SCW #2 | SC Media
Backup and recovery, Cybersecurity Asset Management, Configuration management, Attack simulation, Deception, Blue team

SCW #2

November 7, 2019

 

 

New York’s Breach Law Amendments and New Security Requirements, Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability, Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients, Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches, The Human Factor of Cyber Security, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security and Compliance News

Jeff’s Stories

  1. New York’s Breach Law Amendments and New Security Requirements
  2. Cybersecurity, The C-Suite, & The Boardroom: The Rising Specter Of Director & Officer Liability
  3. Kaiser says data breach exposed information on nearly 1,000 Sacramento-area patients
  4. Companies Still Not Prepared to Comply with GDPR and Potential EU Data Breaches
  5. The Human Factor of Cyber Security

Matt’s Stories

  1. Cyber Risks Force Banks to Rethink Vendor Relationships
  2. THE OFAC COMPLIANCE FRAMEWORK: ELEMENT 1 – MANAGEMENT COMMITMENT
  3. FFIEC Issues Press Release on Cybersecurity Preparedness Assessments (and Muddies the Waters)
  4. What Indicators Can I Reference to Gauge My Organization’s Security Posture?
  5. Court of Justice of the EU: Detailed Consent Needed for Cookies
  6. PCI Security Standards Council Launches New Assessor Qualification Program to Support The PCI Software Security Framework

Josh’s Stories

PSD2 and Tech Giants. Who will win this battle?

Scott’s Stories

  1. CCPA could cost compaines 55 billion
  2. American express insider breaches cardholder information
  3. Common pitfalls of security monitoring

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

Alexander Niejelow is the Senior Vice President, Cybersecurity Coordination and Advocacy at Mastercard. The Cybersecurity Talent Initiative is the first-of-its-kind public-private partnership aimed at recruiting and training a world-class cybersecurity workforce. The program is a selective opportunity for students in cybersecurity-related fields to gain vital public and private sector work experience and even receive up to $75,000, inclusive of tax, in student loan assistance.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cybersecurity Talent Initiative

  • Participants selected for the program will be guaranteed a two-year placement at a federal agency with cybersecurity needs. Before the end of their federal service, participants will be invited to apply for full-time positions with the program’s private sector partners. Participants hired by these companies will also receive student loan assistance.
    By working for some of the most important federal organizations and cutting-edge private sector companies, participants develop the skills and knowledge needed to protect our country’s digital infrastructure and tackle global cybersecurity threats.


Segment Resources:

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Alexander Niejelow

Alexander Niejelow – Senior Vice President, Cybersecurity Coordination and Advocacy

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks – how to navigate compliance to promote security; for compliance folks – to expose them to the depth of research/knowledge/capabilities of the hacker community.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Where do you Stand?

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Winn Schwartau

Winn Schwartau – Chief Visionary Office

The goal of the show is to explore all the attitudes and impressions between security and compliance regardless of where you stand. for security folks – how to navigate compliance to promote security; for compliance folks – to expose them to the depth of research/knowledge/capabilities of the hacker community.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Where do you Stand? Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Winn Schwartau

Winn Schwartau – Chief Visionary Office

Compliance requirements and SecOps frameworks like NIST – checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

A holistic view of meeting compliance requirements – Part 1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Matt Allen

Matt Allen – Senior Solutions Engineer

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

Compliance requirements and SecOps frameworks like NIST – checking boxes rather than a ‘holistic’ view? The vendor eco-system feeding on checking boxes (of which we are one, we HAVE to be.) RSA’s theme this year: ‘the human factor’. Are CFOs driving technical decisions that put SecOps teams underwater? Investing in Protect vs. Detect vs. Responding tools/resources

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

A holistic view of meeting compliance requirements – Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Matt Allen

Matt Allen – Senior Solutions Engineer

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

Customer perspective on the three topics discussed with RSA in first segment
Also:
-What is your view of security vs. compliance vs. risk?
-What drives your security program initiatives?
-What are the biggest challenges in administering a security program?

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Compliance Risk Challenges

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

David Walter

David Walter – Vice President, RSA Archer and RSA Cloud

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

Customer perspective on the three topics discussed with RSA in first segment Also:
-What is your view of security vs. compliance vs. risk?
-What drives your security program initiatives?
-What are the biggest challenges in administering a security program?

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Nemours Use Of RSA Archer To Manage Compliance Risk

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Kevin Haynes

Kevin Haynes – Chief Privacy Officer

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

Chris Golden, Board Member for the Accreditation Body, will answer questions surrounding the DOD’s release of the CMMC program to keep the amount of false information to a minimum.

To view the CMMC Model, visit:
https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

CMMC – Part 1

Intro to Chris Golden, CMMC Advisory Board
Co-Chair, Infrastructure Committee
Co-Chair, Finance Committee
Board of Directors
Bio/Intro – A little about Chris, his background, what got him into this space
Overview of CMMC
– background
– what it is, origins, genesis, etc.
– how did it come about
– what is Confidential Unclassified Information (CUI)
– what it looks like (the model)
– capability domains
– processes
– practices
– what are the goals

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Chris Golden

Chris Golden – Member, Board of Directors

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering – a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

Chris Golden, Board Member for the Accreditation Body, continues the conversation surrounding the DOD’s release of the CMMC program to keep the amount of false information to a minimum.

To view the CMMC Model, visit:
https://www.acq.osd.mil/cmmc/docs/CMMC_v1.0_Public_Briefing_20200131_v2.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

CMMC – Part 2

What to Expect from CMMC (“Marketing Pitch”)
– structure of the program
– how it will work
– role of the Accreditation Body
– what’s a C3PAO?
– how to get involved
– how to prepare
– implementation
– resolving disputes/enforcement
– how will it revolve
Q&A

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Chris Golden

Chris Golden – Member, Board of Directors

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering – a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

This week, we welcome Jeffrey Smith, Managing Partner at Cyber Risk Underwriters, to sell us Cyber Insurance, and how he wants to take on the skeptics (e.g. the SCW hosts) about the role that Cyber Insurance plays in security!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cyber Insurance

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jeffrey Smith

Jeffrey Smith – Managing Partner

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering – a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

Jeffrey Smith joins us in looking at how cyber insurance is playing out in the real world – or at least how it’s showing up in the news.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cyber Insurance News

#[https://www.insurancejournal.com/news/national/2020/01/10/553699.htm Insurance Journal’s Top 10 Cyber Insurance Stories of 2019]
#[https://www.securingindustry.com/pharmaceuticals/merck-battles-with-insurers-over-1-3bn-cyber-attack-payout/s40/a11069/ Merck battles with insurers over $1.3bn cyber-attack payout]
#[https://www.nytimes.com/2019/04/15/technology/cyberinsurance-notpetya-attack.html Big Companies Thought Insurance Covered a Cyberattack. They May Be Wrong.]
#[https://www.abi.org.uk/news/news-articles/2019/08/cyber-insurance-payout-rates-at-99-but-uptake-still-far-too-low/ Cyber insurance payout rates at 99%, but uptake still far too low]
#[https://www.cpomagazine.com/cyber-security/cyber-insurance-you-get-what-you-pay-for/ Cyber Insurance: You Get What You Pay For]
#[https://www.sentinelone.com/blog/cyber-insurance-information-security-is-infosecs-criticism-of-cyber-insurance-fair/ Cyber Insurance & Information Security | Is InfoSec’s Criticism of Cyber Insurance Fair?]

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jeffrey Smith

Jeffrey Smith – Managing Partner

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering – a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

We’re talking to our host and benefactor about his vision for Security Weekly Productions and how Security & Compliance Weekly fits into the mix.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

State of the Union

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now at Disney’s Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

This week in the Security and Compliance News, Back to basics: The GDPR and PCI DSS, Why Compliance is for Guidance, Not a Security Strategy, Cognizant hit by ‘Maze’ ransomware attack, Audits Don’t Solve Security Problems, Contact Tracing Apps Attempt to Balance Necessary Public Health Measures With User Privacy, and more!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Compliance News

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now at Disney’s Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

This week, we welcome Joe Brinkley, Director Offensive Security at ACTIVECYBER, to discuss Cyber and Disabilities! We’re taking a different angle on compliance today; talking to Joe Brinkley, the “Blind Hacker”!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cyber and Disabilities Pt.1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Joe Brinkley

Joe Brinkley – Director Offensive Security

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now at Disney’s Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

We continue the discussion with TheBlindHacker, Joe Brinkley. The Blind Hacker is an InfoSec enthusiast, hacker, mentor, pen tester, red team member, and much more. Among these many roles, the role that he feels is of absolute importance is making time to mentor others online (e.g. through streams and online communities). Furthermore, he frequently volunteers his time in the realm of workplace development by providing resume reviews and job advice (e.g. via mock interviews and professional workshops to help lead people into the roles they want).

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Cyber and Disabilities Pt.2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Joe Brinkley

Joe Brinkley – Director Offensive Security

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your “interests” so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now at Disney’s Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We’re committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

Security, Compliance, and Breach News!Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

PCI: A New Hope

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Today we will discuss the PCI DSS and some of its myths, misunderstandings, and misconceptions, including: Why most vendors don’t understand how their products fit within PCI, The six overall goals of the PCI DSS, Why PCI is perceived as a check box program, and more!
Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

The Rise of PCI

The six overall goals of the PCI DSS:

1. Build and maintain a secure network and systems<p>
2. Protect cardholder data<p>
3. Maintain a vulnerability management program<p>
4. Implement strong access control measures<p>
5. Regularly monitor and test networks<p>
6. Maintain an information security policy

Discussion topics:

Why most vendors don’t understand how their products fit within PCI.<p>
Why PCI is perceived as a check box program.<p>
Vulnerability scanning vs. vulnerability management.<p>
Why should we care.<p>

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Security vs. Compliance: Where are the overlaps? Where are the differences?Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

What Does “Security” Really Mean? – Part 1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jake Williams

Jake Williams – Principal Consultant

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!

Security vs. Compliance: Where are the overlaps? Where are the differences?Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

What Does “Security” Really Mean? – Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jake Williams

Jake Williams – Principal Consultant

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information.

Anne will tell us about the work that the CLTC is doing, why “Long-Term” is in the name, and introduce us to their recent joint study with Booz Allen that researched “Considerations for Effective Oversight of Cyber Risk” based on interviews of a cross-section of board level positions.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

The Center for Long-Term Cybersecurity – Part 1

https://cltc.berkeley.edu/wp-content/uploads/2020/01/Resilient-Governance-for-Boards-of-Directors-Report.pdf

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Ann Cleaveland

Ann Cleaveland – Executive Director

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Meet Ann Cleaveland, the Executive Director of the Center for Long-Term Cybersecurity, a research and collaboration think tank housed within the University of California, Berkeley School of Information.

Anne will tell us about the work that the CLTC is doing, why “Long-Term” is in the name, and introduce us to their recent joint study with Booz Allen that researched “Considerations for Effective Oversight of Cyber Risk” based on interviews of a cross-section of board level positions.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

The Center for Long-Term Cybersecurity – Part 2

https://cltc.berkeley.edu/wp-content/uploads/2020/01/Resilient-Governance-for-Boards-of-Directors-Report.pdf

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Ann Cleaveland

Ann Cleaveland – Executive Director

Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code “SecurityWeekly” before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
prestitial ad