10 episodes

The editor-in-chief of TechSpective, Tony Bradley, spotlights interesting products and knowledgeable experts. Each week we will invite a guest or guests to join us to chat. We might talk about breaking news from the tech world in general, or products and research, or upcoming events. We might just talk about Star Wars vs. Star Trek, Marvel vs. DC, or Xbox vs. PS4.

Podcasts – TechSpective Podcasts – TechSpective

    • Technology

The editor-in-chief of TechSpective, Tony Bradley, spotlights interesting products and knowledgeable experts. Each week we will invite a guest or guests to join us to chat. We might talk about breaking news from the tech world in general, or products and research, or upcoming events. We might just talk about Star Wars vs. Star Trek, Marvel vs. DC, or Xbox vs. PS4.

    Chris Eng Talks about the State of Software Security Report

    Chris Eng Talks about the State of Software Security Report

    TechSpective Podcast Episode 050

    "Every company is a software company."



    That is the quote that kicks off the Executive Summary page of the latest State of Software Security Report from Veracode. This is Volume 11 of the report, with a focus on looking ahead to identify how developers can continue to make applications better and more secure.



    Obviously, some companies produce microwave ovens, and some businesses repair garage doors. In a purely technical sense, not every company is a software company. But, the point of the quote is that, increasingly, no matter what industry a business is in, software and application development play an integral role. Domino's Pizza has famously declared itself a "tech company that sells pizza."



    So, what insights are revealed in Volume 11 of the State of Software Security report? I'm glad you asked. A press release from Veracode shared the following key findings from the report:

    Flawed applications are the norm: 76% of applications have at least one security flaw, but only 24% have high-severity flaws. This is a good sign that most applications do not have critical issues that pose serious risks to the application. Frequent scanning can reduce the time it takes to close half of observed findings by more than three weeks.



    Open source flaws on the rise: while 70% of applications inherit at least one security flaw from their open source libraries, SOSS 11 also found that 30% of applications have more flaws in their open source libraries than in the code written in-house. The key lesson is that software security comes from getting the whole picture, which includes identifying and tracking the third-party code used in applications.



    Multiple scan types prove efficacy of DevSecOps: teams using a combination of scan types including static analysis (SAST), dynamic analysis (DAST), and software composition analysis (SCA) improve fix rates. Those using SAST and DAST together fix half of flaws 24 days faster.



    Automation matters: those who automate security testing in the SDLC address half of the flaws 17.5 days faster than those that scan in a less automated fashion.



    Paying down security debt is critical: the link between frequently scanning applications and faster remediation times has been established in Veracode’s prior State of Software Security research. This year’s report also found that reducing security debt – fixing the backlog of known flaws – lowers overall risk. SOSS 11 found that older applications with high flaw density experience much slower remediation times, adding an average of 63 days to close half of flaws.

    My guest for this episode of the TechSpective Podcast is someone uniquely qualified to talk about that very thing: Chris Eng, Chief Research Officer for Veracode.



    This year's report includes data analyzed from more than 130,000 applications--an increase of more than 50% over the previous State of Software Security report. One of the things Eng touches on in our discussion is the topic of nature vs. nurture when it comes to application security, as well as the fact that using multiple application security scan types, and leveraging automated scanning both contribute to accelerating the remediation effort and improving application security in general.



    Don't take my word for it. You can download Volume 11 of the State of Software Secur...

    • 54 min
    Tom Garrison Discusses Preventing Exploits with Intel CET

    Tom Garrison Discusses Preventing Exploits with Intel CET

    TechSpective Podcast Episode 049

    Malware is a massive problem that costs businesses around the world billions of dollars every year. Much of the effort to fight malware is a simple game of cat and mouse where attackers find a weakness and develop an exploit, security vendors and application developers implement solutions to prevent that exploit, and attackers come up with a new way to circumvent protection. That will probably always be the case to some extent because there is no such thing as perfect or absolute security. However, there is a way to dramatically reduce the threat by preventing the actions necessary to execute the exploit at the chip level. That is where Intel CET comes in.



    Tom Garrison, Vice President and General Manager of Client Security Strategy & Initiatives at Intel, recently joined me on the TechSpective podcast to talk about the challenges organizations face dealing with malware threats, and how Intel Control-Flow Enforcement Technology (Intel CET) can help prevent entire categories of common attacks.



    Because of how pervasive Intel technology is throughout  technology, Intel is in a unique position to be able to impact malware execution on a massive scale. Microsoft has also joined the battle, pledging to incorporate support for Intel CET into Windows 10 with Hardware-Enforced Stack Protection.



    Please ask questions and share your thoughts on the topic in the comments below. I appreciate your help to share the podcast and grow the audience. Also, please subscribe to the TechSpective podcast through your favorite podcast platform, and share the podcast with your peers and friends.



    If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.



    Take care and stay safe.

    • 46 min
    DJ Sampath Chats about the COVID-19 Pandemic and Business Email Compromise

    DJ Sampath Chats about the COVID-19 Pandemic and Business Email Compromise

    TechSpective Podcast Episode 048

    Hello. It's been a while. In my defense, time is just a construct and it seems to have mostly lost meaning--at least for me--during the COVID-19 pandemic quarantine. Days, weeks, and months have little value when the routine is mostly the same regardless. To say that 2020 has been rough would be a wild understatement. It seems like each month we say "Man. It can't possibly get worse than this!" and the next month is like "Hold my beer."



    That said, life goes on. Aside from working from home and staying in my house 99% of the time, I don't have anything to complain about, really. Relatively speaking, I am fine. There is still plenty to write about. In fact, in some respects there is more to write about. DJ Sampath, co-founder and CEO of Armorblox, joined me to talk about the rise in business email compromise (BEC) attacks and other cybersecurity threats that have occurred as a result of attackers looking to take advantage of entire companies suddenly working from home and the exposure to risk from the COVID-19 pandemic chaos.



    DJ and I recorded this a few weeks ago. Although some states have relaxed stay at home orders and there has been some effort to resume normal life--albeit with social distancing and other guidelines in place--the fact is that nothing much has changed and the conversation is still very relevant. COVID-19 cases and fatalities continue to climb in many areas, and most companies are still working entirely--or at least mostly--from home. Some companies are implementing remote work from home arrangements permanently. These conditions are still ripe for BEC attacks.



    I encourage you to please ask questions and share your thoughts on the topic in the comments below. I appreciate your help to share the podcast and grow the audience. Also, please subscribe to the Inner Circle podcast through your favorite podcast platform, and share the podcast with your peers and friends.



    If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.



    Take care and stay safe.

    • 46 min
    Fabian Wosar Joins Me to Chat about Ransomware and Data Privacy

    Fabian Wosar Joins Me to Chat about Ransomware and Data Privacy

    Inner Circle Podcast Episode 047

    My guest for this episode is Fabian Wosar, CTO of Emsisoft. Emsisoft is a New Zealand-based maker of antimalware and endpoint security solutions that has established itself as a leader in the fight against ransomware.



    This is a really awesome conversation--so much so that we got off topic very quickly and never really got back to it. I promise to have Fabian back again soon so we can delve more deeply into the battle against ransomware and Emsisoft's role in that effort.



    We digress pretty early into the realm of data privacy and end user license agreements (EULA) and the concept that nothing is really free. The basic premise is that if a company is offering you a product for "free", it's because you're actually the product. The reason they're able to offer you the product for free is that they are generally collecting demographic and usage data that can be sold to companies and leveraged for more targeted advertising or other similar efforts.



    Fabian and I talk about the current state of data privacy and some of the challenges that consumers face. Individuals have to try and determine which companies to trust with their personal data in exchange for features and benefits that make life more convenient. We also discuss the fact that some relationships are not optional--like the data collected and stored by government agencies or credit bureau organizations, and the data privacy implications of that.



    I encourage you to please ask questions and share your thoughts on the topic in the comments below. I appreciate your help to share the podcast and grow the audience. Also, please subscribe to the Inner Circle podcast through your favorite podcast platform, and share the podcast with your peers and friends.



    If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.

    • 43 min
    Mike Beckley Discusses Low-Code Programming and Robotic Process Automation

    Mike Beckley Discusses Low-Code Programming and Robotic Process Automation

    Inner Circle Podcast Episode 046

    My guest for this episode is Mike Beckley--co-founder and CTO of Appian. Appian has established itself as a leader in intelligent business process management systmes (iBPMS), dynamic case management (DCM), digital process automation (DPA), and low-code development. With the recent acquisition of Jidoka, Appian is now also in the business or robotic process automation (RPA).



    Our conversation revolves mostly around low-code development--dispelling some myths about what it is and how it is used. I have written previously about the power of low-code development for empowering citizen developers and giving individuals the tools to build the apps and solutions they need rather than trying to figure out how to make off-the-shelf tools do what they need. My view of low-code development platforms was based solely on this perspective, but Beckley enlightens me on the value of low-code development even for large enterprises and seasoned developers. It streamlines and accelerates development and simplifies the process of patching and updating.



    We also talk about the Jidoka acquisition and the value of robotic process automation--or automation in general. Organizations have embraced DevOps culture and one of the core tenets of DevOps is the drive to automate those things that can be automated so people can focus on bigger problems and innovative new solutions.



    As always, feel free to ask questions or share your thoughts on the topic in the comments below. I appreciate your help to share the podcast and grow the audience. Also, please subscribe to the Inner Circle podcast through your favorite podcast platform, and share the podcast with your peers and friends.



    If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen.

    • 44 min
    Tim Keeler Talks about Value of Just-in-Time Privileged Access Management

    Tim Keeler Talks about Value of Just-in-Time Privileged Access Management

    Inner Circle Podcast Episode 045

    The podcast is back. It's been a while, but it's time to crank things back up. I will be making a few changes in terms of scope and format and improving the frequency and consistency moving forward.



    This is an episode that I recorded with Tim Keeler, co-founder and CEO of Remediant, back in November. We talk about some of the challenges of access management and privileged access management, and the ways that many of the existing or traditional solutions fall short.



    Keeler shares the inspiration behind starting Remediant in the first place, and the way Remediant addresses those challenges and raises the bar for access management with the concept of just-in-time privileged access management.



    As always, feel free to ask questions or share your thoughts on the topic in the comments below. I appreciate your help to share the podcast and grow the audience. Also, please subscribe to the Inner Circle podcast through your favorite podcast platform, and share the podcast with your peers and friends.



    If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes, or wherever you listen. You can also follow Tim on Twitter and LinkedIn.

    • 50 min

Top Podcasts In Technology