Cloud Security, Configuration management, Deception, Blue Team

SCW #5

November 14, 2019

 

 

What does your business need to know about the California Consumer Privacy Act (CCPA)?, California AG: No CCPA Safe Harbor for GDPR Compliance, Canada data breach tally soars since new privacy laws arrived, Marijuana Compliance and the quandary for brokers and dealers, and much more!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Security and Compliance News

Matt’s Stories

  1. What does your business need to know about the California Consumer Privacy Act (CCPA)?
  2. California AG: No CCPA Safe Harbor for GDPR Compliance
  3. Canada data breach tally soars since new privacy laws arrived
  4. What you need to know about the US CLOUD Act and the UK COPOA Act
  5. pci dss v4 draft is out
  6. What is a Chief Data Officer (CDO)?
  7. Security Think Tank: Embedding security in governance

Josh’s Stories

Weird Compliance

  1. Male-Male Sexual harassment by a non-emplpoyee [1]
  2. Weird expense awards[2]

Scott’s Stories

  1. Marijuana Compliance and the quandary for brokers and dealers
  2. PCAO began requiring independent auditors to disclose significant challenges in reviewing public companies’ financial statements
  3. Mastercard bans billing after free trials

Hosts

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

This week, we discuss part 1 on how Artificial Intelligence and Machine Learning can be used for Compliance, including:
– What is Artificial Intelligence (AI) and Machine Learning (ML)?
– What are the roles of AI/ML for Compliance?
– Example: Gaming

Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Artificial Intelligence and Compliance, Part 1

Hosts

Josh Marpet

Josh Marpet – COO

Matt Alderman

Matt Alderman – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

Sponsored By

sponsor
Visit https://securityweekly.com/aptible for more information!

Cloud computing services have become the norm for companies — even on-prem die-hards are using hybrid models. This leads to an increased need for compliance evidence. There are more controls in frameworks like SOC 2 and ISO 27001 related to cloud computing services than ever before, which means more effort to prove compliance. Join our session to learn how intelligent automations can simplify cloud computing compliance beyond what you’re doing today.

This segment is sponsored by Aptible.

Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Cloud Computing Compliance: Intelligent vs Basic Automations, Part 1

https://www.aptible.com/comply/integrations

https://www.aptible.com/use-cases/automate-compliance-management

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Frank Macreery

Frank Macreery – Co-Founder and CTO

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

  • In our webcast on November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Learn how to thwart attackers using deception in our November 19th technical training! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/aptible for more information!

The conversation continues on how intelligent automations can simplify cloud computing compliance.

This segment is sponsored by Aptible.

Visit https://securityweekly.com/aptible to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Cloud Computing Compliance: Intelligent vs Basic Automations, Part 2

https://www.aptible.com/comply/integrations

https://www.aptible.com/use-cases/automate-compliance-management

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Frank Macreery

Frank Macreery – Co-Founder and CTO

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

Sponsored By

sponsor
Visit https://securityweekly.com/cyrisma for more information!

You’ve scanned your data to uncover risks and vulnerabilities and assigned accountability through mitigation plans to meet compliance mandates. Now you must classify, rank, prioritize and score your data to track efforts and stay organized.

This segment is sponsored by CYRISMA.

Visit https://securityweekly.com/cyrisma to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Data, Data, Data – Part 1

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Liam Downward

Liam Downward – CEO

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

  • In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/cyrisma for more information!

The conversation continues about data classification!

This segment is sponsored by CYRISMA.

Visit https://securityweekly.com/cyrisma to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Data, Data, Data – Part 2

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

John Snyder

John Snyder – CEO

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Liam Downward

Liam Downward – CEO

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

An Interview with the newest member of the CRA/Security Weekly family, Adrian Sanabria! What is his role at Security Weekly, and what is the plan for rolling things out over the next 12-18 months? Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Who Are You?

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

We’re continuing the discussion with Adrian Sanabria and exploring if and how the plans for CRA/Security Weekly will impact the Security & Compliance Weekly audience! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

What’s in It for Us?

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer

Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our upcoming webcasts & technical trainings, you will learn how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/rsasecurity for more information!

The rapid shift to distributed work, along with radical changes in human behavior, is expanding digital risk for organizations and creating new opportunities for malicious actors. As such, organizations are rethinking how they define trust in securing critical data and resources. This interview will cover how capabilities and trends, such as XDR and passwordless authentication, are empowering organization to “never trust” and “always verify” leveraging unprecedented visibility and insight to protect what matters most.

This segment is sponsored by RSA Security.

Visit https://securityweekly.com/rsasecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Zero Trust Intersects XDR in Today’s Digital Era

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Zulfikar Ramzan, Ph.D.

Zulfikar Ramzan, Ph.D. – Chief Digital Officer, RSA; CTO, RSA Security

Announcements

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Someone made an offhand comment about the Cyber Credit Score Industry on one of our shows a couple weeks ago, so we thought we’d bring it up as a compliance topic.
We’ll define what we’re talking about when it comes to Cyber Credit Scores – what they are intended to do and for whom.

Then we’ll pick it apart, SCW style! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Compliance Topic: Cyber Credit Score Industry

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Zulfikar Ramzan, Ph.D.

Zulfikar Ramzan, Ph.D. – Chief Digital Officer, RSA; CTO, RSA Security

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

We’re going to take on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it.
To facilitate the discussion today we are joined by AJ Yawn, who is a founding board member of the National Association of Black Compliance & Risk Management Professionals, Inc. (NABCRMP). He’s also co-founder and CEO of a company called ByteChek whose tagline is “We Make Compliance Suck Less” so I think we’re in store for a fascinating discussion. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

AJ Yawn, NABCRMP – Part 1

https://nabcrmp.org/

https://www.complianceweek.com/ethics-and-culture/spotlight-on-national-association-of-black-compliance-and-risk-management-professionals/29542.article

https://www.prnewswire.com/news-releases/the-national-association-of-black-compliance—risk-management-professionals-inc-makes-its-debut-301112809.html

https://www.complianceweek.com/opinion/mcdonalds-handling-of-ex-ceo-scandal-gets-compliments-criticism/29308.article

https://www.complianceweek.com/surveys-and-benchmarking/what-compliance-can-do-to-advance-diversity-and-inclusion-efforts/29536.article

Hosts

Fredrick

Fredrick “Flee” Lee – CSO

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

AJ Yawn

AJ Yawn – Co-Founder & CEO

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

We’re taking on a different aspect of the cybersecurity skills gaps in this episode. Namely, the lack of diversity in our industry when it comes to African Americans and what can we all do about it. We continue our discussion in the 2nd segment, but turn our focus on suggestions of how to fix the problem. We can all do something, join us and find out what you can do!
Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

AJ Yawn, NABCRMP – Part 2

None

Hosts

Fredrick

Fredrick “Flee” Lee – CSO

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

AJ Yawn

AJ Yawn – Co-Founder & CEO

Announcements

  • SCYTHE is offering a FREE purple team workshop where attendees get hands-on in an isolated enterprise environment for three hours! It is scheduled for December 9th (the day before Security Weekly Unlocked!) Register for this free workshop now: https://securityweekly.com/purpleteamsw

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Sponsored By

sponsor
Visit https://securityweekly.com/cybersaintsecurity for more information!

In this segment, we discuss how COVID-19 and rapid Digitalization have pushed risk and compliance teams to innovate internally, and how they’re doing so with real-life examples. How is it even possible to eliminate nearly all manual effort around IT GRC? What is the latest strategy behind cross-walking frameworks and dynamically lighting up controls in an environment? You’ll learn how some of the largest organizations in the world are proving compliance in real-time, empowering their teams to manage even the most unprecedented risks, and how risk and compliance programs get a clear view into risk likelihood, impact, solution-cost modeling and more.

This segment is sponsored by CyberSaint.

Visit https://securityweekly.com/cybersaintsecurity to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

The Cyber Risk/Compliance Transformation Solution

Gartner’s Cool Vendors in Cyber & IT Risk Management: https://www.cybersaint.io/gartner-cool-vendor-in-cyber-it-risk-management-download

CyberSaint Solution Sheet: https://content.cybersaint.io/learn-more-the-cyberstrong-platform

On-Demand Webinar “Transform Cyber Risk Management to Support Digital Transformation”: https://www.brighttalk.com/webcast/18574/448391

Hosts

Fredrick

Fredrick “Flee” Lee – CSO

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Guests

Padraic O'Reilly

Padraic O’Reilly – Chief Product Officer & Co-Founder

Announcements

  • SCYTHE is offering a FREE purple team workshop where attendees get hands-on in an isolated enterprise environment for three hours! It is scheduled for December 9th (the day before Security Weekly Unlocked!) Register for this free workshop now: https://securityweekly.com/purpleteamsw

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

We want to take the time in the segment to formally introduce you to one of our new co-hosts, Mr. Fredrick “Flee” Lee. Flee is currently the Chief Security Officer for a company called Gusto and used to be Head of Information Security at Square.
We’ll spend some time getting to know Flee and his background, pepper him with questions, talk shop, all the while engaging in the usual mayhem. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Getting To Know Flee

None

Hosts

Fredrick

Fredrick “Flee” Lee – CSO

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Scott Lyons

Scott Lyons – CEO

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our upcoming webcasts & technical trainings you will learn how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

The penetration testing mythology as it applies to information security is all screwed up. If nothing else, we’re going to attempt to define a penetration test, focus on the goals, and what should be in a report. You better believe there is going to be an overarching “PCI” context to this discussion. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Pen Testing, Part 1 w/ Dmitry Zagadsky

Dmitry’s Bsides Boston talk, “Don’t End Up With a Pencil: Tips for Shopping Pen Tests” – https://youtu.be/Wr4UxdUa2aI

Jeff’s talk, “Do We Still Need Pen Testing?” from CircleCityCon 2015 – https://youtu.be/R13Bo8l9M5M

NIST SP800-115, Technical Guide to Information Security Testing and Assessment” – https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf

The Penetration Testing Execution Standard (PTES) – http://www.pentest-standard.org/index.php/Main_Page

PCI Security Standards Council’s Penetration Testing Guidance https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf?agreement=true

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Liam Downward

Liam Downward – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Dmitry Zagadsky

Dmitry Zagadsky – AVP IT Security

Announcements

We’ll continue our discussion of penetration testing. In this segment, we’ll talk about the right reasons to have a penetration test performed, the impact (for better or worse) of the PCI requirement for annual penetration testing, and how to get the most out of your penetration testing results. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Pen Testing, Part 2 w/ Dmitry Zagadsky

Penetration Testing Roundtable, PSW #500 – https://youtu.be/h6cMojWO8qs

The State of Penetration Testing Panel, PSW #677 – https://youtu.be/mYzZoUXz7a4

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Liam Downward

Liam Downward – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Dmitry Zagadsky

Dmitry Zagadsky – AVP IT Security

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

We have a roundtable discussion amongst the hosts looking back on the highs and lows of 2020!

Looking back:

-Solarwinds (not in depth but just as part of the year)
-Covid-19
-Working from home
-Conferences shut down
-Travel gone
-The new normal of zoom calls
-Kids at home Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Looking Back

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess

Scott Lyons

Scott Lyons – CEO

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

We don’t want to have the typical “predictions” episode, but do want to chat about what we might expect in the coming year; what is changing? what is coming back? and when? (if at all)?

Looking forward:

-Vaccines
-Anti-vaxxers
-Resumption of travel?
-Resumption of conferences????
-Sales and marketing changes
-Societal changes
-The problems we face moving forward in compliance and security Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Looking Forward

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Priya Chaudhry

Priya Chaudhry – Jedi Warrior Princess

Scott Lyons

Scott Lyons – CEO

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

We’re going to dissect what we know about the Sunburst/SolarWinds hack to this point – SCW style! We’ll touch on the things that keep coming up in the news – attribution, conspiracy theories, implications, consequences, and so forth. Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Sunburst: Down the Rabbit Hole

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Liam Downward

Liam Downward – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jim McKee

Jim McKee – Founder & CEO

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

  • Learn how to conquer cloud complexity in our first Security Weekly webcast of 2021 on January 28th @ 11am ET! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand

We will shift focus of the discussion from understanding to action – that is, what to do about this and similar types of attacks that might be perpetrated agains your organization. Or is there anything to do about this “clear and present danger”? Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

Sunburst: The Cleanup

None

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Josh Marpet

Josh Marpet – COO

Liam Downward

Liam Downward – CEO

Scott Lyons

Scott Lyons – CEO

Guests

Jim McKee

Jim McKee – Founder & CEO

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!



Sponsored By


sponsor
Visit https://securityweekly.com/ekran for more information!

Mitigating insider threats is a key cybersecurity priority for any organization that works with sensitive data. And to do that, you need an insider threat program. Such a program not only is required by numerous cybersecurity regulations, standards, and laws but also allows a company to detect an insider threat at its early stages, respond to it, and remediate the damage with little to no harm done.

This segment is sponsored by Ekran System.

Visit https://securityweekly.com/ekran to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

How to Build an Insider Threat Program in 10 Steps – Part 1

Guests

Anthony Palmeri

Anthony Palmeri –

Enterprise Account Executive at Ekran System

Hosts

Fredrick

Fredrick “Flee” Lee –

CSO at Gusto

Jeff Man

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

Josh Marpet

Josh Marpet –

COO at Red Lion

Scott Lyons

Scott Lyons –

CEO at Red Lion

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Audio



Sponsored By


sponsor
Visit https://securityweekly.com/ekran for more information!

The conversation continues on mitigating insider threats and building an insider threat program!

This segment is sponsored by Ekran System.

Visit https://securityweekly.com/ekran to learn more about them! Visit https://www.securityweekly.com/scw for all the latest episodes!

Full Episode Show Notes

How to Build an Insider Threat Program in 10 Steps – Part 2

Guests

Anthony Palmeri

Anthony Palmeri –

Enterprise Account Executive at Ekran System

Hosts

Fredrick

Fredrick “Flee” Lee –

CSO at Gusto

Jeff Man

Jeff Man –

Sr. InfoSec Consultant at Online Business Systems

Josh Marpet

Josh Marpet –

COO at Red Lion

Scott Lyons

Scott Lyons –

CEO at Red Lion

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

  • Learn how to conquer cloud complexity in our first webcast of 2021, this Thurs, Jan 28th 11am ET! Next Thurs, Feb 4th 11am ET, in our first technical training of 2021, you’ll Learn How to Manage Insider Risks in the Work-from-Anywhere World! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand

Audio

prestitial ad