Security Weekly Podcast Network (Video)

Chase Robertson, the CEO at Robertson Wealth Management, joins us to discuss the state of the financial markets in 2020 and beyond. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode159

In this segment, we interview Trevor about his role, his experience and his thoughts on the role of compliance in the Federal Government. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

In this segment, we continue the discussion with Trevor on the role of compliance in the Federal Government. Visit https://www.securityweekly.com/scw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SCWEpisode14

This week we provide our quarterly Security Money update. This segment tracks the top 25 public security vendors, known as the Security Weekly 25 Index, and the private funding. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode159

PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Pratt & Whitney Expects GTF Engine Software Update on A220 Jet in Spring, Building a more private web: A path towards making third party cookies obsolete and making the User-Agent less revealing about the user, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

Apps must protect the data they collect. How can DevOps teams apply effective controls like strong authentication and authorization? How do cloud services help or hinder encrypting data? Envelope encryption uses multiple keys to protect data. It's a scalable pattern for protecting data and is nicely documented for AWS, Azure, and GCP. Be warned that each provider uses slightly different terminology for the same principle components. Kubernetes also supports this pattern. Data is also an attack vector that apps must protect themselves against. How relevant is the security recommendation of "use input validation" for modern apps? How can apps that rely on user-generated content or microservice architectures handle data securely? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode92

We discuss the details and impact of the latest flaw, disclosed by NSA, in Windows 10 that allows attackers to pass off malware as signed applications and so much more. The Citric Netscaler vulnerability is a rare remote-easy-to-exploit opportunity for attackers. The crew also talks about book recommendations, backdoors in crypto (and why its bad), conspiracy theories and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

This week on Enterprise Security Weekly, Paul Asadoorian and Matt Alderman interview Ward Cobleigh about the recent VISA security alerts highlighting the need for ongoing network monitoring and the ability to react quickly to specific indicators of compromise (IOCs). How flow and wire data can flag malicious behaviors and identify breach scope and impact. To find out more about VIAVI Solutions and to download their "Using Wire Data for Security Forensics" White Paper, visit https://securityweekly.com/VIAVI. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ESWEpisode168

The world continues to see a proliferation of highly insecure IoT/embedded products. How can companies making embedded products design security in from the start, and why don t they do it today? Importantly, security needs to be baked in while remaining lean and moving quickly towards an MVP product. Discussions will range from hardware chip selection, cryptographic protocol design, and firmware security -- both at the design and security pen test phases. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635

This is the Hacker Culture Roundtable discussion from the Security Weekly Christmas podcast marathon and features almost all of our hosts and special guests. Hacking is a term used to describe the activity of modifying a product or procedure to alter its normal function, or to fix a problem. The term purportedly originated in the 1960s, when it was used to describe the activities of certain MIT model train enthusiasts who modified the operation of their model trains. They discovered ways to change certain functions without re-engineering the entire device. These curious individuals went on to work with early computer systems where they applied their curiosity and resourcefulness to learning and changing the computer code that was used in early programs. To the general public, a "hack" became known as a clever way to fix a problem with a product, or an easy way to improve its function. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode635