BrakeSec Education Podcast By cover art

BrakeSec Education Podcast

By: Bryan Brake Amanda Berlin and Brian Boettcher
Listen for free

  • Summary

  • A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
    Copyright 2024. All rights reserved
    Show more Show less
Episodes
  • Josh Grossman - building Appsec programs, bridging security and developer gaps

    Josh Grossman - building Appsec programs, bridging security and developer gaps
    Apr 15 2024

    Youtube VOD: https://youtu.be/G3PxZFmDyj4

    #appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis


    Questions and topics:

    1. The background to the topic, why is it something that interests you?
    How do you convince developers to take your course?

    2. What do you think the root cause of the gap is?

    3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?)

    4. Where do gaps begin? Is it the ‘need’ to ‘move fast’?

    5. What can devs do to involve security in their process? Sprint planning? SCA tools?

    6. How have you seen this go wrong at organizations?

    7. How important is it to have security early in the product development process?

    8. What sort of challenges do you think mainstream security people face in AppSec scenarios?

    9. How does Product Security differ from Application Security? (what if the product is an application?)

    10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec?

    11.. How do you suggest a security team approach AppSec/ProdSec?
    Leadership buy-in
    Effective/valuable processes
    Tools should achieve a goal

    12. SBOM - NTIA is asking for it, How to get dev teams to care.

    13. Key takeaways?

    Additional information / pertinent LInks (Would you like to know more?):
    BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218

    https://www.walkme.com/blog/leadership-buy-in/

    https://www.bouncesecurity.com/

    https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example

    https://www.cisa.gov/sbom

    SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd

    https://semgrep.dev/

    https://www.linkedin.com/in/joshcgrossman

    https://owasp.org/www-project-application-security-verification-standard/

    https://github.com/OWASP/ASVS/tree/master/5.0

    https://owasp.org/www-project-cyclonedx/

    https://joshcgrossman.com/

    PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg

    Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210

    https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-372101705524544

    ASVS website: https://owasp.org/asvs

    Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee


    Show points of Contact:
    Amanda Berlin: @infosystir @hackershealth
    Brian Boettcher: @boettcherpwned
    Bryan Brake: https://linkedin.com/in/brakeb
    Brakesec Website: https://www.brakeingsecurity.com
    Youtube channel: https://youtube.com/@brakeseced
    Twitch Channel: https://twitch.tv/brakesec
    Show more Show less
    1 hr and 16 mins
  • Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox

    Managing messaging with management, becoming a CISO with Mary Gardner from Goldiknox
    Apr 9 2024
    Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time based on new information and experiences and do not represent views of past, present, or future employers. Recorded: 08 Apr 2024 Youtube VOD: https://www.youtube.com/watch?v=K8qApvsFtqw Show Topic Summary: If you want to get in the mind of a board member, I submit to you my discussion with Mary Gardner we did last night on #brakesec #education. Join Mary and I as we discuss the functions of a board, messaging to various levels of leadership and teams, and what it takes to make that leap to being a CISO. And when you're done, and you need someone to help your org get more mature, contact the team at GoldiKnox. #cybersecurity #informationsecurity #ciso #leadership #GRC Questions and topics: https://hbr.org/2023/05/boards-are-having-the-wrong-conversations-about-cybersecurity “Just 69% of responding board members see eye-to-eye with their chief information security officers (CISOs). Fewer than half (47%) of members serve on boards that interact with their CISOs regularly, and almost a third of them only see their CISOs at board presentations. “ They obviously have different priorities, so what brings everyone to the table to discuss? Are they even worried about security? Tactical goals vs. org goals and aligning them What are boards most worried about these days? Staying relevant in the face of AI? What tech will protext them from the newest threats? GRC is forced security, security is completely optional, Compliance requires some sort of security Additional information / pertinent LInks (Would you like to know more?): Research organizations (gartner, forrester, etc) https://goldiknox.com/ https://www.linkedin.com/pulse/board-needs-help-planning-cybersecurity-start-here-daniel-briley-k7xzc https://hbr.org/2022/11/is-your-board-prepared-for-new-cybersecurity-regulations https://www.justice.gov/usao-ndca/pr/former-chief-security-officer-uber-sentenced-three-years-probation-covering-data Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec Discord: https://discord.gg/brakesec
    Show more Show less
    1 hr and 23 mins
  • p2-accidentalCISO, building trust in new places

    p2-accidentalCISO, building trust in new places
    Feb 13 2024

     

    Full Youtube VOD: https://www.youtube.com/watch?v=uX7odQTBkyQ 

     

     

    Questions and topics:

    1. Let’s talk about Mindful Business Podcast

      1. What’s the topics you cover?

    2. Topic #1: discuss your experiences when you were a new leader.

      1.  What worked? What didn't? What would you have done differently?

      2. Do you emulate your manager's style? What have been your go-to management resources? 

      3. What is a good piece of advice that you’ve been given or that you impart to others that relates to leadership?

    3. Topic #2: building/Operating SaaS products (we can discuss securing them, what functions should be table stakes (data structures, logging, etc)

    4. Topic #3: What are bare minimums for building ‘secure’ Saas products in your particular field? And how do you balance security with a positive user experience (i. e. getting customers to buy into MFA/OAUTH, OTA updates

    5. Topic #4: Do many SaaS products get over-integrated? Is the need for integration override best practices in security? 

    Additional information / pertinent LInks (Would you like to know more?):

    1. Twitter/Mastodon:
      https://twitter.com/AccidentalCISO
      https://infosec.exchange/@accidentalciso

    2. The Mindful Business Security Show:
      https://www.mindfulsmbshow.com/
      https://twitter.com/mindfulsmbshow



    Show points of Contact:

    Amanda Berlin: @infosystir @hackershealth 

    Brian Boettcher: @boettcherpwned

    Bryan Brake: https://linkedin.com/in/brakeb 

    Brakesec Website: https://www.brakeingsecurity.com

    Youtube channel: https://youtube.com/@brakeseced

    Twitch Channel: https://twitch.tv/brakesec
    Show more Show less
    1 hr and 14 mins
Politics & Government
Show more Show less

What listeners say about BrakeSec Education Podcast

Average customer ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com reviews

Amazon reviews
No Reviews are Available