Security Weekly Podcast Network (Video)

Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choices that go into service meshes and when a monolith should just remain a monolith. Segment Resources: https://www.solo.io/blog/kubernetes-security-cloud-native-applications/ https://www.solo.io/blog/apis-data-breach-zero-trust/ https://www.solo.io/blog/api-gateways-productivity-resilience-security-cloud-applications/ Show Notes: https://securityweekly.com/asw-267

Cyber has been an historically hermetic practice. A dark art. Full of mysteries and presided over by magicians both good and bad. This is a bit of an exaggeration, yet there is some truth to it. Many in our industry knew that the SEC was evaluating the role that cyber risk management and incident disclosure plays in the pricing mechanism for an equity. Many of the participants in GRC, IRM, and Cyber Risk anticipated this before the SEC had even proposed such rules. Boards, C-Suites, and Information security teams within publicly traded companies brought it up occasionally in the year preceding its adoption. Lawyers on K Street actively advocated in the press against enacting such rules, and there is still a hearty back and forth concerning the merits of SEC involvement in cyber risk. But more transparency is a very welcome development. For investors, it's essential. Industry veterans say that this development hearkens back to Sarbanes Oxley, which had very big implications for Governance, Risk, and Compliance. This is likely cyber risk's SOX moment, and the drop date is December 15th of this year on all 10-K filings. The SEC will not look kindly upon boilerplate disclosures, particularly if a cyber attack with significant losses occurs. So where do you start? This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Show Notes: https://securityweekly.com/bsw-332

On this week's news segment, we pick up where we left off with Doug running the show last week. We discuss current early stage categories, AD canarytokens, and low hanging vulns. We talk about why cybersecurity is important, but not nearly as unique or special as some might have you think. The goal of patching faster than exploits can be used - is it a fool's errand? Also, pickleball - the country's fastest growing sport, is causing chaos across the nation. Show Notes: https://securityweekly.com/esw-343

What is telemetry data and why is it important to cybersecurity? Why is it such a pain to collect, store and use? How do we improve our ability to gather and benefit from this data? Today, Tucker Callaway, the CEO of Mezmo joins us to answer all these questions and help us understand the future of the SIEM and other cybersecurity data tools. Show Notes: https://securityweekly.com/esw-343

On this podcast, we've often struggled with whether or not to include stories and discussion on identity verification. Is identity verification cybersecurity proper, or cybersecurity adjacent as part of fraud prevention? As always, when we're unsure, we find folks to talk to and learn more. Today, we'll be learning about weak points in the identity verification chain from Rob O'Farrell. He'll also be helping us to understand what identity verification is, and why it's important to cybersecurity overall. As more and more of the world is digitized (especially the lagging healthcare industry in the US), reliable identity verification seems more important every day. Segment Resources: Living Information Security: An Integrated Approach to ISO-27001 The Foundations of Identity Verification: Trust and Its Pillars IBS Intelligence Podcasts Ep552: Is self-sovereign identity the next step in secure ID management? Are We Being Lax with Fraud? Show Notes: https://securityweekly.com/esw-343

Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-349

Analyzing firmware with EMBA, TinyXML, and the ugly supply chain, ignoring vulnerabilities that allow attackers to turn off your vehicle, Android lock screen bypass and running water, LogoFAIL updates, and the confusing severity, you still haven't patched Log4Shell, the password is 123456, and an amazing Bluetooth hack that affects you! Show Notes: https://securityweekly.com/psw-810

Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including the Hackett Group (NASDAQ HCKT). He has participated in over 20 M&A transactions. He has delivered to clients in over 20 countries on 6 continents. Show Notes: https://securityweekly.com/psw-810

Benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more! Show Notes: https://securityweekly.com/asw-266

Cybertruck, Viagra, Struts, Atlassian, Log4Shell, Pharmacies, Security Clearances, Naughty Bots, Jason Wood, and more on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-348