Security Weekly Podcast Network (Video)

Michael discusses the challenges of CISOs and the differences between large enterprises and small businesses. As the role of the CISO continues to change, so do the requirements for both large enterprise and small business CISOs. We discuss the balance of communications. leadership, ownership, governance, and the board. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode160

Cyber Insurance. Cyberinsurance points to ponder: Relationship and dilution of responsibility between brokers, underwriters, and reinsurance companies, Cost of cyberinsurance, Actuarial tables for cyberinsurance, Questionnaires to get cyberinsurance, Is there anyone who is NOT eligible for cyberinsurance?, Typical exclusions of cyberinsurance policies, How has cyberinsurance changed over the last few years?, Big cases in cyberinsurance (Zurich insurance, Cottage health), and Cost of cyberinsurance vs. the cost of an incident response. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode15

Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode93

Mobile applications are a rapidly growing attack surface and the tools and techniques being used to compromise these environments are constantly evolving. As the provider in mobile application protection mapping to two out of 10 security risks found in the OWASP Mobile Top 10, Guardsquare is most effective in providing advanced detection for on-device and off-device attacks. Guardsquare s RASP library adds resilience and prevents a vast array of dynamic attack vectors by providing detection for indicators of threat and compromise, including hooking, jailbreaking, rooting, code tampering - as well providing obstruction for debugger and emulator attachments of all types. To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode93

In the Security News, Microsoft Security Shocker As 250 Million Customer Records Exposed Online, the NSA Offers Guidance on Mitigating Cloud Flaws, Multiple Vulnerabilities Found in AMD ATI Radeon Graphics Cards, Brazil prosecutes Glenn Greenwald in attack on press freedom, and Cybersecurity Lessons Learned from 'The Rise of Skywalker'! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Paul, Doug and Tyler interview Mike Godwin about the creation of the EFF, why it was created and how he became involved, some of the first cases taken on by the EFF, Godwin's Law, the right to repair, freedom of speech, and much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

Security goes against our core beliefs, therefore security awareness training often falls flat because employees don't care about security. By showing employees the "why" and how it benefits them as individuals, they are much more open to the "how" and begin to appreciate the value security provides. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Paul, Doug and Tyler interview Dug Song about how he got his start in Information Security, what prompted him to begin work for dsniff, his transition from engineer to entrepreneur, what he learned from his experiences at Arbor Networks, why he decided to found a company in the authentication space, how to grow a company while maintaining your vision and culture, CISCO's acquisition of DUO Security, what it's like to be integrated into such a large company, what makes company's great, advice for talented tech people who want to become entrepreneurs, Dug's book recommendation for inspiring entrepreneurs, and much, much more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode636

In the Enterprise News, Paul and Matt cover new InfoSec products of the week, CyberArk's new JIT access capabilities, a Micro patch that simulates a workaround for the recent zero-day IE flaw, easier and faster AD rollback and recovery with STEALTHbits StealthRECOVER, automating protection from advanced threats with the new Kaspersky Sandbox, compromised credentials monitoring with FlashPoint, and some funding and acquisition updates from Security Compass, Sysdig, Waterfall Security, ServiceNow, and FireEye! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169

Alex Horan is the Director of Product Management at Onapsis and JP Perez is the CTO at Onapsis. Today they discuss the current state as it relates to SAP Vulnerabilities and security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode169