Building Security In
…
continue reading
1
Show 137: Wafaa Mamilli Discusses Cultural Differences in Technology Management
31:56
31:56
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:56
Wafaa Mamilli is Vice President, Chief Information Security Officer (CISO) at Eli Lilly and Company where she leads a global, enterprise-wide information and product security organization. She started her career consulting in Paris prior to joining Lilly France in 1995. Before being named CISO, Wafaa held several international leadership responsibi…
…
continue reading
1
Show 136: Pavi Ramamurthy discusses the relationship between development and software security
31:51
31:51
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:51
Pavi Ramamurthy manages the security ecosystem at LinkedIn as a Senior Information Security Manager. The Security Ecosystem team holds much of the responsibility for software security at the firm, including: software security training, awareness, bug herding, application vulnerability response, program management, and security positioning for partn…
…
continue reading
1
Show 135: Ksenia Dmitrieva-Peguero discusses software security and AngularJS
25:55
25:55
나중에 재생
나중에 재생
리스트
좋아요
좋아요
25:55
Ksenia Dmitrieva-Peguero is a Principal Consultant within Synopsys’ Software Integrity Group. She is a subject matter expert in a variety of software security practices including static analysis tool design and execution, customization, and deployment. She is also an expert in the areas of penetration testing and threat modeling. Throughout her car…
…
continue reading
1
Show 134: Kelly Jackson Higgins Discusses Cyber Security Journalism
24:54
24:54
나중에 재생
나중에 재생
리스트
좋아요
좋아요
24:54
Kelly Jackson Higgins is the Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with over 20 years of experience as a reporter and editor. Publications that Kelly has been associated with include Network Computing, Secure Enterprise Magazine, Communications Week, and more. Kelly’s coverage of com…
…
continue reading
1
Show 133: Cheryl Biswas Discusses the Politicization of Cyber Security
29:06
29:06
나중에 재생
나중에 재생
리스트
좋아요
좋아요
29:06
Cheryl Biswas is a Cyber Security Consultant focusing on threat intelligence at KPMG Canada. Her IT career began over 20 years ago at CP Rail’s helpdesk, with further roles in vendor management and change management. She went on to work as an InfoSec researcher at JIG Technologies where she advised her team and clients on security matters and weekl…
…
continue reading
1
Show 132: Chenxi Wang Discusses DevOps and Diversity in Tech
32:16
32:16
나중에 재생
나중에 재생
리스트
좋아요
좋아요
32:16
Dr. Chenxi Wang is the founder of the Jane Bond Project. She has built an illustrious security career with experience at Forrester Research, Intel Security, CipherCloud, and Twistlock. Dr. Wang started her career as a computer security faculty member at Carnegie Mellon University. She holds a Ph.D. in Computer Science from the University of Virgini…
…
continue reading
1
Show 131: Kate Pearce Discusses the Relationship Between Biology and Security
31:47
31:47
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:47
Kate Pearce is a Senior Security Consultant at Cisco within the Customer Solutions division. In her career, Kate approaches security from diverse perspectives encompassing defenders, builders, assessors, and attackers. Her approach blends business, academic, and assessment contexts with a clear focus on evidence-driven security approaches. Kate hol…
…
continue reading
1
Show 130: Jessy Irwin Discusses How to Make Security and Privacy Accessible
31:05
31:05
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:05
Jessy Irwin is Vice President of Security and Privacy at Mercury Public Affairs. Her work focuses on human-centric technology and security. Jessy works tirelessly to make security and privacy accessible to the average person through education and awareness. As an outspoken advocate, she writes and speaks publicly about security research, strong cry…
…
continue reading
1
Show 129: Kelly Lum Discusses Bug Hunting and a Unique Analytical Outlook on Security
33:14
33:14
나중에 재생
나중에 재생
리스트
좋아요
좋아요
33:14
Kelly Lum, a.k.a. Aloria, is a Security Engineer at Tumblr and an Adjunct Professor of Graduate Computer Networking and Application Security at NYU. She has 13 years of experience in computer security, having previously worked in both the government and financial services spaces. Kelly is also a frequent speaker on the Black Hat SummerCon Counterme…
…
continue reading
1
Show 128: Lesley Carhart Discusses Incident Response and Digital Forensics
27:49
27:49
나중에 재생
나중에 재생
리스트
좋아요
좋아요
27:49
Lesley Carhart is the Security Incident Response Lead at a large corporation in the Chicagoland area where she and her team work with digital theft, misconfiguration, and hacking issues. She has 17 years of experience in the IT industry, eight of which focus on incident response and digital forensics. Lesley holds a BS in Network Technologies from …
…
continue reading
1
Show 127: Dr. Marie Moe Discusses Medical Device Security
32:31
32:31
나중에 재생
나중에 재생
리스트
좋아요
좋아요
32:31
Dr. Marie Moe is a Security Researcher at SINTEF and an Associate Professor at the Norwegian University of Science and Technology. She was previously a Team Leader at NorCERT, the Norwegian national CERT, where she managed incident response to cyberattacks against national critical infrastructure. Marie’s recent work focuses on public safety and se…
…
continue reading
1
Show 126: Mike Pittenger Discusses Open Source Software Security
31:17
31:17
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:17
Mike Pittenger is the VP of Security Strategy at Black Duck Software where he is responsible for strategic leadership of security solutions, including product direction and strategic alliances. He has 30 years of experience in technology and business, more than 25 years of management experience, and has spent the past 15 years focusing on security.…
…
continue reading
1
Show 125: Jim Manico Discusses Static Analysis, Open Source, and Developer Training
31:51
31:51
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:51
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and secure engineering. He is also the founder of Brakeman Security which produces a Ruby on Rails security scanner. He is a volunteer and Former Global Board Member of the Open Web Application Security Project (OWASP) and the author of Iron-Clad Jav…
…
continue reading
1
Show 124: Lance Cottrell Discusses Anonymity and Privacy
32:47
32:47
나중에 재생
나중에 재생
리스트
좋아요
좋아요
32:47
Lance Cottrell is the Chief Scientist at Ntrepid where he works on the Passages product. He founded Anonymizer, Inc. in 1995, which was later acquired in 2008. Lance has been at the cutting edge of Internet privacy, anonymity, and security for over 20 years. He is on the board of the North Bay Angels and is a mentor for SoCo Nexus Sprout. He lives …
…
continue reading
1
Show 123: Yanek Korff Discusses How to Build a Successful Technical Team
27:40
27:40
나중에 재생
나중에 재생
리스트
좋아요
좋아요
27:40
Yanek Korff is the owner of Korff Consulting, LLC where he is a strategic consultant advising firms on information security topics. Having worked at Bell Atlantic, Cigital, AOL, and Mandiant, Yanek has well over a decade of experience in security operations, development, and infrastructure. Listen as Gary and Yanek discuss outsourcing, people vs. a…
…
continue reading
1
Show 122: David Nathans Discusses Security Operations Centers and Medical Device Security
29:45
29:45
나중에 재생
나중에 재생
리스트
좋아요
좋아요
29:45
David Nathans is a security professional with Siemens Healthcare where he specializes in medical device security. He has extensive experience in building security operations centers (SOCs) and cyber security programs. As the author of Designing and Building Security Operations Center and an original member of the first cyber squadron of the Air Nat…
…
continue reading
1
Show 121: Marty Hellman Discusses Cryptography and Nuclear Non-Proliferation
42:15
42:15
나중에 재생
나중에 재생
리스트
좋아요
좋아요
42:15
Martin E. Hellman is Professor Emeritus of Electrical Engineering at Stanford University. A graduate of New York University, Martin went on to earn both a Master’s degree and Ph.D. in Electrical Engineering from Stanford. He is the author of over 70 technical papers, holder of 12 U.S. patents, co-inventor of public key cryptography, and the 2015 Tu…
…
continue reading
1
Show 120: Silver Bullet Celebrates 10 Years! Marcus Ranum Interviews Gary McGraw
25:33
25:33
나중에 재생
나중에 재생
리스트
좋아요
좋아요
25:33
To celebrate 10 straight years of the monthly Silver Bullet Security Podcast, we’re flipping the mic. During the past decade, Dr. Gary McGraw has interviewed some of the security industry’s most influential gurus. A globally recognized authority on security and software, he is the CTO of Cigital and the author of eight bestselling books on software…
…
continue reading
1
Show 119: Jacob West Discusses the IEEE CSD, Bugs, Flaws, And Wearable Devices
28:07
28:07
나중에 재생
나중에 재생
리스트
좋아요
좋아요
28:07
As the Chief Architect for Security Products at NetSuite, Jacob West leads research and development for technology to identify and mitigate security threats. West has over a decade of experience developing, delivering, and monetizing innovative security solutions. Prior to his role at NetSuite, he served as the CTO for Enterprise Security Products …
…
continue reading
1
Show 118: Jack Daniel Discusses Security BSides, Communities, and the Big Picture of Security
39:29
39:29
나중에 재생
나중에 재생
리스트
좋아요
좋아요
39:29
Gary talks to Jack Daniel, a leading technology community activist, about the evolution of the community-driven BSides Con, changes in the security field over the last decade, and his thoughts on where good security people come from. Jack is currently a Strategist for Tenable Network Security, and has over twenty years of experience in network and …
…
continue reading
1
Show 117: Jamie Butler Discusses Security Research, Thinking Like a Hacker, And Rootkit Development
37:23
37:23
나중에 재생
나중에 재생
리스트
좋아요
좋아요
37:23
Gary talks to Jamie Butler, a self-proclaimed “coder at heart,” about the importance of an offensive security approach, attack patterns, and his specialization in rootkit development. Jamie is currently the CTO and Chief Scientist at Endgame where he leads research on advanced threats, vulnerabilities, and attack patterns. He has directed vulnerabi…
…
continue reading
1
Show 116: Doug Maughan Discusses the Current State Of Cyber Security In the U.S. Department Of Homeland Security
29:41
29:41
나중에 재생
나중에 재생
리스트
좋아요
좋아요
29:41
Gary talks to Dr. Doug Maughan about scientific research in computer security and its relationship to wider government efforts in security. Maughan is currently the Cyber Security Division (CSD) Director for the Homeland Security Advanced Research Projects Agency. With a Ph.D. in Computer Science and over 10 years of experience working with the Dep…
…
continue reading
1
Show 115: Peiter “mudge” Zatko Discusses the L0pht and Government Influence
38:33
38:33
나중에 재생
나중에 재생
리스트
좋아요
좋아요
38:33
Gary talks to Peiter Zatko, better known as “mudge” in hacker and security circles, about the evolution of the L0pht hacker collective and how his work in security influenced key agencies within the U.S. government to ramp up their cybersecurity efforts. During his time as a Program Manager with DARPA, mudge worked to fund much needed research for …
…
continue reading
1
Show 114: Peter Clay Discusses the Evolution of the CISO Role
31:26
31:26
나중에 재생
나중에 재생
리스트
좋아요
좋아요
31:26
Gary talks to the Chief Information Security Officer of Qlik, Peter “Pete” Clay, who holds 20+ years of experience in technology growth and its relationship to security from a risk management perspective. Pete brings federal, public, private and start-up insight into the global security space. He shares personal lessons he has learned as a consulta…
…
continue reading
1
Show 113: Chandu Ketkar Discusses Software Security Best Practices
27:51
27:51
나중에 재생
나중에 재생
리스트
좋아요
좋아요
27:51
Gary talks to Cigital’s Chandu Ketkar. With 20+ years of experience as a developer prior to getting into security, Chandu brings a unique and enlightened view to software security. Chandu shares his insight into why developers and security experts struggle to get along, and offers a solution from the world of economics. He also provides lessons fro…
…
continue reading
1
Show 112: “Crypto Wars II” with Steve Bellovin and Matt Green
33:43
33:43
나중에 재생
나중에 재생
리스트
좋아요
좋아요
33:43
We thought the “crypto wars” were resolved in the late 1990s. But the introduction of encrypted devices—specifically the release of iOS 8 and the growing number of available encrypted communication channels through public services such as Facebook and Snapchat—has resurfaced the debate. FBI Director Comey and other law enforcement groups are conce…
…
continue reading
Has software security actually gotten worse? On the 111th episode of The Silver Bullet Security Podcast, Gary talks with Marcus Ranum, Chief Security Officer of Tenable Network Security. He is the inventor of both the proxy firewall and early-advanced intrusion systems. Gary and Marcus discuss the current state of software security, firewalls, de-p…
…
continue reading
