Security Weekly Podcast Network (Video)

CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn't be viewed as a controlling organ - then it will stall innovation and become a blocker for deploying new techniques. Implemented and evaluated correctly, new security tools should speed up the development processes and enable innovation. So how do you measure success in app sec? There are several methods that define the success of a new tool. New tools have to live up and in most instances exceed the existing solutions in place and should help developers to do their job more efficiently. Here we can discuss the relevance of pre-planning and the definition of clear success criteria to get the most out of any solution decided upon. We draw parallels to real world examples of companies that have found success by optimising the time spent on evaluating and implementing new tools. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw219

This week in the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authentication bypass postmortem, M1RACLES, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw153

While web application security is a highly researched topic with a lot of subject familiarity among security professionals, it's still not easy for security and development teams to navigate modern threats, and understand the differences, and more importantly, the similarities between securing web apps and securing APIs. In the endless battle to keep networks and applications safe, organizations need to rely on real-time data to better understand the differences between attacker behavior and legitimate traffic. Join this discussion with Daniel Hampton for a look inside a unified and collaborative approach to the modern tools and processes needed to monitor for and stop real-time web application and API security threats, and clarify the complexities teams often navigate. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw153

This week In the Security News, Paul and the Crew talk: Establishing Confidence in IoT Device Security: How do we get there?, JBS hack latest escalation of Russia-based aggression ahead of June 16 Putin summit, why Vulnerability Management is the Key to Stopping Attacks, Overcoming Compliance Issues in Cloud Computing, Attack on meat supplier came from REvil, ransomware's most cutthroat gang, WordPress Plugins Are Responsible for 98% of All Vulnerabilities, and more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

Over the past year, organizations have rapidly accelerated their digital transformation by leveraging technologies such as cloud and container that support the shift to IoT and a remote workforce. Implementing these technologies has led to considerable growth in the number of IT assets deployed within the enterprise. Traditionally, IT oversees the management of these assets and focuses on administration responsibilities like inventory, software support, and license oversight. Sumedh will discuss why the shift to digital calls for a new approach to asset visibility. Segment Resources: View the CyberSecurity Asset Management video: https://vimeo.com/551723071/7cc671fc38 Read our CEO's blog on CyberSecurity Asset Management: https://blog.qualys.com/qualys-insights/2021/05/18/reinventing-asset-management-for-security Read the detailed blog on CyberSecurity Asset Management: https://blog.qualys.com/product-tech/2021/05/18/introducing-cybersecurity-asset-management This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

We've let the compliance world drive security for so long there are folks that literally have no idea what 'reasonably secure' looks or feels like because they've never seen it before. Segment Resources: phobos.io/orbital Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw697

This week in the Security Weekly News, Paul and the Crew Talk: Nagios exploits, hacking a Boeing 747, bypass container image scanning, unpatchable new vulnerability in Apple M1 chips, stop blaming employees (Especially interns), spying on mac users, don't tip off the attackers, security researcher plows John Deere, when FragAttacks, security by design, & more! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Rick Howard joins to talk about his Cybersecurity Canon project, the rock and roll hall of fame for Cybersecurity literature! The Cybersecurity Canon Committee has announced it's hall of winners for 2021. Segment Resources: https://icdt.osu.edu/cybercanon Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Training is critical but it is tough to break away from the day to day. Polarity is running free 15 minute training sessions that leverage our community edition to leave you with a new ability to automate search and save time. Examples include, how to write basic regular expressions, how to find exploit code faster, basics of cyberchef, or how to read a malware sandbox report. Segment Resources: Sign up page: https://polarity.io/ctt/ Past 15min session with GreyNoise: https://youtu.be/sEWQbRU4Duc Teaser for future session on searching malware sandboxes: https://youtu.be/qo3GxeVSdGg Teaser for future session on searching for exploit code: https://youtu.be/mGcA8_8dPfg Teaser for future session on searching for YARA rules: https://youtu.be/Fx8d_fIeFy8 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw696

Metrics, Training, Culture – Why Your Phishing Program Isn't Working - Drew Rose, Living Security Phishing reports have become the standard for measuring security awareness, and yet breaches keep happening. Something is broken. Knowing how to recognize a phishing attempt is a tiny part of creating a security-focused culture and protecting your business from attacks. This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! A New Perspective on Cloud Security Resilience - Ganesh Pai, Uptycs Cloud security, the next frontier. How do we build resilient services in the cloud and secure them. Ganesh Pai, CEO at Uptycs, joins us to discuss a new perspective on cloud security resilience. This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw229