Halloween City - Enterprise Security Weekly #113
Security Weekly Podcast Network (Audio)
Release Date: 11/02/2018
Security Weekly Podcast Network (Audio)
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams. This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021...
info_outline PCI 4.0 - Winn Schwartau - PSW #825Security Weekly Podcast Network (Audio)
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that...
info_outline Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378Security Weekly Podcast Network (Audio)
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281Security Weekly Podcast Network (Audio)
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadth and depth of security engineering and ways to build the skills that will help you in your appsec career. Segment resources: A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end...
info_outline From Idea to Success: How to Operationalize a Startup from Zero to Exit - Seth Spergel - BSW #346Security Weekly Podcast Network (Audio)
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well. In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like....
info_outline Combadges, SISENSE, Microsoft, CISA, Lastpass, Palo Alto, Broadband, Aaran and More - SWN #377Security Weekly Podcast Network (Audio)
Combadges, SISENSE, Microsoft, Malware Next-Gen, Lastpass, Palo Alto, Broadband, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Understanding KillNet and Recent Waves of DDoS Attacks - Michael Smith - ESW #357Security Weekly Podcast Network (Audio)
In the days when Mirai emerged and took down DynDNS, along with what seemed like half the Internet, DDoS was as active a topic in the headlines as it was behind the scenes (). We don't hear about DDoS attacks as much anymore. What happened? Well, they didn't go away. DDoS attacks are a more common and varied tool of cybercriminals than ever. Today, Michael Smith is going to catch us up on the state of DDoS attacks in 2024, and we'll focus particularly on one cybercrime actor, KillNet. Segment Resources: - I know the title makes this blog post sound rather basic, but it will get you up to...
info_outline Digging Into Supply Chain Security - James McMurry - PSW #824Security Weekly Podcast Network (Audio)
Jim joins the Security Weekly crew to discuss all things supply chain! Given the recent events with XZ we still have many topics to explore, especially when it comes to practical advice surrounding supply chain threats. Ahoi new VM attacks ahead! HTTP/2 floods, USB Hid and run, forwarded email tricks, attackers be scanning, a bunch of nerds write software and give it away for free, your TV is on the Internet, Rust library issue, D-Link strikes again, EV charging station vulnerabilities, and rendering all cybersecurity useless. Visit for all the latest episodes! Show Notes:
info_outline Dronepocalypse, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet - SWN #376Security Weekly Podcast Network (Audio)
Dronepocalypse, Privacy, Microsoft, DLINK, Home Depot, Phishing, NIST, VenomRat, Josh Marpet, and more, are on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280Security Weekly Podcast Network (Audio)
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software. It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what...
info_outlineThis week, Matt Alderman is in studio to interview Ian McShane, VP of Product Marketing at Endgame! In the Enterprise News this week, LogRhythm advances NextGen SIEM security platform with SOAR, Ping Identity launches a Quickstart private sandbox, McAfee takes a big step in the cloud, Endgame improves Endpoint Security with Total Attack Lookback, and we have some acquisition updates from IBM, Red Hat, Neustar, and more!
To learn more about Endgame, go to: https://www.endgame.com
Full Show Notes: https://wiki.securityweekly.com/ES_Episode113