We are three friends who created a spreadsheet to rate TV shows and movies and our podcast was born!
…
continue reading
Comic duo Doggett & Ephgrave interview acts who've appeared at their UK comedy & music club, Mostly Comedy. Previous MTMC guests include Rory Bremner, Phill Jupitus, Katherine Ryan, Paul Daniels & Debbie McGee, Josh Widdicombe, Richard Herring and Arthur Smith. Hosted by Glyn Doggett & David Ephgrave.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
1
Killer Robots, Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet and More - SWN #400
34:11
34:11
Play later
Play later
Lists
Like
Liked
34:11
Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-400
…
continue reading
1
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
1:05:00
1:05:00
Play later
Play later
Lists
Like
Liked
1:05:00
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-ful…
…
continue reading
1
Closing CISO-CEO Communication Gap Requires a Common Business Language - Sumedh Thakar, Jeff Recor - BSW #357
1:11:22
1:11:22
Play later
Play later
Lists
Like
Liked
1:11:22
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us…
…
continue reading
1
Analyzing the CrowdStrike Incident and Its Ripple Effects - SWN #399
42:17
42:17
Play later
Play later
Lists
Like
Liked
42:17
In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need…
…
continue reading
1
Jump-starting SOC Analyst Careers, Addressing Cybersecurity Industry Challenges, and Historic Rumors in Enterprise Security - ESW #368
2:06:23
2:06:23
Play later
Play later
Lists
Like
Liked
2:06:23
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries…
…
continue reading
1
3D Printing For Hackers - David Johnson - PSW #835
3:01:58
3:01:58
Play later
Play later
Lists
Like
Liked
3:01:58
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers! Segment Resources: Slides used in this segment: https://files.scmagazine.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf Major 3D Printer Websites: https://v…
…
continue reading
1
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet and more... - SWN #398
29:20
29:20
Play later
Play later
Lists
Like
Liked
29:20
Floppy Disks, Exim, Kaspersky, Darkgate, AT&T, Josh Marpet, and more are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-398
…
continue reading
1
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
1:09:02
1:09:02
Play later
Play later
Lists
Like
Liked
1:09:02
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-i…
…
continue reading
1
Solving the Complexities of Cyber Insurance for SMBs - Brian Fritton - BSW #356
1:06:15
1:06:15
Play later
Play later
Lists
Like
Liked
1:06:15
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach …
…
continue reading
1
Autobahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More... - SWN #397
34:19
34:19
Play later
Play later
Lists
Like
Liked
34:19
Wir fahren auf der AutoBahn, APT 40, Meliorator, RADIUS, AT&T, Apple, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-397
…
continue reading
1
Joiners, Movers, Leavers, and Failures: Why is Identity Management Still Struggling? - Henrique Teixeira - ESW #367
1:31:28
1:31:28
Play later
Play later
Lists
Like
Liked
1:31:28
I'm always thrilled to chat with ex-analysts, and Henrique Teixeira can cover a lot of ground with us on the topic of identity management and governance. The more I talk to folks about IAM/IGA, the more I'm shocked at how little has changed. If anything, it seems like we've gone backwards a bit, with the addition of cloud SaaS, mobile devices, and …
…
continue reading
1
RFID hacking & More Vulnerability Shenanigans - Iceman - PSW #834
3:30:33
3:30:33
Play later
Play later
Lists
Like
Liked
3:30:33
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows. Iceman comes on the show to talk about RFID and N…
…
continue reading
1
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
1:12:41
1:12:41
Play later
Play later
Lists
Like
Liked
1:12:41
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous sp…
…
continue reading
1
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland... - SWN #396
34:06
34:06
Play later
Play later
Lists
Like
Liked
34:06
Zotac, Eldorado, Donex, Qlins, Ticketmaster, AI, Physical Security, Aaran Leyland, and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-396
…
continue reading
1
Technology Rationalization in Cybersecurity - Max Shier - BSW #355
1:00:30
1:00:30
Play later
Play later
Lists
Like
Liked
1:00:30
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size? Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss tech…
…
continue reading
Check out this interview from the SWN Vault, hand picked by main host Doug White! This segment was originally published on July 20, 2017. Doug talks about how to count from zero to one! Show Notes: https://securityweekly.com/vault-swn-18
…
continue reading
1
Hacker Heroes - Joe Grand - PSW Vault
1:43:58
1:43:58
Play later
Play later
Lists
Like
Liked
1:43:58
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field. …
…
continue reading
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on March 6, 2017. Have you ever wondered what phishing is? Do you know what spear phishing attacks are? Doug and Russ explain how to protect yourself from phishing scams in the inaugural episode of Secure Digit…
…
continue reading
1
CISOs 2023 Planning Guide: Forecast The Recession's Impact On Your Program - Jeff Pollard - BSW Vault