On the 110th episode of The Silver Bullet Security Podcast, Gary talks with Paul Dorey, founder of CSO Confidential and Visiting Professor at the University of London. Gary and Paul discuss the modern role of the CSO and the ideal background for a CSO, Paul’s biggest win and biggest mistake as a CSO, and the role of building security in as part of …
…
continue reading
On the 109th episode of The Silver Bullet Security Podcast, Gary is joined by Bart Preneel. Bart is a full professor at the KU Leuven, one of the oldest universities in the world. Gary and Bart discuss the differences in approaches to security between the EU and the US, what the picture of building security in looks like around the world, quantum c…
…
continue reading
In the 108th episode of the Silver Bullet Security podcast, Gary talks with Katie Moussouris, Chief Policy Officer of HackerOne. Gary and Katie discuss her first program (a piece of interactive fiction in the Choose Your Own Adventure category written in Basic), bug bounty programs, how financial services and healthcare firms might approach vulnera…
…
continue reading
L. Jean Camp is a Professor at the Indiana University School of Informatics and Computing. Gary and Jean discuss usability and security, whether users’ implicit expectations of security and privacy are enough to move the mobile market, and “old people” and security. They close out their discussion with the most surprising hangover cure and Jean’s f…
…
continue reading
Steve Katz is owner and founder of Security Risk Solutions and the “world’s first CISO.” Gary and Steve discuss the history and evolution of the CISO position, the difficulty of measuring risk in a realistic fashion, how to allocate resources between proactive security engineering and standard network security, triage, and incident response, what i…
…
continue reading
1
The History of Public Key Cryptography with Whitfield Diffie
43:41
43:41
나중에 재생
나중에 재생
리스트
좋아요
좋아요
43:41
On the 105th episode of the Silver Bullet Security Podcast, Gary talks with the legendary Whitfield Diffie, a pioneer of public-key cryptography. Gary and Whitfield discuss the history of public key cryptography, Diffie’s work on the “proof of correctness of programs,” and if backdoors into crypto systems are a bad idea. They close out by discussin…
…
continue reading
On the 104th episode of the Silver Bullet Security Podcast, Gary chats with Rick Gordon, Managing Partner at MACH37. Gary and Rick discuss Rick’s time in the Navy and what it taught him about security, Rick’s lessons learned from his time as CEO of Tovaris, whether the government outside of DARPA understands security engineering, and the drive behi…
…
continue reading
On the 103rd episode of the Silver Bullet Security Podcast, Gary talks with Brian Krebs, reporter and blogger at Krebs on Security. Gary and Brian discuss how growing up with a computer affected their future careers in security, MUD vs MAD, why “old media” can’t support in-depth security reporting, and why the government continues to be five years …
…
continue reading
On the 102nd episode of the Silver Bullet Security Podcast, Gary chats with Richard Danzig, one time Secretary of the Navy and Board member of the Center for New American Security (among several other things). Gary and Richard discuss Richard’s time at the Department of Defense, what he learned when running the US Navy that can be applied to comput…
…
continue reading
1
Software Security with the Founders of the Center for Secure Design
37:20
37:20
나중에 재생
나중에 재생
리스트
좋아요
좋아요
37:20
On the 101st episode of the Silver Bullet Security Podcast, Gary talks with Jim Del Grosso (Cigital), Yoshi Kohno (University of Washington), and Christoph Kern (Google) in a roundtable devoted to the new IEEE Center for Secure Design. The participants discuss the origin of the Center, why design flaws are more difficult to fix than implementation …
…
continue reading
1
The State of Software Security with Cigital’s Principals
29:05
29:05
나중에 재생
나중에 재생
리스트
좋아요
좋아요
29:05
After 100 months in a row (over 8 years), the Silver Bullet Security Podcast with Gary McGraw hits its landmark 100th episode. In this episode Gary talks live on video with Cigital’s Principals: John Steven, Scott Matsumoto, Paco Hope, Jim DelGrosso and Sammy Migues. The group discusses the state of software security and how its evolved (or has it?…
…
continue reading
On the 99th episode of the Silver Bullet Security Podcast, Gary talks with Michael Hicks, professor Computer Science at the University of Maryland. In this episode, they discuss the Programming Language Design and Implementation (PLDI) conference, type safety, closure, dynamic languages, why C is problematic, and how Javascript is dangerous. They g…
…
continue reading
On the 98th episode of the Silver Bullet Security Podcast, Gary chats with Bart Miller, Professor of Computer Science at the University of Wisconsin-Madison and Chief Scientist of the DHS Software Assurance Marketplace Research Facility. Gary and Bart discuss Heartbleed, fuzz testing, his work with Jeff Hollingsworth on dynamic instrumentation of b…
…
continue reading
1
The Development Side of Software Security with Aaron Bedra
35:16
35:16
나중에 재생
나중에 재생
리스트
좋아요
좋아요
35:16
On the 97th episode of the Silver Bullet Security Podcast, Gary chats with Aaron Bedra, Senior Manager of Application Security at Groupon. Gary and Aaron discuss how security is viewed by development teams that Aaron has worked with, how a security person could transition into software security, the importance of developing a security culture, type…
…
continue reading
On the 96th episode of the Silver Bullet Security Podcast, Gary talks with Nate Fick, CEO of Endgame. Gary and Nate discuss the use of the term “cyber war” from the perspective of an ex-Marine, Nate’s time at the Center for a New American Security, the Estonia DDOS attack, and how Nate has turned around the perception of End Game. They close out th…
…
continue reading
On the 95th episode of the Silver Bullet Security Podcast, Gary talks with Charlie Miller, a computer security researcher with Twitter. They discuss Charlie’s history in finding security flaws in Apple products, hacking cars, and whether we’re past the bug whack-a-mole days. They close out their chat with Charlie’s official car hacking soundtrack. …
…
continue reading
On the 94th episode of the Silver Bullet Security Podcast, Gary chats with Ming Chow, lecturer at Tufts University School of Engineering’s Department of Computer Science. Gary and Ming discuss whether it’s better to start with security people or people that know how to code already when building new software security professionals. They also talk a…
…
continue reading
On the 93rd episode of the Silver Bullet Security Podcast, Gary chats with Yoshi Kohno, Associate Professor of Computer Science and Engineering at the University of Washington. Gary and Yoshi discuss how much impact academic security impacts commercial security, car hacking, whether it’s possible to get the media to cover good software security, an…
…
continue reading
On the 92nd episode of the Silver Bullet Security Podcast, Gary chats with Jon Callas, Chief Technology Officer at Silent Circle and all around crypto freedom fighter. Gary and Jon talk about the early days of computing, insanely early computer security, nascent crypto, PGP, Lavabit, Snowden, and what Silent Circle is doing to make secure comms act…
…
continue reading
On the 91st episode of the Silver Bullet Security Podcast, Gary talks with Caroline Wong, Cigital’s Director of Security Initiatives. Gary and Caroline discuss the newly-released BSIMM-V, the concept of “SSI (Software Security Initative) in a box,” the most successful metrics that Caroline has used throughout her career at eBay and other high-profi…
…
continue reading
On the 90th episode of the Silver Bullet Security Podcast, Gary talks with Matthew Green, Assistant Research Professor at the Johns Hopkins Information Security Institute. Gary and Matt discuss the difference between theoretical cryptography and applied cryptography, the “On the NSA” blog post takedown scare, and the allegedly ‘backdoored’ Dual_EC_…
…
continue reading
On the 89th episode of the Silver Bullet Security Podcast, Gary chats with Mike Reiter, Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill. Gary and Mike discuss the differences and similarities between academic research and corporate research, the challenges of teach…
…
continue reading
On the 88th episode of the Silver Bullet Security Podcast, Gary talks with Christian Collberg, Ph.D., Associate Professor of Computer Science at the University of Arizona. Gary and Christian discuss what drew Christian to teaching Computer Security in the United States after living in several other countries, Christian’s book Surreptitious Software…
…
continue reading