Player FM - Internet Radio Done Right
Checked 1d ago
הוסף לפני four שנים
Kandungan disediakan oleh Security Weekly Productions. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Security Weekly Productions atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
Player FM - Aplikasi Podcast
Pergi ke luar talian dengan aplikasi Player FM !
Pergi ke luar talian dengan aplikasi Player FM !
Podcast Berbaloi untuk Didengar
DITAJA
C
Curated Questions: Conversations Celebrating the Power of Questions!
![Curated Questions: Conversations Celebrating the Power of Questions! podcast artwork](https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/32.jpg 32w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/64.jpg 64w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/128.jpg 128w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/256.jpg 256w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/512.jpg 512w)
![Curated Questions: Conversations Celebrating the Power of Questions! podcast artwork](/static/images/64pixel.png)
Episode Notes [03:47] Seth's Early Understanding of Questions [04:33] The Power of Questions [05:25] Building Relationships Through Questions [06:41] This is Strategy: Focus on Questions [10:21] Gamifying Questions [11:34] Conversations as Infinite Games [15:32] Creating Tension with Questions [20:46] Effective Questioning Techniques [23:21] Empathy and Engagement [34:33] Strategy and Culture [35:22] Microsoft's Transformation [36:00] Global Perspectives on Questions [39:39] Caring in a Challenging World Resources Mentioned The Dip by Seth Godin Linchpin by Seth Godin Purple Cow by Seth Godin Tribes by Seth Godin This Is Marketing by Seth Godin The Carbon Almanac This is Strategy by Seth Godin Seth's Blog What Does it Sound Like When You Change Your Mind? by Seth Godin Value Creation Masterclass by Seth Godin on Udemy The Strategy Deck by Seth Godin Taylor Swift Jimmy Smith Jimmy Smith Curated Questions Episode Supercuts Priya Parker Techstars Satya Nadella Microsoft Steve Ballmer Acumen Jerry Colonna Unleashing the Idea Virus by Seth Godin Tim Ferriss podcast with Seth Godin Seth Godin website Beauty Pill Producer Ben Ford Questions Asked When did you first understand the power of questions? What do you do to get under the layer to really get down to those lower levels? Is it just follow-up questions, mindset, worldview, and how that works for you? How'd you get this job anyway? What are things like around here? What did your boss do before they were your boss? Wow did you end up with this job? Why are questions such a big part of This is Strategy? If you had to charge ten times as much as you charge now, what would you do differently? If it had to be free, what would you do differently? Who's it for, and what's it for? What is the change we seek to make? How did you choose the questions for The Strategy Deck? How big is our circle of us? How many people do I care about? Is the change we're making contagious? Are there other ways to gamify the use of questions? Any other thoughts on how questions might be gamified? How do we play games with other people where we're aware of what it would be for them to win and for us to win? What is it that you're challenged by? What is it that you want to share? What is it that you're afraid of? If there isn't a change, then why are we wasting our time? Can you define tension? What kind of haircut do you want? How long has it been since your last haircut? How might one think about intentionally creating that question? What factors should someone think about as they use questions to create tension? How was school today? What is the kind of interaction I'm hoping for over time? How do I ask a different sort of question that over time will be answered with how was school today? Were there any easy questions on your math homework? Did anything good happen at school today? What tension am I here to create? What wrong questions continue to be asked? What temperature is it outside? When the person you could have been meets the person you are becoming, is it going to be a cause for celebration or heartbreak? What are the questions we're going to ask each other? What was life like at the dinner table when you were growing up? What are we really trying to accomplish? How do you have this cogent two sentence explanation of what you do? How many clicks can we get per visit? What would happen if there was a webpage that was designed to get you to leave? What were the questions that were being asked by people in authority at Yahoo in 1999? How did the stock do today? Is anything broken? What can you do today that will make the stock go up tomorrow? What are risks worth taking? What are we doing that might not work but that supports our mission? What was the last thing you did that didn't work, and what did we learn from it? What have we done to so delight our core customers that they're telling other people? How has your international circle informed your life of questions? What do I believe that other people don't believe? What do I see that other people don't see? What do I take for granted that other people don't take for granted? What would blank do? What would Bob do? What would Jill do? What would Susan do? What happened to them? What system are they in that made them decide that that was the right thing to do? And then how do we change the system? How given the state of the world, do you manage to continue to care as much as you do? Do you walk to school or take your lunch? If you all can only care if things are going well, then what does that mean about caring? Should I have spent the last 50 years curled up in a ball? How do we go to the foundation and create community action?…
Enterprise Security Weekly (Audio)
Tandakan semua sebagai (belum) dimainkan
Manage series 2794639
Kandungan disediakan oleh Security Weekly Productions. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Security Weekly Productions atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.
