InfoSec Bites

HelloInfoSec
  • 1.0 (1)
  • Technology

Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec

  1. EPSS: Leveraging the Exploit Prediction Scoring System (EPSS) to Reduce Remediation Workloads

    3d ago

    EPSS: Leveraging the Exploit Prediction Scoring System (EPSS) to Reduce Remediation Workloads

    The discussion in this podcast about paradigm shift in cybersecurity from traditional, static vulnerability management centered on the Common Vulnerability Scoring System (CVSS) toward dynamic, risk-based prioritization models that integrate global threat intelligence with local business context. This evolution is driven by an exponential surge in vulnerability disclosures—surpassing 25,000 annually and continuing to climb—which has created a critical crisis of alert fatigue and cognitive overload for security operations teams. Central to this transition are data-driven tools like the Exploit Prediction Scoring System (EPSS), which uses machine learning to forecast the 30-day probability of exploitation activity, and the CISA Known Exploited Vulnerabilities (KEV) catalog, which provides high-confidence validation of active threats. Modern research advocates for Vulnerability Management Chaining (VMC) and integrated frameworks that layer these global signals with asset criticality, reachability, and exposure to filter out the "noise" of non-exploitable vulnerabilities; evaluations of these methods show they can reduce urgent remediation workloads by up to 95% while maintaining over 85% threat coverage. Ultimately, the sources emphasize that while global scoring systems provide essential "pre-threat intelligence," effective exposure management requires local calibration, AI-powered autonomous investigation, and a broader industry move toward secure-by-design principles to address the increasingly fragmented attack surface of hybrid cloud environments.

    36 min
  2. Navigating the Modern Vulnerability Landscape: Leveraging CVSS v4.0, CISA Vulnrichment, and AWS-Native Intelligence

    Jun 6

    Navigating the Modern Vulnerability Landscape: Leveraging CVSS v4.0, CISA Vulnrichment, and AWS-Native Intelligence

    The discussion in this podcast explores the evolving landscape of modern vulnerability management, focusing on the critical shift from technical severity scoring in CVSS v3.1 to the contextual, risk-oriented approach of CVSS v4.0. They detail the foundational governance of the CVE Program and the operational workflows of the National Vulnerability Database (NVD), while addressing the 2024–2026 NIST enrichment backlog that has driven the rise of alternative frameworks like CISA’s Vulnrichment and Stakeholder-Specific Vulnerability Categorization (SSVC). A significant portion of the podcast provides technical guidance for architecting continuous security within the AWS Security Reference Architecture (SRA), specifically demonstrating how Amazon Inspector correlates standardized CVSS base scores with real-time environmental telemetry to produce actionable, prioritized risk findings. Finally, the dicussion contrast cloud-native capabilities with enterprise scanners from Qualys, Tenable, and Rapid7, illustrating how diverse threat intelligence feeds and machine learning are employed to overcome the limitations of static scoring and effectively manage global exposure.

    48 min
  3. NIST Privacy Framework and Regulatory Compliance

    May 27

    NIST Privacy Framework and Regulatory Compliance

    The dicussion in this podcast outlines how the NIST Privacy Framework can be utilised to align corporate risk management with various international data protection regulations. By employing regulatory crosswalks, organisations can map specific legal mandates from the GDPR, CCPA, and other state-level statutes to a unified set of internal controls. The discussion emphasizes a structured governance approach involving five core functions: identify, govern, control, communicate, and protect. Practical examples demonstrate how to translate legal requirements, such as the right to erasure or data mapping, into operationalised technical standards. Ultimately, these resources serve as a guide for building a future-proof privacy program that integrates compliance directly into business processes. This strategic alignment ensures that companies remain legally compliant while effectively managing the inherent risks of data processing.

    33 min
  4. NIST Container Security and Compliance Frameworks Guide

    May 21

    NIST Container Security and Compliance Frameworks Guide

    In this podcast we discuss NIST Special Publication 800-190, a comprehensive federal guide dedicated to application container security. This publication defines containers as a form of operating system virtualization that enables the portable and efficient packaging of software. The podcast details a multi-tiered architecture comprising images, registries, orchestrators, and host operating systems, identifying specific security risks inherent to each layer. To mitigate these threats, the guide proposes practical countermeasures, such as using minimalist host operating systems and automated vulnerability management. Ultimately, the documentation provides a lifecycle framework to help organisations securely plan, implement, and maintain containerised environments.

