Security Weekly Podcast Network (Video)

Definitions of the word intelligence include a collection of information of military or political value as well as the ability to acquire and apply knowledge or skills. In cybersecurity, when we possess intelligence, we feed that data in our Security Operations Center (SOC) to further analyze the risk present. In this case, the risk is based on the probability of threats materializing and the impact they would have on the organization. We're calling the output of that SOC Cyber Risk Intelligence. Cyber Risk Intelligence is the ability to think holistically about risk and provide information that decision makers can act on...not just analyze. Traditional Vendor Risk Management (VRM) processes focus on the gap, which is essentially information that needs to be further analyzed against the risk to the business. This is an additional step that takes time and effort, especially when different compliance frameworks and threats are constantly emerging. Segment Resources: https://www.cybergrx.com/resources/research-and-insights/blog/beyond-risk-management-how-cyber-risk-intelligence-tools-are-changing-the-tpcrm-game This segment is sponsored by CyberGRX. Visit https://securityweekly.com/cybergrx to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw261

In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (that actually work!), and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw250

How to move from legacy GRC processes and systems to a more automated approach that promotes visibility, agility, and alignment from assessment to Boardroom. This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw250

In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw184

In light of the far-reaching Log4j vulnerability, it's become increasingly clear that the modern developer can't operate without a solid level of security expertise. Vulnerability management is not just about responding quickly but should be top-of-mind during all stages of software development from inception to delivery. Modern threats mean developers can't assume security isn't part of their job and push the burden of responsibility to their infrastructure teams. Doug Kersten, CISO of Appfire, will discuss how the nature of vulnerabilities today makes it critical for developers to make sure they're building projects in a secure manner in order to quickly mitigate vulnerabilities – or they risk being left scrambling to respond when a threat hits. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw184

Finally, in the Enterprise Security News, Security automation startup Cerby raises $12M, Virtual CISO startup Cynomi raises 3.5M to help SMBs automate cybersecurity, Keeper Security acquires Glyptodon (I'm 90% certain Keeper hasn't just purchased the remains of an ancient, long-extinct armadillo), SecurityScorecard acquires LIFARS, a DFIR consulting firm, There's a rumor that Microsoft is considering picking up Mandiant with all the extra cash still laying around after the Activision/Blizzard buy, & DHS launches the first-ever cyber safety review board! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw260

We discuss the current state of identity challenges in the enterprise with Branden Williams. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw260

Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit - which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research. Segment Resources: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw727

One of the key features of cryptocurrency, NFTs, and other blockchain-based technologies is the immutable ledger. Put another way, there's no clear way to implement an 'undo' button when it comes to blockchain. In more traditional situations, passwords can be reset. Financial institutions can issue a stop payment order. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw260

In the Security News for this week: Microsoft to block VBA macros by default (in some Office applications), Russia arrests it's 3rd hacking group, The 'Metaverse' of security challenges, $323 Million in crypto stolen from the "Wormhole", & a rapping influencer allegedly launders $4.5 billion worth of stolen crypto, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw727