Episode545

From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #545

Recorded January 25, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  •  
    Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  •  
    Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  •  
    Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  •  
    Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  •  
    Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
    • Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!


    Interview: Kevin Donovan, ObserveIT - 6:00PM-6:45PM

     
    Kevin Donovan
    is the Senior Solutions Architect at ObserveIT.

    Kevin is one of ObserveIT’s insider threat experts and a Senior Solutions Architect. He is a Certified Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and is currently working toward his CISSP. Kevin’s responsibilities at ObserveIT center around customer and prospect consultations, deployments, and architecting information security solutions.

    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Tech Seg: John Strand, Black Hills Information Security - 6:45-7:45PM

    Title: Critical Security Control Resources

    Critical Security Control Resources: Don't run! No, this will be cool. I promise.
    In this tech segment we will go over a couple of resources from Audit Scripts that will automate the adherence and tracking of control objectives.
    Links:
    https://www.youtube.com/watch?v=O_HyZ5aW76c

    Security News - 7:45PM-8:30PM