This site uses cookies to ensure you get the best experience. Learn more

Sign up or log in to follow your favorite podcasts and listen to episodes!

Paul's Security Weekly

paul@securityweekly.com, Paul Asadoorian
1900 episodes
For the latest in computer security news, hacking, and research! We sit around, drink beer, and talk security. Our show will feature technical segments that show you how to use the latest tools and techniques. Special guests appear on the show to enlighten us and change your perspective on information security.

Disclaimer: the content and artwork of this podcast are the property of its owner and are not affiliated with nor endorsed by Audiotrails.

Talking Heads - ASW #150

While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, w…

Dusty Corners - PSW #693

This week, Bob Erdman, Associate Director of Development at Core Security, joins us for an interview to talk about Building a Risk-Based Vulnerability Management Program! Then, Jim Langevin, US Congressman at the US House of Representatives, joins us for a discussion on Biden Administration EO on C…

Bad Pings, Yahoo Answer Babbies, Python Bugs, & Spectre Attacks - Wrap Up - SWN #120

This week in the Security Weekly News Wrap Up Dr. Doug talks: Pings are bad, m'kay, Yahoo Answers, Python ipaddress bugs and the curse of octal, Deepfakes, Qualcom, Spectre, First Horizon Bank, & the show Wrap Ups for this week!   Show Notes: https://securityweekly.com/swn120 Visit https://…

Tyler Has Visitors - ESW #226

This week, In the first segment, we welcome Steve Springett, Chair at CycloneDX SBOM Standard, Core Working Group, for a discussion on The Rise of SBOM! Next up, Carlos Morales, CTO Security Services at Neustar, joins for a discussion on how Applications Are Your Lifeblood – Understanding the Chang…

Enforcement Body - SCW #72

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now. Chris …

Limitless - BSW #215

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the latest security funding and perfor…

Alert Your Star Destroyers - ASW #149

Rey Bango will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover: • The types of security training that work • The role of security champions • How the security and development teams can work together…

Dan Kaminsky, 'BadAlloc' Flaws, Apple 0-Days, & Spectre Defenses Shattered - SWN #119

This week Dr. Doug talks Dan Kaminsky, Spectre, Badalloc, Cardassian Overlords, Apple patches, and the notorious Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn119 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us o…

Passwordstate Backdoor, Gov't Tackles Ransomware, & BinD Updates - Wrap Up - SWN #118

In the Security Weekly News Wrap Up for this week: Government intervention in Ransomware, Joe Biden's response to Russia, Passwordstate, AI, Mitre, Chrome, contaminated instruments, and Dr. Doug's Favorite Threat of the Week!   Show Notes: https://securityweekly.com/swn118 Visit https://www…

Vulcan Mind Meld - PSW #692

This week, Fleming Shi, CTO of Barracuda Networks, joins us for an interview to talk about Protecting the Hybrid Workforce! Then, Fred Gordy, Director of Cybersecurity at Intelligent Buildings, joins us for a discussion on Smart Building Control System Cybersecurity - The Real World! In the Securit…

Between the Two Tylers - ESW #225

This week, Rickard Carlsson, CEO at Detectify, joins us to talk about collaboration as the modern approach application security. In the Enterprise News for this week: HackerOne Enhances Security Testing Platform, Palo Alto Networks Expands Unit 42 Cybersecurity Consulting Group, Thoma Bravo to take…

Boil the Ocean - SCW #71

Richard Struse, Director of The Center for Threat-Informed Defense from MITRE Engenuity joins the SCW crew for a two part interview! -What is threat-informed defense and how does it relate to other aspects of cybersecurity? -The importance of ATT&CK as a lens through which you can view your securit…

Skin in the Game - BSW #214

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy. In the Leadership and Communications sec…

Emotet Nukes Itself, Nvidia 0-Days, Babuk D.C Attack, & iOS 14.5 - SWN #117

This week in the Security Weekly News: Dirty emojis, Nvidia zero-days, Shlayer, Cozy Bear, Emotet, Babuk, iOS 14.5, and Jason Wood returns for Expert Commentary!   Show Notes: https://securityweekly.com/swn117 Visit https://www.securityweekly.com/swn for all the latest episodes!   Foll…

Minimum Safe Distance - ASW #148

We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle an…

Curmudgeon Pills - PSW #691

Kevin and the CYBER.ORG team are currently finalizing nationwide K-12 cybersecurity learning standards with the goal of having all 50 states adopt them. Expected in the fall, these standards will ensure that all students have equal access to standardized K-12 cybersecurity education. This conversat…

Lots of Zero Days, SonicWall Vulns, The FBI, The Professor, & The Rest - Wrap Up - SWN #116

Just sit right back and you'll hear a tale, Lots of Zero Days, CodeCov, FBI Hack backs, Cozy Bear, Mystery Science Theatre, the Professor and the rest, here on Security Weekly Wrap Up Island!   Show Notes: https://securityweekly.com/swn116 Visit https://www.securityweekly.com/swn for all t…

Hall of Shame - ESW #224

This week, we welcome Jeff Deininger, a Principal Cloud Security Engineer, joins us and will use a simulated attack to demonstrate how advanced threat detection works with commonplace architectural elements to deny attackers the crucial traction needed to establish a foothold at the beginning of a …

The Other Guy - SCW #70

This week, we welcome Chris Hughes, Principal Cybersecurity Engineer at Rise8, to talk about Compliance Innovations in the Cloud. Cloud has and continues to disrupt many traditional business processes, activities and IT paradigms. Compliance will also be revolutionized by cloud computing. In this s…

Go Back To Work! - BSW #213

When the world went fully remote a year ago, many systems had to migrate from on-premise to the cloud. Now that we're starting to re-open offices, do we move these system back to on-premise or is cloud the new normal? Fleming Shi, CTO from Barracuda Networks, joins us to discuss the ongoing challen…

Codecov Attack, Major BGP Leak, Lazarus APT, Discord Ransomware, & GEICO Breach - SWN #115

This week, Dr. Doug talks naughty vaccines, Air frying is not frying, BGP is leaking, Codecov, Lazarus, Google Alerts, Nitro Ransomware, & we're joined once more for expert commentary by Jason Wood!   Show Notes: https://securityweekly.com/swn115 Visit https://www.securityweekly.com/swn fo…

That Will Bite Ya - ASW #147

This week, we welcome Doug Barbin, Managing Partner at Schellman & Company, LLC, to discuss Supply Chain Management! Supply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportuniti…

When Things Go Sour - SCW #69

Today we are going to take a look at security awareness training programs in organizations. We are joined to day by Kelley Bray and Stephanie Pratt who will help facilitate the discussion. We'll start with the history and evolution of security awareness programs; what has worked, or more precisely …

The Hunt for Red October - PSW #690

This week, Lennart Koopmann, the CTO of Graylog, Inc, joins us for an interview to talk about Nzyme, a Free and Open WiFi Defense System. Then, Dutch Schwartz, Principal Security Specialist at Amazon Web Services, joins us for a discussion on the Lessons Learned When Migrating from On Prem to Cloud…

Virtual Audio Bars, Accellion Breach, & Discord/Slack Malware - Wrap Up - SWN #114

This week, Elon visits an audio-only virtual bar, Ubiquity denies, Accellion, ToadSuck.gov, and more, plus show wrap-ups!   Show Notes: https://securityweekly.com/swn114 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.c…

Love Your Energy - ESW #223

This week, In the first segment, Ryan Noon from Material Security join us for a discussion on Zero Trust! Next up, John Loucaides joins for an interview on firmware attacks, and what enterprises need to do! In the Enterprise Security News:Cyble raises $4M, ThreatQuotient raises $22.5M, OneTrust acq…

A Little Hot - SCW #68

Errol will talk about his experiences with information sharing and building the world's first Information Sharing & Analysis Center in 1999. Errol brings unique perspective to the table as he was the service provider behind the Financial Services ISAC, then a subscriber and ISAC member for 13 years…

Culture of Innovation - BSW #212

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and ac…

Microsoft Edge Grows, IRS “Operation Hidden Treasure”, & 'more_eggs' Malware - SWN #113

This week, Dr. Doug talks Breaches, Microsoft, the Dead Return to Life, The IRS is coming for your Bitcoin, Have YOU been PWNed, and the Expert Commentary of none other than Jason Wood!   Show Notes: https://securityweekly.com/swn113 Visit https://www.securityweekly.com/swn for all the lat…

Contortions - ASW #146

This week, we welcome Leif Dreizler - Engineering Manager, Product Security - Segment, to talk about Shifting Right: What Security Engineers Can Learn From DevSecOps! In the AppSec News, PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for…