99 episodes

It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.

Security and Compliance Weekly (audio‪)‬ Security Weekly

    • News
    • 4.7 • 7 Ratings

It’s the show, that bridges the requirements of regulations, compliance, and privacy with those of security. Your trusted source for complying with various mandates, building effective programs, and current compliance news. It’s time for Security and Compliance Weekly.

    Becoming the Avengers - SCW #99

    Becoming the Avengers - SCW #99

    Author of "Why CISOs Fail" is joining us today to tell us about the success of his first book as well as introduce us to his forthcoming book, "Security Hippie. Barak is best known for pioneering the concept of the virtual (or fractional) CISO model nearly two decades ago. Over the twenty years since then he has applied that model and strategy to building, managing and counseling security departments across countless and diverse organizations, including MuleSoft, Amplitude Analytics, Livenation/Ticketmaster, StubHub, Barnes and Noble, bebe Stores and many others. The goal of his new book is to convey security concepts in the form of telling stories, so we hope to hear a few examples from him during the course of the interview.
     
    Show Notes: https://securityweekly.com/scw99
    To leave a heartfelt message for Hannah (Jeff's granddaughter): https://www.caringbridge.org/visit/hannahman
     
    Visit https://www.securityweekly.com/scw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 8 min
    Under the Bus - SCW #98

    Under the Bus - SCW #98

    Ben Carr will lead us in a discussion about the origins of the role of CISO, roles/responsibilities, and what it's like to be a CISO. We'll touch on qualifications, organizational structure, its place in security and compliance, what it's like to be hero or scapegoat. All this and more!
     
    Show Notes: https://securityweekly.com/scw98
    Visit https://www.securityweekly.com/scw for all the latest episodes!
     
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 16 min
    Too Authentic - SCW #97

    Too Authentic - SCW #97

    There’s something happening here – and what it is ain’t exactly clear to O.G hackers like John Threat or our own Mr. Jeff Man. We’re going to devote an episode talking about how things used to be back in the day from a hacker/penetration perspective and discuss how things are today. Are things better? Worse? Depends on your attack vector, perhaps? Join us on Discord and participate in the discussion of what’s right and what’s wrong in our industry today and what can we do about it. All from a hacker’s perspective.
     
    Show Notes: https://securityweekly.com/scw97
    Visit https://www.securityweekly.com/scw for all the latest episodes!
     
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 31 min
    A Good Mission - SCW #96

    A Good Mission - SCW #96

    In the early days of PCI there was an online column called StorefrontBacktalk which focused on retail and technology issues. The column provided valuable insights from various specialists on the interpretation and application of many of the more challenging security requirements found in PCI DSS which was reflected in its tag line, “Techniques, Tools and Tirade about Retail Technology and E-Commerce. The founder of the column, Evan Schuman, is a veteran journalist who has covered a wide range of technology, privacy and legal issues over the past three decades. Evan will give us his take on many of the issues facing the connected world -past, present, and future.
     
    Show Notes: https://securityweekly.com/scw96
    Visit https://www.securityweekly.com/scw for all the latest episodes!
     
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 18 min
    Massive Damage - SCW #95

    Massive Damage - SCW #95

    CISA recently published guidance for how managed service providers (MSPs) should approach security for their operations based on the premise that cyber threat actors are known to target MSPs to reach their customers. MSPs provide remote management of customer IT and end-user systems and generally have direct access to their customers’ networks and data. By exploiting trust relationships in MSP networks, cyber threat actors can gain access to a large number of the victim MSP customers. The CISA Insights publication provides mitigation and hardening guidance for MSPs and their small- and mid-size business customers. By applying this guidance, organizations can protect MSP customer network assets and reduce the risk of successful cyberattacks. Our conversation today will focus on the problems that MSPs and SMBs face in achieving the right level of security for their organizations, satisfy compliance and regulatory requirements, while trying to stay in business.
     
    Show Notes: https://securityweekly.com/scw95
    Segment Resources:
    https://www.cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf
     
    Visit https://www.securityweekly.com/scw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 13 min
    A Good Crisis - SCW #94

    A Good Crisis - SCW #94

    Join us on this episode of SCW for a general discussion about how to do this whole security/compliance thing better; how compliance really needs to come first; how it's all risk-based or should be RGC not GRC; legal and privacy issues/focus - and how they help or hinder the cause; other factors like burnout/gatekeeping/etc. that all contribute to our industry being overly focused/reliant on technology and don't handle the people/process part very well.
     
    Show Notes: https://securityweekly.com/scw94
    Visit https://www.securityweekly.com/scw for all the latest episodes!
     
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 3 min

Customer Reviews

4.7 out of 5
7 Ratings

7 Ratings

oliviabaker13 ,

Highly recommend!

If you’re looking to keep up with the latest on the ever-evolving security and compliance landscape, you’ve come to the right place! Tune in for engaging, lively discussions around trends and strategies in the space. Highly recommend!

Cinderhaze ,

Hard hitting questions! Great guests!

Great host, great discussions - meaty security discussions will satisfy you and leave you wanting more!