View More ESW Episodes

Eliminating the Variants – ESW #240

This week, first up, we welcome Kelly Shortridge, Senior Principal Product Technologist at Fastly, to talk about “Deciduous”, Decision Trees, and Security Chaos Engineering! Then, Deb Radcliff, Strategic Analyst and Author from CyberRisk Alliance Joins to discuss “Penning a Cyber Thriller”! Finally, In the Enterprise News Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber start...

Full Show Notes
Segment One

Deciduous / Decision trees + Security Chaos Engineering – Kelly Shortridge – ESW #240

Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory.

Segment Resources:
- https://www.deciduous.app/ - https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/ - https://swagitda.com/blog/posts/deciduous-attack-tree-app/ - https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/

Guest

Kelly Shortridge is a Senior Principal in the Office of the CTO at Fastly. Shortridge is lead author of Security Chaos Engineering: Sustaining Resilience in Software and Systems (O’Reilly Media) and is best known as an expert on resilience in complex software systems, the application of behavioral economics to cybersecurity, and bringing security out of the dark ages. Shortridge has been a successful enterprise product leader as well as a startup founder (with an exit to CrowdStrike) and investment banker. Shortridge frequently advises Fortune 500s, investors, startups, and federal agencies and has spoken at major technology conferences internationally, including Black Hat USA, O’Reilly Velocity Conference, and SREcon. Shortridge’s research has been featured in ACM, IEEE, and USENIX, spanning behavioral science in cybersecurity, deception strategies, and the ROI of software resilience. Shortridge also serves on the editorial board of ACM Queue.

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Segment Two

Penning a Cyber Thriller – ESW #240

Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child.

Segment Resources:
The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com.

Guest
derad

Deb Radcliff was the first investigative reporter to make cyber crime a beat starting in 1996 after researching a best-selling book about Kevin Mitnick called the Fugitive Game. Since then, she has written hundreds of articles for business and trade magazines, won two Neal awards for investigative reporting, and was runner up for a third. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. And she wrote her first book in a cyber thriller series, “Breaking Backbones: Information is Power,” which is selling well on Amazon and other outlets.

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Segment Three

Cloudflare Saves the Day, Sumo Logic SOAR, Tenable Risk Management, & Drones – ESW #240

This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

List of Articles

Adrian Sanabria

  1. TinyCheck
  2. Cloud Katana
  3. Google Cloud launches Unattended Project Recommender
  4. Minimalist Phones Try to Give Users What They Need—Not Always What They Want
  5. Paladin publicly launches Knighthawk, a first response drone for cities – TechCrunch
  6. Hunters brings in $30M Series B to grow XDR security tech – TechCrunch
  7. Automotive startup Upstream raises $62M Series C to scale cloud-based security – TechCrunch
  8. Apple’s Tim Cook, Microsoft’s Satya Nadella Plan to Visit White House
  9. Blumira raises $10.3M Series A to bring cloud-based SIEM to mid-market companies – TechCrunch
  10. build.security is now a part of Elastic – build.security

Paul Asadoorian

  1. Guardicore Centra enables security teams to stop ransomware and lateral movement – Help Net Security
  2. SCRA Announces Investment in Cybersecurity Startup, Hook Security – SCRA: South Carolina Research Authority
  3. Hunters raises $30M in Series B funding round led by Bessemer Venture Partners
  4. Netskope Streamlines Data Processes With Improved Attribution Models, Internal Collaboration
  5. ThycoticCentrify Enhances DevOps Security with Certificate-Based Authentication and Configurable Time-to-Live for All Cloud Platforms
  6. Cloudflare Claims To Have Blocked The ‘greatest DDoS attack in history’ – Somag News
  7. SecurityScorecard teams up with Tenable to improve risk management
  8. Cloudera Introduces Cloudera DataFlow
  9. Intezer – Intezer Analyze Transforms for Maltego
  10. Sumo Logic delivers on SOAR promise it made by acquiring DFLabs
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

Related Episodes

Related Content

You can skip this ad in 5 seconds