SecurityWeek podcast series. Hear from cybersecurity industry experts and visionaries. Easy listening, great insights..
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
SC Media, and our sponsor, VISO Trust, are proud to present this month's CISO Stories program. Each month, the CISO Stories Program explores a cybersecurity topic selected by CyberRisk Alliance’s CISO Community and provides content that examines that topic from a variety of perspectives. Hosted by Todd Fitzgerald, best-selling author of CISO COMPASS, the CISO Stories weekly podcast features content powered by the 1,100+ members of CyberRisk Alliance’s CISO Community.
…
continue reading
It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.
…
continue reading
It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.
…
continue reading
The Future of Cybercrime is dedicated to helping security practitioners defend their organizations by distilling insights, best practices, and actionable tips from the world’s leading cyber crime experts. This show is brought you by KELA Cyber Threat Intelligence. For more information, visit www.kelacyber.com
…
continue reading
1
Emerging Trends CISOs Should Pay Attention To - Tom Parker - BSW #342
29:06
29:06
Play later
Play later
Lists
Like
Liked
29:06
Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will…
…
continue reading
1
52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166
30:13
30:13
Play later
Play later
Lists
Like
Liked
30:13
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at ever…
…
continue reading
1
How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Dave Dewalt - BSW #342
32:45
32:45
Play later
Play later
Lists
Like
Liked
32:45
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifi…
…
continue reading
1
Will AI allow us to finally scale vuln mgmt and threat detection? - ESW #353
1:08:43
1:08:43
Play later
Play later
Lists
Like
Liked
1:08:43
We don't cover a lot of stories in this week's episode, but we go deep on a few important ones. I'm biased, but I think it's a good one, especially having Darwin's input and encyclopedic knowledge available to us. Also in this week's news: Homomorphic encryption pops up again! Microsoft Security Copilot has a release date! Sudo for Windows Microseg…
…
continue reading
1
Cynicism, TikTok, Redline, Securam, Ghostrace, eSim Swaps, Aaran Leyland, and More - SWN #369
32:14
32:14
Play later
Play later
Lists
Like
Liked
32:14
Cynicism, TikTok, Redline, Securam, Ghostrace, MicroOrange, eSim Swaps, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-369
…
continue reading
1
Addressing Identity-Related Threats in 2024 - Rod Simmons - ESW #353
48:37
48:37
Play later
Play later
Lists
Like
Liked
48:37
In this interview, we talk to Rod Simmons, the VP of Product Strategy at Omada. We'll discuss the complex topic of securing identities against ever growing threats. We'll discuss challenges like unnecessary access, accounts with too many permissions, and a threat landscape that is increasingly finding success from targeting identities. Finally, we'…
…
continue reading
In the security News end of life routers and exploits, SCCM mis-configurations lead to compromise, apparently you can hack anything with a Flipper Zero, do source code leaks matter?, visibility is important, printer vulnerabilities that no one cares about, friendship gets you firmware, lock hacking continues, VM escapes and risk, and multiple reall…
…
continue reading
1
Memory Safety, Re-Writing Software, and OSS Supply Chains - Omkhar Arasaratnam - PSW #820
52:23
52:23
Play later
Play later
Lists
Like
Liked
52:23
Omkhar Arasaratnam is the General Manager of the Open Source Software Foundation (OpenSSF) and appears on the show to discuss memory safety, why re-writing software isn't always the best option, open-source software supply chains, and more! Segment Resources: https://openssf.org/blog/2024/02/26/openssf-supports-efforts-to-build-more-secure-and-meas…
…
continue reading
1
TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276
36:56
36:56
Play later
Play later
Lists
Like
Liked
36:56
The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and more! Show Notes: https://securityweekly.com/asw-276…
…
continue reading
1
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet and More - SWN #368
32:34
32:34
Play later
Play later
Lists
Like
Liked
32:34
Dem Bones, Leather, QNAP, CISA, Microsoft, PyPI, France, AirBnB, Josh Marpet, and More are on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-368
…
continue reading
1
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
35:28
35:28
Play later
Play later
Lists
Like
Liked
35:28
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares what API attack trends Imperva, a Thales Company has observed over the past year, and what steps org…
…
continue reading
1
Securing Connections: 3rd Party Risk Mgmt Expert Insights - Charles Spence - CSP #165
30:49
30:49
Play later
Play later
Lists
Like
Liked
30:49
Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-politi…
…
continue reading
1
CISO's Guides to Engaging The Board, Artificial Intelligence, and Cyber Insurance - BSW #341
26:44
26:44
Play later
Play later
Lists
Like
Liked
26:44
