show episodes
 
Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert ...
 
Each webinar features an SEI researcher discussing their research on software and cybersecurity problems of considerable complexity. The webinar series is a way for the SEI to accomplish its core purpose of improving the state-of-the-art in software engineering and cybersecurity and transitioning this work to the community. The SEI is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI Webinar Seri ...
 
Welcome to the Cybrary Studios, home to Cybrarys three podcast series, including the award-winning 401 Access Denied voted Best Cybersecurity Podcast for NORTH AMERICA by the 2021 Cybersecurity Excellence Awards. The Cybrary Podcast - In this show, we will be speaking with current leaders and experts in the IT and Cybersecurity fields. Discussing topics ranging from DevSecOps and Ransomware attacks to diversity and the retention of talent the Cybrary Podcast covers it all. Stay up to date wi ...
 
Loading …
show series
 
Digital engineering is an integrated digital approach that uses authoritative sources of systems data and models as a continuum across disciplines to support lifecycle activities from concept through disposal. With digital engineering, models are developed for everything, not just for software, but for all components of a system of systems, hardwar…
 
Leif Dreizler is the manager of the Product Security team at Segment. Leif got his start in the security industry at Redspin doing security consulting work and was later an early employee at Bugcrowd. He helps organize the Bay Area OWASP Chapter, the LocoMocoSec Conference, and the AppSec California conference. Leif caught our attention when he pub…
 
Those who work in computing today bring a wide array of backgrounds and experiences to the profession. In this podcast, part of the My Story in Computing series, learn how Carol Smith, who trained as a photojournalist, discusses how a love of telling people’s stories led to a career in human-computer interaction working in artificial intelligence w…
 
Special guest Ted Harrington joins Joe and Mike today to discuss application security – how to be more secure, what AppSec myths to reconsider, and how to change mentalities at your organization. Ted is Executive Partner at Independent Security Evaluators and author of Hackable: How To Do Application Security Right.…
 
Privacy protection isn't just a compliance activity. but It’s also a key area of organizational risk that requires enterprise-wide support and participation; careful planning; and forward-leaning, data-driven controls. In this webcast, we highlight best practices for privacy program planning and implementation. We present strategies for leveraging …
 
Do you ever wonder how some people get ahead so fast? Well, you can’t reach the next level with the same level of thinking as now. When you’re surrounded by sameness, how do you grow? In this episode of Go For It, Sarah dives into being intentional and thoughtful, and ways to create an environment optimized for the growth of you and those around yo…
 
Vandana Verma is the President of Infosec girls and Infosec Kids, a board of directors member for OWASP, and a leader for BSides Dehli. She joins us to introduce the OWASP Spotlight Series. With each video she creates, she highlights an OWASP project. We survey the projects she's covered and discuss a specific takeaway from each for the application…
 
It’s Episode 57 of the Cybrary Podcast and we welcome Tina Kuhn, President of Cybercore Technologies, to talk about supply chains. With attacks as recent as SolarWinds and future attacks that will inevitably occur, Mike and Tina discuss everything from counterfeit equipment and hardware tampering, to the state of critical infrastructure and how to …
 
The Top 10 is considered one of the most important community contributions to come out OWASP. In 2003, just two years after organization was started, the OWASP Top 10 was created. The purpose of the project was to create an awareness document, highlighting the top ten exploits security professionals should be aware of. Since that time, innumerable …
 
Dr. Anita D’Amico is the CEO of Code Dx, which provides Application Security Orchestration and Correlation solutions to industry and government. Her roots are in experimental psychology and human factors. Her attention is now focused on enhancing the decisions and work processes of software developers and AppSec analysts to make code more secure. A…
 
In your cyber security journey, you’ve probably heard of a massive number of cyber security tools, many of them free. It can be tricky to figure out where to start and which tool is worth your time. In this podcast, Joe and Mike discuss the free cyber security tools in their arsenal and the significant value they’ve provided over the years. Did we …
 
Welcome back to Go For It with Sarah Moffat. Joining us for episode 2, is Charity Carney, VP of Security and Compliance at InVita Healthcare Technologies. Throughout her career, Charity had many less than positive experiences, but she shares her journey of finding what motivated her to go for it and leave a toxic work environment for her dream job.…
 
There is some confusion about how the paradigms of DevOps and Digital Engineering fit together. In the case of software-intensive systems, we believe DevOps practices are an enabler for Digital Engineering, in many forms. During this webcast, we introduced the relatively new concept of Digital Engineering and how we believe DevOps actually compleme…
 
Alyssa Miller is a life-long hacker, security advocate, and cybersecurity leader. She is the BISO for S&P Global ratings and has over 15 years of experience in security roles. She is heavily involved in the cybersecurity community as an international speaker, author, and advocate. Alyssa joins us to talk about bringing security to DevOps and the CI…
 
On this episode of the Cybrary Podcast, we welcome back Base Operations, introducing Scott Money, the VP of Engineering. Everyone knows Google, but Mike, Jonathan, and Scott throwback to the days of Lycos, before PHP, server side scripting, cookies, and SSL. What launched Google into becoming the leading name in search engines around the world, and…
 
Many organizations struggle in applying DevSecOps practices and principles in a cybersecurity-constrained environment because programs lack a consistent basis for managing software intensive development, cybersecurity, and operations in a high-speed lifecycle. We will discuss how an authoritative reference, or Platform Independent Model (PIM), is n…
 
Ransomware attacks have exploded in frequency and severity in recent months. Joe and Mike are joined by guest Dan Lohrmann, currently Chief Strategist & CSO at Security Mentor, and formerly of the NSA, Lockheed Martin, and CISO for State of Michigan. Discussion revolves around concrete steps we can all take today to reduce attacks, minimize damage,…
 
Liran Tal is an application security activist and long-time proponent of open-source software. He is a member of the Node.js security working group, an OWASP project lead, author of Essential Node.js Security, and O’Reilly’s Serverless Security. He is leading the developer advocacy team at Snyk in a mission to empower developers with better dev-fir…
 
Brett Tucker, a technical manager for cyber risk in the SEI CERT Division, discusses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for the Enterprise (OCTAVE FORTE) Model, which helps organizations evaluate security risks and use principles of enterprise risk management to bridge the gap between executives and practitioners…
 
Dr. Vlad Kindratenko and Eliu Huerta explain how the Center for Artificial Intelligence Innovation (CAII) at the University of Illinois Urbana-Champaign are using an IBM Power 9 cluster to research and deliver astounding deep learning solutions for their community campus and industry partners. From astro-physics to gravitational waves and neural ne…
 
Welcome to the first episode of Go For It with Sarah Moffat, and happy International Women’s Day! We’re exited to introduce Sarah, the President and Founder of LeadingLadies.co, as she shares her story and inspiration to go for it, every day. From her part-time work through high school and college, to the experiences that taught her how to run oper…
 
Calling all engineers! This week on the Cybrary Podcast, we welcome Zachary Ozer from ClubHouse. From one VP of Engineering to another, Mike and Zach talk all things development, product planning, and how to help junior and senior engineers be more effective and enjoy their jobs. Zach also offers key insights into how people at ClubHouse further th…
 
Casey Ellis, Founder & CTO of Bugcrowd and Katie Moussouris, Founder & CEO of Luta Security discuss vulnerability disclosure programs with Mike and Joe today. Developing a disclosure program can be so complex that many organizations don’t create one at all. So we asked - what processes should companies put in place to be sure they provide vulnerabi…
 
Konveyor is a community of people passionate about helping others modernize and migrate their applications to the hybrid cloud by building tools, identifying patterns, and providing advice on how to break down monoliths, adopt containers, and embrace Kubernetes. Join us for a conversation with James Labocki organizer of the Konveyor Community.…
 
If organizations take more steps to address security-related activities now, they will be less likely to encounter security incidents in the future. When it comes to application containers, security is achieved through adopting a series of best practices and guidelines. In this SEI Podcast, Tom Scanlon and Richard Laughlin, researchers with the SEI…
 
“Protecting data wherever it lives” is at the forefront of the long debated question: Is your data secure? The apps you use, the websites you visit, the Zoom calls you're on - there is so much personal and business information availble, but who makes the decisions about data handling and security? Jonathan and Mike welcome Patrick Walsh, CEO of Iro…
 
In this SEI Podcast, Marisa Midler and Tim Shimeall, network defense analysts within the SEI's CERT Division, discuss the growing problem of ransomware including the rise of ransomware as a service threats. Ransom payments from Quarter 3 of 2019 were on average $42,000, and in Quarter 1 of 2020, that average increased $70,000 to $112,000. The volum…
 
The recent SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains. Responding effectively to breaches and hacks requires a cross-section of technical skills and process insights. In this webcast, we explored the lifecycle of the SolarWinds activity and discussed both technical and risk…
 
Jim Routh has built software security programs at some of the biggest brands in the world. He has served as CISO or CSO six different times in his career, always staying close to his cyber and software security roots. Jim has hung up his CISO badge and now focuses on serving on boards and advising security-focused startups. Jim’s original AppSec po…
 
Have you wondered what’s involved in venture capital fund raising? In this episode of the Cybrary Podcast, we welcome Les Craig, Co-founder of RedOwl Analytics and current Partner at Next Frontier Capital. From their years of experience in Cybersecurity, Les, Mike, and Jonathan talk about the successes and pitfalls of starting businesses, what foun…
 
Joe and Mike talk to Jessica Barker, Co-CEO of Cygenta and author of Confident Cyber Security and the recently released Cybersecurity ABC’s. Jessica breaks down the psychology behind cyber criminals and why we frequently blame the employees on the front lines of attacks. Plus, why companies need to stop telling employees to be constantly alert. Get…
 
This week on the Cybrary Podcast, we welcome Caleb Woods. Caleb is the CEO of Rolemodel Software, a company specializing in building internal tools for their customers. Speaking with Mike Gruen and Thomas Horlacher from Cybrary, Caleb discusses the work his company is doing as well as their Craftsmanship Academy, a way for those new to the engineer…
 
When Shannon Lietz and the team at DevSecOps.org published the DevSecOps Manifesto six years ago, security was uppermost in their minds. The manifesto starts with a call to arms…“Through Security as Code, we have and will learn that there is simply a better way for security practitioners, like us, to operate and contribute value with less friction.…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login