Cybersecurity Asset Management, Firewall, Attack surface mgmt, Patch Management, Blue Team

PSW #649

May 2, 2020

Jeremy Miller, a retired Green Beret and current CEO of Lionfish Cyber Security, will discuss how mission set tactics used by Special Forces can be applied directly to the cyber war being waged today. These mission sets are very relevant for the front line of cybersecurity professionals, who are the next generation of Special Operation forces. These are the men and women that protect our country, our businesses and our families. Approaching the cyber war with this mindset, Miller is re-aligning how cybersecurity in small to medium sized businesses is structured. His team plans to be a force multiplier for SMBs by bundling resources and capabilities into an affordable security platform, making cyber security more a strength than a weakness for these organizations.

Link to the Cyberspace Solarium Commission (CSC): https://www.solarium.gov/

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Fighting the Cyber War With Battlefield Tactics

Website: https://www.secopscyberinstitute.com/

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Jeremy Miller

Jeremy Miller – CEO

Philip Niedermair

Philip Niedermair – CEO

Announcements

  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

In the Security News, Half a Million Zoom Accounts Compromised by Credential Stuffing, Sold on Dark Web, Scammers pounce as stimulus checks start flowing, NSA shares list of vulnerabilities commonly exploited to plant web shells, Using Pythons pickling to explain Insecure Deserialization, How to encrypt AWS RDS MySQL replica set with zero downtime and zero data loss, 9 Skills That Separate Beginners From Intermediate Python Programmers, Hackers are exploiting a Sophos firewall zero-day, and more!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Python Pickling, Sophos 0-Day, & AWS RDS MySQL

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Announcements

  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

The crew talks about how to accomplish asset management, vulnerability management, prioritization of remediation, and the actual remediation steps! No small task! Then check out a deep dive demonstration of Qualys VMDR that includes, you guessed it, Asset Management, Vulnerability Management, Threat Detection & Prioritization, and Response!

To learn more about Qualys and VMDR, please visit: https://securityweekly.com/qualys

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Defensive Strategies and Qualys VMDR

The crew talks about strategies to achieve the following:

Asset Management – Why it is important and how you might accomplish this in your organization. In the cloud? Containers? OT?

Vulnerability Management – Do we need to find ALL the vulnerabilities? What other tactics can be used to find vulnerabilities that tie into a full VM program?

Prioritization – How do we define what is important and what is not? What factors go into prioritizing vulnerabilities?

Patching – The above 3 activities really mean nothing unless the teams can fix the problems found. What do organizations do to ensure that patches actually get applied? How important is it to automate patching so IT and Security teams can focus on other things?

Following this discussion is a great demo from Sumedh Thakar of Qualys of VMDR, a complete solution for the items we discussed at the top of the segment! Qualys VMDR is an end-to-end solution that cuts across the entire hybrid environment and one that is real-time, accurate, easy to deploy and operate.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Sumedh Thakar

Sumedh Thakar – Chief Product Officer

Announcements

  • Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
  • Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
prestitial ad