ES Episode85


Enterprise Security Weekly #85

Recorded March 28, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Annoucements:

    • Go to and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at:
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to and register using the code SW75WMKW to get a $75 discount!
    • Visit to register for our next webcast “Detecting Malicious Domains” hosted by myself and Keith Hoodlet. Tim Helming of DomainTools joins us to show you how to interpret each of the many data points related to a domain. @Wednesday, April 4th 3:00-4:00pm ET

    Enterprise Security News

    Topic: The Pheonix Project Book Review For Enterprise Security Professionals

    I've just finished reading this book (again) and found it even better the second time around. There are some things you should know going into it:

    1. Many say you should read "The Goal" by Eliyahu M. Goldratt and Jeff Cox
    2. You should also read The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations (I have not yet)
    3. Security is all about process, and these books will help you truly understand how process works, taking pages right out of lean manufacturing
    4. It helped me realize a few things:
      1. Choosing which work to start on first is one of the most critical steps
      2. Making sure you have all the requirements and materials before you start is a must
      3. The four different types of work
      4. The firefighting type of work is the worst
      5. I've worked with all the characters in the book (in my mind)
      6. I have already made process improvements as a result
      7. I feel I better understand Devops and can lead my team more effectively now that I understand the goals of Devops in context

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+