Security Weekly Podcast Network (Video)

90% of cloud runs on Linux, but current countermeasures are focused on addressing Windows-based threats, leaving multi-cloud deployments vulnerable to attacks. So, is it any wonder that malware is propagating in multi-cloud environments under the radar? Segment Resources: https://via.vmw.com/exposingmalware This segment is sponsored by VMware. Visit https://securityweekly.com/vmware to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

In the Security News for this week: Was it Russia?, Blocking software updates, crowd-sourced attacks, protecting FPGAs, moving Linux to modern C, Nvidia hit, the split of cyber criminals, Namecheap banning, Anonymous declares war, the Alan framework, and leaving your Docker port exposed, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw730

We'll cover the cutting-edge recommendations in the US federal governments January 2022 memo on their "transition to zero trust". Then we'll talk about what the standard definition of "zero-trust" means in our industry, and why it doesn't mean "trust zero things". Finally, we'll chat about architectures that can get us closer to actually trusting zero things. Segment Resources: Analysis of the federal government's zero trust memo: https://www.bastionzero.com/blog/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to https://www.bastionzero.com/blog/bashing-vpns-for-fun-and-profit Zero trust security models https://docs.bastionzero.com/product-docs/home/security-model Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw263

In the leadership and communications section, Answer this question to assess your leadership, Partner Across Teams to Create a Cybersecurity Culture, The Future of Cyber Insurance, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw252

Ransomware developments we saw over the past year—along with a look ahead at what to expect in 2022. This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw252

Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes, filling in the missing semester of Computer Science Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw186

DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps that haven't migrated to modern build processes or framework and many cloud-native apps demand different approaches to deployment. We'll cover the different approaches to adapting security tools to the needs of the developers. This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw186

This discussion will provide a brief overview of the Incident Command System for Industrial Control Systems processes and describe how ICS4ICS will help companies better manage industrial cyber incidents. We will discuss how ICS4ICS will enable companies to work with government agencies and mutual aid partners when a cyber incident impacts an entire industrial sector or multiple sectors. Segment Resources: General info and to sign up for more information in our newsletter: https://gca.isa.org/ics4ics Learn more about our call to volunteers: https://gca.isa.org/blog/ics4ics-will-improve-management-of-ics-cybersecurity-incidents Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw262

Cloud, DevOps, Kubernetes - the world has gone crazy. We don't have servers anymore - we have workloads, instances, and serverless. We have CI/CD pipelines. These workloads are distributed, immutable, and ephemeral (aka 'DIE' - hi Sounil!) in many cases. Today, we chat with Jimmy Vo about what it was like, as a detection engineer, to come from a traditional banking environment and suddenly get thrown into a world full of 'cloud-first' startups. "DevOps folks are nuts." --Jimmy Vo Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw262

Josh Corman joins to describe, in vivid detail, some of his experiences working for CISA, as a fed, & from the frontlines. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw729