ESW #275 – Bill Bernard, Paul Lanzi
In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.
This segment is sponsored by Deepwatch.
Visit https://securityweekly.com/deepwatch to learn more about them!
This week in the Enterprise News: Lacework lays off approx 300 employees, US Narrows Scope of Anti-Hacking Law Long Hated by Critics, Security Study Plan, DevSecOps Vulnerability Management by Guardrails, StackZone, Cipherloc Acquires vCISO Security Services Provider SideChannel, Broadcom to Buy VMware for $61 Billion in Record Tech Deal, Cyscale raises EUR 3 million in Seed Funding Round, & more!
There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi...
Segment Resources: https://identiverse.com/idv2022/ (Paul on Wednesday) Visit https://www.securityweekly.com/esw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. What’s Happening with SCIM – Paul Lanzi – ESW #275
There are a few IETF standards that make the identity world go 'round. SAML, FIDO and LDAP are ones that we know and love... but there's one particularly un-loved standard that is the glue between most identity systems -- cloud and on-prem -- out there. It's called SCIM and -- good news -- smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi...
Segment Resources:
https://identiverse.com/idv2022/ (Paul on Wednesday)
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Paul Lanzi, Co-founder and COO of managed mobile and web-focused full-stack enterprise software development and UX teams at Genentech, Roche and Gilead Sciences. Previously, Paul served in project and program management positions at SBC (now AT&T), Posit Science and Genentech, focusing on IT Infrastructure, Information Security (IAM, encryption, policy implementation and change management), mobility and corporate integration efforts. Paul earned his BS with Honors in Computer Science at UC Davis and has held a PMP certification from the Project Management Institute since 2005. At Remediant, Paul focused on internal security and compliance, industry relations and technical partnering.
Hosts
2. Accelerating Security Response – Bill Bernard – ESW #275
In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.
This segment is sponsored by deepwatch.
Visit https://securityweekly.com/deepwatch to learn more about them!
Sponsored By
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Bill Bernard currently serves as Deepwatch’s Managing Director of Solutions Architecture. He is a seasoned security expert with 20+ years of experience collaborating with customers to select and deploy the right security solutions for their business. Bill has held various solutions architecture roles throughout his career and holds a variety of security certifications including CISSP, CIPP-E and CIPM.
Hosts
3. Lacework Layoffs, Anti-Hacking Law, The Security Study Plan, & StackZone – ESW #275
This week in the Enterprise News: Lacework lays off approx 300 employees, US Narrows Scope of Anti-Hacking Law Long Hated by Critics, Security Study Plan, DevSecOps Vulnerability Management by Guardrails, StackZone, Cipherloc Acquires vCISO Security Services Provider SideChannel, Broadcom to Buy VMware for $61 Billion in Record Tech Deal, Cyscale raises EUR 3 million in Seed Funding Round, & more!
Announcements
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Hosts
- 1. FUNDING: Certora Announces $36 million Series B funding round led by Jump Crypto
- 2. FUNDING: Dig Security raises $11 million in Seed funding for cloud data detection and response solution
- 3. FUNDING: LimaCharlie Secures 5.45 Million in Seed Funding Led by Susa Ventures
- 4. FUNDING: Cyscale raises EUR 3 million in Seed Funding Round
- 5. FUNDING: BEMO Raises $3M in Seed — Gula Tech Adventures
- 6. ACQUISITIONS: Broadcom to Buy VMware for $61 Billion in Record Tech Deal
- 7. ACQUISITIONS: Carlyle to Acquire ManTech in All-Cash Transaction Valued at Approximately $4.2 Billion
- 8. ACQUISITIONS: Pathlock Secures $200M; Completes Merger with Appsian and Security Weaver
- 9. ACQUISITIONS: Thales signs an agreement with Sonae Investment Management to acquire S21sec and Excellium, reinforcing its cybersecurity activities
- 10. ACQUISITIONS: Cipherloc Acquires vCISO Security Services Provider SideChannel – MSSP Alert
- 11. ACQUISITIONS: ThriveDX snaps up education platform provider Lucy Security – SiliconANGLE
- 12. NEW PRODUCTS: StackZone
- 13. NEW PRODUCTS: DevSecOps Vulnerability Management by Guardrails
- 14. TRENDS: Everyone is drafting their own startup Black Swan memo – TechCrunchI've got two movie quotes for this one: "Buckle in, it's going to be a bumpy ride" or "Hold on to your butts", depending on what generation you're from.
- 15. LAYOFFS: Lacework lays off approx 300 employees – Gergely Orosz on TwitterContent of the tweet: Just in: @Lacework - data-driven security platform for the cloud - lays off ~300 employees, about 20% of staff today. The layoffs come 6 months after the company raised $1.8B, valued at $8.3B. Some people let go were hired 1-2 months ago. Company yet to post an announcement.
- 16. LAYOFFS: Tripwire’s new owner lays off dozens, three months after buying the Portland tech company
- 17. LEGAL: US Narrows Scope of Anti-Hacking Law Long Hated by CriticsThe Justice Department pinkie swears they won't go after security researchers with CFAA in the future!
- 18. LEARNING: Security Study PlanThis Github repo has study plans for: Common Skills for Security AWS Security GCP Security Azure Security DevSecOps Docker Security Kubernetes Security Penetration Testing Application Security Testing API Security Network Security
- 19. SQUIRREL: HarpoCrates Pitchdeck: Remote Administration as a ServiceKelly posted this on LinkedIn, and apparently some folks didn't sense the sarcasm. Some of us appreciated the satire.
