ES Episode132

From Paul's Security Weekly
Jump to: navigation, search

Recorded April 10, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Announcements:

    • Register for our upcoming webcast with ServiceNow by going to securityweekly.com/webcasts . If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to securityweekly.com and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Rebecca Larson and Mike Weber, Coalfire

    Mike Weber is the Vice President of Coalfire
    Mike Weber is responsible for the oversight of Coalfire Labs operations, including penetration testing, application security assessments, forensics, and research and development. He leads a team of over 70 security professionals focused on offensive security services and compliance testing.
    Mike has 20 years of experience in senior security positions in various technical fields, including enterprise security planning, network engineering, vulnerability and risk assessment, penetration testing, system administration, and programming.
    Prior to joining Coalfire, Mike was the FSO and Director of Information Security Services at Critigen and CH2M HILL and served on a contract basis as the Deputy Chief Information Security Officer for the state of Colorado. Previously, he held positions including Computer Security Manager at the Department of Energy’s Rocky Flats Environmental Technology Site and as a programmer and QA specialist at Via Systems.





    Rebecca Larson is the Director, Vulnerability Assessment Operations ofCoalfire

    Beck is a twice-awarded Director of the CoalfireOne Scanning Services team within the Labs practice at Coalfire – she earned Team Member of the Quarter for successfully navigating the company’s annual ASV Lab in 2015 and was recognized as a Rising Star within the Labs organization at Hexacon 2018. She is responsible for all things ASV-related at Coalfire, including ensuring that Coalfire maintains its company-level ASV licensure by passing the PCI SSC’s validation Lab annually, maintaining Coalfire’s ASV staff, and ensuring satisfaction across Coalfire’s vulnerability scanning client base. She has been heavily invested in helping redesign and support the new CoalfireOne Scanning Platform, launching in Q2 of 2019.



    Coalfire ASV Scanning:

    • ASV program (love, praise, struggle)
    • ASV regulations
    • Development and growth of scanning, 1-5 person team, partnership, marketing position
    • How Jeff and Beck know each other
    • Published opinion piece, getting knowledge, supporting the industry
    • Scan platform
    • RISE - movement inthe company, coalfire programs, development at Coalfire
    • Limitations of scanning, pen testing?
    • Coalfire labs
    • PA QSA
    • Assessment of Payment Software, validating solutions, secure software development framework


    Enterprise News

    1. Cloud security company Bitglass raises $70M in late-stage round - SiliconANGLE
    2. Lockpath Announces Significant Updates to Keylight Platform
    3. TrustBuilder Identity Hub introduces simple, scalable access management for Docker
    4. Pulse Secure Announces Collaboration with New Strategic Authorized Education Partners
    5. RedSeal raises more than $60 million for its cybersecurity tools
    6. Google expands cloud security capabilities, including simpler configuration
    7. Sysdig Unites Cloud-Native Visibility and Security in Platform Update

    SecureWorld Boston 2019: Vendor Briefing