Bra podcast
Sveriges mest populära poddar
- Affärsnyheter
- Alternativ hälsa
- Amerikansk fotboll
- Andlighet
- Animering och manga
- Astronomi
- Barn och familj
- Basket
- Berättelser för barn
- Böcker
- Buddhism
- Dagliga nyheter
- Dans och teater
- Design
- Djur
- Dokumentär
- Drama
- Efterprogram
- Entreprenörskap
- Fantasysporter
- Filmhistoria
- Filmintervjuer
- Filmrecensioner
- Filosofi
- Flyg
- Föräldraskap
- Fordon
- Fotboll
- Fritid
- Fysik
- Geovetenskap
- Golf
- Hälsa och motion
- Hantverk
- Hinduism
- Historia
- Hobbies
- Hockey
- Hus och trädgård
- Ideell
- Improvisering
- Investering
- Islam
- Judendom
- Karriär
- Kemi
- Komedi
- Komedifiktion
- Komediintervjuer
- Konst
- Kristendom
- Kurser
- Ledarskap
- Life Science
- Löpning
- Marknadsföring
- Mat
- Matematik
- Medicin
- Mental hälsa
- Mode och skönhet
- Motion
- Musik
- Musikhistoria
- Musikintervjuer
- Musikkommentarer
- Näringslära
- Näringsliv
- Natur
- Naturvetenskap
- Nyheter
- Nyhetskommentarer
- Personliga dagböcker
- Platser och resor
- Poddar
- Politik
- Relationer
- Religion
- Religion och spiritualitet
- Rugby
- Så gör man
- Sällskapsspel
- Samhälle och kultur
- Samhällsvetenskap
- Science fiction
- Sexualitet
- Simning
- Självhjälp
- Skönlitteratur
- Spel
- Sport
- Sportnyheter
- Språkkurs
- Stat och kommun
- Ståupp
- Tekniknyheter
- Teknologi
- Tennis
- TV och film
- TV-recensioner
- Underhållningsnyheter
- Utbildning
- Utbildning för barn
- Verkliga brott
- Vetenskap
- Vildmarken
- Visuell konst
Om podden
Breakpoint-’Exploring the depths of Defensive Security’. The defensive side of Security is a world in itself with teams achieving amazing feats that involve excellent engineering practices and smart optimisation for scale. This is not talked about enough in the industry. Join me in the br3akp0int podcast as we reflect on the methods and approaches these smart teams use to solve practical challenges in information security and innovate their way into the future. Who is this meant for? : This podcast is for anyone in InfoSec willing to know more about advances in security techniques. This includes security researchers or professionals, product owners, compliance or cloud, AI/ML, threat intel, SecOps automation, Security Leaders, development teams, pentesters and security practitioners. A bit about me: I am a technical security enthusiast and have been dabbling my hands at both offensive and defensive security. I am passionate about growing security communities and have spoken and trained at various security conferences.
The podcast Breakpoint Security Podcast is created by Neelu Tripathy. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Avsnitt
#S03EP10 SOC - Beyond Automation | Dr. Anton Chuvakin
14 december 2024 |
45 min
In this episode of the Breakpoint Security Podcast, we dive into the evolving world of Security Operations Centers (SOC) with Dr. Anton Chuvakin, Security Advisor at the Office of the CISO, Google Cloud.
Key discussion points include:
- Event Correlation: Exploring the automation of correlating security events in real-time and at scale. When should we rely on automation, and where does human expertise still play a vital role?
- Threat Detection & Response: A deep dive into machine learning (ML) and behavior-based analytics for threat detection, including insider threats and the impact of UBA/UEBA on SOC operations.
- Automated Response: Insights & limits of leveraging SOAR platforms to streamline incident response, the boundaries of automated remediation, and real-world use cases like quarantining devices or resetting accounts.
- Threat Hunting: How organizations can fine-tune automation to enhance predictive accuracy and overcome the limitations of AI in identifying potential threats.
Dr. Chuvakin shares technical insights, real-world examples, and practical advice, making this a must-watch for anyone looking to optimize their SOC operations.
Recommended reading/viewing for practitioners:
https://cloud.withgoogle.com/cloudsecurity/podcast/
https://medium.com/anton-on-security/crosspost-a-simple-soar-adoption-maturity-model-dacf61ae857b
https://medium.com/anton-on-security/about-threat-intel-retro-matching-5d94f2cc1991
https://cloud.google.com/blog/topics/threat-intelligence/gemini-for-malware-analysis
https://medium.com/anton-on-security/anton-and-the-great-xdr-debate-part-1-8ed148c3cee4
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP09 Crypto Shield for Vehicle Security | Sandip Dholakia
16 november 2024 |
48 min
When even a seasoned security professional thinks about cryptography, the obvious areas are encryption at rest and in transit. But modern cryptography has penetrated our lives - in the areas we don’t even think about. It works its magic in IoT devices, in the cloud, while we shop, and even in the car we drive!
Guest: Sandip Dholakia, Principal Security architect and co-chair of Cryptography CoE at SAP Global Security & Compliance.
Glossary
- ECM = Engine Control Module
- BCM = Body Control Module
- RFM = Radio Frequency Module
Recommended reading/viewing, Paper(in this topic) for practitioners
- Modern Cryptography - The Practical Guide
- For India: https://www.shroffpublishers.com/books/9789355426079/
- For other countries: https://bit.ly/3X36gel
- Patent Link: https://patents.google.com/patent/US8056538B2/en
- Where Things Fall Apart, Matthew Green
- Cybersecurity in Automotive: Mastering the Challenge
- https://www.metabaseq.com/threat/car-hacking-current-trend-in-car-theft/
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP08 Getting Domain Admin: Infrastructure Hacking | Prashant Mahajan
29 oktober 2024 |
38 min
Guest: Prashant Mahajan, Director for Payatu Australia Pty Ltd and OzHack
The Cybersecurity landscape is driven by the increasing complexity and integration of systems. One major challenge is the proliferation of interconnected devices and platforms, which expand the attack surface and create numerous entry points for malicious actors. Additionally, the rapid adoption of cloud services and virtualization technologies introduces new vulnerabilities and requires robust security measures that are often inadequately implemented.
Furthermore, the rise of sophisticated attack techniques, such as advanced persistent threats (APTs) and zero-day exploits, further complicates the defense mechanisms needed to protect infrastructure. Addressing these challenges requires a multi-faceted approach, including advanced threat detection, continuous monitoring, and enhanced collaboration across the cybersecurity community.
In this episode we explore this through some very interesting stories from Prashant M. What can really go wrong in our IT infra and how attackers can leverage our assumptions.
Recommended reading/viewing for practitioners:
ADRecon:
- https://github.com/adrecon/ADRecon
- https://github.com/adrecon/AzureADRecon
- https://www.defcon.org/html/defcon-26/dc-26-demolabs.html
- https://www.blackhat.com/us-18/arsenal/schedule/index.html#adrecon-active-directory-recon-11912
A few recommended books for getting into Pen Testing:
- The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
- Network Security Assessment: Know Your Network
- Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks by Michal Zalewski
- Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
- Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters by Justin Seitz and Tim Arnold
- The Hacker Playbook 3: Practical Guide To Penetration Testing
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP07 Gamification for Hacking Humans | Jayson E. Street
11 oktober 2024 |
76 min
A "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
This is none other than our Guest- Jayson E. Street, Chief Adversarial Officer at Secure Yeti.
In today's highly digitized world, organizations are increasingly susceptible to social engineering attacks, where malicious actors manipulate individuals/employees into divulging confidential information. Despite advanced technical defenses, attackers exploit human psychology to breach security perimeters. Techniques such as phishing emails, pretexting, and baiting continue to trick employees into revealing passwords, granting access to sensitive systems, or clicking on malicious links.
As digital enterprises expand their online footprints, the potential attack surface grows, making it imperative for organizations to adopt robust social engineering defenses. Failure to address this threat can lead to significant financial losses, reputational damage, and operational disruptions.
This is a big one and loaded with fun stories by Jayson.
Stay tuned for this next one- the Rapid Fire with Jayson Street.
Episode recommendations/Links:
His Book- Dissecting the Hack: The F0rb1dd3n Network (Jayson Street)
His website: https://jaysonestreet.com/
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
YouTube: https://youtube.com/@breakpointsecuritypodcast
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP07 Teaser | Gamification for Hacking Humans
7 oktober 2024 |
1 min
In this episode, we're diving deep into "Gamification for Hacking Humans" with Jayson E. Street, Chief Adversarial Officer at Secure Yeti.
We discuss how attackers are exploiting human psychology through techniques like #phishing and pretexting and how #AI is making #socialengineering attacks even more sophisticated. With the rise of remote work, these #threats are more real than ever!
Want to know how your organization can defend against these tactics? Check out the follow up full video for valuable insights into protecting your team from manipulation. #cybersecurity
Follow us on LinkedIn: https://www.linkedin.com/company/breakpoint-security-podcast
YouTube: https://youtube.com/@breakpointsecuritypodcast
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP06 Decoding Security Metrics for Business Risk | Runa Dalal
21 september 2024 |
69 min
Interested in Cyber Reporting? Check out this episode where we discuss - Interpreting Security Metrics to understand real business Risk.
Guest: Runa Desai Dalal, Cyber Risk Leader at Accenture
Cyber Strategy| CISO Dashboard| Cyber KPI| Cyber Analytics| Business Continuity |Enterprise Risk|Mentor| Coach| Guide|
Understanding security data within an organization involves synthesizing data from various domains such as risk management, DevSecOps, and SOC operations to create meaningful correlations. By interpreting these security metrics, businesses can transform raw data into actionable insights that highlight potential risks and inform strategic decisions, ultimately enhancing their overall security posture and reducing business risk.
Recommended reading/viewing for practitioners:
Cybersecurity measurement
https://www.nist.gov/cybersecurity-measurement
Reporting Cyber Risk to the Board: Real Life Examples
https://youtu.be/cwvwvzMo44I?si=HNxXqppzVvInH4vp
Reporting Cyber Risk to the Board by Omar Khwaja
https://youtu.be/1CLG0bJLqFo?si=h8yIGMrcS5I9G7y8
---
Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP05 Mastering Application Threat Modeling at Scale | Tony UV
7 september 2024 |
54 min
TOPIC: Mastering Application Threat Modeling at Scale
Guest: Tony UV, CEO & Founder of VerSprite Security, and the Author of Risk Centric Threat Modeling & PASTA Methodology
We dive deep into everything from effective threat modeling techniques for Agile and waterfall applications to scaling threat modeling across large application ecosystems. Tony shares his insights on automating this critical process, handling technical and cultural dependencies, and ensuring security practices keep up with rapid development velocity.
If you're looking to understand what a robust threat modeling program looks like and how to measure its success, you're at the right place!
Recommended reading/viewing for practitioners:
- https://www.linkedin.com/posts/tonyuv_technology-cybersecurity-threatmodeling-activity-7136353298416107520-DOxu?utm_source=share&utm_medium=member_ios- https://versprite.com/blog/organizational-threat-model-enterprise-risk-assessment/
- https://versprite.com/blog/threat-modeling-against-supply-chains/
- https://www.amazon.com/Risk-Centric-Threat-Modeling-Simulation/dp/0470500964?dplnkId=35a18e4f-f9bb-48cc-b747-46fae78757f4&nodl=1
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP04 AI for Security And Security For AI | Tamaghna Basu
23 augusti 2024 |
60 min
In this episode, we delve into the intricate world of AI security, tackling the dual challenge of safeguarding artificial intelligence systems and utilizing AI to enhance cybersecurity.
