Security Weekly Podcast Network (Video)

With cybersecurity attacks continually on the rise, security teams are under more pressure than ever. It's imperative to use your pen testing resources wisely, leveraging automation capabilities where it makes sense to save time and help conduct more impactful engagements. During this interview, Bob Erdman will discuss how to find the right balance between the reliability and efficiency of pen testing automation with the astuteness and logic of human intervention. Segment Resources: The Truth About Pen Testing Automation - https://www.coresecurity.com/blog/the-truth-abouth-pen-testing-automation Core Impact Rapid Pen Tests - https://www.coresecurity.com/products/core-impact/rapid-pen-tests This segment is sponsored by Core Security, A Help Systems Company. Visit https://securityweekly.com/coresecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw269

Amanda Berlin joins us to discuss what she's been up to since her last appearance on the show. It's only been a couple of years, but a lot has changed in that time. Tune in to hear about what changes the pandemic brought to the vision and operations of Mental Health Hackers, and how they pivoted to a virtual environment during this time. The crew talks about their experience going from traveling to 15-20+ conferences a year, down to hardly any conferences during Covid, and what their future plans are now that in-person events are coming back around. Amanda fills us in on her current role at Blumira, other business ventures, and where you can find her speaking/running a village in the near future! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

Mike Wilkes CISO at SecurityScorecard joins us to discuss third party risk research! This segment is sponsored by Security Scorecard. Visit https://securityweekly.com/securityscorecard to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw736

In the Leadership and Communications section: Cybersecurity is IT's Job, not the Board's, Right?, Why Some CISOs Fail, How JetBlue creates a culture of security, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw258

By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques. FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries' goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware's methods for attack entirely in some situations. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw258

In the Application Security News: SSRF at a FinTech leads to admin account takeover, Zoom's bounty payouts for 2021, SLSA demonstrates Build Provenance, Go's supply chain philosophy, Raspberry Pi credentials, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw192

The zero trust approach can be applied to almost every technology choice in the modern enterprise, and Kubernetes is no exception. For Kubernetes network security particularly, adopting a zero trust model involves some radical changes, including moving from a security perimeter defined by firewalls, IP addresses, and cluster boundaries to a granular approach that treats the network itself as adversarial and moves the security boundary down to the pod level. William will discuss why the zero trust approach is increasingly necessary for comprehensive Kubernetes security, the dos and don'ts when adopting Kubernetes, the implications for operators and security teams, and where tooling like service mesh plays a role. Segment Resources: - https://github.com/linkerd - https://linkerd.io/ - https://buoyant.io/mtls-guide/ - https://buoyant.io/service-mesh-academy/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw192

Finally, in the Enterprise Security News for this week: NordVPN raises $100M and becomes the first Lithuanian Unicorn?, Coro lands a $60M Series C for small business-focused security, Airgap Networks closes a funding gap with a $13.4M Series A, Corsha lands a $12M Series A to bring MFA to machine-to-machine API traffic. What? Tru.id lands a $9M seed round to take a stab at using SIM cards for MFA, ex-Alienvault employees raise funding from Ballistic Ventures with Nudge Security, SeeMetrics scores a $6M seed round to provide better KPIs to CISOs, an essay on trust: the two sides of "Say" and "Do", Ubiquiti continues to alienate the security community with its attacks against Brian Krebs, Why an option to edit tweets is a terrible idea, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268

In the Security News for this week: Ransomware that was a breeze, getting an eyeful while charging your electric vehicle, scanning for secrets, find my iPhone is useful, WTF Apple moments and why I run Linux, Wyze is not very wise, stopping teen hackers, ranking endpoint detection, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735

Defensive and Offensive skills have never been mutually exclusive, but the value in training across disciplines has often been overlooked. Catherine joins us today to explain why familiarity with offensive skills, tools, and the attacker's mindset is such a huge benefit for defenders. A few of the highlights we'll cover in this interview include: - How to get started, learning offensive tools and techniques - What it means to be an 'Active Defender' - How to get into the head of the attacker - How to avoid 'tool-focused tunnel vision' Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw268