Recorded February 5, 2020 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
- Preempt Security Becomes First in Industry to do Real-Time Threat Detection for Encrypted Authentication Protocol Traffic
- Wallarm announces CircleCI Orbs for Wallarm FAST; Enables native CI/CD security testing
- Automox raises $30 million to protect enterprise endpoints from compromise
- Radiflow Launches Business-Driven Industrial Risk Analytics Service
- Check Point Delivers Unified Security Management as a Cloud Service
- Now available: eSentire's 2019 Annual Threat Intelligence Report - Help Net Security
- STEALTHbits' free program helps orgs mitigate risks associated with Microsoft's pending AD update - Help Net Security
- NETSCOUT enables streamline monitoring and reduces risk through greater visibility across the network - Help Net Security
- If Youre Only Focused on Patching, Youre Not Doing Vulnerability Management
- 2019 Vulnerability Report: Cybercriminals Continue to Target Microsoft Products
- Actionable Searching and Data Download with Vulnerability Management Dashboards | Qualys Blog
- Companies and employees embrace BYOD but with compliance and risk challenges - Lockpath.com
Interview: Malcolm Harkins, InfoSec World Speaker
Malcolm was also previously Vice President and Chief Security and Privacy Officer (CSPO) at Intel Corporation. In that role Malcolm was responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel’s information assets, products, and services.
He is a Fellow with the Institute for Critical Infrastructure Technology, a non-partisan think-tank providing on cybersecurity to the House, Senate, and a variety of federal agencies. Malcolm is a sought-after speaker for industry events. He has authored many white papers and in December 2012 published his first book, Managing Risk and Information Security: Protect to Enable®. He also was a contributing author to Introduction to IT Privacy, published in 2014 by the International Association of Privacy Professionals. The 2nd edition of Malcolm’s book, Managing Risk and Information Security: Protect to Enable®, was recently published in August of 2016. Malcolm has also testified before the United States Senate Committee on Commerce, Science, and Transportation on the “Promises and Perils of Emerging Technology for Cybersecurity”. He also testified at the Federal Trade Commission hearings on data security in December 2018.
Malcolm received his bachelor’s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.
The Rise of the Cyber Industrial Complex and Expense in Depth
The security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks.
- Threat reports are reporting that the security products don’t work
- Who holds responsibility for product security and risk?
- The economics of security
Interview: Wilson Bautista, InfoSec World Speaker
Security Orchestration Is Not About Tools
- Leadership, Dev, Ops and Secrity working together to provide security for the business, how does that work?
- The Wants, needs and human aspect of working in a team: leverage information and decentralize decision making, earn trust, develop leadership, deal with different personalities, move without authority because everyone knows the mission
- Commander intent, go do something and how, but the subordinates still have decision-making powers
- Meet stakeholders needs, by know what makes them happy and know what stresses them out
- Building secure culture
- Breaking down silos, communication between teams
- Security as governance and security working in teams, IR teams talking, Threat intel teams, pen testers, compliance
- DevSecLead Podcast