Aidan Holland, Kelly Shortridge – ESW #339
Full Audio
View Show IndexSegments
1. The State of Internet Attack Surface – Aidan Holland – ESW #339
Today, we discuss the state of attack surface across the Internet. We've known for decades now that putting an insecure service on the public Internet is a recipe for disaster, often within minutes. How has this knowledge changed the publicly accessible Internet? We find out when we talk to Censys's Aidan Holland today.
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
Aidan Holland is a software engineer at Censys who channels his skills in cybersecurity, artificial intelligence, and open-source development to drive innovative projects. Aidan played pivotal roles in the creation of the Censys Search Engine and Censys Python SDK. Furthermore, he led the development of the Censys Cloud Connector and was at the helm of the groundbreaking CensysGPT project, applying his deep knowledge of AI and Python.
Prior to joining Censys, Aidan interned at the U.S. Department of Homeland Security at the age of 15, a unique opportunity that sparked his passion for cybersecurity. Aidan also honed his artistic skills during an internship at the Hirshhorn Museum in Washington DC, where he was able to present his AI-generated artwork.
Aidan continuously seeks new challenges and learning opportunities, participating in activities such as Capture The Flag (CTF) competitions, hackathons, and contributing to open-source projects in his spare time. His diverse experiences and relentless drive to innovate make him a committed participant in the fast-paced world of technology.
Hosts
2. Security Chaos Engineering: Realigning the Security Industry – Kelly Shortridge – ESW #339
We've reached an inflection point in security. There are a handful of organizations regularly and successfully stopping cyber attacks. Most companies haven't gotten there, however. What separates these two groups? Why does it seem like we're still failing as an industry, despite seeming to collectively have all the tools, intel, and budget we've asked for?
Kelly Shortridge has studied this problem in depth. She has created tools (https://www.deciduous.app/), and written books (https://www.securitychaoseng.com/) to help the community approach security challenges in a more logical and structured way. We'll discuss what hasn't worked for infosec in the past, and what Kelly thinks might work as we go into the future.
Announcements
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Guest
Kelly Shortridge is a Senior Principal in the Office of the CTO at Fastly. Shortridge is lead author of Security Chaos Engineering: Sustaining Resilience in Software and Systems (O’Reilly Media) and is best known as an expert on resilience in complex software systems, the application of behavioral economics to cybersecurity, and bringing security out of the dark ages. Shortridge has been a successful enterprise product leader as well as a startup founder (with an exit to CrowdStrike) and investment banker. Shortridge frequently advises Fortune 500s, investors, startups, and federal agencies and has spoken at major technology conferences internationally, including Black Hat USA, O’Reilly Velocity Conference, and SREcon. Shortridge’s research has been featured in ACM, IEEE, and USENIX, spanning behavioral science in cybersecurity, deception strategies, and the ROI of software resilience. Shortridge also serves on the editorial board of ACM Queue.
Hosts
3. Palo Alto buys Talon, the changing world of security exits, 6 Qs to ask your CISO – ESW #339
During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable funding rounds.
We discuss Kelly Shortridge's essay on the origins and nature of the term "security" and what it means. Stephen Schmidt suggests 6 questions every board should ask their CISO, we explore Cyentia Labs' meta analysis of MITRE ATT&CK techniques, and Phil Venables shares some hilarious takes on infosec stereotypes.
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. FUNDING: Unlocking the Future of CIAM – FusionAuth and Updata Partners Join Forces
- 2. FUNDING: Chainguard Raises $61 Million Series B Round as Enterprises Move to Fortify Open Source Software
- 3. FUNDING: Graylog Secures $39 Million Investment to Accelerate Growth and Security Product Line Expansion
- 4. FUNDING: Cowbell Raises $25M in Equity Funding
- 5. FUNDING: Xage Security raises $20M more to expand its security platform
- 6. FUNDING: Dubai’s AI cybersecurity startup SpiderSilk raises $9m in round led by Wa’ed Ventures
- 7. ACQUISITIONS: Confirmed: Palo Alto has acquired Talon Cyber Security, sources say for $625M
- 8. ACQUISITIONS: Travelers to Acquire Corvus Insurance
- 9. ACQUISITIONS: Pager Duty Acquires Jeli.io
- 10. NEW COMPANIES: Adapt or Die: Generative AI & The Revolution of American Cyber Defense
- 11. ESSAYS: When we say “security”, what do we mean?
- 12. ESSAYS: No Way Out: The Changing World of Cybersecurity Exits
- 13. ESSAYS: Putting the Emphasis on the Wrong Syllable
- 14. BREACHES: Southwestern Ontario hospitals will rebuild network from scratch amid fallout from cyberattack; more data leaked
- 15. ADVICE: Amazon’s chief security officer says these are the 6 questions every board should ask its CISO
- 16. REPORTS: Multi Source Analysis of Top MITRE ATT&CK Technique – Cyentia Institute
- 17. LEGAL: Lessons from the SEC’s Lawsuit against SolarWinds and Tim Brown
- 18. TRENDS: FBI: Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools
- 19. SQUIRREL: Caricatures of Security People
Some folks may find this offensive, but the way I'm reading it, he's poking fun at the stereotypes not the people actually depicted by each example in this post.
