Episodes
In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA’s leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Show...
Published 11/23/24
Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. Show Notes: https://securityweekly.com/esw-385
Published 11/22/24
Tesla, Druids, Salt Typhoon, North Korea, Amazon, Microsoft, Google, Joshua Marpet, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-433
Published 11/22/24
This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Show...
Published 11/22/24
Fast cars kill people, Apple 0-Days, memory safety, poisoning the well, babble babble and malware that tries really hard to be stealthy, Palto Alto and Fortinet have some serious new vulnerabilities, open-source isn't free, but neither is commercial software, get on the TPM bus, find URLs with stealth, stealing credentials with more Palto Alto and Fortinet, the first zoom call, and one person's trash is another person's gaming PC! Show Notes: https://securityweekly.com/psw-852
Published 11/21/24
Black Hats & White Collars: We know criminal hacking is big business because we've spied on them! Ken comes on the show to talk about chasing and stalking criminals, even if it means sacrificing some of your own personal safety. Show Notes: https://securityweekly.com/psw-852
Published 11/21/24
This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Watchtowr has some fun with Citrix VDI! Show Notes: https://securityweekly.com/asw-308
Published 11/20/24
In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Show Notes: https://securityweekly.com/bsw-373
Published 11/19/24
Google DeGoogled, Hammerbarn, Blofeld, VMWare, DeepData, SafePay, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-432
Published 11/19/24
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating...
Published 11/19/24
This week's interview dives deep into the state of biometrics with two Forrester Research analysts! This discussion compares and contrasts regional approaches to biometrics; examine the security challenges and benefits of their implementation; and reveal how biometrics holds the keys to a range of engagement models of the future. Andras Cser dives into the technical end of things and explains how biometrics can be resilient to attack. We can't replace our fingerprints or faces, but as...
Published 11/19/24
This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-384
Published 11/16/24
Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support?...
Published 11/15/24
Granny Bots, Microsoft, Shrinklocker, SlugResin, BlueSky, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-431
Published 11/15/24
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this...
Published 11/15/24
We kicked things off by talking about the Holiday Hack Challenge, which is like this massive cyber playground that Sans puts out every year for everyone from fifth graders to government spooks. Ed Skoudis broke down how they're changing things this time, with an early release and a phased approach that'll give you more time to play and learn. But the real mind-bender was when Ed spilled the beans on how they build this whole thing using one giant Google sheet - I mean, we're talking hundreds...
Published 11/14/24
Alright, so we dove deep into some pretty wild stuff this week. We started off talking about zip files inside zip files. This is a variation of old-school zip file tricks, and the latest method described here is still causing headaches for antivirus software. Then we geeked out about infrared signals and the Flipper Zero, which brought back memories of the TV-B-Gone. But the real kicker was our discussion on end-of-life software and the whole CVE numbering authority mess. Avanti's refusal to...
Published 11/14/24
In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more! Show Notes: https://securityweekly.com/bsw-372
Published 11/12/24
This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not? All that and more on this week's news segment. Show Notes: https://securityweekly.com/asw-307
Published 11/12/24
Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-430
Published 11/12/24
In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Cloud-Native Development delves into many aspects and trends affecting AppSec as it matures, particularly in cloud-first organizations. We also discuss the fuzzy line between "cloud-native" AppSec and everything else that refuses to disappear, particularly for organizations that weren't born cloud-native and still have legacy workloads to worry...
Published 11/12/24
Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health? Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can...
Published 11/12/24
In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-383
Published 11/09/24
Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation? There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out. Show Notes: https://securityweekly.com/esw-383
Published 11/08/24