Simplify Your Audit Process without Compromising Identity Data Security – Erik Huckle – ESW #330
- Simplifying audit preparation and
- Managing progress of your identity program to ensure peak performance.
Erik Huckle is a Group Product Manager at SailPoint. He graduated the US Naval Academy with a degree in Mechanical Engineering, spent over six years in the US Marine Corps, and than transitioned out of the military into an MBA at the University of Texas-Austin. After cofounding a successful startup in robotic automation, he transitioned to product management at Amazon, leading the internal launch of a startup called Amazon One. Later, he ventured into the Oil and Gas space, launching a distributed ledger company focused on credentials for oilfield workers. Currently, he leads the Data Platform for SailPoint, which makes data both useful and accessible. He is passionate about technology and community involvement, he contributes to local startups as a mentor and serves as the tech committee lead for a non-profit organization.
- Security Weekly listeners: SC Media’s Endpoint Security eSummit is just weeks away. Register now for this free two-day virtual event, September 12th through 13th at 10:45 AM. Gain cybersecurity knowledge and professional development all in one place. Join keynotes and sessions led by industry’s top leaders plus receive 6.5 CPE credits just for attending! Register today: securityweekly.com/endpointsecurity
Funding, SentinelOne/Wiz rumors, Layoffs, NordVPN’s skunkworks, ChatGPT Enterprise – ESW #330
- Security Weekly listeners: InfoSec World 2023 is just weeks away! Have you registered to join over 2,500 cybersecurity experts on September 25-27 in Lake Buena Vista, FL? InfoSec World is your gateway to a world of knowledge and growth. Don't miss the chance to enhance your career, connect with industry leaders, and make an impact on the rapidly evolving landscape.Secure your seat using code ISW23-SECWEEK20 to save 20% off your registration. Register today: securityweekly.com/infosecworld2023
Adrian Sanabria
- FUNDING: SpyCloud Raises $110 Million Growth Round Led by Riverwood Capital
- FUNDING: Announcing our Series A funding round (Cerby)
- FUNDING: Cypago, which aims to automate compliance and governance for companies, raises $13M
- ACQUISITIONS: Malwarebytes acquires Cyrus Security
- ACQUISITION RUMORS: Cybersecurity startup Wiz considers potential bid for SentinelOne
- DUMPSTER FIRE: After merger reports, SentinelOne ends Wiz collaboration
SentinelOne is reportedly angry about leaks regarding the merger talks between the two Israeli cybersecurity companies.
- DIVESTITURE: iVerify is now an independent company!
iVerify is a unique case. First, it has been spun out of Trail of Bits, which is already a quite unique consulting/product company. Second, it's focused on mobile device security - a category that fizzled out years ago, with not much to show for the billions investors poured into it.
However, like most divestitures from small, savvy consulting shops, iVerify nailed market fit and gained customers before even thinking about doing a spinout.
- LAYOFFS: Sevco issues a RIF
Other layoffs in the security space we haven't mentioned from August: Fortinet (?), SecureWorks (300), NCC Group (?), Rapid7 (470), Aware (?), and HackerOne (12%).
- DEAD COMPANIES: BlueLava Ceases Operations
While asking around about this one, I learned that a few other security startups have quietly shuttered this year: ByteChek, possibly Araali and Fidelis got parted out last week. Armorblox was said to be a fire sale, though Cisco hasn't shared the deal amount.
- NEW PRODUCTS: NordLabs — join us in creating cutting-edge technology
- NEW PRODUCTS: Introducing ChatGPT Enterprise
- TOOLS: GitHub – utkusen/promptmap: automatically tests prompt injection attacks on ChatGPT instances
- TOOLS: PIPE – Prompt Injection Primer for Engineers
- ESSAYS: 5 Tips for Creating a Memorable Cybersecurity Brand (And 5 That Will Crush You)
- ESSAYS: Notes on Roadtrips by The Browser Company
One of the most interesting and useful write-ups I've seen on company values. Most organizations' values feel like someone scheduled a 60 minute meeting titled "Decide On Company Values", picked 5 or 10 from a list, and published it. This is not that.
- ESSAYS: AI & Cybersecurity: Learnings from three months of Semgrep Assistant
- ESSAYS: Security Budgets – Supply and Demand
- ESSAYS: Is it Time to Accept that the Current Role of the CISO Has Failed?
- BREACHES: HTML Smuggling Leads to Domain Wide Ransomware – The DFIR Report
- BREACHES: A Brazilian phone spyware was hacked and victims’ devices ‘deleted’ from server
It's rare we talk about a breach that's a win, but that's what this is.
- BREACHES: Rackspace’s costs to deal with ransomware attack top $10 million
Following up on Rackspace's incredible ransomware experience that resulted in them shutting down a legacy business line.
- BREACHES: Hosting firm says it lost all customer data after ransomware attack
- BREACHES: When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability
- TAKEDOWNS: U.S. Hacks QakBot, Quietly Removes Botnet Infections – Krebs on Security
- VULNERABILITIES: CISA Releases IOCs Associated with Malicious Barracuda Activity
- GUIDES: How to Prevent ChatGPT From Stealing Your Content & Traffic
- GUIDES: Updated whitepaper available: AWS Security Incident Response Guide
- REPORTS: The state of AI in 2023: Generative AI’s breakout year
Some very interesting stats compiled in this lovely report from McKinsey.
- SQUIRREL: Yes, a Pigeon is Faster for Data Transfer than Gigabit Fiber Internet
Secure the Cloud and See ROI, Attack Your Way to Accurate Answers – ESW #330
Tomer Bar is a hands-on security researcher with 20 years of unique experience in cyber security. He leads the SafeBreach Labs as the VP of Security Research. In the past, he ran research groups for the Israeli government and then led the endpoint malware research for Palo Alto Networks. His main interests are Windows vulnerability research, reverse engineering, and APT research. His recent discoveries are the PrintDemon vulnerabilities in the Windows Spooler mechanism which were a candidate in the best privilege escalation Pwnie awards. He presented his research at Black Hat 2020, Defcon 2020, 2021, 2022, SecTor, Recon, HackCon, Security Fest and Confidence conferences.
Raghu Nandakumara is Head of Industry Solutions at Illumio, the Zero Trust Segmentation company. Based in London, UK, Raghu is responsible for helping customers and prospects across a variety of industries build resilience and accelerate Zero Trust outcomes with Zero Trust Segmentation.
Previously, Raghu spent 15 years at Citibank, where he held a number of network security operations and engineering roles. Most recently, he served as a Senior Vice President, where he was responsible for defining strategy, engineering, and delivery of solutions to secure Citi’s private, public, and hybrid cloud environments. Raghu holds an undergraduate degree in mathematics and computer science from the University of Cambridge, and a master’s degree in advanced computing from Imperial College London.















