Security Weekly
Enterprise Security WeeklySubscribe
Leadership, Application security, Vulnerability Management, Security Staff Acquisition & Development, Threat Management

Break All Your Stuff – ESW #243

Full Audio

View Show Index

Segments

1. Scaling Application Security – Joe Gillespie, Nuno Loureiro – ESW #243

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution.

This segment is sponsored by Probely.

Visit https://securityweekly.com/probely to learn more about them!

Sponsored By

Probely

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guests

Nuno Loureiro
CEO at Probely

Nuno is a Co-Founder and the CEO of Probely. In the past, he led an Application Security team at a Telco Provider, where he provided training on secure coding, security guidance during the development lifecycle of projects, performed penetration testing, and implemented PCI-DSS across the organization.

He holds an MSc in Information Security from Carnegie Mellon University.

Joe Gillespie
Director at Probely

Director – Enterprise Sales – North America

Hosts

Principal Researcher at The Defenders Initiative
Senior Vice President, Audience Content Strategy at CyberRisk Alliance
Principal Security Evangelist at Eclypsium

2. Threat Intelligence & Threat Hunting – Chris Cochran – ESW #243

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Chris Cochran
Founder and Producer at Hacker Valley Media

Chris Cochran is the Creative Director of Media at Axonius by day and producer/ host of the award-winning Hacker Valley Studio podcast by night. Chris is prior active duty US Marine Corps intelligence, which led him to a career in cybersecurity. He has dedicated that career to building and leading intelligence and cybersecurity missions at places such as the National Security Agency, Mandiant, and Netflix. His ultimate passion is finding and amplifying human stories in cybersecurity to inspire and enlighten our community.

Hosts

Principal Researcher at The Defenders Initiative
Senior Vice President, Audience Content Strategy at CyberRisk Alliance
Principal Security Evangelist at Eclypsium

3. The Color White, Forgerock IPO, Ditching Your Microsoft Password, & Neosec – ESW #243

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!

Announcements

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. FUNDING: Founders Fund Values Identity Startup Persona at $1.5 Billion
    Raised $150m in a Series C. Focused on identity verification. Kinda like the future of background checks, but more about making sure you're really you (using Biometrics & other methods) than looking for red flags in your background. $1.5bn valuation on $10-15m revenue? A 100-150x valuation? Sure, why not?
  2. 2. FUNDING: Neosec Emerges From Stealth With $20.7 Million in Funding
    API Security company: "Neosec aims to identify all APIs used within an organization, based on existing logs, to constantly maintain an inventory of APIs, and even generate documentation for previously unknown APIs. The platform also discovers APIs transferring sensitive data, any existing discrepancies, and vulnerable or misconfigured APIs."
  3. 3. FUNDING: Ketch raises another $20M as demand grows for its privacy data control platform – TechCrunch
    "providing online privacy regulation and data compliance" - Came out of stealth earlier this year, announced a $23m Series A, and then six months later, they're now announcing an additional $20m in funding. Looking to automate how customer data is handled based on their privacy preferences, hopefully reducing human error as a factor?
  4. 4. FUNDING: Kolide, a ‘transparency-first’ endpoint security platform, raises $17M
    Sounds like they're going in more of a device management direction, rather than Uptycs's more EDR/threat prevention/detection direction with their OSQuery-based product. I had heard rumblings about business/organizational/funding challenges a few years ago, so it's good to see some stability now.
  5. 5. FUNDING: Stairwell secures $20M Series A to help organizations outsmart attackers – TechCrunch
    Former founder of Google's Chronicle talking about what this new startup is going to do for the first time. Some breathless claims, but I'm struggling to understand how this take on threat intel is going to differentiate in a threat intel market that already looks oversaturated.
  6. 6. ACQUISITION: F5 Enhances Cloud Security Portfolio with Acquisition of Threat Stack
    This market segment seems to have collapsed. Check Point picked up Dome9 back in 2018 and CloudPassage got picked up by PE-owned Fidelis in what MUST have been a fire sale. Also, didn't realize Anup Ghosh was running things over at Fidelis!
  7. 7. IPO: ForgeRock to go public as IPO prices above the expected range, valuing company at nearly $2 billion
    ForgeRock going public tomorrow on the NYSE! Pricing looks around what you'd expect for a cybersecurity vendor. Matt's going to have another one to add to his security money watchlist!
  8. 8. IPO: GitLab announces their intent to IPO and files a public S-1
    S-1s are always fun to dig into and it has been interesting to watch GitLab's trajectory after Microsoft's Github acquisition. Aiming to be your one-stop-shop for DevOps workflow and tool stack!
  9. 9. TRENDS: You Can Now Sign-in to Your Microsoft Accounts Without a Password
    Microsoft is one of the first to go passwordless for consumer logins! Who saw that coming?
  10. 10. It’s Time for Vendor Security 2.0
  11. 11. SQUIRREL, PART 1: Purdue record for the whitest paint appears in latest edition of ‘Guinness World Records’
  12. 12. SQUIRREL, PART 2: The Plot to Steal the Color White From DuPont
Senior Vice President, Audience Content Strategy at CyberRisk Alliance
Principal Security Evangelist at Eclypsium

Related