    40 min
  5. A Guide to the NIST Risk Management Framework

    May 14

    A Guide to the NIST Risk Management Framework

    The NIST Risk Management Framework (RMF), primarily detailed in Special Publication 800-37, serves as a comprehensive methodology for securing information systems throughout their entire functional lifespan. This structured process guides organisations through seven essential stages: preparing the enterprise, categorising data based on impact, selecting and implementing safeguards, and then assessing, authorising, and monitoring those protections. The updated Revision 2 specifically integrates privacy management and supply chain security to address modern digital threats and complex global vulnerabilities. By aligning with the NIST Cybersecurity Framework, it ensures that senior leadership and operational staff maintain clear communication regarding institutional risks. Furthermore, the framework encourages the use of automation and continuous monitoring to create a more efficient, cost-effective path toward maintaining a secure Authority to Operate. Ultimately, the RMF provides a flexible, risk-based approach applicable to any technology or organisation seeking to protect its assets and individual privacy.

    46 min
  6. Logging Monitoring and Audit in Cloud Environment

    May 7

    Logging Monitoring and Audit in Cloud Environment

    In this episode we explore the critical role of monitoring and logging solutions in maintaining the security and performance of modern cloud infrastructures. We will discuss the functionality of Azure Monitor activity logs, explaining how they track management operations and facilitate auditing or alerting for resource changes. A case study from the Cloud Security Alliance examines the 2024 Snowflake data breach, highlighting how failures in identity management and baseline security monitoring can lead to massive exfiltration. Research from the International Journal for Multidisciplinary Research provides empirical data on the benefits of centralised logging, showing that machine learning and automation significantly improve anomaly detection and reduce troubleshooting time. Together, these it emphasise that real-time visibility and scalable diagnostic tools are indispensable for identifying threats and ensuring operational resilience in complex digital environments.

    1 hr
  7. Risk Assessment in Cyber Security

    Apr 30

    Risk Assessment in Cyber Security

    The discussion in this podcast explores cybersecurity risk assessment as a vital strategic capability for modern organizational resilience. It centers on three primary global frameworks: NIST SP 800-53, which provides granular technical controls; ISO 27005/31000, offering principles-based international standards; and COBIT 2019, which focuses on enterprise IT governance. By examining these methodologies, it illustrates how they converge to transform abstract threats into measurable business risks that inform executive decision-making. High-profile case studies, such as the SolarWinds and Equifax breaches, are analyzed to demonstrate the catastrophic operational and financial costs of failing to maintain rigorous assessment practices. Ultimately, the hosts argues that a mature, framework-aligned approach goes beyond mere regulatory compliance to create a genuine competitive advantage through enhanced trust and business continuity. The discussion serves as a guide for security professionals to align technical security measures with overarching corporate strategy.

    36 min
  8. Risk Governance in Cyber Security: Foundations and Frameworks

    Apr 23

    Risk Governance in Cyber Security: Foundations and Frameworks

    The discussions in this podcast serves as a comprehensive manual on cybersecurity risk governance, emphasizing its role as the strategic blueprint for resilient enterprise security. It explores the historical evolution of the field, tracing its growth from simple physical server protection to a critical board-level imperative driven by global regulations. The discussion provides a meticulous deep dive into the world’s "gold standard" frameworks—NIST, ISO, and COBIT—analyzing how they overlap and where they diverge in technical granularity. Detailed case studies of major breaches, such as Equifax and SolarWinds, illustrate how specific governance failures lead to catastrophic financial and operational loss. Ultimately, the hosts argues that structured risk management transcends mere compliance, creating a mature security culture that is essential for navigating modern geopolitical and digital threats.

    46 min
See All (148)

Ratings & Reviews

About

Welcome to Hello InfoSec, your ultimate hub for all things cybersecurity! Dive into our thrilling podcast series, InfoSec Bites, where we unleash deep dives into Information Security, jaw-dropping Major Security Incidents, cutting-edge Cloud Information Security, crucial Privacy topics, revolutionary Artificial Intelligence, mind-bending Quantum Computing, and so much more! Get ready to geek out with expert insights and stay ahead of the curve—hit that like button, subscribe now, and turn on notifications for fresh episodes that will blow your mind! https://www.youtube.com/@HelloInfoSec

Information

  • Creator
    HelloInfoSec
  • Years Active
    2025 - 2026
  • Episodes
    148
  • Rating
    Clean
  • Copyright
    © HelloInfoSec
  • Show Website
    InfoSec Bites

You Might Also Like