Quantum computing is a rapidly emerging technology that harnesses the laws of quantum mechanics to solve problems that today’s most powerful supercomputers cannot practically solve. IBM's Dr. Kayla Lee will explain how close we are to a computational quantum advantage: the point where a computational task of business or scientific relevance can be performed more efficiently, cost-effectively, or accurately using a quantum computer than with classical computations alone.

 Segment Resources:

• What is quantum computing? https://www.ibm.com/topics/quantum-computing 
• About IBM Quantum: https://www.ibm.com/quantum
• About the IBM Quantum Development Roadmap: https://www.ibm.com/quantum/roadmap
• Access and program a quantum computer: https://quantum-computing.ibm.com/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw315 

We're talking with Matt Johansen about his new newsletter, Vulnerable U. We'll discuss his journey from vendors to massive enterprises to less massive enterprises and what he's learned about InfoSec along the way. Like us, Matt has some strong takes on many InfoSec topics, so this conversation could go down many paths. Regardless, we're excited about the journey and the destination with this interview.

Subscribe to [Vulnerable U]: https://link.mail.beehiiv.com/ss/c/CygrK4bVgDWxdDLo_7X0UUe8u_TcBPAeAQlRvYdH5hN2mTxFi32BUXbh9K9a2mS8ILJXWKo4rmayv53niV3c6NrsGo7UAp6yFd9EScNQoNwURBhep7S6sIyNBsEMNJ7Z/3v8/6L9W-AB2Sx6Ts9cCBWFiYw/h9/mYsvCYdHno82QRYGHJuyaUZtu8PbgH5PWFi3mLY1CNg

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw315 

In the Enterprise Security News, Lots of funding announcements and new companies, Private Equity acquires Maltego, Cinven acquires RSA Archer Comcast launches a security product, Zscaler has beef with Gartner, CISA releases updated Zero Trust Model, Amazon jumps into the AI LLM fray, AutoGPT stretches the imagination and potential use cases, The Ever Changing API security market, New security books just released, Zombie birds!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw314 

Quantum computers are scaling rapidly. Soon, they will be powerful enough to solve previously unsolvable problems. But they come with a global challenge: fully-realized quantum computers will be able to break some of the most widely-used security protocols in the world. Dr. Vadim Lyubashevsky will discuss how quantum-safe cryptography protects against this potential future.

Segment Resources:

• IBM Quantum Safe: https://www.ibm.com/quantum/quantum-safe
• IBM scientists help develop NIST’s quantum-safe standards: https://research.ibm.com/blog/nist-quantum-safe-protocols
• Government and industry experts recommend moving to quantum-safe cryptography: https://research.ibm.com/blog/economist-quantum-safe-replay

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw315 

With over 1 billion records exposed in just the top 35 breaches, over $2.6 billion stolen in the top nine cryptocurrency breaches, and over $2.7 billion in fines levied to the top 35 violators, lessons abound for security teams. We will walk through some of the biggest trends in last year's data breaches and privacy violations, and we'll talk about what security leaders can learn from these events.

Segment Resources:

https://www.forrester.com/blogs/2022-breaches-and-fines-offer-lessons-to-security-leaders

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw314 

Discuss observations and trends across the venture capital ecosystem as it pertains to cybersecurity. This will include a re-cap in how 2022 ended, what we saw in Q12023, and what we expect from an investing standpoint.

Segment Resources:

https://forgepointcap.com/

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw314 

In this news segment, we discuss the art of branding/naming security companies, some new cars just out of stealth, 5 startups just out of Y Combinator, and Cybereason's $100M round from Softbank. We also talk new features (Semgrep's new GPT-4 use case), new newsletters, and new reports. We break down Nexx's broken vulnerability disclosure program and its broken products. We also discuss the FDA's new ability to block device certification for security reasons. Android announces rules to make it easier for consumers to delete accounts and remove data when they uninstall apps. IT and Security professionals everywhere are asked not to report breaches, but in some countries more than others. CISOs are more prone to drinking problems, and finally, for our squirrel stories, we discuss a crazy app called Newnew and new ideas in prosthetics.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw313 

Fortra's Core Security has conducted it's fourth annual survey of cybersecurity professionals on the usage and perception of pen testing. The data collected provides visibility into the full spectrum of pen testing’s role, helping to determine how these services, tools, and skills must evolve.

Segment Resources: https://www.fortra.com/resources/guides/2023-pen-testing-report

This segment is sponsored by Fortra's Core Security. Visit https://securityweekly.com/fortracoresecurity to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw313 

Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly regulated industries such as government, finance, and energy sector. This session will cover how RegScale is leading a RegOps movement to bring the principles of DevOps to compliance with the world’s first real-time GRC system that enables compliance as code via NIST OSCAL. RegOps seeks to shift compliance left to make it real-time, continuous, and complete so that paperwork is always up to date, self-updating, and takes less manual resources to manage.

Segment Resources:

Website – https://www.regscale.com

Documentation/Learn More – https://regscale.readme.io

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw313 

In this week's enterprise security news, we talk about new companies and funding, trends in the deception and SaaS Security/SSPM space. We discuss Andy Ellis's "10 plagues of cloud security" and Kelly Shortridge's 69 ways to F*&$ up your deploy. We discuss rolling out Yubikeys and the pros/cons of using biometrics instead of security keys. There have been some bad takes in the media on how OpenAI uses your ChatGPT prompts, so we set the record straight there. Cybersecurity is a new requirement for K-12 students in North Dakota, and you've got to see this week's security story - a rogue tire sends a Kia Soul FLYING.* * - but no one was hurt!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw312

Overall increase in government regulations. EU as well. Shift in liability from consumers to organizations.How to take advantage of safe harbor protections and reduce organizational risk and liability. NIST SSD Framework - how do you understand the security practices of the open source packages you use in your applications and ensure they are following the NIST practices (so you can take full advantage of safe harbor protections and reduce potential liability). Creating a network of open source maintainers, documenting and attesting to their security practices, is a solution. Work with the maintainers to be able to provide documentation. How to get more involved with development in open source security. What is the mechanism?

Segment Resources:

https://tidelift.com/government-open-source-cybersecurity-resources

https://blog.tidelift.com/webinar-how-the-nist-secure-software-development-framework-impacts-open-source-software

https://blog.tidelift.com/webinar-recap-what-the-new-u.s.-national-cybersecurity-strategy-means-for-open-source-software

https://blog.tidelift.com/tidelift-advisory-impact-of-new-u.s.-national-cybersecurity-strategy-on-organizations-building-apps-with-open-source-software

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw312

Kellermann will discuss the recently published report “Cyber Bank Heist” that exposes the cybersecurity threats facing the financial sector. Security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Podcast listeners will learn what financial sector security leaders from around the world revealed in a series of interviews about specific trends when it comes to notable cyberattacks, e-fraud and cyber defense.

Segment Resources:

• https://www.contrastsecurity.com/cyber-bank-heists-report 
• - https://www.contrastsecurity.com/security-influencers/cyber-bank-heists-report-code-patrol-podcast-contrast-security

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw312