457 episodes

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

BrakeSec Education Podcast Bryan Brake, Amanda Berlin, and Brian Boettcher

    • News
    • 4.7 • 98 Ratings

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

    Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!

    Tanya Janca Talks secure coding, Semgrep Academy, and community building, and more!

    Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec
    Join the Discord! https://discord.gg/brakesec
    #youtube VOD (in 1440p): https://www.youtube.com/watch?v=axQWGyd79NM 
    Questions and topics:
    Bsides Vancouver discussion
    Semgrep Community and Academy
    Building communities
    What are ‘secure guardrails’
    Reducing barriers between security and developers
    How to sell security to devs: “hey, if you want to see us less, buy/use this?”
    “Security is your barrier, but we have goals that we can’t reach without your help.”
    https://wehackpurple.com/devsecops-worst-practices-artificial-gates/ 
    How are you seeing things like AI being used to help with DevOps or is it just making things more complicated? Not just helping write code, but infrastructure Ops, software inventories, code repo hygiene, etc?
    OWASP PNW https://www.appsecpnw.org/
    Alice and Bob coming next year!
    Additional information / pertinent LInks (Would you like to know more?):
    shehackpurple.ca 
    Semgrep (https://semgrep.dev/)
    https://aliceandboblearn.com/
    https://academy.semgrep.dev/ (free training)
    Netflix ‘paved roads’: https://netflixtechblog.com/how-we-build-code-at-netflix-c5d9bd727f15
    https://en.wikipedia.org/wiki/Nudge_theory 
    https://www.perforce.com/blog/qac/what-is-linting 
    https://www.youtube.com/watch?v=FSPTiw8gSEU 
    https://techhq.com/2024/02/air-canada-refund-for-customer-who-used-chatbot/ 

    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth 
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb 
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@BrakeSecEd
    Twitch Channel: https://twitch.tv/brakesec
     

    • 1 hr 27 min
    Josh Grossman - building Appsec programs, bridging security and developer gaps

    Josh Grossman - building Appsec programs, bridging security and developer gaps

    Youtube VOD: https://youtu.be/G3PxZFmDyj4
     
    #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis

    Questions and topics:
    1. The background to the topic, why is it something that interests you?
    How do you convince developers to take your course?
    2. What do you think the root cause of the gap is?
    3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?)
    4. Where do gaps begin? Is it the ‘need’ to ‘move fast’?
    5. What can devs do to involve security in their process? Sprint planning? SCA tools?
    6. How have you seen this go wrong at organizations?
    7. How important is it to have security early in the product development process?
    8. What sort of challenges do you think mainstream security people face in AppSec scenarios?
    9. How does Product Security differ from Application Security? (what if the product is an application?)
    10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec?
    11.. How do you suggest a security team approach AppSec/ProdSec?
                   Leadership buy-in
                   Effective/valuable processes
                   Tools should achieve a goal
    12. SBOM - NTIA is asking for it, How to get dev teams to care.
    13. Key takeaways?
    Additional information / pertinent LInks (Would you like to know more?):
    BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218
    https://www.walkme.com/blog/leadership-buy-in/
    https://www.bouncesecurity.com/
    https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example
    https://www.cisa.gov/sbom
    SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd 
    https://semgrep.dev/ 
    https://www.linkedin.com/in/joshcgrossman 
    https://owasp.org/www-project-application-security-verification-standard/ 
    https://github.com/OWASP/ASVS/tree/master/5.0
    https://owasp.org/www-project-cyclonedx/
    https://joshcgrossman.com/
    PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg 
    Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210 
    https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-372101705524544 
    ASVS website: https://owasp.org/asvs 
    Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee 

    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth 
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb 
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@brakeseced
    Twitch Channel: https://twitch.tv/brakesec

    • 1 hr 16 min
    Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

    Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

    Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers.
     
    Recorded: 08 Apr 2024
    Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw
     
    Show Topic Summary:
    If you want to get in the mind of a board member, I submit to you my discussion with Mary Gardner we did last night on #brakesec #education. Join Mary and I as we discuss the functions of a board, messaging to various levels of leadership and teams, and what it takes to make that leap to being a CISO.
    And when you're done, and you need someone to help your org get more mature, contact the team at GoldiKnox.
    #cybersecurity #informationsecurity #ciso #leadership #GRC
     
    Questions and topics:
    https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity
    “Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. “
    They obviously have different priorities, so what brings everyone to the table to discuss? Are they even worried about security?
    Tactical goals vs. org goals and aligning them
    What are boards most worried about these days? 
    Staying relevant in the face of AI?
    What tech will protext them from the newest threats?
    GRC is forced security, security is completely optional, Compliance requires some sort of security
     
    Additional information / pertinent LInks (Would you like to know more?):
    Research organizations (gartner, forrester, etc)
    https://goldiknox.com/ 
    https://www.linkedin.com/pulse/board-needs-help-planning-cybersecurity-start-here-daniel-briley-k7xzc
    https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations
    https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-sentenced-three-years-probation-covering-data
     
    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth 
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb 
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@brakeseced
    Twitch Channel: https://twitch.tv/brakesec
    Discord: https://discord.gg/brakesec

    • 1 hr 22 min
    p2-accidentalCISO, building trust in new places, securing SaaS products

    p2-accidentalCISO, building trust in new places, securing SaaS products

     
    Full Youtube VOD: https://www.youtube.com/watch?v=uX7odQTBkyQ 
     
     
    Questions and topics:
    Let’s talk about Mindful Business Podcast
    What’s the topics you cover?
    Topic #1: discuss your experiences when you were a new leader.
     What worked? What didn't? What would you have done differently?
    Do you emulate your manager's style? What have been your go-to management resources? 
    What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership?
    Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc)
    Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates
    Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? 
    Additional information / pertinent LInks (Would you like to know more?):
    Twitter/Mastodon:
    https://twitter.com/AccidentalCISO
    https://infosec.exchange/@accidentalciso
    The Mindful Business Security Show:
    https://www.mindfulsmbshow.com/
    https://twitter.com/mindfulsmbshow





    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth 
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb 
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@brakeseced
    Twitch Channel: https://twitch.tv/brakesec

    • 1 hr 13 min
    AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec

    AccidentalCISO on BrakeSecEd, talking Leadership, SaaS development, and Appsec

    Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information, and do not represent views of past, present, or future employers.
     
    Recorded: 28 Jan 2024
    Youtube VOD: https://youtube.com/live/uX7odQTBkyQ



    Questions and topics:
    Let’s talk about Mindful Business Podcast
    What’s the topics you cover?
    Topic #1: discuss your experiences when you were a new leader.
     What worked? What didn't? What would you have done differently?
    Do you emulate your manager's style? What have been your go-to management resources? 
    What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership?
    Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc)
    Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates
    Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? 
    Additional information / pertinent LInks (Would you like to know more?):
    Twitter/Mastodon:
    https://twitter.com/AccidentalCISO
    https://infosec.exchange/@accidentalciso
    The Mindful Business Security Show:
    https://www.mindfulsmbshow.com/
    https://twitter.com/mindfulsmbshow

    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth 
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb 
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@brakeseced
    Twitch Channel: https://twitch.tv/brakesec

    • 29 min
    1st show of 2024! Our 10th Anniversary...

    1st show of 2024! Our 10th Anniversary...

    It's our 10th anniversary and the first show of our 2024 season!
    Amanda was on "7 minute security"
    https://7minsec.com/projects/podcast
     
    Check out the complete VOD at https://youtu.be/vbmEtkxhAMg
    Explicit language warning
     
    www.brakeingsecurity.com
    https://twitch.tv/brakesec
    https://bit.ly/brakesecyt
     

    • 59 min

Customer Reviews

4.7 out of 5
98 Ratings

98 Ratings

obacker19 ,

Empowering, insightful and actionable! 🙌

Whether you’re well established as an innovator in infosec, or just getting started in the industry - this is a must-listen podcast for you! Bryan and the BDS team do an incredible job leading conversations that cover a huge breadth of topics related to the ins and outs of navigating the shifting landscape of data security - with leaders who’ve actually experienced success themselves. Highly recommend listening and subscribing!

The name iz already taken ,

Spelling

Braking*

bb7151 ,

Good team!

Topics are practical and varied. I also appreciate the fact that they are all involved in the security community which adds weight to their discussions.

Top Podcasts In News

The Daily
The New York Times
Candace
Candace Owens
The Tucker Carlson Show
Tucker Carlson Network
Up First
NPR
Pod Save America
Crooked Media
The Ben Shapiro Show
The Daily Wire

You Might Also Like

Risky Business
Patrick Gray
Defense in Depth
David Spark
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
Smashing Security
Graham Cluley & Carole Theriault
CISO Series Podcast
David Spark, Mike Johnson, and Andy Ellis
Cyber Security Headlines
CISO Series