show episodes
 
Contrast Security provides the industry’s only DevOps-Native AppSec Platform using instrumentation to continuously analyze and protect software from within the application. This enables businesses to see more of the risks in their software and less development delays and AppSec complexity. The Contrast platform integrates seamlessly into development pipelines, enabling easier security bug and vulnerability fixes that significantly speed release cycles. The Contrast Inside AppSec Podcast feat ...
 
Government Matters is the only television newscast focused on the business of government. Host Francis Rose recaps the top federal headlines and conducts thought-provoking interviews on tech, security, defense, workforce and industry issues. Since its launch in August of 2013, GM has hosted some of the top minds in the federal community -- from the White House, Congress, Fortune 500 companies, journalism, and the non-profit sector.
 
Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert ...
 
Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast ho ...
 
Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application ...
 
A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
 
Each webinar features an SEI researcher discussing their research on software and cybersecurity problems of considerable complexity. The webinar series is a way for the SEI to accomplish its core purpose of improving the state-of-the-art in software engineering and cybersecurity and transitioning this work to the community. The SEI is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI Webinar Seri ...
 
Welcome to the DroidDevCast, a podcast brought to you by the team at Esper, bringing you the latest news, thoughtful discussion, and insights into all things Android, Android DevOps, and open source software development. Our host, Esper Platform Evangelist Rin Oliver is joined weekly on Fridays by a variety of guests whose backgrounds span software development, product design, UI/UX, engineering, marketing, and more. These are the stories of how today's software is built, produced, and deliv ...
 
Loading …
show series
 
One of the Mayhem for API’s guiding principles is to provide information where developers are. For instance, our CLI runs on your dev machine and can scan local APIs. The central tool to develop software as a team is a Source Code Management system like GitHub. The post Mayhem for API ❤️ GitHub: Seamless DevSecOps for your REST APIs appeared first …
 
What is AppSec, DevOps and DevSecOps? In this episode we discuss why defenders should know more about these terms and what the consequences are of ignoring these new and critical fields. Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an …
 
Content warning / awareness: for the last approximately 5 minutes of the episode we’ll be discussing mental health in tech. Included is a general discussion about self harm and suicide that does not include specific descriptions of these. The conversation is focused on the incidence of mental health in the infosec community and seeking help when ne…
 
The security industry generally agrees on the value of enabling developers in an agile environment—although we don't agree on what to call it… “Shifting Left,” “Creating a Paved Path,” “DevSecOps.” Regardless of the name, we tend to focus on teaching developers how to Sec, but there’s less focus on security engineers learning how to Dev. This segme…
 
Addressing diversity and inclusion issues at the State DepartmentGina Abercrombie-Winstanley, Diplomat in Residence at Oberlin College, discusses steps that must be taken to improve diplomacy through diversity and inclusion effortsUpdates on President Biden’s defense budget toplineMark Cancian, Senior Advisor in the International Security Program a…
 
In today’s podcast, we talked about the use of open-source technology in DevSecOps and what the pros and cons of implementing it in security strategies are with Stephen Gates, a security evangelist and senior solutions specialist at Checkmarx. Also, be sure to listen to our other podcast episode where Stephen Gates provides great insights on All ab…
 
Josh and Kurt talk to Mark Loveless from GitLab. We touch on DevSecOps, what GitLab is doing, threat modeling, and the time Mark tested positive for TNT at the airport. It's a great conversation. Show Notes Mark Loveless Twitter GitLab GitLab Handbook How we approach open source security PASTA threat modeling GitLab security features Tales from the…
 
With both hosts back on the beer to celebrate a momentous milestone, we talk Kiwis and Shoop (ba doop ba doop), sparking inspiration for a future episode. Chris and Chris break it down with DevSecOps. Fear not, there’s no rapping, just a lyrical breakdown of the place and role of security within DevOps. Something the organizations featured in our b…
 
Charles is a Senior Security Consultant for Red Siege. He has over 18 years of experience in IT. In his spare time, Charles does retro gaming and works on the SECBSD open source project, a penetration testing distro. He currently works as Staff at several Security Conferences, podcasts (GrumpyHackers) (Positively Blue Team Cast), and is a part of t…
 
Embracing diversity and inclusion in governmentShirley Jones, President of Blacks in Government, describes how agencies can successfully improve diversity and how her organization and others are helpingGetting ahead of cybersecurity risks in governmentBob Bigman, Founder of 2BSecure, discusses the first national cyber director nominee and the need …
 
Artificial intelligence at the Department of DefenseRobert Work, Former Deputy Secretary of Defense, explains how mature artificial intelligence capabilities are in the United States and how that compares to China’s progressFunding Overseas Contingency OperationsTodd Harrison, Director of Defense Budget Analysis and the Aerospace Security Project a…
 
OPM launches fed employee survey on skills and abilitiesMika Cross, Federal Workplace Expert, provides details on the new Federal Workforce Competency Initiative that will aid in job design, recruitment, performance management and trainingAcquisition challenges for the next GSA administratorLarry Allen, President of Allen Federal Business Partners,…
 
In this week's episode, we spoke with Don Jones, Head of Developer Skills at Pluralsight, about how developers can improve their skills through online learning options. Pluralsight is also hosting #FreeApril and is making most of their skills platform available for free throughout the month of April. Visit pluralsight.com for more information.…
 
Are you a manager looking to build or improve your SOC? Are you trying to understand how to measure your SOCs maturity or use cases or your threat hunting efforts? If so, today’s episode with Rob van Os is for you. In this episode, we discuss the SOC CMM for SOC maturity measurement, the magma use case framework for building and tracking SOC use ca…
 
Collaboration on Office of Personnel Management reformsJanice Lachance, Executive Vice President for Strategic Leadership and Global Outreach at the American Geophysical Union, discusses partnerships necessary for the Office of Personnel Management to successfully move forwardDeveloping reform initiatives for a new administrationDan Chenok, Executi…
 
Josh and Kurt talk to Emil Wåreus from Debricked about the future of security scanners. Debricked is doing some incredibly cool things to avoid relying on humans for vulnerability identification and cataloging. Learn what the future of security scanning is going to look like. Show Notes Debricked Emil's Linkedin…
 
Talent management in the ArmyGen. James McConville, Chief of Staff of the U.S. Army, discusses the upgrade to a new, “digital age” talent management system for the ArmyLessons learned from the FirstSource II contract at DHSSoraya Correa, Chief Procurement Officer at the Department of Homeland Security, discusses what will be different about the Fir…
 
Leif Dreizler is the manager of the Product Security team at Segment. Leif got his start in the security industry at Redspin doing security consulting work and was later an early employee at Bugcrowd. He helps organize the Bay Area OWASP Chapter, the LocoMocoSec Conference, and the AppSec California conference. Leif caught our attention when he pub…
 
Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, part of the My Story in Computing series, learn how Carol Smith, who trained as a photojournalist, discusses how a love of telling people’s stories led to a career in human-computer interaction working in artificial intelligence w…
 
Updating legacy systems in governmentHorace Blackman, Senior Vice President of Consulting Services at CGI, discusses the point at which agencies decide to replace or augment legacy systemsNew threat advisory from FBI and CISABrig. Gen. Gregory Touhill, President of AppGate Federal Group, discusses threats of VPN vulnerability exploitation and the n…
 
Much attention has been given to the software supply chain over the past several months due to the SolarWinds hack. Open-source libraries are a critical part of the software supply chain, and they can pose serious risk if they are not monitored and managed appropriately. Legacy software composition analysis tools equate third-party vulnerabilities …
 
The fragility of the U.S. supply chainAdm. Jamie Foggo (USN-ret.), Distinguished Fellow at the Center for European Policy Analysis, discusses alliances and partnerships on the African continent and military implications of supply chain fragilityTracking U.S. defense spendingDov Zakheim, Senior Advisor at the Center for Strategic and International S…
 
Upgrading technology for unemployment insurance systemsJonathan Alboum, Federal Chief Technology Officer at ServiceNow, discusses steps the Labor Department should take to successfully implement modernized state unemployment insurance systemsTracking the Biden administration’s budget requestDavid Hawkings, Editor-in-Chief of The Fulcrum, discusses …
 
We’re tackling one of the most ambiguous and subjective roles in the software engineering career path, the Staff Engineer. Many companies don’t even have this role, and the ones that do have a hard time defining exactly what it means. Will Larson, the CTO of Calm, and author of the new book, Staff Engineer: Leadership Beyond the Management Track, j…
 
Doug Hazelman, Senior VP and Chief Evangelist at CoreView discusses how to keep your Microsoft 365 data secure and protected beyond what Microsoft provides out of the box, best practices on security and compliance, and tips on how to more efficiently manage your data whether on-premises or in the cloud.…
 
1995 was the year that ISPs became the dominant gateway to the information superhighway. But how’d we go from ARPANET all the way to that? It turns out, none of it would have happened without a team of intrepid engineers at the University of Michigan. Marc Weber tells us how a tension between academics and the military set the next evolution of the…
 
Information Technology trends during the pandemicRobert McMullen, Deputy Chief Information Officer of Operations and Infrastructure at USCIS, discusses how Citizenship and Immigration Services pivoted to remote interviews using new technologyAddressing diversity and inclusion issues at the State DepartmentHarry Thomas, Senior Program Coordinator at…
 
Privacy protection isn't just a compliance activity. but It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. In this webcast, we highlight best practices for privacy program planning and implementation. We present strategies for leveraging …
 
April and Emily interview Ty Cooper, a cryptocurrency expert and enthusiast. The trio discusses blockchain, what cryptocurrency is, how to invest in it, and more! Follow us on Social Media! Instagram: @tech.n.savvy Twitter: @technsavvy Website: https://technsavvy.com/ Follow Ty! Instagram: @mrcryptopriest Twitter: @tycooperaow ***Disclaimer 1*** Ne…
 
Josh and Kurt talk about the PHP backdoor and the Ubiquity whistleblower. The key takeaway is to note how an open source project cannot cover up an incident, but closed source can and will cover up damaging information. Show Notes PHP backdoor Ubiquity coverup 3D printed TSA keys LockPickingLaywer Determining Key Shape from Sound Lock camera…
 
Vandana Verma is the President of Infosec girls and Infosec Kids, a board of directors member for OWASP, and a leader for BSides Dehli. She joins us to introduce the OWASP Spotlight Series. With each video she creates, she highlights an OWASP project. We survey the projects she's covered and discuss a specific takeaway from each for the application…
 
Colin Bell, Rob Cuddy and Kris Duer from HCL Software bring you another application security interview special. In this episode the team talk to Matt Crouse who is the CISO for Taco Bell where he leads his company's efforts to design, deliver and operate an effective security program to over 7,000 restaurants worldwide.…
 
Taking an agile approach to Pentagon acquisitionsChris Dougherty, Senior Fellow at the Center for a New American Security, discusses the need for more agile acquisition processes in order to keep pace with competitorsCreating new GPS technology that can’t be jammed or spoofedMakena Young, Research Associate for the Aerospace Security Project at the…
 
Change is difficult. And it’s even more difficult, if you’re the one trying to make change happen. That’s where Dominica DeGrandis comes in. As the author of Making Work Visible, Dominica has been helping teams make big changes for decades. And now she is joining us to explain the steps we can take to start making a change inside of our organizatio…
 
Challenges facing Asian-Americans in the national security communityEvanna Hu, Partner and Chief Executive Officer at Omelas, discusses the policy issues she and her colleagues are trying to tackle in the next few years to address AAPI discriminationFunding technology modernization at agenciesDave Wennergren, CEO of the American Council for Technol…
 
Driving consistency and maintaining a high standard for alert response is a problem all SOCs must face, but how? In this episode, Josh Brower describes his efforts to combine automated detection signature deployment and use case database management into a single, easy to use app for Security Onion. Whether you use Security Onion or not, this episod…
 
Even if you're not a malware analyst, any blue teamer should be able to do some initial basic malware sample triage. The good news is that this is quite easy to do using freely available tools once you know what is available. Join John in this conversation with Ryan Chapman as they discuss how to reverse engineer malware and why you might want to d…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login