Guest: Tamaghna Basu, Founder & CEO, DeTaSECURE
Join us as we unravel the complexities of AI security and provide valuable insights that can help you stay ahead in the ever-evolving cybersecurity landscape. Whether you're a security professional, an AI enthusiast, or simply curious about the intersection of these fields, this episode offers critical knowledge and practical tips to enhance your understanding and approach to AI security.
Glossary for Listeners
Artificial Intelligence (AI) is the creation of computer systems that can perform tasks normally requiring human intelligence. This includes recognizing speech, making decisions, and learning from data. Imagine a smart assistant like Siri or Alexa—they use AI to understand and respond to your requests.
Machine Learning (ML)
- A subset of AI focused on developing algorithms that allow computers to learn from and make predictions or decisions based on data.
Neural Networks
- Computational models inspired by the human brain, consisting of interconnected nodes (neurons) that process information in layers to recognize patterns and make decisions.
Natural Language Processing (NLP)
- A branch of AI that enables machines to understand, interpret, and respond to human language in a natural way, including tasks like translation, sentiment analysis, and chatbots.
Deep Learning
- A type of machine learning involving neural networks with many layers (deep neural networks), which excel at analyzing large datasets and performing complex tasks such as image and speech recognition.
Adversarial Attacks
- Techniques used to deceive AI models by introducing malicious input, causing the model to make incorrect predictions or classifications, highlighting vulnerabilities in AI systems.
Recommended reading/viewing for practitioners:
- Tamaghna’s BackHat Talk- Clone with AI : https://www.youtube.com/watch?v=XafJT7I71yo
- Adversarial Attacks: https://youtu.be/t5-vMJDFr8E
- T-Mobile Breach: https://www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers
- Samsung bans ChatGPT: https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/
- OpenAI Data Breach: https://openai.com/index/march-20-chatgpt-outage/
Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP03 DevOpsification of Threat Detection Development | Wasim Halani
10 augusti 2024 |
57 min
Learn to DevOpsify your Threat Detection Development!
Guest: Wasim Halani, Director - Detection Engineering at Securonix
SOC teams face a continuous challenge of evolving threats and a difficulty in developing #analytics to detect such #threats. Recent times have seen the Detection Engineering function evolve along the lines of Software Engineering - which means the Agile and DevOps methodologies also apply to new detections being developed and deployed.
Continuous development, continuous testing and continuous deployment are part of the game.
In this episode, we dive into the challenges faced by traditional #SOC teams in building effective threat detections, explore why threat detection is inherently difficult, and discuss how #DevOps principles can enhance this process. We also cover the groundwork for implementing these principles and the most challenging aspects of developing a #detection #engineering #program.
Recommended reading/viewing for practitioners:
1. https://medium.com/anton-on-security/can-we-have-detection-as-code-96f869cfdc79
2. https://www.securonix.com/blog/ddlc-detection-development-life-cycle/
3. https://medium.com/snowflake/detection-development-lifecycle-af166fffb3bc
Follow us on LinkedIn: @breakpoint-security-podcast
Breakpoint Youtube: BreakpointSecurityPodcast
https://youtube.com/@breakpointsecuritypodcast
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP02 Building Intelligence into your Software Supply Chain Security | Shashank Dixit
26 juli 2024 |
52 min
Checkout AI for your DevOps pipelines!
Guest: Shashank Pramod Dixit, Principal Consultant, Sumeru Solutions
CISO advisory, Product Management, Security leadership, Product Security.
There exist many common challenges today for SMBs doing DevSecOps. Organizations are confused among the tools, there are so many options which ones shall we choose.
There are so many false positives, and unnecessary noise.
There is no in-house expertise in place who can level up the application security.
There are cost limitations, the license tools are expensive and open source are difficult to maintain.
In this episode, we dive deep into the common challenges faced by SMBs in DevSecOps - from AI enabled tool selection confusion to dealing with false positives, lack of in-house expertise, and financial constraints.
We cover the full spectrum for ways and means of using Artificial Intelligence to secure your software supply chain!
Recommended reading/viewing for practitioners:
- https://ventureinsecurity.net/
- https://tldrsec.com/
- https://danielmiessler.com/
- https://yourstory.com/2023/02/bomanai-revolutionising-secure-software-development-tool-devsecops
- https://pulse.latio.tech/
Follow us on LinkedIn: @breakpoint-security-podcast
Connect with me on -
Twitter: @NeeluTripathy
LinkedIn: @neelutripathy
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S03EP01 Taking Charge of Your APIs: Proactive API Security | Buchi Reddy B
14 juli 2024 |
62 min
What does Proactive API Security Testing encompass and what all you need to enhance your API Security Posture? We discuss all this with our expert guest Buchi Reddy.
Guest: Buchi Reddy B, Founder & CEO of Levo.ai
Proactive API security testing refers to an approach where security testing activities are conducted preemptively to identify and address potential security vulnerabilities in APIs before they can be exploited by malicious actors. This proactive approach involves systematically assessing the security posture of APIs through various techniques and methodologies, even before they are deployed or exposed to production environments.
By proactively testing for various attack scenarios, organizations can identify and remediate security vulnerabilities in their APIs before they are exploited by attackers, thus enhancing the overall security posture of their systems and protecting sensitive data from unauthorized access or manipulation.
Guest Intro:
After graduating with an engineering degree in India, Buchi began his career in a renowned hedge fund and then immigrated to the US to work in Silicon Valley startups.
Since then, he has worked in 4+ Silicon Valley startups, most being seed stage. While working in one such cybersecurity startup, he encountered fundamental inefficiencies in the cybersecurity space. Inefficiencies in the development, integration and testing of API systems in enterprise applications that culminate in data breaches and PR nightmares.
To tackle these problems, he founded Levo.ai, a cybersecurity startup. After 1.5 years of rigorous development, Levo is now being deployed in the environments of industry leaders, pioneering a proactive era for application security.
Follow us on LinkedIn: @breakpoint-security-podcast
Audio on Buzzsprout: https://breakpoint.buzzsprout.com
Connect with me on -
Twitter: @NeeluTripathy
LinkedIn: @neelutripathy
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP10 | Zeroing Trust: Identity Threats, the New Attack Surface | Sudarshan Pisupati
17 januari 2024 |
57 min
The proliferation of digital identities and access points has increased the attack surface, making it difficult to monitor and secure user identities effectively. The rising sophistication of cyber threats, including identity theft and credential-based attacks, demands proactive measures to detect and respond to these threats promptly. Additionally, compliance requirements and data protection regulations necessitate robust identity security to avoid legal and financial repercussions.
All the above result in growing the complexity of managing user identities, especially in large enterprises and hence require automation and real-time monitoring capabilities to manage Identity threats, ensuring the organization can effectively safeguard its digital assets and sensitive data.
Guest : Sudarshan Pisupati, Principal Research Engineer at Zscaler.
He is currently focused on adding Identity Threat Detection and Response capabilities to Zscaler's cyber threat protection portfolio.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP09 | Controlling your SaaS Sprawl with a SaaS Security Platform | Abhishek Anand
29 december 2023 |
57 min
Just like cloud is omnipresent in 2023, SaaS sprawl is just as prevalent. A company on an average uses 110 SaaS apps and broadly 70% of the software that is being run is SaaS with issues even more severe at enterprise level.
SaaS security today is thought of as an IAM problem solved with an SSO integration but issues go beyond that, with misconfigurations leading to leaked data, insecure SaaS plugins opening up new threat vectors and how your services talk to other SaaS apps.
A lot of cloud security issues can be solved in orgs with good engineering practices but SaaS security is harder because users are spread across the organization and each tool has its own nuances, so IT/security teams find it hard to manage well. The general practice of allowing users to bring their own plugins and ways of use around SaaS apps is what creates security issues.
In this episode, we dive deep into SSP implementations for organisations.
Guest: Abhishek Anand, Co-Founder Koala Lab
Abhishek is a technology leader who built Housingdotcom as CTO and most recently built cloud infra at Whitehat Jr, where he led the platform and SRE teams. Over the course of his career, he has solved varied security problems and is currently building KoalaLab based on inspiration during his time building and securing infrastructure for these fast-growing companies.
Recommended reading/viewing for practitioners:
- SaaS Sprawl: https://www.zippia.com/advice/saas-industry-statistics
- 38% of companies run almost entirely on SaaS
- As of 2021, an average of 110 SaaS apps are used per organization.
- Approximately 70% of total company software use is SaaS as of 2022. However, this number has the potential to reach up to 85% by 2025, indicating that SaaS as software will only continue to become more popular.
- Salesforce leak of data: https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/
- Google drive leaks: https://ny.chalkbeat.org/2021/8/5/22612388/data-breach-nyc-students-staff-google-drive
- Case: https://www.wired.co.uk/article/nhs-covid-19-app-health-status-future
- TL;DR: https://tldrsec.com/- Good newsletter covering a lot of security research
- SSP Coverage Reference: https://www.koalalab.com/saas-security
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP08 Packing a Punch! With Policy-as-Code | Abhay Bhargav
19 december 2023 |
42 min
In today's world of rapidly evolving technology and the increasing complexity of software systems, ensuring the security and compliance of applications across the stack has become paramount. The stack has also gotten to be much more complex with the proliferation of APIs on cloud and cloud-native technologies. Tightly coupled security controls for things like Authorization, Validation and Admission Control is not realistic and is causing a large inconsistency in the implementation of security controls.
This episode will provide an in-depth exploration of Policy-as-Code (PaC) and how it can be employed to implement decoupled security practices across the stack. PaC serves as a unified framework that enables organizations to define, manage, and enforce policies in a consistent, transparent, and automated manner. This approach facilitates better security, compliance, and risk management, while also reducing the need for manual intervention.
Guest: Abhay Bhargav, Founder of we45,Appsec Engineer
Abhay Bhargav is the Founder of the Chief Research Officer of AppSecEngineer, an elite, hands-on online training platform for AppSec, Cloud-Native Security, Kubernetes Security and DevSecOps. AppSecEngineer delivers hands-on security skills that companies are actually looking for.
Abhay started his career as a breaker of apps, in pentesting and red-teaming, but today is more involved in scaling AppSec with Cloud-Native Security and DevSecOps
He has created some pioneering works in the area of DevSecOps and AppSec Automation, including the world’s first hands-on training program on DevSecOps, focused on Application Security Automation. In addition to this, Abhay is active in his research of new technologies and their impact on Application Security, specifically Cloud-Native Security. In addition, Abhay has contributed to pioneering work in the Vulnerability Management space, being the architect of a leading Vulnerability Management and Correlation Product, Orchestron. Abhay is also committed to Open-Source and has developed the first-ever Threat Modeling solution at the crossroads of Agile and DevSecOps, called ThreatPlaybook.
Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA, SHACK and so on. He's authored two international publications on Java Security and PCI Compliance as well.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP07 From Chaos to Compliance: Navigating the ISMS Implementation Maze | MS Sripati
7 december 2023 |
54 min
From Chaos to Compliance: Navigating the ISMS Implementation Maze
In this episode, we will be talking about the challenges an organization faces when doing an ISMS implementation. We will talk about this in the context of ISO 27001 implementation and see the practical nuances it entails.
Guest: Sripati MS, Assistant Vice President, Risk, Utkarsh Small Finance Bank
He is an information security risk management professional, 18 years and counting. He has helped create, run, and audit information security programs for customers in the oil/gas, utility, and banking domains. He has also helped provide security assessment services to customers in various industries. He runs a blog (sripati.info) and answers questions on Quora.
Recommended reading/viewing for practitioners:
- Gary Hinson’s ISO 27001 Google Group (https://iso27001security.com/html/forum.html
https://groups.google.com/g/iso27001security)
- ISO Certification Process: www.advisera.com
- ISO 27001 Standard: https://iso27001security.com/
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP06 (MITRE) ATT&CK in your Backyard | Shweta Kshirasagar
28 oktober 2023 |
50 min
MITRE ATT&CK has been the go-to framework for both offensive & defensive security teams. It’s sophistication and vast coverage makes it quite comprehensive, often not easy to fathom, let alone implement to the fullest. In this episode of br3akp0int, we demystify this through practical scenarios & Shweta’s experience of implementing it in day-to-day activities of Cyber Defenders.
Guest: Shweta Kshirsagar, General Manager - Security Assurance, Airtel Africa
Shweta is an accomplished information security professional with 18 years of industry experience in various domains of Cyber Security such as Cyber Incident Response, Data Protection and Privacy, Information Security Audit and Compliance. Possess strong leadership skills with a collaborative approach towards driving cross-functional programs. Holds multiple professional certifications and has won awards and recognition in the industry.
Recommended reading/viewing for practitioners:
- Mitre Att&ck Framework & website: https://attack.mitre.org/matrices/enterprise/
- https://github.com/mitre-attack
- https://center-for-threat-informed-defense.github.io/attack-sync/
- https://redcanary.com/blog/avoiding-common-attack-pitfalls/
- https://www.inforisktoday.in/insights-from-dual-vendor-saas-based-siem-implementation-a-22207
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP05 From Zero to One: Bootstrapping Security for your Organization | Prajal Kulkarni
18 oktober 2023 |
43 min
From Zero to One: Bootstrapping Security for your Organization
With the rise in the number of digital start ups, many of us in security and engineering find ourselves in a place where we are the first of the lot. We need to not just define, but start and secure our organization and assets from the ever growing set of breaches & attacks.
This episode is dedicated to starting security from scratch and going ground up.
Guest Intro: Prajal Kulkarni, Chief Information Security Officer @ Groww
Prajal Kulkarni brings over 13 years of expertise in securing infrastructure, designing robust security frameworks, and assisting startups in their initial security journey. As the current Chief Information Security Officer at Groww, he leads a team of talented and dynamic security engineers.
Before joining Groww, Prajal held the position of Senior Security Architect at Flipkart, where he was responsible for ensuring the security of the entire ecommerce business. He also managed comprehensive security charters for Flipkart's M&A companies, contributing significantly to their secure operations.Furthermore, Prajal led a skilled team at a prominent Fintech company, overseeing offensive and defensive security projects to safeguard their systems and data.
Beyond his corporate experience, Prajal actively participates in the Indian security community. He serves as the lead contributor to Code Vigilant, an open security project that promotes responsible disclosures and enhances the security of open source software.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP04 IoT Security: Safeguarding Your Smart World! | Aseem Jakhar
3 oktober 2023 |
50 min
The world is getting smarter and the number of IoT devices is growing by the day. Securing such environments presents unique challenges due to the diverse nature of these devices and the complexity of their interactions.
Guest: Aseem Jakhar Co-Founder & Dir. Research at Payatu
Linkedin: @aseemjakhar
X: @aseemjakhar
Aseem Jakhar is a Cybersecurity Entrepreneur and Technologist with two decades of experience in security product development, services, building and scaling teams and communities. He is currently working on solving the IoT Security problem with his latest venture EXPLIoT. He has previously bootstrapped impactful cybersecurity companies to multi-million dollar revenue. He co-founded Payatu, Nullcon, Hardwear.io and null - the open security community.
He is an active speaker and trainer at various security conferences like AusCERT, Black Hat, Defcon, Brucon, Hack.lu, Hack in Paris, Hack In The Box, PHDays, Zerocon and many more. He has authored various open source security software including:
- EXPLIoT - IoT Exploitation Framework https://expliot.io
- DIVA Android (Damn Insecure and Vulnerable App for Android)
- Jugaad/Indroid - Linux Thread injection kit for x86 and ARM
- Dexfuzzer - Dex file format fuzzer
Recommended reading/viewing, for practitioners:
- U.S. Cyber Trust Mark: https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/
- IoT Profiler research: https://www.usenix.org/conference/usenixsecurity23/presentation/nan
- EXPLIoT - IoT Security Testing and Exploitation framework: https://gitlab.com/expliot_framework/expliot
- Singapore Cybersecurity Labeling Scheme - https://www.csa.gov.sg/our-programmes/certification-and-labelling-schemes/cybersecurity-labelling-scheme
- Hands-on IoT Hacking Ebook - https://store.expliot.io/products/hands-on-internet-of-things-hacking
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP03 DevSecOps for teams building on Steroids | Akash Mahajan
15 september 2023 |
52 min
TOPIC: DevSecOps for teams building on Steroids
Developers have already adopted public cloud in all tech enabled companies and industry verticals. Security teams are mostly for after the fact testing, signaling that compliance is in place or even as a sales aid when selling to large enterprises.
If Continuous Delivery is the goal (as that gets the business money) then the integration and deployment pipelines (CI/CD) are the assembly lines. Far too often under the misguided notions of shift left, security teams come and slow things down by adding security steps to such pipelines and are surprised when no one likes this.
This is what he was able to solve for Byjus enterprise business team and they presented this at DevOps Enterprise Summit 2021 Europe as well.
Guest: Akash Mahajan, Founder & CEO Kloudle,Appsecco
Before founding Kloudle, Akash started Appsecco in 2015. At Appsecco, they did security testing of products hosted in the public cloud. They tested 100s of applications. But instead of app bugs, they found most of the time cloud infra was misconfigured.
Humans make mistakes. So far most developers are human too. Project after project they hacked into customer's apps due to cloud misconfigurations. Therefore, they built Kloudle.
Kloudle automates cloud security to eliminate human errors in setting up and using cloud infrastructure. It answers 3 things. What's running, what's wrong, how to fix it. Automatically in a loop. A CSPM built for devs.
