Brakeing Down Security Podcast
Summary: A podcast all about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans.
- Visit Website
- RSS
- Artist: Bryan Brake, Amanda Berlin, Brian Boettcher
- Copyright: Copyright 2020. All rights reserved
Podcasts:
Brad Spengler from Grsecurity discusses advances in the Linux kernel in the last 10 years, including some of the background on how changes get added to the kernel.
Full show notes at https://www.brakeingsecurity.com Supply chain issues What should companies do when they don’t know what’s in their own tech stack? Vendor Contact Are some devices and systems more vulnerable than others? What’s the initial email look like when you tell a company “you’re vulnerable to X”? How did you tailor your initial response when you learned of the position of the person? Was it worth the effort coordinating with Treck?
Agenda: RIPPLE 20 report background How did JSOF approach Treck Supply chain security tools used to analyze the TCP/IP stack Discussion of reasons for custom TCP/IP stacks OEM reaction Why supply chain security matters NIST guidelines on supply chain security https://www.brakeingsecurity.com
WISP.org PSA from Rachel Tobac on the #shareTheMicInCyber initiative F5 BIG-IP vulnerability Redux of PAN-OS SAML vuln CVSS scoring blunders Advice on a problem in a Tweet And more!
0. Update on Palo Alto vulnerability mentioned later in the show 1. How was Mr. Boettcher's vacation? 2. Thank you to Marcus Carey for his leadership and friendship 3. Discussion of the recent Cognizant Breach of employee data 4. Maze ransomware discussion 5. Palo Alto PAN-OS vulnerability (CVE-2020-2021) 6. SAML auth discussion 7. End of show Full show notes at www.brakeingsecurity.com. Search for show "2020-025"
Ms. Berlin's oldest heads off to the Marines! Ripple 20 report discussed major vulns in #IoT #security TCP/IP stacks Bad Actors are using CAPTCHAs to evade analysis Much more!
James discusses how companies need to adopt a 'zero trust' model going forward, and how you measure the effectiveness of your training and controls to ensure that you get the most out of your company's technology.
2020-022-Andrew Shikiar, FIDO Alliance, removing password from IoT, and discussing FIDO implementation
Derek Rook and our team discusses red team methodology, how it differs from CTF and OSCP methodologies, and what red teams can do to make the whole process better for MSSPs, SOC, and blueteams members.
2020-020-Andrew Shikiar - FIDO Alliance - making Cybersecurity more secure
2020-019-Masha Sedova, customized training, phishing, ransomware, and privacy implications
2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training
2020-017-Cameron Smith, business decisions, and how it affects Security
2020-016-Cameron Smith, Business decisions and their (in)secure outcomes - Part 1
2020-015-Tanya_Janca-Using Github Actions in your Devops Environment, workflow automation