Backup and recovery, Cybersecurity Asset Management, Cloud security, Bug bounties, Configuration management

SCW #4

November 11, 2019

 

 

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Bridging Compliance pt 1

 

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Ron Ross

Ron Ross – Fellow

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Bridging Compliance pt 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Ron Ross

Ron Ross – Fellow

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

There are a lot of ways to measure/assess the level of organizational maturity of security programs. But, how do you mature your organization? We will discuss practical steps, like prioritizing the to-do list, the balance between people, process, and technology, as well as the balance between policies, standards, procedures vs. technical controls, to develop a pragmatic approach to mature your cybersecurity program. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Pragmatic Approaches to Cybersecurity Maturity, Part 1

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed… How To Effectively Prioritize & Remediate Vulnerabilities! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

The SCW Hosts continue the conversation about how to create pragmatic approaches to maturing your cybersecurity program. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Pragmatic Approaches to Cybersecurity Maturity, Part 2

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

Recent criminal charges against the CSO and CEO of Uber. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Uber Indictments, Part 1

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Recent criminal charges against the CSO and CEO of Uber. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Uber Indictments, Part 2

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess

Announcements

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network, Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/ekran for more information!

Ekran System is a universal insider threat protection platform that combines three essential insider security controls: activity monitoring, access management, and identity management. Functionality is provided in a single universal software platform delivering light-weight agents for all types of endpoints. This segment is sponsored by Ekran System.

Visit https://securityweekly.com/ekran to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Ekran System & Universal Insider Threat Protection – Part 1

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Oleg Shomonko

Oleg Shomonko – Head of Business Development, Co-founder

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

Sponsored By

sponsor
Visit https://securityweekly.com/ekran for more information!

Ekran System is a PCI DSS compliance solution that helps you comply with key industry rules and requirements and protect your company from insider threats. This segment is sponsored by Ekran System.

Visit https://securityweekly.com/ekran to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Ekran System & Universal Insider Threat Protection – Part 2

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Oleg Shomonko

Oleg Shomonko – Head of Business Development, Co-founder

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network, Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

David asserts that, from a consumer data and SMB perspective, we’ve already lost the Cybersecurity War on 2 major fronts. 1) Cybercriminals already have our unalterable PII, yet we’re still driving regulations and developing tools to protect it. 2) SMBs are the hardest hit / hardest affected by cybercriminality, yet cybersecurity service providers largely ignore this market. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

How We Lost the Cybersecurity War (and What Happens Next) – Part 1

Governing Goliath YouTube Channel: https://www.youtube.com/channel/UC74_1yQhL6lFnnhOR5uXGGg Jot & Tiddle Comics: https://jotandtiddle.com

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

David King

David King – Founding Member / Owner

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

David asserts that, from a consumer data and SMB perspective, we’ve already lost the Cybersecurity War on 2 major fronts. 1) Cybercriminals already have our unalterable PII, yet we’re still driving regulations and developing tools to protect it. 2) SMBs are the hardest hit / hardest affected by cybercriminality, yet cybersecurity service providers largely ignore this market. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

How We Lost the Cybersecurity War (and What Happens Next) – Part 2

Governing Goliath YouTube Channel: https://www.youtube.com/channel/UC74_1yQhL6lFnnhOR5uXGGg Jot & Tiddle Comics: https://jotandtiddle.com

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

David King

David King – Founding Member / Owner

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/aptible for more information!

Tax season happens once a year but audit preparation can happen multiple times per year for most companies dealing with SOC 2, HIPAA, ISO 27001, PCI, and more. Manual evidence collection, user access reviews, mapping controls to policies to frameworks; it’s no wonder PTO time usually comes right after the audit period. Let’s talk about how to really use automation within your existing systems to streamline audit preparation and reduce the manual work for your security, engineering, and legal teams.

This segment is sponsored by Aptible.

Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Reducing the Headache of Audit Prep With Automation

Blog article: https://www.aptible.com/blog/simplifying-compliance-management-automated-evidence-collection-dashboards/

Use case page: https://www.aptible.com/use-cases/streamline-audits

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Chas Ballew

Chas Ballew – Co-founder and CEO

Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Priya and the SCW hosts take a look at the upcoming Supreme Court case that could potentially redefine or redirect the scope of the Computer Fraud and Abuse Act (CFAA). Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Legal Review of CFAA Supreme Court Case

https://www.scmagazine.com/home/security-news/cybersecurity-leaders-urge-scotus-to-narrow-cfaa-scope/

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess

Announcements

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration will open soon, but call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session.

  • Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In our next webcast you will learn how to reduce the blast radius of your cloud infrastructure! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/cyrisma for more information!

Do we know where our sensitive data is located? Is the system that hosts this data free from vulnerabilities, and is it securely configured? How do we assign accountability through mitigation plans to meet compliance mandates?

This segment is sponsored by CYRISMA.

Visit https://securityweekly.com/cyrisma to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Data Centric Security

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Liam Downward

Liam Downward – CEO

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

There was a pretty extensive discussion on the Discord server during last week’s show that we thought was appropriate to discuss on air.

Josh kicked off the discussion by asking, “Anybody know any vulnerability remediation timeline guidance? Formalized, scientifically based stuff?”

Josh further clarified, “just trying to find the science behind why and when I should give a crap about vulnerabilities”.

He finally stated, “I am troubled by the lack of empirically based standards of remediation timing, remediation prioritization, remediation adjustment/offsets based on compensating controls.”

This launched a multi-threaded conversation that touched on vulnerability management, how to pass various compliance audits/assessments, the many vendors that have latched on to “prioritization” of vulnerabilities, or simply “Risk-Based Vulnerability Management”.

Of course, PCI became a focal point for much of the discussion because of the mention of vulnerability management, compensating controls, remediation timing, etc. – all of which is addressed within the PCI DSS (despite what Quadling thinks).

We’re going to try to find consensus on the problem, possible solutions (based on recognized sources), and provide advice. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Vulnerability Management & the Art of Prioritization of Risk

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf

https://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management/risk-impact-assessment-and-prioritization

https://gcn.com/blogs/cybereye/2017/07/nist-risk-prioritization.aspx

https://www.tenable.com/blog/5-tips-for-prioritizing-vulnerabilities-based-on-risk

https://www.darkreading.com/vulnerabilities—-threats/vulnerability-management/vulnerability-prioritization-are-you-getting-it-right/a/d-id/1338519

https://securityintelligence.com/articles/how-to-identify-prioritize-and-remediate-your-biggest-security-vulnerabilities/

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Liam Downward

Liam Downward – CEO

Announcements

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session and register for free!

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

How Security & Compliance fails and what to do about it. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Ransomware Attacks

The ransomware attack of UHS last week brought the specter of cyber attacks actually leading to loss of life. We started a discussion last week on Paul’s Security Weekly (https://securityweekly.com/shows/ryuk-ransomware-attack-windows-xp-server-leak-potential-return-to-hackers-psw-668/)
I want to continue the discussion today, and especially take a look at what security and compliance programs can do to help – and/or what do they fail to do to prevent these attacks in the first place.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Kat Valentine

Kat Valentine – Compliance Free Agent (Consultant)

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

We’re going to look back on our favorite episodes of the first year, reflect on how we are doing, solicit feedback from listeners, look ahead to the future/coming year – what to expect. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

SCW’s First Anniversary/Recap

Thanks to all of our amazing guests who made this past year a successful start to Security & Compliance Weekly (I hope I got all of you):

