From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly #545

Recorded January 25, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Keith Hoodlet
    is the Senior Manager of Global DevSecOps at Thermo Fisher Scientific; Co-Founder of the InfoSec Mentors Project .
  • Carlos Perez
    is currently the Principal Consultant, Team Lead for Research at TrustedSec.
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Announcements

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
    • Check out our friends at ItProTV for an awesome library of OnDemand training head on over to ITPro.TV/securityweekly!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW!

    Interview: Kevin Donovan, ObserveIT - 6:00PM-6:45PM

    Kevin Donovan
    is the Senior Solutions Architect at ObserveIT.

    Kevin is one of ObserveIT’s insider threat experts and a Senior Solutions Architect. He is a Certified Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and is currently working toward his CISSP. Kevin’s responsibilities at ObserveIT center around customer and prospect consultations, deployments, and architecting information security solutions.

    1. How did you get your start in information security?
    2. With all of the protections available today, why is ransomware a threat to the enterprise? Or is it?
    3. What are the weaknesses ransomware preys upon?
    4. What is a tabletop exercise?
    5. Why are they so useful for ransomware?
    6. For practitioners listening, why should they love tabletop exercises and step away from the keyboard?
    7. How do you execute on the lessons learned in tabletop exercises?

    Tech Seg: John Strand, Black Hills Information Security - 6:45-7:45PM

    Title: Critical Security Control Resources

    Critical Security Control Resources: Don't run! No, this will be cool. I promise.
    In this tech segment we will go over a couple of resources from Audit Scripts that will automate the adherence and tracking of control objectives.

    Security News - 7:45PM-8:30PM

    Larry's Stories

    1. More DJI folly

    Jack's Stories

    Joff's Stories

    1. Beware of Cross (Angry?) RATS
    2. Intel Warns Don't install our patch!
    3. Norwegian Healthcare Data Breach
    4. What you need to know about hash length extension attacks

    Keith's Stories

    -1.) Dell Advising All Customers To Not Install Spectre BIOS Updates

    0.) Meltdown and Spectre Patching Has Been a Total Train Wreck

    1.) No Passport or Ticket: How a Woman Evaded Airport Security and Flew to London

    2.) British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears

    3.) SamSam – The Evolution Continues Netting Over $325,000 in 4 Weeks

    4.) Hacker Infects Gas Pumps With Code to Cheat Customers

    5.) OnePlus confirms hack exposed credit cards of phone buyers

    6.) Visa CEO: We won't process transactions in bitcoin, because it's not a payment system

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+