If you care about nutrition, you check the ingredients of your food. If you care about your IT infrastructure, you check the Software Bill of Materials (SBOM) of the tech. At least that’s the future that Thomas Pace hopes for. Right now, SBOMs aren’t super common and software transparency is very low. Thomas walks us... Read more »

Today we discuss how to secure your all-powerful root accounts on the three major public cloud providers: AWS, Azure, and GCP. Our guests today, Ned Bellavance and Kyler Middleton from the Day Two Cloud podcast (soon to be Day Two DevOps podcast), describe the struggle of securely managing several root accounts at once. They take... Read more »

Drew and JJ have recovered from the overstimulation of the RSA expo floor and are ready to discuss their takeaways from the conference. They discuss the surprising emphasis on microsegmentation and storage backups, and the not-so-surprising focus on IoT security and AI-assisted products. They also pull back the curtain on what the conference’s own SOC... Read more »

Matter is an IoT protocol that has security and interoperability baked into it. Steve Hanna, the chair of the Product Security Working Group in the Connectivity Standards Alliance, joins the show today to walk us through this IP-based protocol for smart home devices. He compares Matter to an armored car, delivering a valuable payload securely... Read more »

Tabletop security exercises can help organizations game out their response to a security incident. From the technical and business considerations to legal and PR implications, a tabletop exercise, like Dungeons and Dragons, lets you play-test attack and defense scenarios. Johna Till Johnson, CEO of Nemertes consulting firm and co-host of the Heavy Strategy podcast, joins... Read more »

Zero trust is a buzzword, but what does it actually mean and how will it impact network engineers? Jennifer is here to get us up to speed. First, she gives a general description: It’s a security architectural strategy that’s progressing toward increased observability and trust inferences. Then she breaks it down for the three main... Read more »

Have you ever noticed “threat hunting” in vendor products and wondered exactly what it means? James Williams is here to explain: Threat hunting is the R&D of detection engineering. A threat hunter imagines what an attacker might try and, critically, how that behavior would show up in the logs of a particular environment. Then the... Read more »

What’s the difference between cybersecurity “as a service” vs. “managed” vs. “hosted”? And what’s the difference between an MSP and an MSSP? In this episode, JJ helps untangle the terms and concepts in cybersecurity offerings. She explains what questions you should ask vendors to make sure you’re picking the right one for your needs; negotiating... Read more »

The classical encryption algorithms that currently undergird our IT infrastructure will be broken once there’s a powerful and stable enough quantum computer to do the job. Quantum-resistant algorithms are being developed by NIST, but implementation and deployment of these algorithms still have to be addressed. So what does all this mean for busy IT and... Read more »

IoT devices are often like the tiny aliens in the locker in Men in Black: They’ve created a whole little world on your network without almost any humans knowing they exist. Today Troy Martin joins the show to teach us the basics of how to find and secure IoT devices on your network, specifically focusing... Read more »