Mitch and Alan discuss a recent security incident involving CrowdStrike, highlighting the challenges of software updates and the implications for the broader industry. They reflect on their experiences attending the Black Hat conference and the evolving intersection of software development and security. They also share personal anecdotes and insigh…

Mitchell and Alan talk about the ubiquitous collection of data including geolocation data by Apple, Google and other providers. The uses of this data can be relatively innocent for marketing purposes all the way to serious security issues of life and death. Alan & Mitch also talk about the current state of Cyber AI startups. Has the bloom come off …

Mitch and Alan take a moment to catch their breath after a great week at RSAC, Broadcast Alley interviews and the DevSecOps and GenAI conference. They affirm that security is about community for them both. They also explore the emerging discussion of whether all this spending on security technologies is making us more secure or not. Links Reference…

Mitch and Alan discuss rebranding the Security Creators Network; CISA brings a new focus to open source and Alan's interview with OpenSSF governing board member Brian Fox (Sonatype) from KubeCon + CloudNativeCon Europe 2024. References mentioned in this podcast: Security Creators Network: https://securityboulevard.com/2024/04/techstrong-group-annou…

Alan and Mitch discuss self-replicating AI malware, Cloudflare's announced firewall to protect generative AI LLMs and Alan's interview with Anna Pobletts, head of passwordless at 1Password, about how devs and DevOps teams can improve cybersecurity by eliminating passwords. https://securityboulevard.com/2024/03/compromptmized-ai-worm-malware-richixb…

Mitch and Alan discuss the State Department's intent to label fake content, expanding the Security Bloggers Network at RSAC 2024, and the government's focus on taking down LockBit and other large ransomware rings. Links Referenced in Podcast: https://securityboulevard.com/2024/02/us-russian-disinformation-richixbw/ https://securityboulevard.com/sec…

In this episode of Security Boulevard Chats, hosts Mitch and Alan delve into AI's profound impact on cybersecurity and the dual-edged nature it presents for attackers and security professionals. The conversation takes a deeper dive into the murky waters of deep fakes and AI-generated misinformation. Alan sits down with Chris Eng, Chief Research Off…

Alan and Mitch discuss data leaks and Bank of America' recent data loss and, Alan's interview with security marketing guru and colleague Jennifer Leggio, defending the expanding attack surface. Links referenced: https://www.bleepingcomputer.com/news/security/bank-of-america-warns-customers-of-data-breach-after-vendor-hack/ https://securityboulevard…

Return to the office mandates are on the rise, and Mitch and Alan discuss whether security concerns over working remote is a substantial driver. Mitch and Alan also explore the realization of deepfake fears covered in Richi Jennings' "CFO Deepfake Fools Staff — Fakers Steal $26M via Video" , should HR's role expand in "Why an HR-IT Partnership is C…

Mitch and Alan kick off 2024 by recalling the origins of Security Boulevard Chats, which started with their first security podcast in 2004. Twenty years ago!!! They discuss how security has gone from a niche job to today, where college grads emerge with security degrees and specializations. They discuss Marty Roesch's (snort creator and Sourcefire …

Does cloud, DevSecOps and network security all go together? They have to in the real world. We sit down with Harry Sverdlove, CTO founder of Edgewise Networks and discuss this very topic as well as top three tips from Harry. Have a listenSecurity Boulevard

The environments that we deploy applications in have certainly changed over the last 10 years. This is true for the way we secure applications as well. Barracuda Networks has ridden this wave to cloud native and making solutions for developers, devops teams and security and risk teams. We speak to Tim Jefferson, VP of public cloud for Barracuda on …

Application Security Requirements & Threat Management (ASRTM)is a great way to:• Lowering costs to build secure software• Making security measurable• Turning unplanned work into planned work• Freeing up time away from remediation, and into feature development• Having a single process that works with in-house, outsourced, and commercial software• Pr…

One of the hottest new trends in the cybersecurity world is what is being called "Deception". While honeypots and such have been around for a long time, the idea of purposely deceiving your attackers has really gained momentum, especially in the age of APT (advanced persistent threats). The team at Illusive Networks has pioneered this approach to s…

They already number in the billions, but connected devices or IoT were not all built with security as top of mind.In this chat we speak with Mike Nelson, VP of IoT Security at DigiCert, a global leader in digital security for connected systems and devices. Mike tells what to do with your legacy devices and systems to help make them more secure and …

Chef has spent a lot of time bringing security and compliance into the software development lifecycle (SDLM). They have several solutions both open source and commercial which can help with your DevSecOps practice. I had a chance to sit down with Dan Hauenstein and Dominick Richter. Dominick is one of the founding members of dev-sec.io and co-creat…

Container adoption rates are skyrocketing. Securing these environments is both a tremendous opportunity and a daunting challenge. Aqua Security has taken on this challenge. With their most recent funding announcement and other momentum news, they are making their play to lock down the container security market and establish themselves as the market…

Zane Lackey, co-founder of Signal Sciences and formerly of Etsy give us the top lessons for DevSecOps. Great list from Zane. Great discussionSecurity Boulevard

DevSecOps, it's a thing. While some say absolutely, others say pleee-ase. I speak with Mike Kail, CTO founder of Cybric about how some of the biggest pushback on DevSecOps comes not from the Dev or Ops crowd, but from the security teams. Whats up with that? Are the security team too territorial? Do they relish their otherness? Mike who has a long h…