The O'Reilly Security Podcast-logo

The O'Reilly Security Podcast

19 Favorites

More Information

Episodes

Chris Wysopal on a shared responsibility model for developers and defenders

9/13/2017
More
The O’Reilly Security Podcast: Shifting secure code responsibility to developers, building secure software quickly, and the importance of changing processes. In this episode of the Security Podcast, I talk with Chris Wysopal, co-founder and CTO of Veracode. We discuss the increasing role of developers in building secure software, maintaining development speed while injecting security testing, and helping developers identify when they need to contact the security team for help. Here are...

Duration: 00:36:11


Scott Roberts on intelligence-driven incident response

8/30/2017
More
The O’Reilly Security Podcast: The open-ended nature of incident response, and how threat intelligence and incident response are two pieces of one process. In this episode of the Security Podcast, I talk with Scott Roberts, security operations manager at GitHub. We discuss threat intelligence, incident response, and how they interrelate. Here are some highlights: Threat intelligence should affect how you identify and respond to incidents Threat intelligence doesn't exist on its own. It...

Duration: 00:27:55


Jack Daniel on building community and historical context in InfoSec

8/17/2017
More
The O'Reilly Security Podcast: The role of community, the proliferation of BSides and other InfoSec community events, and celebrating our heroes and heroines. In this episode of the Security Podcast, I talk with Jack Daniel, co-founder of Security Bsides. We discuss how each of us (and the industry as a whole) benefits from community building, the importance of historical context, and the inimitable Becky Bace. Here are some highlights: The indispensable role and benefit of community...

Duration: 00:42:56


Jay Jacobs on data analytics and security

8/2/2017
More
The O’Reilly Security Podcast: The prevalence of convenient data, first steps toward a security data analytics program, and effective data visualization. In this episode of the Security Podcast, Courtney Nash, former chair of O’Reilly Security conference, talks with Jay Jacobs, senior data scientist at BitSight. We discuss the constraints of convenient data, the simple first steps toward building a basic security data analytics program, and effective data visualizations. Here are some...

Duration: 00:28:35


Katie Moussouris on how organizations should and shouldn’t respond to reported vulnerabilities

7/19/2017
More
The O’Reilly Security Podcast: Why legal responses to bug reports are an unhealthy reflex, thinking through first steps for a vulnerability disclosure policy, and the value of learning by doing. In this episode, O’Reilly’s Courtney Nash talks with Katie Moussouris, founder and CEO of Luta Security. They discuss why many organizations have a knee-jerk legal response to a bug report (and why your organization shouldn’t), the first steps organizations should take in formulating a...

Duration: 00:32:05


Alex Pinto on the intersection of threat hunting and automation

7/5/2017
More
The O’Reilly Security Podcast: Threat hunting’s role in improving security posture, measuring threat hunting success, and the potential for automating threat hunting for the sake of efficiency and consistency. In this episode, I talk with Alex Pinto, chief data scientist at Niddel. We discuss the role of threat hunting in security, the necessity for well-defined process and documentation in threat hunting and other activities, and the potential for automating threat hunting using...

Duration: 00:44:05


Amanda Berlin on defensive security fundamentals

6/21/2017
More
The O’Reilly Security Podcast: How to approach asset management, improve user education, and strengthen your organization’s defensive security with limited time and resources. In this episode, I talk with Amanda Berlin, security architect at Hurricane Labs. We discuss how to assess and develop defensive security policies when you’re new to the task, how to approach core security fundamentals like asset management, and generally how you can successfully improve your organization’s...

Duration: 00:33:25


Kimber Dowsett on developing and maturing a vulnerability disclosure program

6/7/2017
More
The O’Reilly Security Podcast: Key preparation before implementing a vulnerability disclosure policy, the crucial role of setting scope, and the benefits of collaborative relationships. In this episode, I talk with Kimber Dowsett, security architect at 18F. We discuss how to prepare your organization for a vulnerability disclosure policy, the benefits of starting small, and how to apply lessons learned to build better defenses. Here are some highlights: Gauging readiness for a...

Duration: 00:32:54


Kelly Shortridge on overcoming common missteps affecting security decision-making

5/24/2017
More
The O’Reilly Security Podcast: How adversarial posture affects decision-making, how decision trees can build more dynamic defenses, and the imperative role of UX in security. In this episode, I talk with Kelly Shortridge, detection product manager at BAE Systems Applied Intelligence. We talk about how common cognitive biases apply to security roles, how decision trees can help security practitioners overcome assumptions and build more dynamic defenses, and how combining security and UX...

Duration: 00:29:35


Dave Lewis on the tenacity of solvable security problems

5/10/2017
More
The O’Reilly Security Podcast: Compounding security technical debt, the importance of security hygiene, and how the speed of innovation reintroduces vulnerabilities. In this episode, I talk with Dave Lewis, global security advocate at Akamai. We talk about how technical sprawl and employee churn compounds security debt, the tenacity of solvable security problems, and how the speed of innovation reintroduces vulnerabilities. Here are some highlights: How technical sprawl and employee...

Duration: 00:13:24


Parvez Ahammad on applying machine learning to security

4/26/2017
More
The O’Reilly Security Podcast: Scaling machine learning for security, the evolving nature of security data, and how adversaries can use machine learning against us. In this special episode of the Security Podcast, O’Reilly’s Ben Lorica talks with Parvez Ahammad, who leads the data science and machine learning efforts at Instart Logic. He has applied machine learning in a variety of domains, most recently to computational neuroscience and security. Lorica and Ahammad discuss the challenges...

Duration: 00:44:28


Katie Moussouris on procuring and processing bug reports

4/12/2017
More
The O’Reilly Security Podcast: The five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs. In this episode, I talk with Katie Moussouris, founder and CEO of Luta Security. We discuss the five stages of vulnerability disclosure grief, hacking the government, and the pros and cons of bug bounty programs. Here are some highlights: The five stages of vulnerability disclosure grief There are two kinds of reactions we see from...

Duration: 00:31:57


Allison Miller on making security better and easier for everyone

3/29/2017
More
The O’Reilly Security Podcast: Focusing on defense, making security better for everyone, and how it takes a village. In this episode, I talk with Allison Miller, product manager for secure browsing at Google and my co-host of the O’Reilly Security conference, which is returning to New York City this fall. We discuss the importance of having an event focused solely on defense, what we’re looking forward to this year, and some notable ideas and topics from the call for proposals. Here are...

Duration: 00:32:52


Scout Brody on crafting usable and secure technologies

3/15/2017
More
The O’Reilly Security Podcast: Building systems that help humans, designing better tools through user studies, and balancing the demands of shipping software with security. In this episode, O’Reilly Media’s Mac Slocum talks with Scout Brody, executive director of Simply Secure. They discuss building systems that help humans, designing better tools through user studies, and balancing the demands of shipping software with security. Here are some highlights: Building systems that help...

Duration: 00:13:47


Jessy Irwin on making security understandable for everyone

3/1/2017
More
The O’Reilly Security Podcast: Speaking other people’s language, security for small businesses, and how shame is a terrible motivator. In this episode, I talk with Jessy Irwin, VP of security and privacy at Mercury Public Affairs. We discuss how to communicate security to non-technical people, what security might look like for small businesses, and moving beyond shame. We also meet her neighborhood gang of grannies who’ve learned how to hack back. Here are some highlights: Speaking...

Duration: 00:36:39


Doug Barth and Evan Gilman on Zero Trust networks

2/15/2017
More
The O’Reilly Security Podcast: The problem with perimeter security, rethinking trust in a networked world, and automation as an enabler. In this episode, I talk with Doug Barth, site reliability engineer at Stripe, and Evan Gilman, Doug’s former colleague from PagerDuty who is now working independently on Zero Trust networking. They are also co-authoring a book for O’Reilly on Zero Trust networks. They discuss the problems with traditional perimeter security models, rethinking trust in a...

Duration: 00:35:27


Susan Sons on maintaining and securing the internet’s infrastructure

2/1/2017
More
The O’Reilly Security Podcast: Saving the Network Time Protocol, recruiting and building future open source maintainers, and how speed and security aren’t at odds with each other. In this episode, O’Reilly’s Mac Slocum talks with Susan Sons, senior systems analyst for the Center for Applied Cybersecurity Research (CACR) at Indiana University. They discuss how she initially got involved with fixing the open source Network Time Protocol (NTP) project, recruiting and training new people to...

Duration: 00:17:33


Steven Shorrock on the myth of human error

1/18/2017
More
The O’Reilly Security Podcast: Human error is not a root cause, studying success along with failure, and how humans make systems more resilient. In this episode, I talk with Steven Shorrock, a human factors and safety science specialist. We discuss the dangers of blaming human error, studying success along with failure, and how humans are critical to making our systems resilient. Here are some highlights: Humans are part of complex sociotechnical systems For several decades now, human...

Duration: 00:33:27


Fang Yu on machine learning and the evolving nature of fraud

1/4/2017
More
The O’Reilly Security Podcast: Sniffing out fraudulent sleeper cells, incubation in money transfer fraud, and adopting a more proactive stance. In this episode, O’Reilly’s Jenn Webb talks with Fang Yu, cofounder and CTO of DataVisor. They discuss sniffing out fraudulent sleeper cells, incubation in money transfer fraud, and adopting a more proactive stance against fraud. Here are some highlights: Catching fraudsters while they sleep Today's attackers are not using single accounts to...

Duration: 00:27:32


Cory Doctorow on the real-life dangers of DRM

12/21/2016
More
The O’Reilly Security Podcast: DRM in unexpected places, artistic and research hindrances, and ill-anticipated consequences. In this best of 2016 episode, I revisit a conversation from earlier this year with Cory Doctorow, a journalist, activist, and science fiction writer. We discuss the unexpected places where digital rights management (DRM) pops up, how it hinders artistic expression and legitimate security research, and the ill-anticipated (and often dangerous) consequences of...

Duration: 00:47:09

See More