How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

Enterprise Security Weekly (Video)

Player FM - Internet Radio Done Right

21 subscribers

הוסף לפני nine שנים

תוכן מסופק על ידי Security Weekly Productions. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Security Weekly Productions או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Different, not broken

1
You're not supposed to be here and other Dad wisdom 29:22

לפני 1 day29:22

הפעל מאוחר יותר

רשימות

לייק

אהבתי

29:22

The world often feels rigged. And this episode is a wake-up call to recognize the barriers that exist for those who don’t fit the traditional mold. In this episode, which is a kind of tribute to my dear departed Dad, I recount some powerful lessons from the man who was a brilliant psychiatrist and my biggest champion. He taught me that if something feels off about the environment you’re in, it probably is—and it’s absolutely hella-not your fault. We dare to break into the uncomfortable truth that many workplaces are designed for a very specific demographic, leaving neurodivergent individuals, particularly those on the autism spectrum, feeling excluded. I share three stories in which my Dad imparted to me more than my fair share of his wisdom, and I'm hoping you to can feel empowered. You'll learn that we can advocate for ourselves and others to create a more inclusive work culture. Newsletter Paste this into your browser if the newsletter link is broken - https://www.lbeehealth.com/ Join our Patreon - https://differentnotbrokenpodcast.com/patreon Mentioned in this episode: Sign Up For Our Newsletter Stay updated on all the things! Get added to our newsletter mailing list. Newsletter…

לפני 24 ימים 43:15

MP4•בית הפרקים

Segment Resources:

This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs

Show Notes: https://securityweekly.com/esw-401

1087 פרקים

#Tech #Tech News #Paul Asadoorian #Security Weekly #News #Video #Security News

How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

Enterprise Security Weekly (Video)

21 subscribers

published לפני 24 ימים

שתפו

MP4•בית הפרקים

Segment Resources:

This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams
This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud
Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs

Show Notes: https://securityweekly.com/esw-401

1087 פרקים

#Tech #Tech News #Paul Asadoorian #Security Weekly #News #Video #Security News

כל הפרקים

1
The reason for Zoom's outage is crazy, huge funding amounts before RSA - ESW #404 40:37

לפני 3 ימים40:37

40:37

In this week's enterprise security news, Lots of funding announcements as we approach RSA New products The M-Trends also rudely dropped their report the same day as Verizon Supply chain threats Windows Recall is making another attempt MCP server challenges Non-human identities A startup post mortem Remember that Zoom outage a week or two ago? The cause is VERY interesting All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-404…

1
The Future of Access Management - Jeff Shiner - ESW #404 39:05

לפני 3 ימים39:05

39:05

As organizations embrace hybrid work, SaaS sprawl, and employee-owned devices, traditional Identity and Access Management (IAM) tools are failing to keep up. The rise of shadow IT, unmanaged applications, and evolving cyber threats have created an "Access-Trust Gap", a critical security challenge where IT lacks visibility and control over how employees access sensitive business data. In this episode of Security Weekly, Jeff Shiner, CEO of 1Password, joins us to discuss the future of access management and how organizations must move beyond traditional IAM and MDM solutions. He’ll explore the need for Extended Access Management, a modern approach that ensures every identity is authentic, every device is healthy, and every application sign-in is secure, including the unmanaged ones. Tune in to learn how security teams can bridge the Access-Trust Gap while empowering employees with frictionless security. Show Notes: https://securityweekly.com/esw-404…

1
Reviewing the Verizon 2025 Data Breach Investigations Report - ESW #404 40:42

לפני 3 ימים40:42

40:42

In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404

1
Tailscale rakes it in, CVE dead to us, cool Chrome extensions, dog saves toddler - ESW #403 57:56

לפני 10 ימים57:56

57:56

In the enterprise security news, lots of funding, but no acquisitions? New companies new tools including a SecOps chrome plugin and a chrome plugin that tells you the price of enterprise software prompt engineering tips from google being an Innovation Sandbox finalist will cost you Security brutalism CVE dumpster fires and a heartwarming story about a dog, because we need to end on something happy! All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-403…

1
The past, present, and future of enterprise AI - Pravi Devineni - ESW #403 39:13

לפני 10 ימים39:13

39:13

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane . Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise. Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's. Finally, we'll discuss the future of AI and try to end on a positive or hopeful note! Show Notes: https://securityweekly.com/esw-403…

1
Patch It Like You Stole It: Vulnerability Management Lifestyle Choices - Matthew Toussain - ESW #403 34:44

לפני 10 ימים34:44

34:44

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them. Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like: disconnects between vulnerability analysts and asset owners gaps and issues in vulnerability discovery and asset management different options for workflows between security and IT: which is best? patching it like you stole it Oh, did we mention Matt built an open source vuln scanner? https://sirius.publickey.io/ Show Notes: https://securityweekly.com/esw-403…

1
The rise of MSSPs, CVE drama, Detection Engineering How-To & Doggie Survival Skills - ESW #402 51:20

לפני 17 ימים51:20

51:20

In the enterprise security news, new startup funding what happened to the cybersecurity skills shortage? tools for playing with local GenAI models CVE assignment drama a SIEM-agnostic approach to detection engineering pitch for charity a lost dog that doesn’t want to be found All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-402…

1
What is old is new again: default deny on the endpoint - Danny Jenkins - ESW #402 36:20

לפני 17 ימים36:20

36:20

Default deny is an old, and very recognizable term in security. Most folks that have been in the industry for a long time will associate the concept with firewall rules. The old network firewalls, positioned between the public Internet and private data centers, however, were relatively uncomplicated and static. Most businesses had a few hundred firewall rules at most. The idea of implementing default deny principles elsewhere were attempted, but without much success. Internal networks (NAC), and endpoints (application control 1.0) were too dynamic for the default deny approach to be feasible. Vendors built solutions, and enterprises tried to implement them, but most gave up. Default deny is still an ideal approach to protecting assets and data against attacks - what it needed was a better approach. An approach that could be implemented at scale, with less overhead. This is what we’ll be talking to Threatlocker’s CEO and co-founder, Danny Jenkins, about on this episode. They seemed to have cracked the code here and are eager to share how they did it. This segment is sponsored by ThreatLocker. Visit https://www.securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/esw-402…

1
I SIEM, you SIEM, we all SIEM for a Data Security Strategy - Colby DeRodeff - ESW #402 35:43

לפני 17 ימים35:43

35:43

We wanted security data? We got it! Now, what the heck do we DO with all of it? The core challenge of security operations, incident response, and even compliance is still a data management and analysis problem. Which is why we’re seeing companies like Abstract Security pop up to address some of these challenges. Abstract just released a comprehensive eBook on security data strategy, linked below, and you don’t even need to give up an email address to read it! In this interview, we’ll talk through some of the highlights: Challenges Myths Pillars of a data security strategy Understanding the tools available Segment Resources A Leader’s Guide to Security Data Strategy eBook Show Notes: https://securityweekly.com/esw-402…

1
Best of Cyber April Fools, Tons of Free Tools, runZero positioned to disrupt? - ESW #401 49:54

לפני 24 ימים49:54

49:54

This week, in the enterprise security news, we check the vibes we check the funding we check runZero’s latest release notes tons of free tools! the latest TTPs supply chain threats certs won’t save you GRC needs disruption the latest Rippling/Deel drama All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-401…

1
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401 43:15

לפני 24 ימים43:15

43:15

You might know them from their excellent research work on groups like Scattered Spider, or their refreshing branding/marketing style, but Permiso is laying some impressive groundwork for understanding and defending against identity and cloud-based attacks. In this interview, we talk with co-founder and co-CEO Paul Nguyen about understanding the threats against some of cybercriminals' favorite attack surface, insider threats, and non-human identity compromise. Segment Resources: This blog post from our threat research team on Scattered Spider shows how threat actors move laterally in an environment across identity providers, Iaas, PaaS and SaaS environments, and how this lateral movement ultimately creates blind spots for many security teams This great talk by Ian Ahl, from fwd:cloudsec 2024, touches on a lot of great TTPs used by attackers in IDPs and in the cloud Another blog, When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying and another, What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs Show Notes: https://securityweekly.com/esw-401…

1
Soft skills for engineers - Evgeniy Kharam - ESW #401 30:15

לפני 24 ימים30:15

30:15

When we use the phrase "talent gap" in cybersecurity, we're usually talking about adding headcount. For this interview, however, we're focusing on a gap that is evident within existing teams and practitioners - the often misunderstood soft skills gap. Side note: I really hate the term "soft skills". How about we call them "fundamental business skills", or "invaluable career advancement skills"? Hmm, doesn't quite roll off the tongue the same. Soft skills can impact everything , as they impose the limits of how we interact with our world. That goes for co-worker interactions, career advancements, and how we're perceived by our peers and community. It doesn't matter how brilliant you might be - without soft skills, your potential could be severely limited. Did you know that soft skills issues contributed to the Equifax breach? We'll also discuss how fear is related to some of the same limitations and challenges as soft skills. Segment Resources: https://www.softskillstech.ca/ Order the Book Show Notes: https://securityweekly.com/esw-401…

1
The toughest decisions CISOs have to make, MCP servers, Napster's comeback - ESW #400 55:15

לפני 4 weeks55:15

55:15

In this week's enterprise security news, Big funding for Island Is DLP finally getting disrupted? By something that works? We learn all about Model Context Protocol servers Integrating SSO and SSH! Do we have too many cybersecurity regulations? Toxic cybersecurity workplaces Napster makes a comeback this week, we’ve got 50% less AI and 50% more co-hosts All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-400…

1
The Top Trends Shaping Identity and Access Management in 2025 - Geoff Cairns - ESW #400 30:55

לפני 4 weeks30:55

30:55

In this interview, we feature some research from Geoff Cairns, an analyst at Forrester Research. This is a preview to the talk he'll be giving at Identiverse 2025 in a few months. We won't have time to cover all the trends, but there are several here that I'm excited to discuss! Deepfake Detection Difficult Zero Trust Agentic AI Phishing resistant MFA adoption Identity Verification Machine Identity Decentralized Identity Post Quantum Shared Signals Segment Resources: The Top Trends Shaping Identity And Access Management In 2025 - (Forrester subscription required) Show Notes: https://securityweekly.com/esw-400…

1
Setting up your SIEM for success - Pitfalls to preclude and tips to take - Neil Desai - ESW #400 32:16

לפני 5 weeks32:16

32:16

A successful SIEM deployment depends on a lot more than implementing the SIEM correctly. So many other things in your environment have an impact on your chances of a successful SIEM. Are the right logs enabled? Is your EDR working correctly? Would you notice a sudden increase or decrease in events from critical sources? What can practitioners do to ensure the success of their SIEM deployment? This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! Show Notes: https://securityweekly.com/esw-400…

Enterprise Security Weekly (Video)

1
Google picks up a Wiz kid, GitHub’s malicious actions, Agentic AI is sus - ESW #399 47:49

לפני 5 weeks47:49

47:49

This week, JP Bourget from Blue Cycle is with us to discuss Building the SOC of the Future Then, Michael Mumcuoglu (Moom-cuoglu) from CardinalOps joins us to talk about improving detection engineering. In the enterprise security news, Google bets $32B on a Wiz Kid Cybereason is down a CEO, but $120M richer EPSS version 4 is out Github supply chain attacks all over A brief history of supply chain attacks Why you might want to wait out the Agentic AI trend Zyxel wants you to throw away their (old) products HP printers are quantum resilient (and no one cares) A giant rat is my hero All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-399…

Enterprise Security Weekly (Video)

1
We need better detection feedback loops - Michael Mumcuoglu - ESW #399 31:34

לפני 5 weeks31:34

31:34

It feels like forever ago, but in the mid-2010s, we collectively realized, as an industry, that prevention was never going to be enough. Some attacks were always going to make their way through. Then ransomware got popular and really drove this point home. Detection engineering is a tough challenge, however. Where do we start? Which attacks should we build detections for? How much of the MITRE ATT&CK matrix do we need to cover? How often do these detections need to be reviewed and updated? Wait, are any of our detections even working? In this interview with Michael Mumcuoglu, we'll discuss where SecOps teams get it wrong. We'll discuss common pitfalls, and strategies for building more resilient and effective detections. Again, as an industry, we need to understand why ransomware attacks keep going unnoticed, despite attackers using routine techniques and tools that we see over and over and over again. Show Notes: https://securityweekly.com/esw-399…

Enterprise Security Weekly (Video)

1
Building the SOC of the Future - JP Bourget - ESW #399 31:22

לפני 6 weeks31:22

31:22

What does a mature SecOps team look like? There is pressure to do more with less staff, increase efficiency and reduce costs. JP Bourget's experience has led him to believe that the answer isn't a tool upgrade, it's better planning, architecture, and process. In this interview, we'll discuss some of the common mistakes SecOps teams make, and where to start when building the SOC of the future. Show Notes: https://securityweekly.com/esw-399…

Enterprise Security Weekly (Video)

1
Security doesn't trust AI, but startups are using it to write 95% of their code - ESW #398 36:09

לפני 6 weeks36:09

36:09

In this week's enterprise security news, Knostic raises funding The real barriers to AI adoption for security folks What AI is really getting used for in the wild Early stage startup code bases are almost entirely AI generated Hacking your employer never seems to go well should the CISO be the chief resiliency officer? proof we still need more women in tech All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-398…

Enterprise Security Weekly (Video)

1
Your Cloud is a Mess, and We Explore 5 Reasons Why - Marina Segal - ESW #398 32:16

לפני 6 weeks32:16

32:16

It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much? In this interview we chat with Marina Segal, the founder and CEO of Tamnoon - a company she founded specifically to address these problems. Segment Resources: Gartner prediction: By 2025, 75% of new CSPM purchases will be part of an integrated CNAPP offering. This highlights the growing importance of CNAPP solutions. https://www.wiz.io/academy/cnapp-vs-cspm Cloud security skills gap: Even well-intentioned teams may inadvertently leave their systems vulnerable due to the cybersecurity skills shortage. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ CNAPP market growth: The CNAPP market is expected to grow from $10.74 billion in 2025 to $59.88 billion by 2034, indicating a significant increase in demand for these solutions. https://eviden.com/publications/digital-security-magazine/cybersecurity-predictions-2025/top-cloud-security-trends/ Challenges in Kubernetes security: CSPMs and CNAPPs may have gaps in addressing Kubernetes-specific security issues, which could be relevant to the skills gap discussion. https://www.armosec.io/blog/kubernetes-security-gap-cspm-cnapp/ Addressing the skills gap: Investing in training to bridge the cybersecurity skills gap and leveraging CNAPP platforms that combine advanced tools are recommended strategies. https://www.fortinet.com/blog/business-and-technology/navigating-todays-cloud-security-challenges Tamnoon's State of Remediation 2025 report Show Notes: https://securityweekly.com/esw-398…

Enterprise Security Weekly (Video)

1
Penetration Tests: useful, pointless, harmful, required, ineffective? - Phillip Wylie - ESW #398 32:12

לפני 7 weeks32:12

32:12

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm. Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long? This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today. Segment resources: Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall Show Notes: https://securityweekly.com/esw-398…

Enterprise Security Weekly (Video)

