esw243

Enterprise Security Weekly Episode #243 – September 22, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Scaling Application Security – 01:00 PM-01:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/probely for more information!

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution.

This segment is sponsored by Probely.

Visit https://securityweekly.com/probely to learn more about them!

Guest(s)

Joe Gillespie

Joe Gillespie – Director at Probely

Director – Enterprise Sales – North America
Nuno Loureiro

Nuno Loureiro – CEO at Probely

@nunoloureiro

Nuno is a Co-Founder and the CEO of Probely. In the past, he led an Application Security team at a Telco Provider, where he provided training on secure coding, security guidance during the development lifecycle of projects, performed penetration testing, and implemented PCI-DSS across the organization.

He holds an MSc in Information Security from Carnegie Mellon University.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

 BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance

 PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Threat Intelligence & Threat Hunting – 01:30 PM-02:00 PM

Announcements

Description

Chris will discuss the relevance of intelligence and threat hunting today and how they work together. He will also talk about his EASY framework for creating impactful intelligence and its relation to hunting!

Guest(s)

Chris Cochran

Chris Cochran – Founder and Producer at Hacker Valley Media

@chriscochrcyber

Chris Cochran is the Creative Director of Media at Axonius by day and producer/ host of the award-winning Hacker Valley Studio podcast by night. Chris is prior active duty US Marine Corps intelligence, which led him to a career in cybersecurity. He has dedicated that career to building and leading intelligence and cybersecurity missions at places such as the National Security Agency, Mandiant, and Netflix. His ultimate passion is finding and amplifying human stories in cybersecurity to inspire and enlighten our community.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

 BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance

 PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

3. The Color White, Forgerock IPO, Ditching Your Microsoft Password, & Neosec – 02:00 PM-02:30 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

This week in the Enterprise Security News: Funders Fund Values Identity Startup Persona at $1.5 billion, Neosec Emerges from Stealth With $20.7 million in funding, F5 acquires threat stack, ForgeRock IPOs tomorrow, GitLab announces their IPO, You can now ditch your Microsoft password, Vendor Security 2.0, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance
  1. FUNDING: Founders Fund Values Identity Startup Persona at $1.5 Billion – Raised $150m in a Series C. Focused on identity verification. Kinda like the future of background checks, but more about making sure you’re really you (using Biometrics & other methods) than looking for red flags in your background. $1.5bn valuation on $10-15m revenue? A 100-150x valuation? Sure, why not?
  2. FUNDING: Neosec Emerges From Stealth With $20.7 Million in Funding – API Security company: “Neosec aims to identify all APIs used within an organization, based on existing logs, to constantly maintain an inventory of APIs, and even generate documentation for previously unknown APIs. The platform also discovers APIs transferring sensitive data, any existing discrepancies, and vulnerable or misconfigured APIs.”
  3. FUNDING: Ketch raises another $20M as demand grows for its privacy data control platform – TechCrunch – “providing online privacy regulation and data compliance” – Came out of stealth earlier this year, announced a $23m Series A, and then six months later, they’re now announcing an additional $20m in funding.

    Looking to automate how customer data is handled based on their privacy preferences, hopefully reducing human error as a factor?

  4. FUNDING: Kolide, a ‘transparency-first’ endpoint security platform, raises $17M – Sounds like they’re going in more of a device management direction, rather than Uptycs’s more EDR/threat prevention/detection direction with their OSQuery-based product. I had heard rumblings about business/organizational/funding challenges a few years ago, so it’s good to see some stability now.
  5. FUNDING: Stairwell secures $20M Series A to help organizations outsmart attackers – TechCrunch – Former founder of Google’s Chronicle talking about what this new startup is going to do for the first time. Some breathless claims, but I’m struggling to understand how this take on threat intel is going to differentiate in a threat intel market that already looks oversaturated.
  6. ACQUISITION: F5 Enhances Cloud Security Portfolio with Acquisition of Threat Stack – This market segment seems to have collapsed. Check Point picked up Dome9 back in 2018 and CloudPassage got picked up by PE-owned Fidelis in what MUST have been a fire sale. Also, didn’t realize Anup Ghosh was running things over at Fidelis!
  7. IPO: ForgeRock to go public as IPO prices above the expected range, valuing company at nearly $2 billion – ForgeRock going public tomorrow on the NYSE! Pricing looks around what you’d expect for a cybersecurity vendor. Matt’s going to have another one to add to his security money watchlist!
  8. IPO: GitLab announces their intent to IPO and files a public S-1 – S-1s are always fun to dig into and it has been interesting to watch GitLab’s trajectory after Microsoft’s Github acquisition. Aiming to be your one-stop-shop for DevOps workflow and tool stack!
  9. TRENDS: You Can Now Sign-in to Your Microsoft Accounts Without a Password – Microsoft is one of the first to go passwordless for consumer logins! Who saw that coming?
  10. It’s Time for Vendor Security 2.0
  11. SQUIRREL, PART 1: Purdue record for the whitest paint appears in latest edition of ‘Guinness World Records’
  12. SQUIRREL, PART 2: The Plot to Steal the Color White From DuPont
BillBrenner

Bill Brenner

@BillBrenner70

VP, Content Strategy at CyberRisk Alliance
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly