Adrian Overlord – PSW #699
This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! In our final segment, we air a pre-recorded interview with Timur Guvenkaya, Security Engineer at Invicti Security, to show us what Web Cache Poisoning is all about!
Segment Resources:
Visit https://securityweekly.com/fastly to learn more about them!
Visit https://securityweekly.com/netsparker to learn more about them!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
Segments
1. Avoiding the Silo: Bridging the Divide Between Security + Dev Teams – Brian Joe – PSW #699
Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization’s InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he’ll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them.
This segment is sponsored by Fastly.
Visit https://securityweekly.com/fastly to learn more about them!
Sponsored By
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!
Guest
Brian Joe is the Director of Security Product Management at Fastly, where he runs the Security Product team and manages Fastly’s Security Product Portfolio. Previously, Brian led the Product and Growth functions at Signal Sciences (acquired by Fastly), and has had Product, Partnership, and Operations leadership roles at Edgecast Networks (acquired by Verizon), and Verizon Communications with over 16 years of experience in Security, Networking, Cloud, and SaaS.
Hosts
2. “Eavesdropping Cameras”, Ransomware Poll Results, Windows 11, & CVS Records Leak – PSW #699
This week in the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. Puerto Rico’s Power Distributor Suffered a Cyberattack Hours Before a Devastating Fire
- 2. Ransomware attack hit Teamsters in 2019 — but they refused to pay
- 3. How Hackers Used Slack to Break into EA Games
- 4. IoT Security: IoT Needn’t Be the Internet of Threats
- 5. Keylime
- 6. SEC charges mortgage title issuer First American with cybersecurity vulnerability violation
- 7. Cyber insurance costs and terms spike as ransomware attacks multiply
- 1. REvil ransomware hits US nuclear weapons contractor
- 2. Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
- 3. Peloton Bike+ vulnerability allowed complete takeover of devices
- 4. Bitcoin and Encryption: A Race Between Criminals and the F.B.I.
- 5. Scientists are teaching drones to hunt down human screams
- 6. Krebs on Security – In-depth security news and investigation
- 7. Ukrainian Police Nab Six Tied to CLOP Ransomware – Krebs on Security
- 8. Biden Tells Putin Critical Infrastructure Sectors ‘Off Limits’ to Russian Hacking
- 9. Required MFA Is Not Sufficient for Strong Security: Report
- 10. Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up
- 11. Millions of Connected Cameras Open to Eavesdropping
- 1. Make way for Windows 11? Windows 10 end-of-life is October 2025
- 2. Certified Pre-Owned
- 3. CaribouLite: A 30-6000 MHz 13-bit 4MHz SDR HAT for the Raspberry Pi
- 4. How to hack a bicycle – Peloton Bike+ rooting bug patched
- 5. Taming iButton Keys with Flipper Zero
- 6. Ukrainian police arrest multiple Clop ransomware gang suspects – TechCrunch
- 7. CVS Accidentally Leaks 1 Billion Website Records—Including Covid-19 Vaccine Searches
3. Web Cache Poisoning – Timur Guvenkaya – PSW #699
This presentation will cover how incorrect implementation of caching mechanism within web application might lead to the Web Cache Poisoning vulnerability that can potentially affect all the users using the web application.
Segment Resources:
www.netsparker.com
This segment is sponsored by Netsparker.
Visit https://securityweekly.com/netsparker to learn more about them!
Sponsored By
Announcements
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Guest
Security Engineer with a 3+ year history of managing the security of web applications, APIs, conducting security code reviews on various programming languages, and conducting security research. Currently working as a Security Engineer at Invicti Security, the world’s leading provider of dynamic web application security solutions that secures organizations from small businesses to Fortune 50 companies. Excited to learn new technologies such as Blockchain & AI to find ways to combine them with cybersecurity.
Hosts
