A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
http://www.brakeingsecurity.com
Gesamtlänge aller Episoden: 16 days 13 hours 58 minutes
recommended podcasts
2015-039: Hazards of HTML5
Shreeraj Shah (@shreeraj on Twitter) came on this week to give us a run-down of some of the issues with HTML5? How can a new standard actually be worse than something like Flash? And why would a standard not address existing OWASP issues, and even...
2015-038-Influence Vs. Mandate and Guardrails vs. Speedbumps
When we wanted to have Martin Fisher on, it was to discuss 'Security Mandate vs. Security Influence'. We wanted to discuss why companies treat compliance as more important, and if it's only because business requires it to be done. And if infosec is a...
2015-037-making patch management work
Once you find a vulnerability, how do you handle patching it? Especially when devs have their own work to do, there are only so many man hours in a sprint or development cycle, and the patching process could take up a good majority of that if the vuln...
2015-036: Checkbox security, or how to make companies go beyond compliance
Checkbox Security... checklists required to follow by compliance people and many security people have to fall in line, because they often have no choice. But what if there was a way to use compliance requirements to get beyond the baseline of...
2015-035: Cybrary.it training discussion and Bsides Austin Panel
After last week's discussion of end-user training in the SANS top 20 security controls, we realized that it would be great to discuss how a company involved in training does proper training. So we hit up our sponsor at Cybrary.it to discuss...
Flashback: 2014-001_Kicking some Hash
For long time listeners of the podcast, back when Brian and I wanted to do the podcast, we were working at the same company, and the first podcast we did was on hashes. Bob story: Bob was getting tired of explaining what MD5, SHA1, SHA2...
2015-034: SANS Top20 Security Controls #9 - CTFs - Derbycon dicsussion
End User training. Lots of companies have need of regular security training. Many treat it as a checkbox for compliance requirements, once a year. With the way training is carried out in many organizations, is it any wonder why phishing...
2015-033: Data anonymization and Valuation, Privacy, and Ethical medical research
Katherine Carpenter is a privacy consultant who has worked all over the world helping to develop guidelines for ethical medical research, sharing of anonymized data, and helping companies understand privacy issues association with storing and sharing...
2015-032: Incident response, effective communication, and DerbyCon Contest
In an incident response, the need for clear communication is key to effective management of an incident. This week, we had Mick Douglas, DFIR instructor at SANS, and Jarrod Frates, who is a pentester at InGuardians, and has great experience...
2015-031: Fab and Megan-High_Math-Psychology_and Scarves
Strap yourselves in ladies and Gentlemen. With Mr. Boettcher gone on "vacation" this week, I needed some help with the podcast, and boy did we pick a doozy. If you're a fan of Turing Complete algorithms, frankly, who isn't ;) , we had Ms....