esw275

Enterprise Security Weekly Episode #275 – May 26, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. What’s Happening with SCIM – 03:00 PM-03:30 PM

Announcements

Description

There are a few IETF standards that make the identity world go ‘round. SAML, FIDO and LDAP are ones that we know and love… but there’s one particularly un-loved standard that is the glue between most identity systems — cloud and on-prem — out there. It’s called SCIM and — good news — smart people are working on improving this 10+ year old standard. Big changes coming, and here to talk with us about it is Paul Lanzi…

Segment Resources:
https://identiverse.com/idv2022/ (Paul on Wednesday)

Guest(s)

Paul Lanzi

Paul Lanzi – Cofounder and COO at Remediant

@planzi

Paul Lanzi, Co-founder and COO of managed mobile and web-focused full-stack enterprise software development and UX teams at Genentech, Roche and Gilead Sciences. Previously, Paul served in project and program management positions at SBC (now AT&T), Posit Science and Genentech, focusing on IT Infrastructure, Information Security (IAM, encryption, policy implementation and change management), mobility and corporate integration efforts. Paul earned his BS with Honors in Computer Science at UC Davis and has held a PMP certification from the Project Management Institute since 2005. At Remediant, Paul focused on internal security and compliance, industry relations and technical partnering.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

JoeSouth

Joe South

@SecUnfPodcast

Sr Content Creator at CyberRisk Alliance

2. Accelerating Security Response – 03:30 PM-04:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/deepwatch for more information!

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

In our research, 85% of security professionals attribute preventable business impacts to insufficient response practices. In this segment, Bill will discuss the key challenges slowing down response times, such as staffing challenges, alert quality, and organizational culture as primary factors slowing down response.

This segment is sponsored by deepwatch.

Visit https://securityweekly.com/deepwatch to learn more about them!

Guest(s)

Bill Bernard

Bill Bernard – Managing Director of Solutions Architecture at Deepwatch

Bill Bernard currently serves as Deepwatch’s Managing Director of Solutions Architecture. He is a seasoned security expert with 20+ years of experience collaborating with customers to select and deploy the right security solutions for their business. Bill has held various solutions architecture roles throughout his career and holds a variety of security certifications including CISSP, CIPP-E and CIPM.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

JoeSouth

Joe South

@SecUnfPodcast

Sr Content Creator at CyberRisk Alliance

3. Lacework Layoffs, Anti-Hacking Law, The Security Study Plan, & StackZone – 04:00 PM-04:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week in the Enterprise News: Lacework lays off approx 300 employees, US Narrows Scope of Anti-Hacking Law Long Hated by Critics, Security Study Plan, DevSecOps Vulnerability Management by Guardrails, StackZone, Cipherloc Acquires vCISO Security Services Provider SideChannel, Broadcom to Buy VMware for $61 Billion in Record Tech Deal, Cyscale raises EUR 3 million in Seed Funding Round, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Director of Product Management at Tenchi Security

  1. FUNDING: Certora Announces $36 million Series B funding round led by Jump Crypto
  2. FUNDING: Dig Security raises $11 million in Seed funding for cloud data detection and response solution
  3. FUNDING: LimaCharlie Secures 5.45 Million in Seed Funding Led by Susa Ventures
  4. FUNDING: Cyscale raises EUR 3 million in Seed Funding Round
  5. FUNDING: BEMO Raises $3M in Seed — Gula Tech Adventures
  6. ACQUISITIONS: Broadcom to Buy VMware for $61 Billion in Record Tech Deal
  7. ACQUISITIONS: Carlyle to Acquire ManTech in All-Cash Transaction Valued at Approximately $4.2 Billion
  8. ACQUISITIONS: Pathlock Secures $200M; Completes Merger with Appsian and Security Weaver
  9. ACQUISITIONS: Thales signs an agreement with Sonae Investment Management to acquire S21sec and Excellium, reinforcing its cybersecurity activities
  10. ACQUISITIONS: Cipherloc Acquires vCISO Security Services Provider SideChannel – MSSP Alert
  11. ACQUISITIONS: ThriveDX snaps up education platform provider Lucy Security – SiliconANGLE
  12. NEW PRODUCTS: StackZone
  13. NEW PRODUCTS: DevSecOps Vulnerability Management by Guardrails
  14. TRENDS: Everyone is drafting their own startup Black Swan memo – TechCrunch – I’ve got two movie quotes for this one: “Buckle in, it’s going to be a bumpy ride” or “Hold on to your butts”, depending on what generation you’re from.
  15. LAYOFFS: Lacework lays off approx 300 employees – Gergely Orosz on Twitter – Content of the tweet:
    Just in:
    @Lacework
    – data-driven security platform for the cloud – lays off ~300 employees, about 20% of staff today.

    The layoffs come 6 months after the company raised $1.8B, valued at $8.3B.

    Some people let go were hired 1-2 months ago. Company yet to post an announcement.

  16. LAYOFFS: Tripwire’s new owner lays off dozens, three months after buying the Portland tech company
  17. LEGAL: US Narrows Scope of Anti-Hacking Law Long Hated by Critics – The Justice Department pinkie swears they won’t go after security researchers with CFAA in the future!
  18. LEARNING: Security Study Plan – This Github repo has study plans for:
    Common Skills for Security
    AWS Security
    GCP Security
    Azure Security
    DevSecOps
    Docker Security
    Kubernetes Security
    Penetration Testing
    Application Security Testing
    API Security
    Network Security
  19. SQUIRREL: HarpoCrates Pitchdeck: Remote Administration as a Service – Kelly posted this on LinkedIn, and apparently some folks didn’t sense the sarcasm.

    Some of us appreciated the satire.

JoeSouth

Joe South

@SecUnfPodcast

Sr Content Creator at CyberRisk Alliance