. For more information, visit www.kelacyber.com
…
continue reading
1
Fireside Chat: Abhishek Arya, Head of Google's Open Source Security Team
31:33
31:33
Play later
Play later
Lists
Like
Liked
31:33
In this exclusive fireside chat, SecurityWeek editor-at-large Ryan Naraine interviews Abhishek Arya, Director of Engineering on Google’s open source and supply chain security teams. We cover the evolving landscape of Software Supply Chain security, highlighting key advancements, challenges, research priorities, and much more. Session recoredef for …
…
continue reading
1
Are we winning? - Jason Healey - PSW #822
1:05:31
1:05:31
Play later
Play later
Lists
Like
Liked
1:05:31
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary (https://youtu.be/NYvHWcQsIRE) on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames even…
…
continue reading
1
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372
30:04
30:04
Play later
Play later
Lists
Like
Liked
30:04
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-372
…
continue reading
1
Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343
29:32
29:32
Play later
Play later
Lists
Like
Liked
29:32
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single S…
…
continue reading
1
Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167
23:00
23:00
Play later
Play later
Lists
Like
Liked
23:00
Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business …
…
continue reading
1
CSO Role vs. Changing CISO Role as 60% of Both Roles are Omitted from SEC Filings - BSW #343
33:28
33:28
Play later
Play later
Lists
Like
Liked
33:28
In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more! Show Notes: https://securityweekly.com/bsw-343
…
continue reading
1
GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278
32:33
32:33
Play later
Play later
Lists
Like
Liked
32:33
The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in InfoSec (and AppSec), and more! Show Notes: https://securityweekly.com/asw-278
…
continue reading
1
Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354
49:14
49:14
Play later
Play later
Lists
Like
Liked
49:14
While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myth…
…
continue reading
1
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
36:36
36:36
Play later
Play later
Lists
Like
Liked
36:36
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life eas…
…
continue reading
1
Robots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More - SWN #371
28:49
28:49
Play later
Play later
Lists
Like
Liked
28:49
Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-371
…
continue reading
1
Lots Of Funding News, Airbus Says No, and Cato Networks Going IPO? - ESW #354
55:44
55:44
Play later
Play later
Lists
Like
Liked
55:44
In the enterprise security news, Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalo…
…
continue reading
1
A Dive into Vulnerabilities and Compliance - PSW #821
1:58:04
1:58:04
Play later
Play later
Lists
Like
Liked
1:58:04
We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of individuals on the …
…
continue reading
1
Securing All The Things - Josh Corman - PSW #821
1:10:16
1:10:16
Play later
Play later
Lists
Like
Liked
1:10:16
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. Show Notes: https://securityweekly.com/psw-821…
…
continue reading
1
Emerging Trends CISOs Should Pay Attention To - Tom Parker - BSW #342
29:06
29:06
Play later
Play later
Lists
Like
Liked
29:06
Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will…
…
continue reading
1
Vulns in Smart Locks, FCC labels for IoT, ZAP's New Home - ASW #277
38:20
38:20
Play later
Play later
Lists
Like
Liked
38:20
Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT devices, the ZAP project gets a new home, and more! Show Notes: https://securityweekly.com/asw-277
…
continue reading
1
Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Phishing, Josh Marpet, and More - SWN #370
32:39
32:39
Play later
Play later
Lists
Like
Liked
32:39
Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-370
…
continue reading
1
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277
35:06
35:06
Play later
Play later
Lists
Like
Liked
35:06
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit …
…
continue reading
1
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166
30:13
30:13
Play later
Play later
Lists
Like
Liked
30:13
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at ever…
…
continue reading
1
How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Dave Dewalt - BSW #342
32:45
32:45
Play later
Play later
Lists
Like
Liked
32:45
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifi…
…
continue reading
1
Will AI allow us to finally scale vuln mgmt and threat detection? - ESW #353
1:08:43
1:08:43
Play later
Play later
Lists
Like
Liked
1:08:43
We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us. Also in this week's news: Homomorphic encryption pops up again! Microsoft Security Copilot has a release date! Sudo for Windows Microseg…
…
continue reading
1
Cynicism, TikTok, Redline, Securam, Ghostrace, eSim Swaps, Aaran Leyland, and More - SWN #369
32:14
32:14
Play later
Play later
Lists
Like
Liked
32:14
Cynicism, TikTok, Redline, Securam, Ghostrace, MicroOrange, eSim Swaps, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-369
…
continue reading
1
Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353
48:37
48:37
Play later
Play later
Lists
Like
Liked
48:37
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'…
…
continue reading
In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple reall…
…
continue reading
1
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
52:23
52:23
Play later
Play later
Lists
Like
Liked
52:23
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-meas…
…
continue reading
1
TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276
36:56
36:56
Play later
Play later
Lists
Like
Liked
36:56
The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Show Notes: https://securityweekly.com/asw-276…
…
continue reading
1
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368
32:34
32:34
Play later
Play later
Lists
Like
Liked
32:34
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-368
…
continue reading
1
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
35:28
35:28
Play later
Play later
Lists
Like
Liked
35:28
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps org…
…
continue reading