33:21
33:21
Play later
Play later
Lists
Like
Liked
33:21
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022. As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of …
…
continue reading
1
MoveIT, Entrust, Fed Reserve, ISPs, Volt Typhoon & More - Chris Wolski - SWN #395
29:10
29:10
Play later
Play later
Lists
Like
Liked
29:10
Healthcare and malware, MoveIT, Chrome won't trust Entrust, the discovery of Volt Typhoon, & more on this episode of the Security Weekly News! Segment Resources: https://therecord.media/volt-typhoon-targets-underestimated-cisa-says Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-395…
…
continue reading
1
The risks and best practices of deploying AI to an enterprise - Martin Roesch, Anurag Lal - ESW #366
2:16:26
2:16:26
Play later
Play later
Lists
Like
Liked
2:16:26
We all might be a little worn out on this topic, but there's no escaping it. Executives want to adopt GenAI and it is being embedded into nearly every software product we use in both our professional and personal lives. In this interview, Anurag joins us to discuss how his company evaluated and ultimately integrated AI-based technologies into their…
…
continue reading
1
Do We Need Penetration Testing and Vulnerability Scanning? - Josh Bressers, Adrian Sanabria - PSW #833
2:51:52
2:51:52
Play later
Play later
Lists
Like
Liked
2:51:52
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate! Zyxl NAS devices are under attack and the ex…
…
continue reading
1
Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet - SWN #394
30:07
30:07
Play later
Play later
Lists
Like
Liked
30:07
Baltimore, GPS Jammed, US bans, ARM, YouTube, Kraken and Joshua Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-394
…
continue reading
1
Building a Successful API Security Strategy - Luke Babarinde, Bhawna Singh - BSW #354
1:04:51
1:04:51
Play later
Play later
Lists
Like
Liked
1:04:51
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy. This segment …
…
continue reading
1
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
1:01:09
1:01:09
Play later
Play later
Lists
Like
Liked
1:01:09
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. Segment Resources: https://oauth.net/2.1 https://oauth.n…
…
continue reading
1
Access vs Actions, Beyond Traditional IGA, Remote Identity Verification, & Fraud - Tim Prendergast, Damon Tompkins, Andrew Bud, Chris Meyer - ESW Vault
58:32
58:32
Play later
Play later
Lists
Like
Liked
58:32
Traditional approaches to access management are no longer sufficient to safeguard enterprise security. Tim will explain why the most effective approach to modern enterprise security requires a Zero Trust model that extends beyond just access to encompass every action, no matter how minor. Tim will describe the importance of implementing a Zero Trus…
…
continue reading
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on June 19, 2018. This week, Doug and Russ interview Matthew Silva, President and Founder of the Cybersecurity and Intel Club at Roger Williams University! They talk about majoring in Cybersecurity vs. Computer…
…
continue reading
1
iShield Key Experience, Automated (PKI) Infrastructure, & GenAI Identity Attacks - Kevin Fadaie, Roni Bliss, David Mahdi - ESW Vault
44:48
44:48
Play later
Play later
Lists
Like
Liked
44:48
FIDO security keys are not new in the authentication workflow. They have been around now for 10 years. What is new is the combination of the most secure multi-factor authentication method not only for logical but also for physical access control with the highest FIPS140-3 security certification in the market. Segment Resources: Video "Swissbit iShi…
…
continue reading
1
Bringing Autonomy to AppSec - Dr. David Brumley - ESW Vault
32:22
32:22
Play later
Play later
Lists
Like
Liked
32:22
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven’t solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the app…
…
continue reading
1
Hacker Heroes - Dave Aitel - PSW Vault
1:29:24
1:29:24
Play later
Play later
Lists
Like
Liked
1:29:24
Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth o…
…
continue reading
1
Back To School: Networking 101 - SWN Vault
26:29
26:29
Play later
Play later
Lists
Like
Liked
26:29
Check out this interview from the SWN Vault, hand picked by main host Doug White! This Secure Digital Life segment was originally published on September 25, 2018. This week, Russ takes the reigns in the absence of Dr. Doug to talk about Networking 101! We are going to go back to school to examine how networking and the internet actually work. Russ …
…
continue reading
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of …
…
continue reading
1
Zero Trust Is Not A SKU - Saša Zdjelar - BSW Vault
32:47
32:47
Play later
Play later
Lists
Like
Liked
32:47
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022. Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying t…
…
continue reading
*Sexy Saxophone Music*By Doggett Club
…
continue reading
1
Shared irresponsibilities and the importance of product privacy: Apple vs Microsoft - Mark Batchelor, Vibhuti Sinha, Chris Simmons, Gerry Gebel, Ajay Gupta, Tarvinder Sembhi - ESW #365
2:41:25
2:41:25
Play later
Play later
Lists
Like
Liked
2:41:25
