Security Weekly Podcast Network (Video)

CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers' networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business. Segment Resources: https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://securityweekly.com/scw95

In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw240

Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defenders for a myriad of reasons. Discussion will entail how this attitude can and should change. This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw240

In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. This segment is sponsored by Guardsquare. Visit https://securityweekly.com/quardsquare to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

In the Enterprise Security News for this week: Drata reaches unicorn status in record time with a $100m Series B, SCYTHE announces a $10m Series A, McAfee Consumer business acquired for $14b, WPScan acquired by Automattic (the company behind WordPress), QOMPLX SPAC is called off, HashiCorp IPO is not called off, open source CSPM and firmware emulation tools, Ghost kitchens and more. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

Risk based security programs are all the rage, from managers looking to "trim" the security budget to regulatory bodies looking for excuses to fine your company. Nick is a security pro who has seen it all -- programs done well, programs done poorly, and implemented one or two of them himself, and would love to share the lessons learned from those experiences. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

Over the course of 2020 and 2021 new UAV regulations and restrictions, such as Remote Identification, have threatened UAV hobbyist's ability to fly freely. These new regulations did leave hobbyists with one loophole: building a sub 250g quad. After this realization, I set out to build a sub250g quad which can be flown for fun, or as one of the first remotely accessible war-flying devices. Segment Resources: http://mav.sh/ https://github.com/0xkayn/Valkyrie https://www.youtube.com/watch?v=CJZ2gCLopyU Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718

I once told my college advisor that I wanted to double major in computer science and jazz performance. She laughed at me. Instead, I jumped into a career in IT and played jazz - without a degree in either. Turns out, that was fine - the industry valued experience and results over academic achievement. Today's guest *has* two degrees, one in fine arts, one in pre-law, and that's also fine. If there's anything I've learned in InfoSec, it's the mind that matters most, less so the degrees or certs on your wall. Angela Marafino gets cybersecurity and understands what makes it tick. Using this knowledge, she has built a personal brand, network, and career in an impressively short time. She is simultaneously mentor and mentee. Today, we'll explore Angela's path into the industry as well as some of her views on challenges, like imposter syndrome. https://hbr.org/2021/02/stop-telling-women-they-have-imposter-syndrome https://www.itspmagazine.com/focal-point-podcast https://twitter.com/hackerbookclub1 Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw250

This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC Linux kernel vulnerability, patches that don't fix everything, truckloads of GPUs and testing if your high! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw718