Security Weekly Podcast Network (Video)

Attackers are targeting the systems that control access. This includes Active Directory, Azure AD, and recently Okta. Once they have access to identity, attackers can move onto systems that provide access to data and persistence. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw735

In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw257

As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity This segment is sponsored by HP Wolf Security. Visit https://securityweekly.com/hpwolf to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw257

FORCEDENTRY implications for the BlastDoor sandbox, Spring RCE, Zlib flaw resurfaces, security for startups, verifying Rust models, two HTML parsers lead to one flaw Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

Making a positive impact to how we package software to make developer's lives easier in how they have to manage security. Segment Resources: - https://app.soos.io/demo - https://soos.io/ - https://youtu.be/Y8jvhCHGQg8 This segment is sponsored by soos.io. Visit https://securityweekly.com/soos to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw191

In the Enterprise Security News for this week: 14 cybersecurity startups have raised funding! Massive late stage market corrections underway and talks of self-repricing valuations, A private equity firm acquires Zimperium, Even more massive amounts of cryptocurrency are stolen, The NPM package library is under active, constant attack, Microsoft Azure Defender IoT has trivial critical vulnerabilities, White house earmarks $11B for cybersecurity, Death to SPACs, as well as Several new security vendors and products! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

Cybersecurity buzzwords tend to go through a process. They're used as a differentiator. Then everyone adopts them and things get out of control. The term Zero Trust originally gained traction in InfoSec thanks to the model designed by John Kindervag during his time at Forrester. These days, you could be seeing the term Zero Trust because: 1. a vendor makes a product that fits into any one of dozens of categories that contribute to a Zero Trust architecture (IAM, MFA, ZTNA, micro segmentation, directory services, etc) 2. a vendor is using 'zero trust' as a metaphor (small z, small t) 3. a vendor is using 'zero trust' as a philosophy, or company principle (small z, small t) 4. the CMO said it needs to be somewhere on the website for SEO 5. someone told a founder to put it in the sales and/or pitch deck Steve joins us to separate the cyber virtue signaling from the truth of what Zero Trust actually looks like, why it's difficult, and what impact federal interest in Zero Trust will have on this trend. Segment Resources: NIST SP 800-207 https://csrc.nist.gov/publications/detail/sp/800-207/final UK NCSC ZT Guidance https://github.com/ukncsc/zero-trust-architecture USA CISA/OMB ZT Guidance https://zerotrust.cyber.gov/ DOD ZT Reference Architecture https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf Microsoft ZT Guidance https://docs.microsoft.com/en-us/security/zero-trust/ Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

High School students represent the very beginning of the pipeline for the Cyber industry. What are the attitudes and perspectives of these young people? How can we attract the best and brightest into our industry? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw267

This week in the Security News: Military intelligence, Chrome updates, an exploit for the firewall, racing the kernel, creepy spyware goes away?, weaponizing security complexity, same old tricks, the largest crypto hack, suing journalists, targeting your battery backup, the teenager behind Lapsus$, spring exploits just in time for spring, and hacking your Honda Civic, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734

Mark is currently involved in building a security operations center for a large organization with an established infrastructure and teams already in place. In this chat, we'll explore the state of the SOC today, the challenges of building one, the reality versus expectations roles, what is SOAR'ing and not, and more. Tangential paths will likely be followed, as information security is fun to talk about in general! Segment Resources: http://www.securitybsides.com https://www.bsidesdc.org Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw734