Security Weekly Podcast Network (Audio)

Attackers pursue the shortest path to achieve their goals in your app. With a tri-layered security architecture, you can force hackers to crawl through a triathlon in your app. What’s in the three layers, to detect attacks sooner, slow attackers down, and stop them fast? Let’s take a journey across the three layers and discuss how to gain control of user permissions, secure your cloud computing, and keep your customers and their users safe. Segment description coming soon! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-807

In the rapidly evolving landscape of application security, 2023 brought significant changes with the rise of generative AI tools and an increase in automated threats. In this discussion, Karl Triebes takes a deep dive into the major trends of the past year, examining their impact on the industry and shedding light on what security professionals can anticipate moving forward into 2024. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! CNCF's releases a handbook on fuzzing, OpenSSF and OWASP respond to CISA's Open Source Software Security RFI, 14 years of Go, lessons for today from an internet worm from 35 years ago, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-263

This week Dr. Doug quacks: Cybertruck, Solarwinds, Bitcoin, Docker, Ducktail, Experian, More News and Jason Wood, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-342

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it? In part 1, we discuss the challenges of cyber risk management and quantification. Do risk scores really work? What do CEOs and Boards really need to understand cyber risks? Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it? In part 2, we get our hands dirty by walking through ways to quantify cyber risks in business terms. What risks are truly worth mitigating vs. accepting or transferring? And if we do mitigate them, how do we track progress and impact? Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-328

Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today. We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for? Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future. During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds. We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw-339

This week Dr. Doug discusses: Fakes, Sysaid, Sumo, farnetwork, CPU-Z, Google, Chat-GPT, Aaran Leyland, and More News on the Security Weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-341

Austin spends the majority of his time thinking about ways to abuse LLMs, the impact of the attacks, and the effects on society. He brings a truly unique perspective to the way to use, attack, and verify output from AI LLM models. Whether you are just learning the ins and outs of LLMs or you were an early adopter, this segment is for you! In the security news: do people still use mainframes? IoT and firmware security, Apple Find my, Bluetooth is the gift that keeps on giving, to hackers that is, and more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-806

A lot of appsec conferences have presentations for appsec audiences -- but that's not often the group that's building apps. What if more developer conferences had appsec content? We talk with Josh about security from the developer's point of view, both as an audience hearing about it and as a presenter talking about it. We discuss the importance of knowing your audience and finding the hooks in security tools and topics that can resonate with developers. Segment resources: https://www.joshuakgoldberg.com/speaking/ Details of the Citrix Bleed vuln, exploitation of the Atlassian improper authorization vuln, so many jQuery installations to upgrade, the price of bounties and the cost of fixes, Microsoft's Secure Future Initiative, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-262

This week Dr. Doug expounds: Grok, Okta, Looney Tunables, HelloKitty, Gootbot, Veeam, More News and Jason Wood, on this edition of the Security Weekly News! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-340

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index is rebounding, but there's a long way to go to get back to the top. In the leadership and communications segment, SolarWinds Is A Game Changer - You Cannot Sugarcoat Cybersecurity, Rethinking CISO Accountability: A Call for Balance in Cybersecurity Leadership, How to improve communication in the workplace: Strategies for enhanced productivity, and more. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-327