Difference between revisions of "ASWEpisode100"

From Security Weekly Wiki
Jump to navigationJump to search
Line 108: Line 108:
 
|[[Image:ClintGibler-0.jpg|200px|thumb|<center>'''[https://twitter.com/@clintgibler Clint Gibler]''' is Research Director at NCC Group</center>]]
 
|[[Image:ClintGibler-0.jpg|200px|thumb|<center>'''[https://twitter.com/@clintgibler Clint Gibler]''' is Research Director at NCC Group</center>]]
 
 
|Clint Gibler is a Research Director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis. Want to keep up with security research? Check out *tl; dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. [https://tldrsec.com tldrsec.com]
+
|Clint Gibler is a Research Director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis.
 +
Want to keep up with security research? Check out *tl; dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. [https://tldrsec.com tldrsec.com]
 
|-
 
|-
  

Revision as of 00:14, 19 March 2020

Application Security Weekly Episode 100 - 2020-03-16

Episode Audio

Application Security Weekly Episode 100

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 - April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

Fullaudio - None

Description:

This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly


John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW100FullaudioJohn Kinsella

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW100FullaudioMike Shema


News - Bottlerocket, Supply Chain Casualty, DevOps Sweet Spot

Description:

Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1).


John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW100NewsJohn Kinsella

Mike Shema's Content:

Mike-shema-0.jpg


Flaws, Breaches & Threats
Cloud, Code & Controls
Learning & Tools
Food for Thought


Interview: DevSecOps / Scaling Security - 6:00-6:45PM

Description:

Due to a combination of a) development teams embracing Agile and DevOps and b) that security teams are often outnumbered by developers 100:1 or more in many companies, there's been a fundamental shift in how security teams need to operate. I've spent a significant amount of time studying how security teams at companies, large and small, have attempted to adapt to this new reality. There are a number of interesting trends in how work is prioritized, continuous code scanning (static and dynamic), scaling threat modeling and detection & response, investing in secure defaults, asset inventory, self-healing cloud environments, and more.

Content:

Slide deck: https://docs.google.com/presentation/d/1lfEvXtw5RTj3JmXwSQDXy8or87_BHrFbo1ZtQQlHbq0/edit#slide=id.g6555b225cd_0_1069

Guest: Bio:
Clint Gibler is Research Director at NCC Group
Clint Gibler is a Research Director at NCC Group, a global information assurance specialist providing organizations with security consulting services. He’s helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and DevSecCon Seattle/London/Tel Aviv/Singapore. Clint holds a Ph.D. in Computer Science from the University of California, Davis.

Want to keep up with security research? Check out *tl; dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. tldrsec.com

Hosts

John Kinsella - Vice President of Container Security at Qualys
Mike Shema - Product Security Lead at Square