Backup and recovery, Cybersecurity Asset Management, Cloud Security

SCW #3

November 8, 2019

Josh Marpet and Scott Lyons perform interviews at 2019 NACD Blue Ribbon Commission Initiative.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

2019 NACD Blue Ribbon Commission Initiative

Hosts

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

PwC’s 2019 Annual Corporate Directors Survey, What is the Board’s Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance, and 5 Updates from PCI SSC That You Need to Know.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security and Compliance News

  1. Crisis management comes into focus
  2. Increasing the profile of cybersecurity in the boardroom
  3. Directors lukewarm on a stakeholder model of governance
  4. Who’s responsible for culture? Everyone…including the board
  5. More work to be done on talent management
  • What is the Board’s Role in Effective Risk Management? – Boards can take the following actions to assure effective risk management oversight:
    • Ensure that board members understand why and how robust risk monitoring is required to achieve organizational strategic goals and overall success.
    • Nominate board executive(s) with appropriate risk management background.
    • Establish a board risk committee or group that oversees all risk management activities enterprise-wide and advises the full board around risk-related decisions.
    • Designate a Chief Risk Officer (CRO) to represent the risk committee and oversee risk-related issues.
    • Regularly review all aspects of risk monitoring processes to ensure they are effectively and efficiently meeting organizational needs.
  • CEOs could get jail time for violating privacy bill – The bill, known as the Mind Your Own Business Act will contain the most comprehensive protections for Americans’ private data and will go further than the EU General Data Protection Regulation (GDPR). The Mind Your Own Business Act will empower the Federal Trade Commission (FTC) by allowing them to establish minimum privacy and cybersecurity standards and issuing steep fines (up to 4% of annual revenue) on the first offense for companies. Senior executives who have knowingly lied to the FTC could face 20-20 year criminal penalties.
  • California Amends Breach Notification Law – On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; and (2) biometric data generated from measurements or technical analysis of human body characteristics (e.g., fingerprint, retina, or iris image) used to authenticate a specific individual.
  • Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance – Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. But how do you start?
    • Define the scope
    • If it isn’t broken, make it better!
    • Deliver added value
    • Looking to the Future
  • 5 Updates from PCI SSC That You Need to Know – As payment technologies evolve, so do the requirements for securing cardholder data.
  1. Programs Open for Software Security Framework Assessors in October
  2. New Standard for Contactless Payments by the End of the Year
  3. Requests for Comments for PCI DSS Version 4.0 to Open in October
  4. New Version of P2PE Standard and Program in December
  5. A New Strategic Framework

Hosts

Matt Alderman

Matt Alderman – CEO

Michael Santarcangelo

Michael Santarcangelo – Founder; Catalyst

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

Jeff loves PCI DSS.
Josh has been a fierce critic of it… and… Josh has been working with public policy…
We’ll dig into the nuances and offer better ways to tell good from bad policy incentives.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Regulations, PCI, and IoT Safety – Part 1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Josh Corman

Josh Corman – I am The Cavalry

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Jeff loves PCI DSS.
Josh has been a fierce critic of it… and… Josh has been working with public policy…
We’ll dig into the nuances and offer better ways to tell good from bad policy incentives.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Regulations, PCI, and IoT Safety – Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Josh Corman

Josh Corman – I am The Cavalry

Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code “SecurityWeekly” before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Our second June webcast will be with Google Cloud teaching you how to prevent account takeover attacks! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/rsasecurity for more information!

Around the U.S., economies are re-opening and employees are beginning to return to the office. Rob and “C-Pat” will provide perspective on what new compliance and security challenges the public and private sectors need to be looking to in order to manage as it enters this new phase of how things are today.

To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurityVisit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Navigating the Risks Associated With the Return to “Normal”

We’ll discuss the impact of security and compliance programs on business operations and how the current environment is impacted (or vice versa).
How does all of this impact risk to organizations?
What is RSA’s take on all of this both from private and public sector perspective?

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Chris Patteson

Chris Patteson – Executive Director, RSA Risk Transformation Office

Robert Carey

Robert Carey – Vice President, RSA Public Sector Solutions

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Our second June webcast will be with Google Cloud teaching you how to prevent account takeover attacks! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Security and Compliance news of the week (or longer – it’s our show).Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Compliance News

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Jeff, Matt, Scott, and Josh continue the conversation and talk “How to Become an InfoSec Professional With Limited Resources”!Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

How to Become an InfoSec Professional With Limited Resources

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • Learn how to prevent account takeover attacks in our next June webcast with Google Cloud! In our first July webcast, you will learn how to stitch and enrich flow data for security with VIAVI Solutions! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Taking a deeper look into moving PCI related resources into cloud platforms. Public cloud, private cloud, do’s, don’ts and can’ts! We will explore key considerations and impacts to security compliance and responsibilities related to cloud.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

PCI Workloads in the Cloud

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Matt Springfield

Matt Springfield – Founder

Announcements

  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • In our first July webcast, you will learn how to stitch and enrich flow data for security with VIAVI Solutions! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Cloud Security for a Dynamic Environment, Why identity-based, distributed controls are better suited to address cloud-era threats, Top Cloud Security Challenges in 2020, Exposed Cloud Databases Attacked 18 Times Per Day, and more!Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Cloud Security & Compliance News

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
  • With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best – host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 – August 6, 2020. To reserve your slot now, visit: securityweekly.com/summercamp2020

Director of Security Engineering at Truss.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

A Professional’s View of Security vs. Compliance

We’ll ask Kimber about her views on security vs. compliance. How her work experience has shaped her opinions. What recommendations does she have for implementing security programs in spite of or in line with compliance. Also any practical advice in our new, virtual, working remotely world.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Kimber Dowsett

Kimber Dowsett – Director of Security Engineering

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best – host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 – August 6, 2020. To reserve your slot now, visit: securityweekly.com/summercamp2020

@mzbat is a frequent speaker at hacker conferences, and likes to help folks prepare for job searches by performing mock interviews and resume reviews.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

A Hacker’s View of Security vs. Compliance

We’ll talk to @mzbat about security vs. compliance from the hacker perspective. What’s different? What’s the same? We’ll get her take on how to build bridges and close the gap between the hacker/security community and the compliance side of the world. What advice can she give us for breaking down barriers as well as equipping ourselves for careers in the field of cybersecurity?

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

@mzbat

@mzbat – Overcommitted Underachiever, PhD in Horribleness

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
  • In our first July webcast, you will learn how to stitch and enrich flow data for security with VIAVI Solutions! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/onapsis for more information!

Auditor turned security professional joins Security & Compliance Weekly to talk about how security misconfigurations and vulnerabilities can lead to compliance problems and the need for organizations to adopt a process of continuous compliance. Learn the best practices leaders can use to identify, monitor, and mitigate compliance risks related to their most critical business applications.

To learn more about Onapsis, visit: https://securityweekly.com/onapsisVisit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Auditor Meets Security Pt. 1

10kBLAZE Threat Report: https://www.onapsis.com/resources/10kblaze
Streamline and improve the audit process: https://www.onapsis.com/why-onapsis/automate-audit
Automate the audit: https://youtu.be/EFkM5EOXcjE
Recon Vulnerability: https://www.onapsis.com/recon-sap-cyber-security-vulnerability
PAYDAY Vulnerability: https://www.onapsis.com/blog/video-oracle-payday-vulnerabilities
BigDebIT Vulnerability: https://www.onapsis.com/oracle-bigdebit-vulnerabilities

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Brian Tremblay

Brian Tremblay – Director, SOX Cyber Audit & Compliance in Sales

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
  • With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best – host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 – August 6, 2020. To reserve your slot now, visit: https://securityweekly.com/summercamp2020

Sponsored By

sponsor
Visit https://securityweekly.com/onapsis for more information!

We continue the discussion with Brian Tremblay, a former auditor who “got religion” when he began to understand the complexities of security and how compliance could help or hinder security program efforts in organizations. We’ll also talk about what Brian is doing at Onapsis, and how Onapsis is trying to help solve the problem.

To learn more about Onapsis, visit: https://securityweekly.com/onapsisVisit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Auditor Meets Security Pt. 2 – SCW #35

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Brian Tremblay

Brian Tremblay – Director, SOX Cyber Audit & Compliance in Sales

Announcements

  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
  • Register for our upcoming webcasts or virtual trainings by visiting https://securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions. Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

PCI Dream Team – Part 1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Arthur Cooper

Arthur Cooper – Senior Security Consultant

Ben Rothke

Ben Rothke – Senior Information Security Specialist

David Mundhenk

David Mundhenk – Principal Security Consultant

Jeff Hall

Jeff Hall – Senior Consultant

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

PCI Dream Team: Ben Rothke, Jeff Hall, David Mundhenk, Art Cooper answer all of the toughest PCI questions, Part 2!Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

PCI Dream Team – Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Arthur Cooper

Arthur Cooper – Senior Security Consultant

Ben Rothke

Ben Rothke – Senior Information Security Specialist

David Mundhenk

David Mundhenk – Principal Security Consultant

Jeff Hall

Jeff Hall – Senior Consultant

Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
  • Learn how to keep your “internet self” safe in our next webcast on August 13th! Register for our upcoming webcasts or virtual trainings by visiting https://securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

John Snyder will lead the discussion about the legal implications of Security and Compliance.Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Legal Implications of Security & Compliance – Part 1

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Continuing our discussion with John Snyder, our new co-host. Peppering him with questions about the law, hacking, security, compliance, and we might throw in a few of our favorite lawyer movie quotes!

“The car that made these two, equal-length tire marks had positraction. You can’t make those marks without positraction, which was not available on the ’64 Buick Skylark!”Visit https://www.securityweekly.com/scw for all the latest episodes!
Full Episode Show Notes

Legal Implications of Security & Compliance – Part 2

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit https://securityweekly.com/summercamp2020 and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!
  • Learn how to keep your “internet self” safe in our next webcast on August 13th! Register for our upcoming webcasts or virtual trainings by visiting https://securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Government agencies are running in antiquated, fortress-based government clouds under the guise this is the only option for superior security and compliance. However, security and compliance don’t have to be a blocker to innovation; they can be part of the transformation. Jeanette will discuss how Google Cloud is enabling this transformation with Assured Workloads for Government by simplifying the compliance configuration process and providing seamless platform compatibility between government and commercial cloud environments. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Compliance Without Compromise – Part 1

https://www.nextgov.com/ideas/2020/06/gov-clouds-during-covid-19-end-digital-fortress-era/166151/

https://www.fedscoop.com/government-shift-identity-based-cybersecurity-zero-trust-away-from-perimeter-defense-report/

https://cloud.cio.gov/strategy/

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Jeanette Manfra

Jeanette Manfra – Global Director, Security and Compliance

Announcements

  • Visit https://securityweekly.com/webcasts to see what we have coming up! Learn about Rapid7’s Findings from the National Internet Cloud Exposure Report on August 13th and How to Create and Run a Conference, from the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

The discussion continues with Jeanette Manfra. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Compliance Without Compromise – Part 2

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Jeanette Manfra

Jeanette Manfra – Global Director, Security and Compliance

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Sponsored By

sponsor
Visit https://securityweekly.com/cyberark for more information!

Matt discusses his position on the Solutions Engineering team at CyberArk. He talks about how his 15 years in Systems and Sales Engineering roles adds a layer of experience at CyberArk. Matt will then explain how CyberArk provides “Security for the Heart of the Enterprise” by adding a layer of security around privileged accounts.

This segment is sponsored by CyberArk.

Visit https://securityweekly.com/cyberark to learn more about them!

Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/

Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Matt Tarr, CyberArk

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Matt Tarr

Matt Tarr – Principal Solutions Engineer

Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Sponsored By

sponsor
Visit https://securityweekly.com/cyberark for more information!

In this episode we will discuss the overarching importance of securing privileged access throughout the organization as it relates to the overall security posture and compliance requirements. CyberArk’s Principle Solutions Engineer Matt Tarr will explain the principle of least privilege, its regulatory and security aspects, and how least privilege can be enforced in a real-life implementation. He will also discuss concepts such as just-in-time privileged access, endpoint security, multi-factor authentication, password rotation and other important aspects of managing identity security and privileged access security as it relates to regulation including PCI DSS, GBLA and others.

This segment is sponsored by CyberArk.

Visit https://securityweekly.com/cyberark to learn more about them!

Endpoint Privilege Manager Free Trial: https://www.cyberark.com/products/privileged-account-security-solution/endpoint-privilege-manager/endpoint-privilege-manager-free-trial/

Blueprint for PAM Implementation: https://www.cyberark.com/blueprint/ Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

The Principle of Least Privilege & Regulatory Compliance

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Matt Tarr

Matt Tarr – Principal Solutions Engineer

Announcements

  • Learn How to Create and Run a Conference, from some of the geniuses behind Layer8 Conference and Wild West Hackin Fest on August 19th! Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed…Best Practices To Prioritize And Remediate Now! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

prestitial ad