This week, we welcome Allie Mellen, Industry Analyst at Forrester Research to discuss Digging Into XDR! In the second segment, Vincent Berk, CTO and Chief Security Architect at Riverbed to talk about Securing the Invisible: Holes in Your Visibility Fabric & Where Hackers Hide! Finally, in the Enterprise Security News for this week: At least a dozen cybersecurity companies announced raises totaling more than $900m - just in the past week!, Permira proposes to take Mimecast private for $5.8bn, The leader of a Swiss tech company is accused of selling access to text message data for surveillance, A former Ubiquiti developer was behind the big breach announced earlier this year - he unsuccessfully tried to extort his employer, SentinelOne tries to bring mobile security back?, Google and Trail of Bits team up to release a tool that scans for vulnerable Python packages, CISA has assembled a panel that will begin making cybersecurity recommendations, Make sure to stick around for, This week's spicy take - Cloudflare recommends ditching your firewall, and This week's squirrel story - a new streaming service from an unexpected source! All that and more, on this episode of Enterprise Security Weekly!

Segment Resources:

https://visibility.riverbed.com/

https://www.riverbed.com/solutions/security.html

https://www.riverbed.com/products/npm/netprofiler-advanced-security-module.html

Visit https://securityweekly.com/riverbed to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/esw253

This week in the Security Weekly News Wrap Up Dr. Doug talks: Ben Dorsey, NginRat, AT&T, Decryption, IoT, and Bad WIFI Routers! All this and Dr. Doug's favorite threat of the week, & the show wrap ups for this week!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/swn172

In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for 20 years before that! Passwordless is everywhere these days, but like most new security markets, it's shrouded in confusion. There are already dozens of vendors promising to kill the password, but they don't all seem to be coming at the challenge the same way. In the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC - is the SOC dead?, Comparing secure messaging apps, The best cities for cybersecurity professionals, and Don't miss today's Squirrel Story - it's a personal anecdote!

Show Notes: https://securityweekly.com/esw252

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Shailesh Athalye, Senior Vice President of Product Management at Qualys joins to discuss why Cybersecurity is an Unfair Game! Then, we jump straight into the Security News for this week: Stop hiding your secrets in plain sight, Detecting Wildcard DNS Abuse, $5 setup that hacks biometrics, Managing passwords with pen and paper, Windows 10 Zero Days, & why The Matrix (might be) the best hacker movie!! Finally, we close out the show with a special pre-recorded interview featuring Sven Morgenroth, Security Researcher at Netsparker, where we discussed Auth Vulnerabilities!

Show Notes: https://securityweekly.com/psw720

Segment Resources:

Visit https://securityweekly.com/invicti

https://www.qualys.com/cloud-platform/

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

There?s something happening here ? and what it is ain?t exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We?re going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what?s right and what?s wrong in our industry today and what can we do about it. All from a hacker?s perspective.

Show Notes: https://securityweekly.com/scw97

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

We cover a lot of articles about CISO leadership, communications, skills, and yes, transition. This week we discuss the CISO transition from a CISO's perspective. I will interview my co-hosts on why they made moves in 2021, what criteria did they use to analyze their next role, and what are their strategies for a successful transition. In the Leadership & Communications section, 'They Said a CISO Does What?', 5 Tips to be an awesome CISO, 9 tips for an effective ransomware negotiation, and more!

Show Notes: https://securityweekly.com/bsw242

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News: Tardigrade, Reaper, HP, Cannazon, Ikea, Cameras, The Virtual DMV Verse, and the Expert Commentary Jason Wood on this edition of the Security Weekly News!

Show Notes: https://securityweekly.com/swn171

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

In today?s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they?ll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they?ll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation, and training. In the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!

Show Notes: https://securityweekly.com/asw176

Segment Resources:

Veracode State of Sofware Security v11 https://www.veracode.com/state-of-software-security-report

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the interpretation and application of many of the more challenging security requirements found in PCI DSS which was reflected in its tag line, ?Techniques, Tools and Tirade about Retail Technology and E-Commerce. The founder of the column, Evan Schuman, is a veteran journalist who has covered a wide range of technology, privacy and legal issues over the past three decades. Evan will give us his take on many of the issues facing the connected world -past, present, and future.

Show Notes: https://securityweekly.com/scw96

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News Wrap Up: Dr. Doug rants in preparation for the Holidays, Scams, Exchange Flaws, SquirrelWaffel, honeypots, hoodies, & more!

Show Notes: https://securityweekly.com/swn170

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age. In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!

Show Notes: https://securityweekly.com/bsw241

Visit https://securityweekly.com/cybersaint to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News, Dr. Doug talks: Grandma's recipe, Imunify360, GoDaddy, Nigeria, holiday scams, bug bounties, & Bryon Hundley from ISAC joins for Special Guest Commentary! Bryon will discuss the sector-wide exercise that was conducted over the summer in which top trade associations in retail, hospitality, and travel partnered with RH-ISAC and CISA to support the first industry-wide exercise focused on communication, coordination, and decision making.

Show Notes: https://securityweekly.com/swn169

Segment Resources:

https://www.rhisac.org/press-release/rh-isac-and-cisa-announce-first-retail-hospitality-and-travel-industry-wide-cybersecurity-exercise/

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely! In the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!

Show Notes: https://securityweekly.com/asw175

Segment Resources:

https://webassembly.org/

https://wasmcloud.com/

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This Week Dr. Doug talks: Satoshi Nakamoto, Weird Sex Objects, teaching hackers, Fatpipe, Banks, Win 11, Glitch, and Perswaysion [sic], and Show Wrap-Ups, on the Security Weekly News!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn168

ExtraHop VP, GM of International and Global Security Programs Mike Campfield joins Security Weekly for a retrospective on ransomware in 2021, shares his predictions on how it will evolve in 2022 and beyond, and what controls enterprises can put into place to build their resilience to the growing threat. Jeffrey then joins us today to guide us through the rapidly changing world of Cyber Insurance! We solicited some questions from our audience and look forward to picking his brain in this segment. In the Enterprise Security News: NDR startup Netography raises a $45m Series A with Martin Roesch at the helm! Data Security startup Laminar comes out of stealth with a $32m Series A Threat Intel divestment SnapAttack spins out of Booz Allen Cloud Security startup Lacework raises $1.3bn in a single round, Lacework acquires Soluble, You can make some cash if you're willing to delete the NPM modules you manage, Congress goes Cyber Crazy - 18 new cybersecurity-related bills introduced, Emotet returns, but there are tracking tools, All that and more, on this episode of Enterprise Security Weekly!

Show Notes: https://securityweekly.com/esw251

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with a technical segment where we walk through creating vulnerable Docker Containers ? On Purpose! Then, Derek Rook from Senior Director Purple Team atTeradata, & SANS Certified Instructor joins to discuss technologies to build CTFs as well as what types of things to consider while doing so!! In the Security News: The FBI is spamming you, hacking exists in the mind, Beg Bounties, nasty top-level domains, MosesStaff, why own one npm package when you can own them all, how much is your 0day worth, upnp strikes again, when patches break exploits in weird ways, records exposed in stripchat leak, can we just block ICMP?, trojans in your IDA, suing Satoshi Nakamoto, paying to be in the mile high club, it was cilantro, and sexy VR furniture!

Show Notes: https://securityweekly.com/psw719

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers? networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.

Show Notes: https://securityweekly.com/scw95

Segment Resources:

https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Tony Cole, CTO at Attivo Networks, to discuss Protecting Identity Services! Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defenders for a myriad of reasons. Discussion will entail how this attitude can and should change. In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks, and more!

Show Notes: https://securityweekly.com/bsw240

Visit https://securityweekly.com/attivonetworks to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week on the Security Weekly News, Dr. Doug talks: The Eyes don't lie, the FBI, Intel, Microsoft, pompompurin, smishing, and ransom consulting! All this and Aaran Leyland's Expert Commentary on the Security Weekly News!

Show Notes: https://securityweekly.com/swn167

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!

Show Notes: https://securityweekly.com/asw174

Visit https://securityweekly.com/guardsquare to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Angela Marafino, PM at Microsoft, to talk about MegatronAL on Kicking in the Door to Cybersecurity! In the second segment, we welcome Nick Leghorn, Director of Application Security at The New York Times, to discuss Building a Risk Based Security Program That Actually Works! In the Enterprise Security News: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more.

Show Notes: https://securityweekly.com/esw250

https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome

https://www.itspmagazine.com/focal-point-podcast

https://twitter.com/hackerbookclub1

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks: Elon buys my motorcycle, Lyceum, Buzz word security, PS5, Puny Code, Palo Alto, and Small biz, and the show wrap ups on the Security Weekly News Wrap Up show!

Show Notes: https://securityweekly.com/swn166

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Lodrina Cherne, and Martijn Grooten join to discuss the Realworld capabilities of Stalkerware! Then, Sachin Mahajan from Inguardians joins to delve MAVSH!! In the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and ?are you high??

Show Notes: https://securityweekly.com/psw718

Segment Resources:

http://mav.sh/ https://github.com/0xkayn/Valkyrie

https://www.youtube.com/watch?v=CJZ2gCLopyU

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well.

Show Notes: https://securityweekly.com/scw94

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry friends. Suresh Balasubramanian Qualys CMO and Sara Griffith CISO at Euronet Worldwide will discuss the value of in-person cybersecurity events, how attending can reinvigorate teams, the benefits to sharing best practices with peers, and getting up to speed on the latest innovations in cybersecurity through conference presentations. In the Leadership and Communications section, The First 100 Days in A CISO?s Life ? Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Down Cybersecurity's Hiring Problem, and more!

Show Notes: https://securityweekly.com/bsw239

Segment Resources: https://www.qualys.com/qsc/2021/las-vegas/

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week Dr. Doug talks: ThisElon, UL, You, Robin Hood, Zoho, lots of ransomware, and the return of Jason Wood for Expert Commentary on the Security Weekly News!

Show Notes: https://securityweekly.com/swn165

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Mike, John and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets.

In the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels!

Show Notes: https://securityweekly.com/asw173

Visit https://securityweekly.com/cloudsmith to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This Week in the Security News Dr. Doug talks: War driving, Linux kernels, Pegasus, Darkside, Braktooth, Clippy, and more, on the Security Weekly News Wrap Up!

Show Notes: https://securityweekly.com/swn164

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chad Skipper, Director Product Marketing at VMware, to talk about Detecting the Next Breach: How to Win the War With NSX NDR! In the second segment, we welcome Frank McGovern, Cybersecurity Architect at StoneX Group Inc., to discuss Building Up the Blue Team! In the Enterprise Security News: Laika raises $35m in the growing compliance-as-a-service segment, IBM launches XDR, CrowdStrike acquires SecureCircle and moves into the data layer, HelpSystems acquires endpoint DLP vendor Digital Guardian, Crazy valuations, Questionable statistics, Analysts shine a doubtful light on Darktrace's value, Facebook gets all Meta on us, and more!

Show Notes: https://securityweekly.com/esw249

Segment Resources:

https://blogs.vmware.com/networkvirtualization/2021/10/vmware-achieves-industry-first-aaa-rating-for-network-detection-response-from-se-labs.html/

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/NDR-Solution.pdf

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmw-nsx-ndr-breach-response-test-report.pdf

Visit https://securityweekly.com/vmware to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Doug Burks, CEO of Security Onion Solutions, who joins to discuss Peel Back the Layers of Your Enterprise with Security Onion 2! Then, I'm going to continue guiding you through Scanning For Default Creds With Python!! In the Security News: LOLbins that make you LOL, over exposing your medical records, Shrootless gets past SIP, 73.6% of statistics are made up and other such lies, we love Signal, if an 0day drops on the Internet how many people have it?, fake Harvard students, uses for an Apple cleaning cloth, Bidi override characters, who owns my house?, who owns your printer?, and the return of Clippy!

