This Week in the Enterprise Security News: HelpSystems Acquires PhishLabs, Elastic and Optimyze, The Leading Indicators of a Great Info/Cybersecurity Program, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw247

There are tons of cybersecurity job openings for folks with 3-5 years of experience, but where are the junior roles? How are people getting their initial 3-5 years in? Josh and the ESW hosts discuss the finer points and challenges of breaking into InfoSec via the analyst path. - As mentors: where do we struggle with our mentees? - There are a million certs and degree programs - which are worth the time and money? - How can folks learn and hone cybersecurity skills prior to getting a job in InfoSec? We've even included a handy cheat sheet full of recommendations and resources: https://securityweekly.com/wp-content/uploads/2021/10/Starting-a-Cybersecurity-Career-Cheat-Sheet.pdf

This segment is sponsored by Devo. Visit https://securityweekly.com/devo to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw247

In the Enterprise Security News: Wiz raises $250 million at a staggering $6 billion valuation, Gretel.ai, another privacy engineering startup, raises $50 million, Forcepoint acquires Bitglass, Yubico releases a new line of biometric security keys, Facebook releases an open source tool for analyzing mobile app code, Venture capital needs to clear its, plate, or it can't have any pudding, Maritime security has a lot of security work to do, & don't forget to stick around for the weekly squirrel!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

Seeking to capitalize on the full potential of digital transformation, organizations are turning to serverless applications to accelerate development cycles, reduce operational complexities, and improve efficiencies. But as organizations embrace serverless applications, a majority are encountering security roadblocks that impede release cycles and/or ratchet up risk. This podcast explores findings and insights from a recent serverless application security report and plots actionable recommendations on how organizations can realize the comprehensive benefits of serverless applications without sacrificing security!

Segment Resources:

Whitepaper: Contrast Scan Is Faster, More Accurate, and More Efficient - https://www.contrastsecurity.com/white-paper-modern-application-security-scanning

eBook: Pipeline-Native Static Analysis Why It Is the Future of SAST - https://www.contrastsecurity.com/ebook-static-analysis-security-testing

Solution Brief: Contrast Scan: Modern Application Security Scanning - https://www.contrastsecurity.com/hubfs/DocumentsPDF/Contrast-Scan-Modern-Application-Security-Scanning_Solution%20Brief_Final.pdf

This segment is sponsored by Contrast Security. Visit https://securityweekly.com/contrast to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

A big part of preparing for Security Weekly news segments is reading press releases. Most of us also get emails whenever a cybersecurity vendor sends out a press release. Too many are frivolous, full of hyperbole, or just plain unreadable. We talk about why so many press releases are like this (there are legit reasons!) and how they could be improved.

What's wrong with press releases?

1. Frivolous Press Releases

2. Unintelligible Press Releases

3. Bending the Truth

4. Excessive hyperbole; death by adjective

5. FUD

Why are they like this?

1. Feeding the SEO beast

2. Written by committee

3. Need to appear successful

4. Need to show growth/progress

5. Need to differentiate from the competition

6. "if it bleeds it leads"

Fixing Press Releases

- When should you put out a press release?

- What should go into a press release?

- How should you write a press release?

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw246

In the Enterprise Security News for this week: Orca Security raises all the money, Privacy engineering firms hit their funding stride, McAfee and FireEye merge, but where's RSA's dance partner? Akamai acquires Guardicore, NetApp picks up CloudCheckr, SPDX becomes the ISO standard for SBOMs, & Facebook shares details on how they accidentally Thanos snapped themselves! All that, our weekly Squirrel, and more, on this episode of the Enterprise Security Weekly News!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

Once again, it is Cybersecurity awareness month and we'll be talking with Ryan Kalember about the latest threats and other activities he and Proofpoint have going on this month. When it comes to threats, some tactics aren't changing, though they're still effective. There are some notable shifts though:

- Crews using Office 365 for lateral movement

- FIN7 reborn

- A sudden interest in exploits

- Increased patience and increased focus on the individual as the key to an attack

- SMB attacks look very different from large enterprise campaigns

This segment is sponsored by Proofpoint. Visit https://securityweekly.com/proofpoint to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

Sales teams are under more pressure than ever to locate and bring in new customers. The methods they use can range from clever to questionable. While some of the more ethically questionable methods can produce results, we wonder: do vendors realize what these methods could be potentially costing them? Richard Reinders joins us today to discuss how he handles one of the toughest challenges any security leader will have to face: interacting with vendors.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw245

In the Enterprise Security News: Cyber insurance firm Coalition lands a $205m Series E with a $3.5bn valuation, Risk management platform Panorays nabs $42m, Jscrambler raises a $15m Series A to rewrite the rules of website security (rewrite, get it? huh?), SenseOn nabs $20m for faster, more accurate cybersecurity detection and response, LG (yes, that LG) is acquiring automotive cybersecurity startup Cybellum, We talk about the emergence of the vendor "live security status page", 386 startup post mortems, and don't forget to stick around for Adrian's curveball "Squirrel of the Week" story at the end!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

Identity Detection and Response (IDR) is a new security category that focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them across endpoints, Active Directory, and the Cloud through visibility and early detection of attacks targeting identities. Attackers consider enterprise identities as high-value targets and attempt to compromise them early in the attack to access the network and gain privileges to essential production assets. Current identity security focuses on safeguarding privileged credentials in PAM solutions or securing the authentication process with MFA and IAM solutions, but these measures leave gaps that attackers can exploit. While current security solutions like Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Network Detection and Response (NDR), and others provide specific functions for defending the network, they do not focus on identities. EDR focuses on preventing the initial compromise, while XDR and NDR try to detect attacks as they expand from the beachhead. Attacks targeting enterprise identities can evade detection from these security controls, but IDR solutions can bridge these detection gaps to identify such attacks. Join Joseph Salazar from Attivo Networks as he discusses the importance of IDR to modern enterprise security.

Segment Resources: https://attivonetworks.com/documentation/Attivo_Networks-Identity_Detection_Response.pdf

https://attivonetworks.com/what-is-identity-detection-and-response-idr/

https://attivonetworks.com/solutions/identity-security/

This segment is sponsored by Attivo Networks. Visit https://securityweekly.com/attivonetworks to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

No Man is an Island. Neither can a security program exist without interconnections and strong relationships to the rest of the business. Yet, over and over again I meet Security Leaders that thrive on designing security fiefdoms with large moats, and one bridge that they roll down only when they intend to roll out a new technology, initiative or need budget authority. There is no amount of authority or power that can provided to a CISO that makes he or she immunized against the need for communication, collaboration and diplomacy with peers, users and Senior Executives.

Segment Resources:

RevolutionCyber - www.revolutioncyber.com

Juliet is speaking at InfoSec World 2021, register now and save 20%: https://securityweekly.com/isw2021

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw244

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/esw for all the latest episodes!

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

Show Notes: https://securityweekly.com/esw243

Visit https://www.securityweekly.com/eswfor all the latest episodes!

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution.

Show Notes: https://securityweekly.com/esw243

This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes! 

This week in the Enterprise News: Adrian's first Enterprise News in the Captain's Seat, BitSight raises $250m on a $2.4bn valuation, Palo Alto Networks enters the consumer IoT market, Martin Roesch Joins Netography as CEO, the special "Squirrel of the Week" story, & more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

Organizations are divided. Some will be able to lean into mitigations against catastrophic and cascading failures. Others will not. In this discussion, we will explore the risk tradeoffs in firmware security. This includes risks inherent in devices, supply chain, physical access, and malicious software. We will also explore various mitigation strategies throughout the lifecycle, which separate those leaning in from those that don't.

This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack attacks. What can you do to protect your organization? Let's talk about the first step to securing web applications - continuous web asset discovery.

Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/

https://www.netsparker.com/features/continous-web-asset-discovery-engine/

This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw242

This week in the Enterprise News, "inertia in cybersecurity strategy", Check Point acquires Avanan, Absolute DataExplorer, BreachQuest Launches with $4.4m in seed funding, Acronym Bingo, & More!!!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw241

It's time to think more broadly about the R in NDR. Incident responders need a full spectrum of response–from hunting and investigations to remediation–not just another alert cannon. While blocking and containment are important steps, complete incident response is about gathering forensic evidence, sharing it across teams to establish root cause, pulling together an actionable plan, and eradicating the risk or vulnerability from the organization’s environment. ExtraHop's Principal Engineer John Smith joins Security Weekly to discuss.

Segment Resources:

- ExtraHop Extends Response and Forensics Capabilities with Deep Threat Insights for Hybrid Cloud https://www.extrahop.com/company/press-releases/2021/revealx-360-innovations/?uniqueid=FJ07532845&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-pr-resource&utm_content=press-release&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

- ExtraHop free and interactive demo https://www.extrahop.com/demo/?uniqueid=AN07532846&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-security-weekly-demo&utm_content=demo&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw241

GitLab is unique in many ways, but our transparency value is pushing us to mature our Security posture faster than attackers. Discover how GitLab iterates quickly to adapt to a world where everyone can contribute.

Segment Resources: https://about.gitlab.com/handbook/values/#transparency

This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw241

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw240

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child.

Segment Resources:

The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw240

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory.

Segment Resources:

- https://www.deciduous.app/

- https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/

- https://swagitda.com/blog/posts/deciduous-attack-tree-app/

- https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw240

This week In the Enterprise News, iboss adds features to its Cloud Platform for visibility and control, SailPoint Workflows enable customers to automate security tasks, Digital Shadows launches two premium services streams, Praetorian launches and Open Source security scanner, Tigera addresses demand for security of containers and Kubernetes, API Security 101, CVSS scores, and more!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw239

As organizations shift to respond to an ever-changing landscape of cybersecurity challenges, cybercriminals are trying to stay one step ahead. The last two years have brought an explosion of ransomware attacks and other cybersecurity threats that prey on existing security weaknesses and vulnerabilities that opened when moving to a remote or hybrid work environment. Our discussion will include ways to combat these threats, as well as learning to boost your existing cybersecurity policies and infrastructure.

This segment is sponsored by Keeper Security. Visit https://securityweekly.com/keepersecurity to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw239