From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358
Security Weekly Podcast Network (Audio)
Release Date: 04/18/2024
Security Weekly Podcast Network (Audio)
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283Security Weekly Podcast Network (Audio)
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are companies still figuring out supply chain, but now they're bracing for the coming of genAI and how that will just further highlight the current struggles they're having with data security and data privacy. Segment Resources: Complete Survey Results: The Growing Complexity of Securing the Software...
info_outline Meet Silver SAML: Golden SAML in the Cloud - Eric Woodruff - BSW #348Security Weekly Podcast Network (Audio)
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce. Segment Resources: This segment is sponsored by Semperis. Visit to learn more about them! In the leadership and communications...
info_outline TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381Security Weekly Podcast Network (Audio)
TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826Security Weekly Podcast Network (Audio)
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions. This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for...
info_outline Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359Security Weekly Podcast Network (Audio)
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to...
info_outline Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380Security Weekly Podcast Network (Audio)
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282Security Weekly Podcast Network (Audio)
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec community motivated him to create Crash Override and help projects like ZAP gain the support they deserve. Segment resources: CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining...
info_outline What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347Security Weekly Podcast Network (Audio)
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementation timelines Best practices to prepare Segment Resources: The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at...
info_outline Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379Security Weekly Podcast Network (Audio)
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineProtecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level.
In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams.
This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million???
Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively)
Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Technologies, and Simbian all raise smaller seed, A, or B rounds.
Akamai picks up API security startup, Noname Security, Zscaler picks up Airgap networks, and it's rumored that Armis will acquire Silk Security for $150M.
LimaCharlie seems to be doing some vertical growth, adding its own response and automation capabilities (what they call "bi-directional" capabilities). CISA releases a malware analysis system to the general public. Boostsecurity.io releases "poutine", an open source CI/CD pipeline vulnerability scanner.
Some great essays this week, with Phil Venables' Letter from the Future, Ben Hawkes' Robots Dream of Root Shells, and Aileen Lee's 10 year Unicorn anniversary piece.
We briefly discuss the 3rd party breach that affected Cisco Duo customers, and the financial impact of Change Healthcare's highly disruptive ransomware incident.
Finally, we talk about the latest research on the security of LLMs and the apps using them. It's not looking great.
For more details, check out the show notes here: https://www.scmagazine.com/podcast-episode/3188-enterprise-security-weekly-358
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-358