Preview Mode Links will not work in preview mode

Aug 31, 2015

Once you find a vulnerability, how do you handle patching it? Especially when devs have their own work to do, there are only so many man hours in a sprint or development cycle, and the patching process could take up a good majority of that if the vuln is particularly nasty.

One method is to triage your patches, and we...


Aug 24, 2015

Checkbox Security... checklists required to follow by compliance people and many security people have to fall in line, because they often have no choice.

But what if there was a way to use compliance requirements to get beyond the baseline of PCI/SOCII/HIPAA, and get to be more secure?

Megan Wu (@tottenkoph), Mr....


Aug 16, 2015

After last week's discussion of end-user training in the SANS top 20 security controls, we realized that it would be great to discuss how a company involved in training does proper training.

 

So we hit up our sponsor at Cybrary.it to discuss their end-user security training track and how companies can use it to help...


Aug 15, 2015

For long time listeners of the podcast, back when Brian and I wanted to do the podcast, we were working at the same company, and the first podcast we did was on hashes. 

 

Bob story: Bob was getting tired of explaining what MD5, SHA1, SHA2 were to developers, so as we were developing our idea for the podcast, this was...


Aug 10, 2015

End User training.  Lots of companies have need of regular security training. Many treat it as a checkbox for compliance requirements, once a year.  With the way training is carried out in many organizations, is it any wonder why phishing emails still get clicked, passwords still get compromised, and...