Security Weekly Podcast Network (Video)

In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response. This segment is sponsored by deepwatch. Visit https://securityweekly.com/deepwatch to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw275

Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product's flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw264

Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn, JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743

This segment will be an opportunity to discuss web application client-side security with subject matter expert Matt McGuirk from Source Defense. Modern web applications have a massive and misunderstood attack surface that exists within the webpages they serve. Potential discussion topics: - A visual overview of the problem - A simulated client-side attack - How to evaluate client-side risk on a given web site - What technologies are available to defend against client-side attacks - Historical case studies of landmark attacks Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-papere This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743

In the Autumn of 2019, Salesforce started on an ambitious journey - to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce's customer to deploy new technology and to change all of their user's behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved. Join Ian Glazer as he discusses the impetus for Salesforce's MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce's journey towards complete customer MFA adoption and apply it in your own organization. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat. Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw276

In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw263

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time? This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw263

In the Enterprise Security News: The latest cybersecurity fundraising, We discuss the impact of the market downturn on the cybersecurity startup industry, Crypto muggings, Security researchers researching researchers simulating attackers, & Evil Encryption! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw274