Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Francesco Cipollone에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Francesco Cipollone 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Cyber Security & Cloud Podcast와 비슷한 콘텐츠
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
Every weekday, host Kai Ryssdal helps you make sense of the day's business and economic news — no econ degree or finance background required. "Marketplace" takes you beyond the numbers, bringing you context. Our team of reporters all over the world speak with CEOs, policymakers and regular people just trying to get by.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
CSCP S03EP23 - Chris Hughes - Demystifying Application Security Programs
저장한 시리즈 ("피드 비활성화" status)
When?
This feed was archived on October 30, 2024 11:44 (
Why? 피드 비활성화 status. 잠시 서버에 문제가 발생해 팟캐스트를 불러오지 못합니다.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 355818851 series 2861915
Francesco Cipollone에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Francesco Cipollone 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Chris Hughes is a Proven Cloud/Cybersecurity leader with nearly 20 years of experience in the Federal and commercial industries. Chris is an active blogger, passionate about all things cyber and a published author of books like Software Transparency.
The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence.
1:12 Introductions
4:45 regulation and federal space
6:40 Software supply chain attacks
8:40 SSDF and SBOM
11:06 Software is complex
15:00 Vulnerability to attacks, attacker mindset
17:00 Common supply chain attacks
20:00 Cloud critiques, is cloud secure?
23:00 Business Risk, Quantifications, How to measure everything,
24:00 FAIR and Quantification at scale
25:00 Method to evaluate vulnerability, CISA KEV, EPSS, How to triage
28:00 Why does the software supply chain get attention
30:00 Get connected
Chris Huges
https://www.linkedin.com/in/resilientcyber/
https://podcasts.apple.com/us/podcast/resilient-cyber/id1555928024
https://resilientcyber.substack.com/
FAIR: https://www.opengroup.org/certifications/openfair
Hot to measure anything in cyber risk: https://amzn.eu/d/hBWxJGO
Cyber Security and Cloud Podcast hosted by Francesco Cipollone
Twitter @FrankSEC42
Linkedin: linkedin.com/in/fracipo
#CSCP #cybermentoringmonday cybercloudpodcast.com
Social Media Links
Follow us on social media to get the latest episodes:
Website: http://www.cybercloudpodcast.com/
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ
Linkedin: https://www.linkedin.com/company/35703565/admin/
Twitter: https://twitter.com/podcast_cyber
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/
Summary Transcript (auto-generated might have some typos)
Hello everyone and welcome back to the cybersecurity and cloud podcast, this is your host
Francesco and this is probably the last last episode that we do in 2022 is 29 of December 2022
we're almost on the end of the years but we managed to squeeze in a last episode with chris
Hughes and it's an absolute pleasure because we chris we've been interacting a lot of linking
teasing each other over a number of topics and we said you know it's the time to come on the
show and do a proper episode. So chris, thank you very much for coming on the show. Chris is
uh is a consultant to direct robot via and it's been in Air force previously, so it's very heavily
involved with a lot of us regulation around storm and around cybersecurity and the U. S. Has
faced a lot of change in late and today in the episode we're gonna dig in and explore this. But
before digging into the exciting topic of storm and software supply chain chris tell us a little bit
more about you, how did you start? How did you get us to the point where you are today? Yeah
definitely. I'm happy to give you some background. I start off active duty Air Force you know
prior to that I always had an interest in computers and technology but got joined the Air Force
and got put in cybersecurity and at the time I didn't really realize the opportunity. You
know you're just a young kid you know. Uh And and then like I started really taking an interest in
it because it was a fascinating career field and like I've never stopped you know I did four years in
the Air Force and then I've been a federal employee with the U. S. Government twice once with
the Navy doing cloud and deficit cops. And you know cyber security for them. And then also with
an organization known as G. S. A. The General Services Administration which probably isn't too
familiar for many. But like if you've heard of Fed ramp, I was part of the Fed ramp team
reviewing cloud services coming to the you know us federal market there as a security to me.
