ESWEpisode163

From Security Weekly Wiki
Jump to navigationJump to search

Recorded November 27, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Palo Alto Networks Announces Intent to Acquire Aporeto
    2. Cloudflare Open-Sources Network Vulnerability Scanner
    3. cPacket Networks to Offer Cloud Visibility Service with Google Cloud
    4. Secured Network Startup Perimeter 81 Raises $10 Million
    5. Qualys Brings its Market Leading Vulnerability Management Solution to the Next Level
    6. Attack Simulation Firm Cymulate Raises $15 Million
    7. Detectify Raises $23.7 Million in Series B Funding Round


    Interview: Ken Belva, OpCode41

    Ken Belva is the CEO and Founder at OpCode41.

    Kenneth F. Belva, CISSP, CEH is a cyber security expert practicing in the field since 1998 serving in both technical and non-technical roles. For the past 20+ years he worked mainly in the financial services vertical, most recently at a multinational conglomerate, conducting both technical and non-technical risk assessments at the application and network layers. From 2005 - 2013 he managed an Information Technology Risk Management Program for a bank whose assets are Billions of dollars. He has conducted technical assessments on large brand names, including Fortune 500 companies. He was previously on the board of the New York Metro Chapter of the Information Systems Security Association (ISSA) where he served in various capacities for 9 years. He has spoken and moderated at the United Nations as well as presented on AT&T’s Internet Security News Network (ISNN) on discovering unknown web application vulnerabilities as well as being interviewed on security enablement. He has spoken at the chapters of most NYC professional organizations for cyber and physical security including: ISC2, OWASP, ISSA and ASIS. In 2015 he presented new methods for automated cross-site scripting detection at OWASP AppSecUSA 2015. In October 2016 he was invited to speak in China on cyber security.

    ITsecurity.com recognized him as one of the top information security influencers in 2007. In 2009, he was published in the Information Security Management Handbook, Sixth Edition, edited by Hal Tipton and Micki Krause. He also co-authored one of the central chapters in Enterprise Information Security and Privacy, edited by Warren Axelrod, Jennifer L. Bayuk and Daniel Schutzer. In 2006 he co-authored a paper entitled “Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security” with Sam Dekay of The Bank of New York.

    Mr. Belva also has a number of technical accomplishments. At the OWASP AppSec2013 conference BugCrowd validated three of the 0-day vulnerabilities he found in Yahoo, Yandex and Angelist within the first two days of BugBash2013. He has since been credited with finding a number of other vulnerabilities on websites such as Netflix, OKCupid, joomla, Honeywell and Verifone. He has also found vulnerabilities in Microsoft and IBM software. His work on Universal Plug and Play vulnerabilities was cited at two major security conferences, Defcon and CanSecWest. Mr. Belva has conducted blackbox testing through whitebox code reviews. He received a US Patent in 2016 for his ground-breaking cross-site scripting detection and automated exploit techniques. He is the Publisher and Editor-in-Chief of bloginfosec.com as well as an NYC OWASP Chapter Leader. In addition, he is an independent penetration tester, security researcher and owner of OpCode 41 Security, Inc., a cyber security software company focusing on developing IoT security solutions and other security technology.

    Segment Topic:
    Why is scanning for default credentials missing from the rest of the scanning vendors?

    Segment Topic:
    IoT Crusher: Testing for Default & Weak Credentials

    Segment Description:
    The problem of default and weak credentials. Why they're still low hanging fruit after all these years. And new solutions to detecting default and weak credentials on the network.

    Segment Resources:


    Interview: Brendan O'Connor, Root Insurance

    Brendan O'Connor is the Information Security Program Manager at Root Insurance

    From Fortune 500 to Education, from startup to running a consulting firm, Brendan's experience in information security has served him well. It all started with his boss speaking outloud about how they 'needed to get someone to handle security', and deciding he wanted to be that someone. Now a CISSP, CISM, and a couple of decades, and many industry changes, later he is still at it.

    Segment Topic:
    Patch Management