Thursday, July 19, 2018

Show 147: Kathleen Fisher discusses DARPA research vs. Black Hat/DefCon research

Listen as Gary and Kathleen discuss scientific research versus hacking "research,"����programming languages and software security, hacking (or not hacking) autonomous helicopters at DARPA, why machine learning looks pretty similar to how it looked 25 years ago, and more.

Show 146: Nicholas Weaver discusses network security, botnets, and cryptocurrency

Listen as Gary and Nicholas discuss the Spectre vulnerability, botnet attacks, research tech transfer, cryptocurrencies and blockchain technology, and more.

Show 145: Tanya Janca discusses transitioning from developer to software security guru

Listen as Gary and Tanya discuss the transition from development to security, election security, DevOps, and more.

Show 144: Ron Gula discusses government versus commercial security solutions

Listen as Gary and Ron discuss government and commercial security solutions, the NIST framework, tech transfer, technical advisory boards, and more.

Show 143: Elena Kvochko discusses security policy and security technology

Listen as Gary and Elena discuss security policy, security technology, the role of a CIO, holistic security tactics, the economics of a security breach, and more.

Show 142: Craig Froelich discusses the 2018 CISO Report

Listen as Gary and Craig discuss the role of the CISO in the financial services ecosystem and the 2018 CISO Report.

Show 141: Bruce Potter discusses ShmooCon, DevOps, and the CISO role

Listen as Gary and Bruce discuss ShmooCon, the state of software security books, network security trends, hacking back, the relationship between preventative security engineering and operational security, DevOps, the CISO role, and more.

Show 140: Adrienne Porter Felt discusses usable security at Google and web versus mobile permission models

Listen as Gary and Adrienne discuss usable security, web and mobile security indicators, browser warnings, permission models, and more.

Show 139: Matias Madou discusses secure development training and software security testing research

Listen as Gary and Matias talk about effective software security testing methods, security research, and secure development training.

Show 138: Nicole Perlroth discusses life as a cyber security journalist

Listen as Gary and Nicole talk about life as a cyber security journalist, being a woman in the security industry, and playing up the sex appeal of cyber security.

Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management

Listen as Gary and Wafaa cover cultural differences in technology management, CISO education, organizational hierarchy, and more.

Show 136: Pavi Ramamurthy discusses the relationship between development and software security

Listen as Pavi and Gary discuss whether a background in development makes you a better software security resource, CI/CD, security testing, the role that office hours play in software security awareness, and more.

Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS

Listen as Gary and Ksenia discuss software security awareness, AngularJS, security conferences, and more.

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.