Security Weekly Podcast Network (Video)

Security Weekly

Episodes

Mentioned books

undefined
Jan 12, 2025 • 35min

How threat-informed defense benefits each security team member - Frank Duff - ESW #389

We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition Show Notes: https://securityweekly.com/esw-389
undefined
Jan 10, 2025 • 39min

Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and more. - SWN #441

Bad Cameras, Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-441
undefined
Jan 9, 2025 • 2h 7min

Threat Actors With A Thousand Names - PSW #856

DNA sequencer vulnerabilities, threat actor naming conventions, new CNAs and problems, backdoors are not secrets (again), The RP2350 is hacked!, they know where your car is, treasury department hacked, what if someone hacked license plate cameras? Tenable CEO passes away, and very awkwardly, a Nessus plugin update causes problems, who needs fact-checking anyhow (And how people steal stuff and put it on Facebook), when you are breached, make sure you tell the victims how to be more secure, Salt Typhoon - still no real details other than more people were hacked and they are using the word sanctions a lot, Bitlocker bypassed again, Siri recorded you, and Apple pays, and yes, you can't print on Tuesdays! Show Notes: https://securityweekly.com/psw-856
undefined
Jan 8, 2025 • 28min

The Business of Cybersecurity, as CISOs Budget Wisely for 2025 Priorities - BSW #377

In the leadership and communications segment, The Business of Cybersecurity: The CISO’s Role in Alignment and Pervasive Governance, CISO Priorities for 2025: Budget Wisely, How Do I Position Myself to Influence Senior Leadership?, and more! Show Notes: https://securityweekly.com/bsw-377
undefined
Jan 8, 2025 • 29min

Organizations Must Adapt To Safeguard Data In Evolving Environments - Lamont Orange - BSW #377

Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. Couple data growth with the growing demands of Artificial Intelligence, and the attack surface expands even more. How should organizations adapt their security programs to safeguard their data? Lamont Orange, Chief Information Security Officer at Cyera, joins Business Security Weekly to help you solve your biggest data security challenges. By starting with inventory and classification, data access review can help you answer your biggest data security questions, including: what data you have, where it's stored, who, or what, can access it, and which data risks exist. Show Notes: https://securityweekly.com/bsw-377
undefined
Jan 8, 2025 • 29min

Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more... - SWN #440

Ättestupa, Moxa, Typhoons, WordPress, Likert Scales, Algol, Josh Marpet, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-440
undefined
Jan 7, 2025 • 33min

Removing Rust, Double Clickjacking, h3i CLI, JWT Mistakes, Reviewing Recursion - ASW #312

Curl removes a Rust backend, double clickjacking revives an old vuln, a new tool for working with HTTP/3, a brief reminder to verify JWT signatures, design lessons from recursion, and more! Show Notes: https://securityweekly.com/asw-312
undefined
Jan 7, 2025 • 34min

DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312

All appsec teams need quality tools and all developers benefit from appsec guidance that's focused on meaningful results. Greg Anderson shares his experience in bringing the OWASP DefectDojo project to life and maintaining its value for over a decade. He reminds us that there are tons of appsec teams with low budgets and few members that need tools to help them bring useful insights to developers. Segment Resources: https://owasp.org/www-project-defectdojo/ Three-quarters of CISOs surveyed reported being "overwhelmed" by the growing number of tools and their alerts: https://www.darkreading.com/cloud-security/cisos-throwing-cash-tools-detect-breaches As many as one-fifth of all cybersecurity alerts turn out to be false positives. Among 800 IT professionals surveyed, just under half of them stated that approximately 40% of the alerts they receive are false positives: https://www.securitymagazine.com/articles/97260-one-fifth-of-cybersecurity-alerts-are-false-positives 91% of organizations knowingly released vulnerable applications, 57% of vulnerabilities are left unresolved by developers, 32% of CISOs deploy vulnerable code in the hopes it won’t be discovered, 56% of developers struggle to prioritize vulnerability fixes: https://info.checkmarx.com/future-of-application-security-2024 Show Notes: https://securityweekly.com/asw-312
undefined
Jan 3, 2025 • 47min

Endpoint Security - Rob Allen - SWN Vault

Rob Allen and Doug talk about Endpoint security and how important it is to secure your endpoints going into the new year. Show Notes: https://securityweekly.com/vault-swn-26
undefined
Dec 31, 2024 • 39min

The Future in the Age of AI - SWN Vault

Our old friend Russ Beauchemin and Doug talk about the future of AI and what it may mean when AI is smarter than us all. Show Notes: https://securityweekly.com/vault-swn-25

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
 Get the app