Stewart and Trey join us to talk about driving cybersecurity policies for the nation, what makes a good policy, what makes a bad policy, supply chain research and policies, and overall how we shape policies that benefit cybersecurity. Segment Resources: https://www.atlanticcouncil.org/in-depth-research-reports/report/broken-trust-lessons-from-sunbu…

Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Resource: https://cisa.gov/kev Show Notes: https://se…

Jay Jacobs Co-Founder and Data Scientist and Wade Baker Co-Founder; Data Storyteller from The Cyentia Institute come on the show to talk about The Exploit Prediction Scoring System (EPSS). This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-34…

Ed Harris joins us to discuss how to secure OT environments, implement effective air gaps, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-33

We discuss the various aspects of Mitre Att&ck, including tools, techniques, supply chain aspects, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-32

Cassie has a long history of successfully managing a variety of security programs. Today, she leads supply chain efforts for a very large product company. We will tackle topics such as software supply chain management, SBOMs, third-party supply chain challenges, asset management, and more! This segment is sponsored by Eclypsium. Visit https://secur…

Bob Martin comes on the show to discuss systems of trust, supply chain security and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-30

Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-29…

Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things". This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bt…

In this episode, we discuss digital supply chain governance and compliance, featuring Josh Marpet from Guarded Risk, hosted by Paul Asadoorian and Allan Alford. Specifically, we discuss: The importance of understanding and complying with regulations affecting digital supply chains, such as Executive Order 14028 and the NIST Cybersecurity Framework.…

Cheryl is super passionate about supply chain security and visibility. Tune in to our discussion on how we can collectively get better at reducing the attack surface and working to fix the wide variety of digital supply chain issues we have today. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about…

Paul and Allan will talk a little bit about Allan's background and current work at Eclypsium. Next, we'll cover some of the recent news and topics we've been discussing on our blog including Firewall and VPN appliance security struggles, Shim Shady, Glubteba and other malware targeting UEFI, and some thoughts on recent regulations affecting supply …

Saša Zdjelar joins us on this episode to dive into how organizations can manage supply chain risk, including the current challenges we face and how best to deal with them. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-24…

Short of ripping everything apart (hardware and software) and inspecting the components, which is very time-consuming, how do we solve the visibility gap in various supply chains? Dr. Olga Livingston from CISA joins us to discuss! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes…

We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at SBOM@cisa.dhs.gov This segment is sponsored…

We talk about Supply Chain Risk Management in the context of the cloud and US federal government with David Vaughn. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-21

In this episode, we have the privilege of sitting down with renowned security expert Joe Hall to discuss three critical facets of modern cybersecurity: network device security, supply chain threats, and lateral movement. Join us as Joe Hall shares his wealth of knowledge and experience, unraveling the complexities of network device security, the in…

In this episode, we delve into the dynamic world of supply chain security, recapping the significant developments of the past year. Join us as we explore the evolution of offensive security, defensive landscapes, and the key actors shaping the cybersecurity landscape. Our featured guest, Tyler Robinson, Founder and CEO of Dark Element, brings a wea…

Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-18…

Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulne…

Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server. Segment Resources: https://uefi.org/sites/default/files/resources/What%20is%20UEFI-Aug31-2023-Final.pdf This segment is sponsored by Eclypsiu…

Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks. Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply…

John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain! This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts-14

We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Eclyp…

Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples such as Log4j and more! Show Notes: https://securityweekly.com/bts-12…

Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assu…

Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security. Segment Resources: https://ost2.fyi https://dar…

Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about the importance of hardware & firmware security in a SaaS world. Segment Resources: https://www.youtube.com…

The LVFS is a project used by over 130 different vendors, from all positions of the supply chain. It decompresses, decompiles, then analyses firmware looking for issues, and then automatically builds a SBoM for each download. Segment Resources: https://fwupd.org/ https://github.com/fwupd Show Notes: https://securityweekly.com/bts8…

Discuss current events in firmware security, such as the techniques utilized in BlackLotus. We will compare Baton Drop with Grub2 capabilities. Segment Resources: https://starkeblog.com/ Show Notes: https://securityweekly.com/bts7

This session will provide an overview of the history of host firmware, or BIOS, focusing on the arc of the Unified Extensible Firmware Interface. It will include the development of defenses like UEFI Secure Boot and the challenges in scaling assurance across a broad ecosystem. It will close on works-in-progress and opportunities to build upon the s…

In this edition of Below The Surface, we discuss insights Scott collected from various members of our community. Topics include supply chain threats, critical firmware attacks, and more! We also welcome special guest Tyler Robinson! View the full report here: https://eclypsium.com/2022/12/13/december-firmware-threat-report/ This segment is sponsore…

Paul and Scott talk about supply chain threats, vulnerable drivers, leaked source code and keys, and cover what we know about the OpenSSL 3.x vulnerability. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts4…

This month Scott and Paul discuss the inevitability of attacks against certain sectors, UEFI vulnerabilities galore and so much more! Get the full report here: https://eclypsium.com/2022/10/03/september-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: ht…

Paul and Scott break down the Root of Trust (RoT) and other highlights from the August 2022 Below The Surface Threat Report: https://eclypsium.com/2022/08/31/august-firmware-threat-report/ This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/bts2…

Paul Asadoorian and Scott Scheferman sit down to discuss this month's firmware and supply chain threat report. We cover some of the history and latest developments regarding Secure Boot security research, the threats we face securing the firmware supply chain, and some insights into threat actors targeting firmware. View the full report here: https…

Good luck with the start of another academic year: you are not alone. Mental health is often falsely presented as irrelevant to people of colour. Dr. Samara Linton and Dr. Rianna Walcott's brilliant The Colour of Madness explores mental health for and by people of colour across art, essays, poetry, and stories. Together with PhDiva Xine they discus…

Adversity and the power of friendship! In the second half of the interview, PhDiva Xine talks with historian Cassie Osei about pedagogy during the pandemic and life lessons from Sailor Moon. Do you watch anime? How does it affect how you engage in the world?For show notes see our blogpost: https://phdivaspodcast.wordpress.com/2022/07/11/s6e9-pandem…

Wherever they are, Black women have always theorized about race and gender, says Dr. Cassie Osei. In the first of two eps, PhDiva Xine interviews Cassie Osei, historian of Afro-Brazilian women's history, longtime PhDivas Podcast listener, and newly minted PhDiva (!). Cassie talks about archival methodologies, Black feminist theorizing beyond the US…

Let's talk about feelings, unfeelings, boundaries, and emotional labour! How do we build solidarities beyond what Black feminist Audre Lorde calls 'the master's house'? In part 2, PhDiva Liz chats to Xine about her book Disaffected and how her own positionality as a Chinese diasporic queer person led to how she navigates a feminist approach to feel…

So much and yet so little has changed for women of colour since the 19th century... PhDivas Liz and Xine discuss Xine's first book DISAFFECTED. Xine shares the challenges of writing a monograph (a fancy academic term for research book). Chapter 4 is kind of an homage to Liz: it discusses Black feminist approaches to STEM in the nineteenth century b…

If the master's tools can never dismantle the master's house, what can we build instead? Since emotional labour is racialized and gendered, what if minoritized people say 'no'? Listen to several brilliant WOC scholars discuss PhDiva Xine's new book DISAFFECTED: each of them was given a chapter of the book to respond to in order to give the audience…

Have you watched Netflix's The Chair? Join PhDivas Liz and Xine as they talk about all the uncomfortable resonances between their experiences as women of colour in academia and the short 'comedy' series starring Sandra Oh. (Yes, Xine even had a student describe her as 'if Sandra Oh were an academic.') They discuss antiblackness, model minority fail…

Just because they are both systems of oppression does not mean that casteism ≠ racism! Postcolonialism developed as a field of study established by predominantly Indian intellectuals -- but only understanding them as non-Black people of colour erases their caste privilege. Shaista Patel, a professor in Critical Muslim studies at UC San Diego, chats…

Mother's Day Special! Liz interviews her mom about what it's like to raise a PhDiva. Learn about Liz's childhood career aspirations and their intergenerational experience of education in Mississippi.Support us on Patreon: https://www.patreon.com/phdivaspodcastBy PhDivas

Springtime is the season of success for a few... and rejection for the majority. PhDivas Liz and Xine revisit the perennial topic of the many, many forms of rejection in academia -- from grants, students, programmes -- as early career scholars and attentive to disparities of power. Failure isn't only personal, but can be structural especially for B…

2021 has been a rough start for the PhDivas. Liz and Xine recorded this in the week after the white supremacist insurrection at the US Capitol -- and then somehow we had to go about academic 'business as usual.' So here the PhDivas discuss the conflicts between our exhaustion, our new curious status as inspirations, the start of term, the resumptio…

PhDivas Dr. Xine Yao and Dr. Liz Wayne get together over American Thanksgiving to talk about the challenges of working during COVID19. Supporting our own self care as we support our students, or research efforts is no trivial feat. All the best as the term and the year are winding down!Learn about the Indigenous peoples and their treaties of the la…

"This belongs in a museum!" Indiana Jones's catchphrase inspired generations of young archaeologists like Alex Fitzpatrick who are now critical of their discipline's colonial and imperialist pasts and presents. In this second part of their interview, PhDiva Xine chats with Alex about Napoleon's influence and approaching archaeology through animals,…

Handing in your PhD dissertation and disrupting the field of archaeology is exhausting enough... but during a global pandemic? Archaeologist Alex Fitzpatrick talks to PhDiva Xine on the cusp of earning her degree about precarity, post-dissertation depression, and the strangeness of a Chinese diasporic migrant in the United Kingdom. Twitter @Archaeo…