Security Weekly Podcast Network (Video)

Tax season happens once a year but audit preparation can happen multiple times per year for most companies dealing with SOC 2, HIPAA, ISO 27001, PCI, and more. Manual evidence collection, user access reviews, mapping controls to policies to frameworks; it's no wonder PTO time usually comes right after the audit period. Let's talk about how to really use automation within your existing systems to streamline audit preparation and reduce the manual work for your security, engineering, and legal teams. This segment is sponsored by Aptible. Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/scw44

Michael Santarcangelo and Sam Estrella join us for this special segment to discuss the anatomy of an acquisition. A listener request, Michael will walk us through the Security Weekly acquisition by CyberRisk Alliance to understand the key criteria, processes, and challenges of an acquisition, especially during COVID-19. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw188

Corey Thuen, the founder of Gravwell, will join us to discuss how to drive better decision making. Context and collaboration are key, but only if you have the data. Gravwell allows the collection of unlimited data to power your business. This segment is sponsored by Gravwell. Visit https://securityweekly.com/gravwell to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/bsw188

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw122

Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that app logs contain the information needed for teams to collect useful signals and make informed decisions. This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw122

Three Cybersecurity Lessons from a 1970s KGB Key Logger, MFA Bypass Bugs Opened Microsoft 365 to Attack, How Hackers Can Pick Your LocksJust By Listening, U.S. House Passes IoT Cybersecurity Bill, Most compliance requirements are completely absurd, Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667

Following the release of our detection engine, Elastic opened up a new GitHub repo of our public detection rules. See: https://github.com/elastic/detection-rules. This is where our security intelligence and analytics team develops rules, creates issues, manages PR's - and by making the repo public we're inviting external contributors into the workflow. This gives contributors visibility into our development process and a clear path for rules to be released with the detection engine. If time allows, James can also talk about the preview we recently released of Event Query Language (EQL) in Elasticsearch. This is the correlation query language that Elastic adopted through the acquisition of Endgame last year to support threat hunting and threat detection use cases. It's a feature that users have been asking for for years and an exciting step toward natively integrating EQL into the Stack. This segment is sponsored by Elastic. Visit https://securityweekly.com/elastic to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667

BSIMM11, the latest version of the Building Security In Maturity Model (BSIMM), was created to help organizations plan, execute, measure, and improve their Application Security program/initiatives. BSIMM11 reflects the software security practices observed across 130 firms from industries such as finserv, independent software vendors, cloud and healthcare. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw667

The drivers behind transformation, or roadbloacks, come in different forms. Mergers and acquisitions present both security challenges and opportunities for growth. Legacy technology always presents unique challenges, especially when it comes to security. Of course, everyone wants to be cloud native, but just how far along are you on the journey? Join us for a discussion on these topics with Jimmy Mesta from Signal Sciences! This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw199

As organizations grow and get more mature, they are looking for ways to achieve more with less. Join this ESW segment to learn how mature organizations approach web application security at scale, how they achieve greater visibility, shift security left and how they save time for their team whilst building more effective web application security programs. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw199