This week, we welcome back Matt Cauthorn, VP Sales Engineering at ExtraHop, to talk about how Everyone missed SUNBURST... or did they? When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected?unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise. In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Show Notes: https://securityweekly.com/bsw203

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks TikTok, Sonic Wall, Cisco, Fake Security Blogs, Joe Biden, and C-Suite Phishing, all this and the return of Jason Wood for Expert Commentary!

Show Notes: https://securityweekly.com/swn95

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Taylor McCaslin, Sr. Product Manager of Secure at GitLab, to discuss Reading Industry Analyst Tea Leaves To Predict The Future! It's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as as I like to call it, reading the analyst tea leaves.

In the AppSec News, an overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into AppSec, and all the things that can go wrong when you give up root in your Kubernetes pod!

Show Notes: https://securityweekly.com/asw137

Visit https://securityweekly.com/GitLab to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Welcome to the Security Weekly News Wrap up for the the Week of 10 - Jan 2021. Government, the Effabeeeye, Mimecast, Ubquiti, Cisco, and the German Police, all this and show wrap ups on the Security Weekly News Wrap Up!

Show Notes: https://securityweekly.com/swn94

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ryan Noon, Co-Founder and CEO from Material Security, joins us first, to discuss Beyond Phishing Blockers: risks to email, phishing, and beyond! Next up, Jon Gorenflo, Founder & Principal Consultant of Fundamental Security LLC, to talk about Hacking Ubiquiti Devices! In the Security News, How two authors became part of WRT54G hacking history, European police and German law enforcement have taken down the illegal "DarkMarket" online marketplace, iHackers Compromise Mimecast, 70 unpatched Cisco vulnerabilities and why these are not a big deal, Adobe is blocking Flash content, most containers still run as root, watching private videos on YouTube is more like silent films, and get a free bag of weed when you get your vaccine!

Show Notes: https://securityweekly.com/psw680

Visit https://securityweekly.com/materialsecurity to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, in the Enterprise Security News, Beyond Security partners with Vicarius, Amazon?s Parler removal and what it means for cloud confidence, Kount sold to Equifax, McAfee vs Crowdstrike, Jumpcloud raises some funds, Red Hat Acquires StackRox, and SolarWinds warnings of weak security and more. In the second segment, we talk Asset Management, Could this be the year we get a better handle on discovering and managing assets? In the final segment, we welcome Chris Blask from Unisys for an interview!

Show Notes: https://securityweekly.com/esw213

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jim McKee, Founder & CEO at Red Sky Alliance for an interview!We're going to dissect what we know about the Sunburst/SolarWinds hack to this point - SCW style! We'll touch on the things that keep coming up in the news - attribution, conspiracy theories, implications, consequences, and so forth.

In the second segment, we will shift focus of the discussion from understanding to action - that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there anything to do about this "clear and present danger"?

Show Notes: https://securityweekly.com/scw58

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Happy New Year! This week, Dr. Doug talks Parler, Section 230, Venomous Bear, Solarwinds continued, Carl Busch, Chris Krebs, Alex Stamos, Parler, all that and the Expert Commentary with Jason Wood!

Show Notes: https://securityweekly.com/swn93

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Patrick Orzechowski, VP of R&D at deepwatch, to help us learn why deepwatch chose Splunk as it?s one and only SIEM solution to deliver its Managed Detection & Response services to Fortune 2000 customers. Hear how deepwatch is leveraging a variety of Splunk capabilities and advanced API integrations to detect and respond to threats in customer environments.

In the Leadership and Communications section, How BISOs bridge the gap between corporate boards and cybersecurity, 5 questions CISOs should ask prospective corporate lawyers, Good Leadership Is About Asking Good Questions, and more!

Show Notes: https://securityweekly.com/bsw202

Visit https://securityweekly.com/deepwatch to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Andrei Serban, Co-Founder at Fuzzbuzz, to discuss Fuzz Testing! Fuzzing can be successful AppSec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just memory safety issues and what the future holds for making this strategy more effective for modern apps. In the AppSec News, Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, and the benefits of DevOps approaches to building systems!