…
continue reading
412 episod
Tandakan semua sebagai (belum) dimainkan
Manage series 2794639
Kandungan disediakan oleh Security Weekly Productions. Semua kandungan podcast termasuk episod, grafik dan perihalan podcast dimuat naik dan disediakan terus oleh Security Weekly Productions atau rakan kongsi platform podcast mereka. Jika anda percaya seseorang menggunakan karya berhak cipta anda tanpa kebenaran anda, anda boleh mengikuti proses yang digariskan di sini https://ms.player.fm/legal.
News, analysis, and insights into enterprise security. We put security vendors under the microscope, and explore the latest trends that can help defenders succeed. Hosted by Adrian Sanabria. Co hosts: Katie Teitler-Santullo, Darwin Salazar.
…
continue reading
412 episod
Semua episod
×E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 Evolving the SOC: Automating Manual Work while Maintaining Quality at Scale - Allie Mellen, Tim MalcomVetter - ESW #394 1:55:17
1:55:17
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:55:17![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
We've got a few compelling topics to discuss within SecOps today. First, Tim insists it's possible to automate a large amount of SecOps work, without the use of generative AI . Not only that, but he intends to back it up by tracking the quality of this automated work with an ISO standard unknown to cybersecurity. I've often found useful lessons and wisdom outside security, so I get excited when someone borrows from another, more mature industry to help solve problems in cyber. In this case, we'll be talking about Acceptable Quality Limits (AQL), an ISO standard quality assurance framework that's never been used in cyber. Segment Resources: Introducing AQL for cyber. AQL - How we do it An AQL 'calculator' you can play around with We couldn't decide what to talk to Allie about, so we're going with a bit of everything. Don't worry - it's all related and ties together nicely. First, we'll discuss AI and automation in the SOC - Allie is covering this trend closely, and we want to know if she's seeing any results yet here. Next, we'll discover SecOps data management - the blood that delivers oxygen to the SOC muscles. Finally, we'll discuss MITRE's recent EDR evaluations - there was some contention around some vendors claiming to ace the test and we're going to get the tea on what's really going on here! For each of these three topics, these are the blog posts they correspond with if you want to learn more: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) If You’re Not Using Data Pipeline Management For Security And IT, You Need To Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes In this week's enterprise security news, we've got 5 acquisitions Tines gets funding new tools and DFIR reports to check out A legal precedent that could hurt AI companies AI garbage is in your code repos the dark side of security leadership HIPAA fines are broken Salt Typhoon is having a great time Don't use ChatGPT for legal advice!!!!! All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-394…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 The groundbreaking technology addressing employment scams and deepfakes - John Dwyer, Aaron Painter - ESW #393 1:49:44
1:49:44
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:49:44![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Spoiler: it's probably in your pocket or sitting on the table in front of you, right now! Modern smartphones are conveniently well-suited for identity verification. They have microphones, cameras, depth sensors, and fingerprint readers in some cases. With face scanning quickly becoming the de facto technology used for identity verification, it was a no-brainer for Nametag to build a solution around mobile devices to address employment scams. Segment Resources: Company website Aaron's book, Loyal Listeners of the show are probably aware (possibly painfully aware) that I spend a lot of time analyzing breaches to understand how failures occurred. Every breach story contains lessons organizations can learn from to avoid suffering the same fate. A few details make today's breach story particularly interesting: It was a Chinese APT Maybe the B or C team? They seemed to be having a hard time Their target was a blind spot for both the defender AND the attacker Segment Resources: https://www.binarydefense.com/resources/blog/shining-a-light-in-the-dark-how-binary-defense-uncovered-an-apt-lurking-in-shadows-of-it/ https://www.theregister.com/2024/09/18/chinese spies found on us hq firm_network/ This week, in the enterprise security news, Semgrep raises a lotta money CYE acquires Solvo Sophos completes the Secureworks acquisition SailPoint prepares for IPO Summarizing the 2024 cybersecurity market Lawyers that specialize in keeping breach details secret Scientists torture AI Make sure to offboard your S3 buckets extinguish fires with bass All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-393…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 The Growth of Women in Cybersecurity Has Slowed - Why, and What Can We Do About It? - Lynn Dohm - ESW #392 2:11:49
2:11:49
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:11:49![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Celebrating and Elevating Women in Cyber: Recently, International Women in Cyber Day (September 1) highlighted the ongoing challenges women face in the cybersecurity field, as well as the progress made in recent years. Women bring exceptional skills and knowledge to cybersecurity; however, it is estimated that they make up only 20% to 25% of the cybersecurity workforce—a percentage that has remained stagnant for years. Even more concerning, women often hit a glass ceiling just six to ten years into their cybersecurity careers. Lynn Dohm sheds light on these issues and emphasizes what the industry needs to focus on to continue celebrating and elevating women in cyber. Segment Resources: 2023 State of Inclusion Benchmark in Cybersecurity 2024 Cyber Talent Study by N2K and WiCyS WiCyS Programs This week, we've added an extra news segment just on AI. Not because we wanted to, but because the news cycle has bludgeoned us into it. My mom is asking about Chinese AI, my neighbor wants to know why his stocks tanked, my clients want to know how to prevent their employees from using DeepSeek, it's a mess. First, a DeepSeek primer, so we can make sure all Enterprise Security Weekly listeners know what they need to know. Then we get into some other AI news stories. DeepSeek Primer I think the most interesting aspect of the DeepSeek announcements is the business/market impact, which isn't really security-related, but could have some impact on security teams. By introducing models that are cheaper to train, sell access to, and less demanding to run on systems, DeepSeek has opened up more market opportunities. That means we'll see generative AI used in markets and ways that didn't make sense before, because it was too expensive. Another aspect that's really confusing is what DeepSeek is or does. For the most part, when someone says "DeepSeek", they could be referring to: the company the open source models released by the company the SaaS service ( https://chat.deepseek.com ) the mobile app (which is effectively just a front end for #3) the API (which is what the mobile app and SaaS service are built on top of) From a security perspective, there's little to no operational risk around downloading and using the models, though they're likely to get banned, so companies could get in trouble for using them. As for the app, API, or SaaS service, assume everything you type into them is getting collected by China (so, significantly less safe, probably no US companies should do this). But because these services are crazy cheap right now, I wouldn't be surprised if some suppliers and third parties will start using DeepSeek - if your third party service provider is using DeepSeek behind the scenes with your data, you still have problem #2, so best to ensure they're not doing this through updated contract language and call to confirm that they're not currently doing it (can take a while to get a new contract in place). This week in the enterprise security weekly news, we discuss funding and acquisitions Understanding the Semgrep license drama Ridiculous vulnerabilities everywhere: vulns to take down your entire city’s cell service vulns to mess with your Subarus vulns in Microsoft 365 authentication cybersecurity regulations are worthless Facebook is banning people for mentioning Linux Vigilantes on Github Mastercard DNS error Qubes OS Turning a "No" into a conversation All that and more, on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-392…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 AI Red Teaming Comes to Bug Bounties - Francis Dinha, Michiel Prins - ESW #391 2:07:23
2:07:23
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:07:23![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
HackerOne's co-founder, Michiel Prins walks us through the latest new offensive security service: AI red teaming. At the same time enterprises are globally trying to figure out how to QA and red team generative AI models like LLMs, early adopters are challenged to scale these tests. Crowdsourced bug bounty platforms are a natural place to turn for assistance with scaling this work, though, as we'll discuss on this episode, it is unlike anything bug hunters have ever tackled before. Segment Resources: https://www.hackerone.com/ai/snap-ai-red-teaming https://www.hackerone.com/thought-leadership/ai-safety-red-teaming This interview is a bit different from our norm. We talk to the founder and CEO of OpenVPN about what it is like to operate a business based on open source, particularly through trying times like the recent pandemic. How do you compete when your competitors are free to build products using your software and IP? It seems like an oxymoron, but an open source-based business actually has some significant advantages over the closed source commercial approach. In this week's enterprise security news, the first cybersecurity IPO in 3.5 years! new companies new tools the fate of CISA and the cyber safety review board things we learned about AI in 2024 is the humanless SOC possible? NGFWs have some surprising vulnerabilities what did generative music sound like in 1996? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-391…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 The Next Era of Data Security: AI, Cloud, & Compliance - Jeff Smith, Dimitri Sirota, Kiran Chinnagangannagari - ESW #390 2:03:35
2:03:35
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:03:35![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Today's data landscape is undergoing a seismic shift with increasing regulatory pressures, rapid acceleration to the cloud, and AI adoption. Join BigID's CEO and Co-Founder, Dimitri Sirota, to learn how organizations can adopt a holistic approach to their data security and compliance strategy to keep up with the revolution in data, transforming their data into a competitive advantage. This segment is sponsored by BigID! Start protecting your sensitive data wherever your data lives at https://securityweekly.com/bigid . I've been so excited to see the external attack surface management (EASM) market take off in the past few years. This market category focuses exclusively on security issues exposed to the public Internet - issues ANYONE can see. All organizations have exposure management problems, but industries that are traditionally underfunded when it comes to cybersecurity and IT are particularly worse off. We see breaches in these industries every day - industries like manufacturing, healthcare, and education. Of course, exposure issues don't stop at the network boundary - all organizations have internal exposures to worry about as well. With all the breaches we see every week, we've become somewhat desensitized to them. Is it possible to address even just the most critical exposures (a fraction of 1% of all vulnerabilities) in one of the most underfunded industries? In this episode, we dive into how a small school system in New Mexico took on this challenge. This week in the enterprise news - Cymulate acquires CYNC Secure, Tidal Cyber acquires Zero-Shot, Amazon ransomware attack, and more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-390…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 How threat-informed defense benefits each security team member - Frank Duff, Nathan Sportsman - ESW #389 2:00:38
2:00:38
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:00:38![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
We're thrilled to have Frank Duff on to discuss threat-informed defense. As one of the MITRE folks that helped create MITRE ATT&CK and ATT&CK evaluations, Frank has been working on how best to define and communicate attack language for many years now. The company he founded, Tidal Cyber is in a unique position to both leverage what MITRE has built with ATT&CK and help enterprises operationalize it. Segment Resources: Tidal Cyber website Tidal Cyber Community Edition We're a fan of hacker lore and history here at Security Weekly. In fact, Paul's Security Weekly has interviewed some of the most notable (and notorious) personalities from both the business side of the industry and the hacker community. We're very excited to share this new effort to document hacker history through in-person interviews. The series is called "Where Warlocks Stay Up Late", and is the creation of Nathan Sportsman and other folks at Praetorian . The timing is crucial, as a lot of the original hackers and tech innovators are getting older, and we've already lost a few. References: Check out the Where the Warlocks Stay Up Late website and subscribe to get notified of each episode as it is released Check out the anthropological hacker map and relive your misspent youth! In this latest Enterprise Security Weekly episode, we explored some significant cybersecurity developments, starting with Veracode’s acquisition of Phylum, a company specializing in detecting malicious code in open-source libraries. The acquisition sparked speculation that it might be more about Veracode staying relevant in a rapidly evolving market rather than a strategic growth move, especially given the rising influence of AI-driven code analysis tools. We also covered One Password's acquisition of a UK-based shadow IT detection firm, raising interesting questions about their expansion into access management. Notably, the deal involved celebrity investors like Matthew McConaughey and Ashton Kutcher, suggesting a trend where Hollywood influence intersects with cybersecurity branding. A major highlight was the Cyber Haven breach, where a compromised Chrome extension update led to stolen credentials. The attack was executed through a phishing campaign disguised as a Google policy violation warning. To their credit, Cyber Haven responded swiftly, pulling the extension within two hours and maintaining transparency throughout. This incident underscored broader concerns around the poor security of browser extensions, an issue that continues to be exploited due to lax marketplace oversight. We also reflected on Corey Doctorow's concept of "Enshittification," critiquing platforms that prioritize profit and engagement metrics over genuine user experiences. His decision to disable vanity metrics resonated, especially considering how often engagement numbers are inflated in corporate settings. The episode wrapped with a thoughtful discussion on how CISOs can say "no" more effectively, emphasizing "yes, but" strategies and the importance of consistency. We also debated the usability frustrations of "magic links" for authentication, arguing that simpler alternatives like passkeys or multi-factor codes could offer a better balance between security and convenience. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-389…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 D3FEND 1.0: A Milestone in Cyber Ontology - Peter Kaloroumakis - ESW #388 1:42:49
1:42:49
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:42:49![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary that practitioners know not only what threats a capability claims to address, but specifically how those threats are addressed from an engineering perspective, and under what circumstances the solution would work" Segment Resources: https://d3fend.mitre.org In the enterprise security news, a final few fundings before the year closes out Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say the quiet HTTPS revolution passkeys are REALLY catching on resilience keeps showing up in the titles of news items Apple Intelligence insults the BBC’s intelligence MITRE ATT&CK evals drama Lastpass breach drama continues All that and more, on this episode of Enterprise Security Weekly As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-388…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 The 2024 Cybersecurity Market Review - Mike Privette, Rew Islam - ESW #387 1:47:09
1:47:09
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:47:09![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
For our second year now, Mike Privette, from Return on Security and the Security, Funded newsletter joins us to discuss the year's highlights and what's to come in the next 12 months. In some ways, it has been a return to form for funding, though some casualties of a tough market likely had to seek acquisition when they might have otherwise raised another round and stayed independent a while longer. We'll cover some stats, talk 2025 IPO market, and discuss the likelihood of (already) being in another bubble, particularly with regards to the already saturated AI security market. It won't be all financial trends though, we'll discuss some of the technical market trends, whether they're finding market fit, and how ~50ish AI SOC startups could possibly survive in such a crowded space. In this segment, we discuss two new FIDO Alliance standards focused on credential portability. Specifically, if passwordless is going to catch on, we need to minimize friction and maximize usability. In practice, this means that passkeys must be portable! Rew Islam of Dashlane joins us to discuss the new standards and how they'll help us enter a new age of secure authentication, both for consumers and the enterprise. Segment Resources: Elevating Passwordless Security With AWS Nitro Synced Passkeys Will Be Portable FIDO Alliance Publishes New Specifications to Promote User Choice and Enhanced UX for Passkeys This week, in the enterprise security news, NOTE: We didn't get to 2, 3, 5, or 7 due to some technical difficulties and time constraints, but we'll hit them next week! The show notes have been updated to reflect what we actually discussed this week: https://www.scworld.com/podcast-segment/13370-enterprise-security-weekly-387 Snowflake takes security more seriously Microsoft takes security more seriously US Government takes telecom security more seriously Cleo Capital takes security more seriously EU’s DORA takes effect soon Is phishing and security awareness training worthless? CISOs need financial literacy Supply chain firewall is basic but useful All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-387…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 Tackling Barriers on the Road To Cyber Resilience - Rob Allen, Theresa Lanowitz - ESW #386 1:59:27
1:59:27
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:59:27![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this final installment of a trio of discussions with Theresa Lanowitz about Cyber Resilience, we put it all together and attempt to figure out what the road to cyber resilience looks like, and what barriers security leaders will have to tackle along the way. We'll discuss: How to identify these barriers to cyber resilience Be secure by design Align cybersecurity investments with the business Also, be sure to check out the first two installments of this series! Episode 380: Cybersecurity Success is Business Success Episode 383: Cybersecurity Budgets: The Journey from Reactive to Proactive This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! When focused on cybersecurity through a vulnerability management lens, it's tempting to see the problem as a race between exploit development and patching speed. This is a false narrative, however. While there are hundreds of thousands of vulnerabilities, each requiring unique exploits, the number of post-exploit actions is finite. Small, even. Although Log4j was seemingly ubiquitous and easy to exploit, we discovered the Log4Shell attack wasn't particularly useful when organizations had strong outbound filters in place. Today, we'll discuss an often overlooked advantage defenders have: mitigating controls like traffic filtering and application control that can prevent a wide range of attack techniques. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! This week, in the enterprise security news, Funding and acquisition news slows down as we get into the “I’m more focused on holiday shopping season” North Pole Security picked an appropriate time to raise some seed funding Breaking news, it’s still super easy to exfiltrate data The Nearest Neighbor Attack Agentic Security is the next buzzword you’re going to be tired of soon Frustrations with separating work from personal in the Apple device ecosystem We check in on the AI SOC and see how it’s going Office surveillance technology gives us the creeps All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-386…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 2023 Funding and Acquisition Summary with Return on Security - Mike Privette - ESW Vault 43:56
43:56
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai43:56![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Check out this episode from the ESW Vault, hand picked by main host Adrian Sanabria! This segment was originally published on December 22, 2023. We're excited to give an end-of-year readout on the performance of the cybersecurity industry with Mike Privette, founder of Return on Security and author of the weekly Security, Funded newsletter. This year, this podcast has leaned heavily on the Security, Funded newsletter to prep for our news segment, as it provides a great summary of all the funding and M&A events going on each week. In this segment, we look back at 2023, statistics for the year, comparisons to 2022, interesting insights, predictions, and more! Segment Resources: Mike's blog; Return on Security: https://www.returnonsecurity.com/ Mike's newsletter; Security, Funded: https://www.returnonsecurity.com/subscribe Show Notes: https://securityweekly.com/vault-esw-17…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 Fixing how cybersecurity products are bought and sold - Mariana Padilla - ESW #385 1:52:17
1:52:17
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:52:17![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
This is a topic our hosts are very passionate about, and we're excited to discuss with Mariana Padilla, co-founder and CEO of Hackerverse. She wants to change how cybersecurity sales works, with a focus on making the process more transparent and ideally demonstrating a product's efficacy before buyers even need to talk to a sales team. We'll discuss why existing sales processes are broken, how VC funding impacts vendor sales/marketing, and why community-led growth is so important. Why a special segment on Microsoft Ignite announcements? There were a lot of announcements Microsoft is the largest security vendor, in terms of revenue Microsoft and its products are also the biggest and most vulnerable hacking target in the tech industry. In the enterprise security news, Bitsight, Snyk, and Silverfort announce acquisitions Tanium announces an “autonomous” endpoint security offering We find out how much a smartphone costs when it is manufactured in the US CISA’s leadership announces resignations Ransomware is going after old versions of Excel Should vendors be doing more about alert fatigue? The latest cybersecurity reports Using AI to mess with scammers All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-385…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 AI and the Autonomous SOC - Separating Hype from Reality - Justin Beals, Itai Tevet - ESW #384 1:56:05
1:56:05
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:56:05![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
There have been a lot of bold claims about how generative AI and machine learning will transform the SOC. Ironically, the SOC was (arguably) invented only because security products failed to make good on bold claims. The cybersecurity market is full of products that exist only to solve the problems created by other security products (Security Analytics, SOC Automation, Risk-Based Vulnerability Management). Other products are natural evolutions and pick up where others leave off. In this interview, we'll explore what AI can and can't do, particularly when it comes to alert triage and other common SOC tasks. Segment Resources: From Forrester: Generative AI Will Not Fulfill Your Autonomous SOC Hopes (Or Even Your Demo Dreams) From Intezer: Mastering SOC Automation in 2024: Tips, Trends and Tools The Future of SOC Automation Platforms SentinelOne wants to make the autonomous SOC a reality Naturally, the next approach to try is a federated one. How do we break down cybersecurity into more bite-sized components? How do we alleviate all this CISO stress we've heard about, and make their job seem less impossible than it does today? This will be a more standards and GRC focused discussion, covering: the reasons why cross-walking doesn't work the reasons why traditional TPRM approaches (e.g. questionnaires) don't work opportunities for AI to help risk management or sales support? This week in the enterprise security news, Upwind Security gets a massive $100M Series B Trustwave and Cybereason merge NVIDIA wants to force SOC analyst millennials to socialize with AI agents Has the cybersecurity workforce peaked? Why incident response is essential for resilience an example of good product marketing who is Salvatore Verini, Jr. and why does he have all my data? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-384…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 Cybersecurity Budgets: the Journey from Reactive to Proactive - Todd Thiemann, Theresa Lanowitz - ESW #383 2:01:03
2:01:03
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:01:03![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
CISOs struggle more with reactive budgets than CIOs or CTOs. It's not that part of the CISO's budget shouldn't be reactive, it's certainly necessary to an extent. The problem is when proactive measures suffer as a result. In this interview, we'll discuss some of the causes behind this and some strategies for breaking out of this loop. This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them! Is it a product or a feature? Is it DLP 4.0, or something legitimately new? Buy now, or wait for further consolidation? There are SO many questions about this market. It's undeniably important - data hygiene and governance continues to be a frustrating mess in many organizations, but is this the solution? We'll discuss with Todd to find out. In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-383…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 What if securing buildings was as easy as your smartphone? - Damon McDougald, Blaine Frederick, Punit Minocha - ESW #382 2:06:19
2:06:19
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai2:06:19![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
The future is here! Imagine if you could get into the office, a datacenter, or even an apartment building as easily as you unlock your smartphone. Alcatraz AI is doing exactly that with technology that works similarly to how smartphones unlock using your face. It works in the dark, if you shave off your beard, and so quickly you don't even need to slow down for the scan - you can just keep on walking. We don't often cover physical security, so this interview is going to be a treat for us. There are SO many questions to ask here, particularly for our hosts who have done physical penetration tests, social engineering, and tailgating in the past to get past physical security measures. This week, in the enterprise security news: the latest cybersecurity fundings Cyera acquires Trail Security Sophos acquires Secureworks new companies and products more coverage on Cyberstarts’ sunrise program AI can control your PC public cybersecurity companies are going private Splunk and Palo Alto beef All that and more, on this episode of Enterprise Security Weekly. Segment description coming soon! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-382…
E
Enterprise Security Weekly (Audio)
![Enterprise Security Weekly (Audio) podcast artwork](/static/images/64pixel.png)
1 Transforming the Defender's Dilemma into the Defender's Advantage - Charlotte Wylie, Bhawna Singh, Lenny Zeltser - ESW #381 1:50:15
1:50:15
Main Kemudian
Main Kemudian
Senarai
Suka
Disukai1:50:15![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here! The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers. Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org . Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot. Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/ Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link. Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/ This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-381…
Selamat datang ke Player FM
Player FM mengimbas laman-laman web bagi podcast berkualiti tinggi untuk anda nikmati sekarang. Ia merupakan aplikasi podcast terbaik dan berfungsi untuk Android, iPhone, dan web. Daftar untuk melaraskan langganan merentasi peranti.