From Security Weekly Wiki
Jump to navigationJump to search

Security and Compliance Weekly Episode #48 - October 20, 2020

Subscribe to all of our shows and mailing list by visiting:

1. Integrated Risk Management & Operational Resiliency - 12:00 PM-12:30 PM

Visit for more information!


  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit:


2020 has been the perfect storm for risk management planners and practitioners. Steve Schlarman, Director of Product Marketing and GRC Strategist for RSA Archer will provide anecdotes and lessons learned about how Risk management programs have been challenged this year, and how they need to adapt moving forward.

This segment is sponsored by RSA Security.

Visit to learn more about them!


Steve Schlarman

As IRM Strategist for Archer, Steve is responsible for applying his 20+ years of experience in Integrated Risk Management, GRC, security and product marketing to Archer solutions. His role includes market research and thought leadership in the risk management industry.


2. How Backdoors Lead To Breaches & GRC Compliance Issues - 12:30 PM-01:00 PM


  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit to view the agenda and register for free!

  • Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit to see what we have coming up! Or visit to view our previously recorded webcasts!


The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information via forms. As the web app's front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars.

White paper: "How Backdoors In Client-side of Web Applications Can Lead To Breaches and GRC Compliance Issues:


David Mundhenk

David Mundhenk is an information security, governance, risk and compliance consultant with extensive multi-organizational experience providing a myriad of professional security services to business & government entities worldwide. David has worked as a computer and network systems security professional for 28 years. David’s experience covers a broad spectrum of security disciplines including security compliance assessments, security product quality assurance, vulnerability scanning, penetration testing, application security assessments, network and host intrusion detection/prevention, disaster and recovery planning, protocol analysis, formal security training instruction, and social engineering. David has successfully completed 200+ PCI DSS assessments, and scores of PA-DSS assessments.

Ivan Tsarynny

Ivan Tsarynny is CEO and Co-Founder of Feroot Security, Member GDPR Advisory Committee at Standard Council of Canada, and is based in Toronto, Canada.