An Infinite Door - Paul's Security Weekly #576
Security Weekly Podcast Network (Audio)
Release Date: 09/22/2018
Security Weekly Podcast Network (Audio)
Jason Healey comes on the show to discuss new ideas on whether the new national cybersecurity strategy is working. Segment Resources: DEFRAG Hacker Film Festival short documentary () on hackers and their favorite films. For educational purposes only, as we don’t have the rights to the clips. YouTube link to Wargames event with Jen Easterly, Matt Devost, Amelia Koran and Kevin Huyck (head of ops for NORAD) (https://youtu.be/iqx6STDYJ7c?si=73WQtSG4RnCGsBcT). The PSW crew discusses some crypto topics, such as post-quantum and GoFetch, new Flipper Zero projects, RFID hacking and hotel...
info_outline Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more - SWN #372Security Weekly Podcast Network (Audio)
Patrick Stewart, Colorama, Strelastealer, CVSS scores, CHUDS, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Apps Gone Wild: Re-thinking App and Identity Security for SaaS - Guy Guzner - BSW #343Security Weekly Podcast Network (Audio)
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?” This segment is sponsored by Savvy. Visit to learn more about them! In the leadership and communications section,...
info_outline Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278Security Weekly Podcast Network (Audio)
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Benedek Gagyi chats with us about the impact of the user experience (UX) on security and why it's not only important to understand how to make a user's life easier, but in defining who that user is in the first place. Segment resources: The GoFetch side channel in Apple CPUs, OpenSSF's plan for secure software developer education, fuzzing vs. formal verification as a security strategy, hard problems in...
info_outline Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354Security Weekly Podcast Network (Audio)
While awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs. Segment Resources: This segment is sponsored by Graylog. Visit to learn more about API security! In the enterprise security news, Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand...
info_outline Robots, UDP, GoFetch, DCs, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More - SWN #371Security Weekly Podcast Network (Audio)
Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Securing All The Things - Josh Corman - PSW #821Security Weekly Podcast Network (Audio)
Josh Corman joins us to explore how we can make things more secure, making companies make things more secure, and making regulations that make us make things more secure! We will also touch on supply chain security and the state of vulnerability tracking and scoring. We discuss the always controversial Flipper Zero devices the hidden risks in the undersea cables, and the landscape of government oversight, revealing the intricacies of CVE, KEV, and NVD systems that are the linchpins of our digital safety. The conversation takes a turn to the practicalities of risk management and the impact of...
info_outline Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Phishing, Josh Marpet, and More - SWN #370Security Weekly Podcast Network (Audio)
Sick Jokes, WEBGPU, Fortra, Azorult, Fujitsu, Conversation Overflow, Phishing, Josh Marpet, and more on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277Security Weekly Podcast Network (Audio)
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the first steps, it's going to be an early one. What decisions can you make at the start that will benefit the program in the years that follow? What does an appsec program look like at a small scale? Segment Resources: "Cybersecurity for Nonprofits", Insecure defaults and insecure design in smart locks, FCC adopts Cyber Trust Mark labels for IoT...
info_outline How The Evolving Threat Landscape Drives Innovation In Cybersecurity - Tom Parker, Dave Dewalt - BSW #342Security Weekly Podcast Network (Audio)
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about: The evolving threat landscape, including impacts of Artificial Intelligence The latest cybersecurity innovation, including what's working and what's NOT working The impact of budgets on buying decisions, including whether...
info_outlineThis week, Paul interviews Mike Ahmadi, Global Director of IoT Security Solutions at DigiCert! Apollo Clark delivers the Technical Segment on Threat Hunting in the Cloud! In the Security News this week, Senate can't protect senators staff from Cyber Attacks, Equifax fined by ICO over data breach that hit Britons, US judge allows e-voting despite hack fears, Zero Day in Internet connected cameras, US Military given the power to hack back and defend forward, and AmazonBasics Microwave works with Alexa!
Presentation Link: https://www.slideshare.net/ApolloClark/threat-hunting-in-the-cloud
Project: https://github.com/apolloclark/tf-aws
Commands: https://gist.github.com/apolloclark/35cb4a7501ac41df763bc45860fbd406
Full Show Notes: https://wiki.securityweekly.com/Episode576
Visit https://www.securityweekly.com/psw for all the latest episodes!
→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!
→Follow us on Twitter: https://www.twitter.com/securityweekly
→Like us on Facebook: https://www.facebook.com/secweekly