Show Notes: https://securityweekly.com/asw136

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Clayton Fields & Michael Assraf from Vicarius join us to discuss The Good, The Bad and The Ugly sides of Automated Vulnerability Remediation! Ming Chow on Infosec Careers, Data Privacy, the Cloud Solution (or not), and DevOps! In the Security News, Nissan Source Code Leaked Online, Ticketmaster fined $10 million for breaking into rival?s systems, The Great iPwn, The Great Suspender, the Shady Zero-Day Sales Game, create your own encryption in Python, and using Google to hack Google!

Show Notes: https://securityweekly.com/psw679

Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Enterprise security News, Two data security companies merge, Veracode's products are now available in the AWS Marketplace, Zscaler launches a program for organizations dealing with the SolarWinds attack, SolarWinds is being sued in a class action lawsuit, funding announcements from Weaveworks, iBoss and Venafi. Chris Brown, Senior Director of Data Security at Imperva joins us to discuss the state of data security, Sean Metcalf, Founder and CTO at Trimarc Security and Tyler Robinson, Security Weekly host and Offensive Security Director at Trimarc Security will discuss the Solar Winds attack!

Show Notes: https://securityweekly.com/esw212

Visit https://securityweekly.com/imperva to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show summaries, JetBrains, FBI Warnings, Some Government news, and Bill Gates is about to take control of your brain and install Windows 3.0 Beta on your medula oblongata!

Show Notes: https://securityweekly.com/swn92

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we start the new year off with a roundtable discussion amongst the hosts looking back on the highs and lows of 2020! We don't want to have the typical "predictions" episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)?

Looking back:

-Solarwinds (not in depth but just as part of the year)

-Covid-19

-Working from home

-Conferences shut down

-Travel gone

-The new normal of zoom calls

-Kids at home

Looking forward:

-Vaccines

-Anti-vaxxers

-Resumption of travel?

-Resumption of conferences????

-Sales and marketing changes

-Societal changes

-The problems we face moving forward in compliance and security

Show Notes: https://securityweekly.com/scw57

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Todd Fitzgerald, Vice President, Cybersecurity Strategy at Cybersecurity Collaborative, to talk about CISO Stories! Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success. Join Todd as he introduces a new Podcast featuring actionable lessons from top-notch CISOs and Cybersecurity Leaders. In the Leadership and Communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!

Show Notes: https://securityweekly.com/bsw201

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week Dr. Doug talks Bill Gates Mind control, Section 230, Threatpost 2021 Predictions, Zyxel, California Privacy Law, Ticketmaster Hacking Rivals, and Jason Wood returns for Expert Commentary!

Show Notes: https://securityweekly.com/swn91

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

A premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community provide for this approach to design? We take a look at the OWASP Top 10, Web Security Testing Guide, and Application Security Verification Standard to find a way forward for DevOps teams. In the AppSec News, Microsoft purges malicious SolarWinds presence and highlights a threat model around their source code, the tl;drsec crew provides a hardening guide for Kubernetes, Apples provides a user guide for hardening accounts, and Firefox provides a new storage system to defeat side channel abuse!

Show Notes: https://securityweekly.com/asw135

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Vicarius' very own Roi Cohen and Shani Dodge join us to kick off the show with a technical segment titled "Generating Threat Insights Using Data Science"! Then, Harry SverdLove from ZScaler joins us for a technical segment on "Securing The Enterprise Software Supply Chain"! In the Security News, How suspected Russian hackers outed their massive cyberattack, Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure, Zodiac Killer Cipher Solved, a Security Researcher states ?solarwinds123? Password Left Firm Vulnerable in 2019, Why the Weakest Links Matter, and a 26-Year-Old Turns ?Mistake? of Being Added to an Honors Geometry Class to Becoming a Rocket Scientist!

Show Notes: https://securityweekly.com/psw678

Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://securityweekly.com/edgewise to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Enterprise security News, A Hack brought unwanted attention to SolarWinds, Datadog and Snyk unveil GitHub integration to automate software development workflow, Thoma Bravo Invests In Machine Identity Management/Security Startup Venafi, FireEye Closes $400M Blackstone Investment, and DigiCert now enables manufacturers to embed certificates on chips prior to manufacturing! Then, Martyn Crew from Gigamon joins us to discuss how "Visibility Is Critical in Uncertain Times", and we wrap up the show with a pre-recorded interview with Emily Huynh and Mandy McKenzie from Mimecast, discussing the Mimecast Awareness Training Philosophy!

Show Notes: https://securityweekly.com/esw211

Visit https://securityweekly.com/mimecast to learn more about them!

Visit https://securityweekly.com/gigamon to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, it's the final episode of Security Weekly News for 2020! Dr. Doug talks show summaries, the Russians, SolarWinds kill switch, everyone is hacked, Gitpaste-12 returns, and more!

Show Notes: https://securityweekly.com/swn90

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we're going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching "PCI" context to this discussion. We'll continue our discussion of penetration testing. In this segment, we'll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results.

Show Notes: https://securityweekly.com/scw56

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about Transforming Cyber Risk/Compliance Through Automation! For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult 2020 and discuss the changes we'll make in 2021 to be better leaders.

Show Notes: https://securityweekly.com/bsw200

Visit https://securityweekly.com/cybersaintbsw to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks about U.S Agencies hit by Foreign Adversaries, SolarWinds, New PyMicropsia Trojan, SoRel-20M, Naughty Cyberpunk 2077 glitches, and the return of Jason Wood!

Show Notes: https://securityweekly.com/swn89

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ev Kontsevoy, CEO at Teleport, to discuss Freedom From Computing Environments! In the Application Security News, FireEye shares supply chain subterfuge, researchers show repeated mistakes in TCP/IP stacks, Google open sources Python fuzzing, Cisco and Microsoft patch their patches for vulns in Jabber and printer modules!

Show Notes: https://securityweekly.com/asw134

Visit https://securityweekly.com/teleport to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

This week, it's the 15 Year Anniversary Edition of Security Weekly! We celebrate with three roundtable discussions on Penetration Testing, Blue Team Techniques, and Hacker Culture! Penetration Testing: Join us for a lively discussion surrounding the topic of penetration testing. Sure, we've called out differences between vulnerability scanning and penetration testing. Moving past this particular issue, we'll explore how to effectively use penetration testing in your environments. Blue Team Techniques We often hear that offensive security techniques are "sexier" than defensive blue team techniques. In this panel discussion, we attempt to level the playing field (on so many levels...) between attackers and defenders. Keeping the evil attackers out of our networks and systems is a daunting task that requires creative thinking and creative solutions. Hacker Culture: Hacking matters. The term hacking has gotten away from us over the years. I believe we've reclaimed it, to a certain extent. The goal of this panel is to discuss all things hacking culture. What does it mean to be a hacker and how do we preserve the hacking ideology?

Show Notes: https://securityweekly.com/psw677

Visit https://securityweekly.com/ilf to learn more about them!

Visit https://securityweekly.com/risksense to learn more about them!

Visit https://securityweekly.com/coresecurity to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Steam flaws, Zuck gets zucked, Black Mirror, Kerberos flaws in Windows, and the 15th Anniversary/Unlocked show! All this and show wrap ups on the Security Weekly News Wrap Up!

Show Notes: https://securityweekly.com/swn88

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Enterprise Security News, How Kali Linux creators plan to handle the future of penetration testing, Tenable founders launch cybersecurity foundation to hand out grants, FireEye cybersecurity tools compromised in state-sponsored attack, Bitdefender launches cloud-based endpoint detection, response platform for companies, and Sysnet acquires Viking Cloud to enhance its cloud security platform and boost market expansion! Mike Lloyd from RedSeal joins us to discuss "How Can We Vaccinate Our Networks?", and we wrap up the show with an interview with Joe Rivela from Polarity!

Show Notes: https://securityweekly.com/esw210

Visit https://www.polarity.io/sw to learn more about them!

Visit https://securityweekly.com/redseal to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about The Cyber Risk/Compliance Transformation Solution! We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick "Flee" Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square. We'll spend some time getting to know Flee and his background, pepper him with questions, talk shop, all the while engaging in the usual mayhem!

Show Notes: https://securityweekly.com/scw55

Visit https://securityweekly.com/cybersaintscw to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Amnesia:33, the NSA, IoT Laws, Trickbot returns from the dead, & IRS tax ID Pins! Tim Mackey, Principal Security Strategist at Synopsys, joins us for Expert Commentary to discuss the impact of the supreme court taking up the case of how broad the CFAA is and its impact on security research!

Show Notes: https://securityweekly.com/swn87

Visit https://securityweekly.com/synopsys to learn more about them!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Sri Sundaralingam joins Security Weekly to discuss the challenges of hybrid workforce and what security professionals should start thinking about as they begin planning for a return to the office in 2021! In the leadership and communications section, Darth Vader Week - Leadership from the Dark Side, Compassionate Leadership Is Necessary ? but Not Sufficient, 3 Steps to Run Better and More Effective Meetings, and more!

Show Notes: https://securityweekly.com/bsw199

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Mike Manrod, CISO of Grand Canyon University, joined by John Delaroderie, Security Solutions Architect at Qualys, to discuss his approach to web application security with an emphasis on improving knowledge of web application vulnerabilities and the external attack surface, and his approach to reducing the number of opportunities an attacker has to compromise our information and infrastructure! In the Application Security News, An old security bug in the Play library still affects 8% of apps in Google Play, Project Zero researcher spends six months to reboot an iPhone (in an epic manner), GitHub looks at the security of repos within its Octoverse, the OWASP Web Security Testing Guide gets a minor bump, and XS-Leaks get more attention.

Show Notes: https://securityweekly.com/asw133

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Vicarius' very own Roi Cohen and Gilad Lev join us to kick off the show with a technical segment titled "From Chaos to Topia"! Jeff Capone from SecureCircle joins us for an interview on zero trust data security! Ed Skoudis returns to talk to us about the Holiday Hack Challenge! Then, in the Security News, Thousands of unsecured medical records were exposed online, Advanced Persistent Threat Actors Targeting U.S. Think Tanks, WarGames for real: How one 1983 exercise nearly triggered WWIII , The Supreme Court will hear its first big CFAA case, TrickBoot feature allows TrickBot to run UEFI attacks, and Cyber Command deployed personnel to Estonia to protect elections against Russian threat!

Show Notes: https://securityweekly.com/psw676

Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://securityweekly.com/securecircle to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Krebs, slack, docker vulnerabilities, Jeff Man finds fake news, a massive IoS article, and UEFI, all this and show wrap ups on the Security Weekly News Wrap Up!

Show Notes: https://securityweekly.com/swn86

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, in the Enterprise Security News, securing Amazon EKS, Attivo Networks announces a new integration, a cloud security mapping startup comes out of stealth, recent funding announcements from DefenseStorm, GoSecure, EclecticIQ and more! We discuss The Road To Secure Your Organization, with Ferruh Mavituna, and wrap up the show with a special Round Table Discussion on Cybersecurity and Diversity featuring; Jackie Abrams, Gabe Gumbs, Mandy Logan, & Susan Bosco!

Show Notes: https://securityweekly.com/esw209

Visit https://securityweekly.com/netsparker to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we're going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He's also co-founder and CEO of a company called ByteChek whose tagline is "We Make Compliance Suck Less" so I think we're in store for a fascinating discussion.

Show Notes: https://securityweekly.com/scw54

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Jeff Capone, CEO and Co-founder at SecureCircle, joins us to discuss how to protect all of your data and stop asking "Where's Your Data?"! If we can protect everything, who cares where it is, as you continue to maintain control! In the Leadership and Communications section,Your Title Doesn't Make You a Leader, The New Nine to Five: How Traditional Hours Are Holding Your Business Back, Building a Better Workplace Starts with Saying ?Thanks?, and more!

Show Notes: https://securityweekly.com/bsw198

Visit https://securityweekly.com/securecircle to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Building High Performing Security Teams - The Skills Gap vs The Talent Shortage: Cybrary CEO and Co-Founder Ryan Corey sits down with Security Weekly to chat about the trends they are seeing in Cybersecurity skill development among high performing teams. Ryan will share some highlights from Cybrary's recent Cybersecurity Skills Gap Survey Report.

Show Notes: https://securityweekly.com/swn85

Visit https://cybrary.it/solved to learn more about them!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Tim Mackey, Principal Security Strategist at Synopsys, to talk about Security Decisions During Application Development! In the Application Security News, Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!

Show Notes: https://securityweekly.com/asw132

Visit https://securityweekly.com/synopsys to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Enterprise Security News, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry?s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs! We discuss Which Multifactor Authentication is the Right One with Matt Barnett, Chief Strategist at SEVN-X!, and then we gain some insights into Sharpening CVSS with Asset Context, with Clayton Fields and Michael Assraf of Vicarius!

