Episode579

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #579

Recorded October 18, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Signal Sciences entitled Which way should you shift testing in the SDLC? This webcast will be held November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!
    • One of our illustrious co-hosts, Patrick Laverty, will be co-presenting "Pentesting: Tips, Tricks and Stories" with Aaron Herndon at BSides CT 2019! Ticket sales are open until the day of the show (Saturday, November 3rd) for $20. Go to bsidesct.org to register now!
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

    Interview: Mark Dufresne, VP of Threat Research for Endgame - 6:00-6:30PM

    Mark Dufrense
    is the VP of Threat Research for Endgame.
    Mark Dufresne is the Vice President of Threat Research at Endgame. He is responsible for Endgame's efforts to understand cyber threats and develop capabilities to detect and prevent malicious adversary techniques. Mark has over twelve years of experience in various aspects of cyber security as an Operations Chief and Manager at NSA. Mark spearheaded efforts to defend against the global range of cyber adversaries, with a focus on disrupting and mitigating Advanced Persistent Threat cyber activities. Mark also coordinated intelligence sharing and collaboration efforts across the US Government to improve cyber defense and prevention capabilities across the community. Mark is a graduate from Johns Hopkins University and earned his Master's in Security Informatics.


    Tech Segment: John Walsh, DevOps Evangelist at CyberArk - 6:30PM-7:00PM

    John Walsh
    is the DevOps Evangelist at CyberArk.
    John Walsh is a DevOps evangelist at CyberArk, the global leader in privileged access security. He has a strong background in DevOps and security with more than 15 years of experience in product management, product marketing and software engineering. Prior to CyberArk, John served as director of product marketing at SSH Communications Security. He also worked at IBM as a developer where he obtained a patent, contributed to solution guides and designed a number of key software features for security products such as LDAP, firewall and Java cryptography. John holds a master’s degree in management information systems from Marist College and a bachelor’s degree in computer science from Binghamton University.


    Security News - 7:30 - 8:30PM

    Paul's Stories

    1. How to use the Shodan search engine to secure an enterprise's internet presence
    2. Apache Access Vulnerability Could Affect Thousands of Applications
    3. Audits: The Missing Layer in Cybersecurity
    4. Vulnerable controllers could allow attackers to manipulate marine diesel engines
    5. DMARC Email Security Adoption Soars as US Government Deadline Hits
    6. Notes on the UK IoT cybersec "Code of Practice"
    7. Spies Among Us: Tracking, IoT & the Truly Inside Threat
    8. InfoSec Handlers Diary Blog - Internet Storm Center Diary 2018-10-16
    9. ICS Security Plagued with Basic, Avoidable Mistakes

    Jack's Stories

    Joff's Stories

    Jason's Stories

    Jeff's Stories

    1. Trivial authentication bypass in libssh leaves servers wide open
    2. Who Thinks of HP for End Point Security