Security Weekly Podcast Network (Video)

This week in the Security News: Big DDOS, tracking smartphones, play Doom in your BIOS, hertzbleed, Apple M1 vulnerability, who will buy NSO, spoof your location data, building system attacks, and a hacker's revenge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw744

Michigan has a group of volunteers who assist local governments and public services with incident response. The program is relatively mature, and will be presented (along with those of Ohio and Wisconsin) at the upcoming National Governors Association Cybersecurity Summit. Come hear the interview and scoop the governors! Segment Resources: Our home page http://micybercorps.org Our supporting legislation https://www.legislature.mi.gov/documents/mcl/pdf/mcl-Act-132-of-2017.pdf Our partner organization https://www.michigan.gov/dtmb/services/cybersecurity/cyber-partners Key article in moving our development forward - https://warontherocks.com/2018/01/estonias-approach-cyber-defense-feasible-united-states/ An article with more info https://www.lawfareblog.com/bridging-state-level-cybersecurity-resources Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw744

This week in the AppSec News: OWASP Top 10 for Kubernetes, Firefox improves security with process isolation, CNCF releases guidance on Secure Software Factories and Cloud Native Security, & the DOJ clarifies its policy on CFAA! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. We'll talk about how the definition of secure coding varies among developers and appsec teams, why it's important to understand those perspectives, and how training is just one step towards building a security culture. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw198

Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we'll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS). This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them! Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding. Segment Resources: https://fortifydata.com/request-an-assessment This segment is sponsored by FortifyData. Visit https://securityweekly.com/fortifydata to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw265

There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi... Segment Resources: https://identiverse.com/idv2022/ (Paul on Wednesday) Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275

In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw265

Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem. Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them! The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response. This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275