Um, and as you mentioned, I think we're definitely seeing like an evolution of the regulation in
this space, you know, in our, in our environment, in the public sector. You know, we've always
had things like Nist and uh, you know, risk management framework, Nist 853 and and you know,
think of Nist 871 for defense, industrial base and then see mm see that people are talking about
a lot now, thinking about, you know, not just software supply chain but supply chain risk
management in general, you're under your suppliers. That was a topic that's gotten a lot of
attention as of late and then, you know, obviously software supply chain, you know, it's not
necessarily a new topic. You know, you can date new google. Had a white paper recently,
they started like an incident from 1980 you know, for something where the United States did
something that Russia with software and it's like, wow, this issue has been around for a long
time, but it's gotten more and more attention, I think is, you know, we've seen open source
adoption kind of accelerate and go, you know, go crazy, everyone's using open source software.
Most modern applications are made of open source software and I think people are realizing like,
you know, I think prototype for example, had a study showing that in the last three years it's like
a 742% increase in software supply chain attacks. So malicious actors are paying
attention. And now I think that's making organizations regulators, you know, the industry pay
attention and try to respond to this brilliant. And then of course he moved over to cisa and kind
of has kept up that, you know, that momentum since then. So I think, you know, definitely solar
winds was kind of the watershed moment, I think from an attention perspective and then the
cyber street executive order and all the, all the activity has come after that. And as you
mentioned, like, you know, I think regulation is going to has and will continue to play a big part in
this. Like, you know, without regulation forcing the issue, suppliers are not necessarily
incentivized to provide this information that transparency and many, you know, I've been really
focused or interested in the economic factors of cyber. Many consider cyber to be a market
failure. They said, you know, regulation is required for the, for things to change. Um, and I think
it's, you know, it's hard to argue with that because if we just leave it up to the industry, they're
not going to necessarily provide this information. Why why would they, you know, just put some
additional risk or scrutiny? So, yeah, I think, I think we're definitely seeing a lot of changes And
security resolve doesn't seem like a massive cost. So if there isn't a regulation behind it, there
isn't a business justification to a ship with a bomb. I think the attack of one of the big
topic in cyber that is asset management in general. That is a huge debated and often
avoided topic in, cyber or in generally 90 is not even a cyber problem. And I think this one
kind of industry has now brought to the topic a problem that is like, what do we do with, what do
113 에피소드
공유
저장한 시리즈 ("피드 비활성화" status)
When?
This feed was archived on October 30, 2024 11:44 (
Why? 피드 비활성화 status. 잠시 서버에 문제가 발생해 팟캐스트를 불러오지 못합니다.
What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.
Manage episode 355818851 series 2861915
Francesco Cipollone에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Francesco Cipollone 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Chris Hughes is a Proven Cloud/Cybersecurity leader with nearly 20 years of experience in the Federal and commercial industries. Chris is an active blogger, passionate about all things cyber and a published author of books like Software Transparency.
The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the vulnerabilities that matter most and reduce your exposure to modern attacks. See it for yourself. Go to https://www.phoenix.security for a free 14-day licence.
1:12 Introductions
4:45 regulation and federal space
6:40 Software supply chain attacks
8:40 SSDF and SBOM
11:06 Software is complex
15:00 Vulnerability to attacks, attacker mindset
17:00 Common supply chain attacks
20:00 Cloud critiques, is cloud secure?
23:00 Business Risk, Quantifications, How to measure everything,
24:00 FAIR and Quantification at scale
25:00 Method to evaluate vulnerability, CISA KEV, EPSS, How to triage
28:00 Why does the software supply chain get attention
30:00 Get connected
Chris Huges
https://www.linkedin.com/in/resilientcyber/
https://podcasts.apple.com/us/podcast/resilient-cyber/id1555928024
https://resilientcyber.substack.com/
FAIR: https://www.opengroup.org/certifications/openfair
Hot to measure anything in cyber risk: https://amzn.eu/d/hBWxJGO
Cyber Security and Cloud Podcast hosted by Francesco Cipollone
Twitter @FrankSEC42
Linkedin: linkedin.com/in/fracipo
#CSCP #cybermentoringmonday cybercloudpodcast.com
Social Media Links
Follow us on social media to get the latest episodes:
Website: http://www.cybercloudpodcast.com/
You can listen to this podcast on your favourite player:
Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463 Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ
Linkedin: https://www.linkedin.com/company/35703565/admin/
Twitter: https://twitter.com/podcast_cyber
Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/
Summary Transcript (auto-generated might have some typos)
Hello everyone and welcome back to the cybersecurity and cloud podcast, this is your host
Francesco and this is probably the last last episode that we do in 2022 is 29 of December 2022
we're almost on the end of the years but we managed to squeeze in a last episode with chris