1
Cybereason CEO quits, Skybox shuts down, More Bybit heist details - ESW #397 51:34

לפני 7 weeks51:34

51:34

In the enterprise security news, Why is a consulting firm raising a $75M Series B? A TON of Cybereason drama just dropped Skybox Security shuts down after 23 years The chilling effect on security leaders is HERE, and what that means IT interest in on-prem, does NOT mean they’re quitting the cloud Updates on the crazy Bybit heist the state of MacOS malware Skype is shutting down Mice with CRISPR’ed woolly mammoth fur is NOT the real life Jurassic Park anyone was expecting All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-397…

Enterprise Security Weekly (Video)

1
AlmaLinux and the State of Open Source Enterprise Linux - benny Vasquez - ESW #397 32:06

לפני 7 weeks32:06

32:06

And now, for something completely different! I've always urged the importance for practitioners to understand the underlying technology that they're challenged with defending. When we're yelling at the Linux admins and DevOps folks to "just patch it", what does that process entail? How do those patches get applied? When and how are they released in the first place? This is often one of the sticking points when security folks get nervous about "going open source", as if 90% of the code in their environments doesn't already come from some open source project. It's a legitimate concern however - without a legal contract, and some comfort level that a paid support team is actually going to fix critical vulnerabilities, how do we develop trust or a relationship with an open source project? In this interview, benny Vasquez, the Chair of the board of directors for AlmaLinux, will fill in some of the gaps for us, and help us understand how an open source project can not only be trusted, but in many cases may be more responsive to security teams' needs than a commercial vendor. Segment Resources: benny's 'highly scientific' survey on cloud vs on-prem usage across AlmaLinux users Show Notes: https://securityweekly.com/esw-397…

Enterprise Security Weekly (Video)

1
Ransomware Attacks a Decade In: What Changed? What Didn't? - Mike Mitchell - ESW #397 34:54

לפני 8 weeks34:54

34:54

2025 brings us close to an interesting milestone - ransomware attacks, in their current, enterprise-focused form, are almost a decade old. These attacks are so common today, it's impossible to report on all of them. There are signs of hope, however - ransomware payments are significantly down. There are also signs defenders are getting more resilient, and are recovering more quickly from these attacks. Today, with Intel471's Mike Mitchell, we'll discuss what defenders need to know to protect against today's ransomware attacks. He'll share some stories and anecdotes from his experiences with customers. He'll also share some tips, and tricks for successful hunts, and how to catch attacks before even your tools trigger alerts. Segment Resources: https://intel471.com/blog/how-ransomware-may-trend-in-2025 Show Notes: https://securityweekly.com/esw-397…

Enterprise Security Weekly (Video)

1
Ransomware is down, Mac malware is up, AI disappoints - ESW #396 1:05:36

לפני 8 weeks1:05:36

1:05:36

This week, in the enterprise security news, we’ve got some funding and acquisitions! ransomware payments are DOWN 35% infostealers on Macs are UP 101% Bybit got hit by a $1.5B heist and shrugged it off A SaaS report says AI is having no impact on pricing Microsoft’s CEO says AI is generating no value Google is dropping SMS as a second factor Google creates a 4th state of matter instead of fixing Teams What it’s like to be named “Null” All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-396…

Enterprise Security Weekly (Video)

1
Alice and Bob Learn Secure Coding - Tanya Janca - ESW #396 34:24

לפני 8 weeks34:24

34:24

We get a visit from Tanya Janca to discuss her latest book, Alice and Bob Learn Secure Coding! Segment Resources: Tanya's latest book on Amazon Tanya's previous book, Alice and Bob Learn Application Security on Amazon Tanya's website, She Hacks Purple Show Notes: https://securityweekly.com/esw-396

Enterprise Security Weekly (Video)

1
First Do No Harm - Security Challenges in Healthcare - Ed Gaudet - ESW #396 22:32

לפני 9 weeks22:32

22:32

In 2011, Marc Andreessen predicted that software would eat the world. Specifically, the prediction was that software companies would take over the economy and disrupt all industries. The economic prediction has mostly come true, with 9 out of 10 of the most highly valued companies being tech companies. The industry disruption didn't materialize in some cases, and outright failed in others. Healthcare seems to be one of these 'disruption-resistant' areas. Ed joins us today to discuss why that might be, and what the paths towards securing the healthcare industry might look like. Segment Resources: Ed's podcast, Risk Never Sleeps Show Notes: https://securityweekly.com/esw-396…

Enterprise Security Weekly (Video)

1
AI Security Concerns: Real Threats or Distractions? Also - unhinged security teams! - ESW #395 55:03

לפני 9 weeks55:03

55:03

In the enterprise security news, Change Healthcare’s HIPAA fine is vanishingly small How worried should we be about the threat of AI models? What about the threat of DeepSeek? And the threat of employees entering sensitive data into GenAI prompts? The myth of trillion-dollar cybercrime losses are alive and well! Kagi Privacy Pass gives you the best of both worlds: high quality web searches AND privacy/anonymity Thanks to the UK for letting everyone know about end-to-end encryption for iCloud! What is the most UNHINGED thing you've ever seen a security team push on employees? All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-395…

Enterprise Security Weekly (Video)

1
Is Shift Left Just Starting to Catch On? And Other AppSec Trends & Insights - Jenn Gile - ESW #395 31:36

לפני 9 weeks31:36

31:36

'Shift Left' feels like a cliché at this point, but it's often difficult to track tech and security movements if you aren't interacting with practitioners on a regular basis. Some areas of tech have a longer tail when it comes to late adopters and laggards, and application security appears to be one of these areas. In this interview, Jenn Gile catches us up on AppSec trends. Segment Resources: Microsoft Defender for Cloud Natively Integrates with Endor Labs 2024 Dependency Management Report How to pick the right SAST tool Show Notes: https://securityweekly.com/esw-395…

Enterprise Security Weekly (Video)

1
The Future of Cyber Regulation in the New Administration - Ilona Cohen - ESW #395 32:16

לפני 10 weeks32:16

32:16

In this interview, we're excited to have Ilona Cohen to help us understand what changes this new US administration might bring, in terms of cybersecurity regulation. Ilona's insights come partially from her own experiences working from within the White House. Before she was the Chief Legal Officer of HackerOne, she was a senior lawyer to President Obama and served as General Counsel of the White House Office of Management and Budget (OMB). In this hyper-partisan environment, it's easy to get hung up on particular events. Do many of us lack cross-administration historical perspective? Probably. Should we be outraged by the disillusion of the CSRB, or was this a fairly ordinary occurrence when a new administration comes in? These are the kinds of questions I'll be posing to Ilona in this conversation. How the Change Healthcare breach can prompt real cybersecurity change Show Notes: https://securityweekly.com/esw-395…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

21 subscribers

דומה לEnterprise Security Weekly (Video)

Mighty Patch™ Original patch from Hero Cosmetics - Hydrocolloid Acne Pimple Patch for Covering Zits and Blemishes in Face and Skin, Vegan-friendly and Not Tested on Animals (36 Count)

Apple AirPods Pro 2 Wireless Earbuds, Active Noise Cancellation, Hearing Aid Feature, Bluetooth Headphones, Transparency, Personalized Spatial Audio, High-Fidelity Sound, H2 Chip, USB-C Charging

Amazon Fire TV Stick HD (newest model), free and live TV, Alexa Voice Remote, smart home controls, HD streaming

פודקאסטים ששווה להאזין

Enterprise Security Weekly (Video) « » How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

2025 - American Silver Eagle .999 Fine Silver with our Smyrnacoin Certificate of Authenticity Dollar Uncirculated US Mint

TurboTax Deluxe 2024 Tax Software, Federal & State Tax Return [PC/MAC Download]

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לEnterprise Security Weekly (Video)

מדריך עזר מהיר

Enterprise Security Weekly (Video) « »
How attackers exploit identity gaps to get into your cloud and SaaS - Paul Nguyen - ESW #401