ES Episode85

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #85

Recorded March 28, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
    • Visit securityweekly.com/domaintools to register for our next webcast “Detecting Malicious Domains” hosted by myself and Keith Hoodlet. Tim Helming of DomainTools joins us to show you how to interpret each of the many data points related to a domain. @Wednesday, April 4th 3:00-4:00pm ET


    Enterprise Security News

    Paul

    1. Finjan files patent suit against Carbon Black IP Strategy News
    2. Cisco commits $50 million to end homelessness in Silicon Valley
    3. CensorNet Granted Patent for Technology to Further Boost Security and User Experience of its Multi-Factor Authentication
    4. Wombat Security Introduces New Insider Threat Training Modules
    5. Distil Networks' Annual Bad Bot Report Finds One in Five Companies Now Block Russian Traffic
    6. Netskope enhances Cloud Security capabilities for enterprises
    7. Google loses Android battle and could owe Oracle billions of dollars
    8. BeyondTrust PowerBroker for Windows Tracks and Prevents Lateral Movement Within Enterprise Networks

    Keith

    1. Telegram told to give encryption keys to Russian authorities
    2. CVE-2017-1002101 - subpath volume mount handling allows arbitrary file access in host filesystem
    3. Gotta Collect it All - Google & Facebook
    4. Alex Stamos' original thoughts on Cambridge Analytica
    5. Revised tweets from Alex Stamos' on Cambridge Analytica
    6. Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach
    7. The Whistleblower behind the Cambridge Analytica story
    8. The "Anti-Portfolio"

    Topic: The Pheonix Project Book Review For Enterprise Security Professionals

    I've just finished reading this book (again) and found it even better the second time around. There are some things you should know going into it:

    1. Many say you should read "The Goal" by Eliyahu M. Goldratt and Jeff Cox
    2. You should also read The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations (I have not yet)
    3. Security is all about process, and these books will help you truly understand how process works, taking pages right out of lean manufacturing
    4. It helped me realize a few things:
      1. Choosing which work to start on first is one of the most critical steps
      2. Making sure you have all the requirements and materials before you start is a must
      3. The four different types of work
      4. The firefighting type of work is the worst
      5. I've worked with all the characters in the book (in my mind)
      6. I have already made process improvements as a result
      7. I feel I better understand Devops and can lead my team more effectively now that I understand the goals of Devops in context


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+