Hughes and it's an absolute pleasure because we chris we've been interacting a lot of linking
teasing each other over a number of topics and we said you know it's the time to come on the
show and do a proper episode. So chris, thank you very much for coming on the show. Chris is
uh is a consultant to direct robot via and it's been in Air force previously, so it's very heavily
involved with a lot of us regulation around storm and around cybersecurity and the U. S. Has
faced a lot of change in late and today in the episode we're gonna dig in and explore this. But
before digging into the exciting topic of storm and software supply chain chris tell us a little bit
more about you, how did you start? How did you get us to the point where you are today? Yeah
definitely. I'm happy to give you some background. I start off active duty Air Force you know
prior to that I always had an interest in computers and technology but got joined the Air Force
and got put in cybersecurity and at the time I didn't really realize the opportunity. You
know you're just a young kid you know. Uh And and then like I started really taking an interest in
it because it was a fascinating career field and like I've never stopped you know I did four years in
the Air Force and then I've been a federal employee with the U. S. Government twice once with
the Navy doing cloud and deficit cops. And you know cyber security for them. And then also with
an organization known as G. S. A. The General Services Administration which probably isn't too
familiar for many. But like if you've heard of Fed ramp, I was part of the Fed ramp team
reviewing cloud services coming to the you know us federal market there as a security to me.
Um, and as you mentioned, I think we're definitely seeing like an evolution of the regulation in
this space, you know, in our, in our environment, in the public sector. You know, we've always
had things like Nist and uh, you know, risk management framework, Nist 853 and and you know,
think of Nist 871 for defense, industrial base and then see mm see that people are talking about
a lot now, thinking about, you know, not just software supply chain but supply chain risk
management in general, you're under your suppliers. That was a topic that's gotten a lot of
attention as of late and then, you know, obviously software supply chain, you know, it's not
necessarily a new topic. You know, you can date new google. Had a white paper recently,
they started like an incident from 1980 you know, for something where the United States did
something that Russia with software and it's like, wow, this issue has been around for a long
time, but it's gotten more and more attention, I think is, you know, we've seen open source
adoption kind of accelerate and go, you know, go crazy, everyone's using open source software.
Most modern applications are made of open source software and I think people are realizing like,
you know, I think prototype for example, had a study showing that in the last three years it's like
a 742% increase in software supply chain attacks. So malicious actors are paying
attention. And now I think that's making organizations regulators, you know, the industry pay
attention and try to respond to this brilliant. And then of course he moved over to cisa and kind
of has kept up that, you know, that momentum since then. So I think, you know, definitely solar
winds was kind of the watershed moment, I think from an attention perspective and then the
cyber street executive order and all the, all the activity has come after that. And as you
mentioned, like, you know, I think regulation is going to has and will continue to play a big part in
this. Like, you know, without regulation forcing the issue, suppliers are not necessarily
incentivized to provide this information that transparency and many, you know, I've been really
focused or interested in the economic factors of cyber. Many consider cyber to be a market
failure. They said, you know, regulation is required for the, for things to change. Um, and I think
it's, you know, it's hard to argue with that because if we just leave it up to the industry, they're
not going to necessarily provide this information. Why why would they, you know, just put some
additional risk or scrutiny? So, yeah, I think, I think we're definitely seeing a lot of changes And
security resolve doesn't seem like a massive cost. So if there isn't a regulation behind it, there
isn't a business justification to a ship with a bomb. I think the attack of one of the big
topic in cyber that is asset management in general. That is a huge debated and often
avoided topic in, cyber or in generally 90 is not even a cyber problem. And I think this one
kind of industry has now brought to the topic a problem that is like, what do we do with, what do
113 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Cyber Security & Cloud Podcast와 비슷한 콘텐츠
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
Every weekday, host Kai Ryssdal helps you make sense of the day's business and economic news — no econ degree or finance background required. "Marketplace" takes you beyond the numbers, bringing you context. Our team of reporters all over the world speak with CEOs, policymakers and regular people just trying to get by.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Investor Shayle Kann is asking big questions about how to decarbonize the planet: How cheap can clean energy get? Will artificial intelligence speed up climate solutions? Where is the smart money going into climate technologies? Every week on Catalyst, Shayle explains the world of climate tech with prominent experts, investors, researchers, and executives. Produced by Latitude Media.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
