ESWEpisode161

From Security Weekly Wiki
Jump to navigationJump to search

Recorded November 13, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    Topic: STEALTHbits, Tenable, Aqua Security

    1. STEALTHbits releases StealthDEFEND 2.2, its real-time threat detection and response platform - Help Net Security
    2. Appsian extends platform to SAP customers - Help Net Security
    3. Bitdefender GravityZone enhanced with new endpoint defense capabilities - Help Net Security
    4. Top Application Security Vendors
    5. Stellar Cyber adds a new Data Streaming Application to its Starlight platform - Help Net Security
    6. CloudVector's API Threat Protection platform monitors and secures APIs to prevent data breaches - Help Net Security
    7. Tenable to Secure Enterprise Cloud Environments with Microsoft Azure Integration
    8. Five Points buys GrammaTech - PE Hub
    9. Aqua Security buys CloudSploit to expand into cloud security posture management - SiliconANGLE


    Interview: Baber Amin, Ping Identity

    Topic: Zero Trust architecture

    Description:
    Security has always been perimeter centric with an "US" vs "THEM" approach. Multiple factors are forcing a change to this design pattern, and exposing it's shortcomings. The concept of "zero trust" is really a concept of "defence in depth" applicable when our perimeters are ephemeral and fluid.

    Resources:

    Baber Amin is the CTO West at Ping Identity

    At Ping Identity, Mr. Amin is currently CTO for West, helping customers with their IAM strategy, zero trust architecture, and modeling for a privacy first approach. At Ping Identity he is guiding product roadmap for Zero Trust, AI/ML strategy, championing privacy by design principals, and evaluating M&A fit. Previously, he was responsible for Ping’s solution offering around OpenBanking, GDPR, Privacy, and Consent, across Ping’s product portfolio; solution centric go-to market and pricing strategy, and for Ping Identity solutions in Employee, and Consumer centric Identity and Access Management.
    Prior to Ping Identity, Mr. Amin served as Senior Director of product management for IDaaS solutions at Oracle Corp. and CA Technologies. Before that, Mr. Amin served as Director of Cloud Security with Novell Identity and Security. He was responsible for crafting Oracle’s IDaaS strategy and setting direction for the future of Identity Services.
    At CA Technologies, Mr. Amin’s primary responsibility was for CA Advanced Risk Based and Multifactor Authentication offering and CA IAM product and service strategy in the cloud, including it's next generation cloud security service offerings. During his time at Novell, he helped position Novell as a thought leader in Identity based services, cloud and enterprise security. His primary role was to lead the overall strategy for Novell Cloud Security and oversee ongoing product direction in the area.
    Mr. Amin is also an author on several patents in software security, web caching and content distribution, and speaker at various events.


    Interview: Ward Cobleigh, VIAVI Solutions

    Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions

    Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.

    Segment Topic:
    Threat Detection: The Network Scavenger Hunt

    Segment Description:
    There’s an abundance of potential data sources that can be found within you network. Where should you look? Which data sources offer unique perspectives and value? How can you use these data sources to speed threat identification, understand scope and impact, and aide in remediation steps to minimize impact? This segment will include a brief demonstration of how commonly available data sources can be effectively leveraged by SecOps and NetOps teams.

    1. Brief demo/intro to our new Splunk integration

    Slides: VIAVI Slides

    Segment Resources:
    - SANS OnDemand Webinar Recording:

    - Blogs: