Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Content provided by Security Weekly Productions. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly Productions or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Security Weekly Podcast Network (Audio)
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Community Knowledge Sharing with CyberNest - Ben Siegel, Aaron Costello - ESW #379
Manage episode 444643209 series 2591184
Content provided by Security Weekly Productions. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly Productions or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
- Aaron's blog about the ServiceNow data exposure.
- The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.
In the enterprise security news,
- Eon, Resolve AI, Harmonic and more raise funding
- Dragos acquires Network Perception
- Prevalent acquires Miratech
- The latest DFIR reports
- A spicy security product review
- Secure by Whatever
- New threats
- Hot takes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
3064 episodes
Share
Manage episode 444643209 series 2591184
Content provided by Security Weekly Productions. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly Productions or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
For this interview, Ben from CyberNest joins us to talk about one of my favorite subjects: information sharing in infosec. There are so many amazing skills, tips, techniques, and intel that security professionals have to share. Sadly, a natural corporate reluctance to share information viewed as privileged and private has historically had a chilling effect on information sharing.
We'll discuss how to build such a community, how to clear the historical hurdles with information sharing, and how to monetize it without introducing bias and compromising the integrity of the information shared.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversation right now about the grey space around 'shared responsibility'. In our news segment later, we'll also be discussing the difference between secure design and secure defaults. The recent incidents revolving around Snowflake customers getting compromised via credential stuffing attacks is a great example of this. Open AWS S3 buckets are probably the best known example of this problem. At what point is the service provider responsible for customer mistakes? When 80% of customers are making expensive, critical mistakes? Doesn't the service provider have a responsibility to protect its customers (even if it's from themselves)?
These are the kinds of issues that led to Aaron getting his current job as Chief of SaaS Security Research at AppOmni, and also led to him recently finding another common misconfiguration - this time in ServiceNow's products. Finally, we'll discuss the value of a good bug report, and how it can be a killer addition to your resume if you're interested in this kind of work!
Segment Resources:
- Aaron's blog about the ServiceNow data exposure.
- The ServiceNow blog, thanking AppOmni for its support in uncovering the issue.
In the enterprise security news,
- Eon, Resolve AI, Harmonic and more raise funding
- Dragos acquires Network Perception
- Prevalent acquires Miratech
- The latest DFIR reports
- A spicy security product review
- Secure by Whatever
- New threats
- Hot takes
All that and more, on this episode of Enterprise Security Weekly.
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-379
3064 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Security Weekly Podcast Network (Audio)
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Daily update on current cyber security threats
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
