Difference between revisions of "ESWEpisode168"

From Paul's Security Weekly
Jump to: navigation, search
(Hosts)
(Episode Audio)
 
Line 2: Line 2:
  
 
==Episode Audio==
 
==Episode Audio==
<!--
+
 
 
<div align="center">  
 
<div align="center">  
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=632536179
+
|id=744285571
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 12: Line 12:
 
}}
 
}}
 
</div>
 
</div>
-->
+
 
 
==Hosts==
 
==Hosts==
 
{{Template:Paul}}
 
{{Template:Paul}}

Latest revision as of 17:01, 3 February 2020

Recorded January 15, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Enterprise News

    1. Up Your Vulnerability Prioritization Game with Tenable Lumin for Tenable.sc
    2. How to Create Easy and Open Integrations with VMRays REST API - VMRay
    3. Neustar offers companies a flexible customer identity authentication solution - Help Net Security
    4. Zimperium integrates with Microsoft Defender Advanced Threat Protection EDR - Help Net Security
    5. PacketViper Deception360 now available for Microsoft Azure - Help Net Security
    6. Synopsys, Inc.s Acquisition Of Tinfoil Security Global Legal Chronicle
    7. Say Goodbye to Windows Server 2008 and Hello to Azure?


    Interview: Mark Orlando, Bionic Cyber

    Mark Orlando is the Founder & CEO at Bionic Cyber
    Mark started his security career in 2001 as a Security Analyst, and since then has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers, and numerous financial sector and Fortune 500 clients. Mark is constantly working on new projects to improve defensive security through automation and other short cut-y things so defenders can be more agile and creative. Today he is the CEO of Bionic, a company he co-founded to bring advanced "1%" secops capabilities to the 99%, and is an instructor for SANS SEC450: Blue Team Fundamentals.

    Segment Topic:
    Outdated defense approaches and the need to revisit traditional thinking about security operations in the enterprise

    Segment Description:
    In today’s talent and budget-constrained environment, many organizations can’t afford a 24/7 security operations team to defend their enterprise. Even equipped with a SOC, defenders struggle mightily with bias, alert fatigue, turnover, and other issues that result in waste and inefficiency. We have to revisit the notion that "good security" means a bolted-on monitoring team and unsustainable investments in point products.

    Segment Resources:
    https://bioniccyber.com, which includes a link to our Github site where we post various tools and other resources for defenders. I also want to encourage people to check out SANS' growing blue team curriculum, specifically SEC450 for newer SOC analysts, since I think it addresses many of the things about SOC work we need to change.


    Interview: Ward Cobleigh, VIAVI

    Ward Cobleigh
    is the Product Line Manager for VIAVI.
    Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.

    Segment Topic:
    VISA Security Alerts - What we can learn, and what we can do

    Segment Description:
    The recent VISA security alerts highlight the need for ongoing network monitoring and the ability to react quickly to specific indicators of compromise (IOCs). How flow and wire data can flag malicious behaviors and identify breach scope and impact.

    Segment Resources: