Security Conversations - A Securityweek Podcast

In this exclusive fireside chat, SecurityWeek editor-at-large Ryan Naraine interviews Abhishek Arya, Director of Engineering on Google’s open source and supply chain security teams.  We cover the evolving landscape of Software Supply Chain security, highlighting key advancements, challenges, research priorities, and much more. Session recoredef for SecurityWeek's 2024 Supply Chain Security Summit.Follow SecurityWeek on LinkedIn

In this episode, SecurityWeek editor-at-large Ryan Naraine interviews Del Rodillas, Senior Director of Product Management at Palo Alto Networks, about the integration of IT and OT in the ICS threat landscape. We discuss the evolution of cyber resilience, the challenges of merging IT and OT governance structures, process integrations for IT/OT security strategy, consolidated tech stacks for IT and OT, and the role of next-generation firewalls in an integrated IT/OT world.Learn more about OT Security from Palo Alto Networks. (Sponsored)

Enjoy this fireside chat with Jason Chan, former head of information security at Netflix and operating advisor, Bessemer Venture Partners. Jason joins SecurityWeek editor-at-large Ryan Naraine for a frank discussion on the state of vulnerability management and software development, multi-cloud deployments and expanding attack surfaces, the cyber startup vendor ecosystem, Microsoft's booming cybersecurity business, and some areas still ripe for innovation. (Recorded at SecurityWeek's 2023 Attack Surface Management Summit)

In this interview from SecurityWeek's 2022 Threat Hunting Summit, Steve Mancini, head of Information Security at Guardant Health, discusses his personal mission to help secure healthcare data in the cancer research space and how threat hunting and threat intelligence fits into a modern cybersecurity program.Mancini  discusses a career in the cybersecurity trenches -- managing threat intel at Intel Corp. before pivoting into the CISO chair to building and and security programs.  Attendees can expect an engaging conversation on the CISO's decision-making process, best practices for securing corporate assets and data, the EDR and anti-malware landscape, and frameworks for measuring program success.

In this fireside chat from SecurityWeek's CISO Forum, Luta Security chief executive Katie Moussouris  shares lessons from her work creating bug bounty and vulnerability disclosure programs for some of the biggest organizations in the world. Join this session to learn about the value -- and pitfalls -- of bug bounty programs, best practices around managing the flow of vulnerability data, and security response priorities.

Enjoy this engaging fireside chat on security leadership with Adam Ely, Chief Information Security Officer at Fidelity Investments.At SecurityWeek's 2022 CISO Forum, SecurityWeek's editor-at-large Ryan Naraine hosted a discussion with Adam on the role of the modern CISO, the challenges of building a mature risk management program, communications challenges in large organizations, mentorship and staff retention, and much more.  

For the modern CISO, it's impossible to avoid news headlines and warnings about 'cyberwar' and nation-state APT attacks that require urgent attention. From the latest zero day exploit discovery to advisories from intelligence agencies, security leaders are often overwhelmed and unable to filter through the noise to make informed decisions.In this discussion from SecurityWeek's Threat Intelligence Summit, threat intel and detection and response practitioners will help explain the current threat landscape, the surge in zero-day exploit discoveries, the blurring of lines between APTs and ransomware attacks, and much more.Guests: Allison Wikoff, Global Threat Intelligence Lead at PwCSilas Cutler, Senior Director for Cyber Threat Research and Analysis at the Institute for Security and Technology.

Enjoy this exclusive fireside chat with Shane Huntley, head of Google's TAG (Threat Analysis Group). In this session from SecurityWeek's Threat Intelligence Summit, we have a frank discussion on the science of threat intelligence, the cloudy nature of the APT landscape, the surge in big-game ransomware and nation-state malware activity worth tracking.

[Breaking News Podcast] Sergio Caltagirone, VP of Threat Intelligence at industrial cybersecurity firm Dragos, discusses the U.S. government's joint advisory on the discovery of rare custom malware known as Pipedream/Incontroller, which is capable of doing damage to ICS/SCADA installations.

In this security leadership fireside chat, McDonald’s CISO Shaun Marion joins SecurityWeek’s Ryan Naraine to discuss the role of the modern CISO, the challenges of building a mature risk management program, securing multi-cloud deployments, supply chain anxieties, and much more. (Source: SecurityWeek’s 2022 Attack Surface Management Summit)

On this special edition of SecurityWeek's spotlight podcast, Corey Marshall, Director of Security Architecture at F5, discusses how Zero Trust can be used as a powerful strategy to help businesses stay secure amidst rapid digital transformation and expanding network attack surface.

Thomas Rid, Professor in the Department of War Studies at King’s College London, joins Ryan Naraine on the podcast to discuss his new book, the lack of nuance in the crypto debate and the future of global cyber conflict.

Infosec veteran and former CEO of WhiteHat Security Jeremiah Grossman joins Ryan Naraine on the podcast to talk about the parallels between jiu-jitsu and computer security and the ongoing cat-and-mouse game between attackers and defenders.

Mike Hanley, Director of Duo Labs at Duo Security, joins Ryan Naraine on the podcast to talk about the state of security in the healthcare sector and why hospitals are such a prime target for ransomware attacks.

Director of Kaspersky Lab Global Research & Analysis Team Costin Raiu joins the podcast to discuss the latests discoveries surrounding the Epic Turla cyber-espionage campaign. Raiu talks about the infection mechanisms used by the malware and provides a global look at victim data. Disclosure: Ryan Naraine is also a Kaspersky Lab employee.

Chief Technology Officer at Bluebox Security Jeff Forristal joins the podcast to discuss a significant Android vulnerability that lets hackers create a malicious application by copying the ID of a legitimate application to gain the same special privileges of the legitimate app.

Jeffrey Carr, founder of Taia Global Inc. and creator of the Suits and Spooks conference series, joins the podcast to talk about the evolution of the event and the marriage of business intelligence and cyber-security issues.