Security Weekly Podcast Network (Video)

There's a lot of talk about AI, especially with the rise of apps like ChatGPT. Despite there being a huge amount of hype, there are legitimately practical applications for leveraging AI concepts in meaningful ways to improve the efficiency and effectiveness of your cybersecurity program. We'll discuss a few examples and show you some ways to bring AI out of the hype and into a proper tool to empower your security and risk program. This segment is sponsored by Tenable. Visit https://www.securityweekly.com/tenableisw to learn more about them! Threat actors don't think in silos and neither should cybersecurity solutions. In this fireside chat with Uptycs' newly appointed CRO, Mike Campfield, learn why organizations need to adopt a consolidation approach to win in cyber security, why it's important to "shift up," and what Mike is most excited about in his new role. This segment is sponsored by Uptycs. Visit https://www.securityweekly.com/uptycsisw to learn more about them! Deidre Diamond, founder & CEO of CyberSN, talks about her efforts to address InfoSec burnout and the skills shortage impacting the industry. Show Notes: https://securityweekly.com/esw-335

The world of AI is exploding, as excitement about generative AI creates a gold rush. We've already seen a huge number of new GenAI-based startups, products, and features flooding the market and we'll see a lot more emerge over the next few years. Generative AI will transform how we do business and how we interact with businesses, so right now is an excellent time to consider how to adopt AI safely. Pamela Gupta's company literally has "trust" and "AI" in the name (Trusted.ai), so we couldn't think of anyone better to come on and have this conversation with. Interview Resources: Trusted AI Website The NIST AI Risk Management Framework Pamela's Podcast - Trustworthy AI: De-Risk Business Adoption of AI Show Notes: https://securityweekly.com/esw-335

In the Security News: Windows 11 tries to fix legacy authentication, Rapid resets and the world's largest DDoS attack, we finally get to see the cURL vulnerability, and its pretty ugly, turns out Android TV boxes with pre-installed malware are a hot topic, patch your Netscaler, root for everyone with emergency responder software, learn THIS hacking Tools First, long live Wayland, how to actually hack a WiFi device with a Flipper Zero, scanning open source packages, GNOME bugs and a bonus, security is a great idea until there is a bypass in apparmor,a tool that everyone should have in their kit, and we could talk for hours about 25 hard hitting lessons from Cybersecurity! All that and more on this episode of Paul's Security Weekly! Show Notes: https://securityweekly.com/psw-802

Resources we mentioned: * The Hardware Hackers Handbook is a great start * Do a badge challenge: https://www.cyberark.com/resources/threat-research-blog/an-introduction-to-hardware-hacking * Take some classes * Do some Arduino stuff: https://www.arduino.cc/ * Take free courses on electrical engineering: https://ocw.mit.edu/courses/6-01sc-introduction-to-electrical-engineering-and-computer-science-i-spring-2011/ (And here: https://www.tinkerforge.com/en/doc/ and here: https://www.youtube.com/watch?v=LSQf3iuluYo&list=PLoFdAHrZtKkhcd9k8ZcR4th8Q8PNOx7iU ) Building a lab - The list: * Soldering iron (and tools and parts such as Solder, Flux, Tweezer, Soldering wick, Cutter, Wire stripper) * Hot air rework station (can be bundled with soldering iron) * Multi-meter (and lots of associated cables) * Jumper and pinout wires * Breadboard * USB microscope * Bench power supply * Specific lighting (e.g. my document camera has an LED light that works great) * Magnification - magnifying lenses and a headset (esp. if you are old, like us) * USB serial devices (or Bus Pirate if you fancy) Show Notes: https://securityweekly.com/psw-802

Anticipating Curl's upcoming patch for a high severity flaw, the Looney Tunables flaw in Glibc, ShellTorch flaw hits PyTorch and lots of AI, lessons from some X.Org security patches, eBPF security, and more! Show Notes: https://securityweekly.com/asw-258

This week Aaran Leyland rants: about Google, 23andMe, Facebook, GitHub's Secret Scanning, MGM Resorts, Grindr, More News, and is joined by the notorious Jason Wood on the Security Weekly News! Show Notes: https://securityweekly.com/swn-332

What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days. Successful DevSecOps approaches can be so much more than just vulns and so much more than just tools. Sure, tools are useful for identifying known vulns in dependencies and new vulns in code, but teams that emphasize people and culture will find it easier to shift their attention to the security of their product and creating secure designs. Segment Resources: Shift Everywhere is the bullet-train to secure software: https://www.forrester.com/blogs/shift-everywhere-is-the-bullet-train-to-secure-software/?refsearch=35020611696872306356 Forrester Software Composition Analysis (SCA) Wave: https://www.forrester.com/report/the-forrester-wave-tm-software-composition-analysis-q2-2023/RES178483?refsearch=35020611696863504716 Forrester Static Analysis Security Testing (SAST) Wave: https://www.forrester.com/report/the-forrester-wave-tm-static-application-security-testing-q3-2023/RES178489?scrollTo=FHqjnkXmzX Show Notes: https://securityweekly.com/asw-258

In the leadership and communications section, The Data Your Board Actually Wants to Hear About When Valuing Cybersecurity Investments, Cybersecurity is a CFO issue, Must-know insights when navigating the CISO career path, and more! Show Notes: https://securityweekly.com/bsw-323

CEOs and boards struggle with their digital transformation process. Does their operations hinder or align with business initiatives? Has their security operations scaled to meet the data and digital demands to protect against business risk? In today's episode, we're talking to Chris Morales, CISO at Netenrich, who'll provide compelling insights towards security transformation. Security organizations all face similar security challenges of too much data, siloed teams, underperforming legacy tools, and time-consuming and laborious threat investigation work. We'll discuss the approach enterprises need to consider in advancing their security maturity. It's one that's data-driven, adaptive, and predictive. Show Notes: https://securityweekly.com/bsw-323

Each employee serves as a potential gateway to their organization, and the personal information of your workforce is readily accessible and exposed on the internet, making the organization susceptible to threats. DeleteMe is the solution that locates and eliminates personal data from the open web, safeguarding your organization. This segment is sponsored by DeleteMe. Visit https://www.securityweekly.com/deletemeisw to learn more about them! With all of the fancy tools, equipment, and logos most organizations are unable to understand where their data is and how it can be accessed. In the world of work from wherever and whenever orgs need a better handle on what this means. Ridge has worked to curate a set of solutions to meet and implement this need! This segment is sponsored by Ridge IT Cyber. Visit https://www.securityweekly.com/ridgeitisw to learn more about them! Why are we seeing a re-emergence of the demand for packet and flow-based forensic data in cloud environments? In this session, we'll discuss three reasons why IT leaders still need the same if not even better visibility in the cloud than they have in their data centers. We'll also discuss the growing demand for Threat Exposure Management (TEM). Why does a leading analyst describe this as a transformation technology and how can you quickly visualize your environment the way the attackers do? Segment Resources: https://www.viavisolutions.com/en-us/ptv/solutions/threat-exposure-management https://www.viavisolutions.com/en-us/ptv/solutions/high-fidelity-threat-forensics-remediation This segment is sponsored by VIAVI Solutions. Visit https://www.securityweekly.com/viaviisw to learn more about them! Show Notes: https://securityweekly.com/esw-334