– ESW #291
View Show IndexSegments
1. Quantitative Security Planning from the Front-Line – Ryan Fried – ESW #291
Every year, management needs to figure out what initiatives will be prioritized for the upcoming year. This simple, free method uses a quantitative approach based on CIS controls with input from the front-line analysts and engineers. The outcome is an engaging team discussion and clear plan for what the team should prioritize.
Segment Resources: https://www.cisecurity.org/controls
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
Hosts
2. Blurred Lines Between Consumer & Enterprise; Shades of Gray with MFA – Tim Morris – ESW #291
It’s CyberSecurity Awareness Month and this year’s theme, set by CISA, is See Yourself in Cyber. We’re going to take some liberties in the interpretation of this to talk about the lines blurring between personal and work accounts and devices. We’ll also discuss MFA risks - what types of MFA are safe to use, and which aren’t in 2022? This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Sponsored By
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Tim joined Tanium in May 2021, after retiring from Wells Fargo, where he spent 21 years. He led the Cyber Threat Engineering and Research teams within Information & Cyber Security for the bank.
Tim has worked with almost every facet of computer and network technologies. Concentration has been with endpoint detection & response, systems & patch management, and vulnerability assessment. He has built teams that manage: endpoint security, platform engineering, incident response, digital forensics, and offensive security, i.e., “red team”.
Tim was first introduced to Tanium in 2008. However, he didn’t begin working with it fully until 2013. Tim was privileged to have the opportunity to be one of the first to deploy & manage Tanium at a large scale on 500K endpoints. At the same time, he was able to build one of the best cyber security engineering teams in the industry. Their effectiveness and efficiency were due in large part to Tanium – The best incident response and system management tool in the industry.
Hosts
3. Cloudflare Incentives, Web3 Funding, Emulating Adversaries, & State of the Sec Market – ESW #291
Finally, in the enterprise security news, Cloudflare has 1.25 billion incentives to draw customers away from AWS, NetSPI raises $410M for pen testing? Tines extends their Series B an extra $55M, Detectify and Eclypsium also raise funding, Some big funding for Web3 security startups, Adversary emulation tools for blue teamers, Breaking news: the security market isn’t out of money, it’s just fine, The art of selling to cybersecurity people, and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. NEW FUND (sorta): Cloudflare takes aim at AWS with promise of $1.25 billion to startups that use its own platform
- 2. FUNDING: NetSPI Raises $410 Million in Growth Funding from KKR(note from Adrian in Brazil: someone please explain this madness to me - I'll be listening in as I travel!)
- 3. FUNDING: Tines raises $55M more to automate security workflows$55M extended Series B led by Felicis. 2nd Gen SOAR.
- 4. FUNDING: MPCH Labs Closes $40M Series A Funding$50M Series A, led by Liberty City Ventures.
- 5. FUNDING: IriusRisk raises $29M Series B as threat modeling becomes essential for secure product design$29M Series B led by Paladin Capital Group. SDLC/AppSec.
- 6. FUNDING: Eclypsium lands $25M to secure the device supply chain
- 7. FUNDING: Introducing Blowfish, the Security Service Your Web3 Wallet Needs$11.8M Series A, led by Paradigm.
- 8. FUNDING: 6clicks raises $10m for its AI-powered GRC platform$10M Series A led by Centerstone Capital
- 9. FUNDING: Detectify Raises $10M in Follow-On Funding to Accelerate External Attack Surface Management Powered by Elite Ethical Hackers
- 10. FUNDING: How Onyxia uses security AI to help CISOs improve their security posture$5M Seed round, led by World Trade Ventures. "We are modeling an entirely new approach to cybersecurity."
- 11. FUNDING: Sensepass raises $3M Seed
- 12. ACQUISITION (assets only): Qualys Acquires Blue Hexagon’s AI/Machine Learning Platform
- 13. NEW PRODUCT: HeyLogin – A “Password Manager without a Master Password”
- 14. NEW TOOLS: ezEmu – adversary simulation for blue teamersFrom the README.md: ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry.
- 15. NEW TOOLS: Ahhh, This Emulation is Just Right: Introducing Micro Emulation PlansMore adversary emulation for blue teams!
- 16. MARKET ANALYSIS: Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market
- 17. MARKET ANALYSIS: What’s Going on With Cybersecurity VC Investments?
- 18. GOOD READS: What Lurks in the Shadows of Cloud Security?
- 19. GOOD READS: On the Art of Selling to Cybersecurity People
