Security Weekly Podcast Network (Video)

Shroombots, pagers, Tor, Raptor Train, GRU, Blue Light, Aaran Leyland, and More on the Security Weekly News. Show Notes: https://securityweekly.com/swn-415

Back to the office serfs, Void Banshee, ServiceNow, Taiwan, Dlink, C++, Aaran Leyland, and more on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-414

A month ago, my friend Wolfgang Goerlich posted a hot take on LinkedIn that is less and less of a hot take these days. He posted, "our industry needs to kill the phish test",and I knew we needed to have a chat, ideally captured here on the podcast. I've been on the fence when it comes to phishing simulation, partly because I used to phish people as a penetration tester. It always succeeded, and always would succeed, as long as it's part of someone's job to open emails and read them. Did that make phishing simulation a Sisyphean task? Was there any value in making some of the employees more 'phishing resistant'? And who is in charge of these simulations? Who looks at a fake end-of-quarter bonus email and says, "yeah, that's cool, send that out." Segment Resources: Phishing in Organizations: Findings from a Large-Scale and Long-Term Study The GoDaddy Phishing Awareness Test The Chicago Tribune - How a Phishing Awareness Test Went Very Wrong University of California Santa Cruz - This uni thought it would be a good idea to do a phishing test with a fake Ebola scare Show Notes: https://securityweekly.com/esw-376

Gain insights into the CISA KEV straight from one of the folks at CISA, Tod Beardsley, in this episode of Below the Surface. Learn how KEV was created, where the data comes from, and how you should use it in your environment. This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them! Show Notes: https://securityweekly.com/psw-843

Apple drops a lawsuit to avoid exposing secrets, what does it mean for the security industry if MS locks down the kernel?, exploding pagers, more things from the past: Adobe Flash exploits, robots get rid of your data, PKFail is still a thing, Android TV malware is back: now with conspiracy theories, DMA attacks, gamers are not nation-state attackers, the story of a .MOBI Whois server, a better bettercap, and when not to trust video baby monitors. Show Notes: https://securityweekly.com/psw-843

A takeover of the MOBI TLD for $20, configuring an LLM for a CTF, firmware flaw in an SSD, Microsoft talks kernel resilience, six truths of cyber risk quantification, and more! Show Notes: https://securityweekly.com/asw-299

When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to understand why there was so little interest and why appsec should reconsider its approach to awareness. Dustin Lehr discusses how appsec can better engage and better deliver security concepts in a way that makes developers not only feel like their time is well used, but that the content appeals to them. Segment Resources: - The Security Champion Program Success Guide -- A free guide that includes all steps necessary to build a successful security champion program, with real-world recommendations and examples: https://securitychampionsuccessguide.org/ - Let's Talk Software Security -- A free global virtual community where we host monthly open discussions on appsec topics: https://www.meetup.com/lets-talk-software-security/ Show Notes: https://securityweekly.com/asw-299

In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more! Show Notes: https://securityweekly.com/bsw-364

Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including: the use of Watsonx to generate their new KnightVision report how to use graphical node networks to model cybersecurity data the future of AI models to prioritize recommendations from all the data This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Show Notes: https://securityweekly.com/bsw-364

Ever wondered what it's like to be responsible for the cybersecurity of a sports team? How about when that sports team is one of the world's most successful Formula One teams? I can't describe how excited we are to share this interview. This interview is basically two huge F1 nerds who happen to also be cybersecurity veterans asking everything they've always wanted to know about what it takes to secure an F1 team. For the folks out there that aren't familiar with this sport, Formula One is arguably the fastest, most watched, and most international automotive racing sport today. In the 2024 season, the racing series will feature ten teams traveling to 24 race tracks located in 21 different countries. Also, did you know that only two countries get more than one race? Italy gets to host two Grand Prix, and the United States gets to host three. A HUGE thanks to Keeper Security and Darren Guccione for making this interview possible. This isn't a sponsored interview, but it was Keeper's PR team that pitched the idea for this interview to us, and as F1 fans, we're super grateful they did! Segment Resources: Keeper Press Release on the Partnership Williams Press Release on the Partnership Some more details from Keeper on why they chose to sponsor automotive racing Show Notes: https://securityweekly.com/esw-375