Security Weekly Podcast Network (Video)

SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more! Show Notes: https://securityweekly.com/asw-292

Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader. Show Notes: https://securityweekly.com/bsw-357

Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders. Segment resources: https://www.forrester.com/blogs/generative-ai-will-not-fulfill-your-autonomous-soc-hopes-or-even-your-demo-dreams/ https://www.forrester.com/blogs/top-5-things-you-need-to-know-about-how-generative-ai-is-used-in-security-tools/ https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/ Show Notes: https://securityweekly.com/asw-292

Elon's Killer Robots, Crowdstrike and More Crowdstrike, Southwest, Play, FrostyGoop, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-400

Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms. Show Notes: https://securityweekly.com/bsw-357

In this episode of Security Weekly News, Dr. Doug White and Josh Marpet delve into the widespread impact of the recent CrowdStrike and Microsoft technical issue, which disrupted various industries, including airlines, DMVs, and hospitals. They discuss the interconnectedness of modern systems, the reliance on automatic updates, and the critical need for thorough testing and third-party risk management. Emphasizing the importance of understanding and planning for system failures, the hosts highlight the necessity for comprehensive inventories, continuous monitoring, and robust backup plans to ensure business continuity and resilience. Tune in for expert insights into mitigating the significant consequences of system failures. Show Notes: https://securityweekly.com/swn-399

In this week's enterprise security news, Google is rumored to be considering acquiring Wiz for $23 BILLION ThreatConnect acquires Polarity XBOW and Sola Security are interesting new companies we'll discuss What does "shared responsibility" actually mean? Palo Alto probably isn't going to buy your startup Snowflake-related breaches continue getting worse MUCH less AI talk than usual Defragmenting your browser All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-368

On this segment, we're going to zoom all the way out to discuss one of my favorite topics: what's fundamentally wrong with this industry? I believe we're at an inflection point: security teams have budget, staff, and more sway at the board level than ever. The cybersecurity market is doing great - growing at an astonishing rate with cyber startups that almost never fail and funding that survives every market downturn. So why are failures also breaking records? What are we getting wrong? Why are we failing? These are the questions Richard, Katie, and I will try to answer in this segment. Segment Resources: www.riskcrew.com/resources-2/cybersecurity-circle-of-failure/ Show Notes: https://securityweekly.com/esw-368

Three years after we last discussed this book on episode #221, Jarrett Rodrick returns, joined by co-author Tyler Wall to discuss an update of the book. We talk opportunities and layoffs. Career paths and experience. Degrees, certifications, and home labs. We talk about who cybersecurity is the right field for, and the pros and cons of the industry as a whole. We also talk myths and reality about a cybersecurity career. Can you really make $100k just a few years in? Is it really an entry level field? Are you better off entering cyber from IT or the military? Segment Resources: Pick up the book on the publisher's website Pick up the book on Amazon Actual junior roles and entry level opportunities Show Notes: https://securityweekly.com/esw-368

Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues! Show Notes: https://securityweekly.com/psw-835