From Security Weekly Wiki
Jump to navigationJump to search

Recorded January 17, 2020 at G-Unit Studios in Rhode Island!

Episode Audio


  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Annoucements:

    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.

    Security News

    Security Weekly News Wrap Up -- 17 -- January -- 2020

      Show Summaries from this week
    • On Security and Compliance Weekly, Matt, Scott Lyons, and Josh Marpet talked with Ben Rothke. Ben manages information security at Tapad. this show was focused on all the different personalities you run into when you are doing compliance and audit engagements. From my perspective those include angry people with guns and tasers but maybe it was just me.
    • On Enterprise Security Weekly, Paul, John Strang and Matt talked with Markk Orland of Bionic Cyber. The discussion focused on rethinking security operations in the enterprise. Specifically, defenders really struggle with bias, alert fatiugue, turnover, etc. which results in serious problems. Does good security really just mean creating a monitoring team and investing in products? We see this problem over and over so maybe it's time to rethink some of these approaches.
    • Also on Enterprise Security Weekly, a second interview with Ward Cobleigh from VIAVI Solutions focused on VISA security alerts. They talked about the need for ongoing network monitoring and how to react quickly when there are indicators of compromise. I really like the idea that we should focus not just on the fact that an alert happened but how we can start to identify the scope of the breach.
    • On Business Security Weekly, Matt, Jason and Paul interviewed Al Ghous from Service Max. The conversation focused on the issues of startup security. Startups are often being run on a small budget with even more limitations on resources that can be dedicated to security hygiene. This creates an issue for the startup as Enterprises may not want to do business with non compliant small firms. Al talks about a framework to empower startups with reasonable security controls and how that can be implemented in the limited budget of startups. That site is security4startups.com.
    • On Security Weekly News, Jason's expert commentary focused on 5G security and the issues surrounding a sort of "rolling" standard for all this since not everyone will be on board on day 1 with any new standard.
    • on Paul's Security Weekly, Paul, Larry, Lee, Jeff, and Tyler had an tech segent with Ryan Speers and Jeff Spielberg from River Loop Security. This segment was about "shifting security left." This is the data from 10 years finding that it is more expensive to respond to a single vulnerability disclosuer that it is to do an end to end embedded secure design process. Basically, they are looking at how you can start identifying security issues in the development chain (particularly in regards to IoT) since the patching time cycle is so long for firmware. They also began airing the hacker culture roundtable from the xmas show with all the hosts discussing this (and special guests). Definitely worth watching that pre recorded from the now legendary xmas show if you missed it live last year.