Security Weekly Podcast Network (Video)

The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities. In this episode, we'll discuss how AppSec teams can effectively manage the transition from securing traditional monolithic applications to modern cloud native applications and the types of security tooling needed to provide coverage across custom application code, dependencies, container images, and web/API interfaces. Finally, we'll conclude with tips and tricks that will help make your developers more efficient at fixing vulnerabilities earlier in the SDLC and your pen testers more effective. Segment Resources: https://www.deepfactor.io/kubernetes-security-essentials-securing-cloud-native-applications/ https://www.deepfactor.io/resource/observing-application-behavior-via-api-interception/ https://www.deepfactor.io/developer-security-demo-video/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw209

Identity management has become a central pillar of many organizations' security policies and architecture. In this executive interview, Ping Identity Senior Product Marketing Manager Zain Malik analyzes two heavily trending corners of the identity market: passwordless technology and customer identity and access management (or CIAM). This one-on-one session will address topics such as biometrics and QR code-based authentication, and how to determine which customer identity solution is right for each particular consumer touchpoint. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw285

In 2023, at least five new "rights-based" data privacy laws will become enforceable in the United States at the state level, including the California Privacy Rights Act (CPRA). Common to all of these laws are information security requirements, including the need for risk assessments and the need for authenticating data access requests. In this podcast we'll speak with an information security legal veteran on what these new laws mean for cybersecurity professionals and their data protection programs. Security Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 Segment Resources: https://securityweekly.com/wp-content/uploads/2022/08/spirion-data-sheet-enforcable-laws-2023_PRINT.pdf Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw285

In March 2022, the SEC proposed new rules governing the reporting of cybersecurity incidents. This session will explore how businesses will be affected by this and similar legislation and provide tips to compliance and technical teams alike. Security Weekly listeners save 20% on this year's InfoSec World Conference by visiting https://securityweekly.com/isw and using the discount code ISW22-SECWEEK20 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw285

Larry, Doug, Lee, Josh, and Chris Blask cover the security news! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw752

We don't like it, but the hopeful internet we envisioned doesn't look much like the internet as it exists today. Online conflict is widespread and at times the internet hurts more than it helps. In this podcast, we'll discuss ways to inform today's enterprise defense by better understanding strategy, tactics and operational art from government influence operations, electronic warfare, and cyberspace operations. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw752

In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it "Craig's List." Most know the rest of the story. But what did that rapid entry into tech entrepreneurship teach him about information security? And how did that lead to a passion for, among other things, cyber philanthropy? SC Media's Jill Aitoro will speak to Newmark about his career, and his own evolution in infosec awareness that came with it. Among the more challenging phases for a cyber business is transitioning from inspiring startup to successful enterprise, strategically leveraging investment to scale. SC Media's Jill Aitoro will sit down with Dave Dewalt, founder of NightDragon, and Matt Carroll, CEO of NightDragon's newest investment Immuta. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw273

Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in the past year, and releases a security layer for Edge; Black Hat talks on bounties and desync attacks, Google's bounties for the Linux kernel, modifying browser behavior, and the Excel championships. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw208

Employees are on the move. As tech and security leaders adjust to managing hybrid teams, they should also plan for the loss and replacement of key security talent. Attrition and the increasing length of time needed to find a replacement leaves security programs — and firms — vulnerable. Implementing a formal succession planning process for the security organization mitigates risk and increases employee satisfaction and retention. This report provides steps for starting a succession planning program and real-world examples of companies that are already focused on developing and retaining the next generation of security talent. Segment Resources: https://www.forrester.com/report/succession-planning-is-a-business-resilience-imperative/RES177689?ref_search=604835_1658240598764 Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw273

Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw208