ESW #296 – Travis Spencer, Sounil Yu, Brian Markham, Robert Graham, Rich Friedberg
Full Audio
View Show IndexSegments
1. Modern Access Security: Ditch Passwords, Implement 0-Trust & Secure APIs – Travis Spencer – ESW #296
Don’t leave the door open. Modern systems are complex and require you to consider many aspects. Here are some aspects we consider critical:
- APIs are the dominant software development direction/trend. Traditional/legacy ways to grant access is not fit for purpose of protecting this new way of delivering products and services.
- Customers are demanding better digital experiences. To maintain a competitive edge and drive brand loyalty businesses need to provide great online experiences.
- Standards (such as OAuth and OpenID Connect) are important to ensure high-security levels. Also enables scalability and helps future-proof your infrastructure. For example in the financial sector, these standards play a key role in the drive toward open banking.
- A modern architecture is a zero trust architecture. In a zero trust architecture, the new perimeter hinges on identity.
Segment Resources: https://thenewstack.io/zero-trust-time-to-get-rid-of-your-vpn/ This segment is sponsored by Curity. Visit https://securityweekly.com/curity to learn more about them!
Sponsored By
Announcements
Dive deeper into the world of cybersecurity with Security Weekly on Instagram! Follow us @SecWeekly to find exclusive clips, hilarious memes, behind-the-scenes sneak peeks, and more! Stay connected, stay informed, and join our growing community!
Guest
Travis has worked extensively with organizations in various industries in both the US, Europe, and elsewhere who are adopting cloud and mobile computing. His broad market exposure coupled with a background in application development allows him to help organizations with low-level technical issues as well high-level questions. His deep knowledge of legacy standards like SAML, WS-* and XACML coupled with current best practices like REST, SCIM, OpenID Connect and OAuth provides him with a unique and cutting edge perspective on digital identity and access management.
Hosts
2. The Joe Sullivan Case: Anomaly or Precedent? Part 1 – ESW #296
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg, CISO at Live Oak Bank Robert Graham, Owner at Errata Security
Announcements
Security Weekly listeners, we need to hear your voices! Leave us your feedback on Apple podcasts & submit a screenshot to our giveaway form for a chance to win a $100 gift card from Hacker Warehouse! This giveaway will be open until the end of the year. We appreciate your honest feedback so we can continue to make great content for our audience! Visit securityweekly.com/giveaway to enter!
Guests
Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School’s National Security Institute; teaches at Yeshiva University; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before Bank of America, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, and a 2021 Top 10 CISO by Black Unicorn Awards. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.
Robert is a long time cybersecurity expert. He’s a regular speaker at cybersecurity conference, and blogs at https://blog.erratasec.com (technical) and https://cybersect.substack.com (less technical). He’s been a long time innovator in the community. Twenty years ago, he created the BlackICE personal firewall and first intrusion prevention system (IPS). He demonstrated the “sidejacking” technique that forced major websites to switch completely to SSL. He developed the ‘masscan’ tool that can port scan the entire IPv4 Internet in under 5 minutes from a single machine (given sufficient bandwidth). He develops many tools at https://github.com/robertdavidgraham.
Rich Friedberg is the Chief Information Security Officer (CISO) at Live Oak Bank, a digital, cloud-based bank serving small business owners in all 50 states. Live Oak bank is the #1 SBA 7(a) lender by dollar volume. Prior to Live Oak, Rich led cyber security at Blackbaud, a cloud software and services provider for the social good community. Prior roles included CISO for the Credit Card division of Capital One, where he led strategic efforts to enable technology transformation and secure public cloud adoption. Rich also served as Deputy Director of the CERT® Coordination Center (CERT/CC), a Department of Defense R&D center operated by Carnegie Mellon University. During his tenure, Rich played a pivotal role in advancing national-level defense programs, supported several of the nation’s largest breaches, and worked to advance the Government’s capabilities to track nation state actors. Prior to CERT, Rich led teams at Fannie Mae across security engineering, operations, threat intelligence, electronic discovery, and incident response.
Rich holds a BS from Carnegie Mellon University, an MBA from George Washington University, and is an adjunct instructor at Carnegie Mellon’s executive CISO program. He lives in Charleston, SC with his wife, 2 kids, and 2 dogs.
Hosts
3. The Joe Sullivan Case: Anomaly or Precedent? Part 2 – ESW #296
In this panel discussion, we'll discuss the polarizing case of Joe Sullivan that has rattled the CISO community. Was the Sullivan case a rare anomaly? Were his actions in this scenario typical or unconscionable for the average CISO? Is it okay for Sullivan to take the fall while the rest of Uber and involved parties plead out with little to no punishment?
We'll tackle all these questions and more with our excellent panel, comprised of: Sounil Yu, CISO and Head of Research at JupiterOne Brian Markham, CISO at EAB Rich Friedburg, CISO at Live Oak Bank Robert Graham, Owner at Errata Security
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guests
Sounil Yu is the CISO and Head of Research at JupiterOne. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He’s a Board Member of the FAIR Institute; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School’s National Security Institute; teaches at Yeshiva University; and advises many startups. Sounil previously served as the CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. Before Bank of America, he helped improve information security at several Fortune 100 companies and Federal Government agencies. Sounil has over 20 granted patents and was recognized as one of the most influential people in security in 2020 by Security Magazine, Influencer of the Year in 2021 by SC Awards, and a 2021 Top 10 CISO by Black Unicorn Awards. He has an MS in Electrical Engineering from Virginia Tech and a BS in Electrical Engineering and a BA in Economics from Duke University.
Robert is a long time cybersecurity expert. He’s a regular speaker at cybersecurity conference, and blogs at https://blog.erratasec.com (technical) and https://cybersect.substack.com (less technical). He’s been a long time innovator in the community. Twenty years ago, he created the BlackICE personal firewall and first intrusion prevention system (IPS). He demonstrated the “sidejacking” technique that forced major websites to switch completely to SSL. He developed the ‘masscan’ tool that can port scan the entire IPv4 Internet in under 5 minutes from a single machine (given sufficient bandwidth). He develops many tools at https://github.com/robertdavidgraham.
Rich Friedberg is the Chief Information Security Officer (CISO) at Live Oak Bank, a digital, cloud-based bank serving small business owners in all 50 states. Live Oak bank is the #1 SBA 7(a) lender by dollar volume. Prior to Live Oak, Rich led cyber security at Blackbaud, a cloud software and services provider for the social good community. Prior roles included CISO for the Credit Card division of Capital One, where he led strategic efforts to enable technology transformation and secure public cloud adoption. Rich also served as Deputy Director of the CERT® Coordination Center (CERT/CC), a Department of Defense R&D center operated by Carnegie Mellon University. During his tenure, Rich played a pivotal role in advancing national-level defense programs, supported several of the nation’s largest breaches, and worked to advance the Government’s capabilities to track nation state actors. Prior to CERT, Rich led teams at Fannie Mae across security engineering, operations, threat intelligence, electronic discovery, and incident response.
Rich holds a BS from Carnegie Mellon University, an MBA from George Washington University, and is an adjunct instructor at Carnegie Mellon’s executive CISO program. He lives in Charleston, SC with his wife, 2 kids, and 2 dogs.
Hosts
