1,997 episodes

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security.

Paul's Security Weekly paul@securityweekly.com

    • Technology
    • 4.4 • 195 Ratings

For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security.

    BSW #273 - Jess Burn

    BSW #273 - Jess Burn

    In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what did that rapid entry into tech entrepreneurship teach him about information security? And how did that lead to a passion for, among other things, cyber philanthropy? SC Media's Jill Aitoro will speak to Newmark about his career, and his own evolution in infosec awareness that came with it.
     
    Among the more challenging phases for a cyber business is transitioning from inspiring startup to successful enterprise, strategically leveraging investment to scale. SC Media's Jill Aitoro will sit down with Dave Dewalt, founder of NightDragon, and Matt Carroll, CEO of NightDragon's newest investment Immuta. Employees are on the move. As tech and security leaders adjust to managing hybrid teams, they should also plan for the loss and replacement of key security talent. Attrition and the increasing length of time needed to find a replacement leaves security programs — and firms — vulnerable. Implementing a formal succession planning process for the security organization mitigates risk and increases employee satisfaction and retention. This report provides steps for starting a succession planning program and real-world examples of companies that are already focused on developing and retaining the next generation of security talent.
    Segment Resources:
    https://www.forrester.com/report/succession-planning-is-a-business-resilience-imperative/RES177689?ref_search=604835_1658240598764
     
    Visit https://www.securityweekly.com/bsw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/bsw273

    • 1 hr 13 min
    ASW #208 - Tanya Janca

    ASW #208 - Tanya Janca

    Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in the past year, and releases a security layer for Edge; Black Hat talks on bounties and desync attacks, Google's bounties for the Linux kernel, modifying browser behavior, and the Excel championships.
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/secweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/asw208

    • 1 hr 16 min
    SWN #232 - UEFI, PyPI, Vishing, VNC, Sova, DOOM Deere, Mailchimp, & Hiding Photos

    SWN #232 - UEFI, PyPI, Vishing, VNC, Sova, DOOM Deere, Mailchimp, & Hiding Photos

    This week Dr. Doug talks: UEFI, PyPI, vishing, VNC, Sova, Doom, Mailchimp, hiding photos, and is joined by Jason Wood on this episode of Security Weekly News!
     
    Visit https://www.securityweekly.com/swn for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
     
    Show Notes: https://securityweekly.com/swn232

    • 32 min
    SWN #231 - OnlyFans, Paul, Windows vs. Linux, Conti, CISA, Zeppelin, & NHS - Wrap Up

    SWN #231 - OnlyFans, Paul, Windows vs. Linux, Conti, CISA, Zeppelin, & NHS - Wrap Up

    This week Dr. Doug talks: OnlyFans strikes back, Paul's new post, Windows vs. Linux, Conti, CISA, Zeppelin, NHS, and show wrap-ups on the Security Weekly News!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Visit https://www.securityweekly.com/swn for all the latest episodes!
     Show Notes: https://securityweekly.com/swn231

    • 30 min
    ESW #284 - Ryan Fried & Joseph Carson

    ESW #284 - Ryan Fried & Joseph Carson

    This week, we start off the show by welcoming Ryan Fried to discuss how Security analysts can move past traditional Indicators of Compromise from threat intel like domains, hashes, URLs, and IP addresses. These indicators typically aren't valid shortly after the incidents happen. Modern threat hunting by doing things like reading recent and relevant security articles, pull out behaviors that attackers are doing like commands such as net group "domain admins" or RDPing from workstation to workstation and translating those to threat hunting queries. Then, Joeseph Carson joins to discuss following in the footsteps of an attacker and uncovering their digital footprints, this episode will uncover an attacker’s techniques used and how they went from zero to full domain admin compromise, which resulted in a nasty ransomware incident. It will also cover general lessons learned from Ransomware Incident Response. Finally, in the Enterprise Security News, Normalyze and Flow Security raise money to protect data, Axio and Lumu raise money to assess risk, Bitsight intends to acquire ThirdPartyTrust, Flashpoint acquires Echosec Systems, ZeroFox goes public, Rumble rebrands as runZero, Trusting Amazon with medical records, Taking cryptocurrency off the (payment) menu, AWS’s CISO tells us why AWS is so much better than their competitors, and an ancient dial-up Internet service returns!
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Segment Resources: https://www.scythe.io/library/operationalizing-red-canarys-2022-threat-detection-report
    https://www.itbrew.com/stories/2022/05/09/quantum-ransomware-can-now-move-from-entry-to-encryption-in-under-four-hours?utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew&mid=1e3360a49c0b72a4c0e4550356ffee54
    https://www.cisa.gov/uscert/ncas/alerts/aa22-181a
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Visit https://www.securityweekly.com/esw for all the latest episodes!
    Show Notes: https://securityweekly.com/esw287

    • 2 hr 5 min
    PSW #751 - Jesse Michael & Mickey Shkatov

    PSW #751 - Jesse Michael & Mickey Shkatov

    We start off the show this week by welcoming the infamous Eclypsium security researchers Mickey and Jesse to talk about Secure Boot vulnerabilities. They walk us through the history of Secure Boot, how it works, previous research they've performed ("Boothole"), and some details on their current research presented at Defcon this year in a talk titled "One bootloader to rule them all". Then, in the Security News, key fob hacks and stealing cars, the best Black hat and defcon talks of all-time, open redirects are still open, the keys to decrypt the wizard of oz are in a strange place, why the Linux desktop sucks, why businesses should all switch to Linux desktops, SGX attacks, let me send you an Uber to take you to the bank, 27-factor authentication, start your management engines, and guess what, your DMs are not private, and you should have used Signal.
    Visit https://www.securityweekly.com/psw for all the latest episodes!
    Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Show Notes: https://securityweekly.com/psw751

    • 2 hr 58 min

Customer Reviews

4.4 out of 5
195 Ratings

195 Ratings

ndfootball5489 ,

Great Podcast With an Entertaining Crew

These guys are great to listen to! Not only are they knowledgable, but they are just fun to listen to as a group. Sometimes as you expect with personalities in this field/industry, sometimes the things they say are cringeworthy but hilarious at the same time. When I first found the podcast, about a year ago, I went on a binge listening streak like it was a Friday Netflix Original night! It has become a weekly ritual to listen to the podcast on the way to work. The information I have learned, in regards to a wide arrange of issues such as, attack surfaces, malware, web security, privacy issues, encryption, networking, etc.., has made me stronger at my every day role in the industry.

Cheers to another 10 years Gentlmen!

BearsQB ,

Big head Kaplan

Ridiculous takes and false bravado from Kap hurts show....if dude kept it less about him and more about Cubs, show would improve. Gordon has Cubs colored glasses and can’t see reality. Oh well

labsrcool ,

Bad start

Tag line for the show “packets aren’t the only thing being sniffed” is so unprofessional and inappropriate that I never make it past that part to actually listen to the content.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
Recode & The Verge
Ben Gilbert and David Rosenthal

You Might Also Like

Johannes B. Ullrich
CyberWire, Inc.
Jerry Bell and Andrew Kalat
The Record by Recorded Future
Cybereason
CISO Series