esw228

Enterprise Security Weekly Episode #228 – May 19, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Identity Management as a Foundation for Future-Proofing your Security – 06:00 PM-06:30 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

The perimeter is dissolving. Employees are using any device from any location for work. With limited visibility from our traditional networking and endpoint security controls, how do we protect our data? John Masserini, Global Chief Information Security Officer at Millicom (Tigo) Telecommunications, joins us to discuss the fundamentals of an identity strategy, including identity and access management, single sign-on, multi-factor authentication, and privileged access.

Guest(s)

John Masserini

John Masserini – Global CISO at Millicom

A 25-year veteran of providing information and corporate security services to multinational Fortune-1000 companies. An industry-recognized leader whose expertise across multiple business verticals provides for a unique approach to delivering an information risk program that drives business-focused solutions to today’s global Information Security & Compliance challenges. An experienced leader who not only specializes in reinvigorating and realigning existing teams but also building new information security programs to meet today’s critical business needs.

John is the author of the award-winning Chronicles of a CISO blog, where he shares insight and recommendations based on his decades of experience in the security industry.

As the Global Chief Information Security Officer of Millicom Telecom International, John is responsible for all aspects of the global information security program, including Security Operations, Engineering, Architecture, Vulnerability and Risk management, and Business Continuity Planning.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. All the News From RSA Conference 2021 – 06:30 PM-07:00 PM

Announcements

  • In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. In our June 3 webcast at 11am ET, you will learn about pen testing tools and why every organization should be using them regularly. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

The Enterprise Security Weekly crew summarizes all the news from RSA Conference 2021, including product announcement, acquisitions, funding, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. CIS Controls Version 8
  2. ACQUISITION: Twilio Acquires Ionic Security
  3. FUNDING: Authomize Secures $16M in Series A Funding Led by Innovation Endeavors
  4. FUNDING: Panaseer raises $26.5m in series B funding
JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Qualys CyberSecurity Asset Management brings security teams the automation they need – Help Net Security
  2. ThycoticCentrify Enhances DevOps Secrets Vault
  3. Arctic Wolf Launches Security Awareness Training Solution – MSSP Alert
  4. Introducing JumpCloud Protect – Free Mobile Multi-Factor Authentication
  5. BlackBerry Builds Out Extended Detection and Response (XDR) Capabilities with New Cybersecurity Innovations
  6. Digital.ai Essential App Protection Announced
  7. Splunk Announces Intent to Acquire TruSTAR
  8. Cisco adds to cybersecurity service with acquisition of Kenna Security
  9. Fidelis Cybersecurity acquires CloudPassage to enhance its Active XDR platform – Help Net Security
  10. Perforce Acquires 21 Labs
  11. Vectra AI: $130 Million Funding And $1.2 Billion Valuation
  12. Cybersecurity company NetSPI raises $90M – Minneapolis / St. Paul Business Journal
  13. Styra Raises $40 Million in Series B Funding to Drive Access, Security and Compliance in Cloud-Native Applications
  14. BluBracket Secures $12M in Series A Funding to Protect Code from Development to Deployment – DevOps.com
  15. Cybersecurity Company Cigent Secures $7.6 Million
  16. Portainer.io Raises $6M Series A Round
  17. Query.AI Closes $4.6M in Funding to Accelerate Adoption of Market’s Only Security Investigations Control Plane – DevOps.com
  18. ArmorCode Emerges From Stealth

3. Building a Response Strategy to Advanced Threats – 07:00 PM-07:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop-rsac for more information!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

SolarWinds SUNBURST was a rude awakening for many security teams, and it won’t be the last time security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With advanced threats persisting inside the network for months, security teams need a new plan. In this session, ExtraHop VP, Security Response Services Mark Bowling discusses strategies to detect, investigate, and respond to post-compromise attack activities.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop-rsac to learn more about them!

Guest(s)

Mark Bowling

Mark Bowling – Vice President of Security Response Services at ExtraHop

Mark Bowling is Vice President of Security Response Services at ExtraHop. He advises our global customers on risk management and mitigation strategy and helps them respond to complex cybersecurity incidents quickly, thoroughly, and in compliance with regulatory frameworks including GDPR, CCPA, NERC, PCI-DSS, ISO, SEC, and HIPAA. Prior to ExtraHop, Mark spent more than two decades investigating and combating cyber attacks in leadership roles with the FBI and the Department of Education.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance