Difference between revisions of "ASWEpisode87"

From Security Weekly Wiki
Jump to navigationJump to search
Line 28: Line 28:
  
 
===== Bugs, Breaches, and More! =====
 
===== Bugs, Breaches, and More! =====
[https://nakedsecurity.sophos.com/2019/11/27/facebook-twitter-profiles-slurped-by-mobile-apps-using-malicious-sdks/ Facebook, Twitter profiles slurped by mobile apps using malicious SDKs]
+
* [https://nakedsecurity.sophos.com/2019/11/27/facebook-twitter-profiles-slurped-by-mobile-apps-using-malicious-sdks/ Facebook, Twitter profiles slurped by mobile apps using malicious SDKs]
  
 
===== If you build it, they will come =====
 
===== If you build it, they will come =====
[https://nakedsecurity.sophos.com/2019/11/27/firefox-gets-tough-on-tracking-tricks-that-sneakily-sap-your-privacy/ Firefox gets tough on tracking tricks that sneakily sap your privacy]
+
* [https://nakedsecurity.sophos.com/2019/11/27/firefox-gets-tough-on-tracking-tricks-that-sneakily-sap-your-privacy/ Firefox gets tough on tracking tricks that sneakily sap your privacy]
  
 
===== Learning & Tools =====
 
===== Learning & Tools =====
[https://devops.com/decoding-the-modern-enterprise-software-spaghetti/ Decoding the Modern Enterprise Software Spaghetti]
+
* [https://devops.com/decoding-the-modern-enterprise-software-spaghetti/ Decoding the Modern Enterprise Software Spaghetti]
  
 
===== Food for Thought =====
 
===== Food for Thought =====
[https://www.darkreading.com/cloud/analysis-of-jira-bug-stresses-impact-of-ssrf-in-public-cloud-/d/d-id/1336479 Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud]
+
* [https://www.darkreading.com/cloud/analysis-of-jira-bug-stresses-impact-of-ssrf-in-public-cloud-/d/d-id/1336479 Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud]
[https://devops.com/devsecops-adoption-and-the-web-security-myth/ DevSecOps Adoption and the Web Security Myth]
+
* [https://devops.com/devsecops-adoption-and-the-web-security-myth/ DevSecOps Adoption and the Web Security Myth]
  
 
{{SocialMedia}}
 
{{SocialMedia}}

Revision as of 05:56, 2 December 2019

Recorded December 2, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Mike Shema
    is the Product Security Lead of Square.
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Sandy Carielli, Forrester Research

    Sandy Carielli
    is the Principal Analyst at Forrester Research.

    Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.

    Sandy has over 15 years of experience in the security industry, working in software engineering, consulting, product management, and technology strategy roles. Her most recent experience was at Entrust Datacard, where she guided the organization’s technology strategy and researched the impact of emerging technologies on the business. Prior to that, Sandy was director of product management at RSA, where she was responsible for the SecurID and Data Protection portfolio. Sandy spent four years as a consultant at @stake, where she conducted application architecture assessments, penetration tests, and code reviews for enterprise customers and recommended risk mitigation strategies based on her findings. Sandy began her career as a software engineer at BBN Technologies and CyberTrust Solutions. Sandy is a coauthor of the Industrial Internet Consortium’s IoT Security Maturity Model and has spoken at RSA Conference, SOURCE Boston, ISSA International, and many other regional security events.

    Sandy has a ScB in mathematics from Brown University and an MBA from the MIT Sloan School of Management.

    Segment Topic:
    Bot Management

    Segment Description:
    Discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem. Review how the bot management marketing is evolving and how WAFs are buying up or partnering with bot management tools to expand their reach.



    News

    Bugs, Breaches, and More!
    If you build it, they will come
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+