Why cyber hygiene requires curious talent - Clea Ostendorf - ESW #355
Security Weekly Podcast Network (Audio)
Release Date: 03/29/2024
Security Weekly Podcast Network (Audio)
New research estimates the value of Zero Trust. Using the Marsh McLennan Cyber Risk Intelligence Center’s proprietary cyber losses dataset from the past eight years, researchers estimated that overall cyber losses could have been potentially reduced by up to 31% had the organizations widely deployed zero-trust security. This adds up to a projected reduction of up to $465 billion in global annual total economic losses. But Zero Trust projects have struggled due to complexity. Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss the simplicity of Zero...
info_outlineSecurity Weekly Podcast Network (Audio)
Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet, and more on the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineSecurity Weekly Podcast Network (Audio)
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers and all the grep-like tools to find flaws. Louis Nyffenegger describes the steps of a successful code review process. It's a process that starts with understanding code, which can even benefit from an LLM assistant, and then applies that understanding to a search for developer patterns that lead to common mistakes like mishandling data, not enforcing a control flow, or not defending against unexpected application states. He explains how finding...
info_outlineSecurity Weekly Podcast Network (Audio)
Interview with Dave Lewis Organizations believe they have a firm grip on security with SSO and corporate IT policies, but in reality, shadow IT lurks in the background—expanding attack surfaces and exposing sensitive data. Employees bypass security controls for the sake of convenience, while SSO fails to provide the comprehensive security net organizations expect. Talk about the critical weaknesses in traditional SSO implementations, how shadow IT thrives under the radar, and why enterprises continue to experience data breaches despite security investments. Can cover real-world examples of...
info_outlineSecurity Weekly Podcast Network (Audio)
Broadcom is coming for you, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and More on this episode of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineSecurity Weekly Podcast Network (Audio)
This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber warfare, the persistent threat of default passwords, and the integration of open source tools in enhancing security measures. The conversation delves into various aspects of cybersecurity, focusing on aircraft tracking, data filtering, the evolution of vulnerability management, and the role of AI in enhancing security...
info_outlineSecurity Weekly Podcast Network (Audio)
In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization, particularly with the CFO, to manage budgets effectively. The conversation also covers the significance of communicating security needs in terms of compliance and customer requirements, maximizing budget through flex spending, and the role of automation and AI in enhancing security operations. Additionally, they...
info_outlineSecurity Weekly Podcast Network (Audio)
In this episode of Security Weekly News, Doug White discusses various cybersecurity threats, including the Salt Typhoon and Spark Kitty malware, the implications of Microsoft's decision to drop support for old hardware drivers, and the potential increase in cyber threats from Iran. The conversation also covers the alarming 16 billion password leak and the evolving landscape of password security, including the rise of passkeys and the challenges posed by AI in misinformation and social engineering. Visit for all the latest episodes! Show Notes:
info_outlineSecurity Weekly Podcast Network (Audio)
Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help guide a fuzzer into using better inputs for its testing. Resources Visit for all the latest episodes! Show Notes:
info_outlineSecurity Weekly Podcast Network (Audio)
In fast-paced, shared device environments like healthcare, manufacturing, and other critical industries, traditional access management approaches are falling short, quietly eroding both security and productivity. This episode explores how outdated methods, like shared credentials and clunky logins, create friction, increase risk, and undermine compliance. We’ll discuss what a modern, strategic access management approach looks like and how passwordless authentication solutions are closing the gap between security and usability. To learn more about passwordless authentication in healthcare and...
info_outlineMany years ago, I fielded a survey focused on the culture of cybersecurity. One of the questions asked what initially drew folks to cybersecurity as a career. The most common response was a deep sense of curiosity. Throughout my career, I noticed another major factor in folks that brought a lot of value to security teams: diversity.
Diversity of people, diversity of background, and diversity of experience. I've seen auto mechanics, biologists, and finance experts bring the most interesting insights and forehead-slapping observations to the table. I think part of the reason diversity is so necessary is that security itself is incredibly broad. It covers everything that technology, processes, and people touch. As such, cybersecurity workers need to have a similarly broad skillsets and background.
Today, we talk to someone that embodies both this non-typical cybersecurity background and sense of curiosity - Clea Ostendorf. We'll discuss:
- The importance for organizations to actively seek and welcome curious newcomers in the security field who may not conform to traditional cybersecurity norms.
- Strategies for organizations to foster an environment that encourages individuals with curiosity, motivation, and a willingness to challenge conventional norms, thereby promoting innovative thinking in addressing security risks.
Segment Resources:
Evolving Threats from Within - Insights from the 2024 Code42 Data Exposure Report
This week, in the enterprise security news:
- Early stage funding is all the rage
- AI startups continue to pop out of stealth
- The buyer's market continues with more interesting acquisitions
- Purpose-built large language models for security
- Benchmarking LLMs for security
- GoFetch? More like... Get outta here (I couldn't think of anything clever)
- Crowdstrike and NVIDIA team up
- Why do people trust AI?
- What do Google Sheets and Carlos Sainz Jr. have in common?
All that and more, on this episode of Enterprise Security Weekly!
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-355