Alexander Niejelow, Ron Ross, Michael Santarcangelo, Russell Mosley, Jim Nitterauer, Mathieu Gorge, Laura Jones, Steve Levinson, Ian Amit, Ben Rothke, Trevor Bryant, Chris Roberts, Winn Schwartau, Matt Allen, David Walter, Chris Golden, Jeffrey Smith, Joe Brinkley, Jake Williams, Ann Cleaveland, Josh Corman, Rob Carey, Chris Patteson, Matt Springfield, Kimber Dowsett, Brian Tremblay, Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper, John Snyder, Jeannette Manfra, Matt Tarr, Priya Chaudhry, Oleg Shomonko (Ekran), David King, Chas Ballew, Liam Downward

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Kat Valentine

Kat Valentine – Compliance Free Agent (Consultant)

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session and register for free!

Mike Brooks will talk to us about his transition from cybersecurity roles in the DoD to roles in the private sector. He currently works as vCISO for Abacode, a company that is providing a next-generation Managed Cybersecurity & Compliance Provider (MCCP) service. Leveraging a unified platform that automates not only security controls but compliance reporting.

Mike will discuss his experiences, his views, and his take on various compliance disciplines, particularly what is required to conduct business with the federal government as well as what lends itself to automation.
Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Turning Cybersecurity Challenges Into a Competitive Advantage

Michael Brooks is a security and compliance executive with over 20 years of experience in developing, implementing, and operating cybersecurity programs for the Department of Defense and private sector clients in numerous industries. He is a retired Air Force officer with experience as both a Chief Information Officer and Chief Information Security Officer. Mike holds an MBA from American Military University and is also a credentialed Certified Information Systems Security Professional (CISSP) and Project Management Professional (PMP).

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Mike Brooks

Mike Brooks – vCISO

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Deadline for CFP is 10/15/20 so get your submissions in! Visit securityweekly.com/unlocked to submit your speaking session and register for free!

While we’re on the topic of doing business with the federal government, we’ll provide an update on the goings on of Cybersecurity Maturity Model Certification (CMMC). We’ve invited Mike Brooks to stay with us for this conversation to talk about the status, success, (failure?) of this new program designed to provide a maturity path for cybersecurity programs of organizations wishing to conduct business with the federal government. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

CMMC

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Mike Brooks

Mike Brooks – vCISO

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/rsasecurity for more information!

2020 has been the perfect storm for risk management planners and practitioners. Steve Schlarman, Director of Product Marketing and GRC Strategist for RSA Archer will provide anecdotes and lessons learned about how Risk management programs have been challenged this year, and how they need to adapt moving forward.

This segment is sponsored by RSA Security.

Visit https://securityweekly.com/rsasecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Integrated Risk Management & Operational Resiliency

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Steve Schlarman

Steve Schlarman – Integrated Risk Management Strategist

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information via forms. As the web app’s front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

How Backdoors Lead To Breaches & GRC Compliance Issues

White paper: “How Backdoors In Client-side of Web Applications Can Lead To Breaches and GRC Compliance Issues: https://www.feroot.com/resources/how-backdoors-in-client-side-web-applications-can-lead-to-breaches-and-grc-compliance-issues

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

David Mundhenk

David Mundhenk – Principal Security Consultant

Ivan Tsarynny

Ivan Tsarynny – Co-Founder and CEO

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

An introduction to CyberGRX and how to get companies working together safely and efficiently. Topics:
– Third-party risk management and importance for your organization
– The nature of bilateral relationships between vendors and enterprises
– The evolution of PCI assessments

This segment is sponsored by CyberGRX.

Visit https://securityweekly.com/cybergrx to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Third Party Risk Assessment: What’s in Your Supply Chain?

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Frank Price

Frank Price – VP of Product

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Security monitoring tends to be a topic that companies either avoid, because it sounds too complicated or they tried it and were inundated with data. With proper tuning and asset clarification, security monitoring can save companies money, time and resources. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Logging, Monitoring, and SIEM, Oh My!

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Alain Espinosa

Alain Espinosa – Director of Security Operations

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

prestitial ad