Application security, Cloud security, Compliance, Data security, Insider threat, Leadership, Managed services, Privacy, Threat intelligence

Supply Chain Perils, Death by Security Alerts, SolarWinds & BlackHat 2021 – BH21 #2

August 5, 2021

Derek Johnson will be covering Matt Tait's keynote and another session on major supply chain attacks over the past year and how they're changing best practices in DFIR. Supply chain attacks and software interdependence are creating an existential crisis for the cybersecurity industry

XDR, automation and the growing need to solve the problem of Death by Security Alerts that make things like XDR and SIEM impractical for all but a handful of companies right now.

He will also talk about the SolarWinds lawsuit, because this week they just submitted their formal response in court, and it gets at an issue that I think is becoming more and more important: what if any legal standards or liability threshold should there be when companies with bad security practices get breached?

Finally, we will check in with Derek about what his thoughts are of his first experience at BlackHat!

Full episode and show notes

Guest

Derek Johnson

Senior Reporter at SC Media

Derek covers the federal government and its intersection with critical infrastructure and the private sector for SC Media. Prior to that he spent three years covering the intersection of cybersecurity policy and government for FCW.

Hosts

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Doug White

Professor at Roger Williams University

https://securedigitallife.com/

DevOps

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

March 20, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.

DevOps

Automating Security With Static Analysis – Josh Goldberg – ASW #233

March 20, 2023

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting ...

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

Supply Chain Perils, Death by Security Alerts, SolarWinds & BlackHat 2021 – BH21 #2

Guest

Hosts

Related

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

Automating Security With Static Analysis – Josh Goldberg – ASW #233

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309