Recommended reading/viewing, for practitioners:
- The Phoenix Project [https://www.amazon.in/Phoenix-Project-Devops-Helping-Business/dp/1942788290]
- The Goal [https://amzn.eu/d/ebKsrd6]
- Accelerate [https://amzn.eu/d/41jhgu6]
- DORA Metrics [https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance]
- Turtles All The Way Down
- Scaling Enterprise BizOps by Automating DevOps Practices
- https://github.com/devopsenterprise/2021-virtual-europe/blob/main/PPT%20revamp%20-%20DevOps%20Enterprise%20Summit%20v6%20(2).pdf
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP02 Sprinting Securely: Pentesting Keeping Pace with Agile Development | Sanoop Thomas
1 september 2023 |
44 min
TOPIC: Sprinting Securely: Pentesting Keeping Pace with Agile Development
Building Actionable Security Champion Programs & Pentest catching up with speed of agile
Podcast Guest: Sanoop Thomas (@s4n7h0)
Sanoop Thomas (@s4n7h0) is a seasoned security professional with a diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as an information security specialist focusing on application security and secure coding. His field of interest includes fuzzing software vulnerabilities, reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He also moderated null open community chapter in Singapore and Mumbai and organized over hundreds of events and workshops to spread security awareness across the country.
Sanoop is the author and maintainer of Halcyon IDE project (https://halcyon-ide.org) and podcast show host at InfoSec Campus (https://infoseccampus.com). He has spoken at multiple international security conferences that includes Nullcon, OWASP India, DevSecCon, HITBGSEC, Rootcon, Defcon (Demo Labs) and Blackhat (Arsenal - Vegas and Singapore). Sanoop is also the founding organizer for BSides Singapore.
Recommended reading/viewing, for practitioners
- tl;dr sec newsletter by Clint Gibler (@clintgibler)
- https://tldrsec.com/
- The Backend Engineering Show with Hussein Nasser (podcast)
- Listen to Sanoop Thomas’ podcast: Infosec Campus
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
#S02EP01 From Threat Actors with Love! Tackling Malware Attacks for Healthcare | Shyam Sundar
19 augusti 2023 |
52 min
Season 02 Episode 01
TOPIC: From Threat Actors with Love ! Tackling Malware Attacks for Healthcare
The sophisticated cyber attacks post pandemic opens the door for threat actors to craft more mail spam that spans across different sectors of industry. The rise of attacks towards the healthcare industry targeting health care specific devices and infrastructure. How do we stop these ? Wait ! Do we even know such sectors are affected ?
Guest: Shyam Sundar Ramaswami , Sr. Staff Cyber Security Architect , Cyber Labs - GE Healthcare
Shyam is a two- time TEDx speaker , co- author of the book titled it's your digital life . Shyam leads the efforts with cyber security research in GE healthcare, an advisor for penetration testing, cloud security and cyber security compliance in cyber labs. Shyam has worked on malware, memory forensics investigations and has published several of his original research work in conferences like BlackHat USA, Qubit, DeepSec, NullCon, HackFest and several international conferences. Shyam holds a masters in Digital Forensics and also mentors students across the globe under his “Being Robin” program.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Season 01 | It's a Wrap! | Neelu Tripathy
28 april 2023 |
8 min
We're wrapping up season 01 and will be back soon in Season 02!!
A big THANK YOU!
To all our listeners who have been listening to the episodes for this first season of BP :)
To all our Guests for sharing interesting stories & practical takeaways.
In this cast, we wrap up Season 01 and share a quick glimpse of what was discussed in each episode, so that listeners know and can choose whatever they want to listen. Do check out all the episodes, a quick outline below:
Episode 01: Securing your Security product with Sharukh Ahmed
Episode 02: Secrets Management with Ankit Khasgiwale
Episode 03: OT Security Vendor Risk Management with Vikash Tiwari
Episode 04: Cloud Security for SaaS Companies with Jayesh Chauhan
Episode 05: Building a 100% Open Source DevSecOps Stack for Product Teams with Abhisek Datta
Episode 06: Proactive Threat Prevention with Threat Intelligence with Avkash Kathiriya
If you have any specific questions in these areas you want answered, new areas you want to hear about, please share your suggestions in BP Podcast Suggestions here.
If you enjoy practical security conversations and stories, remember to Subscribe & share further.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Proactive Threat Prevention with Threat Intelligence | Episode Teaser
14 april 2023 |
3 min
TOPIC: Proactive Threat Prevention with Threat Intelligence
In this episode, we discuss the challenges of Threat Intelligence in the modern Threat landscape and how security teams can conduct Threat Intelligence to Proactively Stop Advanced Attacks.
Guest: Avkash Kathiriya, Sr. VP - Research and Innovation at Cyware Labs
Avkash is the VP of Research at a US-based Cyber security product startup. Avkash is an astute cybersecurity professional with more than 13 years of experience in core security technology domains including Cyber Defense, Security Orchestration and Automation, Cyber Resiliency, Threat Hunting, and Threat Intelligence. Apart from leading the research and innovation at Cyware, Avkash is also a globally well-known speaker at various security conferences in India and abroad. He is also a visiting faculty member at IIIT, Sri City, and a Cyber Threat Intelligence Committee member at OASIS, a global non-profit consortium that works on the development, convergence, and adoption of open standards for cybersecurity.
Glossary
We might be frequently using some common terminologies in our conversation, the way they're used in the industry, so those new to this can refer to the quick glossary given below before you start
- CTI: Cyber Threat Intel
- TTPs: tactics, techniques, and procedures
- APT: advanced persistent threats- in which an attacker gains access and stays without being detected for long time.
- SIEM: Security Info Event Management
- SOC: Security Operations Center
- IoC: Indicators of Compromise
- IoA: Indicators of Attack
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Proactive Threat Prevention with Threat Intelligence | Avkash Kathiriya | Full Ep.
14 april 2023 |
71 min
TOPIC: Proactive Threat Prevention with Threat Intelligence
In this episode, we discuss the challenges of Threat Intelligence in the modern Threat landscape and how security teams can conduct Threat Intelligence to Proactively Stop Advanced Attacks.
Guest: Avkash Kathiriya, Sr. VP - Research and Innovation at Cyware Labs
Avkash is the VP of Research at a US-based Cyber security product startup. Avkash is an astute cybersecurity professional with more than 13 years of experience in core security technology domains including Cyber Defense, Security Orchestration and Automation, Cyber Resiliency, Threat Hunting, and Threat Intelligence. Apart from leading the research and innovation at Cyware, Avkash is also a globally well-known speaker at various security conferences in India and abroad. He is also a visiting faculty member at IIIT, Sri City, and a Cyber Threat Intelligence Committee member at OASIS, a global non-profit consortium that works on the development, convergence, and adoption of open standards for cybersecurity.
Glossary
We might be frequently using some common terminologies in our conversation, the way they're used in the industry, so those new to this can refer to the quick glossary given below before you start
- CTI: Cyber Threat Intel
- TTPs: tactics, techniques, and procedures
- APT: advanced persistent threats- in which an attacker gains access and stays without being detected for long time.
- SIEM: Security Info Event Management
- SOC: Security Operations Center
- IoC: Indicators of Compromise
- IoA: Indicators of Attack
Recommended reading/viewing, Paper(in this topic) for practitioners
- https://github.com/hslatman/awesome-threat-intelligence
- https://oasis-open.github.io/cti-documentation/stix/intro.html
- https://cyware.com/educational-guides/cyber-threat-intelligence
- https://cyware.com/blog/4-steps-to-expand-threat-intelligence-sharing-in-2023-f786
- https://www.youtube.com/watch?v=I9pjBrN1dUA
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Building a 100% Open DevSecOps Stack | Episode Teaser
31 mars 2023 |
3 min
TOPIC: Building a 100% Open Source DevSecOps Stack for Product Teams
GUEST: Abhisek Datta
He has been a Security researcher in the past. Currently he is dabbling more on the development & product side of things. He is an OSS contributor and Platform & Security engineer. Can still read/write C & x86 ASM.
Episode Summary:
In this episode we dive deep into the challenges and opportunities of creating and maintaining a 100% open source DevSecOps stack. Tune in to find a store house of information for Product teams on how to approach security automation for their products using only open source security tools & products.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Building a 100% Open DevSecOps Stack | Abhisek Datta
31 mars 2023 |
70 min
TOPIC: Building a 100% Open Source DevSecOps Stack for Product Teams
GUEST: Abhisek Datta
He has been a Security researcher in the past. Currently he is dabbling more on the development & product side of things. He is an OSS contributor and Platform & Security engineer. Can still read/write C & x86 ASM.
Episode Summary:
In this episode we dive deep into the challenges and opportunities of creating and maintaining a 100% open source DevSecOps stack. Tune in as to find a store house of information for Product teams on how to approach security automation for their products using only open source security tools & products.
Recommended reading/viewing, Paper(in this topic) for practitioners:
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Cloud Security for a SaaS Company | Episode Teaser
16 mars 2023 |
3 min
TOPIC: [Cloud Security] Challenges encountered by a SaaS company when they are born in Cloud
GUEST: Jayesh Singh Chauhan
[Founder: Cloudurance Sec & Cloud Village at DEF CON]
Guest Intro: Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, PwC, and was the Director of Product Security at Sprinklr Inc in his last job. He currently runs his own Cloud Security Training and Consultancy firm - Cloudurance Security(cloudurancesecurity.com)
He has been a trainer at conferences like Blackhat USA, AppSec NZ, nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEFCON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Cloud Security for a SaaS Company | Jayesh Chauhan
16 mars 2023 |
65 min
TOPIC: [Cloud Security] Challenges encountered by a SaaS company when they are born in Cloud and how we can tackle those.
Running cloud security programs with a small team can be challenging. In this episode we discuss how do we leverage security engineering, automation and cater to a SAAS company's cloud security problems at scale without leaving the depth mindset behind.
GUEST: Jayesh Singh Chauhan
[Founder: Cloudurance Sec & Cloud Village at DEFCON]
Guest Intro: Jayesh Singh Chauhan is a security professional with 11 years of experience in the security space and he is the founder of Cloud Village at DEF CON. In the past, he has been part of the security teams of PayPal, PwC, and was the Director of Product Security at Sprinklr Inc in his last job. He currently runs his own Cloud Security Training and Consultancy firm - Cloudurance Security(cloudurancesecurity.com)
He has been a trainer at conferences like Blackhat USA, AppSec NZ, nullcon, and has trained defense forces. He has also authored Cloud Security Suite, OWASP Skanda, RFID_Cloner, and has presented his work in BlackHat Arsenal(USA, EU Asia), DEFCON DemoLabs, HackMiami, c0c0n, OWASP Global, and OffZone Moscow.
Resources:
- https://github.com/SecurityFTW/cs-suite
- https://cloudcustodian.io/
- https://gitleaks.io/
- https://github.com/prowler-cloud/prowler
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
OT Security-Vendor Risk Management | Vikash Tiwari
23 februari 2023 |
44 min
TOPIC: OT Cyber Security - Vendor Risk Management
Industrial Control Systems are used in critical infrastructure such as utilities, oil & gas, Aviation, Medical Industry and vehicle manufacturing . Some examples - Industrial control systems (ICS) or supervisory control and data acquisition (SCADA) systems.
Since the entire OT ecosystem is often managed by vendors, managing vendor risk becomes very important. Tune in to the episode to listen how we can follow a 'Defence in Depth' approach when working with Vendors in this space.
GUEST: Vikash Tiwari, IT Audit Manager @ ADQ
Vikash is an experienced cyber security professional with 14 years+ in various cyber security domains like Information Security / I&T Audit, VAPT and IT / OT GRC area. He was working as Sr. Cyber Security consultant with TUV Rheinland LLC Oman and currently with ADQ. He has been focusing on Cloud Security Audits, DevSecOps, Critical Infrastructure Security and IIOT security areas..
Recommended Reading/Resources for vendor risk management in OT:
- https://sharedassessments.org/ (dedicated resources for Vendor risk Assessment)
- Cobit 2019 - enrich resource for monitoring and managing I&T controls objectives, can be downloaded from ISACA website freely.
- https://www.isa.org/standards-and-publications/isa-standards/isa-standards-committees/isa99
- https://www.sans.org/industrial-control-systems-security/- SANS for ICS Security
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
OT Security-Vendor Risk Management | Episode Teaser
22 februari 2023 |
3 min
TOPIC: OT Cyber Security - Vendor Risk Management
GUEST: Vikash Tiwari, IT Audit Manager @ ADQ
Vikash is an experienced cyber security professional with 14 years+ in various cyber security domains like Information Security / I&T Audit, VAPT and IT / OT GRC area. He has been working as Sr. Cyber Security consultant with TUV Rheinland LLC Oman. He has been focusing on Cloud Security Audits, DevSecops, Critical Infrastructure Security and IIOT security areas..
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Secrets Management | Ankit Khasgiwale
9 februari 2023 |
52 min
Secrets management talks about the ways and methods of managing application secrets securely all through their lifecycle including storage, transit and use. This has been a tricky area for organisations to solve and has led to some significant breaches lately.
In this episode we discover some challenging scenarios when we try to implement secrets management across an organisation and discuss methods to deal with them.
Guest Intro: Ankit Khasgiwale
LinkedIn: @ankit
Ankit is Director of Product Security at Unacademy. He has over 16 years of experience in penetration testing, threat modelling, code reviews, DevSecOps and cloud security. At Unacademy, Ankit started the Product Security vertical from ground up which included setting up processes, team and automation to secure applications and infrastructure, remove secrets from source code, dependency issues etc.
Ankit has earlier worked at Microsoft India as Senior Program Manager and executed enterprise wide programs like Secrets management, rethinking Secure SDLC in Agile and setting up DevSecOps program. Additionally, Ankit has development experience in various technologies like Java, .Net, python and loves automating everything. In his free time he loves experimenting with wireless and RF hacking with SDRs and other types of hardware hacking.
Resources: Recommended reading/viewing for listeners
- https://www.beyondtrust.com/resources/glossary/secrets-management
- https://github.com/Yelp/detect-secrets
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Secrets Management | Episode Teaser
7 februari 2023 |
2 min
Secrets management talks about the ways and methods of managing application secrets securely all through their lifecycle including storage, transit and use. This has been a tricky area for organisations to solve and has led to some significant breaches lately.
Episode RELEASE DATE: 09th Feb, 2023
Guest Intro: Ankit Khasgiwale
Ankit is Director of Product Security at Unacademy. He has over 16 years of experience in penetration testing, threat modelling, code reviews, DevSecOps and cloud security. At Unacademy, Ankit started the Product Security vertical from ground up which included setting up processes, team and automation to secure applications and infrastructure, remove secrets from source code, dependency issues etc.
Ankit has earlier worked at Microsoft India as Senior Program Manager and executed enterprise wide programs like Secrets management, rethinking Secure SDLC in Agile and setting up DevSecOps program. Additionally, Ankit has development experience in various technologies like Java, .Net, python and loves automating everything. In his free time he loves experimenting with wireless and RF hacking with SDRs and other types of hardware hacking.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Securing your Security Product | Resources
27 januari 2023 |
5 min
Guest- Syed Shahrukh Ahmad
Co-founder BeVigil, CloudSEK
Syed LinkedIn
BeVigil Mobile Application Security
Recommended reading/viewing, Paper(on this topic) for practitioners
- Engineering tech blogs of major internet companies - Netflix, Spotify, Github, Google etc.
- Podcasts - Smashing Security, The Cloudcast, Malicious Life, and The Changelog
- AWS Security guides, HackerNews feed, always watching for open-source innovative security automation projects - for the constant inspiration, Research papers around mobile app security, privacy and AI targeted to flag internet security concerns.
- Mobile security - OWASP MSTG
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Securing your Security Product | Sharukh Ahmad
26 januari 2023 |
52 min
Topic: Securing Your Security Product
We start the season with Security Products. In this episode we look into the tricky areas when building Security products and how to address Security for those. We see how the perspective changes when we use the Security and developer lens and what to do about it. Also we dive into practical approaches to take for Security in the long run, which goes much beyond pen testing and/or bug bounty and brings about a robust defensive mindset.
Guest: Syed Shahrukh Ahmad
Co-founder BeVigil, SVigil @ CloudSEK
He is currently focused on building products and teams trying to build the next generation of attack surface monitoring and scanning tools at CloudSEK. He is a constant learner with deep interests in all things Security and building internet-scale ready software.
Shahrukh LinkedIn
BeVigil Mobile Webpage, BeVigil Mobile App
Recommended reading/viewing, Paper(on this topic) for practitioners
- Engineering tech blogs of major internet companies - Netflix, Spotify, Github, Google etc.
- Podcasts - Smashing Security, The Cloudcast, Malicious Life, and The Changelog
- AWS Security guides, HackerNews feed, always watching for open-source innovative security automation projects - for the constant inspiration, Research papers around mobile app security, privacy and AI targeted to flag internet security concerns.
- Mobile security - OWASP MSTG
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Securing your Security Product | Episode Teaser
25 januari 2023 |
3 min
Stay tuned for our first guest- Syed Shahrukh Ahmad,
Co-founder BeVigil, CloudSEK
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
Br3akp0int Teaser
21 januari 2023 |
1 min
Defensive Security: Although this forms the bulk of Information security, it is not talked about enough. Join me in the br3akp0int Security Podcast, where we go to depths and understand what the best Security teams do to operationalise excellent Security engineering practices across organisations and how do they really optimize for scale.
I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!
If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:
- Twitter: @NeeluTripathy
- LinkedIn: neelutripathy
00:00
-00:00
En liten tjänst av I'm With Friends. Finns även på engelska.