In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more! Show Notes: https://securityweekly.com/bsw-341
…
continue reading
1
Protecting Executives: Why The Home Is The New Battle Ground - Chris Pierson - BSW #341
31:16
31:16
Play later
Play later
Lists
Like
Liked
31:16
When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and fam…
…
continue reading
1
Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More - SWN #367
32:20
32:20
Play later
Play later
Lists
Like
Liked
32:20
Star Trek, JetBrains, Facebook, Chrome, FBI, USBs, TikTok, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-367
…
continue reading
1
Early stage startup M&A on fire, funding healthy, and attackers are like lawyers? - ESW #352
1:00:14
1:00:14
Play later
Play later
Lists
Like
Liked
1:00:14
In the enterprise security news, Axonius raises $200M and is doing $100M ARR! Claroty raises $100M and is doing $100M ARR! Crowdstrike picks up DSPM with Flow Security CyCode picks up Bearer Are attackers like lawyers? How a bank failed (with no help from a cyber attack) the FTC cracks down on customer data collection Apple’s car sadly won’t be a t…
…
continue reading
1
What can we do today to prevent tomorrow's breach? - Michael Mumcuoglu - ESW #352
47:07
47:07
Play later
Play later
Lists
Like
Liked
47:07
Defenders spend a lot of time and money procuring and implementing security controls. At the heart of SecOps and the SOC are technologies like XDR, SIEM, and SOAR. How do we know these technologies are going to detect or prevent attacks? Wait for the annual pen test? Probably not a good idea. In this segment, we'll talk with Michael Mumcuoglu about…
…
continue reading
1
DCNextGen, Memory Safety And More! - PSW #819
2:00:39
2:00:39
Play later
Play later
Lists
Like
Liked
2:00:39
BiaSciLab from DEF CON joins us to discuss DCNextGen! In the security News: MouseJacking still works, CISA recommends a complete rebuild, memory safety and re-writing code, not all doorbells are created equal, putting a firewall in front of your LLM, rugged gear and vulnerabilities, PLCs are not safe, neither are Windows kernels.. Segment Resources…
…
continue reading
1
Facing the Reality of Risk Prioritization - Dan DeCloss - PSW #819
1:04:45
1:04:45
Play later
Play later
Lists
Like
Liked
1:04:45
Public information about exploits and vulnerabilities alone is not enough to inform prioritization, especially with the growing rate and variety of CVEs. Dan DeCloss, founder and CTO of PlexTrac, joins the show to discuss solving the challenges of risk prioritization to drive faster, more strategic assessment cycles. Spoiler: The key is adding cont…
…
continue reading
1
ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More - SWN #366
31:57
31:57
Play later
Play later
Lists
Like
Liked
31:57
ToddleShark, Zeek, Stuxnet revisited, ICS, AMEX, Apple, Change, Josh Marpet, and More on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-366
…
continue reading
1
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
40:38
40:38
Play later
Play later
Lists
Like
Liked
40:38
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter ways to approach vulns based in modern app development. We also explore the ecosystem of acronyms …
…
continue reading
1
A Printout on Secure by Design When Utilizing 3rd Parties - Bryan Willett - CSP #164
24:14
24:14
Play later
Play later
Lists
Like
Liked
24:14
With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an est…
…
continue reading
1
Security Starts At The Top and as CISOs Struggle, do they replace the CIO? - BSW #340
25:09
25:09
Play later
Play later
Lists
Like
Liked
25:09
In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Death of the CIO, Redefining the CISO role, and more! Show Notes: https://securityweekly.com/bsw-340
…
continue reading
1
SAML & Secrets, Serializing AI Models, OWASP ISTG, More Memory Safety - ASW #275
38:54
38:54
Play later
Play later
Lists
Like
Liked
38:54
A SilverSAML example similar to the GoldenSAML attack technique, more about serializing AI models for Hugging Face, OWASP releases 1.0 of the IoT Security Testing Guide, the White House releases more encouragement to move to memory-safe languages, and more! Show Notes: https://securityweekly.com/asw-275…
…
continue reading
1
The Convergence of Security, Compliance, and Risk - Igor Volovich - BSW #340
33:43
33:43
Play later
Play later
Lists
Like
Liked
33:43
The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting n…
…
continue reading
1
Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, Airlines, Aaran Leyland and More - SWN #365
32:22
32:22
Play later
Play later
Lists
Like
Liked
32:22
Clueless pols, Lazarus, Ubiquity, UAMPQP, BlackCat, CryptoChameleon, Airlines, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-365
…
continue reading
1
Funding goes quiet while M&A makes some noise! - ESW #351
1:07:59
1:07:59
Play later
Play later
Lists
Like
Liked
1:07:59
In this week's news segment, we discuss the lack of funding announcements, and the potential effect RSA could have on the timing of all sorts of press releases. We also discuss 1Password's potential future with its sizable customer base and the $620M it raised a few years back. Some other topics we discuss: NIST CSF 2.0 insider threats Ivanti Pulse…
…
continue reading