Eliminating the Variants – ESW #240
Full Audio
View Show IndexSegments
1. Deciduous / Decision trees + Security Chaos Engineering – Kelly Shortridge – ESW #240
Deciduous is an app Kelly built with Ryan Petrich that simplifies the process of creating security decision trees. Security decision trees are valuable aids in threat modeling and prioritizing mitigations, harnessing the power of belief prompting from the realm of behavioral game theory.
Segment Resources:
- https://www.deciduous.app/
- https://swagitda.com/blog/posts/rick-morty-thanksploitation-decision-tree/
- https://swagitda.com/blog/posts/deciduous-attack-tree-app/
- https://learning.oreilly.com/library/view/security-chaos-engineering/9781492080350/
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guest
Kelly Shortridge is a Senior Principal in the Office of the CTO at Fastly. Shortridge is lead author of Security Chaos Engineering: Sustaining Resilience in Software and Systems (O’Reilly Media) and is best known as an expert on resilience in complex software systems, the application of behavioral economics to cybersecurity, and bringing security out of the dark ages. Shortridge has been a successful enterprise product leader as well as a startup founder (with an exit to CrowdStrike) and investment banker. Shortridge frequently advises Fortune 500s, investors, startups, and federal agencies and has spoken at major technology conferences internationally, including Black Hat USA, O’Reilly Velocity Conference, and SREcon. Shortridge’s research has been featured in ACM, IEEE, and USENIX, spanning behavioral science in cybersecurity, deception strategies, and the ROI of software resilience. Shortridge also serves on the editorial board of ACM Queue.
Hosts
2. Penning a Cyber Thriller – ESW #240
Deb has written a thriller series about an evil corporation called GlobeCom that takes over the world through human chip implants and the hackers who rise up against it to break its backbones and its grip on humanity. In it, she sticks very close to technology and hacks in use today to show the ramifications of tech over reach and couch the hackers as heroes. Her characters are drawn from hackers and agents she's met throughout her career and they have reviewed and approved the story. She is currently wrapping up her second book in the series, which delves more into AI and machine learning. She has written for a general audience, and the story is fast-paced and entertaining with reviewers saying her style is akin to Lee Child.
Segment Resources:
The book is available at https://www.amazon.com/Breaking-Backbones-Information-Hacker-Trilogy/dp/1665701080/; and her articles, speaking engagements and more information is available at www.debradcliff.com.
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Guest
Deb Radcliff was the first investigative reporter to make cyber crime a beat starting in 1996 after researching a best-selling book about Kevin Mitnick called the Fugitive Game. Since then, she has written hundreds of articles for business and trade magazines, won two Neal awards for investigative reporting, and was runner up for a third. She stood up an analyst program for SANS Institute and ran it for 15 years before joining the Cyber Risk Alliance as strategic analyst on the business intelligence unit. And she wrote her first book in a cyber thriller series, “Breaking Backbones: Information is Power,” which is selling well on Amazon and other outlets.
Hosts
3. Cloudflare Saves the Day, Sumo Logic SOAR, Tenable Risk Management, & Drones – ESW #240
This week, In the Enterprise News, Guardicore Centra lets teams stop ransomware and lateral movement, Netskope streamlines procedures with improved attribution models and collaboration, Cloudflare claims they blocked the ‘greatest DDoS attack in history’, SecurityScorecard partners up with Tenable to improve Risk Management, Sumo Logic delivers on SOAR promise by acquiring DFLabs, SCAR invests in cyber startup Hook Security, Hunters raises $30 Million in Series B, and more!
Announcements
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Hosts
- 1. TinyCheck
- 2. Cloud Katana
- 3. Google Cloud launches Unattended Project Recommender
- 4. Minimalist Phones Try to Give Users What They Need—Not Always What They Want
- 5. Paladin publicly launches Knighthawk, a first response drone for cities – TechCrunch
- 6. Hunters brings in $30M Series B to grow XDR security tech – TechCrunch
- 7. Automotive startup Upstream raises $62M Series C to scale cloud-based security – TechCrunch
- 8. Apple’s Tim Cook, Microsoft’s Satya Nadella Plan to Visit White House
- 9. Blumira raises $10.3M Series A to bring cloud-based SIEM to mid-market companies – TechCrunch
- 10. build.security is now a part of Elastic – build.security
- 1. Guardicore Centra enables security teams to stop ransomware and lateral movement – Help Net Security
- 2. SCRA Announces Investment in Cybersecurity Startup, Hook Security – SCRA: South Carolina Research Authority
- 3. Hunters raises $30M in Series B funding round led by Bessemer Venture Partners
- 4. Netskope Streamlines Data Processes With Improved Attribution Models, Internal Collaboration
- 5. ThycoticCentrify Enhances DevOps Security with Certificate-Based Authentication and Configurable Time-to-Live for All Cloud Platforms
- 6. Cloudflare Claims To Have Blocked The ‘greatest DDoS attack in history’ – Somag News
- 7. SecurityScorecard teams up with Tenable to improve risk management
- 8. Cloudera Introduces Cloudera DataFlow
- 9. Intezer – Intezer Analyze Transforms for Maltego
- 10. Sumo Logic delivers on SOAR promise it made by acquiring DFLabs