This week, we've got data security being both funded AND acquired. We discuss Lacework's fall from unicorn status and why rumors that it went to Fortinet for considerably more than Wiz was willing to pay make sense. Microsoft Recall and Apple Intelligence are the perfect bookends for a conversation about the importance of handling consumer privacy …
…
continue reading
1
Trust in Microsoft, Apple, and the Holy AI, Moonstone Sleet, Cheating, Joshua Marpet - SWN #393
34:13
34:13
Play later
Play later
Lists
Like
Liked
34:13
Trust in Microsoft, Apple, and the Holy AI, Amen, Moonstone Sleet, Cheating, Joshua Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-393
…
continue reading
1
GenAI, Security, and More Lies - Aubrey King - PSW #832
2:54:18
2:54:18
Play later
Play later
Lists
Like
Liked
2:54:18
We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs! Segment Resources: https://genai.owasp.org/ Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headp…
…
continue reading
1
Buzz Aldrin, the Gray Lady, Veeam, Microsoft squared, Nvidia, Josh Marpet... - SWN #392
32:23
32:23
Play later
Play later
Lists
Like
Liked
32:23
Buzz Aldrin, the Gray Lady, Veeam, Microsoft squared, Nvidia, Hardware, Pentests, Josh Marpet, and more on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-392
…
continue reading
1
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
38:36
38:36
Play later
Play later
Lists
Like
Liked
38:36
Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-288…
…
continue reading
1
The State of the Cybersecurity Market, At Least According to Gartner - Vivek Ramachandran, Carl Froggett, Padraic O'Reilly - BSW #353
1:04:11
1:04:11
Play later
Play later
Lists
Like
Liked
1:04:11
Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including: Artificial Intelligence(AI) Continuous Threat Exposure Management(CTEM) Identity & Access …
…
continue reading
1
AI, Lockbit, Veeam, Club Penguin, Kali, Commando Cat, HugeGraph, Aaran Leyland... - SWN #391
35:26
35:26
Play later
Play later
Lists
Like
Liked
35:26
Burning AI, Lockbit, Veeam, Club Penguin, Kali, Commando Cat, HugeGraph, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-391
…
continue reading
1
Interest in Identity Security is Spiking - John Shier, Will Lin, Christopher Harrell, Jim Broome - ESW #364
2:31:08
2:31:08
Play later
Play later
Lists
Like
Liked
2:31:08
"Identity security has been around forever though", you might be thinking. Allow me to clarify. Identity is the largest cybersecurity product category, but most of it is focused on identity governance, authentication, multi-factor, etc. Very little of it is focused on operational identity security. It's this trend, where we recently (within the las…
…
continue reading
1
Whose Vulnerability Is It Anyway? - Josh Bressers - PSW #831
2:43:47
2:43:47
Play later
Play later
Lists
Like
Liked
2:43:47
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/ Josh's Latest post: https://opensourcesecu…
…
continue reading
1
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More - SWN #389
36:17
36:17
Play later
Play later
Lists
Like
Liked
36:17
Gold Pressed Latinum, VBScript, ORBS, Rockwell, Chrome, SKY, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-389
…
continue reading
1
BCNF, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet... - SWN #390
34:55
34:55
Play later
Play later
Lists
Like
Liked
34:55
Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-390
…
continue reading
1
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287
1:12:08
1:12:08
Play later
Play later
Lists
Like
Liked
1:12:08
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining secure processes backed by strong authentication and …
…
continue reading
1
Emotional Intelligence for Cyber Leaders - James Doggett, Jessica Hoffman, Sivan Tehila - BSW #352
1:00:56
1:00:56
Play later
Play later
Lists
Like
Liked
1:00:56
Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity? In this interview, we welcome Jessica Hoffman, Deputy CISO for …
…
continue reading
1
A CISO’s Perspective, Defending Against AI & Ransomware Evolution - Kris Lahiri, Jim Broome, Mike Lyborg - ESW Vault
46:35
46:35
Play later
Play later
Lists
Like
Liked
46:35
In this interview, join Swimlane Chief Information Security Officer, Mike Lyborg, and host Akira Brand as we discuss the value of cybersecurity marketplaces from a CISO perspective. Through insightful discussions, unpack the connection between outcomes-driven solutions and tangible business KPIs. This segment is sponsored by Swimlane. Visit https:/…
…
continue reading
Check out this episode from the Secure Digital Life Vault, hand picked by main host Doug White! This segment was originally published on June 14, 2017. Doug and Russ talk about different types of backups, how they work and out-of-band strategies. Show Notes: https://securityweekly.com/vault-swn-14
…
continue reading
1
Achieving Cyber Resilience, External Cybersecurity & Risk Reduction - Margarita Barrero, Andy Grolnick, Alexandre Sieira - ESW Vault
48:15
48:15
Play later
Play later
Lists
Like
Liked
48:15
Organizations today are overwhelmed with the sheer magnitude of potential cybersecurity threats and there is plenty of vendor buzz around AI in Security products, but what is the reality? Threat detection and incident response (TDIR) strategy and execution have never been more critical and are essential in maintaining cyber resilience and strengthe…
…
continue reading