John Aron, letters of marque, what does a "junior" job look like with AI?
Release Date: 09/03/2023
Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!
BrakeSec Education Podcast
Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails’ Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can’t reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/ How are you seeing things...
info_outline
Josh Grossman - building Appsec programs, bridging security and developer gaps
BrakeSec Education Podcast
Youtube VOD: #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis Questions and topics: 1. The background to the topic, why is it something that interests you? How do you convince developers to take your course? 2. What do you think the root cause of the gap is? 3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?) 4. Where do gaps begin? Is it the ‘need’ to ‘move fast’? 5. What can devs do to involve security in their process?...
info_outline
Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox
BrakeSec Education Podcast
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers. Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with we did last night on . Join Mary and I as we discuss...
info_outline
p2-accidentalCISO, building trust in new places
BrakeSec Education Podcast
Full Youtube VOD: Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What worked? What didn't? What would you have done differently? Do you emulate your manager's style? What have been your go-to management resources? What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership? Topic #2: building/Operating SaaS products (we can discuss securing them, what functions...
info_outline
AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec
BrakeSec Education Podcast
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers. Recorded: 28 Jan 2024 Youtube VOD: https://youtube.com/live/uX7odQTBkyQ Questions and topics: Let’s talk about Mindful Business Podcast What’s the topics you cover? Topic #1: discuss your experiences when you were a new leader. What...
info_outline
1st show of 2024! Our 10th Anniversary...
BrakeSec Education Podcast
It's our 10th anniversary and the first show of our 2024 season! Amanda was on "7 minute security" Check out the complete VOD at Explicit language warning
info_outline
Brakesec Call to Action 2023
BrakeSec Education Podcast
Youtube Video: is the link to the survey. Your information (should you choose to identify yourself) will not be shared outside of the BrakeSec Team. Thank all of you for listening and for your input. RSS feed for the audio podcast is at website:
info_outline
How to get more headcount, BLUFFs Vulnerability, and Ranty Clause debuts!
BrakeSec Education Podcast
Show Topic Summary: Ms. Berlin proposes a question of how to gather more headcount with metrics, we discuss the BLUFFS bluetooth vulnerability, and “Ranty Claus” talks about CISA’s remarks of putting the onus on device product makers to remove choice for customers and implement secure defaults. #youtube VOD: Questions and topics: Additional information / pertinent LInks (Would you like to know more?): Examples of companies forcing changes - eBPF implementation in Rust Show points of Contact: Amanda...
info_outline
25Oct - okta breached (again), Energy company hit by supply chain attack, and you can help hire the best people
BrakeSec Education Podcast
Subscribe on Twitch using Amazon Prime and watch us live: https://twitch.tv/brakesec Check out our VODs on Youtube: Join the BrakeSecEd discord: News:
info_outline
Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs
BrakeSec Education Podcast
Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers. Guest Bio: Nicole is the Chief Product Officer at Axio. Nicole has spent her career building awareness around the benefits of usable security and human-centered security as a way to increase company revenue and create a seamless user experience. Youtube VOD Link: Questions and...
info_outlineDisclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers.
Guest Bio: John is the CEO of Aronetics. An avid climber and runner, John has spoken at many conferences about topics like ZeroTrust, BIOS/UEFI security, communication security, and malware. Aronetics is a technology-enabled service provider.
Youtube VOD: https://youtube.com/live/5dIVTwVZLAU
Linkedin VOD: https://www.linkedin.com/video/live/urn:li:ugcPost:7101738254823030784
Show Topic Summary:
John joins us to discuss “letters of Marque” in an effort for hackers to ‘hack back’... the overreliance on automation, and communication siloes. We also talk about what a ‘junior position’ in infosec looks like with AI doing all the “Level 1 SOC Analyst” type roles normally given to someone fresh to the security industry.
Questions and topics:
-
Is infosec over reliant on automation? Automation comes with its own challenges.
-
Documentation woes
-
Automation is usually found in userland
-
Aronetics’ Thor provides defense and counter-offense tamper-proof technology digitally tied to
Letter of Marque - good idea, or geopolitical disaster waiting to happen?
Siloes and communication -best ways to overcome those in an org and outside?
How do we overcome siloing?
Overcoming security challenges?Identity management - 2FA is everywhere, there’s already ways around 2FA, so what now? 3FA? Biometrics? Make everyone carry around physical tokens that we can lose?
Blog post: https://www.aronetics.com/post-quantum-cryptography/
What do we need to protect against? Nation states with quantum computers? Rubber hose cryptography?
Crime thrives in areas of low visibility. https://www.aronetics.com/unknown/
https://www.aronetics.com/inside-the-breach/ (threat detection - the crime thrives in low vis areas)
Show points of Contact:
Brakesec Website: https://www.brakeingsecurity.com
Youtube channel: https://youtube.com/c/BDSPodcast
Twitch Channel: https://twitch.tv/brakesec
Amanda Berlin: @[email protected] (Mastodon) @hackershealth
Brian Boettcher: @boettcherpwned
Bryan Brake: @bryanbrake on Mastodon.social