Enterprise Security Weekly Episode #208 – November 25, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Drupal Vulnerability, Sectigo DevOps Integrations, & Vulnerable Fortinet VPNs – 12:30 PM-01:00 PM
Announcements
-
Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
Description
This week, Why Companies Should Outsource Cybersecurity During COVID and Beyond, Sectigo Adds Five PKI DevOps Integrations, a Drupal vulnerability press statement from ExtraHop, Palo Alto Networks launches Industry’s first 5G-Native Security offering, And Passwords exposed for almost 50,000 vulnerable Fortinet VPNs!
Hosts
Adrian Sanabria – |
Paul Assadorian –
|
2. Which Multifactor Authentication is the Right One? – 01:00 PM-01:30 PM
Announcements
-
We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!
Description
It’s widely-accepted that multifactor is a best practice for authentication, but there are a variety of implementations (e.g., smart cards, push notifications, OTPs). We’ll talk through the benefits and drawbacks of each and explore why Microsoft ‘s director of identity security just published a blog post about abandoning text messages for Office365/Azure authentication.
Guest(s)
Matt Barnett – Chief Strategist at SEVN-X |
After years in IT, performing network and system administration, software development, and architecting cloud migrations, Matt began to focus his efforts in cybersecurity. Matt draws on his technical competency and law enforcement background to assist clients, in both proactive and incident response capacities. In addition, Matt has developed an arsenal of applications, strategies, policies, and procedures to assist clients in achieving better cybersecurity. |
Hosts
Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance |
Paul Assadorian – Founder/CIO at Security Weekly/CyberRisk Alliance |
3. Beyond Subjectivity: Sharpening CVSS with Asset Context – 01:30 PM-02:00 PM
Sponsored By

Visit https://securityweekly.com/vicarius for more information!
Announcements
-
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Description
Visit https://securityweekly.com/vicarius for more information!
Announcements
-
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Description
Vulnerability prioritization has traditionally relied on CVSS scores and other subjective measurements (e.g. asset tagging) that don’t factor in internal context. A new approach integrates asset context and application activity to derive rich, internal data.
This segment is sponsored by Vicarius.
Visit https://securityweekly.com/vicarius to learn more about them!
Blog post: https://www.vicarius.io/blog/beyond-subjectivity-sharpening-cvss-with-asset-context
Guest(s)
Clayton Fields – Advisor at Vicarius |
For 15 years, Clayton has been a technologist and client advocate. He helped launch the first intrusion prevention system for Active Directory. Clayton brings a breadth of acquisition experience focused on market truths and buyer languages. |
Michael Assraf – CEO & Co-Founder at Vicarius |
Michael has more than ten years of experience in the startup world. He has been part of six different startups, filling out several positions up to VP R&D, both on the tech and operational sides. In his last position at Atlis, Michael built and managed an R&D department. He led the Israeli team of the startup on a daily basis from day one to the release of the product’s GA. In his professional experience, Michael filled multiple positions from Network Engineer at Deltathree, Automation Engineer at Secure Islands (later acquired by Microsoft), Software Developer at Idomoo to VP R&D at Cellxpert and Atlis. Michael holds an MBA from Tel Aviv University and a BSc from the Jerusalem College of Engineering. |
Hosts
Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance |
Paul Assadorian – Founder/CIO at Security Weekly/CyberRisk Alliance |