Show Notes: https://securityweekly.com/esw208

Visit https://securityweekly.com/vicarius to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Zulfikar Ramzan, Ph.D., Chief Digital Officer at RSA Security, to talk about how Zero Trust Intersects XDR in Today?s Digital Era! In the second segment, the SCW crew and Dr. Ramzan talk about Cyber Credit Score Industry! Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we'd bring it up as a compliance topic. We'll define what we're talking about when it comes to Cyber Credit Scores - what they are intended to do and for whom. Then we'll pick it apart, SCW style!

Show Notes: https://securityweekly.com/scw53

Visit https://securityweekly.com/rsasecurity to learn more about them!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, James Gomez, CISO at Cybersec, join us to discuss Cybersecurity & Integrated Risk Management! In the Leadership and Communication Segment we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks and more!

Show Notes: https://securityweekly.com/bsw197

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, in the first segment, Mike, Adrian, and John discuss Threat Modeling! We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models? In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!

Show Notes: https://wiki.securityweekly.com/asw131

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Mimecast's very own Jamie Fernandes and Karsten Chearis join us to discuss recent Threat Actor Trends! Michael Roytman, the Chief Data Scientist at Kenna Security discusses how to use AI and Machine Learning to solve Infosec problems! In the Security News, Verizon has suggestions on how to make DNS more secure, Microsoft is trying to fix another Kerberos vulnerability, Bumble made some security blunders, why trying to write an article about rebooting your router was a terrible idea, popping shells on Linux via the file manager, Trump fired Krebs, backdoors on your TV and why PHP is still a really bad idea!

Show Notes: https://securityweekly.com/psw675

Visit https://securityweekly.com/mimecast to learn more about them!

Visit https://securityweekly.com/kennasecurity to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks about IoT Legislature, Krebs is fired, DNS, Joff Thyer, Clearview, Cicada, and Funny Dream as well as the show Wrap Ups!

Show Notes: https://securityweekly.com/swn84

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we start with the Enterprise News, discussing the all new AWS Network Firewall, Zero Trust for Kubernetes, interactive coding simulations, DNS monitoring, and Twitter appoints a new head of security! The latest acquisitions from Cisco, Acronis, Palo Alto Networks, and Flashpoint, and recent funding announcements from Unbound, Havoc Shield, Menlo Security and Cato networks!In our second segment, we discuss how network detection helps fill the gaps with Steve Porcello from Gigamon! Finally, we gain some insights into the future of Osquery with Ganesh Pai and Julian Wayte from Uptycs!

Show Notes: https://securityweekly.com/esw207

Visit https://securityweekly.com/gigamon to learn more about them!

Visit https://securityweekly.com/uptycs to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we have the pleasure of welcoming the newest member of the CRA/Security Weekly family, Adrian Sanabria! What is his role at Security Weekly, and what is the plan for rolling things out over the next 12-18 months? We'll continue the discussion with Adrian Sanabria and explore if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience!

Show Notes: https://wiki.securityweekly.com/scw52

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Kevin O'Brien, CEO and Co-Founder at GreatHorn, for a discussion around what Risk Mitigation looks like in email! In the Leadership and Communications section, The CISO?s Dilemma: Balancing Security, Productivity With a Housebound Workforce, Seven cybersecurity predictions for 2021, Avoiding cloud sprawl: 5 considerations for managing a multicloud environment, and more!

Show Notes: https://securityweekly.com/bsw196

Visit https://securityweekly.com/greathorn to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks Bumble, Facebook Scams, Mudge, CISA, Hidden Cobra, and Lazarus Group! All this and Jason Wood returns for Expert Commentary on the Security Weekly News!

Show Notes: https://securityweekly.com/swn83

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Rickard Carlsson, Co-founder & CEO at Detectify, to talk about Automated Hacker Knowledge! In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for DevOps, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!

Show Notes: https://wiki.securityweekly.com/asw130

Visit https://securityweekly.com/detectify to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to discuss how to Disrupt Attacks at the Endpoint with Attivo Networks! Then, Badri Raghunathan, Director of Product Management, and Sumedh Thakar, President and Chief Product Officer from Qualys, join us to discuss The Challenges Associated With Securing Container Environments! In the Security News, not all cyberattacks are created equal, Google patches two more Chrome zero days, What does threat intelligence really mean?, Cobalt Strike leaked source code, DNS cache poisoning is back, and Zebras and Dots!

Show Notes: https://wiki.securityweekly.com/psw674

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://securityweekly.com/attivo to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly