Quantitative Security Planning from the Front-Line – Ryan Fried – ESW #291
Every year, management needs to figure out what initiatives will be prioritized for the upcoming year. This simple, free method uses a quantitative approach based on CIS controls with input from the front-line analysts and engineers. The outcome is an engaging team discussion and clear plan for what the team should prioritize.
Segment Resources: https://www.cisecurity.org/controls
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Blurred Lines Between Consumer & Enterprise; Shades of Gray with MFA – Tim Morris – ESW #291
It’s CyberSecurity Awareness Month and this year’s theme, set by CISA, is See Yourself in Cyber. We’re going to take some liberties in the interpretation of this to talk about the lines blurring between personal and work accounts and devices. We’ll also discuss MFA risks - what types of MFA are safe to use, and which aren’t in 2022? This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Tim is a visionary leader and an IT and cyber security expert, with decades of experience across industries. He joined Tanium after retiring from Wells Fargo, where he was an SVP and led several teams in cyber operations, engineering, and research. He holds 25 US patents and has written many articles on cyber security topics. He is also a trusted source of insights and opinions for major publications and web shows, where he shares his knowledge and passion for the field.
Tim started his IT career as a developer and sysadmin in manufacturing, then moved to banking, where was a software packaging, scripting, active directory administration, and M&A projects. He has been dedicated to cybersecurity since 2009, specializing in areas such as detection and response, systems and patch management, vulnerability assessment, web-content filtering, malware analysis, red-teaming, and digital forensics.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Cloudflare Incentives, Web3 Funding, Emulating Adversaries, & State of the Sec Market – ESW #291
Finally, in the enterprise security news, Cloudflare has 1.25 billion incentives to draw customers away from AWS, NetSPI raises $410M for pen testing? Tines extends their Series B an extra $55M, Detectify and Eclypsium also raise funding, Some big funding for Web3 security startups, Adversary emulation tools for blue teamers, Breaking news: the security market isn’t out of money, it’s just fine, The art of selling to cybersecurity people, and more!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Tyler Robinson
- NEW FUND (sorta): Cloudflare takes aim at AWS with promise of $1.25 billion to startups that use its own platform
- FUNDING: NetSPI Raises $410 Million in Growth Funding from KKR(note from Adrian in Brazil: someone please explain this madness to me - I'll be listening in as I travel!)
- FUNDING: Tines raises $55M more to automate security workflows$55M extended Series B led by Felicis. 2nd Gen SOAR.
- FUNDING: MPCH Labs Closes $40M Series A Funding$50M Series A, led by Liberty City Ventures.
- FUNDING: IriusRisk raises $29M Series B as threat modeling becomes essential for secure product design$29M Series B led by Paladin Capital Group. SDLC/AppSec.
- FUNDING: Eclypsium lands $25M to secure the device supply chain
- FUNDING: Introducing Blowfish, the Security Service Your Web3 Wallet Needs$11.8M Series A, led by Paradigm.
- FUNDING: 6clicks raises $10m for its AI-powered GRC platform$10M Series A led by Centerstone Capital
- FUNDING: Detectify Raises $10M in Follow-On Funding to Accelerate External Attack Surface Management Powered by Elite Ethical Hackers
- FUNDING: How Onyxia uses security AI to help CISOs improve their security posture$5M Seed round, led by World Trade Ventures. "We are modeling an entirely new approach to cybersecurity."
- FUNDING: Sensepass raises $3M Seed
- ACQUISITION (assets only): Qualys Acquires Blue Hexagon’s AI/Machine Learning Platform
- NEW PRODUCT: HeyLogin – A “Password Manager without a Master Password”
- NEW TOOLS: ezEmu – adversary simulation for blue teamersFrom the README.md: ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry.
- NEW TOOLS: Ahhh, This Emulation is Just Right: Introducing Micro Emulation PlansMore adversary emulation for blue teams!
- MARKET ANALYSIS: Despite Recession Jitters, M&A Dominates a Robust Cybersecurity Market
- MARKET ANALYSIS: What’s Going on With Cybersecurity VC Investments?
- GOOD READS: What Lurks in the Shadows of Cloud Security?
- GOOD READS: On the Art of Selling to Cybersecurity People
