Incident response, Vulnerability management, Social engineering

Eliminating the Variants – ESW #240

This week, first up, we welcome Kelly Shortridge, Senior Principal Product Technologist at Fastly, to talk about “Deciduous”, Decision Trees, and Security Chaos Engineering! Then, Deb Radcliff, Strategic Analyst and Author from CyberRisk Alliance Joins to discuss “Penning a Cyber Thriller”! Finally, In the Enterprise News Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!

Segment Resources:

- https://www.deciduous.app/

- https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/

- https://swagitda.com/blog/posts/deciduous-attack-tree-app/

- https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/

- The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com

Visit https://www.securityweekly.com/esw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Deciduous / Decision trees + Security Chaos Engineering – Kelly Shortridge – ESW #240

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory.

Segment Resources:

- https://www.deciduous.app/

- https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/

- https://swagitda.com/blog/posts/deciduous-attack-tree-app/

- https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Kelly Shortridge
Kelly Shortridge
Senior Principal Product Technologist at Fastly

Kelly Shortridge is a Senior Principal at Fastly in Product Technology and wrote the book on Security Chaos Engineering (O’Reilly Media). Kelly has been a successful enterprise product leader as well as an entrepreneur (with an exit to Crowdstrike) and investment banker. Kelly is best known for applying behavioral economics and resilience to information security and is a frequent advisor, author, and speaker on those topics.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Tyler Shields
Tyler Shields
CMO at JupiterOne

2. Penning a Cyber Thriller – ESW #240

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child.

Segment Resources:

The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com.

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Guest

Deb Radcliff
Deb Radcliff
Strategic Analyst, Author at CyberRisk Alliance

Deb Radcliff was the first investigative reporter to make cyber crime a beat starting in 1996 after researching a best-selling book about Kevin Mitnick called the Fugitive Game. Since then, she has written hundreds of articles for business and trade magazines, won two Neal awards for investigative reporting, and was runner up for a third. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. And she wrote her first book in a cyber thriller series, “Breaking Backbones: Information is Power,” which is selling well on Amazon and other outlets.

Hosts

Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Tyler Shields
Tyler Shields
CMO at JupiterOne

3. Cloudflare Saves the Day, Sumo Logic SOAR, Tenable Risk Management, & Drones – ESW #240

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

Hosts

Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad