Sponsored By

Visit https://securityweekly.com/fastly for more information!

Security is a shared responsibility, but teams need to know what’s really going on in production with their web apps and APIs, as it’s happening, in order to achieve the reliable security that companies crave. In this podcast, Brendon Macaraeg will focus on the mission-critical need for real-time visibility. As many teams no longer work in the same room side by side, the role visibility plays today — and will continue to play in the future — can no longer be ignored. And it’s not just a shift toward distributed work that’s creating this increased need for information: while security teams may have more application security tools than ever before, very few of them will actually provide visibility into the important decisions they need to make, like which alerts to triage or which APIs are being targeted. Brendon will discuss why companies need to quickly move past legacy technologies that have limited visibility, to instead more active observability tools that provide real insights to act upon — allowing developers and IT security teams to collaborate in real time.

This segment is sponsored by Fastly.

Visit https://securityweekly.com/fastly to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

How Teams Can Reduce the Visibility Gap

Guests

Brendon Macaraeg - Senior Director of Product Marketing at Fastly

Brendon Macaraeg is the Senior Director of Product Marketing for Fastly’s product portfolio where he manages a team of product marketers responsible for messaging and positioning, sales enablement and competitive intelligence across Fastly’s portfolio of web app and API security, delivery and serverless compute offerings. He has over 8 years of security experience in various product marketing roles. He came to Fastly via its October 2020 acquisition of Signal Sciences, a web app and API security vendor. Prior security roles include supporting CrowdStrike’s Professional Services team and Symantec’s consumer and enterprise products and services. Before getting into security, he worked in product management across a variety of industries. He started his career as an editorial researcher and staff writer at PC Magazine. He has a Masters of Professional Studies from New York University’s Interactive Telecommunications Program and a Bachelor of Science from Minnesota State University, Moorhead.

Hosts

Adrian Sanabria - Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn't shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Paul Asadoorian - Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Tyler Shields - CMO at JupiterOne

@txs

Tyler advises, guides, and operates high tech startups primarily in the B2B security space. He is a former market analyst, engineer, product manager, marketing leader, and partnership manager. In other words, Tyler builds and grows businesses - in all aspects. He's a board advisor, angel investor, and board member at multiple firms and an investment advisor for a venture debt business. He loves to play guitar and poker in his free time.

Announcements

Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

Cryptocurrency

Centralization, ironically, most common cause of decentralized finance hacks

Joe UchillJanuary 19, 2022

In a report earlier this month, Blockchain security firm CertiK noted that the most common vein of security problems in its 1,737 audits of decentralized finance (DeFi) projects last year was centralization itself.

Cybersecurity Asset Management

CISA sees low levels of Log4j exploitation against agencies and critical infrastructure

Derek B. JohnsonJanuary 10, 2022

Despite the lack of activity, CISA officials said they remain in a heightened state of concern, as there are several potentially troubling explanations for why Log4j activity has been so low.

Cybersecurity Asset Management

Researchers discover new JNDI-based vulnerability similar to Log4j

Joe UchillJanuary 7, 2022

An H2 vulnerability is limited in scope and is not as disastrous as the Log4j problem, say JFrog researchers, but it should still be taken seriously.

How Teams Can Reduce the Visibility Gap – Brendon Macaraeg – ESW #232