Paul's Security Weekly

Poking the Bear - SCW #54

Paul's Security Weekly - Wed, 12/02/2020 - 11:00am

This week, we're going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He's also co-founder and CEO of a company called ByteChek whose tagline is "We Make Compliance Suck Less" so I think we're in store for a fascinating discussion.

 

Show Notes: https://securityweekly.com/scw54

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

A Plan Over Time - BSW #198

Paul's Security Weekly - Tue, 12/01/2020 - 6:00pm

This week, Jeff Capone, CEO and Co-founder at SecureCircle, joins us to discuss how to protect all of your data and stop asking "Where's Your Data?"! If we can protect everything, who cares where it is, as you continue to maintain control! In the Leadership and Communications section,Your Title Doesn't Make You a Leader, The New Nine to Five: How Traditional Hours Are Holding Your Business Back, Building a Better Workplace Starts with Saying “Thanks”, and more!

 

Show Notes: https://securityweekly.com/bsw198

Visit https://securityweekly.com/securecircle to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

GoDaddy DNS Attacks, New Magecart Attacks, & Ryan Corey - SWN #85

Paul's Security Weekly - Tue, 12/01/2020 - 4:47pm

Building High Performing Security Teams - The Skills Gap vs The Talent Shortage: Cybrary CEO and Co-Founder Ryan Corey sits down with Security Weekly to chat about the trends they are seeing in Cybersecurity skill development among high performing teams. Ryan will share some highlights from Cybrary's recent Cybersecurity Skills Gap Survey Report.

 

Show Notes: https://securityweekly.com/swn85

Visit https://cybrary.it/solved to learn more about them!

 

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Talking Cookies - ASW #132

Paul's Security Weekly - Tue, 12/01/2020 - 2:30pm

This week, we welcome back Tim Mackey, Principal Security Strategist at Synopsys, to talk about Security Decisions During Application Development! In the Application Security News, Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!

 

Show Notes: https://securityweekly.com/asw132

Visit https://securityweekly.com/synopsys to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Just Reboot Your Stuff - ESW #208

Paul's Security Weekly - Thu, 11/26/2020 - 5:00am

This week in the Enterprise Security News, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! We discuss Which Multifactor Authentication is the Right One with Matt Barnett, Chief Strategist at SEVN-X!, and then we gain some insights into Sharpening CVSS with Asset Context, with Clayton Fields and Michael Assraf of Vicarius!

 

Show Notes: https://securityweekly.com/esw208

Visit https://securityweekly.com/vicarius to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Magician Hat - SCW #53

Paul's Security Weekly - Wed, 11/25/2020 - 5:00pm

This week, we welcome Zulfikar Ramzan, Ph.D., Chief Digital Officer at RSA Security, to talk about how Zero Trust Intersects XDR in Today’s Digital Era! In the second segment, the SCW crew and Dr. Ramzan talk about Cyber Credit Score Industry! Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we'd bring it up as a compliance topic. We'll define what we're talking about when it comes to Cyber Credit Scores - what they are intended to do and for whom. Then we'll pick it apart, SCW style!

 

Show Notes: https://securityweekly.com/scw53

Visit https://securityweekly.com/rsasecurity to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Better Plays - BSW #197

Paul's Security Weekly - Wed, 11/25/2020 - 11:00am

This week, James Gomez, CISO at Cybersec, join us to discuss Cybersecurity & Integrated Risk Management! In the Leadership and Communication Segment we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks and more!

 

Show Notes: https://securityweekly.com/bsw197

Visit https://www.securityweekly.com/bsw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Thunderdome Technique - ASW #131

Paul's Security Weekly - Tue, 11/24/2020 - 4:00pm

This week, in the first segment, Mike, Adrian, and John discuss Threat Modeling! We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models? In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!

 

Show Notes: https://wiki.securityweekly.com/asw131

Visit https://www.securityweekly.com/asw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Sometimes, Computers Just Freak Out - PSW #675

Paul's Security Weekly - Fri, 11/20/2020 - 6:00pm

This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!

 

Show Notes: https://securityweekly.com/psw675

Visit https://securityweekly.com/mimecast to learn more about them!

Visit https://securityweekly.com/kennasecurity to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Krebs Fired at CISA, 'Stone Panda', & DNS Is Not Your Friend - Wrap Up - SWN #84

Paul's Security Weekly - Fri, 11/20/2020 - 3:32pm

This week, Dr. Doug talks about IoT Legislature, Krebs is fired, DNS, Joff Thyer, Clearview, Cicada, and Funny Dream as well as the show Wrap Ups!

 

Show Notes: https://securityweekly.com/swn84

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Some Serious Coin - ESW #207

Paul's Security Weekly - Fri, 11/20/2020 - 2:30pm

This week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!In our second segment, we discuss how network detection helps fill the gaps with Steve Porcello from Gigamon! Finally, we gain some insights into the future of Osquery with Ganesh Pai and Julian Wayte from Uptycs!