Show Notes: https://securityweekly.com/psw717

Segment Resources:

https://securityonion.net

https://github.com/Security-Onion-Solutions/securityonion

https://securityonion.net/discuss

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

With cybersecurity skills already in short supply, the prospect of losing what little workforce there is to pull from to resignations (especially in the context of the ?Great Resignation?), is a disturbing one. Rick McElroy will speak to the causes of security burnout and the steps organizations need to take to prevent the loss of the precious resource that is security talent. He will share supporting research findings from VMware's latest Global Incident Response Threat Report: Manipulating Reality.

Show Notes: https://securityweekly.com/scw93

Segment Resources: https://www.vmware.com/resources/security/global-incident-response-threat-report-manipulating-reality.html

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Kyle McNulty, Founder and Host at Secure Ventures, to discuss Easy Ways for Businesses to Become More Resilient! More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break a deal. Kyle will break down key strategies to secure your small company with limited time and resources.

In the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support the New Hybrid Workplace, and more!

Show Notes: https://securityweekly.com/bsw238

Segment Resources:

https://podcasts.apple.com/us/podcast/secure-ventures-with-kyle-mcnulty/id1545294976

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security Weekly News, Dr. Doug talks: Dancing holograms, REvil again, Ransomware busts, hiding malware in source code, http header smuggling, Freeswitch, and the return of Jason Wood!

Show Notes: https://securityweekly.com/swn163

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva! Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems. In the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations!

Show Notes: https://securityweekly.com/asw172

Visit https://securityweekly.com/imperva to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security News Wrap Up, Dr. Doug talks: Virtual crime, wardriving, Iran, SEO, QR Code Attacks, Avast, CISA, Windows 11, Zuck strikes back, & more!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/swn162

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Decrypt As If Your Security Depends On It! In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, and a silicon valley entrepreneur wants to scan your eyes! In the final segment, we spoke with Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups!

Show Notes: https://securityweekly.com/esw248

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we kick off the show with an interview featuring Roger Grimes, Data-Driven Defense Evangelist, KnowBe4, who joins to discuss the Evolution and Maturity of the Cybersecurity Industry! Then, Matt Linton, Chaos Specialist at Google, joins to talk about What Exactly Is an Incident Commander, Anyway! In the Security News: Its still not illegal to look at HTML source code, Nobelium strikes again, npm infections, gas is cheap in Iran, if you can get it, Google Tensor, going beyond the transport layer with HTTPS, buying a power plan, EBCIDIC and GDPR, how children can infect parents, signing your rootkit, dates are hard, something smells funny and bird poop in your antenna!

Show Notes: https://securityweekly.com/psw716

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, and some real-world examples and some real-life problems.

Show Notes: https://securityweekly.com/scw92

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Renee Tarun, Deputy CISO at Fortinet, to discuss Fight Fire With Fire: Proactive CyberSec Strategies for Security Leaders! In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myths and misconceptions, & more!

Show Notes: https://securityweekly.com/bsw237

Segment Resources:

https://www.barnesandnoble.com/w/fight-fire-with-fire-renee-tarun/1139924071

Visit https://securityweekly.com/fortinet to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ashish Rajan, Head of Security & Podcast Host at Cloud Security Podcast, to discuss Security Champions in an Online First World! Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud. This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!

Show Notes: https://securityweekly.com/asw171

Segment Resources:

www.cloudsecuritypodcast.tv

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security News Dr.Doug talks: REvil strikes back, Windows XP, SMS fraud, Nobelium, BQE, Discourse, Polygon, and the returning Expert Commentary of Jason Wood!

Show Notes: https://securityweekly.com/swn161

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/swn for all the latest episodes!

Show Notes: https://securityweekly.com/swn160

The business of Security is gaining in maturity, from being an obscure corner of IT to becoming a core part of the C-Suite. How is this transformation happening and what can we learn from the similar trend that occurred in IT for the last decade?

We've been working on this Python project that will use the Nmap Python library to scan the local network, enumerate select systems and devices, try to login with default or known credentials, and send a Slack message if it finds anything.

The initial release is here:

https://github.com/SecurityWeekly/netslackbot

This week in the Security News: More security advice for non-profits, faster 0-day exploits, ban all the things, you are still phishable, how to treat security researchers, what the heck is cyber hygiene, Gummy browsers, the Internet is safe now, a particular kind of crack is open-source, sysmon: Now for Linux, Windows 11 and lies, and cocaine Hippos!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/psw715

This week, we welcome Joshua Copeland, SOC Director at ATT, to talk about the First Jobs in Cybersecurity: The Analyst Role! In the Enterprise News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more! In our final segment, we welcomed Adam Janofsky, Editorial Director at The Record by Recorded Future, to discuss What We've Learned From Interviewing Cybercriminals!

Show Notes: https://securityweekly.com/esw247

Segment Resources:

https://securityweekly.com/wp-content/uploads/2021/10/Starting-a-Cybersecurity-Career-Cheat-Sheet.pdf

Visit https://securityweekly.com/devo to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

We?re getting closer to the Q1 2022 release of PCI DSS 4.0, which is expected to differ from the current PCI DSS 3.2.1 version in a few key ways. This includes giving organizations more options in how they become compliant, along with customized implementation. In this podcast, Chris Pin, VP of Privacy and Compliance at PKWARE, will discuss what customized implementation means for organizations, additional changes to 4.0, and why they?re important.

And, while PCI 3.2.1 won?t be retired until 2024, it?s a good idea for companies to get started now with their 4.0 compliance strategy. After all, the road to compliance could be a long one, and 2025 will be here before we know it!

Show Notes: https://securityweekly.com/scw91

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the public and private markets! In this episode, we discuss the role of Zero Trust Network Access in strengthening and simplifying access controls for today?s hybrid workforce as they connect from anywhere to multi-cloud, on-premises and even legacy applications. This includes how to reduce the attack surface due to digital sprawl and even reduce complexity for improved user-experience and operational efficiency.

Show Notes: https://securityweekly.com/bsw236

Visit https://securityweekly.com/appgate to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks: Sinclair, Ransomware, angry governors, ISC-square, Tian Fu, Fake Government sites, robot umpires, along with the returning Expert Commentary of Jason Wood on this Edition of the Security Weekly News!

Show Notes: https://securityweekly.com/swn159

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier. In the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!

Show Notes: https://securityweekly.com/asw170

Visit https://securityweekly.com/probely to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This Week in the Security Weekly News Wrap Up Show: Juniper, Wastewater Attacks, South Korea, Phone Scanning, Acer, Android, and Journalists Under Fire as well as all the show Wrap-Ups for this week!

Visit https://www.securityweekly.com/swn for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/swn158

This week, we kick off the show with an interview featuring Zach Wasserman, CTO & Co-Founder of Fleet, who joins us to discuss Open Source Endpoint Security with OSquery & Fleet! Then, Sven Morgenroth, Security Researcher at Invicti, joins us for a technical segment on GraphQL!! In the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school,, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down!

Show Notes: https://securityweekly.com/psw714

Segment Resources:

Visit https://securityweekly.com/invicti to learn more about them!

https://osquery.io

https://fleetdm.com

Visit https://www.securityweekly.com/psw for all the latest episodes!

Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly