Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Paul's Security WeeklySubscribe
Encryption, DevOps, Patch management, Endpoint Security, Endpoint Security

PSW #628

November 22, 2019
Section 0

 

 

Peter Liebert is the CEO at Liebert Security. After working in and with SOCs for the majority of my career, as well as building one from the ground up for the State of California, there are some lessons learned that can be shared with the wider community. The first is how to leverage automation and devsecops methodologies in your SOC and the second is how to break out of the traditional Tier 1-3 model.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

The Next Generation of SOCs

Hosts

Doug White

Doug White – Professor
Matt Alderman

Matt Alderman – CEO
Paul Asadoorian

Paul Asadoorian – Founder & CTO
Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Peter Liebert

Peter Liebert – CEO

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
http://traffic.libsyn.com/sw-all/PSW_628_-_Peter_Liebert_Liebert_Security-0_converted.mp3
Section 1

Dave Kennedy is the Founder & CEO of TrustedSec. Dave comes on the show to talk about the Coalfire incident and DerbyCon communities.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Coalfire Incident & DerbyCon Communities

Hosts

Doug White

Doug White – Professor
Matt Alderman

Matt Alderman – CEO
Paul Asadoorian

Paul Asadoorian – Founder & CTO
Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

David Kennedy

David Kennedy – Co-Founder/CTO

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
http://traffic.libsyn.com/sw-all/PSW_628_-_Dave_Kennedy_TrustedSec-0_converted.mp3
Section 2

In the Security News, Disney Plus Blames Past Hacks for User Accounts Sold Online, Why Multifactor Authentication Is Now a Hacker Target, How the Linux kernel balances the risks of public bug disclosure, A critical flaw in Jetpack exposes millions of WordPress sites, and Amazon tells senators it isn’t to blame for Capital One breach!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

The Marvel Universe

Paul’s Stories

  1. Amazon tells senators it isn’t to blame for Capital One breach
  2. DNS-over-HTTPS is coming to Windows 10
  3. A critical flaw in Jetpack exposes millions of WordPress sites
  4. Throwback Thursday: See if you can wriggle out of this one
  5. Disney Plus Blames Past Hacks for User Accounts Sold Online | SecurityWeek.Com
  6. Why Multifactor Authentication Is Now a Hacker Target
  7. California IoT security law: What it means and why it matters – Help Net Security
  8. D-Link Adds More Buggy Router Models to Wont Fix List
  9. If You Love Your Wi-Fi, Secure It – OpenDNS Umbrella Blog
  10. I ‘Hacked’ My Accounts Using My Mobile Number: Here’s What I Learned
  11. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows | SecurityWeek.Com
  12. Intel Patched 77 Vulnerabilities in November 2019 Platform Update
  13. How the Linux kernel balances the risks of public bug disclosure
  14. Hacking Python Applications
  15. 13 Security Pros Share Their Most Valuable Experiences
  16. Office 365 Admins Targeted in Ongoing Phishing Scam

Lee’s Stories

  1. Thousands of hacked Disney+ accounts for sale

Hosts

Doug White

Doug White – Professor
Matt Alderman

Matt Alderman – CEO
Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
https://traffic.libsyn.com/sw-all/PSW_628_-_Security_News-0_converted.mp3

Related

Encryption
OpenSSL vulnerability can ‘definitely be weaponized,’ NSA cyber director says

Derek B. JohnsonMarch 21, 2022

The flaw affects OpenSSL versions 1.02, 1.1.1, and 3.0, all of which have been patched. OpenSSL is a core component of Unix and Linux-based systems, and is also bundled into software applications that run on Windows.

Encryption
Here’s why EMV alone isn’t enough to protect fuel pump transactions

Ruston Miles February 15, 2022

Gas stations and convenience stores must adopt a layered approach based on EMV chips and point-to-point encryption.

Encryption
NSA gains new cybersecurity authorities over national security systems

Derek B. JohnsonJanuary 19, 2022

The White House memo places the NSA in a role similar to the one the Cybersecurity and Infrastructure Security Agency (CISA) plays among federal civilian agencies.

prestitial ad
About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.