 

Show Notes: https://securityweekly.com/esw207

Visit https://securityweekly.com/gigamon to learn more about them!

Visit https://securityweekly.com/uptycs to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Sledgehammer - SCW #52

Paul's Security Weekly - Wed, 11/18/2020 - 2:00pm

This week, we have the pleasure of welcoming the newest member of the CRA/Security Weekly family, Adrian Sanabria! What is his role at Security Weekly, and what is the plan for rolling things out over the next 12-18 months? We'll continue the discussion with Adrian Sanabria and explore if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience!

 

Show Notes: https://wiki.securityweekly.com/scw52

Visit https://www.securityweekly.com/scw for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Flow - BSW #196

Paul's Security Weekly - Tue, 11/17/2020 - 5:00pm

This week, we welcome back Kevin O'Brien, CEO and Co-Founder at GreatHorn, for a discussion around what Risk Mitigation looks like in email! In the Leadership and Communications section, The CISO’s Dilemma: Balancing Security, Productivity With a Housebound Workforce, Seven cybersecurity predictions for 2021, Avoiding cloud sprawl: 5 considerations for managing a multicloud environment, and more!

 

Show Notes: https://securityweekly.com/bsw196

Visit https://securityweekly.com/greathorn to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

CISA, Facebook Scams, Mudge, & Hidden Cobra - SWN #83

Paul's Security Weekly - Tue, 11/17/2020 - 4:36pm

This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!

 

Show Notes: https://securityweekly.com/swn83

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Black Friday - ASW #130

Paul's Security Weekly - Tue, 11/17/2020 - 12:00pm

This week, we welcome Rickard Carlsson, Co-founder & CEO at Detectify, to talk about Automated Hacker Knowledge! In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for DevOps, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!

 

Show Notes: https://wiki.securityweekly.com/asw130

Visit https://securityweekly.com/detectify to learn more about them!

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Junior High Geometry - PSW #674

Paul's Security Weekly - Fri, 11/13/2020 - 6:00pm

This week, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to discuss how to Disrupt Attacks at the Endpoint with Attivo Networks! Then, Badri Raghunathan, Director of Product Management, and Sumedh Thakar, President and Chief Product Officer from Qualys, join us to discuss The Challenges Associated With Securing Container Environments! In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean?, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras and Dots!

 

Show Notes: https://wiki.securityweekly.com/psw674

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://securityweekly.com/attivo to learn more about them!

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Ghimob, Tianfu, Scalper Bots, Animal Jam, & Pay2Key - Wrap Up - SWN #82

Paul's Security Weekly - Fri, 11/13/2020 - 2:52pm

This week, Doug talks Tianfu, Ghimob, Scalper bots, Animal Jam, Pay2Key, the Sad State Of 2FA, all this and Doug's Threat of the Week on the Security Weekly News Wrap Up!

 

Show Notes: https://securityweekly.com/swn82

Visit https://www.securityweekly.com/swn for all the latest episodes!

 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Bang on the WAF - ESW #206

Paul's Security Weekly - Fri, 11/13/2020 - 2:30pm

This week, we welcome Trevor Welsh, Global Security Strategist at Chronicle, to discuss Getting Google Scale Threat Detection With Chronicle Detect! In the Enterprise News, Radware Announces Expanded Elastic Scalability and Resiliency for its Virtual DDoS Protection in AWS, Neustar Agrees to Buy Verisign’s Public DNS Service, Auto-Scaling Network Visibility in AWS Cloud, Palo Alto Networks introduces Enterprise Data Loss Prevention, New Kasada API protects from botnet attacks and targeted fraud, and more! In our final segment, we have two pre-recorded interviews with Jeff Capone of SecureCircle, and Roi Cohen of Vicarius!

 

Show Notes: https://securityweekly.com/esw206

Visit https://securityweekly.com/chronicle to learn more about them!

Visit https://securityweekly.com/securecircle to learn more about them!

Visit https://securityweekly.com/vicarius to learn more about them!

 

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Take Ownership - SCW #51

Paul's Security Weekly - Thu, 11/12/2020 - 2:00pm

This week, we welcome back Liam Downward, CEO at CYRISMA, to talk about Data, Data, Data! You've scanned your data to uncover risks and vulnerabilities and assigned accountability through mitigation plans to meet compliance mandates. Now you must classify, rank, prioritize and score your data to track efforts and stay organized.

 

Show Notes: https://wiki.securityweekly.com/scw51

Visit https://securityweekly.com/cyrisma to learn more about them!

 

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Gatekeeper - BSW #195

Paul's Security Weekly - Wed, 11/11/2020 - 5:00pm

This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to talk about the Cybersecurity Forecast: Cloudy With a Chance of Turbulence! In the Leadership and Communications section, How to Be a Visionary Leader and Still Have a Personal Life, 5 Mistakes CISOs Make in Their Board Presentations, What are CEOs focused on for next year?, and more!

 

Show Notes: https://securityweekly.com/bsw195

Visit https://securityweekly.com/redseal to learn more about them!

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Pages