- 1 Enterprise Security Weekly Episode #186 - June 03, 2020
- 2 1. News - Dragos, AttackIQ, Cortex XSOAR, & SureCloud - 12:30 PM-01:00 PM
- 3 2. Interview - Unraveling Your Software Bill of Materials - 01:00 PM-01:30 PM
- 4 3. Interview - Security Chaos Engineering - 01:30 PM-02:00 PM
Enterprise Security Weekly Episode #186 - June 03, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. News - Dragos, AttackIQ, Cortex XSOAR, & SureCloud - 12:30 PM-01:00 PM
- Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
- Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
SureCloud Launches Cyber Resilience Assessment Solution, Blackpoint Cyber launches 365 Defense - a Microsoft 365 security add-on for its MDR service, Endace and Palo Alto Networks Cortex XSOAR enable accelerated forensics of cyberthreats, Zscaler acquires Edgewise Networks, WatchGuard Technologies Completes Acquisition of Panda Security, and more!
John Strand's Content:
Matt Alderman's Content:
Paul Asadoorian's Content:
- Semperis adds vulnerability assessment, security reporting, and auto-remediation to its DSP - Help Net Security
- AWS launches Amazon Honeycode to help quickly build mobile and web apps without programming - Help Net Security
- Elastic Enterprise Search: Giving users the tools to bring search experiences to market quickly - Help Net Security
- Thought Machine Vault now runs on Google Cloud, AWS, Microsoft Azure and IBM Cloud - Help Net Security
- SafeGuard 7.6: Improved threat visibility, defense and protection across social platforms - Help Net Security
- Codefresh Raises $27 Million in Funding | DEVOPSdigest
- Puppet Introduces Public Beta of Relay | DEVOPSdigest
- StorageCraft announced a significant upgrade of ShadowXafe
- SaltStack announced SaltStack Enterprise 6.3
- Dahua Technology Releases DMSS for Improved Services
- ThreatQuotient Integrates with Intel 471 Cybercrime Intelligence
- Attivo Networks Advanced Protection Disrupts Ransomware 2.0
2. Interview - Unraveling Your Software Bill of Materials - 01:00 PM-01:30 PM
- Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
Whether you are deploying your own software or someone else's software, there are a chain of dependencies that likely includes vulnerabilities. From the base OS image, to utilities, to frameworks and app servers, to language specific libraries, all can contain vulnerabilities. Not only can they contain vulnerabilities, but the chain of dependencies can carry vulnerabilities as well. Learn how to combat this problem in this segment!
To learn more about Snyk, visit: https://securityweekly.com/snyk
Alyssa Miller is Application Security Advocate at Snyk
As a hacker, Alyssa Miller has a passion for security which she evangelizes to business leaders and industry audiences both through her work as a cyber security professional and through her various public speaking engagements. Her goal is to change the way we look at the security of our interconnected way of life and focus attention on defending privacy and upholding trust. At Snyk Alyssa is a member of the Developer Relations and Community group responsible for providing industry and thought leadership on application security and open-source software security topics. Alyssa works closely with the community to share ideas and understand the needs and challenges of security teams as it applies to development and DevSecOps practices.
3. Interview - Security Chaos Engineering - 01:30 PM-02:00 PM
- Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Our second June webcast will be with Google Cloud teaching you how to prevent account takeover attacks! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Co-Founder and CEO Casey Rosenthal and Co-Founder and CTO Aaron Rinehart of Verica join us today to talk Chaos Engineering and Security, Continuous Integration, Delivery, Verification, and more!
Aaron Rinehart is CTO, Founder at Verica
Aaron has been expanding the possibilities of Chaos Engineering in its application to other safety- critical portions of the IT domain notably cybersecurity. He began pioneering the application of Security in Chaos Engineering during his tenure as the Chief Security Architect at the largest private healthcare company in the world, UnitedHealth Group (UHG). While at UHG Aaron released ChaoSlingr, one of the first open source software releases focused on using Chaos Engineering in cybersecurity to build more resilient systems. Aaron recently founded a Chaos Engineering startup called Verica with Casey Rosenthal from Netflix and is a frequent author, consultant and speaker in the space.
Casey Rosenthal is CEO at Verica
Casey Rosenthal is CEO and cofounder of Verica; formerly the Engineering Manager of the Chaos Engineering Team at Netflix. He has experience with distributed systems, artificial intelligence, translating novel algorithms and academia into working models, and selling a vision of the possible to clients and colleagues alike. His superpower is transforming misaligned teams into high performance teams, and his personal mission is to help people see that something different, something better, is possible. For fun, he models human behavior using personality profiles in Ruby, Erlang, Elixir, and Prolog.