ESWEpisode163

From Paul's Security Weekly
Jump to: navigation, search

Recorded November 27, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Palo Alto Networks Announces Intent to Acquire Aporeto
    2. Cloudflare Open-Sources Network Vulnerability Scanner
    3. cPacket Networks to Offer Cloud Visibility Service with Google Cloud
    4. Secured Network Startup Perimeter 81 Raises $10 Million
    5. Qualys Brings its Market Leading Vulnerability Management Solution to the Next Level
    6. Attack Simulation Firm Cymulate Raises $15 Million
    7. Detectify Raises $23.7 Million in Series B Funding Round


    Interview: Ken Belva, OpCode41

    Ken Belva is the CEO and Founder at OpCode41.
    Kenneth F. Belva, CISSP, CEH is a cyber security expert practicing in the field since 1998 serving in both technical and non-technical roles. For the past 20+ years he worked mainly in the financial services vertical, most recently at a multinational conglomerate, conducting both technical and non-technical risk assessments at the application and network layers. From 2005 - 2013 he managed an Information Technology Risk Management Program for a bank whose assets are Billions of dollars. He has conducted technical assessments on large brand names, including Fortune 500 companies. He was previously on the board of the New York Metro Chapter of the Information Systems Security Association (ISSA) where he served in various capacities for 9 years. He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement. He has spoken at the chapters of most NYC professional organizations for cyber and physical security including: ISC2, OWASP, ISSA and ASIS. In 2015 he presented new methods for automated cross-site scripting detection at OWASP AppSecUSA 2015. In October 2016 he was invited to speak in China on cyber security.

    ITsecurity.com recognized him as one of the top information security influencers in 2007. In 2009, he was published in the Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause. He also co-authored one of the central chapters in Enterprise Information Security and Privacy, edited by Warren Axelrod, Jennifer L. Bayuk and Daniel Schutzer. In 2006 he co-authored a paper entitled “Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security” with Sam Dekay of The Bank of New York.

    Mr. Belva also has a number of technical accomplishments. At the OWASP AppSec2013 conference BugCrowd validated three of the 0-day vulnerabilities he found in Yahoo, Yandex and Angelist within the first two days of BugBash2013. He has since been credited with finding a number of other vulnerabilities on websites such as Netflix, OKCupid, joomla, Honeywell and Verifone. He has also found vulnerabilities in Microsoft and IBM software. His work on Universal Plug and Play vulnerabilities was cited at two major security conferences, Defcon and CanSecWest. Mr. Belva has conducted blackbox testing through whitebox code reviews. He received a US Patent in 2016 for his ground-breaking cross-site scripting detection and automated exploit techniques. He is the Publisher and Editor-in-Chief of bloginfosec.com as well as an NYC OWASP Chapter Leader. In addition, he is an independent penetration tester, security researcher and owner of OpCode 41 Security, Inc., a cyber security software company focusing on developing IoT security solutions and other security technology.

    Segment Topic:
    Why is scanning for default credentials missing from the rest of the scanning vendors?

    Segment Topic:
    IoT Crusher: Testing for Default & Weak Credentials

    Segment Description:
    The problem of default and weak credentials. Why they're still low hanging fruit after all these years. And new solutions to detecting default and weak credentials on the network.

    Segment Resources:


    Interview: Brendan O'Connor, Root Insurance

    Brendan O'Connor is the Information Security Program Manager at Root Insurance
    From Fortune 500 to Education, from startup to running a consulting firm, Brendan's experience in information security has served him well. It all started with his boss speaking outloud about how they 'needed to get someone to handle security', and deciding he wanted to be that someone. Now a CISSP, CISM, and a couple of decades, and many industry changes, later he is still at it.

    Segment Topic:
    Patch Management